PAC Report Generator
Introduction
The PAC Report is a tool that generates a PDF file from an HTML template in Golang. The template is created using Go's html/template package, which provides a rich templating language for HTML templates. The data passed in can be any kind of Go's data structures, and to access the data in a template, the top most variable is accessed by {{.}}. The PAC file structure is set on the Golang side, and you can create your HTML template file using this structure. To generate an HTML template file, you can use the sample file provided in the PAC file structure. Once the HTML template file is created, you can upload it to the PAC management file, choose the report template, and upload your template file. You can then generate a PDF report by selecting the result and clicking the generate report button. Finally, your file can be downloaded from the server in your browser.
Golang Template
Go’s html/template package provides a rich templating language for HTML templates. It is mostly used in web applications to display data in a structured way in a client’s browser. One great benefit of Go’s templating language is the automatic escaping of data.
Writing a template in Go is very simple. This example shows a TODO list, written as an unordered list (ul) in HTML. When rendering templates, the data passed in can be any kind of Go’s data structures. It may be a simple string or a number, it can even be nested data structure as in the example below. To access the data in a template the top most variable is access by {{.}}. The dot inside the curly braces is called the pipeline and the root element of the data.
data := TodoPageData{
PageTitle: "My TODO list",
Todos: []Todo{
{Title: "Task 1", Done: false},
{Title: "Task 2", Done: true},
{Title: "Task 3", Done: true},
},
}
<h1>{{.PageTitle}}</h1>
<ul>
{{range .Todos}}
{{if .Done}}
<li class="done">{{.Title}}</li>
{{else}}
<li>{{.Title}}</li>
{{end}}
{{end}}
</ul>
For more information click here.
PAC file structure
You can use from this structure that it is set on the golang side and create your HTML template file.
NOTE
You can see the golang structure in PAC-PDF-Generator_struct.
First - Generate HTML template file
The template sample file:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>PAC Report</title>
<style>
html,
body {
font-size: 18px;
line-height: 26px;
margin: 0;
}
.page {
margin: 10px;
padding: 10px;
}
img {
width: 100%;
height: 100%;
}
#header {
position: fixed;
top: 0;
left: 0;
}
#footer {
position: fixed;
bottom: 0;
left: 0;
}
.footer {
position: fixed;
bottom: 0;
left: 0;
}
main {
text-align: justify;
word-wrap: break-word;
page-break-inside: avoid;
color: #3d3d7a;
}
table {
width: 100%;
font-size: 16px;
text-align: left;
border-spacing: 0;
}
th {
color: white;
border: 1px solid white;
background-color: #6C7481;
}
td {
border: 1px solid #e6e6e6;
}
tr {
border: none;
}
th,
td {
padding: 10px;
}
</style>
</head>
<body>
<main>
<div class="page">
<h3>{{.Paconfig.ApplicationName}}</h3>
<div>
<h3>Disclaimer</h3>
<p>
Prancer Enterprise gives no warranties, express or implied for accuracy, reliability, quality, correctness, or
freedom from error or omission of this work product, including any implied warranties of merchantability,
fitness
for a specific purpose or non-infringement. This document is delivered "as is", and Prancer Enterprise shall
not
be liable for any inaccuracy.
Prancer Enterprise does not warrant that all errors in this work product shall be corrected. Except as
expressly
outlined in any master services agreement or project assignment, Prancer Enterprise is not assuming any
obligations or liabilities including but not limited to direct, indirect, incidental or consequential, special
or
exemplary damages resulting from the use of or reliance upon any information in this document. This document
does
not imply an endorsement of any of the companies or products mentioned.
©2022 Prancer Enterprise. All rights reserved. No part of this document may be reproduced, copied or modified
without the express written consent of the authors. Unless written permission is expressly granted for other
purposes, this document shall be treated at all times as confidential and proprietary material of Prancer
Enterprise and may not be distributed or published to any third party.
</p>
</div>
</div>
<P style="page-break-before: always"></P>
<div class="page">
<br>
<h3>EXECUTIVE SUMMARY</h3>
<br>
<p>
Prancer Enterprise conducted a comprehensive security assessment of {{.Paconfig.ApplicationName}} in order to determine
existing vulnerabilities and establish the current level of security risk associated with the environment and
the technologies in use.
</p>
</div>
<P style="page-break-before: always"></P>
<div class="page">
<h3>TEST SCOPE</h3>
<br>
<p>
The test scope for this engagement included the following items:
</p>
<div>
<h4>
Application Profile
</h4>
<div>
Cloud Provider : {{.Paconfig.CloudType}}
</div>
<div>
Application Name : {{.Paconfig.ApplicationName}}
</div>
<div>
Application Type: {{.Paconfig.ApplicationType}}
</div>
<div>
Risk Level: {{.Paconfig.RiskLevel}}
</div>
<div>
Compliance: {{.Paconfig.Compliance}}
</div>
<div>
Scan Type: {{.Paconfig.WebScan.Mode}}
</div>
<div>
Target URL: {{.Paconfig.Target}}
</div>
<div>
Authentication Type: {{.Paconfig.AuthenticationMethod}}
</div>
<div>
Testing was performed: {{.Result.CompletedOn}}.
</div>
<br>
<p>
Testing was performed using industry-standard penetration testing tools and frameworks, including ZAP, Burp
Suite,
Nmap, Sniper, Fierce, OpenVAS, the Metasploit Framework, WPScan, Wireshark, Tcpdump, Aircrack-ng, Reaver,
Asleap,
and Arpspoof.
</p>
</div>
</div>
<P style="page-break-before: always"></P>
<div class="page">
<h3>Pentesting Details</h3>
<div>Pentesting Approach</div>
<div>Introduction</div>
<br>
<div>
As organizations increasingly move to the cloud, they must also ensure that their data and applications are
secure. Prancer provides a cloud security solution that helps organizations protect their infrastructure and
applications while taking advantage of the many benefits of the cloud. Prancer provides a continuous validation
platform to ensure your cloud environment is secure and compliant with industry standards.
<div>
Here is a breakdown of how the solution works!
</div>
<br>
<div>
Auto-Discover
</div>
<div>
Prancer connects to enterprise resources in the cloud to discover all the attack surfaces at both the
Infrastructure and Application layers. The source of information is the control plane configuration data
available from the cloud solution providers for applications and code repositories.
</div>
<br>
<div>
Analyze
</div>
<div>
The Prancer engine reviews the security configuration of the application infrastructure and correlates data
from
different sources to provide immediate feedback to the client about non-compliant items. It reports back all
the
security concerns to the client and provides remediation.
</div>
<br>
<div>
Strategize
</div>
<div>
Based on the Intelligence out of the auto-discovery and analysis phase, Prancer now understands the
application's underlying technologies and infrastructure design. Prancer strategizes attacks against
enterprise
assets based on this gained knowledge.
</div>
<br>
<div>
Attack Automation
</div>
<div>
Prancer uses its patented solution for Attack automation. The Prancer engine creates attack chains and lateral
movement strategies. It schedules the attacks on demand, on a scheduled basis, or in a continuous validation
mode.
</div>
<br>
<div>Reload</div>
<div>
The latest attack manifests are reloaded from the codified attack database. This database includes common
vulnerabilities like OWASP top 10, SANS top 25, Zero-day vulnerabilities and CVEs and custom business logic
testing developed by threat developers. All relevant attacks to the application and infrastructure in which
the
engine gained intelligence based on the auto-discovery phase are reloaded to the engine. This database is
maintained by the Prancer Research team feeding from CVEs, CSPs, the dark web, and national vulnerability
databases.
</div>
<br>
<div>Attack Emulation</div>
<div>
Prancer patented Pentesting as Code (PAC) engine makes attacks emulation against enterprise assets to find
security holes and validates the fixes. The scanner engine can run inside the client's network or make an
external attack. All black box, grey box, and white box scenarios are fully automated and integrated into the
platform to comprehensively view the available vulnerabilities.
</div>
<br>
<div>Risk Assessment and scoring</div>
<div>
Prancer presents the prioritized risks and security assessment of company assets from the attacker's
viewpoint.
This risk-based scoring gives invaluable information to the security operators to remediate vulnerabilities
before the exploit happens.
</div>
</div>
<br>
</div>
<P style="page-break-before: always"></P>
<div class="page">
<h3>
Crawled Urls
<br>
{{range .SpiderUrls}}
<p>{{.}}</p>
{{end}}
</h3>
</div>
<P style="page-break-before: always"></P>
<div class="page">
<h3>
Findings Details
</h3>
<table>
<tr>
<th>Finding</th>
<th>Criticality</th>
<th>Status</th>
<th>WASCID</th>
<th>Urls</th>
</tr>
{{range .AlertList}}
<tr>
<td>
{{.Finding}}
</td>
<td>
{{.Criticality}}
</td>
<td>
{{.Code}}
</td>
<td>
{{.WASCID}}
</td>
<td>
{{.URL}}
</td>
</tr>
{{end}}
</table>
</div>
<P style="page-break-before: always"></P>
<div class="page">
<br>
<h3>Correlated Resource</h3>
<br><br>
<h4>RelatedResources</h4>
<table>
<tr>
<th>Name</th>
<th>Parent</th>
<th>Collection</th>
<th>ResourceType</th>
<th>ResourceNodeId</th>
<th>TargetResource</th>
</tr>
{{range .CorrelatedResource.RelatedResources}}
<tr>
<td>{{.Name}}</td>
<td>{{.Parent}}</td>
<td>{{.Collection}}</td>
<td>{{.ResourceType}}</td>
<td>{{.ResourceNodeId}}</td>
<td>{{.TargetResource}}</td>
</tr>
{{end}}
</table>
<h4>Edges</h4>
<table>
<tr>
<th>Source</th>
<th>Target</th>
</tr>
{{range .CorrelatedResource.Edges}}
<tr>
<td>{{.Source}}</td>
<td>{{.Target}}</td>
</tr>
{{end}}
</table>
</div>
<div class="page">
<h3>Infr Outputs</h3>
<table>
<tr>
<th>Title</th>
<th>Severity</th>
<th>Remediation Function</th>
<th>Status</th>
</tr>
{{range .InfraOutputs}}
<tr>
<td>{{.Title}}</td>
<td>{{.Severity}}</td>
<td>{{.RemediationFunction}}</td>
<td>{{.Status}}</td>
</tr>
{{end}}
</table>
</div>
</main>
</body>
</html>
Upload the template file on the config file
1.Go to pac management file
2.Choose the report template to upload your template file
3.Upload your template file, choose your file and upload here and you can see this template in all same collections.
4.Go to finding page to generate PDF report
5.Choose your result, and click to generate a report
6.Press to download report
- Finally your file download from server in your browser
You can use from this box for update, download, and delete your template file.
