Skip to main content

Overview

PentAGI’s Reporter Agent automatically generates comprehensive security reports documenting all findings, vulnerabilities, and exploitation steps. Reports include detailed technical information, proof-of-concept examples, and remediation guidance.

Automated Generation

AI-powered report creation from test results

Comprehensive Details

Complete vulnerability documentation with PoCs

Multiple Formats

Markdown, JSON, and structured outputs

Historical Tracking

Access past reports and track progress

Report Generation

Reporter Agent

The Reporter Agent is a specialized agent focused on creating professional security reports: 
ReporterExecutor:
  - report_result: Submit final vulnerability report
Purpose: Generate comprehensive security reports with:
  • Executive summary
  • Detailed vulnerability findings
  • Step-by-step exploitation procedures
  • Remediation recommendations
  • Supporting evidence and screenshots

Report Tool Schema

interface TaskResult {
  message: string;        // Report summary message
  status: string;         // Test status (success/failure/partial)
  description: string;    // Full detailed report content
}

Automatic Report Triggers

Reports are generated:
  1. When a task is completed
  2. When vulnerabilities are discovered
  3. When user requests a report
  4. At scheduled intervals (configurable)

Report Structure

Report Components

A comprehensive PentAGI report includes:
Overview of findings for management
  • Test objectives and scope
  • Overall risk assessment
  • Number of vulnerabilities by severity
  • Key recommendations
  • Timeline of testing activities
Example:
## Executive Summary

This penetration test was conducted against target.com 
from January 15-20, 2026. The assessment identified:

- **Critical**: 2 vulnerabilities
- **High**: 5 vulnerabilities
- **Medium**: 8 vulnerabilities
- **Low**: 3 vulnerabilities

Immediate action is required to address the critical 
SQL injection vulnerability allowing database access.
Technical documentation for each findingFor each vulnerability:
  • Title: Clear, descriptive name
  • Severity: Critical/High/Medium/Low/Info
  • CVSS Score: Common Vulnerability Scoring System rating
  • CWE: Common Weakness Enumeration classification
  • Description: Detailed explanation of the vulnerability
  • Impact: Potential consequences of exploitation
  • Affected Components: Systems, URLs, parameters
  • Proof of Concept: Working exploit demonstration
  • Steps to Reproduce: Detailed reproduction instructions
  • Remediation: Specific fix recommendations
  • References: Links to CVEs, advisories, documentation
Example:
### SQL Injection in Login Form

**Severity**: Critical (CVSS 9.8)
**CWE**: CWE-89: Improper Neutralization of Special Elements

**Description**:
The login form at /login accepts SQL injection in the 
username parameter, allowing complete database access.

**Impact**:
- Full database disclosure
- User account compromise
- Administrative access
- Potential server compromise

**Affected URL**: 
https://target.com/login

**Proof of Concept**:
```bash
sqlmap -u "https://target.com/login" \
  --data="username=admin&password=test" \
  -p username --dump
Steps to Reproduce:
  1. Navigate to https://target.com/login
  2. Enter username: admin' OR '1'='1' --
  3. Enter any password
  4. Observe successful authentication bypass
Remediation:
  • Use parameterized queries/prepared statements
  • Implement input validation and sanitization
  • Apply least privilege database permissions
  • Add web application firewall rules
</Accordion>

<Accordion title="Exploitation Procedures" icon="terminal">
**Step-by-step attack chain documentation**

- Initial access methods
- Privilege escalation steps
- Lateral movement techniques
- Data exfiltration procedures
- Command sequences executed
- Tool configurations used

**Example**:
```markdown
## Exploitation Chain

### Phase 1: Initial Access
1. Identified SQL injection in login form
2. Used sqlmap to extract database credentials
3. Found database contains SSH keys

### Phase 2: Privilege Escalation
1. SSH access with extracted key
2. Found misconfigured sudo permissions
3. Escalated to root using sudo exploit

### Phase 3: Post-Exploitation
1. Extracted sensitive data from /var/www/private/
2. Installed persistence mechanism
3. Documented all accessed systems
Visual proof of vulnerabilities
  • Screenshots of successful exploits
  • Network traffic captures
  • Tool output logs
  • Configuration files
  • Database dumps (sanitized)
Types of Evidence:
  • Browser screenshots from browser tool
  • Terminal output from security tools
  • Network diagrams
  • Data flow diagrams
  • Timeline visualizations
Prioritized remediation guidance
  • Immediate Actions (Critical/High)
  • Short-term Fixes (Medium)
  • Long-term Improvements (Low/Info)
  • Security Best Practices
  • Compliance Considerations
Example:
## Recommendations

### Immediate (1-7 days)
1. Patch SQL injection in login form
2. Disable exposed administrative interfaces
3. Reset all compromised credentials

### Short-term (1-4 weeks)
1. Implement web application firewall
2. Deploy input validation framework
3. Conduct security code review

### Long-term (1-3 months)
1. Establish secure development lifecycle
2. Implement continuous security testing
3. Provide security training for developers
Supplementary information
  • Full tool outputs
  • Raw scan data
  • Technical references
  • Methodology documentation
  • Testing scope and limitations
  • Glossary of terms

Report Generation Process

Data Collection Flow

Reporter Prompt System

The Reporter Agent uses specialized prompts: 
type PromptType string

const (
    PromptTypeReporter     PromptType = "reporter"      // System prompt
    PromptTypeTaskReporter PromptType = "task_reporter" // User task prompt
)
System Prompt (reporter):
  • Defines report structure and format
  • Sets tone and style guidelines
  • Specifies required sections
  • Includes compliance requirements
Task Prompt (task_reporter):
  • Specific report request details
  • Scope and objectives
  • Target information
  • Custom requirements

Report Message Types

type MsglogType string

const (
    MsglogTypeReport   MsglogType = "report"   // Report generation logs
)

Export Formats

Markdown Format

Default human-readable format: 
# Penetration Test Report
## Target: target.com
## Date: January 20, 2026

### Executive Summary
...

### Findings
#### 1. SQL Injection (Critical)
...

### Recommendations
...
Advantages:
  • Easy to read and edit
  • Version control friendly
  • Can be converted to PDF/HTML
  • Supports code blocks and formatting

JSON Format

Structured data format for automation: 
{
  "report": {
    "metadata": {
      "target": "target.com",
      "date": "2026-01-20",
      "tester": "PentAGI",
      "task_id": 123,
      "flow_id": 456
    },
    "summary": {
      "critical": 2,
      "high": 5,
      "medium": 8,
      "low": 3,
      "info": 1
    },
    "findings": [
      {
        "id": 1,
        "title": "SQL Injection in Login Form",
        "severity": "critical",
        "cvss": 9.8,
        "cwe": "CWE-89",
        "description": "...",
        "impact": "...",
        "affected_url": "https://target.com/login",
        "poc": "...",
        "remediation": "...",
        "references": ["..."],
        "evidence": {
          "screenshots": [1, 2],
          "logs": ["terminal-123.log"]
        }
      }
    ],
    "recommendations": [...],
    "appendices": [...]
  }
}
Advantages:
  • Machine-parsable
  • Easy integration with other tools
  • Supports complex data structures
  • Can be queried and filtered

Database Storage

Reports are stored in PostgreSQL: 
-- Report metadata
CREATE TABLE reports (
    id BIGSERIAL PRIMARY KEY,
    task_id BIGINT REFERENCES tasks(id),
    flow_id BIGINT REFERENCES flows(id),
    status VARCHAR(50),
    summary TEXT,
    content TEXT,
    format VARCHAR(20),
    created_at TIMESTAMPTZ DEFAULT NOW(),
    updated_at TIMESTAMPTZ DEFAULT NOW()
);

-- Report findings
CREATE TABLE findings (
    id BIGSERIAL PRIMARY KEY,
    report_id BIGINT REFERENCES reports(id),
    severity VARCHAR(20),
    title TEXT,
    description TEXT,
    cvss_score DECIMAL(3,1),
    cwe VARCHAR(20),
    affected_component TEXT,
    remediation TEXT
);

Historical Reports

Accessing Past Reports

Retrieve historical reports through:
  1. Web Interface:
    • Navigate to Reports section
    • Filter by task, date, or severity
    • View or download reports
  2. GraphQL API: 
    query GetReports($flowId: Int64!) {
  reports(flowId: $flowId) {
    id
    taskId
    status
    summary
    content
    createdAt
    findings {
      severity
      title
      cvssScore
    }
  }
}
  3. Memory Search: 
    {
  "name": "search_in_memory",
  "args": {
    "query": "SQL injection vulnerabilities found in previous tests",
    "filters": {
      "doc_type": "report",
      "task_id": 123
    }
  }
}

Report Analytics

Track report generation metrics: 
// Reporter agent duration
reporterDuration := getMsgchainDuration(
    msgchains, 
    database.MsgchainTypeReporter, 
    task.ID, 
    nil
)
Available Metrics:
  • Report generation time
  • Number of findings per report
  • Severity distribution
  • Most common vulnerabilities
  • Remediation tracking

Screenshot Integration

Browser Screenshots

Automatically captured during testing: 
type ScreenshotProvider interface {
    PutScreenshot(
        ctx context.Context, 
        name, url string, 
        taskID, subtaskID *int64
    ) (int64, error)
}

Screenshot Storage

Screenshots are stored with metadata: 
// Store screenshot
screenshotID, err := scp.PutScreenshot(
    ctx,
    "login-bypass",
    "https://target.com/login",
    &taskID,
    &subtaskID,
)
Screenshot Metadata:
  • Name/description
  • Source URL
  • Task and subtask IDs
  • Timestamp
  • File path in storage

Including Screenshots in Reports

Reporter Agent automatically references screenshots: 
**Evidence**:
![Login Bypass](screenshot://login-bypass)

*Figure 1: Successful SQL injection authentication bypass*

Report Customization

Custom Report Templates

Modify reporter prompts to customize output: 
# Update reporter system prompt
UPDATE prompts 
SET content = 'Your custom reporter instructions...'
WHERE type = 'reporter';

# Update task reporter prompt
UPDATE prompts 
SET content = 'Your custom task template...'
WHERE type = 'task_reporter';

Report Sections Configuration

Configure which sections to include: 
interface ReportConfig {
  includeSummary: boolean;       // Executive summary
  includeFindings: boolean;      // Vulnerability details
  includeEvidence: boolean;      // Screenshots and logs
  includePOCs: boolean;          // Proof-of-concept code
  includeRemediation: boolean;   // Fix recommendations
  includeAppendices: boolean;    // Raw data and logs
  severityThreshold: string;     // Minimum severity to include
}

Best Practices

  • Provide clear, actionable recommendations
  • Include working proof-of-concept code
  • Use screenshots to illustrate findings
  • Rate vulnerabilities accurately (CVSS)
  • Include references to CVEs and advisories
  • Capture screenshots at key exploitation steps
  • Save tool outputs as evidence
  • Document all commands executed
  • Store configuration files referenced
  • Keep network traffic captures when relevant
  • Provide specific, implementable fixes
  • Prioritize by severity and business impact
  • Include code examples for fixes
  • Reference security best practices
  • Consider compliance requirements
  • Structure reports consistently
  • Use clear section headings
  • Include table of contents
  • Add executive summary for management
  • Separate technical details in appendices

Integration with Monitoring

Reports are tracked in observability systems: 
type MsgchainType string

const (
    MsgchainTypeReporter MsgchainType = "reporter"
)
Tracked Metrics:
  • Report generation requests
  • Generation time and duration
  • Report size and complexity
  • LLM tokens used
  • User interactions with reports

Autonomous Testing

Learn how AI agents discover vulnerabilities

Security Tools

Explore available pentesting tools

Monitoring

Track report generation metrics

API Reference

GraphQL API for report access

Build docs developers (and LLMs) love

Get started for freeTalk to us