Template Values for Findings

How to use template values to format findings

This markup language is under active development and will expand and change. This page will always have the most recent information.

Introducing the Values

Ghostwriter's reporting engine supports various template values you can use in your findings templates to dynamically format text or insert data at reporting time.

A reference pane is included at the top of the page when editing a finding in the library or a report.

The Finding Template Value Reference

Using the Template Values

While editing a finding, the template values can be placed mid-sentence or on new lines. Certain values do have specific requirements for placement, so read on to learn the basics of each.

Ghostwriter will process the values when a report is generated. The values mostly come into play when generating Word document reports (e.g. creating bulleted lists), but some do affect other report types.

To use a value, read its description for usage instructions and place the {{.VALUE}} keyword in your finding template.

The . int {{.VALUE}} is important and easy to leave out or miss.

Current Template Values

The following tables contains the current template values available for use in a finding:

Keyword

Usage

{{.client}}

This keyword will be replaced with the client's short name. The full name will be used if a short name has not been set for the client.

{{.code_block}} & {{.end_code_block}}

Wrap text with these keywords to transform the text into a code block within the finding text (alternative to attaching a text file as evidence). Place the {{.end_code_block}} keyword on a new line.

{{.caption}}

Start a line of text with this keyword to make it a caption. This is intended to follow a code block.

{{.inline_code}} & {{.end_inline_code}}

Wrap text with these keywords to format the text using the template's "Code (inline)" style. This is useful for highlighting code/commands without creating a figure.

{{.bulleted_list}} & {{.end_bulleted_list}}

Wrap text with these keywords to transform the text into a bulleted list. Each new line between the keywords will be a bullet. Place the {{.end_bulleted_list}} keyword on a new line.

{{.numbered_list}} & {{.end_numbered_list}}

Wrap text with these keywords to transform the text into a numbered list. Each new line between the keywords will be a sequentially numbered line. Place the {{.end_numbered_list}} keyword on a new line.

Inserting Evidence

Evidence files can be dynamically placed within a finding using the evidence file's Friendly Name value as a template value.

Example

An evidence file has been attached with the Friendly Name set to Enigma.

An Example Evidence File Named Enigma

The Friendly Name is a more human-friendly name (compared to the file path or a timestamped file name) for referencing the evidence file. When referencing evidence in a template, enclose the Friendly Name in the curly braces, e.g. {{.Enigma}}, on a new line by itself.

Placing the Enigma Evidence in a Finding's Description

There is no need for additional lines between the template value and the preceding or subsequent lines. Adding blank lines will just create blank lines in the report output. Let the formatting handle spacing between elements.

With the evidence template value in place, Ghostwriter will drop-in the evidence file in place of the template value when the report is generated. Additionally, the evidence file's Report Caption will be included below the image as a caption.

If the evidence is an image it will be placed as an image and set to the width of the page. Sizing can be tweaked after the report is generated.

If the evidence is a text document of some kind (e.g. log, txt, md) it will be placed in the document using the Word template's Code Block style. Edit your template to make adjustments to the font and other formatting options.

An Example of Evidence Placement in a Finding

The first time you open your Word report you will see the Figures lack their numbers. This is caused by how Word parses the XML. The Figures are fine, but you will need to tell Word to update them to see the numbering.

Select all text in the report, right-click, and select Update Field. The Figures will now appear properly.