0
0
0
s2sdefault

I've been taking alook at different options for creating pentest-type reports, and here's my thoughts on what I have seen and done over the course of my HackTheBox hacking and reporting.

There are SO many different possibilities on how you could go about creating and setting up a variety of tools and options on getting this going, and I'll go over my experiences as I experience them here. Hopefully, I'll be able to sort out an effective process to effectively take notes, and create/generate reports from it.

 

Dradis

PROS:

  • Has a "free" Community Edition, though is limited to the active "Project" only

CONS:

  • Full usage requires licensing and costs
  • CE version does not allow for effective "templating"

 

 

CherryTree

PROS:

  • Open source and actually completely free
  • Has native installers for Linux, Windows, And MacOS
  • Can handle images/screenshots very easily
  • Can be cutomized to the nth degree
  • Can handle a degree of templating
  • Can be used to take notes, and then export all to a PDF

CONS:

  • All manual
  • Not a dedicated reporting tool per se, but can be 'adapted' to such use

 

MS Word / Libre/Open Office

 

After a few attempts to try to sort something out, I found myself wasting more time on trying to sort out the reporting "tool" than I was actually hacking the box. So what I wound up doing was simply creating a template for CherryTree to create/save my notes, and allow for an easy export to PDF for a report.

As things change over the course of time, I will definitely be (trying to anyways) keeping this up to date as things progress.

 

Add comment


Security code
Refresh

0
0
0
s2sdefault