PwnDoc

Report generator.

Installation

• https://github.com/pwndoc/pwndoc

Prerequisites

apt install docker-compose
apt install npm

Install

cd /usr/bin
git clone https://github.com/pwndoc/pwndoc.git
cd pwndoc
service docker start

# Build and run Docker containers
docker-compose up -d --build

Behind a proxy

cd /usr/bin
git clone https://github.com/pwndoc/pwndoc.git
cd pwndoc
service docker start

cd backend
nano Dockerfile
### INSERT JUST BEFORE LINE: RUN apk

# Configure proxy
RUN npm config set proxy http://<proxy>:8080
RUN npm config set https-proxy http://<proxy>:8080

cd ..
# Build and run Docker containers
docker-compose up -d --build

Start PwnDoc

#service docker start
docker-compose start

Stop PwnDoc

docker-compose stop
#service docker stop

Configuration

Data -> Custom data -> Languages

Go to Data -> Custom data. Click on the Languages tab.

Language	Locale
English	en
French	fr

Data -> Companies

• Go to Data -> Companies.
• Click on Add company.
• Enter the company name and upload the logo.

Data -> Templates

• Download default report template
• Go to Data -> Templates. Click on Create Template.
• Enter “English Template” as the name and upload the report template document.
• Click on Create.

Data -> Custom data -> Custom fields

View	Component	Label	Description	Size
Audit General	Editor	execsummary	Executive summary	12
Audit General	Editor	introduction	Introduction	12
Audit General	Editor	accounts	Accounts and accesses used during the tests.	12
Audit General	Editor	limitations	Limitations	12
Audit Finding	Input	id	Custom ID	4

Data -> Custom data -> Audit Types

Name	English Template	French Template
Pentest	English Template	French Template

Data -> Custom data -> Vulnerability Types

Language	Name
English	Web Application
English	Wireless
English	Mobile Application
English	Hardware
English	Network
English	Database
French	Application web
French	Réseau sans fil
French	Application mobile
French	Matériel
French	Réseau
French	Base de données

Data -> Custom data -> Vulnerability Categories

Name

Penetration Test

Add users in MongoDB

docker-compose exec mongodb mongo
use pwndoc
db.users.find()

Generate the password hash (Bcrypt) using CyberChef.

db.users.insert({ "role" : "admin", "username" : "john", "firstname" : "John", "lastname" : "Smith", "password" : "$2a$10$...", "__v" : 0 })

Errors

Troubleshoot “Undefined” error in the application

cd <insert path>/src/pwndoc
docker-compose logs --tail 0 -f pwndoc-backend

Usage

• Application is accessible through https://localhost:8443
• When using Firefox, a certificate exception must be added for the backend. For that go to https://localhost:4242/api/users/init