Skip to content

How to build a Template

We use Jinja2 to create Report Templates. Here are listed the main variables available when creating a Template.

General Variables

These are the variables loaded when creating a report

  • date - the date when the Report was created, as the name of the month and four digits for the year

  • title

  • enterprise

  • summary

  • conclusions

  • recommendations

  • scope

  • objectives

=== "Workspace" * workspace.scope - a list containing the different scopes of the workspace. * workspace - a dictionary with all workspace information. * name * description * id * duration.start_date * duration.end_date * users * update_date * stats.total_vulns * stats.std_vulns * stats.web_vulns * stats.code_vulns * stats.hosts * stats.services * stats.credentials * public * readonly * active * create_date * _id

!!! note "Date Format"
    start_date and end_date are displayed in timestamp format. If you want to change their format, you can use datetimeformat() function and pass the desired format as parameter. E.g.:
```
   workspace.duration.start_date|datetimeformat('%m-%d-%Y')

   workspace.duration.end_date|datetimeformat('%B %Y')
```
    For more information about date format check Python docs.

=== "Host" * hosts_amount - an int containing the amount of hosts in the Workspace * hosts - a dictionary with all the hosts in the Workspace * type * description * default_gateway * ip * owned * tags * name * services * versions * mac * hostnames * vulns * owner * credentials * service_summaries * id * os * metadata

=== "Service" * services_amount - an int containing the amount of services in the Workspace * services - a dictionary with all the services in the Workspace * status * protocol * description * parent * tags * vulns * metadata * owned * summary * port * owner * version * host_id * id * credentials * type * ports * name

=== "Vulnerability" * counter_severity - a dictionary with all the severities and the amount of vulns for each one vulnerability pie charts * vulns_amount - an int containing the amount of vulnerabilities in the Workspace except for vulns with severity unclassified, which are not included * vulns - a dictionary with all the vulnerabilities in the Workspace except for vulns with severity unclassified, which are not included * update_user * parent_type * owned * owner * id * impact * confirmed * severity * service * data * policyviolations * evidence_subdoc * type * refs * metadata * status * issuetracker * description * parent * tags * easeofresolution * hostnames * data * host_os * desc * name * obj_id * target * resolution * severity_numbers * method * params * website * query * path * request * response

Grouped reports will have an additional field:
    _**vulns_grouped_amount**_ - an int containing the total amount of vulnerabilities after grouping

Custom Fields in Executive Report

You can access your Custom Attributes on the docx templates like a dictionary and by the field name: 

vuln.custom_fields["cvss"]

Jinja2 Context

For more technical information, here is the Jinja2 context, where you can find all the DataTypes and structures implemented with Jinja.

Template Examples

Here are some basic templates.

Default Templates

Default Generic/Grouped

Markdown Templates

Markdown_Grouped/Generic