Metasploit Pro has a powerful reporting engine with many standard reports but also great ways to build your own reports. Custom reports can help you if in a couple of different ways:

  • Add your logo and corporate design to reports
  • Change the way reports display the information
  • Translate a reporting template to your local language
  • Create new reports for regional compliance needs

A custom report is a report that you use template to generate. You can generate a custom report with a template that you created or with a Metasploit Pro custom template.

Metasploit Pro provides default JRXML templates that you can use to customize a template. The templates include a default template and a simple template. To build a custom template, you should download a Metasploit Pro template and use the template as a starting point for the custom template.

To customize a report template, you must be familiar with Jasper iReports, JasperReports, XML, Java, and SQL.

JasperReports

JasperReports is an open source Java based reporting engine, or library, that Metasploit Pro uses to generate standard and custom reports. Metasploit Pro builds reports with the JasperReports reporting format, JRXML.

How JasperReports Works

JasperReports operates similarly to a compiler. You create a JRXML file, which defines the instructions that determine where the report places text, puts images, and retrieves data. The Jasper compiler compiles the JRXML file to generate a report. After you have a compiled report, the Jasper engine accesses the data source to pull data for the report. The combination of the data source and a Jasper report enable you to product an actual report in PDF, HTML, RTF, and Word.

For more information on JasperReports, visit http://jasperforge.org/projects/jasperreports.

Jasper iReport

If you want to easily create a custom report template, you can use a GUI based program like Jasper iReport to design the layout and appearance of the template. Jasper iReport is the open source report designer that is available from JasperReports. With Jasper iReport, you can visually design reports without knowledge of the JasperReports library, XML, and Java. The easiest way to create a custom template is to use the simple template that is available in Metasploit Pro as a starting point. The simple template uses Jasper iReport's default template and uses a single SQL query to create a table of host machines and a count of the services and vulnerabilities that are available for each host.

Data Source Parameters

You can use data source parameters to define SQL queries to a database. The SQL queries that you define determine the data that displays in the report. To build a report template, you must include the workspace_id parameter. The workspace_id parameter populates the report with data that is relevant for the current project.

In iReport, when you define the query that the report engine uses to retrieve the database fields, you must pass the workspace_id parameter as part of a WHERE clause in the SQL statement that populates the data source. For example, you can enter SELECT * FROM hosts WHERE workspace_id = $P{workspace_id} to select the discovered hosts for a  specific project.

Downloading the Simple or Default Template

  1. Open a project.
  2. Click the Reports tab. The Reports window appears.
  3. Click on the Download Default Template or Download Simple Template download links below the Saved Reports and Data Exports area.
  4. Save the template to a location on your computer.

Uploading a Custom Template

The custom template must have a JRXML, or Jasper file, extension.

  1. Open a project.
  2. Click the Reports tab. The Reports window appears.
  3. Click Upload Custom Report Collateral.
  4. Browse to the location of the custom report template and select the template. Click Open.
  5. Enter a descriptive name for the template.
  6. Upload the template. The template appears under the Custom Templates and Logos area. You can choose the template when you create a custom report.

Uploading a Logo for Custom Reports

You can upload a logo to a project. The logos that you upload are globally available for you to add to any report that you generate within the project.

  1. Open a project.
  2. Select the Reports tab. The Reports window appears.
  3. Click Custom Report. The New Custom Report window appears.
  4. Click Upload Custom Report Collateral. 96
  5. Click Browse and locate the logo file that you want to upload. Metasploit Pro supports GIF, JPEG, JPG, and PNG files.
  6. Enter a name for the file.
  7. Upload the file. The file appears under the Custom Templates and Logos area.

You can choose the logo file when you create a custom report.

Adding a Logo to a Custom Report

You can add a custom logo to a report. The custom logo that you use replaces the default Rapid7 logo on the cover page and footer of the report.

  1. Open a project.
  2. Select the Reports tab. The Reports window appears.
  3. Click Custom Report. The New Custom Report window appears.
  4. Choose a custom report format. You can choose PDF, Word, RTF, or HTML to generate the report.
  5. Enter a name for the report. You can enter up to 63 characters and use alphanumeric characters, dashes, hyphens, periods, and spaces.
  6. Specify the hosts that you want the report to include and exclude.
  7. Click the Custom report logo dropdown and select the logo that you want to use.
  8. Select the report sections that you want to include in the report.
  9. Choose if you want to include detailed information for each session action.
  10. Choose if you want to include charts and graphs in the report.
  11. Generate the report. All generated reports appear under the Saved Reports and Data Exports area.

Creating a Custom Report

Before you can create a custom report, you must upload a custom template to Metasploit Pro. Additionally, if you want to include a logo in the report, you must upload the GIF, JPEG, JPG, or PNG file for the image.

  1. Open a project.
  2. Select the Reports tab. The Reports window appears.
  3. Click Custom Report. The New Custom Report window appears.
  4. Choose a custom report format. You can choose PDF, Word, RTF, or HTML to generate the report.
  5. Enter a name for the report. You can enter up to 63 characters and use alphanumeric characters, dashes, hyphens, periods, and spaces.
  6. Specify the hosts that you want the report to include and exclude.
  7. Choose the custom report template that you want to use to generate the report.
  8. Select the report sections that you want to include in the report.
  9. Choose if you want to include detailed information for each session action.
  10. Choose if you want to include charts and graphs in the report.
  11. Generate the report. All generated reports appear under the Saved Reports and Data Exports area

If you'd like to try customizing your reports, download Metasploit and start your free trial of Metasploit Pro.