AutoRpt creates unique working directories from these templates. If you retake a course or certification exam the new directory will be unique from the previous.
templates
├── oscp
├── osda
├── osed
├── osee
├── osep
├── osmr
├── oswa
├── oswe
├── oswp
├── pnpt
└── training
├── bugbounty
├── exp-301-lab
├── exp-312-lab
├── exp-401-lab
├── pen-200-lab
├── pen-210-lab
├── pen-300-lab
├── plain
├── soc-200-lab
├── web-200-lab
└── web-300-lab
AutoRpt enforces a consistent, dependable workflow for engagement note-taking and report writing. It does this by managing a base directory structure with note and report templates. All wrapped in a sleak 1980's menu system. The workflow is terminal friendly to keep your head in the engagement and not juggling various interfaces.
The main focus is easing the process associated with InfoSec certification exams such as the OSCP or PNPT, though many others are supported. It also covers training and CTF on common InfoSec platforms like Hack the Box, Try Hack Me, or Proving grounds to name but a few. Bug bounty hunting and penetration tests are also use case options but are considered work in progress.
🏆 Mad props and respect to noraj for the "Offensive Security Exam Report Template in Markdown". Portions of that repository are included in AutoRpt.
The following directory structure with canned template files is created after completing the prompts in autorpt startup.
This directory can be opened as an Obsidian vault. It's canned files are templates to guide your note taking and report writing process. Boilerplate tags are automatically replaced when producing the final report file format.
If you have an existing clone or release pre-v1.1.3, do these two steps. This will update your home directory config.toml with the latest values.
- Ensure your OS is updated with
sudo apt-get update -y && sudo apt-get upgrade -y. git pullto get the latest code.- run
autorpt upgradeafter pulling the latest from the repo.
A work-in-progress shell script is included which is intended to automate the dependencies and setup. The example here uses /opt as AutoRpt's install home.
AutoRpt has only been tested on Kali Linux and Ubuntu 22.04. A list of application dependencies may be found in the setup.sh script. Python dependencies are listed in the pyproject.toml file.
Highly recommended: :hammer_and_wrench: AutoRecon 🛠️ Flameshot 🛠️ Obsidian
sudo apt-get update -y && sudo apt-get upgrade -ycd /opt
sudo mkdir AutoRpt
# Set your user and group as owner.
sudo chown kali:kali AutoRpt
# Clone
git clone https://github.com/BenAcord/AutoRpt.gitcd AutoRpt
./setup.shautorpt helpautorpt
# Follow these settings, one-by-one.
Pick option 6 # Pick 6 for Settings
Pick option 1 # for Application-level settings
Pick option 2 # to set your full name, follow the prompts
Pick option 3 # if you have a student ID that carries to everything
Pick option 4 # to set your email address. Leave blank if you use different accounts for various use cases (e.g. bug bounty, training)
Pick option 5 # to set the preferred report format (e.g. pdf, pdf+7z, GitHub Markdown)autorpt.py [ help | settings | active | startup | vuln [list] | ports | sitrep [message] | addtarget [IP Address] | addtemplate | sitrep [list] | finalize | list | whathaveidone | upgrade ]
AutoRpt enforces consistent organization of directory structure and note taking to facilitate a smooth report writing process. For details on each parameter's functionality please see the wiki.
autorpt.py startupPrior to starting an exam or training, startup creates a base directory structure and populates it with a markdown report template. Run this well in advance of the exam start time. During the exam or training edit the markdown files for the targets.
Startup is required before using any other parameters, excluding help and settings. This is because startup creates the engagement working directory and registers the session. Every other parameter references the active engagement session.
-
autorpt.py portsQuickly scans for known recon tool nmap output and displays a summary of the ports and services. Also creates a spreadsheet with a tab for each target and its ports. It creates the summary from AutoRecon, nmapAutomator, and Reconoitre. -
autorpt.py vulnA submenu for logging confirmed vulnerabilities and assigning a CVSS 3 score and MITRE ATT&CK Framework tactic and technique. Recorded vulnerabilities are stored in a vulns.csv file and automatically injected into the final report as a table.
If you take an extended break and forget where you left off, no worries, use autorpt active to display information of the last engagement.
-
autorpt.py sitrepTrack your status and activity throughout the engagement. You can quickly add a status or review the log to see the history of activities. Yes, I realize this isn't a real sitrep report. This is a markdown file to ease visibility. -
autorpt.py finalizeDuring the exam report window AutoRpt generates a final report PDF and 7z archive from your markdown files. Other file formats are supported: Jira, odt, docx, and common markdown.
-
autorpt.py settingscan be run at any time to set application level and engagement session configuration values. If startup has not yet been run its engagements functionality will be limited. -
autorpt.py whathaveidonewill list the status of all engagements recorded to-date. This is a convenient way to keep track of what you've accomplished over time.
Enter an issue here on GitHub if you find a bug or have an enhancement idea.