PaulDotCom mailing list archives
Report Generation....
From: dkovar at gmail.com (David Kovar)
Date: Fri, 28 May 2010 09:41:33 -0400
Greetings, I work on Mac, Windows, and Linux. I tend to use a variety of tools depending on the platform, the nature of the engagement, and whether I was first on scene. No matter what tools I use, I plan on writing up a final report, most likely from scratch. If I've done my ongoing documentation well, I can pull most of the content from other sources and just massage it together. On any platform, I like using a Wiki (Confluence recently) as it lets me paste entire log files or tool output into a page and link to it from my narrative. This helps me keep everything in one document, and I can often simply clean up the wiki and then turn it into a PDF. It is also cross platform. On Windows, I use CaseNotes (free) to capture all my activity as I go. It is write once/read many and hashes each entry. There is decent formatting available and a quick and easy to use UI. A lot of people I work with do everything with Excel spreadsheets. I'm not as adept with Excel and tend to get lost when trying to get everything formatted correctly, and it isn't terribly good for capturing narrative or large blocks of detail. It's great for organizing task lists, status of tasks/targets/systems, etc. And cross platform. And going low tech, I'll use vi, Emacs, etc. I've been known to throw up a bugzilla instance for task tracking. I'm guessing there is something easier to use than bugzilla out there by now but I've not gone looking. All of these are free, fairly inexpensive, or ubiquitous. There are a lot of purpose built case management systems that I'd love to have but cannot justify. -David On Thu, May 27, 2010 at 10:25 PM, Brian H <binarynomad at gmail.com> wrote:
There was a discussion on Knowledge Management back in January, but I was interested in finding out what people use to build their reports during/after a pentest? Do you use separate mechanisms (wikis, folders, notepad, etc) to collect all the data during the pentest (footprinting, enumeration, vulnerable systems/users, screenshots, etc) and then transfer all that to a standard word processor for the final report? Or do you use any sort for note taking software that outputs a clean report, with sections, TOC, and such? (optional: Any suggestions for Mac platform?) Thanks for any input, ---- Brian H binarynomad at gmail.com http://www.binarynomad.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Report Generation.... Brian H (May 27)
- Report Generation.... David Kovar (May 28)
- Report Generation.... Mike Patterson (May 28)