PAC Report Generator

Introduction

The PAC Report is a tool that generates a PDF file from an HTML template in Golang. The template is created using Go's html/template package, which provides a rich templating language for HTML templates. The data passed in can be any kind of Go's data structures, and to access the data in a template, the top most variable is accessed by {{.}}. The PAC file structure is set on the Golang side, and you can create your HTML template file using this structure. To generate an HTML template file, you can use the sample file provided in the PAC file structure. Once the HTML template file is created, you can upload it to the PAC management file, choose the report template, and upload your template file. You can then generate a PDF report by selecting the result and clicking the generate report button. Finally, your file can be downloaded from the server in your browser.

Golang Template

Go’s html/template package provides a rich templating language for HTML templates. It is mostly used in web applications to display data in a structured way in a client’s browser. One great benefit of Go’s templating language is the automatic escaping of data.

Writing a template in Go is very simple. This example shows a TODO list, written as an unordered list (ul) in HTML. When rendering templates, the data passed in can be any kind of Go’s data structures. It may be a simple string or a number, it can even be nested data structure as in the example below. To access the data in a template the top most variable is access by {{.}}. The dot inside the curly braces is called the pipeline and the root element of the data.

data := TodoPageData{
    PageTitle: "My TODO list",
    Todos: []Todo{
        {Title: "Task 1", Done: false},
        {Title: "Task 2", Done: true},
        {Title: "Task 3", Done: true},
    },
}
<h1>{{.PageTitle}}</h1>
<ul>
    {{range .Todos}}
        {{if .Done}}
            <li class="done">{{.Title}}</li>
        {{else}}
            <li>{{.Title}}</li>
        {{end}}
    {{end}}
</ul>

For more information click here.

PAC file structure

You can use from this structure that it is set on the golang side and create your HTML template file.


NOTE

You can see the golang structure in PAC-PDF-Generator_struct.


First - Generate HTML template file

The template sample file:

<!DOCTYPE html>
<html lang="en">

<head>
  <meta charset="UTF-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">

  <title>PAC Report</title>
  <style>
    html,
    body {
      font-size: 18px;
      line-height: 26px;
      margin: 0;
    }

    .page {
      margin: 10px;
      padding: 10px;
    }

    img {
      width: 100%;
      height: 100%;
    }

    #header {
      position: fixed;
      top: 0;
      left: 0;
    }

    #footer {
      position: fixed;
      bottom: 0;
      left: 0;
    }

    .footer {
      position: fixed;
      bottom: 0;
      left: 0;
    }

    main {
      text-align: justify;
      word-wrap: break-word;
      page-break-inside: avoid;
      color: #3d3d7a;
    }

    table {
      width: 100%;
      font-size: 16px;
      text-align: left;
      border-spacing: 0;
    }

    th {
      color: white;
      border: 1px solid white;
      background-color: #6C7481;
    }

    td {
      border: 1px solid #e6e6e6;
    }

    tr {
      border: none;
    }

    th,
    td {
      padding: 10px;
    }
  </style>
</head>

<body>
  <main>
    <div class="page">
      <h3>{{.Paconfig.ApplicationName}}</h3>
      <div>
        <h3>Disclaimer</h3>
        <p>
          Prancer Enterprise gives no warranties, express or implied for accuracy, reliability, quality, correctness, or
          freedom from error or omission of this work product, including any implied warranties of merchantability,
          fitness
          for a specific purpose or non-infringement. This document is delivered "as is", and Prancer Enterprise shall
          not
          be liable for any inaccuracy.
          Prancer Enterprise does not warrant that all errors in this work product shall be corrected. Except as
          expressly
          outlined in any master services agreement or project assignment, Prancer Enterprise is not assuming any
          obligations or liabilities including but not limited to direct, indirect, incidental or consequential, special
          or
          exemplary damages resulting from the use of or reliance upon any information in this document. This document
          does
          not imply an endorsement of any of the companies or products mentioned.
          ©2022 Prancer Enterprise. All rights reserved. No part of this document may be reproduced, copied or modified
          without the express written consent of the authors. Unless written permission is expressly granted for other
          purposes, this document shall be treated at all times as confidential and proprietary material of Prancer
          Enterprise and may not be distributed or published to any third party.
        </p>

      </div>
    </div>
    <P style="page-break-before: always"></P>
    <div class="page">
      <br>

      <h3>EXECUTIVE SUMMARY</h3>
      <br>

      <p>
        Prancer Enterprise conducted a comprehensive security assessment of {{.Paconfig.ApplicationName}} in order to determine
          existing vulnerabilities and establish the current level of security risk associated with the environment and
          the technologies in use.
      </p>

    </div>
    <P style="page-break-before: always"></P>
    <div class="page">
      <h3>TEST SCOPE</h3>
      <br>
      <p>
        The test scope for this engagement included the following items:
      </p>
      <div>
        <h4>
          Application Profile
        </h4>
        <div>
          Cloud Provider : {{.Paconfig.CloudType}}
        </div>
        <div>
          Application Name : {{.Paconfig.ApplicationName}}
        </div>
        <div>
          Application Type: {{.Paconfig.ApplicationType}}
        </div>
        <div>
          Risk Level: {{.Paconfig.RiskLevel}}
        </div>
        <div>
          Compliance: {{.Paconfig.Compliance}}
        </div>
        <div>
          Scan Type: {{.Paconfig.WebScan.Mode}}
        </div>
        <div>
          Target URL: {{.Paconfig.Target}}
        </div>
        <div>
          Authentication Type: {{.Paconfig.AuthenticationMethod}}
        </div>
        <div>
          Testing was performed: {{.Result.CompletedOn}}.
        </div>
        <br>

        <p>
          Testing was performed using industry-standard penetration testing tools and frameworks, including ZAP, Burp
          Suite,
          Nmap, Sniper, Fierce, OpenVAS, the Metasploit Framework, WPScan, Wireshark, Tcpdump, Aircrack-ng, Reaver,
          Asleap,
          and Arpspoof.
        </p>
      </div>
    </div>
    <P style="page-break-before: always"></P>
    <div class="page">
      <h3>Pentesting Details</h3>
      <div>Pentesting Approach</div>
      <div>Introduction</div>
      <br>

      <div>
        As organizations increasingly move to the cloud, they must also ensure that their data and applications are
        secure. Prancer provides a cloud security solution that helps organizations protect their infrastructure and
        applications while taking advantage of the many benefits of the cloud. Prancer provides a continuous validation
        platform to ensure your cloud environment is secure and compliant with industry standards.

        <div>
          Here is a breakdown of how the solution works!
        </div>
        <br>
        <div>
          Auto-Discover
        </div>

        <div>
          Prancer connects to enterprise resources in the cloud to discover all the attack surfaces at both the
          Infrastructure and Application layers. The source of information is the control plane configuration data
          available from the cloud solution providers for applications and code repositories.
        </div>
        <br>

        <div>
          Analyze
        </div>
        <div>
          The Prancer engine reviews the security configuration of the application infrastructure and correlates data
          from
          different sources to provide immediate feedback to the client about non-compliant items. It reports back all
          the
          security concerns to the client and provides remediation.
        </div>
        <br>
        <div>
          Strategize
        </div>

        <div>
          Based on the Intelligence out of the auto-discovery and analysis phase, Prancer now understands the
          application's underlying technologies and infrastructure design. Prancer strategizes attacks against
          enterprise
          assets based on this gained knowledge.
        </div>

        <br>

        <div>
          Attack Automation
        </div>

        <div>
          Prancer uses its patented solution for Attack automation. The Prancer engine creates attack chains and lateral
          movement strategies. It schedules the attacks on demand, on a scheduled basis, or in a continuous validation
          mode.
        </div>
        <br>
        <div>Reload</div>

        <div>
          The latest attack manifests are reloaded from the codified attack database. This database includes common
          vulnerabilities like OWASP top 10, SANS top 25, Zero-day vulnerabilities and CVEs and custom business logic
          testing developed by threat developers. All relevant attacks to the application and infrastructure in which
          the
          engine gained intelligence based on the auto-discovery phase are reloaded to the engine. This database is
          maintained by the Prancer Research team feeding from CVEs, CSPs, the dark web, and national vulnerability
          databases.
        </div>
        <br>

        <div>Attack Emulation</div>
        <div>
          Prancer patented Pentesting as Code (PAC) engine makes attacks emulation against enterprise assets to find
          security holes and validates the fixes. The scanner engine can run inside the client's network or make an
          external attack. All black box, grey box, and white box scenarios are fully automated and integrated into the
          platform to comprehensively view the available vulnerabilities.
        </div>

        <br>
        <div>Risk Assessment and scoring</div>
        <div>
          Prancer presents the prioritized risks and security assessment of company assets from the attacker's
          viewpoint.
          This risk-based scoring gives invaluable information to the security operators to remediate vulnerabilities
          before the exploit happens.
        </div>
      </div>
      <br>
    </div>
    <P style="page-break-before: always"></P>
    <div class="page">
      <h3>
        Crawled Urls
        <br>
        {{range .SpiderUrls}}
          <p>{{.}}</p>
        {{end}}
      </h3>
    </div>
    <P style="page-break-before: always"></P>
    <div class="page">
      <h3>
        Findings Details
      </h3>
      <table>
        <tr>
          <th>Finding</th>
          <th>Criticality</th>
          <th>Status</th>
          <th>WASCID</th>
          <th>Urls</th>
        </tr>
        {{range .AlertList}}
        <tr>
          <td>
            {{.Finding}}
          </td>
          <td>
            {{.Criticality}}
          </td>
          <td>
            {{.Code}}
          </td>
          <td>
            {{.WASCID}}
          </td>
          <td>
            {{.URL}}
          </td>
        </tr>
        {{end}}
      </table>
    </div>
    <P style="page-break-before: always"></P>
    <div class="page">
      <br>

      <h3>Correlated Resource</h3>
      <br><br>

      <h4>RelatedResources</h4>
      <table>
        <tr>
          <th>Name</th>
          <th>Parent</th>
          <th>Collection</th>
          <th>ResourceType</th>
          <th>ResourceNodeId</th>
          <th>TargetResource</th>
        </tr>
        {{range .CorrelatedResource.RelatedResources}}
        <tr>
          <td>{{.Name}}</td>
          <td>{{.Parent}}</td>
          <td>{{.Collection}}</td>
          <td>{{.ResourceType}}</td>
          <td>{{.ResourceNodeId}}</td>
          <td>{{.TargetResource}}</td>
        </tr>
        {{end}}
      </table>
      <h4>Edges</h4>
      <table>
        <tr>
          <th>Source</th>
          <th>Target</th>
        </tr>
        {{range .CorrelatedResource.Edges}}
        <tr>
          <td>{{.Source}}</td>
          <td>{{.Target}}</td>
        </tr>
        {{end}}
      </table>

    </div>

    <div class="page">
      <h3>Infr Outputs</h3>
      <table>
        <tr>
          <th>Title</th>
          <th>Severity</th>
          <th>Remediation Function</th>
          <th>Status</th>
        </tr>
        {{range .InfraOutputs}}
        <tr>
          <td>{{.Title}}</td>
          <td>{{.Severity}}</td>
          <td>{{.RemediationFunction}}</td>
          <td>{{.Status}}</td>
        </tr>
        {{end}}
      </table>
    </div>

  </main>
</body>

</html>

Upload the template file on the config file

1.Go to pac management file pac management screenshot

2.Choose the report template to upload your template file report box

3.Upload your template file, choose your file and upload here and you can see this template in all same collections. upload template screenshot

4.Go to finding page to generate PDF report see latest result

5.Choose your result, and click to generate a report generate report

6.Press to download report download report

  1. Finally your file download from server in your browser

You can use from this box for update, download, and delete your template file. alter