KiloClawPowered by OpenClaw
Back to Cookbook
OpenClaw recipe

Pentest Report Builder with Dradis

aka “Dradis Fast Reporting Starter

Import tool output, dedupe, and generate consistent deliverables

Pentest reporting is tedious. Dradis CE centralizes evidence and automates imports from Nmap, Burp, and Nessus. This recipe is a pragmatic quickstart — get a Dradis instance running, import scan artifacts, triage findings, and generate a first-pass report.

House RecipeWork20 min
Try in KiloClawFree 7-day trial

INGREDIENTS

🔍Web

PROMPT

Create a skill called "Dradis Fast Reporting Starter". Inputs I will provide: - Where my engagement files are stored (paths) - Which tools I used and what export formats I have - Required final report format (PDF/Word/HTML) and any client templates Task: 1) Provide a minimal Dradis setup/run plan suitable for local or internal server use. 2) Produce an import checklist per tool (Nmap, Burp, Nessus). 3) Provide a triage workflow: dedupe, normalize titles/severity, and attach evidence. 4) Provide a report skeleton outline so the imports map cleanly into deliverables.

What this fixes

Common symptoms:

  • Findings and evidence scattered across files and tools
  • Manual copy/paste into Word templates causes errors and inconsistency
  • Teams need a repeatable report structure and a reusable findings library

Prerequisites

  • A machine to host Dradis (local VM or dedicated internal server)
  • Engagement artifacts in importable formats (Nmap XML, Burp XML, Nessus, etc.)
  • Approved storage location for engagement data

Steps and commands

  1. Install/run Dradis Community Edition:
  • Decide where data will persist (volume or local directory).
  • Ensure you can access the web UI from your workstation.
  1. Create a project per engagement:
  • Set scope, methodology, and engagement metadata first.
  1. Import tool output:
  • Import Nmap XML and confirm hosts/services populate.
  • Import Burp findings/evidence if applicable.
  • De-duplicate overlapping findings during triage.
  1. Triage and normalize:
  • Standardize finding titles and severity ratings.
  • Attach evidence screenshots/outputs to each finding.
  • Remove informational noise that doesn't belong in the report.
  1. Generate a first-pass report:
  • Produce an executive summary shell + findings list.
  • Export to the required format (PDF/Word/HTML) if configured.

Expected outputs

  • A centralized project containing hosts, findings, and evidence
  • An initial report draft that can be refined by an analyst
  • A reusable findings library for future engagements

Common errors and troubleshooting

  • Imports succeed but data looks incomplete
  • Verify you exported the correct formats (Nmap XML, not grepable).
  • Spot-check with a small sample file first.
  • Report template mismatch
  • Start with a minimal template; add custom formatting after data imports stabilize.
  • Duplicate findings across tools
  • Triage after all imports are complete; merge overlapping entries before export.

References

  • https://github.com/dradis/dradis-ce
  • https://discuss.dradis.com/
  • https://www.reddit.com/r/AskNetsec/comments/dhxb80/pentest_reporting_framework_comparison_serpico_vs/

Example inputs

  • Nmap: nmap.xml
  • Burp: burp.xml
  • Nessus: nessus.nessus
Tags:#pentesting#reporting#dradis#collaboration#workflow

Related Recipes

Engagement Logbook and Evidence Index

Write-as-you-go notes so reporting doesn't become the project

Reporting and evidence management is the most painful part of pentesting. This recipe creates a lightweight logbook workflow — record commands, capture evidence with consistent filenames, and generate a report-ready index as you go. Tool-agnostic, works with any reporting format.

Work8 min

AWS Cloud Audit with Prowler (Auth + AccessDenied Triage)

Stop permissions and credential errors from killing cloud assessments

Prowler scans fail or produce noisy logs because of missing read-only permissions, expired session tokens, or credentials not mounted into containers. This recipe standardizes authentication, documents required policies, and provides a repeatable triage flow for AccessDenied and InvalidClientTokenId.

Work15 min

CLAWBITE AI

Local-first AI assistant that automates small daily tasks safely on your device

A personal, local-first AI assistant that automates small daily tasks—organizing files, setting reminders, and monitoring system events—without touching sensitive data or taking risky actions without your approval.

Personal5 min

Branding Make Machine

Great, personalized and innovative brands for sure

A workflow to create a brand for your product or client using Gemini and OpenAI to generate images, with KiloClaw managing the prompts, analyzing results, and iterating until every brand element comes together.

Creative15 min