PwnDoc

Report generator.

Installation

Prerequisites

apt install docker-compose
apt install npm

Install

cd /usr/bin
git clone https://github.com/pwndoc/pwndoc.git
cd pwndoc
service docker start

# Build and run Docker containers
docker-compose up -d --build

Behind a proxy

cd /usr/bin
git clone https://github.com/pwndoc/pwndoc.git
cd pwndoc
service docker start
cd backend
nano Dockerfile
### INSERT JUST BEFORE LINE: RUN apk

# Configure proxy
RUN npm config set proxy http://<proxy>:8080
RUN npm config set https-proxy http://<proxy>:8080
cd ..
# Build and run Docker containers
docker-compose up -d --build

Start PwnDoc

#service docker start
docker-compose start

Stop PwnDoc

docker-compose stop
#service docker stop

Configuration

Data -> Custom data -> Languages

Go to Data -> Custom data. Click on the Languages tab.

LanguageLocale
Englishen
Frenchfr

Data -> Companies

  • Go to Data -> Companies.
  • Click on Add company.
  • Enter the company name and upload the logo.

Data -> Templates

  • Download default report template
  • Go to Data -> Templates. Click on Create Template.
  • Enter “English Template” as the name and upload the report template document.
  • Click on Create.

Data -> Custom data -> Custom fields

ViewComponentLabelDescriptionSize
Audit GeneralEditorexecsummaryExecutive summary12
Audit GeneralEditorintroductionIntroduction12
Audit GeneralEditoraccountsAccounts and accesses used during the tests.12
Audit GeneralEditorlimitationsLimitations12
Audit FindingInputidCustom ID4

Data -> Custom data -> Audit Types

NameEnglish TemplateFrench Template
PentestEnglish TemplateFrench Template

Data -> Custom data -> Vulnerability Types

LanguageName
EnglishWeb Application
EnglishWireless
EnglishMobile Application
EnglishHardware
EnglishNetwork
EnglishDatabase
FrenchApplication web
FrenchRéseau sans fil
FrenchApplication mobile
FrenchMatériel
FrenchRéseau
FrenchBase de données

Data -> Custom data -> Vulnerability Categories

Name
Penetration Test

Add users in MongoDB

docker-compose exec mongodb mongo
use pwndoc
db.users.find()

Generate the password hash (Bcrypt) using CyberChef.

db.users.insert({ "role" : "admin", "username" : "john", "firstname" : "John", "lastname" : "Smith", "password" : "$2a$10$...", "__v" : 0 })

Errors

Troubleshoot “Undefined” error in the application

cd <insert path>/src/pwndoc
docker-compose logs --tail 0 -f pwndoc-backend

Usage