I've been taking alook at different options for creating pentest-type reports, and here's my thoughts on what I have seen and done over the course of my HackTheBox hacking and reporting.
There are SO many different possibilities on how you could go about creating and setting up a variety of tools and options on getting this going, and I'll go over my experiences as I experience them here. Hopefully, I'll be able to sort out an effective process to effectively take notes, and create/generate reports from it.
Dradis
PROS:
- Has a "free" Community Edition, though is limited to the active "Project" only
CONS:
- Full usage requires licensing and costs
- CE version does not allow for effective "templating"
CherryTree
PROS:
- Open source and actually completely free
- Has native installers for Linux, Windows, And MacOS
- Can handle images/screenshots very easily
- Can be cutomized to the nth degree
- Can handle a degree of templating
- Can be used to take notes, and then export all to a PDF
CONS:
- All manual
- Not a dedicated reporting tool per se, but can be 'adapted' to such use
MS Word / Libre/Open Office
After a few attempts to try to sort something out, I found myself wasting more time on trying to sort out the reporting "tool" than I was actually hacking the box. So what I wound up doing was simply creating a template for CherryTree to create/save my notes, and allow for an easy export to PDF for a report.
As things change over the course of time, I will definitely be (trying to anyways) keeping this up to date as things progress.
