Skip to content

RE 2.0.5

Latest
Compare
Choose a tag to compare
@karendm karendm released this 05 Dec 18:20
b96ce1d

Reporting Engine v2.0.5

This release of Reporting Engine (RE) 2.0 builds on 2.0.4 and includes the new features, fixes, and improvements outlined below. See README for full instructions.

New Features

  • Initial Remote Penetration Test implementation including the following features:
    • Assessment Details to track stakeholder and assessor information
    • Findings to track details about vulnerabilities, misconfigurations, and other findings of note during an assessment
    • Phishing services to track metrics pertaining to payload testing
    • Other services to track OSINF and port mapping metrics
    • Narratives to track attack path details and step-by-step walkthroughs
    • KEV Catalog to track identified Known Exploited Vulnerabilities and map them to findings
    • Risk Scoring placeholder to generate a score for comparing risk over time and between stakeholders based on custom methodology
    • Activity Tracker to track high level assessment activity and infrastructure details for stakeholder awareness
    • Report screen for previewing/finalizing the assessment report
    • Export screen for exporting various artifacts and deliverables related to the assessment

Improvements and Updates

  • Instances of Vulnerability Evaluation have been changed to Penetration Testing Capabilities
  • Out-Brief slides for RVA and FAST now include the narrative steps (one slide per step)
  • Bumped Pillow dependency to v10.0.1 due to vulnerabilities in previous versions
  • Changed EI JSON output to use helpful descriptors instead of numbers
  • Updated README to reflect correct Node/NPM requirements
  • Updated Payload Parser dependencies
  • Updated KEV Catalog
  • Implemented number type form fields to restrict data entry to numbers for certain fields
  • Added two new findings: Non-Essential Use of Elevated Accounts and Spam Filtering Weakness
  • Updated various finding descriptions

Fixes

  • Mailto hyperlink for vulnerability_info has been fixed (previously was pointing to vulnerability alias)
  • Export All function only exports relevant artifacts based on assessment type
  • Offline restore function in ptp.py has been fixed
  • Date fields have been converted to naive form fields to eliminate issues when changing timezones
  • MITRE sub-techniques now appear on the attack path creation screen (previously only appeared on the edit screen)