duriandurino/pentest-slides

Pentest Slides Formatter

Transform pentest reports into concise, professional Google Slides presentations that reflect the current reporting contract: executive risk, attack paths, evidence-backed findings, remediation roadmap, and retest/cleanup readiness.

Quick Start

1. Read the pentest report markdown
2. Extract key information using the extraction rules below
3. Generate slides-ready markdown using the template
4. Create Google Slides: gog slides create-from-markdown "Title" --content-file slides.md --account <email>

Slide Template (Fixed 10-Slide Format)

Every pentest presentation MUST follow this exact structure:

# SLIDE 1: Title Slide
---
# [Engagement Name]
## Penetration Test Report
**Target:** [Primary Target]
**Date:** [YYYY-MM-DD]
**Overall Risk:** [CRITICAL | HIGH | MEDIUM | LOW]
**Status:** [Draft | Final]

---

# SLIDE 2: Executive Summary
---
## Executive Summary
- [Top risk theme 1]
- [Top risk theme 2]
- [Top risk theme 3]
- **Bottom Line:** [One sentence on business impact or compromise outcome]

---

# SLIDE 3: Scope, ROE & Methodology
---
## Scope, ROE & Methodology
**Target:** [What was tested]
**Access Level:** [Local/Remote/Physical]
**Authorization:** [Reference or status]
**Limitations:** [Key blocker or constraint]

**Phases:**
- ✅ Recon / Discovery — [brief result]
- ✅ Enumeration — [brief result]
- ✅ Validation / Analysis — [brief result]
- ✅ Exploitation / Post-Exploitation — [brief result or not authorized]

---

# SLIDE 4: Attack Path / Engagement Story
---
## Attack Path / Engagement Story
| Step | Action | Result | Evidence |
|------|--------|--------|----------|
| 1 | [Entry action] | [Result] | [EVI-XXX] |
| 2 | [Next action] | [Result] | [EVI-XXX] |
| 3 | [Next action] | [Result] | [EVI-XXX] |
| 4 | **Impact Achieved** | [Access or business impact] | [EVI-XXX] |

---

# SLIDE 5: Findings Summary
---
## Findings Summary
| # | Finding | Severity | Status | Asset |
|---|---------|----------|--------|-------|
| V-0XX | [Name] | 🔴 CRITICAL | validated | [asset] |
| V-0XX | [Name] | 🟠 HIGH | validated | [asset] |
| V-0XX | [Name] | 🟡 MEDIUM | suspected/validated | [asset] |
| ... | ... | ... | ... | ... |

---

# SLIDES 6-8: Detailed Findings (one per slide)
---
## [V-0XX: Finding Name]
### [🔴 CRITICAL / 🟠 HIGH / 🟡 MEDIUM] — [validated / exploited / retested]

**What:** [2-3 sentence description]

**Impact:** [What an attacker can achieve]

**Evidence:** [Key evidence ID(s) or proof reference]

**Fix:**
- [Specific remediation step 1]
- [Specific remediation step 2]

---

# SLIDE 9: Remediation & Retest Roadmap
---
## Remediation & Retest Roadmap
**🔴 Immediate (0-24 hours):**
- [Action 1]
- [Action 2]

**🟠 Short-term (1-7 days):**
- [Action 1]

**🟡 Medium-term (1-4 weeks):**
- [Action 1]

**Retest Success Looks Like:**
- [Verification condition]

---

# SLIDE 10: Cleanup, Residual Risk & Next Steps
---
## Cleanup, Residual Risk & Next Steps
**Cleanup Status:** [Removed / none introduced / pending]
**Residual Risk:** [One line]

**Next Steps:**
- [Action 1]
- [Action 2]
- [Action 3]

---

Extraction Rules

From REPORT_FINAL.md

| Slide Section | Source Location | Extraction Rule | |---------------|-----------------|-----------------| | Title | cover / front matter | Engagement name, target, date, overall risk, status | | Executive Summary | executive summary | Top 3-4 risk themes + bottom line | | Scope / ROE / Methodology | scope, ROE, methodology, limitations | Target, access level, authorization state, key constraints | | Attack Path | attack paths / engagement story / timeline | Best single path or timeline with evidence IDs | | Findings Summary | findings summary table / findings register | All material findings with severity, status, asset | | Detailed Findings | detailed findings | Top 3-5 findings, one per slide, include evidence and fix | | Remediation & Retest | remediation roadmap / retest guidance | Immediate and short-term actions + verification condition | | Cleanup / Conclusion | cleanup/restoration + conclusion | Cleanup state, residual risk, next steps |

Formatting Rules

1. Maximum 10 slides — never exceed
2. One finding per slide — max 3-5 detailed finding slides
3. Severity emoji badges — 🔴 CRITICAL, 🟠 HIGH, 🟡 MEDIUM, 🟢 LOW
4. Show status explicitly — suspected, validated, exploited, retested when known
5. Bullet points ≤6 per slide — forced brevity
6. Tables over paragraphs — always use table format for comparisons
7. Evidence-backed claims only — no unsupported impact statements
8. Bold key terms — emphasize actionable items

Output Format

The output markdown must use --- as slide separators and start each slide with # header.

Slide Header Pattern

# Slide Title Here
---
Content here
---

Table Pattern (for findings, timeline)

## Section Title
| Column 1 | Column 2 | Column 3 |
|----------|----------|----------|
| Data | Data | Data |

Severity Badge Pattern

**CRITICAL** 🔴 — CVSS 9.1
**HIGH** 🟠 — CVSS 7.5
**MEDIUM** 🟡 — CVSS 5.3
**LOW** 🟢 — CVSS 3.1

Workflow

1. READ report.md (full pentest report)
2. EXTRACT key data per extraction rules
3. GENERATE slides.md following template strictly
4. VALIDATE:
   - Exactly 8-10 slides
   - All findings in summary table
   - Attack path or engagement story included when available
   - Remediation prioritized
   - Retest or verification condition included
   - Cleanup or residual risk called out
   - Slide separators correct
5. CREATE: gog slides create-from-markdown "Title" --content-file slides.md --account <email>
6. RETURN slides URL

Template Validation Checklist

Before outputting, verify:

• [ ] Slide count: 8-10 (never exceed 10)
• [ ] Title slide has target, date, risk badge, and status
• [ ] Executive summary ≤4 bullet points
• [ ] Scope slide captures authorization and limitations
• [ ] Attack path is a timeline/story table with evidence references when available
• [ ] Findings summary table includes all material findings
• [ ] Each detailed finding has: description, impact, evidence, fix, and status
• [ ] Remediation is prioritized (Immediate → Long-term)
• [ ] Retest condition is present
• [ ] Cleanup/residual risk is present
• [ ] All --- separators are present
• [ ] Severity badges use correct emoji

Example Reference

See references/example-vault-report.md for a complete example of a report converted to slides format.

Integration with Report Agent

When invoked by the Report Agent (specter-report), the workflow is:

1. Report Agent generates REPORT_FINAL.md
2. Report Agent invokes pentest-slides to format slides
3. pentest-slides outputs slides-ready markdown
4. Report Agent calls gog slides create-from-markdown
5. Report Agent returns both report and slides URLs