Hi,

Thanks for this great tool. But, I'm having some issues. I wrote earlier about the template issues. I really hope I can figure that out.

A new issue that I have is that after I import vulnerabilities, they are nowhere to be seen. The instructions are clear. I followed them precisely. Any idea what would prevent the findings from syncing?

hi !
I build it with docker-compose, When I first visite localhost:8443,
it display : Something went wrong contacting backend
What should I do?

I have been testing PwnDoc out over the past week and really see the value in using it. I am wondering if anyone could provide me with a data set that would be useful for penetration testing? I am looking for a generic list of vulnerability types and categories that I can import.

I'm trying to make a custom generator to translate cvssSeverity to french. But everytime I get this error : The scope parser for the tag "cvssSeverity | cvssSeverityFR " failed to compile.

expressions.filters.cvssSeverityFR = function(input) {
    var pre = '<w:p><w:r><w:t>';
    var post = '</w:t></w:r></w:p>';
    var result = "Non défini"

    if (input === "Low") result = "Faible"
    else if (input === "Medium") result = "Moyenne"
    else if (input === "High") result = "Elevé"
    else if (input === "Critical") result = "Critique"

    // return pre + result + post;
    return result;
}

Here's what I tried. Could you help me please ?

And I have a question with the nmap import, when I do a scan I have the "version" of the services, but when imported, they appears as "Unknown", why is that ? (nmap command used : nmap -oX test.xml test.fr -sV -v).

When i add my first finding and i try to generate the report to see the result into the report by exemple, i get an UNDEFINED ERROR IN RED AT THE TOP OF PWNDOC. But when i remove the finding it is working..

When creating a custom section with images, the text can be inserted but as soon as an image is added the template fails to be created.

It looks like the following in the frontend

In the word template itself it looks like the following:

As I couldn't figure out how you start a paragraph, which should be the following:
{#cleanup}{/cleanup}
I am not sure if this helps the problem.

The backend-logs are reporting the following:
`Error:

{ TypeError: Cannot read property '0' of undefined
at ImageModule.getRenderedPart (/app/node_modules/docxtemplater-image-module-free/js/index.js:180:54)
at ImageModule.render (/app/node_modules/docxtemplater-image-module-free/js/index.js:134:17)
at moduleRender (/app/node_modules/docxtemplater/js/render.js:14:30)
at /app/node_modules/docxtemplater/js/render.js:44:26
at Array.map ()
at Object.render (/app/node_modules/docxtemplater/js/render.js:42:24)
at loopOver (/app/node_modules/docxtemplater/js/modules/loop.js:305:35)
at ScopeManager.functorIfInverted (/app/node_modules/docxtemplater/js/scope-manager.js:159:9)
at ScopeManager.loopOverValue (/app/node_modules/docxtemplater/js/scope-manager.js:184:16)
at ScopeManager.loopOver (/app/node_modules/docxtemplater/js/scope-manager.js:153:19)
at LoopModule.render (/app/node_modules/docxtemplater/js/modules/loop.js:334:39)
at moduleRender (/app/node_modules/docxtemplater/js/render.js:14:30)
at /app/node_modules/docxtemplater/js/render.js:44:26
at Array.map ()
at Object.render (/app/node_modules/docxtemplater/js/render.js:42:24)
at loopOver (/app/node_modules/docxtemplater/js/modules/loop.js:305:35) properties: { file: 'word/document.xml' } }
`

Could you please add some clarity wether you need the paragraph or not and if so what it should be.
Furthermore investigating the issue would be great, if I can be of any further assistance please say so

Kindest regards

Hi PwnDocs Team,

First off love the project; awesome work!
I am running into an issue with report generation. I am using the latest commit and the most recent template with no modifications. Attempting to generate / download a report I receive an undefined error. Poking around the docx a bit I removed
| changeID: 'VULN-'
from the vulnerabilities summer section. Making this modification and then attempting to generate a report give a new error:
The tag "image" is not inside a paragraph

Any thoughts on why this is popping up? I tried changing all the image tags to conform to the {-w:p images}{%image} format and that netted me an undefined error.

Thanks so much!
Ben

First, I want to say that I see a lot of value in this project, so thank you for creating and maintaining this. I have been working through creating custom reporting templates and noticed that when using template variables (e.g. {company.name}) in the custom sections or any of the findings text boxes, they are never resolved when generating the template. I am wondering if a basic reordering of how the report is programmatically generated could resolve this issue? It is easy enough to do a find and replace in the generated report, but still wanted to point this out.

1. add some tags to the project to help with referencement and search by topics, eg. for dradis:

I would add those tags:

• penetration-testing
• reporting
• reporting-tool
• pentest
• security-audit
• pentesting
• infosec
• collaboration
• collaborative
• vulnerability-library
• issue-library

2. Plans for git tags / release / changelog? 👀

3. Plans to replace the github wiki with a static documentation (eg. some solutions), that would allow better flexibility and collaborations. docsify.js is an easy choice as it's dynamically rendered from client side in JS. Other option are static website generators and would require a CI/CD to auto-build-n-deploy. Both choices can be self hosted with Github pages in the docs/ folder.

Would it be a usefull addition to have a CSV (or even XLS to get fancy) export of the findings in a audit? In order to provide a "checklist" alongside the report.

can you share your demo content template

Hi,
while inspecting a generated test-report, i noticed that the listings in text fields aren't inserted properly. Instead of generating a unnumberd list, it generates a numberd list, starting at 0, then 1, and so on.

Starting Situation:
Regular unordert list of items in a text field

Expected Result:
regular unordert list with bullets in word

Results got:
Numbered List, starting at "0"

Can we add a feature to download the report in PDF format as well

Hi,
first of, I really like your project, its really nice and easy to work with.
While developing our report template, we thought it would be nice
and also really helpful, to be able to add custom fields to findings, or
vulnerabilitys in general as well, if we want to include even more
information to a hole.

Thanks in advanc.e

Update docxtemplater to 3.19

Why?

• 3.2.0+ Add paragraphLoop option, that permits to have better rendering for spaces
• 3.2.3+ Add support for Office365 generated documents
• 3.4.0+ Add change delimiter syntax from inside template, Add getTags to InspectModule.
• 3.4.2+ Add getAllTags to inspectModule
• 3.8.3+ Add templating of more meta data of the document, including : Author, Title, Topic, marks, Categories, Comments, Company
• Many more
• 3.17.7+ Add support for dotx and dotm file formats
• Better performance
• Lot of small fixes & enhancements

Beware of breaking changes in:

• 3.4.1

On the Vulnerabilities view, some default columns including the title are displayed.
It would be nice to be able to customize columns (add or remove)? eg add a column with one of the custom fields from the category.

Hey hey,

Is there a possibility to use other types of exporting formats next to docx. (csv/latex/just a list of vuln headers/etc)
I've only had a brief look into the code and it seems docxtemplater is quite interwoven with the whole exporting scheme.

Would it be possible to write other plugins?

I just wanted to open up an issue for that to look into the possibility, maybe i will find time writing a pull request for it.

Hi,

I am trying your tool right now, very impressive :)

I have read the documentation but,for me, it is not too much clear how to "print", into my word template, the values of my custom vuln category.

For example, I've created a custom category called "WEB" wich has the following "text" attributes:

• OWASP_ID
• custom_severity

Could you please provide me an example of the word syntax to insert these values into my word document?
Right now, I am obtaining an empty string.

Thanks and good job!

what is the login?

I have this condition error when i press "Create" on New Vulnerability feature.

Browser: Chrome
Version: Version 85.0.4183.83 (Official Build) (64-bit)

Error message:

TypeError: Cannot set property 'references' of undefined
    at s.createVulnerability (5.f8068bdd.js:formatted:2081)
    at click (5.f8068bdd.js:formatted:698)
    at ie (vendor.a1afd7c8.js:formatted:49237)
    at s.n (vendor.a1afd7c8.js:formatted:49367)
    at ie (vendor.a1afd7c8.js:formatted:49237)
    at s.t.$emit (vendor.a1afd7c8.js:formatted:50123)
    at s.click (vendor.a1afd7c8.js:formatted:47644)
    at ie (vendor.a1afd7c8.js:formatted:49237)
    at HTMLButtonElement.n (vendor.a1afd7c8.js:formatted:49367)
    at HTMLButtonElement.Io.o._wrapper (vendor.a1afd7c8.js:formatted:51823)

Im just start up through docker-compose following your steps on README.MD
I have completed the all fields and doesnt input any unregular data type on every field.

Thanks and regards

Hi,

Thank you so much for creating this tool. I'm trying to get it to work based on a different template that I was using. But, it doesn't seem to work very well for me. Would you happen to know where I can look into any debug info?

Replicate issue

Fresh install:

git clone https://github.com/pwndoc/pwndoc
cd pwndoc
sudo docker-compose up -d --build
sudo docker-compose start

Browse http://localhost:8443/
OR
curl http://localhost:8443/

Error

400 Bad Request
The plain HTTP request was sent to HTTPS port
nginx/1.18.0

Environment

Browser: Firefox 82.0.1 (64-bit)
OS: 5.8.0-kali3-amd64

docker-compose --version
docker-compose version 1.25.0, build unknown

docker --version
Docker version 19.03.13, build 4484c46

Logs

sudo docker-compose logs -f pwndoc-backend
Attaching to pwndoc-backend
pwndoc-backend     | 
pwndoc-backend     | > [email protected] start /app
pwndoc-backend     | > node src/app.js
pwndoc-backend     | 
^CERROR: Aborting.

Hi,

I see we can import vulnerabilities from json or yaml file.
Is there any place we can find such a file, in order to import common vulnerabilities to start with ?

Thanks in advance

First thanks for this great pice of software. It works stable, template editing is easy. Safes me a lot of time as a pentester.

Is it difficult to create Findings from xml ? I would love to import Nexpose, Metasploit and BurpSuit findings into the report.
Where do I have to start, while willing to implement it by my self?

Thanks in advance,
Thorsten

Do the Vulns Summary is not suppose to be in first, before the Technical Details ? When i generate the report the Vunls Summary section is the last section of the report is that ok ? And in the Affected Scope table section why i have all the scopes if the vulnerability touch only one host that i have already setup to be the good host target in the technical details section.

Thanks for your help. I really like the web app.

I just wanted to ask if it was on the road map to be able to use tables within the vuln editor?

Thanks

For example the CVSS severity or other CVSS criterias will be generated dynamically but will always be generated in English.
So having a translation section in Data would be welcome to allow us to translate all dynamic value used bu PwnDoc into another language. Or maybe instead of doing it in the WebUI having a JSON or YML file with all translation (1 file per language) could be nice so the community could translate all those + the WebUI terms.

When creating a custom section, as explained in the documentation

• https://pwndoc.github.io/pwndoc/#/data?id=custom-sections
• https://pwndoc.github.io/pwndoc/#/docxtemplate?id=custom-sections

I get the following error message.

Doc Template

Back-end

While installing, getting npm error.

Reading package lists... Done                                                                                                                         
Building dependency tree                                                                                                                              
Reading state information... Done                                                                                                                     
The following additional packages will be installed:                                                                                                  
  python3-cached-property python3-docker python3-dockerpty python3-docopt python3-texttable python3-websocket                                         
Recommended packages:                                                                                                                                 
  docker.io                                                                                                                                           
The following NEW packages will be installed:                                                                                                         
  docker-compose python3-cached-property python3-docker python3-dockerpty python3-docopt python3-texttable python3-websocket                          
0 upgraded, 7 newly installed, 0 to remove and 127 not upgraded.                                                                                      
Need to get 262 kB of archives.                                                                                                                       
After this operation, 1616 kB of additional disk space will be used.                                                                                  
Get:1 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu focal/universe amd64 python3-cached-property all 1.5.1-4 [10.9 kB]                              
Get:2 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu focal/universe amd64 python3-websocket all 0.53.0-2ubuntu1 [32.3 kB]                            
Get:3 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu focal/universe amd64 python3-docker all 4.1.0-1 [83.8 kB]                                       
Get:4 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu focal/universe amd64 python3-dockerpty all 0.4.1-2 [11.1 kB]                                    
Get:5 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu focal/universe amd64 python3-docopt all 0.6.2-2.2ubuntu1 [19.7 kB]                              
Get:6 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu focal/universe amd64 python3-texttable all 1.6.2-2 [11.0 kB]                                    
Get:7 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu focal/universe amd64 docker-compose all 1.25.0-1 [92.7 kB]                                      
Fetched 262 kB in 4s (65.6 kB/s)                                                                                                                      
Selecting previously unselected package python3-cached-property.                                                                                      
(Reading database ... 74680 files and directories currently installed.)                                                                               
Preparing to unpack .../0-python3-cached-property_1.5.1-4_all.deb ...                                                                                 
Unpacking python3-cached-property (1.5.1-4) ...                                                                                                       
Selecting previously unselected package python3-websocket.
Preparing to unpack .../1-python3-websocket_0.53.0-2ubuntu1_all.deb ...
Unpacking python3-websocket (0.53.0-2ubuntu1) ...
Selecting previously unselected package python3-docker.
Preparing to unpack .../2-python3-docker_4.1.0-1_all.deb ...
Unpacking python3-docker (4.1.0-1) ...
Selecting previously unselected package python3-dockerpty.
Preparing to unpack .../3-python3-dockerpty_0.4.1-2_all.deb ...
Unpacking python3-dockerpty (0.4.1-2) ...
Selecting previously unselected package python3-docopt.
Preparing to unpack .../4-python3-docopt_0.6.2-2.2ubuntu1_all.deb ...
Unpacking python3-docopt (0.6.2-2.2ubuntu1) ...
Selecting previously unselected package python3-texttable.
Preparing to unpack .../5-python3-texttable_1.6.2-2_all.deb ...
Unpacking python3-texttable (1.6.2-2) ...
Selecting previously unselected package docker-compose.
Preparing to unpack .../6-docker-compose_1.25.0-1_all.deb ...
Unpacking docker-compose (1.25.0-1) ...
Setting up python3-cached-property (1.5.1-4) ...
Setting up python3-texttable (1.6.2-2) ...
Setting up python3-docopt (0.6.2-2.2ubuntu1) ...
Setting up python3-websocket (0.53.0-2ubuntu1) ...
update-alternatives: using /usr/bin/python3-wsdump to provide /usr/bin/wsdump (wsdump) in auto mode
Setting up python3-dockerpty (0.4.1-2) ...
Setting up python3-docker (4.1.0-1) ...
Setting up docker-compose (1.25.0-1) ...
Processing triggers for man-db (2.9.1-1) ...
root@ip-172-26-5-52:/home/ubuntu/pwndoc# docker-compose up -d --build
Creating network "pwndoc_backend" with driver "bridge"
Pulling mongodb (mongo:)...
latest: Pulling from library/mongo
f22ccc0b8772: Pull complete
3cf8fb62ba5f: Pull complete
e80c964ece6a: Pull complete
329e632c35b3: Pull complete
3e1bd1325a3d: Pull complete
4aa6e3d64a4a: Pull complete
035bca87b778: Pull complete
874e4e43cb00: Pull complete
08cb97662b8b: Pull complete
f623ce2ba1e1: Pull complete
f100ac278196: Pull complete
b16ea696739f: Pull complete
Digest: sha256:d54fb51a493131117a8b85a2d46ed7d64a2cb79607fb3ce350d1722c0cafc812
Status: Downloaded newer image for mongo:latest
Building pwndoc-backend
Step 1/10 : FROM node:10.15.2-alpine
10.15.2-alpine: Pulling from library/node
169185f82c45: Pull complete
53e52a67e355: Pull complete
fc2cb9a5e98e: Pull complete
Digest: sha256:8ac058c7735e957c455dea33bce69c90e3dd83793e0c8ef6f8d73d6a894980c3
Status: Downloaded newer image for node:10.15.2-alpine
 ---> 072459fe4d8a
Step 2/10 : RUN mkdir -p /app
 ---> Running in 8545b561549c
Removing intermediate container 8545b561549c
 ---> b0daad32edf5
Step 3/10 : WORKDIR /app
 ---> Running in 221f37a874eb
Removing intermediate container 221f37a874eb
 ---> 504c311d78ba
Step 4/10 : COPY package*.json ./
 ---> 14433851fe47
Step 5/10 : RUN apk --no-cache add --virtual builds-deps build-base python
 ---> Running in b7110cad492c
fetch http://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86_64/APKINDEX.tar.gz 
fetch http://dl-cdn.alpinelinux.org/alpine/v3.8/community/x86_64/APKINDEX.tar.gz
(1/30) Upgrading musl (1.1.19-r10 -> 1.1.19-r11)
(2/30) Installing binutils (2.30-r6)
(3/30) Installing libmagic (5.32-r2)
(4/30) Installing file (5.32-r2)
(5/30) Installing gmp (6.1.2-r1)
(6/30) Installing isl (0.18-r0)
(7/30) Installing libgomp (6.4.0-r9)
(8/30) Installing libatomic (6.4.0-r9)
(9/30) Installing pkgconf (1.5.3-r0)
(10/30) Installing mpfr3 (3.1.5-r1)
(11/30) Installing mpc1 (1.0.3-r1)
(12/30) Installing gcc (6.4.0-r9)
(13/30) Installing musl-dev (1.1.19-r11)
(14/30) Installing libc-dev (0.7.1-r0)
(15/30) Installing g++ (6.4.0-r9)
(16/30) Installing make (4.2.1-r2)
(17/30) Installing fortify-headers (0.9-r0)
(18/30) Installing build-base (0.5-r1)
(19/30) Installing libbz2 (1.0.6-r7)
(20/30) Installing expat (2.2.8-r0)
(21/30) Installing libffi (3.2.1-r4)
(22/30) Installing gdbm (1.13-r1)
(23/30) Installing ncurses-terminfo-base (6.1_p20180818-r1)
(24/30) Installing ncurses-terminfo (6.1_p20180818-r1)
(25/30) Installing ncurses-libs (6.1_p20180818-r1)
(26/30) Installing readline (7.0.003-r0)
(27/30) Installing sqlite-libs (3.25.3-r4)
(28/30) Installing python2 (2.7.15-r3)
(29/30) Installing builds-deps (0)
(30/30) Upgrading musl-utils (1.1.19-r10 -> 1.1.19-r11)
Executing busybox-1.28.4-r3.trigger
OK: 212 MiB in 43 packages
Removing intermediate container b7110cad492c
 ---> 08519c2ae280
Step 6/10 : RUN npm install
 ---> Running in 9d28838beb66
ERROR: Service 'pwndoc-backend' failed to build: The command '/bin/sh -c npm install' returned a non-zero code: 137```

Replicate issue

Fresh install:

1. git clone https://github.com/pwndoc/pwndoc
2. cd pwndoc
3. sudo docker-compose up -d --build
4. sudo docker-compose start
5. Browse https://localhost:4242/api/users/init and wait for it to finish loading the JSON ({"status":"success","datas":true})
6. Browse https://localhost:8443/

Error

"Something went wrong contacting backend"

Environment

Browser: Firefox 82.0.1 (64-bit)
OS: 5.8.0-kali3-amd64
docker-compose version 1.25.0, build unknown
Docker version 19.03.13, build 4484c46

Logs:

Attaching to pwndoc-backend
pwndoc-backend     | 
pwndoc-backend     | > [email protected] start /app
pwndoc-backend     | > node src/app.js
pwndoc-backend     | 
pwndoc-backend     | 
pwndoc-backend     | > [email protected] start /app
pwndoc-backend     | > node src/app.js
pwndoc-backend     | 
pwndoc-backend     | 
pwndoc-backend     | > [email protected] start /app
pwndoc-backend     | > node src/app.js
pwndoc-backend     | 
pwndoc-backend     | (node:27) UnhandledPromiseRejectionWarning: MongooseServerSelectionError: getaddrinfo ENOTFOUND mongo-pwndoc mongo-pwndoc:27017
pwndoc-backend     |     at new MongooseServerSelectionError (/app/node_modules/mongoose/lib/error/serverSelection.js:24:11)
pwndoc-backend     |     at NativeConnection.Connection.openUri (/app/node_modules/mongoose/lib/connection.js:823:32)
pwndoc-backend     |     at Mongoose.connect (/app/node_modules/mongoose/lib/index.js:333:15)
pwndoc-backend     |     at Object.<anonymous> (/app/src/app.js:20:10)
pwndoc-backend     |     at Module._compile (internal/modules/cjs/loader.js:689:30)
pwndoc-backend     |     at Object.Module._extensions..js (internal/modules/cjs/loader.js:700:10)
pwndoc-backend     |     at Module.load (internal/modules/cjs/loader.js:599:32)
pwndoc-backend     |     at tryModuleLoad (internal/modules/cjs/loader.js:538:12)
pwndoc-backend     |     at Function.Module._load (internal/modules/cjs/loader.js:530:3)
pwndoc-backend     |     at Function.Module.runMain (internal/modules/cjs/loader.js:742:12)
pwndoc-backend     |     at startup (internal/bootstrap/node.js:283:19)
pwndoc-backend     |     at bootstrapNodeJSCore (internal/bootstrap/node.js:743:3)
pwndoc-backend     | (node:27) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
pwndoc-backend     | (node:27) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Browser console logs

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://127.0.0.1:4242/socket.io/?EIO=3&transport=polling&t=NLxrk90. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://127.0.0.1:4242/api/users/init. (Reason: CORS request did not succeed).

Error: Network Error
    exports https://127.0.0.1:8443/js/vendor.01e92452.js:15
    onerror https://127.0.0.1:8443/js/vendor.01e92452.js:63
8.9094a047.js:1:4736
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://127.0.0.1:4242/socket.io/?EIO=3&transport=polling&t=NLxrkTK. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://127.0.0.1:4242/socket.io/?EIO=3&transport=polling&t=NLxrlK0. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://127.0.0.1:4242/socket.io/?EIO=3&transport=polling&t=NLxrl-C. (Reason: CORS request did not succeed).

Every 6~ seconds it throws another CORS error.
I'm not entirely sure as to why this happened, but my guess is that the certificate exception for the backend wasn't added correctly.
I also tested it on a default Firefox profile, but exactly the same ocurrs.

Hi Team,

The error says the arch do not match. Am I supposed to use 64bit arch here?

The Error:
$docker-compose up -d --build

Pulling mongodb (mongo:)...
latest: Pulling from library/mongo
ERROR: no matching manifest for linux/386 in the manifest list entries

Arch of my system:
$docker info -f '{{.OSType}}/{{.Architecture}}'

linux/i686

The arch of the image says null:
$docker manifest inspect -v library/mongo | jq .[].Platform

null
null
null
null
null

This means there is no arch defined for this docker image.
Should I now install Ubuntu VM and re-install it again?

Hello,

Is it possible to have multiple remediations for one vuln with each remediation has his own identifier, it's for list them separately.

Example :

Vulnerability one has V1 identifier and has 2 remediations with identifier R1.1 and R1.2.

I use this identifier method because I resume vulns and remediations in 2 boards for my customers. In Serpico i did something like this :

In blue it's my remediations.

$ git pull
remote: Enumerating objects: 254, done.                                                                                                                                                                                                     
remote: Counting objects: 100% (254/254), done.                                                                                                                                                                                             
remote: Compressing objects: 100% (156/156), done.                                                                                                                                                                                          
remote: Total 254 (delta 110), reused 237 (delta 98), pack-reused 0                                                                                                                                                                         
Receiving objects: 100% (254/254), 72.40 KiB | 330.00 KiB/s, done.                                                                                                                                                                          
Resolving deltas: 100% (110/110), completed with 20 local objects.                                                                                                                                                                          
From https://github.com/pwndoc/pwndoc                                                                                                                                                                                                       
 + 08526d1...298e1a2 master                                          -> origin/master  (forced update)                                                                                                                                      
 + 44f35bf...4c567cd dependabot/npm_and_yarn/backend/bcrypt-5.0.0    -> origin/dependabot/npm_and_yarn/backend/bcrypt-5.0.0  (forced update)                                                                                                
 + 378887a...ee943ec dependabot/npm_and_yarn/backend/bl-2.2.1        -> origin/dependabot/npm_and_yarn/backend/bl-2.2.1  (forced update)                                                                                                    
 + 058a87b...ec4cc76 dependabot/npm_and_yarn/backend/lodash-4.17.19  -> origin/dependabot/npm_and_yarn/backend/lodash-4.17.19  (forced update)                                                                                              
 + 81d829e...cf84361 dependabot/npm_and_yarn/backend/npm-6.14.6      -> origin/dependabot/npm_and_yarn/backend/npm-6.14.6  (forced update)                                                                                                  
 + 5726772...9b80ce9 dependabot/npm_and_yarn/frontend/electron-7.2.4 -> origin/dependabot/npm_and_yarn/frontend/electron-7.2.4  (forced update)                                                                                             
fatal: refusing to merge unrelated histories

Seems like you re-wrote the history and force pushed on master branch, breaking all compatibility for everyone so now it's impossible to update the git repository.

And this is massive:

$ git status
On branch master
Your branch and 'origin/master' have diverged,
and have 97 and 121 different commits each, respectively.

I (and everyone else too) have to clone the repository again, migrate ./backend/mongo-data and ./backend/report-templates, remove the old repo.

Or doing a hard reset ⚠️ 💀

$ git fetch origin
$ git reset --hard origin/master

I saw this message

So I went to the section and tried to add a new lang:

but it seems it's not the expected format? By the way was is expected in locale? Like linux locals in /etc/locale.conf?

Unfortunately the wiki page is void https://github.com/pwndoc/pwndoc/wiki/Custom-Data

I finally was able to add those, I don't know if it's correct but maybe a help tooltip & filling the wiki would be helpful.

If I can have write access to the wiki I could help fill it. The best would be to have a staticgen doc tool stored in the repo so anyone could PR.

Hi,

the Scope field wont save my details !? This is the only field that i have a problem with..

I created the entire template and it was working fine. Today, I clone the updated code base from github but this time while importing the template showed me this error.

There is this error prompt response from the server.

Checking the console, I got to know that the request I made was not correct. Check the response:

I tried to manually check the upload limit is 10mb yet this is something which looks really weird.
Here, the default format is working fine and I assure that the template do not have any parsing issues.

I that there are changes made in the default template but that doesn't make any difference while parsing it to the server as a new ID column is added and nothing apart from that. All the notations are same.

Am I doing something wrong?

I have been trying to build up a custom template using the docxtemplater guide but I'm now stuck on this error.

This is the template;

Any ideas on what could be broken here? seems like it is an error with the parser.

I suggest to add one field to vulnerabilities: a vulnerability ID a.k.a. internal reference or reference code.

For example, if your company is named Example, you would like to have a vulnerability ID looking like EXA-XXXXX. So each vulnerability has its own ID, eg. EXA-00001, EXA-00002.

Why? Having a unique ID for each vulnerability help to refer to them in a way that doesn't change over time. Else people add an ID like Vuln-0001 using the order of discovery or sorted by severity but that change from one pentest to another.

It doesn't need to be auto-incremental, just a free varchar so people can use different ID structure for different type of vulns, eg. AUTH-001, INJ-001, etc.

Hello, thanks for your work ! I wonder when importing nmap scans if there is a simple way to retrieve all the hosts and services discovered that has been imported into an Audit ? Either for the GUI or from the API?

Thnaks by advance for your answer !

When creating a new audit, the previously added vulnerabilities do not show up.

Steps to reproduce (with a clean env):

1 - Create a language (with local en)
2 - Import vulnerabilities (like this file mentioned in #3. Confirm they were imported
3 - Add some template
4 - Create a new Audit with the language and template previously created
5 - Edit the created Audit and click on add a finding. Nothing shows up

Also, if I create a finding and use "Propose Creation / Update in Vulnerability Database" it shows in vulnerabilities, like all the others but doesn't show to add to an Audit either, even after approving in vulns.

Sorry for my ignorance. I am trying to import the vulnerability package from OWASP, PTEs, and OSCP. But I can't port on the system. Would you have a model to make available?
Another problem would be Temples, how do I configure it?

Why was the asset selection removed? I think this feature was not a bad thing. Can someone explain the situation in more detail?

83e35e3#diff-6763a535c4cc6a1284134e12c9532d31ac349ac59b0609ac549fe11f12cc3016

Hello,

is there a way to import findings (and not just hosts) from a nessus import?

Thanks, Regards

Do you have plans to start using CVSS3.1?

I am open to trying to help with this the best I can if it is something you want to implement.

Any info to point me in the right direction is welcome.

It would be a good addition if the code-block would support syntax highlighting for various languages such as PHP, HTML, JavaScript, etc.

The highlighted syntax should then be included in the generated .docx file.

Hi,

First of all thanks for the great project.

I deploy pwndoc without no problems, but when i try to proxy the system using nginx proxymanager project (NPM) I'm facing the problem "Something went wrong contacting backend". So when I try connect I'm redirect to https://domain:4242 from https://domain.

How can I manage this in NPM.

Thanks.

Hi,
I have a report template where I have to specify the hosts (IP and URL) in the scope as a table like the one below:

It seems the only way to add host's information is by importing nmap or nessus scan result.

It would be nice to make it possible to add it manually.

First thing first, thanks for the project, really good work.

I wanted to ask if currently CVSS vectors can be rendered in the following format (it's possible I've missed something):

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

As using:

CVSS:3.1/AV:{cvssObj.AV}/AC:{ cvssObj.AC}/PR:{cvssObj.PR}/UI:{cvssObj.UI}/S:{cvssObj.S}/C:{cvssObj.C}/I:{cvssObj.I}/A:{cvssObj.A}

Will create (as an example):

CVSS:3.1/AV:Network/AC:Low/PR:None/UI:None/S:Unchanged/C:High/I:High/A:High