Report Generation....

[dkovar at gmail.com (David Kovar)]

Greetings,

I work on Mac, Windows, and Linux. I tend to use a variety of tools
depending on the platform, the nature of the engagement, and whether I
was first on scene.

No matter what tools I use, I plan on writing up a final report, most
likely from scratch. If I've done my ongoing documentation well, I can
pull most of the content from other sources and just massage it
together.

On any platform, I like using a Wiki (Confluence recently) as it lets
me paste entire log files or tool output into a page and link to it
from my narrative. This helps me keep everything in one document, and
I can often simply clean up the wiki and then turn it into a PDF. It
is also cross platform.

On Windows, I use CaseNotes (free) to capture all my activity as I go.
It is write once/read many and hashes each entry. There is decent
formatting available and a quick and easy to use UI.

A lot of people I work with do everything with Excel spreadsheets. I'm
not as adept with Excel and tend to get lost when trying to get
everything formatted correctly, and it isn't terribly good for
capturing narrative or large blocks of detail. It's great for
organizing task lists, status of tasks/targets/systems, etc. And cross
platform.

And going low tech, I'll use vi, Emacs, etc.

I've been known to throw up a bugzilla instance for task tracking. I'm
guessing there is something easier to use than bugzilla out there by
now but I've not gone looking.

All of these are free, fairly inexpensive, or ubiquitous. There are a
lot of purpose built case management systems that I'd love to have but
cannot justify.

-David


On Thu, May 27, 2010 at 10:25 PM, Brian H <binarynomad at gmail.com> wrote:
> There was a discussion on Knowledge Management back in January, but I was interested in finding out what people use 
> to build their reports during/after a pentest?
>
> Do you use separate mechanisms (wikis, folders, notepad, etc) to collect all the data during the pentest 
> (footprinting, enumeration, vulnerable systems/users, screenshots, etc) and then transfer all that to a standard word 
> processor for the final report?
>
> Or do you use any sort for note taking software that outputs a clean report, with sections, TOC, and such?
> (optional: Any suggestions for Mac platform?)
>
> Thanks for any input,
>
> ----
> Brian H
> binarynomad at gmail.com
> http://www.binarynomad.com
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com