Need Help?

Head over to our GitHub Support Community to find more examples, raise bugs, request features or ask for help.

v2.10

New Pentest Report Template: v3.4

We just released a new Pentest Report Template!

This template takes advantage of many of the new features and capabilities introduced into AttackForge and ReportGen over the past several months.

The new template now includes the following:

• - New Section: Document Control
• - New Section: Version Control
• - Updated: Project Team
• - Re-designed: Executive Summary
• - New Section: Background
• - New Section: Approach
• - New Section: Methodology
• - New Section: Out-of-Scope
• - New Section: Customer Goals
• - New Section: Testing Team Goals
• - New Section: Assumptions and Constraints
• - New Section: Summary of Recommendations
• - New Section: Positive Security Observations
• - Re-designed: Retesting History
• - Updated: Summary of Findings
• - Re-designed: Vulnerabilities
• - New Section: Unique Vulnerability Details

You can download the new template from Templates.

New Data: Project Team Member (About Me)

We have added support for additional project team member data in reports, namely About Me.

See example below:

{#data.testing_summary.project_team_details}
{first_name} {last_name} ({role}) – {about_me}
{/}

Updated Charts

We added an extra option for Charts which can be configured to increase the y-axis on vertical bar charts. This can help to add some padding above the bars to improve the aesthetic of the chart.

Check this link for more information.

New Function: $percentage

We added a new Function - $percentage - that can be used to calculate the percentage of two values.

Example 1 - Get Percentage of Value Divided by TotalValue

{$declare[TotalValue][100]}
{$declare[Value][25]}
{$percentage[Value]["$(TotalValue)"]}%

Example 2 - Get Percentage of Value Divided by TotalValue, Rounded Up

{$declare[TotalValue][47]}
{$declare[Value][25]}
{$percentage[Value]["$(TotalValue)"] | roundUp}%

Example 3 - Get Percentage of Value Divided by TotalValue, to 2 Decimal Points

{$declare[TotalValue][47]}
{$declare[Value][25]}
{$percentage[Value]["$(TotalValue)"] | toFloat:'2'}%

Updated Functions: $declare, $push, $assign, $includes, $keys, $help

We updated $declare, $push and $assign Functions to support 'this' and 'this[number]'.

This is useful when you need to refer to dynamic data which has no identifier/key.

We also updated $includes to support Dictionaries.

We also updated $keys to support '$keys[this]' which can be used to iterate on any object and return each key/value pair in the object as an array.

We also added support for {$help[scope]} and {$help[var]} in your report templates to more easily show debugging and help information in your ReportGen browser console.

v2.9

New Function: $hyperlink

You can use this new function to construct hyperlinks in your reports. Hyperlinks can be built using data from your project (scope), manual creation or based on values from other variables.

Example 1 - Scope

Example below will create a new hyperlink based on scope.

{@$hyperlink[“%(projectName)”][“%(data.project.url)”]}

Example 2 - Manual

Example below will create a new hyperlink based on manually entered in values.

{@$hyperlink[“AttackForge.com”][“https://attackforge.com”]}

Example 3 - Variables

Example below will create a new hyperlink based on the values from other variables.

{$declare[Text][“Link to ReportGen”]}
{$declare[Link][“https://www.attackforge.com/reportgen.html”]}
{@$hyperlink[“$(Text)”][“$(Link)”]}

New Style: hyperlink_style

This release introduces a new style which allows you to independently set a style for hyperlinks contained within the styled tags.
!IMPORTANT - This style must be created using a Character style.

The AttackForge January 2024 release introduced support for hyperlinks for rich-text fields. Hyperlinks created using rich-text fields will now automtically show as hyperlinks in reports.

You can apply this style to any of the {@..._styled} fields. An example for the Proof of Concept field is included below:

{#vulnerabilities}
{#affected_assets}
{@proof_of_concept_styled(“hyperlink_style”:”custom”)}
{/}{/}

For more information on how to apply this style, visit this link.

New Function: $comment

You can use this new function to include comments in your template which do not get shown in the report. This can be useful to help you with adding explanations and also debugging.

You can add comments in two different ways:

{$comment[THIS IS A COMMENT]}
{!!THIS IS A COMMENT}

New Function: $multiply

You can use this new function to multiply a variable which has a numeric value.

The example below will create a new variable 'AmountToCharge' with a default amount of $500. It then checks for a project custom field 'rateToMultiplyCharge' and multiplies 'AmountToCharge' by this amount. Combine with $value to show the amount to charge.

{$declare[AmountToCharge][500]}
{#projectCustomFields}
{#rateToMultiplyCharge}
{$multiply[AmountToCharge][”%(rateToMultiplyCharge)”]}
{/}{/}
{$value[AmountToCharge]}

User Profiles Now Available

You can now include user profile information in your reports for each team member on the project.

{#data.testing_summary.project_team_details}
First Name: {first_name}
Last Name: {last_name}
Project Role: {role}
Job Title: {job_title}
Business Group: {business_group}
Organization: {organization}
Location: {office_location}
{/}

v2.8

Introducing ReportGen CLI and NodeJS library

AttackForge ReportGen is now available in two (2) new formats:

• - ReportGen Command Line Interface (CLI) tool - this version of ReportGen is ideal for people who prefer to build pentest reports on the command line, and combine ReportGen into an existing automation or pipeline.
• - ReportGen NodeJS library - this version is ideal for people who want to simply "import" ReportGen into their existing codebase or scripts, and build custom penetration testing reports easily and effortlessly.

To programmatically create reports, it is recommended to use the AttackForge Self-Service API to retrieve the JSON report data for any given project.

You can download the ReportGen CLI and NodeJS library from NPM.

Combined Reports Now Supported

AttackForge Core & Enterprise supports Combined Reports. These reports combine multiple project JSON files, to create a single report using data from multiple projects.

You can now use this browser tool to create and test your Combined Report templates.

To do this, simply select multiple JSON files on the 'Select Your JSON File' step.

For more information on Combined Reports, visit the Support Centre.

New Option: Enable/Disable Image Figure

This release introduces a new option which allows you to enable or disable automated figures which are inserted for every inline image contained within the styled tags. You can disable automated figures as follows:

{@..._styled(“image_figure”:“none”)}

For more information on how to enable this option, visit this link.

New Style: Image Display Style

This release introduces a new style which allows you to independently set a style for inline images contained within the styled tags.

This allows you to have finer control over the styling which is applied to the images. For example, this Guide will show you how to apply a border to every image, using this new style.

For more information on how to apply this style, visit this link.

New Style: Image Description Style

This release introduces a new style which allows you to independently set a style for inline image descriptions contained within the styled tags.

This allows you to have finer control over the styling which is applied to the descriptions which appear beneath the images, for example the captions or filenames.

For more information on how to apply this style, visit this link.

Charts Now Supported Inside Loops

You can now create charts inside loops. For example, this is useful if you are creating a new chart for every vulnerability.

v2.7

Support for Grouped Assets on Vulnerabilities

The July 2023 release of AttackForge Core and Enterprise added support for grouped assets on vulnerabilities.

Grouped assets on vulnerabilities allows you to:

• - Register multiple affected assets for every individual vulnerability
• - Capture and retain asset-specific metadata for each affected asset
• - Track actioned status for each affected asset on the vulnerability

Grouped assets can help to:

• - Increase efficiency when working on infrastructure penetration tests
• - Reduce overall number of vulnerabilities whilst preserving affected asset data
• - Improve time and effort for quality review cycles on vulnerabilities

Support for grouped assets has been added in this release of ReportGen.

For details on how adjust your template to take advantage of grouped assets, please visit this Support Page.

Pentest Report Template 3.1 and 3.2

This release introduces two (2) new pentest reporting templates:

• Pentest Report v3.1 - a template showcasing the features available in ReportGen v2.7+
• Pentest Report v3.2 - a template with minimal logic which can be used out-of-the-box, and has support for grouped assets on vulnerabilities

You can download the templates from Templates.

We have also released an updated example JSON test file which can be used for testing your templates.

Download Test Data (JSON)

GitHub Community Support Site

As part of our mission to support the growing community of AttackForge users, we have released a new dedicated Support Site for ReportGen.

This Support Site provides:

• - Information on getting started with ReportGen;
• - Template examples to achieve common use cases and reporting needs; and
• - Place to ask questions and receive tips and help from our support team and the community.

We hope the new Support Site for ReportGen will make it easier for everyone to build awesome testing reports, with minimal effort!

You can access the new ReportGen Support Site from https://github.com/AttackForge/ReportGen.

New Option: Custom Styles for Individual Rich-Text Fields

You can now assign individual rich-text fields to different custom styles which are in your template.

The following example assigns the custom styles VulnerabilityNormal and VulnerabilityList to the Steps to Reproduce / Proof of Concept field in the template:

{@proof_of_concept_styled("normal_style":"VulnerabilityNormal", "list_style":"VulnerabilityList")}

This feature can be used with {@execSummaryNotesStyled}, {@description_styled}, {@attack_scenario_styled}, {@remediation_recommendation_styled} or any styled custom fields.

The following style references are supported:

• normal_style - applies to normal body text
• list_style - applies to lists
• code_snippet_style - applies to code snippets
• heading_1_style - applies to heading 1
• heading_2_style - applies to heading 2
• heading_3_style - applies to heading 3
• image_style - applies to images and their captions

For more instructions and details, please visit this Support Page.

New Option: Image Options Supported For All Styled Tags

In the previous release of ReportGen, we added support for passing custom options to configure how your image descriptions are displayed in reports.

In this release, we extended this feature to support any styled tags, including your own custom rich-text fields.

For example:

{@..._styled(“image_description”:“caption”)}
{@..._styled(“image_description”:“prefer-caption”)}
{@..._styled(“image_description”:“filename”)}
{@..._styled(“image_description”:“none”)}

• - image_description: caption - will display the caption if it exists, otherwise will display nothing.
• - image_description: prefer-caption - will display the caption if it exists, otherwise will display filename.
• - image_description: caption - will display the filename.
• - image_description: none - will display no caption or filename.

Styled Custom Fields

In this release, we added support to render custom rich-text fields.

You need to use the following format for the tag in order to render it in the report:

{@KEY_styled}

Where KEY is substituted for the custom field key for the rich-text field.

For example, let's say you have a Project custom field "additional_notes" - you would render it in your report as follows:

{#projectCustomFields}
{#additional_notes}
{@additional_notes_styled}
{/}{/}
!IMPORTANT: All rendered fields {@KEY_styled} must be on it's own line/paragraph in your template.
The following will not work:

{#projectCustomFields}{#additional_notes}{@additional_notes_styled}{/}{/}

Add Figures For Images

All images will now automatically prefix Figure X: to the image description.

This means you no longer need to manually inject figure numbers for each of your images inserted dynamically by ReportGen.

New Function: $equalsRegex

You can use this new function to perform an equality comparison for a variable against a value using a Regular Expression test. It performs a global, case insensitive test.

{$equalsRegExp[variable][/someRegExp/]}

Example 1: Test if name contains "brown":

{$declare[MyName][“Bobby Brown”]}
{#$equalsRegExp[MyName][/brown/]}
My Name has Brown
{/}{^$equalsRegExp[MyName][/brown/]}
My Name does not have Brown
{/}

Example 2: Test for a URL:

{$declare[TestURL][“https://google.com”]}
{#$equalsRegExp[TestURL][/(https?:\/\/(?:www\.|(?!www))[a-zA-Z0-9][a-zA-Z0-9-]+[a-zA-Z0-9]\.
[^\s]|www\.[a-zA-Z0-9][a-zA-Z0-9-]+[a-zA-Z0-9]\.[^\s]|https?:\/\/(?:www\.|(?!www))[a-zA-Z0-9]+\.
[^\s]|www\.[a-zA-Z0-9]+\.[^\s])/]}
Is a URL
{/}{^$equalsRegExp[TestURL][/(https?:\/\/(?:www\.|(?!www))[a-zA-Z0-9][a-zA-Z0-9-]+[a-zA-Z0-9]\.
[^\s]|www\.[a-zA-Z0-9][a-zA-Z0-9-]+[a-zA-Z0-9]\.[^\s]|https?:\/\/(?:www\.|(?!www))[a-zA-Z0-9]+\.
[^\s]|www\.[a-zA-Z0-9]+\.[^\s])/]}
Is NOT a URL
{/}

Example 3: Test for an IP Address:

{$declare[TestIP][“192.168.0.1”]}
{#$equalsRegExp[TestIP][/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]
?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/]}
Is an IP address
{/}{^$equalsRegExp[TestIP][/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]
?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/]}
Is NOT an IP address
{/}

New Filter: Float

You can convert a number to a floating point number. Decimal number e.g. '2' is optional and defaults to 2 if no option is provided. If the conversion doesn’t work it will return 0.0.

{#cvssv3_base_score | toFloat:'2'}

New Filter: Integer

You can convert a number to an integer. If the conversion doesn’t work it will return 0.

{#cvssv3_base_score | integer}

New Filter: Round

You can round a number to the nearest integer.

{#cvssv3_base_score | round}

New Filter: RoundUp

You can round a number up to the nearest integer.

{#cvssv3_base_score | roundUp}

New Filter: RoundDown

You can round a number down to the nearest integer.

{#cvssv3_base_score | roundDown}

New Filter: Capitalize

You can capitalize the tag. The first character will be uppercase, all others lowercase.

{#title | capitalize}

New Filter: Titlecase

You can titlecase the tag. Words will start with uppercase letters, all remaining characters are lowercase.

{#title | toTitleCase}

Styled and Labelled $help

To make debugging easier, we have added styled and label-supportd $help functions.

Now when you use the $help function, the browser console will style and color-code it according to whether it relates to Scope or Variables.

In addition, you can pass labels to every $help function to make it easier to debug your template, and is especially useful when printing multiple $help statements.

{$help[some label]["$()"]} - prints diagnostic information for Variables.
{$help[some label]["%()"]} - prints diagnostic information for Scope.

Improvements in Removing Line-breaks Before and After {@rawXML} Tags

Now when you insert any tags in your template which contains rawXML, such as styled tags for rich-text fields - the line breaks above and below the data will be automatically removed.

This makes your reports look cleaner and reduces the need for manual post-generation efforts to remove the additional line breaks.

Test Case Workspace Notes

For AttackForge Core and Enterprise users - you can now inject your Test Case Workspace Notes into your JSON export, to make the data available for reporting purposes.

To do this, go to the Administration module, and from the Projects menu - select Test Case Workspace Notes from Export Project as JSON Additional Items section.

v2.6

Pentest Report Template v3

This release introduces a new contemporary pentest reporting template - showcasing the possibilities now available in ReportGen v2.5+.

The new Pentest Report Template V3 includes:

• - Logic for a multi-phase project e.g. Web App Pentest + Infrastructure
• - Redesigned Executive Summary, using custom Charts
• - Redesigned Summary Findings
• - Redesigned Vulnerability Details with more information and enhancements
• - Redesigned Test Cases Details

You can download the template from Templates.

We have also released an updated example JSON test data which can be used for creating templates.

Download Test Data (JSON)

Charts

You can now create custom charts in your reports! The following charts are supported:

• - Vertical Bar Charts
• - Horizontal Bar Charts
• - Pie Charts
• - Donut Charts

Charts work with any data. You can create charts for your vulnerabilities, exec summary, test cases, attack chains or even categorize your data.

Charts also support Scope and Variables.

Every chart comes with configuration options (e.g. colors, font sizes, spacing, etc.) so you can configure and style the chart to your preferences.

Example Vertical Bar Chart:

Example Horizontal Bar Chart:

Example Pie Chart:

Example Donut Chart:

For a tutorial on how to create charts in your templates, visit Template - Charts

New Variable Type: Dictionary

A Dictionary is a flat list of key:value pairs. It can be useful for capturing dynamic data, or for grouping data.

You can refer to the Dictionary any where you need it in your report.

Dictionary is supported on the following Functions: $declare, $push, $assign, and $keys.

Example 1: Using a Dictionary to count all affected assets for every vulnerability, then prints the count alongside the vulnerability name.

{$declare[VulnsCountAffectedAssets][<Dictionary>]}
{#vulnerabilities}
{$declare[VulnsCountAffectedAssets[“%(title)”]][0]}
{$assign[VulnsCountAffectedAssets[“%(title)”]][“%(affected_assets.length)”]}
{/}
{#$keys[VulnsCountAffectedAssets]}
Vulnerability Title: {this[0]} – Total Affected Assets: {this[1]}
{/}

Example 2: Using a Dictionary to store every phase of testing e.g. Web App, Ext. Infrastructure, Int. Infrastructure etc. along with each vulnerability associated to each phase of testing, then print the phase and its vulnerabilities.

{$declare[TestingPhaseVulns][<Dictionary>]}
{#projectCustomFields}
{#testing_phases}
{$declare[CurrentPhase][“%(./)”]}
{$declare[TestingPhaseVulns[“$(CurrentPhase)”]][[]]}
{#vulnerabilities | filterBy:“AffectedAssetCustomFields”:[“testing_phase:$(CurrentPhase)”]}
{$push[TestingPhaseVulns[“$(CurrentPhase)”]][“%(./)”]}
{/}{/}{/}
{#$keys[TestingPhaseVulns]}
Vulnerabilities for Testing Phase: {this[0]}
{#this[1]}
Vulnerability Title: {title}
{/}{/}

Combining Filters in Functions

We have made it possible to now combine Filters with your Functions!

This can be achieved in two (2) different ways:

Example 1: Using a Filter inside the Function

{#vulnerabilities}
{#affected_assets}
{#assetCustomFields}
{$value[“%(af_sys_affected_endpoint) | replace:[“http”,”https”]”]}
{$declare[Custom][“%(af_sys_affected_endpoint) | replace:[“http”,”https”]”]}
{/}{/}{/}
{$value[“$(Custom) | replace:[“com”,”moc”]”]}

Example 2: Chaining a Filter to the output of a Function

{$declare[CustomSortedAffectedAssets][[]]}
{#vulnerabilities}
{#affected_assets}
{$push[SortedAffectedAssets][“%(./)”]}
{/}{/}
{#$value[SortedAffectedAssets] | sort:[“customtag_sortindex:asc”]}
{asset}
{/}

New Styled Text: Description, Attack Scenario and Recommendations

For Core and Enterprise users, you can now style your vulnerability descriptions, attack scenarios and remediation recommendations!

These tags will render a styled version based on the style set in-app using the WYSIWYG editor.

To switch over to the new styled tags, update your template to include the following within the {#vulnerabilities}...{/}.

{@description_styled}
{@attack_scenario_styled}
{@remediation_recommendation_styled}

New Styles: AF Normal and AF List

We have added support for two (2) new styles:

• - AF Normal which can be used to create a custom style for normal text inserted via the {@..._styled} tags.
• - AF List which can be used to create a custom style for bullet and numbered lists inserted via the {@..._styled} tags.

These new styles provide the ability to have custom formatting for how your normal text and lists are displayed in your reports when using the {@..._styled} tags.

To get started, create two new styles inside your Word template with the names 'AF Normal' and 'AF List'. Then apply a format to these styles.

When ReportGen builds your report, it will automatically map to these styles for you.

New Option: Configure Image Descriptions

This option can be set against the {@proof_of_concept_styled} tag in order to adjust how the filename or caption is displayed under an image.

{@proof_of_concept_styled(“image_description”:“caption”)}
{@proof_of_concept_styled(“image_description”:“prefer-caption”)}
{@proof_of_concept_styled(“image_description”:“filename”)}
{@proof_of_concept_styled(“image_description”:“none”)}

• - image_description: caption - will display the caption if it exists, otherwise will display nothing.
• - image_description: prefer-caption - will display the caption if it exists, otherwise will display filename.
• - image_description: caption - will display the filename.
• - image_description: none - will display no caption or filename.

New Function: $keys

You can use this new filter to retrieve the value for a Dictionary. $keys will return the data from a Dictionary in the following format:

[
    [
        "key",
        "value"
    ]
]

Therefore you can access the key using this[0] and value using this[1]. See example below.

Example: Using a Dictionary to count all affected assets for every vulnerability, then prints the count alongside the vulnerability name.

{$declare[VulnsCountAffectedAssets][<Dictionary>]}
{#vulnerabilities}
{$declare[VulnsCountAffectedAssets[“%(title)”]][0]}
{$assign[VulnsCountAffectedAssets[“%(title)”]][“%(affected_assets.length)”]}
{/}
{#$keys[VulnsCountAffectedAssets]}
Vulnerability Title: {this[0]} – Total Affected Assets: {this[1]}
{/}

New Function: $isFirst

Use this function to check if you are in the first iteration of a loop.

For example, if you want to add a section heading BEFORE printing the vulnerability titles:

{#vulnerabilities}
{#$isFirst}VULNERABILITIES
{/}{title}
{/}

Another example is if you want to check if it IS NOT the first iteration of a loop:

{#vulnerabilities}
{^$isFirst}NOT FIRST{/}{title}
{/}

New Function: $isLast

Use this function to check if you are in the last iteration of a loop.

For example, if you want to add an extra line break after every vulnerability title except for the last:

{#vulnerabilities}
{title}{^$isLast}
{/}{/}

Another example is if you want to check if it IS the last iteration of a loop:

{#vulnerabilities}
{#$isLast}IS LAST{/}{title}
{/}

New Function: $index

Use this function to print the current index of the loop you are iterating over:

{#vulnerabilities}
{$index} - {title}
{/}

New Filter: Search

You can use this filter to search for a value in a string, and return the results (substring) if found.

For example, if you had asset names which looked like the following:

https://application.com/route/api/1
http://application.com/route/api/2

And you wanted to only return the following:

/route/api/1
/route/api/2

You can do the following:

{#vulnerabilities}
{#affected_assets}
{asset | replace:["https://",""] | replace:["http://",""] | search:["/"]}
{/}{/}

The example above works by first removing the https:// and http:// part of the asset, then searching for the first forward slash character, then returning the remaining data if found.

New Filter: Index

You can use this filter to access an item in an array using its index number.

For example, if you needed to access the first vulnerability in a list - you can do the following:

{#vulnerabilities | index:["0"]}
{title}
{/}

Sort on Custom Tags and Custom Fields

We have now made it easy to perform a custom sort based on your custom tags or custom fields!

You can apply the sort as follows, replacing <KEY> with the key for your custom tag or custom field:

{#vulnerabilities}
{#affected_assets | sort:[“customtag_<KEY>:asc”]}
{/}{/}

{#vulnerabilities}
{#affected_assets | sort:[“customfield_<KEY>:asc”]}
{/}{/}

v2.5

Updates to Filters

New Filter: Resize

You can use this new filter to resize images. It works by setting a max-width value in pixels. The height will be automatically adjusted to match the same ratio.

Example resizing images in Steps to Reproduce (Proof of Concept) to 300 pixels wide:

{#vulnerabilities}
{#affected_assets}
{#proof_of_concept}
{%inlineScreenshot | resize:[“300”]}
{/}{/}{/}

Example resizing images in styled Steps to Reproduce (Proof of Concept) to 300 pixels wide:

{#vulnerabilities}
{#affected_assets}
{@proof_of_concept_styled | resize:[“300”]}
{/}{/}

New Filter: Replace

You can use this new filter to replace data.

For example, say you had some assets that looked like this:

https://application.com

And you wanted to remove the https:// part so it appears as follows:

application.com

You could do the following:

{#vulnerabilities}
{#affected_assets}
{asset | replace:[“https://”,“”]}
{/}{/}

New Filter: ReplaceRegExp

You can use this new filter with a regular expression to replace data.

For example, say you had some assets that looked like this:

https://application.com?query=1

And you wanted to remove the ?query=1 part so it appears as follows:

https://application.com

You could do the following:

{#vulnerabilities}
{#affected_assets}
{asset | replaceRegExp:[“[?].*”,“”]}
{/}{/}

New Filter: Split

You can use this new filter to split data based on a separator - and return a list of items.

For example, assuming you have tags in this format:

tag1:value

And you only want to show the right-hand-side (value), you could do the following:

{#vulnerabilities}
{#tags}
{$declare[tagSplitCounter][0]}
{#this | split:[“:”]}
{#$greaterThan[tagSplitCounter][0]}{.}{/}
{#$equals[tagSplitCounter][0]}{$increment[tagSplitCounter][1]}{/}
{/}{/}{/}

This example makes use of this filter to split the tag based on colon (:) as the separator. It also uses functions as a way to instruct the logic to skip over the first iteration of the loop (tag1) and then print everything after that (value).

New Filter: Trim

You can use this new filter trim the whitespace before and after a tag as follows:

{#title | trim}

Updates to Filters: Includes & Excludes

We have updated the Includes and Excludes filters to include support for Scope and Variables.

Includes Scope Example:

{#projectCustomFields}
{#customer_name}
{#projectGroups}
{#name | includes:[“%(../customer_name)”]}
Customer {customer_name} has access to this project.
{/}{/}{/}{/}

Includes Variables Example:

{$declare[CustomerName][“”]}
{#projectCustomFields}
{#customer_name}
{$assign[CustomerName][“%(customer_name)”]}
{/}{/}

{#projectGroups}
{#name | includes:[“$(CustomerName)”]}
Customer {$value[CustomerName]} has access to this project.
{/}{/}

Updates to Functions

New Function: $includes

You can use the new $includes function to check if a value exists or does not exist (excludes) within a variable.

To check if data exists:

{#$includes[variable][value]}{/}

To check if data does not exist (excludes):

{^$includes[variable][value]}{/}

The following example creates a unique list of affected asset names, then prints the list.

{$declare[UniqueAssets][[]]}
{#vulnerabilities}
{#affected_assets}
{^$includes[UniqueAssets]["%(asset)"]}
{$push[UniqueAssets]["%(asset)"]}
{/}{/}{/}
{#$value[UniqueAssets]}
{.}
{/}

New Function: $append

You can use the new $append function to append data to an existing variable.

{$append[variable][value]}

Example below will create a new variable, then append the vulnerability title to it.

{$declare[VulnTitle]["Title: "]}
{#vulnerabilities[0]}
{$append[VulnTitle]["%(./)"]}
{/}
{$value[VulnTitle]}

New Function: $sort

You can use the new $sort function to sort the data within a variable.

To observe the variables available for sorting - use the $help function.

Example 1: Sort A List

{#$sort[UniqueAffectedEndpoints][":asc"]}{/}

Example 1: Single-Key Sort

{#$sort[UniqueAffectedEndpoints]["af_sys_affected_endpoint:desc"]}{/}

Example 2: Multi-Key Sort

{#$sort[UniqueOWASPTop10Vulns]["priority:asc","title:desc"]}{/}

v2.4

Updates to Filters

This release introduces an update to filterBy to include filterBy:'AffectedAssetProperties', filterBy:'AffectedAssetCustomFields', and filterBy:'AffectedAssetCustomFields-CountVulns'.

This filter is used to retrieve a set of vulnerabilities where the affected assets meet certain conditions.

For filterBy:'AffectedAssetCustomFields' and filterBy:'AffectedAssetCustomFields-CountVulns' - these filters are used in the exact same way as filterBy:'AffectedAssetCustomTags', however will filter vulnerabilities by their custom fields instead of by their custom tags.

For filterBy:'AffectedAssetProperties' - this filter works on other properties associated with the affected assets, such as CVSS scores, priorities, status, and resolution reason. For example, you can return a list of vulnerabilities and their affected assets which are closed, as follows:

{#vulnerabilities | filterBy:'AffectedAssetProperties':['status:Closed']}
{priority} - {title}
{#affected_assets}
{asset}
{/}{/}

Or you can extend the filter to match multiple AND or OR conditions. For example, you can return a list of vulnerabilities and their affected assets which are either open or ready for retest.

{#vulnerabilities | filterBy:’AffectedAssetProperties’:[‘status:Open’,’status:Retest’]:’OR’}
{priority} - {title}
{#affected_assets}
{asset}
{/}{/}

This filter works with any key:value pair on affected_assets. If you are unsure which properties you can use this filter on, try using the Helper function to see which fields are available to you.

{#vulnerabilities}
{#affected_assets}
{$help["%()"]}
{/}{/}

Performance Boost!

We have introduced a new compression engine for AttackForge Core and Enterprise users which improves report generation by up to 70%! This is particularly noticeable on large reports with lots of images.

User Experience

You now no longer need to include {#individualReport} tag in your AttackForge Core and Enterprise templates.

Bug Fixes

We have fixed few different bugs which relate to rendering of lists and line breaks in the reports.

v2.3

Pentest Report Template v2

This release introduces a new contemporary pentest reporting template - showcasing the possibilities available in ReportGen v2+.

This template contains the following enhancements:

• Redesigned Executive Summary - new dual-column layout + extra tags + styled executive summary notes
• Redesigned Testing Summary - new layout + extra tags for overview of testing progress
• New Section 'Summary Findings' - color-coded tables with overview of all vulnerabilities
• Custom AttackChain Images - use your own images in your attack chains. New placeholders are included
• Redesigned Vulnerability Details - new dual-column layout + color-coded vulnerability headings + styled POCs with center-aligned images and italicized captions
• Whitespace Reductions - reduced whitespace to make reports more practical and concise
• Redesigned Test Cases - new dual-column layout + color-coded section headings
• New Section 'OWASP Top 10 Mapping' - demonstrates power of Functions to create custom dynamic sections within your reports
• Updated Vulnerability-to-Asset & Asset-to-Vulnerability Mappings - color-coded for easy consumption of data
• Updated Table of Contents
• {#projectCustomTags} & {#assetCustomTags} - utilizes custom tagging to display new data in the report
• New fonts & headings
• DateFormat() filter - filter has been applied to dates & times

You can download the template from Templates.

We have also released an updated example JSON test data which can be used for creating templates.

Download Test Data (JSON)

Custom JSON Data Now Supported

You can now use ReportGen with custom JSON data and files!

ReportGen now supports the {data} tag which provides access to the top-level array or object in your JSON file.

This tag provides direct access to the entire JSON file - providing support for custom data which is not included in a standard AF JSON project export file.

For example, if you had the following JSON file:

{
	"scanName": "XYZ Scan for ABC Network",
	"vulns": [
		{
			"name": "SQL Injection",
			"ips": [
				"10.0.0.1",
				"10.0.0.2"
			]
		},
		{
			"name": "SSRF",
			"ips": [
				"10.0.0.1",
				"10.0.0.2"
			]
		}
	]
}

You can print this data in your custom report as follows:

{data.scanName}
{#data.vulns}
{name}
{#ips}
{.}
{/}{/}

You can access many of the pre-built Functions and Filters to add powerful logic and formatting to your custom data.

New Style: AF Images

We have added support for a new style AF Images which can be used to create a custom style for images and their captions inserted via the {..._styled} tags.

This new style provides ability to have custom formatting for how your images and captions are displayed in your reports, for example in your executive summary or steps to reproduce / proof of concepts.

To get started, create a new style inside Word with the name 'AF Images'. Then apply a format to this style.

When ReportGen builds your report, it will automatically map to this style for you.

v2.2

Accessing Parent Objects

ReportGen now automatically includes the parents for each object in your JSON project/reporting file. This means you can traverse up or down anywhere in the report, to access the right data you need.

For example, say you were looping through each vulnerability and you wanted to print the project name as well as the vulnerability title - you could do the following:

{#vulnerabilities}
{parent.projectName} – {title}
{/}

Now instead if you are looping through affected assets and you want to print the project name + vulnerability title + affected asset name - you could do the following:

{#vulnerabilities}
{#affected_assets}
{parent.parent.projectName} – {parent.title} – {asset}
{/}{/}

If you are unsure of what data or parents are available to you at anywhere in your report, you can use help function:

{#vulnerabilities}
{#affected_assets}
{$help["%()"]}
{/}{/}

This will print a help section in your browser console when you try to run the report, which will detail all data you can access, including any parents, at that time and section within your template.

New Filter - Filter

This release introduces a new filter called 'filter'. You can use this filter to select objects within a list that match a particular condition.

For example, if you wanted to filter your vulnerabilities by critical AND easily exploitable you could use the following:

{#vulnerabilities | filter:’easily_exploitable === true AND priority === “Critical”’}
{title}
{/}

Another example is filtering affected assets based on remediation status AND priority. Note this example applies the filter to the {#affected_assets} and utilises "parent" to access the priority from the vulnerability.

{#vulnerabilities}
{#affected_assets | filter:’remediation_status === "Open" AND parent.priority === “Critical”’}
{title}
{/}{/}

Another example is applying the filter against custom tags. This example assumes you have defined a custom tag with name/key "owasp_top_10" and value of "yes".

{#vulnerabilities}
{#affected_assets} 
{#assetCustomTags | filter:’owasp_top_10 === "yes"’}
{title}
{/}{/}{/}

Another example is applying the filter against custom fields. This example assumes you have defined a custom field with name/key "owasp_top_10" and value of "yes".

{#vulnerabilities}
{#affected_assets} 
{#assetCustomFields | filter:’owasp_top_10 === "yes"’}
{title}
{/}{/}{/}

Another example is applying the filter combined with functions. This example will create a new list of all OWASP Top 10 vulnerabilities that can be referenced anywhere further in the report. This example assumes you have defined a custom tag with name/key "owasp_top_10" and value of "yes".

Example of pushing into new list using parent objects:

{$declare[OWASP_Top_10_Vulns][[]]}
{#vulnerabilities}
{#affected_assets} 
{#assetCustomTags | filter:’owasp_top_10 === "yes"’}
{$push[OWASP_Top_10_Vulns][“%(parent.parent)”]}
{/}{/}{/}
...
{#$value[OWASP_Top_10_Vulns]}
{title}
{/}

Example of pushing into new list using scope:

{$declare[OWASP_Top_10_Vulns][[]]}
{#vulnerabilities}
{#affected_assets} 
{#assetCustomTags | filter:’owasp_top_10 === "yes"’}
{$push[OWASP_Top_10_Vulns][“%(../../)”]}
{/}{/}{/}
...
{#$value[OWASP_Top_10_Vulns]}
{title}
{/}

The following operators are supported when using this filter:

• NOT or ! - used to negate an expression. For example !(priority == "Critical")
• AND or && - used to and multiple expressions. For example priority == "Critical" AND zero_day == true
• OR or || - used to or multiple expressions. For example priority == "Critical" OR priority == "High"
• == - used to check for equivalency. For example priority == "Critical"
• === - used to check for equality. For example priority === "Critical"
• !== - used to check for not equivalency. For example priority !== "Critical"
• > - used to check for greater-than comparison. For example likelihood_of_exploitation > 5
• < - used to check for less-than comparison. For example likelihood_of_exploitation < 5
• >= - used to check for greater-than-or-equals comparison. For example likelihood_of_exploitation >= 5
• <= - used to check for less-than-or-equals comparison. For example likelihood_of_exploitation <= 5
• ( ) - used to group statements together. For example (priority == "Critical") AND (zero_day == true) OR ((priority == "Critical") AND (likelihood_of_exploitation >= 8))

v2.1

Introducing ReportGen Functions - Procedures & Operators

You can now use functions in your ReportGen templates to program custom logic and create sophisticated and powerful reports.

Functions extend the capabilities of ReportGen to achieve complex use cases and reporting requirements.

This release introduces six (6) Procedures and five (5) Operators. You can see more details by clicking on Functions in the menu.

Procedures

• $declare - use this procedure to declare a variable, which can then be used in other procedures and operators.
• $increment - use this procedure to increment a variable which has a numeric value.
• $decrement - use this procedure to decrease a variable which has a numeric value.
• $assign - use this procedure to assign a new value for a variable.
• $value - use this procedure to retrieve the value for a variable.
• $help - use this procedure to print diagnostic information to your ReportGen browser console, to help you with using procedures and operators in your template.

Operators

• $equals - use this operator to perform an equality comparison for a variable against a value.
• $lessThan - use this operator to perform a 'less than' comparison for a variable against a number.
• $lessThanOrEqual - use this operator to perform a 'less than or equal' comparison for a variable against a number.
• $greaterThan - use this operator to perform a 'greater than' comparison for a variable against a number.
• $greaterThanOrEqual - use this operator to perform a 'greater than or equal' comparison for a variable against a number.

New Filters

We have introduced new filters to provide greater flexibility when accessing your tags and data.

dateFormat

{tag | dateFormat:["namedFormat/mask"]}

This filter can be used to convert a date to a desired format. It uses named formats and masks to allow for custom date formats.

Example

{timestamp | dateFormat:["fullDate"]}

The example above will return Saturday, June 9, 2007 for the timestamp for when JSON report was downloaded.

sort

{tag | sort:["key:asc/desc"]}

This filter can be used to sort the data within a tag by a key within scope (or multiple keys).

Example

{#affected_assets | sort:["cvssv3_base_score:asc"]}
{name} - {cvssv3_base_score}
{/}

The example above will sort all affected assets for a vulnerability by their CVSSv3 Baseline score, in ascending order, then print the title and CVSS Baseline score in the report.

v2.0

Styled Proof of Concepts (POCs) / Steps to Reproduce

You can now style your POCs / Steps to Reproduce using the in-app WYSIWYG editor.

In your template, replace the following tags:

{#proof_of_concept}{text}{%inlineScreenshot}{/proof_of_concept}

With the following:

{@proof_of_concept_styled}

You can also set default styles in your template which will apply when report is generated. Following styles are supported:

• AF Heading 1 - style for WYSIWYG editor Heading 1
• AF Heading 2 - style for WYSIWYG editor Heading 2
• AF Heading 3 - style for WYSIWYG editor Heading 3
• AF Code Snippet - style for WYSIWYG editor PRE

New Filters: hasAny & hasAll

hasAny

You can use this filter to check whether at least one value exists in a tag. This can be used to create logic gates or sections within your reports.

{#tags | hasAny:['CVE','cve']}Associated CVEs...{/}

hasAll

You can use this filter to check whether all supplied values exist in a tag. This can be used to create logic gates or sections within your reports.

{#tags | hasAll:['OWASP Top 10','CWE Top 25']}This vuln is OWASP Top 10 & CWE Top 25...{/}

Tags and CVSS scores on every affected asset

{#affected_asset} now includes the following additional tags:

• {cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
• {cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
• {cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
• {cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
• {#tags}...{/} - list of all tags

Access full details for assets equally affected

You can now access all the tags included in {#affected_asset} for assets which are equally affected, using a new tag {#assets_equally_affected_full_details}...{/}

Note: requires use of option {#$optionRemoveDuplicatePOCs}{/} in your template.

Optimized performance for large reports

ReportGen has been optimized to work more efficiently with very large reports (many thousands of pages).