Documentation & Reporting
Table of Contents
- Collaboration Tools
- De/Briefing & Presenting
- Penetration Testing Collaboration
- Video Documentation
* [How I read a research paper](https://muratbuffalo.blogspot.com/2013/07/how-i-read-research-paper.html?m=1)
- Start with the first two links, and go from there. They’re both great resources to writing technical documentation, the first being a beginners guide and the second being a general guide that beginners can understand.
- Other Materials
- Writing a Paper
- Technical Writing
- Ronn builds manuals. It converts simple, human readable textfiles to roff for terminal display, and also to HTML for the web. The source format includes all of Markdown but has a more rigid structure and syntax extensions for features commonly found in manpages (definition lists, link notation, etc.). The ronn-format(7) manual page defines the format in detail.
Public penetration testing reports
- Curated list of public penetration test reports released by several consulting firms and academic security groups
- Penetration tests done by cure53, good examples of how a report should be done.
- Offensive Security 2013 Demo report
- Public penetration testing reports
Writing a Report
- Writing a Penetration Testing Report by SANS
I <3 Reporting -
- Reporting Tips for Penetration Testers
- Penetration Testing Execution Standard section on Reporting
- Tips for Creating an Information Security Assessment Report Cheat Sheet
- HowTo: Write pentest reports the easy way
- The Penetration Testing Report - websecuritywatch
- Excellent blog post breaking down the various parts, a must read
- Writing an Request for Proposal
- Report Examples/Samples
- wordy is not a grammar checker. Nor is it a guide to proper word usage. Rather, wordy is a lightweight tool to assist you in identifying those words and phrases known for their history of misuse, abuse, and overuse, at least according to usage experts.
- A collection of simplified and community-driven man pages.
- CaptureIT can generate GIFs of both the actively selected window or your entire desktop
- Kvasir is a vulnerability / penetration testing data management system designed to help mitigate the issues found when performing team-based assessments. Kvasir does this by homogenizing data sources into a pre-defined structure.
- Dradis is an open source collaboration framework, tailored to InfoSec teams.
- Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
- Lair is a reactive attack collaboration framework and web application built with meteor.
- DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.
- Serpico is a penetration testing report generation and collaboration tool. It was developed to cut down on the amount of time it takes to write a penetration testing report.
- Vulnreport is a platform for managing penetration tests and generating well-formatted, actionable findings reports without the normal overhead that takes up security engineer's time. The platform is built to support automation at every stage of the process and allow customization for whatever other systems you use as part of your pentesting process.
Video Recording/Visual Documentation
Open Broadcaster Software OBS
- Open Broadcaster Software is free and open source software for video recording and live streaming. Cross Platform, Windows/OsX/Linux
- This application will make a screenshot of the desktop. If the desktop consists of multiple monitors, it should still work fine. However it has only been tested with a dual monitor setup. The windows project has the added functionality of sending the screenshot to a server of your choosing.
- Record terminal sessions and have the ability to replay it
- A tiny chrome extension to record and replay your web application proof-of-concepts. Replaying PoCs from bug tracker written steps is a pain most of the time, so just record the poc, distribute and replay it whenever necessary without much hassle.
- kap * An open-source screen recorder built with web technology
- UEFI DXE driver to take screenshots from GOP-compatible graphic console
- ScreenToGif allows you to record a selected area of your screen, edit and save it as a gif or video
- Open Broadcaster Software OBS
- Sample/Template Documents
- Dealing with the press/journalists: