Rapid7 Branding Tool

The reports generated by the scanner upon scan completion contain images that brand them as a product of Rapid7. Certain clients have expressed interest in being able to generate reports with their own company’s branding, such as when pen-testers use the tool and then want to deliver reports with their company’s logos and color scheme. The Rapid7BrandingTool.exe was written to assist customers who want branded reports with generating the required images and encoding them into the destination files.

The two files that need to be generated are: BrandedImages.zap and ReportConstants.txt. BrandedImages.zap contains all the static images (that is, not graphs and such that are dynamically generated) with a few key images replaced with the desired branded images.

ReportConstants.txt contains strings that show up in the footer of each report page, the title bar/tab of each page, and the company name in the disclaimer in the compliance reports.

These files need to be placed in the “My Documents\AppSpider” directory in order for the report generator to recognize and use them.

Rapid7BrandingTool.exe can be used to generate these files. The main/single screen walks you through the process of creating the images and the information for the text file, showing you a rough mockup of where they wind up in the report. If you have already created the images, click “Choose Directory” to point the tool to the directory that contains them. If you have created the ReportConstants.txt file already, the tool will sense that and populate the edit boxes on the bottom left with the contents. If you have not created the images already, you can still Choose Directory first or click “Create Images” which will prompt you to choose a directory if you have not already.

Whether you “Create Images” or “Choose Directory” with images already there, the listbox under those buttons will populate with the images, all initially selected. You can select and unselect individual images and then watch the mockup graphic (it takes a second or so) to see where each image shows up in the report pages. Whatever is selected at the time you click “Generate Files” is what will be placed in the BrandedImages.zap file. You can also type into the edits in the lower left and similarly see where that information shows up in the mockup graphic. “Create Images” creates all the image files that replace the standard image files with your branded/logo images. Of course we have no idea what images you want so these initial images are deliberately rudimentary patterns so they are easy to see in the mockup and so you can see what dimensions the images need to be as well as what the filenames are. You can simply edit these images directly or have your graphic artists create others following the same dimensions and copy them over but please note if you do the latter, the images MUST be .png (i.e. not .jpg, .gif, .bmp, etc.) and MUST have the same filenames. The dimensions can vary slightly but it is highly recommended that you retain at least the height of any image whose dimensions you change.

If you or your employees have web development knowledge, you can get more elaborate with the image edits including editing the Report.css style sheet to change alignment, justification, etc. of the images. You might choose to change a larger subset of the images than the standard case. When you are satisfied with all the images and possibly Report.css that you want to replace in this case, place the files (and only the files) into a directory and then point Rapid7BrandingTool.exe at that directory with the “Choose Directory” button.

So now you have created the images, either by using the “Create Images” button to create starting point images or by editing them from scratch. Now you will likely want to edit the text fields so that it does not say “Rapid7” at the bottom of each report page and elsewhere. The first time you use the tool, it is recommended that you type your company name into the edit box next to the “Populate” button and then click the button. This will populate 3 of the 4 edits with sample information predicated on your company name which you can then fine tune if you wish. The one edit that does not get populated is “Title App Name.” This is the name you are using to OEM AppSpider where applicable or it can be, “your company - Pentest results,” for example, or you may simply leave it blank. The text shows up in the title bar or tab in tabbed browsers.

Once you are satisfied with the images and the text fields, click “Generate Files” and the files BrandedImages.zap and ReportConstants.txt will be placed in the directory you selected with “Choose Directory.” Please note that “Generate Files” will incorporate any .css, .png, .policy, and .jar files selected in the listbox into the BrandedImages.zap file and they will therefore show up in the images directory of any report generated once BrandedImages.zap is placed in the “My Documents\AppSpider” directory and that is why it is important not to have any stray files of those types in the directory as they too will show up in the listbox cluttering it and making it confusing. As previously indicated, once you have BrandedImages.zap and ReportConstants.txt, copy them into the “My Documents\AppSpider” directory to have them show up in any reports generated from that point forward.