Pwndoc Versions Save

Pentest Report Generator

v0.5.3

1 year ago

Enhancements

  • Add Dark mode theme 9564911
  • Update CVSS calculation 5cb9661
    • Use First roundup function for impact and exploitability subscores
    • Add temporal colors for template
    • Add environmental colors for template
    • Add environmental impact and exploitability subscores
    • Update sorting with Environmental and Temporal scores
    • Removed cvssScore and cvssSeverity from models since now they are always calculated based on the vector string
  • Update websockets to reconnect after a disconnect 0813945
    • Updated socket.io to last version
    • If server connection is lost websockets for Audit menu will reconnect automatically
  • Add dynamic check for backend connection 2673749
    • If websocket disconnect then a loading message appear until it reconnects
  • Remove user deletion to prevent missing references 6e3de55
    • Deleting users breaked their links to different objects like audits.
    • It's better to use the recent disable feature to avoid orphan objects

Merged

  • Added a short name to companies and included it on reports cd72648
  • Create filter to sort findings in document a551379
  • Add i18n fr-FR translation 260f5dc
  • i18n de-DE: Adding German Interface Translation 48dad91
  • Add 'Disable user' feature a8d6d49

Fixed

  • Correctly reject promise when wrong password on profile 711dbf1
  • Fix client selection issue (#242) f8e6c27

Special Thanks for their support

@nobox910

v0.5.2

2 years ago

Fixed

  • Update Default Template 5764df8

  • Fix template count function 31b6577

    • Close #237

  • Fix numbering issue in ooxml conversion cb9883c

    • Close #236

v0.5.1

2 years ago

Fixed

  • Fix break call from docxjs 02c8b0b
  • Fix HTML encoding issue in HTML editor d0d12dc

v0.5.0

2 years ago

Enhancements

  • Update convertDateLocale filter 876b96d
    • Changed numeric to 2-digit to have 2021/08/01 instead of 2021/8/1
  • Update default template 51e48ed
    • Removed some {-w:p} tags that could cause errors with images
  • Handle Categories order in findings 08748f2
    • Fix Categories order using their position in Custom Data
    • Add "categories" data available in report template to generate findings dynamically by Category: categories: {categoryName:<name>, categoryFindings:<[Array of Findings]>}
  • Add Caption feature in HTML Editor f93fbdd
    • Caption labels are dynamic and can be added in the Settings page (Default will be Figure)
    • Caption can be added anywhere in the Editor
    • It will render <label> 1 - xxx in Word generated document (select all + F9 to update numbering in Word)
    • The style in the generated report can be customised by creating/editing the Caption style in the Word template
  • Update CVSS calculator 9baf6ef
    • Update to version 3.1
    • Add Temporal and environmental scores
    • Add impact and exploitability scores
    • Add tooltips description
  • Add translation for report data 88d89f0
    • Dictionary files can be used to translate some data automatically depending on audit language
    • A dictionary draft for French can be found in backend/src/translate
    • The name of the folder should correspond to the name of the locale defined in Data > Custom Data > Languages
    • Angular expression can be directly used in report template: {input | translate:'locale'}
    • The following data will be automatically translated based on the audit language:
      • cvssObj
      • auditType
      • findings[i].vulnType
      • findings[i].category
      • sections[i].name
  • Add Category creation on vulnerabilities import 0e97ffc
    • When importing vulnerabilities, if a Category does not exist it will be created

Merged

  • Add Internationalization for Frontend a239bb6
    • Language can be changed in Settings page
    • Currently supported languages: en-US and zh-CN
  • Add TOTP feature c1aaf12
    • TOTP can be enabled in the user profile page
  • Add Sub-Templating 21e583b
    • Add sub templating with delimiter {_{xxx}_} for exemple if you put {_{client.firstname}_} in description during the generation it will be replace with the client firstname. If var not found/undefined the system will replace {_{client.firstname}_} by nothing
  • Update python to python3 in apk repoefcbc51
  • Add Email and Phone fields for Collaborators 9a0ab63

Fixed

  • Update : python no longer existe in apk repo now it's python3 91d10f4
  • Fix issues related to sub-templating 631bc0a

UPDATE ATTENTION

  • Changes to CVSS data require to update Word templates to avoid report generation errors
    • Replace {cvssv3} by {cvss.vectorString}
    • Replace {cvssScore} by {cvss.baseMetricScore}
    • Replace {cvssSeverity} by {cvss.baseSeverity}
    • Replace {@cvssColor} by {@cvss.cellColor} 
    findings[i]: //before
{
    cvssv3
    cvssScore
    cvssSeverity
    cvssColor
}

findings[i]: // now
{
    cvss: {
        vectorString
        baseMetricScore
        baseSeverity
        temporalMetricScore
        temporalSeverity
        environmentalMetricScore
        environmentalSeverity
        cellColor
    }
}

v0.4.0

2 years ago

Enhancements

  • Update JWT generation 15f3dc0
    • JWT is now dynamically generated
    • config files moved to on location
  • Update Session management using refresh token ff1b868
    • A refresh token has been introduced allowing to request for a new token
    • Token is now valid for 15min and refreshtoken for 7days
    • So now when updating a user (role or remove) it will take maximum 15min (or page refresh) to invalidate the old token
    • Each refresh token is associated with a sessionId allowing to have multiple sessions on different devices
  • Add different options to sort Audit findings 32dd337
    • The automatic sorting parameter can now be customized for each vulnerability category
    • Custom fields can be used as sorting parameter (input, date, radio and select)
    • Default sorting can be set in Custom data > Vulnerability Categories
    • Manual sorting of findings is also possible now with drag&drop

Merged

  • Add Audit reviews and approval feature 02d144d. Thanks @lm-sec and @alexandre-lavoie
    • Add a new process (disabled by default) to handle Audit approbation
    • Update Settings
    • Add readonly visual on Audits when user cannot edit

Fixed

  • Fix issue in HTML editor 63c6359
    • Toolbar styles could be applied by using their HTML tags directly in the editor resulting in visual bugs
  • Fix issue in textarea-array component dd5b51f
    • Removed trim function since it caused issues with resetting cursor at end of input when deleting and reaching a space. It is taken care of by the trim option in mongoose
  • Fix database compatibility issue 361cd0a
    • Fix the mongodb version to avoid compatibility issue with newer versions for now

UPDATE ATTENTION

  • After updating, Settings will be reset to default

v0.3.0

2 years ago

Enhancements

  • Add Settings feature with image border 74cb76c
    • It is now possible to enable and manage color of border on images generated in the report
  • Add Trim to all strings saved in database 011d9d2
    • Avoid issues like additionnal spaces in titles
  • Add Company creation directly from Audit General 1b28a21
    • Update select with input filtering
    • If Company does not exist it will be created upon saving in Audit General section (make sure to tap enter to add the company)
  • Add creator to new vulnerability from finding 5173b07
    • Like for vulnerablities updates, creator is now visible when editing newly created vulnerability

Fixed

  • Fix editor affix issue in vulnerabilities modals 9e5d0c
    • Disable affix to avoid issues

v0.2.0

2 years ago

Enhancements

  • Add new Custom Field Components 972641f
    • Checkbox
    • Date
    • Radio
    • Select
    • Select Multiple
  • Add new customFields to report generation data 404420d
  • Add affix by default for all HTML editors 6d50b13

Removed

  • Remove Audit Section create and delete 30a1563
    • Not needed anymore since automatically handled by Audit Type

Fixed

  • Fix custom-fields rules validation on multiple options 8d6edeb
  • Fix Audits List search filter e254603
    • Language match is fixed
    • Company is changed to an exact match

Merged

  • Doc Update: Detailed how to import a network scan #115

v0.1.0

3 years ago

Enhancements

  • Update Audit Types and Audit Creation 1de6353
    • Audit Types are now linked to Templates and Sections
    • An Audit can then be customized depending on its Audit Type
    • Template selection when creating an Audit is now replaced by Audit Type
    • Sections are automatically added when creating the Audit based on the Audit Type
  • Add Section Customization 7225972
    • Sections are now entirely made of Custom Fields allowing complete customization
    • Each Section can be customized in the Custom Fields tab
    • Default Text can be set for each Custom Field for all languages available

Removed

  • Manually adding sections in an Audit has been removed
  • Languages for Audit Types and Custom Sections have been removed

BEAKING CHANGES

  • Old Default Text in Custom Sections tab won't be available anymore. Back it up before updating
  • Since Sections can't be added manually anymore, any Audit in progress should be finished or Sections added to them before updating