pwndoc v0.4 releases: pentest reporting application

PwnDoc

PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report.
The main goal is to have more time to Pwn and less time to Doc by mutualizing data like vulnerabilities between users.

Features

• Multiple Language support
• Multiple Data support
• Great Customization
  • Manage reusable Audit and Vulnerability Data
  • Create Custom Sections
  • Add custom fields to Vulnerabilities
• Vulnerabilities Management
• Multi-User reporting
• Docx Report Generation
• Docx Template customization

Pwndoc can manage Vulnerabilities in order to simplify redaction of an Audit. They can be added when editing an Audit as a Finding.
Each vulnerability can have multiple languages.

Create

When creating a Vulnerability, a Category must be selected (or No Category)

A Vulnerability is defined by:

• Title
• Type
• Language
• Description
• Observation
• CVSS
• Remediation
• Remediation Complexity
• Remediation Priority
• References
• Category
• (Additional fields from Category)

Changelog v0.4

Enhancements

• Update JWT generation 15f3dc0
  • JWT is now dynamically generated
  • config files moved to on location
• Update Session management using refresh token ff1b868
  • A refresh token has been introduced allowing to request for a new token
  • Token is now valid for 15min and refreshtoken for 7days
  • So now when updating a user (role or remove) it will take maximum 15min (or page refresh) to invalidate the old token
  • Each refresh token is associated with a sessionId allowing to have multiple sessions on different devices
• Add different options to sort Audit findings 32dd337
  • The automatic sorting parameter can now be customized for each vulnerability category
  • Custom fields can be used as sorting parameter (input, date, radio and select)
  • Default sorting can be set in Custom data > Vulnerability Categories
  • Manual sorting of findings is also possible now with drag&drop

Merged

• Add Audit reviews and approval feature 02d144d. Thanks @lm-sec and @alexandre-lavoie
  • Add a new process (disabled by default) to handle Audit approbation
  • Update Settings
  • Add readonly visual on Audits when user cannot edit

Fixed

• Fix issue in HTML editor 63c6359
  • Toolbar styles could be applied by using their HTML tags directly in the editor resulting in visual bugs
• Fix issue in textarea-array component dd5b51f
  • Removed trim function since it caused issues with resetting cursor at end of input when deleting and reaching a space. It is taken care of by the trim option in mongoose
• Fix database compatibility issue 361cd0a
  • Fix the mongodb version to avoid compatibility issue with newer versions for now

UPDATE ATTENTION

• After updating, Settings will be reset to default

Install & Use

Copyright (c) 2020 pwndoc