Documentation & Reporting

Table of Contents


Start Here

* [How I read a research paper](https://muratbuffalo.blogspot.com/2013/07/how-i-read-research-paper.html?m=1)

De/Briefing & Presenting


Penetration Testing Collaboration

  • Collaboration Tools
    • Kvasir
      • Kvasir is a vulnerability / penetration testing data management system designed to help mitigate the issues found when performing team-based assessments. Kvasir does this by homogenizing data sources into a pre-defined structure.
    • Dradis
      • Dradis is an open source collaboration framework, tailored to InfoSec teams.
    • Faraday
      • Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
    • Lair
      • Lair is a reactive attack collaboration framework and web application built with meteor.
  • Documenation Tools
    • DART
      • DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.
    • Serpico
      • Serpico is a penetration testing report generation and collaboration tool. It was developed to cut down on the amount of time it takes to write a penetration testing report.
    • Vulnreport
      • Vulnreport is a platform for managing penetration tests and generating well-formatted, actionable findings reports without the normal overhead that takes up security engineer's time. The platform is built to support automation at every stage of the process and allow customization for whatever other systems you use as part of your pentesting process.
  • Video Recording/Visual Documentation
    • Open Broadcaster Software OBS
      • Open Broadcaster Software is free and open source software for video recording and live streaming. Cross Platform, Windows/OsX/Linux
    • Cryptoshot
      • This application will make a screenshot of the desktop. If the desktop consists of multiple monitors, it should still work fine. However it has only been tested with a dual monitor setup. The windows project has the added functionality of sending the screenshot to a server of your choosing.
    • Record terminal sessions and have the ability to replay it
    • Pocuito
      • A tiny chrome extension to record and replay your web application proof-of-concepts. Replaying PoCs from bug tracker written steps is a pain most of the time, so just record the poc, distribute and replay it whenever necessary without much hassle.
    • kap * An open-source screen recorder built with web technology
    • CrScreenshotDxe
      • UEFI DXE driver to take screenshots from GOP-compatible graphic console
    • ScreenToGif
      • ScreenToGif allows you to record a selected area of your screen, edit and save it as a gif or video
  • Sample/Template Documents

Disclosure