Clone of . For those who would prefer to not be tracked by MS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

34 KiB

Documentation & Reporting

Table of Contents

To Do: * Add Note taking methods

Start Here

De/Briefing & Presenting

Penetration Testing Collaboration

  • Collaboration Tools
    • Kvasir
      • Kvasir is a vulnerability / penetration testing data management system designed to help mitigate the issues found when performing team-based assessments. Kvasir does this by homogenizing data sources into a pre-defined structure.
    • Dradis
      • Dradis is an open source collaboration framework, tailored to InfoSec teams.
    • Faraday
      • Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
    • Lair
      • Lair is a reactive attack collaboration framework and web application built with meteor.
    • envizon
      • "We use envizon for our pentests in order to get an overview of a network and quickly identify the most promising targets. The version 3.0 introduce new features such as screenshotting web services, organizing vulnerabilities or generating reports with custom docx templates."
    • Collaboration and Report @ Rawsec Inventory - Complete list of Collaboration and Report tools/platforms
  • Documenation Tools
    • DART
      • DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.
    • Serpico
      • Serpico is a penetration testing report generation and collaboration tool. It was developed to cut down on the amount of time it takes to write a penetration testing report.
    • Vulnreport
      • Vulnreport is a platform for managing penetration tests and generating well-formatted, actionable findings reports without the normal overhead that takes up security engineer's time. The platform is built to support automation at every stage of the process and allow customization for whatever other systems you use as part of your pentesting process.
    • Ghostwriter
      • Ghostwriter is a Django project written in Python 3.7 and is designed to be used by a team of operators. The platform is made up of several Django apps that own different roles but work together. See the Wiki for more information.
      • Wiki
      • Introducing Ghostwriter - Christopher Maddalena
    • sh00t
      • sh00t is a task manager to let you focus on performing security testing. Provides To Do checklists of test cases and helps to create bug reports with customizable bug templates
  • Video Recording/Visual Documentation
    • Open Broadcaster Software OBS
      • Open Broadcaster Software is free and open source software for video recording and live streaming. Cross Platform, Windows/OsX/Linux
    • Cryptoshot
      • This application will make a screenshot of the desktop. If the desktop consists of multiple monitors, it should still work fine. However it has only been tested with a dual monitor setup. The windows project has the added functionality of sending the screenshot to a server of your choosing.
    • Record terminal sessions and have the ability to replay it
    • Pocuito
      • A tiny chrome extension to record and replay your web application proof-of-concepts. Replaying PoCs from bug tracker written steps is a pain most of the time, so just record the poc, distribute and replay it whenever necessary without much hassle.
    • kap * An open-source screen recorder built with web technology
    • CrScreenshotDxe
      • UEFI DXE driver to take screenshots from GOP-compatible graphic console
    • ScreenToGif
      • ScreenToGif allows you to record a selected area of your screen, edit and save it as a gif or video
  • Sample/Template Documents