After finding a vulnerability a penetration tester or bug bounty
hunter always need to submit the report to the employer. This is one
of the most important part of every penetration testing jobs. A good
report must contain each and every detail of the vulnerability.
Writing a good report is a must have ability, it is an art for bug
bounty hunters. So in this detailed tutorial we will learn how we can
generate or write reports on a vulnerability on our Kali Linux
system.
Our target will be
clear, we must keep it detailed as possible, this will help the
developers understand all the details about vulnerability and fix it
with right patch as soon as possible.
There are so many
ways to create a penetration testing report. In our this detailed
post we will learn a few tools that we can use to create a perfect
report that covers everything in detail.
Here we see some of
the main points that should always be included in the report:
- Details of the vulnerability we found.
- Score on the Common Vulnerability Scoring System (CVSS).
- Impact of the bug on the Organization.
- Recommendations to patch the vulnerability.
Common Vulnerability
Scoring System (CVSS) is a standard method for rating IT
vulnerabilities and decide the urgency of a response. We can read
more about CVSS here.
In this detailed
post we will talk about how we can write a good report on our Kali
Linux machine. Here we use some good free tool to write report.
Generating reports using Dradis
Dradis is an
open-source browser-based reporting and collaboration application,
which used to combine the outputs of different applications and make
a report ready. Dradis is so easy to use but unfortunately didn’t
comes with Kali Linux(New versions).
Installing Dradis
Installing Dradis is
super easy we can follow the Dradis’s
Github page. But there is an easy process. We can run following
command:
This command will
install Dradis, but it will take some time depending on internet
speed.
The screenshot shows
the output of the preceding command:
After installing
Dradis we can use simply dradis command to run it:
Dradis is web-based
tool so it will work on browser. After running it Dradis will open
browser in some seconds or may be we manually need to open
http://127.0.0.1:3000
Here, we can set up
our shared password to access the Dradis framework and log in with
the password.
After set up the
password we need to choose a username and enter our password then we will be redirected to the dashboard of Dradis as like
following screenshot.
In the free version of
Dradis framework supports plugins of some tools like nmap, Acunetix
and Nikto.
In Dradis framework
we can create methodologies. The methodologies can be considered as a
checklist, which can be used while doing penetration testing jobs for
an organization.
To create
methodologies, we go to methodologies tab and click on Add new.
Now we can see a
sample list created for us. We can edit it by clicking on the Edit
button on the right hand side.
Now let’s look at
how we can organize our scan reports more better. We go to the nodes
option on the left hand side menu and click on the + sign. Then a
pop-up window will open and we can add a network range and then click
on Add.
We also can add new
sub-node, we select the node from the left hand side panel and then
choose the Add sub-node option. This sub-nodes can be very useful when
we are doing pentest activity on a organize a network-based on the
host’s IP address.
Then we can add
notes and screenshots as proof of concept of the bugs we found.
We even can import
results of various tools to Dradis. This can be done by choosing
Upload Output from tool from the top menu of Dradis.
Here we can upload
our output file. Dradis framework has some inbuilt plugins, which can
parse reports of different tools.
When the import is
done, we can see the results on the left hand side panel under the
plugin output. Dradis results can be exported in many formats like CSV, HTML, JSON.
We can see the
output of the scan results we just imported.
Similarly, different
scans can be imported and combined together and can be exported as
one single report using the Dradis tool.
This is how we can
generate good quality reports of pentesting activity for an
organization using Dradis framework on our Kali Linux system.
MagicTree -- Magical Reporting Tool
There is another
tool for writing reports called MagicTree. MagicTree is a data
management and productivity reporting tool is quite like Dradis. It
is designed to allow easy and straightforward data consolidation,
querying, external command execution and obviously report creation.
It named “Tree” because all the data is stored in a tree
structure, and “Magic” is because it is designed magically do the
most bulky and boring part of penetration testing – data management
and reporting.
Installing MagicTree
In the previous
versions of Kali Linux MagicTree comes pre-installed not in recent
Kali Linux. So we need to download it. To download it we use
following command:
Then the jar file will be downloaded. This is an executable file no we don’t need to install it. We simply can run it by using following command:
After we accept the
terms and conditions we can see the MagicTree application.
Next, we create a node by clicking on node menu bar then navigate to “Auto create”.
Next, we create a node by clicking on node menu bar then navigate to “Auto create”.
In the box which
opens, we type the IP address of the host we want to be added. After
adding the node, it will appear in the left-hand side panel.
To perform a scan on
a host, we go to the Table view; at the bottom, we can see a
box titled Command.
We can run Nmap scan
on the host we have added.
MagicTree allow us
to query the data and send it to the shell. We click on the Q*
button, and it will automatically select the hosts for us.
Now, we just need to
type the following command:
The output of the
preceding command shows in the following screenshot.
Here hosts are
already identified, we do not need to mention the host here. Then we
click on Run.
In the above
screenshot we see a window that shows the scan being executed along
with the output. Once the scan is complete, we click on Import,
and it will be imported into MagicTree.
Similarly, we can
run any other tool and import their reports to MagicTree.
At last we can
generate a report by clicking on Report > Generate Report.
In the next window,
we can see the list of templates we would like to use to save our
generated report, as shown in the following screenshot.
Then we click on the
Generate Report button, and we will see report being
generated.
We can learn more
about MagicTree by clicking
here.
This is how we can
write reports on our penetration testing activity. This is the most
important step in ethical hacking and bug bounty hunting. Not only
Dradis and MagicTree There are more options are available like
Serpico.
This is how we can
write or generate reports of our penetration testing jobs using
Dradis, MagicTree and Serpico in or Kali Linux machine. To know more
about Kali Linux Tutorial follow our website.