-
The metalanguage that's used for Microsoft Word was designed to be as simple as possible while still serving enough features that it was possible to create a basic penetration test report. It is a language that is used for creating custom templates in Serpico (as defined in their GitHub repository). To learn more about metalanguage in Serpico, please refer to https://github.com/SerpicoProject/Serpico/wiki/Serpico-Meta-Language-In-Depth.
-
A generic penetration testing report should include the vulnerability name, vulnerability description, affected endpoint, steps of reproduction (proof of concept), business impact, remediation, and references.
-
Guinevere, Prithvi, and many more open source automated reporting tools are publicly available and can be used for easy report generation.
-
Yes. Both Dradis Framework and Serpico are written in Ruby and they're cross-platform supported tools that can be run on Microsoft Windows. The only requirement is that the Ruby packages need to be installed on the Windows system.