PentestPad

Placeholders are used to insert dynamic content into the report. They are used to insert the client's name, the date of the report, the name of the tester, and other dynamic content.

[Object] vulnerabilities - Collection of vulnerabilities

- title - Title of the vulnerability
- impact - This can be Informational, Low, Medium, High or Critical
- probability - This can be Informational, Low, Medium, High or Critical
- cvss - Full CVSSv3.1 vector string
- cvss_score - Integer, calculated CVSSv3.1 Score
- status - Draft / Done
- description - Description of the vulnerability in HTML format
- poc - Proof of Concept of the vulnerability in HTML format
- risks - Risks of the vulnerability in HTML format
- remediation - Remediation of the vulnerability in HTML format
- http_request - HTTP Request from vulnerability description
- http_response - HTTP Response from vulnerability description
- created_at - Timestamp
- updated_at - Timestamp
- remediation_stage 
- [Object] affected_hosts
  - endpoint
  - ip_address
  - created_at
- [Object] extra_fields (Any additional field that you create in the settings)
  - extra_fields['Additional Field Name']

[Object] report - Current report properties

- version
- executive_summary
- title
- created_at

- name
- description
- type
- [Object] manager
  - name
- start_at
- end_at
- status
- scope_type (Internal/External)
- priority

- company_name
- website
- contact_person_name
- contact_phone
- contact_email
- created_at
- address
- city
- country
- contact_person_position
- industry

[Object] targets - Scope for the current project

- [Object] vulnerabilities - Collection of vulnerabilities
  - title - Title of the vulnerability
  - impact - This can be Informational, Low, Medium, High or Critical
  - probability - This can be Informational, Low, Medium, High or Critical
  - cvss - Full CVSSv3.1 vector string
  - cvss_score - Integer, calculated CVSSv3.1 Score
  - status - Draft / Done
  - description - Description of the vulnerability in HTML format
  - poc - Proof of Concept of the vulnerability in HTML format
  - risks - Risks of the vulnerability in HTML format
  - remediation - Remediation of the vulnerability in HTML format
  - http_request - HTTP Request from vulnerability description
  - http_response - HTTP Response from vulnerability description
  - created_at - Timestamp
  - updated_at - Timestamp
  - remediation_stage 
  - [Object] affected_hosts
    - endpoint
    - ip_address
    - created_at
  - [Object] extra_fields (Any additional field that you create in the settings)
    - extra_fields['Additional Field Name']
- [Object] report - Current report properties
  - version
  - executive_summary
  - title
  - created_at
- [Object] project
  - name
  - description
  - type
  - [Object] manager
    - name
  - start_at
  - end_at
  - status
  - scope_type (Internal/External)
  - priority
- [Object] client
  - company_name
  - website
  - contact_person_name
  - contact_phone
  - contact_email
  - created_at
  - address
  - city
  - country
  - contact_person_position
  - industry
- [Object] targets - Scope for the current project
  - endpoint
  - note
  - hostname