gen-report - SKILL.md Agent Skill

name: gen-report description: Collect current project penetration test data and generate a final report following the PTES report template. Manually triggered via /pentester:gen-report.

Generate Penetration Test Report

This skill collects all penetration testing data from the current project and generates a structured report following .pentester/REPORT-TEMPLATE.md.

When to Use

Manually invoked by user via /pentester:gen-report
Suggest to user when all testing phases (1-5) are complete for a target
Suggest when user says "generate report", "write report", "output results", etc.

Process

Step 1: Discover Target Data

Scan the project for all target/ directories:

target/${IP}/
├── ports
├── services
├── vulns/
├── solutions.md
└── ...

For each target IP found, collect:

Ports: Read target/${IP}/ports and summarize open TCP/UDP ports.
Services: Read target/${IP}/services and summarize service names, versions, banners.
Vulnerabilities: List all files under target/${IP}/vulns/. For each vulnerability file, extract:
- CVE ID (if any)
- Vulnerability type
- Affected service
- Severity
- Reproduction steps
- Exploitation result
Attack Chain: If exploitation was performed, reconstruct the attack path from the data available.
Credentials / Loot: Collect any captured credentials, hashes, sensitive files discovered.

Step 2: Read the Report Template

Read .pentester/REPORT-TEMPLATE.md for the required report structure. The report must include all sections from the template.

Step 3: Generate the Report

Write the final report to target/${IP}/report.md (one per target). If multiple targets share a common context, also generate a summary covering all targets.

Report structure:

文档信息 — Fill in metadata (project name, date, author, confidentiality).
执行摘要 — Overall risk rating, key findings summary, top 3-5 critical vulnerabilities.
前言 — (if applicable) scope summary.
情报收集 — Open ports, services, OSINT findings.
威胁建模 — Asset classification, attack surface analysis (use STRIDE if applicable).
漏洞分析 — All verified vulnerabilities with CVSS score, reproduction steps, evidence, impact, and remediation.
漏洞利用 — Attack chain narrative, exploitation steps, credentials captured.
后渗透 — Privilege escalation, lateral movement, persistence, data discovered.
风险评级与修复建议 — Prioritized remediation roadmap.

Step 4: Quality Check（模板合规检查）

必须严格按照 .pentester/REPORT-TEMPLATE.md 生成报告，逐段匹配模板结构。 生成后执行以下检查清单，全部通过后方可交付：

4.1 结构完整性检查

文档信息表已填写（项目名称、版本、日期、作者、密级）
修订记录已填写
目录完整（1-9 章全部存在）
每章下的二级/三级标题与模板一致，无遗漏
附录完整（工具清单、名词解释、参考资料）
免责声明存在

4.2 内容填充检查

所有 [填写...]、[XXXX] 占位符已被实际内容替换
[YYYY-MM-DD] 日期占位符已被替换
执行摘要已写（至少 3 段，面向管理层）
风险评级标准已写
战略性安全建议已写（至少 3 条）

4.3 数据一致性检查

CVSS 分数、严重程度、修复时限三者一致（参考第 9.1 节评级标准）
漏洞编号（VULN-001, VULN-002...）在全文引用中前后一致
资产 IP/域名在全文中一致
发现日期在测试周期范围内

4.4 证据与路径检查

截图/附件路径正确，文件存在
PoC 代码块格式正确（bash / http / ```python 等）
影响分析具体到数据级别（多少条记录、什么类型）

4.5 修复建议检查

每个漏洞的修复建议具体可操作，非空泛描述
修复优先级矩阵已填写
修复建议版本号/配置项与实际匹配

4.6 合规与脱敏检查

客户名称/内部域名/敏感数据已脱敏（如需保留引用的）
未包含超出授权边界的测试描述
高风险操作已标注授权确认信息

检查未通过的处置

占位符未替换 → 标记错误位置，补充数据后重新生成
结构缺失 → 补全对应章节
数据不一致 → 追溯原始数据修正
CVSS 自动计算分数 → 用 [自动计算] 标记，提示用户复核

Step 5: Attack Chain Auto-generation

If exploitation data exists, automatically reconstruct attack chains:

Read target/${IP}/access.md and target/${IP}/post-exploit.md
Build a chronological chain: Initial Access → Exploitation → Privilege Escalation → Lateral Movement
Include timestamps, commands used, and access level at each step
Insert the attack chain into section 7 (漏洞利用) of the report

Step 6: CVSS Auto-calculation

For any vulnerability in target/${IP}/vulns/ missing a CVSS score:

Analyze the vulnerability type, attack vector, and impact
Calculate CVSS 3.1 base score using the standard metrics
Insert the score into the vulnerability write-up
Flag auto-calculated scores for user review

Output

target/${IP}/report.md — The complete report for each target.
If multiple targets exist, also generate a target/summary-report.md covering all targets.
Inform the user of the report location and key statistics (total vulns, severity distribution).