Penetration Testing mailing list archives
Pen Test Data/Report Management; Tracking/Procedure document
From: "JTH" <jth () visi com>
Date: Tue, 16 Mar 2004 16:27:01 -0600
All, two things. First, I'm working on trying to find a solution of some sort that I can use to collect & hold information and results from scans performed for different clients. Ideally, the end result would allow me to pull up previously delivered deliverables for comparison. The generated deliverable would pull info from nmap, nessus, superscan, phonesweep, and any other tools that I use in my assessment. I'd like to get as close as possible to a point-n-click report setup. I would then take this and clean it up, add an executive summary, my recommendations, etc. and be done, rather than having to gather & reformat all of this information (which is what I'm doing right now.) An obvious answer is either to dump everything into a database or use XSLT/XML with all of this data, but I don't [yet] know enough about this stuff to do this, nor do I know what an ideal design would look like. Aside from this, I'd much rather use or modify an existing tool than engineer one, if I can. I know topics like this have come up, but several searches on the archive didn't come up with much except for tool-specific solutions (i.e. nmap-only). Does anyone know of or use an all-in-one type program to save and tie this information together? Second, and more or less unrelated, when you perform a penetration test, how do you track your progress? Do you use a spreadsheet/workbook, an audit-style checklist, notebook, etc? Thanks, jth. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Pen Test Data/Report Management; Tracking/Procedure document JTH (Mar 18)
- Re: Pen Test Data/Report Management; Tracking/Procedure document wirepair (Mar 19)