Skip to content


The report is generated on the client side through the docxtemplater library, the principle is simple, we pass him an object in the form of key/value.

All data is returned through the API so you can make a request on the url http://localhost:8000/api/missions/<ID> using your token. Everything happens at the level of this code block

For information this token can be retrieved through a get request on the entry point authentication_token and uses the settings username and password :

curl --request POST \
  --url http://localhost:8000/authentication_token \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "jenaye",
    "password": "jenaye"



Where can I put my docx template ?

You can move your template to the clients/src/assets/ folder and rename it Smersh.docx.

It is also possible to give it another name, however you will have to change the following line, then rebuild the container by typing docker-compose up --build --force-recreate --remove-orphans client

Which variables are used ?

Here is the list of all the variables that will be used to generate the report

startDate Start date of the mission
CLIENT_NAME Name of the customer
creds Bitwarden credentials identifiers
classification Type of report
phone Phone number number
version Report version number
authors List of pentesters assigned on the mission missioL
state The status of the report
scope All the domain names and associated vulnerability as well as their criticality.

For example, if you want to use the key to inside the report, change its value in the data object and then add this to the desired location {to}.