The following screenshot shows the login screen of Serpico:
After you've logged in with your username and password, you will see a dashboard that's similar to the following:
Once we've logged in, we will see various options available such as add user, add template, and so on, as shown in the left-hand side pane of the previous screenshot.
To create a new report, follow these steps:
- Click on the New Report option from the top menu. We will be redirected to the following page:
Here, we can fill in various details, such as Full Company Name, Assessment Type, and so on.
- Clicking on the Save button will take us to the next page, where we can fill in the rest of the details, such as contact email, and so on. All this information will be printed on the final report.
- The next step is to add our template database findings to the tool. We can either choose to Add finding from templates if we want to follow a common findings template such as SQLi and XSS, or we can choose to Create new findings:
- Clicking on a template will download the respective Word document. It should look similar to the following:
- To add a template for a particular bug, we just tick the checkbox and choose the Add button, which is located at the bottom of the page.
As we keep populating the report with bugs, we will see our structure taking form and that the graphs are now making much more sense. We can even add attachments and manage hosts directly from the Metasploit database.
Later, this can be exported as a single report using the Export report feature. Serpico also supports various plugins that can be used to import data from different tools such as Burp Suite and Nessus.