factionsecurity / faction Goto Github PK
View Code? Open in Web Editor NEWPen Test Report Generation and Assessment Collaboration
Home Page: https://www.factionsecurity.com/
License: GNU General Public License v2.0
Pen Test Report Generation and Assessment Collaboration
Home Page: https://www.factionsecurity.com/
License: GNU General Public License v2.0
might want to add to your documentation that it requires maven to be installed for the mvn command
is there any plan to include editors in custom field section?
I have been playing around with a lot of different reporting tools as of late trying to find the best fit. I really enjoy the feel of faction but have the following issues. As the title states there is a mix of requests/questions!
If an assessment is finalized early, the assigned consultants are not set to free. This is an issue as for bigger consultancies, you may have 3 specialists on the project for a few days of the overall scope just to complete their section but then they cannot be assigned to another project.
Highlight color doesn't work for notes when scheduling (it does for all other places referenced as far as I could discover)
Scheduling:
Expected:
Custom fields only reflect on newly scheduled projects and newly created vulnerabilities inside new projects. IE if I have a vulnerability template and a month later add 4 custom fields, I have to create a new template manually to add the new fields or likewise with an existing project, a client may request for x field adding but that would require deleting the scheduled assessment, creating a new one and importing all data manually to support it. The latter is an edge case, but the issue is still present.
Custom fields support very limited types, consisting of string, bool and list. It would be great to get support for more complex data types. A big example would be supporting the large text boxes / markdown boxes that are contained through the reports. Past this 'object' support would be great. An example of where this could be used is in the likes of version control. Sysreptor offers this feature and it allows you to create for example a list of objects consisting of version number, consultant name, comment. That way with each new version you add an item to the list that generates the rest of the fields you require.
I think an amazing start would be to support the large text fields, but the object support would be super nice to have.
Adding graphs into the report dynamically based on templates would be awesome. Specifically would be looking to great graphs based on the issues/vulnerabilities raised, such as number of vulnerabilities broken down by severity:
There's a logic decisions that are neither bugs or features but maybe just something to raise to see peoples thoughts / if toggled support for them could be added to the config perhaps.
We have cases where budgets clash and a client may not be able to schedule a retest assessment so we would consider the project complete. However, a few months later they will request a retest. Now we can use the docx we got from the initial reporting and manually update it but it would be great to be able to have a way to reopen a finalized assessment as opposed to creating a new assessment.
Some clients in parts of the worlds have set requirements on data retention, this is a big EU issue. As it stands, not being able to delete a finalized report poses some problems as clients that fall out of that retention window would need to either be manually deleted from the DB or we would have to flush the data out entirely which isn't feasible with ongoing assessments.
This somewhat relates to the thoughts behind my bug fix request 'Finalized assessment locks consultants'. You are unable to assign a consultant to more than one project. I understand why the logic would dictate not doing this but in some cases its required. It would be good to be able to overlap these possibly with a warning message 'this consultant is assigned to x project on this date, are you sure...'.
Please note all these points where gathered over the weekend so I may have missed/overlooked stuff mentioned. If thats the case please direct me :).
Hi,
When I want to add a user after the ldap settings are set, it pulls the user from the ldap but does not register it. Initially, it states that it cannot find the file named db.config in the /opt/faction/ directory. When I create that file manually in Docker, it does not give the error that it cannot find the file, but I cannot add a user either.
Hey thanks for the report generator. I built the latest image and when you type in any of the text boxes, the autosave seems to kick in and the cursor automatically jumps to the beginning of the line whilst typing. Tried on multiple builds, Chrome, Firefox and all the same behavior.
I had a further look and it appears it might be related to SunEditor
Hi
Im unable to deploy the war file directly on tomcat server as it i throwing the error Application at path /faction could not be started ANy suggestions would be greatly appreciated
Hello. I encountered an error while trying to configure SMTP settings. Inputs include SMTP server, port, password and so on. When you type and save, a few TAB spaces are added before and after the text written to the input. I think this is why I couldn't get SMTP and e-mails to work. Does anyone know the solution to this problem?
Edit :
Also i can not select checklist from Checlists tab in Assesment page of project. I created checklists, but the dropdown does not appear in the list.
Also i can not generate report. When i click to generate report button under finalize tab loader waiting for 3-4 second and not showing any error or any information about it.
Originally posted by @codessensei in #31
Hi,
I am testing Version 1.1.25.2, self hosted.
I am trying to configure a report in a way that each vulnerability has its how heading, so far i was able to make it work using the following:
${fiBegin}
1.1 ${vulnname}
Table with vulnerability details using ${severity}, ${category}, ${desc}, etc...
${fiEnd}
It creates the vulnerabilities following the heading (1.1, 1.2, 1.3, etc... ) but i am not able to set the severity colors.
if i add "${vulnTable} ${cells Critical=8064a2,High=c0504d,Medium=e68e00, Low=33D7FF,Recommended=081417,Informational=657376}"" to the top row of my table it does not interpret it.
${fiBegin} and ${vulnTable} ${cells} are not compatible?
Is there a way to define severity color for a specific cell in conjunction with ${fiBegin} / ${fiEnd} ?
Thank you.
Could it possible to add
mvn clean compile war:war
git clone [email protected]:factionsecurity/faction.git
cd faction
mvn clean compile war:war
docker-compose up --build
Thanks
It appears that faction is using MongoDB 5.0+ which requires a CPU with AVX support. I was able to get everything setup not having this support, but after running the docker container you will not be able to get any further as Tomcat will just show a 404 page and you will not be able to reach the webUI. 'MongoDB 5.0+ which requires a CPU with AVX support' should be added as a requirement in the README. Edit: Some hypervisors such as Oracle don't pass the flag, so this issue is probably more prevalent for people who use VMs.
-Mav
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.