1

I was doing dorking on my friend's website to make sure there is no leak of information that is not meant to be. I found domains and sub-domains in search results.

Is their a tool which can help me to prepare the report? Report like domains and subdomains are represented in some graphical format something like tree structure?

And also what tools should be used for reporting during target enumeration phase?

mykpc
  • 21
  • 2
  • Why do you need a tool to format a report? – schroeder Jul 15 '19 at 07:27
  • @schroeder sorry for above comment If you are asking in general then, just wanted to learn if I am doing pen testing on an application what is the best way to prepare my report. If you are asking about why report needed for target enumeration, then again same answer wanted to learn more on reporting part. – mykpc Jul 15 '19 at 15:23
  • The "best way to prepare a report" is the way the audience needs to best receive the report. There are numerous types of reports for numerous different purposes, and there is not need use a tool at all. – schroeder Jul 15 '19 at 16:30

1 Answers1

1

That depends on what your report should look like.

There are a number of reporting tools. Dradis and MagicTree are two of them. They may not be the kind of reporting you seek, but its worthwhile to look at them.

Having seen a number of penetration test reports from different vendors, I know for sure that they must have some template and/or macros and/or report tooling to generate these reports (one company had a spelling mistake in their template...). These templates/macros/tools are often proprietary.

As for enumeration: nmap is of course the first tool that comes to mind, but simple nslookup, smbclient et cetera are also tools that come in handy.

Ljm Dullaart
  • 1,897
  • 4
  • 11
  • Here's a link to a comparison of the built in Kali reporting tools: https://resources.infosecinstitute.com/kali-reporting-tools/#gref maybe something worth adding to the answer – Stefan Lorenz Jul 14 '19 at 16:37
  • @ljm-dullaart I mean what tool is used for preparing reports during target enummeration phase? – mykpc Jul 14 '19 at 20:10