← Research Hub
Tools & Setup

SysReptor Complete Setup

Docker install, CPTS finding templates, CVSS 3.1 calculator integration, screenshot embedding, and professional PDF export pipeline for penetration test reporting.

Installation

# Requirements: Docker + Docker Compose
sudo apt install docker.io docker-compose-plugin -y

# Clone SysReptor
git clone https://github.com/Syslifters/sysreptor.git
cd sysreptor/deploy

# Configure
cp app.env.example app.env
nano app.env  # Set DJANGO_SECRET_KEY to random 64-char string

# Start
docker compose up -d

# Access at http://localhost:8000
# Default admin: admin / admin (change immediately!)

# Create initial superuser if needed
docker compose exec app python manage.py createsuperuser

CPTS Finding Templates

SysReptor ships with built-in templates. You can also create and import custom finding templates via the GUI or the reptor CLI tool:

# Install the reptor CLI companion
pip install reptor

# Push a finding note from the CLI (reptor note subcommand)
reptor --server http://localhost:8000 --token YOUR_API_TOKEN note

# Upload files (evidence, screenshots) from command line
reptor --server http://localhost:8000 --token YOUR_API_TOKEN upload file.png

# Import custom templates via GUI:
# Admin β†’ Design β†’ Templates β†’ Import (upload a .tar.gz template pack)

# To create a template: Admin β†’ Design β†’ Templates β†’ New Template

Key finding templates to have ready:

  • SQL Injection (CVSS 9.8 pre-filled)
  • SMB Null Session
  • Kerberoastable Service Account
  • AS-REP Roasting
  • DCSync Rights Misconfiguration
  • Pass-the-Hash
  • Weak Password Policy
  • ADCS ESC1/ESC8 template

Reporting Workflow

# 1. Create new pentest project
#    Projects β†’ New β†’ "CPTS Exam" β†’ Set client, scope, dates

# 2. Add findings as you discover them during exam
#    Findings β†’ New Finding β†’ Select template β†’ Fill details

# 3. For each finding, document:
#    - Title, Severity (Critical/High/Medium/Low/Info)
#    - CVSS 3.1 Vector + Score
#    - Affected Host(s)
#    - Description (what/why vulnerable)
#    - PoC Steps (numbered, with screenshots)
#    - Business Impact
#    - Remediation Steps

# 4. Add screenshots inline
#    Paste into finding body β€” auto-uploads to server

# 5. Executive Summary (last)
#    Report β†’ Executive Summary β†’ Add overall assessment

CVSS Integration

SysReptor has a built-in CVSS 3.1 calculator. Click the CVSS field in any finding to open the interactive calculator. Key vectors for common CPTS findings:

Finding TypeTypical CVSSVector
RCE via RFI/LFI9.8 CriticalAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SQLi (auth bypass)9.8 CriticalAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Kerberoasting8.8 HighAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SMB Null Session5.3 MediumAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weak Local Admin7.8 HighAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

PDF Export

# Export from GUI
# Report β†’ Generate PDF β†’ Download

# Via CLI
reptor --server http://localhost:8000 --token TOKEN \
  pdf --project PROJECT_ID --output report.pdf

# Test your PDF template BEFORE exam:
# Check page breaks, headers, code block formatting, screenshot sizing

Exam Tips

  • Set up SysReptor on exam day before starting exploitation β€” don't wait until day 8
  • Take and embed screenshots immediately when exploiting β€” don't rely on terminal history
  • Use the reptor CLI to push notes directly from Kali without switching windows
  • The CPTS exam graders read the report carefully β€” 5 well-documented findings beat 10 sloppy ones
  • Test the PDF export the day before β€” some template CSS breaks on specific Docker versions
// CONTENTS
Installation CPTS Finding Templates Reporting Workflow CVSS Integration PDF Export Exam Tips
← GPO Abuse for Persistence HTB Machines β†’ CPTS Modules β†’ ↩ Back to Hub