Reporting Templates Admin

URL: https://pentest.ws/reporting-admin

Once that you have collected your set of Findings for the client, you need to build a client deliverable document with these details. The Reporting Module processes user-uploaded Word files with embedded {{tags}} to generate fully customized reporting documents with a single click.

Report Templates Admin

Report Templates Admin
56KB
PTWS_Report_Template_2025_May.docx
63KB
PTWS_Report_Template_Grouped_Sept_2025.docx

Start by downloading a report template and begin customizing your company name, logo and other needed details.

Upload your Report Template using the Report Templates Admin screen. From here, the template will be available for use in the Engagement's Reports tab. See Generating Deliverable for more details.

Template Syntax

The template syntax includes For loops, If statements, and Variables and HTML content from your Findings entries including embedded images like screenshots for evidence. Using the Client Manager you can add tags such as {{= client.name}} and {{= client.shortName}}, its just one less thing you need to fill out in the final report. Once the Reporting Module is finished processing, your browser downloads the new DOCX file where you can further customize the report as needed.

Fields List

For a full list of fields available in your report templates, visit:

https://gist.github.com/PenTestWS/c5d378e789e06e81a142495ea3823a52

Text Variables

{{= engagement.name}}

Simple text variables are referenced using the {{= variable}} format. You can also insert statements such as {{= client.city + ", " + client.state + " " + client.zip}}

Notice that with simple text variables, the dollar sign $ is not required to reference the variable, but other syntax statements requires the dollar sign $.

Rich Text / HTML

{{HTML $finding.descFull}}

Fields in the PenTest.WS user interface that use the rich text editor require the HTML format {{HTML $variable}} to reference the variable in the reporting template.

The HTML format is also capable of rending images you have inserted into the associated field.

IF Statements

{{IF $finding.evidence != ""}}
    
    Evidence:
    {{HTML $finding.evidence}}
    
{{END-IF}}

Conditional statements are supported through the {{IF $variable = "value"}} syntax. To end the if statement use {{END-IF}}.

FOR Loops

{{FOR finding IN findings}}
    Title: {{= finding.title}}
    Risk:  {{= finding.riskLevel}}
{{END-FOR finding}}

For loops allow you to step through arrays such as Hosts and Findings and follow the classic For Loop programming language structure {{FOR x IN array}} and end with the {{END-FOR x}} statement.

Working with Grouped Findings

When using Findings Groups in engagements, your reporting templates can be updated to display findings organized by group. This allows your exported reports to mirror the same structure you set inside PenTest.WS (e.g., grouping findings into External, Internal, or Social Engineering).

To enable this, use the findingsGrouped collection in your Word template. The general structure looks like this:

{{FOR group IN findingsGrouped}}

{{= $group.groupName}} Detailed Findings

    {{FOR finding IN $group.findings}}

    {{= $finding.findingId}} - {{= $finding.title}}
    {{= $finding.riskLevel}}
    {{= $finding.descFull}}
    {{= $finding.impactFull}}
    {{= $finding.recoFull}}

    {{END-FOR finding}}

{{END-FOR group}}

Explanation

  • findingsGrouped – The collection of all groups defined in the engagement.

  • $group.groupName – The display name of the group (e.g., External).

  • $group.findings – The list of findings inside that group.

  • $finding – A single finding object, which exposes all the same fields available when working with ungrouped findings (e.g., findingId, title, riskLevel, descFull, impactFull, recoFull).

If no groups are created in the engagement, the findingsGrouped collection will be empty and you can continue to use the standard findings collection as before.

Example Output

External Detailed Findings

101 - Outdated Apache HTTP Server
102 - Weak TLS Configuration

Internal Detailed Findings

201 - Excessive SMB Share Permissions
202 - Hardcoded Credentials in Scripts

This structure ensures grouped findings appear neatly in your final reports, giving clients context for how issues relate to one another.

Sample Report Template - Non-Grouped Findings

57KB
PTWS_Report_Template_2025_May.docx

Sample Report Template - Grouped Findings

63KB
PTWS_Report_Template_Grouped_Sept_2025.docx

Tier Availability

Reporting Templates are available on Hobby Tier and Pro Tier.

PreviousClients ManagerNextReporting Briefs Admin

Last updated