Pro Console Reports

A report takes a snapshot of the data in a project at a particular moment in time and compiles the results into a tangible output format. Metasploit Pro offers several reports that help you control the scope of data that you present. Each report focuses on a particular set of data that is stored within a project. For example, you can create a report that details the discovered vulnerabilities or PCI compliance results.

You create reports to document your testing methodology, disclose your findings, and support your findings with real evidence. A report enables you to share this information with an organization so that they can quickly prioritize, reproduce, and remediate their vulnerabilities.

Report Logs

The report log maintains a historical record of all report-related events. Metasploit Pro automatically updates the report log each time you generate a report. If you experience any issues with a report, you can view the report log to find stack trace errors and troubleshoot them.

Viewing the Report Log

You can find and view the report log in the following directory: /path/to/Metasploit/apps/pro/log.

The report log is named reports.log.

Clearing the Report Log

To clear the report log, you will need remove it from the log directory, which is located at /path/to/Metasploit/apps/pro/log. Metasploit Pro will generate a new report log if it detects that one does not exist.

Before you delete the report log, you should make a copy of it in case you need to reference it later.

Working with Reports in Metasploit Pro

Reports are extremely useful for sharing test findings with various people across an organization--especially those who do not have access to Metasploit Pro. They are also useful tools for documenting the methodologies you used and the results of your penetration test.

Most of the time, you will generate a report to create a distributable document that presents both high-level statistics and detailed critical findings. Whether someone wants an at a glance summary or needs the technical details of your penetration test, the report will be able to cater to both ends of the viewer spectrum.

To be able to generate reports other than the Audit report, you will need to use the Metasploit Pro web interface, which provides you with robust and comprehensive reporting capabilities.

From the Metasploit Pro web interface, you can perform the following reporting tasks:

  • Generate standard or custom reports in one or more formats.
  • Download and view reports.
  • Email reports.
  • Delete reports.

To access the web interface, open a web browser and go to https://:3790.

Reports Directory

When Metasploit Pro generates a report, it stores a copy of the file in /path/to/Metasploit/apps/pro/reports/artifacts.

Viewing Reports

You can go to the reports directory to download or view reports; however, you should not make any changes directly to the default reports directory. If you need to modify the reports, you should make a copy of the reports directory and make your changes from the new directory. Any changes that you make directly to the reports can cause disparities between the metadata that displays for the file in the web interface and the file itself. If you need to remove reports from a project, you should do it from within the web interface. Do not delete them directly from the reports directory.

Viewing Reports Generated with 4.8 and Earlier

All reports generated with Metasploit Pro 4.8 and earlier are stored in the /path/to/Metasploit/apps/pro/reports directory. These reports will not be accessible from the web interface.