Reporting Engine v2.0.5
This release of Reporting Engine (RE) 2.0 builds on 2.0.4 and includes the new features, fixes, and improvements outlined below. See README for full instructions.
New Features
- Initial Remote Penetration Test implementation including the following features:
- Assessment Details to track stakeholder and assessor information
- Findings to track details about vulnerabilities, misconfigurations, and other findings of note during an assessment
- Phishing services to track metrics pertaining to payload testing
- Other services to track OSINF and port mapping metrics
- Narratives to track attack path details and step-by-step walkthroughs
- KEV Catalog to track identified Known Exploited Vulnerabilities and map them to findings
- Risk Scoring placeholder to generate a score for comparing risk over time and between stakeholders based on custom methodology
- Activity Tracker to track high level assessment activity and infrastructure details for stakeholder awareness
- Report screen for previewing/finalizing the assessment report
- Export screen for exporting various artifacts and deliverables related to the assessment
Improvements and Updates
- Instances of Vulnerability Evaluation have been changed to Penetration Testing Capabilities
- Out-Brief slides for RVA and FAST now include the narrative steps (one slide per step)
- Bumped Pillow dependency to v10.0.1 due to vulnerabilities in previous versions
- Changed EI JSON output to use helpful descriptors instead of numbers
- Updated README to reflect correct Node/NPM requirements
- Updated Payload Parser dependencies
- Updated KEV Catalog
- Implemented number type form fields to restrict data entry to numbers for certain fields
- Added two new findings: Non-Essential Use of Elevated Accounts and Spam Filtering Weakness
- Updated various finding descriptions
Fixes
- Mailto hyperlink for vulnerability_info has been fixed (previously was pointing to vulnerability alias)
- Export All function only exports relevant artifacts based on assessment type
- Offline restore function in ptp.py has been fixed
- Date fields have been converted to naive form fields to eliminate issues when changing timezones
- MITRE sub-techniques now appear on the attack path creation screen (previously only appeared on the edit screen)