|
|
Wiki is a big TODO |
|
|
\ No newline at end of file |
|
|
This wiki will have more structure in the future.
|
|
|
|
|
|
## Use a custom port
|
|
|
|
|
|
By default all comunication is going over port 8433 and it's highly recommended to keep it that way. However, if neccesary, it can be moved to different port using the following steps.
|
|
|
|
|
|
1. Create `docker-compose.custom.yml`
|
|
|
|
|
|
```yaml
|
|
|
version: '3'
|
|
|
|
|
|
services:
|
|
|
pwndoc-frontend:
|
|
|
build:
|
|
|
context: ./pwndoc/frontend
|
|
|
args:
|
|
|
API_PORT: 443
|
|
|
|
|
|
gateway:
|
|
|
ports:
|
|
|
- "443:443"
|
|
|
# note that docker-compose merges configuration, i.e. the app will be both on the default port 8443 and 443 defined here
|
|
|
|
|
|
```
|
|
|
|
|
|
2. Run docker-compose with two files.
|
|
|
|
|
|
`docker-compose -f docker-compose.yml -f docker-compose.custom.yml up --build -d`
|
|
|
|
|
|
|
|
|
|
|
|
## Valid HTTPS Certificate
|
|
|
|
|
|
1. Obtain a valid HTTPS certificate (Let's Encrypt, Internal CA, ...). You'll need three files:
|
|
|
- `cert.pem` (includes the whole chain if neccesary)
|
|
|
- `key.pem`
|
|
|
- `keys.pass` (contains string password for encrypted key)
|
|
|
2. Create a folder nging/https-keys
|
|
|
3. Create `docker-compose.custom.yml`
|
|
|
|
|
|
```yaml
|
|
|
version: '3'
|
|
|
|
|
|
services:
|
|
|
gateway:
|
|
|
volumes:
|
|
|
- ./nginx/https-keys:/etc/ssl/private:ro # :ro sets the folder as read only
|
|
|
```
|
|
|
|
|
|
4. Run docker-compose with two files.
|
|
|
|
|
|
`docker-compose -f docker-compose.yml -f docker-compose.custom.yml up --build -d`
|
|
|
5. Profit?
|
|
|
|
|
|
If your private key is not encrypted (and you don't want it to be), you can comment out `ssl_password_file /etc/ssl/private/keys.pass;` in `nginx/nginx.conf`.
|
|
|
|
|
|
## Docx templating
|
|
|
|
|
|
PwnDoc documentation has examples of tags and filters, that can be used. Probably the most useful ones are [conditions to filter findings](https://pwndoc.github.io/pwndoc/#/docxtemplate?id=condition]) and [sorting](https://pwndoc.github.io/pwndoc/#/docxtemplate?id=sortarraybyfield).
|
|
|
|
|
|
There is also a [Pull Request](https://github.com/pwndoc/pwndoc/pull/281) that adds many further filters.
|
|
|
|
|
|
|
|
|
## Known problems
|
|
|
|
|
|
### Newlines are being added during report processing
|
|
|
|
|
|
Note: **Fixing this is a priority.**
|
|
|
|
|
|
### Clicking Save on audit deletes list of open ports
|
|
|
|
|
|
Current workaround:
|
|
|
|
|
|
There is a debug action which can re-upload the open ports to the audit.
|
|
|
|
|
|
Potential future solution:
|
|
|
|
|
|
This might be solved by using the pull request with additional filters, using the filter `lines` we could have a custom section that would be more persistent, than the current audit `scope` attribute.
|
|
|
|
|
|
|
|
|
### Audits with Czech characters in title can't be downloaded
|
|
|
|
|
|
There is a [PR](https://github.com/pwndoc/pwndoc/pull/326) that should fix that.
|
|
|
|
|
|
### Only one scan2report processing can run simultaneously
|
|
|
|
|
|
### Defining tables inside PwnDoc UI
|
|
|
|
|
|
This is currently unfeasable to do from inside PwnDoc. Only tables, which can be defined directly in the docx are supported.
|
|
|
|
|
|
This was comunicated to TNS from the very start and now is accepted as a won't do.
|
|
|
|
|
|
It is supposedly on the
|
|
|
[roadmap](https://github.com/pwndoc/pwndoc/issues/75) and referenced from many other issues, but doesn't seem to be priority.
|
|
|
|
|
|
### TLS terminator / Reverse proxy and TLS Client auth
|
|
|
|
|
|
Currently there is no recommendet setting on how to place the app behind (another) reverse proxy and keep the TLS Client auth functionality.
|
|
|
|
|
|
### ignore_pluginoutput is being lost |