search

pwndoc-ng / pwndoc-ng

Pentest Report Generator
https://pwndoc-ng.github.io/pwndoc-ng/#/
MIT License
372 stars 85 forks source link

cross-category sorting #111

Closed diggidong closed 1 year ago

diggidong commented 1 year ago

Hi everyone,

I am trying to sort the vulnerabilities only by the CVSS Score (cross-category).

For example: I have two categories for vulnerabilities, 'General' and 'Web Application'. Sometimes I need both categories in a report, as some vulns can be applied to both, web apps and network. My problem is, if I have for example two vulns of 'Web Application' (high and medium) and one of 'General' (medium), but the medium vuln of the last one is higher rated regarding the CVSS Score as the medium vuln of the 'Web Application', it won't be sorted right in the final report. In PwnDoc: image

Thats how it looks like in the report: image

It seems like PwnDoc sorts the vulns based on the audit type and afterward by the CVSS Score. Is there a way to sort all the vulns only by the CVSS Score?

Zeecka commented 1 year ago

Can you show me the template code you're using according to your report screenshot ? I think you are using the default findings order with {#findings} loop which iterate over categories then CVSS (by default). You can modify your template with the loop {#findings | sortArrayByField: 'cvss.baseMetricScore':-1} that will reorder findings by CVSS first as expected.

diggidong commented 1 year ago

Amasing! You were right, works like a charme. Thanks again!