Description and why

Pentesters from english-speaking countries are maybe the only ones that doesn't need this feature.

But in other countries you will need to have a findings library in both English and your native language and some countries also have 2, 3 or more official languages.

Very often, in non-english speaking countries, you need to write pentest report in several languages so having a Multilingual vulnerability database is critical for them.

Implementation

It needs a change of the SQL tables.

Instead of having something like

vulns:
  - vuln1:
    title: xxx
    description: xxx
    cvss: xxx
  - vulns2
    title: xxx
    description: xxx
    cvss: xxx

You would have

vulns:
  - vuln1:
    cvss: xxx
    lang:
      - en:
        title: xxx
        description: xxx
      - fr
        title: xxx
        description: xxx
  - vulns2
    cvss: xxx
    lang:
      - en:
        title: xxx
        description: xxx
      - fr
        title: xxx
        description: xxx

Workaround

A common workaround and why it is bad.

A common bad workaround is to add a lang prefix in the title of the vulnerability.

Like [EN] SQL injection and [FR] Injection SQL.

This is terrible for multiple reasons.

When having multiple languages, only field containing text or sentences need to be translated, all other fields like the CVSS vector, CVE, vulnerability ID, etc. don't need to be translated and can be stored only once in the database.

Also when you edit the vuln in one language if they are not linked you often forgot to update the vuln in other other languages too.

It also possible to filter by language.

And for report you can't ask for vuln.fr.description or vuln.en.description depending on your french or english template.

Demo

It's a big long and hard to explain in details.
I invite your to deploy and test PwnDoc (https://github.com/pwndoc/pwndoc) which is the only pentest report platform I know to have a mutli-lang vuln DB. It's easy to deploy with docker-compose so it won't take long to try it.

Hi,

docker-compose up -d failed because I had port 8080 in use by Burp. Can I change the port before running docker-compose?

Cheers,

BC

Add filters to the pagination list similars to the ones shown in the project details page

Allow to add any number of contacts to a client. Contacts to be categorized in General/Technical/Billing

Add option to disable users

Use cases:

• Disable user access temporary (while away, before commencing project, etc...)
• When user data and relations need to be kept and deleting it is not an option

Actual behavior

Vulnerabilities are linked to a project and are either created manually from scratch or imported from tools integration.

Expected behavior

Having a vulnerability database like in PwnDoc (best implementation I saw).

Dradis, Ghostwriter, PwnDoc, WriteHat, etc. many collaborative penetration test reporting platforms have that, sometimes under a different name like issue library etc.

The idea is that you can save generic vulnerabilities since description and recommendation will always be the same or will require very few changes, you link the same resources, have the same title etc. So when you do a new pentest you can import a vulnerability in your audit/project an just have to change very few things and add your observations, details and proof and re-use most of the rest. And so saving a lot of time and not re-writing the same vulns at each new pentest.

Screenshots from PwnDoc

You can browse your vulnerability DB alone

Or add a vuln from your vuln DB into an audit

Feedback

Reconmap seems the most completed project, there is already a large panel of features, it's well maintained, It's own of the rare project using markdown for vulnerabilities description (most are using plaintext or HTML), there is a fair amount of tools integration, a CLI tool, backup capacity, etc. Looks just awesome 🤩

The Vulnerability Database seems the only missing major feature.

Hi! Great tool that me and some folks would love using. We require though that only users that are assigned to projects can see and edit any project related details. The project overview page should be limited to members that have been invited by the creator of the project.

Hello i recently install this tool in a docker, but when i try to login i get this error.

NetworkError when attempting to fetch resource.

Did i need to reinstall the API?

Thanks!

Process
git clone https://github.com/reconmap/reconmap
docker-compose up -d

Error:
Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /Users/Spac3CatL0rd/Downloads/reconmap/data

Fix:
create a directory named "data" (no quotes) inside of the reconmap directory
then docker-compose up -d

Just to add additional information about who performed an action

Is your feature request related to a problem? Please describe.
I am not sure if this is the right place to open the issue. But we are working on a project that has a big scope and we want to add all the hosts as target in reconmap. http://localhost:8080/targets?projectId=2 REST endpoint gives a list of all targets in the project which becomes too large for webbrowser to read and page starts hanging.

Describe the solution you'd like
Add pagination.

Describe alternatives you've considered
Lazy load is another way of doing it but still you will need to have pagination on the api.

Additional context

There is the possibility to add a category to a vulnerability.

When looking in the vulnerability template list it would be nice to be able to filter them by category.

• Category (and other columns) filterable/sortable on /vulnerabilities
• Category (and other columns) filterable/sortable on /vulnerabilities/templates

Having sub-categories allow more flexibility.

Example:

• Web

  • Server-Side Injection
  • Security Misconfiguration
  • Broken Authentication and Session Management
  • etc.

• Infrastructure

  • Vulnerable service
  • Vulnerable protocol
  • Vulnerable host
  • Bad architecture design
  • etc.

• Mobile

  • Android
  • iOS
  • App related
  • API related
  • Storage related
  • etc.

• Hierarchical categories / ability to have sub-categories

Some teams will create custom categories, other will use some OWASP reference for web, some will use CWE, some will use a national ref., some will sue bugcrowd VRT, etc.

Also actually the category list can't be configured.

It would be nice that the admin or super admin could be able to create a custom category list.

• Categories are customizable

When editing Stuff, it occurs, that the Session will timeout without any notification.

From now ddded Content will be lost after hitting the "Save"-Button.

I recommend a Websocket or async Javascript based database-caching of the user-input when the Session ends.

• Pentesting report appendix
• Pentesting contract

Question, is there any way to set up an OIDC or SAML login flow with Reconmap? Or maybe integrate it with https://oauth2-proxy.github.io/oauth2-proxy/?

I poked around the docs and code a bit but I may have missed it.

Content to show:

• Contributors
• Versions
• License (own and dependencies)

At the moment it only contains name and type.
Others thing to be added:

• List of ports/services (with their descriptions)
• Operating system
• Name

Such as :

• Password change
• Login from different location

cbk914 (#38 (comment))

The demo site is not working, there's some way to import the report templates and the vulnerabilities from Github into the Reconmap WUI?

Vulnerability templates should be importable from https://demo.reconmap.org/system/import-data but you need to be connected as admin.

But it's true that report templates are not very configurable.

The documentation https://reconmap.org/user-manual/pentest-report-configuration.html says

Reconmap simplifies by creation of pentest reports with the use of customisable templates. It comes with a pre-defined pentest report template but you can change styles, cover, header and footer, as well as deciding which options to include or exclude from the report.

It's true that the Configuration tab on Report generation let you choose some options and custom headers for example.

But the documentation don't say what is the expected format? HTML? a templating language? LaTeX? only text or markdown is supported?

I was expecting something similar to Pwndoc https://pwndoc.github.io/pwndoc/#/docxtemplate or PCF https://gitlab.com/invuls/pentest-projects/pcf/-/wikis/Reports%20moderation

• The ability to import custom report templates
• Template using fiels so the report is 100% customizable
• The ability to create custom fields in vulnerabilities that can be added in the report

Allow to mark projects, commands and other things as favourites
Present favourites before other items

Hi Santiago,

I have set up reconmap on my localhost using the docker-compose file, created a client, project, tasks and an example vulnerability.
When creating a new report version, I get the CORS error below, and the notification that there might be missing API connectivity. Still, after refreshing the page, the report version is created.

Same happens when trying to download the report:

However, the preview renders just fine.

The only output I get from docker is this

rmap-wss      | server > Frame(fin=True, opcode=9, data=b'T\x85\x8e\xce', rsv1=False, rsv2=False, rsv3=False)
rmap-wss      | server - event = data_received(<10 bytes>)
rmap-wss      | server < Frame(fin=True, opcode=10, data=b'T\x85\x8e\xce', rsv1=False, rsv2=False, rsv3=False)
rmap-wss      | server - received solicited pong: 54858ece
rmap-wss      | server > Frame(fin=True, opcode=9, data=b'\t\xee\x80\xf1', rsv1=False, rsv2=False, rsv3=False)
rmap-wss      | server - event = data_received(<10 bytes>)
rmap-wss      | server < Frame(fin=True, opcode=10, data=b'\t\xee\x80\xf1', rsv1=False, rsv2=False, rsv3=False)
rmap-wss      | server - received solicited pong: 09ee80f1
rmap-wss      | server > Frame(fin=True, opcode=9, data=b'Q\xe2I\xa2', rsv1=False, rsv2=False, rsv3=False)
rmap-wss      | server - event = data_received(<10 bytes>)
rmap-wss      | server < Frame(fin=True, opcode=10, data=b'Q\xe2I\xa2', rsv1=False, rsv2=False, rsv3=False)
rmap-wss      | server - received solicited pong: 51e249a2
rmap-wss      | server > Frame(fin=True, opcode=9, data=b'\xd8\x02-E', rsv1=False, rsv2=False, rsv3=False)
rmap-wss      | server - event = data_received(<10 bytes>)
rmap-wss      | server < Frame(fin=True, opcode=10, data=b'\xd8\x02-E', rsv1=False, rsv2=False, rsv3=False)
rmap-wss      | server - received solicited pong: d8022d45

Any idea what went wrong?