Try these tools to prepare your pentest report
Everyone dreads preparing report, post-work. However, it is extremely important for the customer.
Here are some of the tools (free and paid) that may help you in report generation, so that you configure it once, and run it multiple times.
It goes hand-in-hand with pentest data management tools, explains why some of the tools below focus on data management, with reporting as added feture.
For all aspiring pentesters, it is a good idea to contribute to some of the open source reporting tools below. It will not only add to your CV, but will also help you gain insight into a developer mindset.
One can harness those insights into his/her pentest methodology/ workflow, may help in identifying more vulnerabilities.
Please note that reporting is one feature, among others (e.g., project management, pentest data management, etc.). I believe that vanilla reporting will only remain in open-source.
Free Tools
- PwnDoc
- GhostWriter (by Specterops, a project management and reporting engine)
- DART
- Kvasir (an introduction)
- Dradis
- MagicTree (Mostly data management, with reporting as an option)
- Serpico (no update on the tool since 2020, as pointed out by a member, Mr. Marvis)
- PeTeReport
- APTRS
- Hexway Community
- Blackstone
- SysReptor
- ReportRanger
- VulnRepo
- WriteHat
- reconmap
Paid Tools
I write at the intersection of pentest, auditing, risk management and career advice. Musings based on real experiences, not theory. All infosec, mashed up.
Follow the Risky Context channel on WhatsApp (if WhatsApp is your thing. Your number is not shared with others when you connect to my channel): https://whatsapp.com/channel/0029VaDqrFU8aKvQohD5nq0r
