A collection of awesome note-taking apps, plugins and techiques for pentest report generation, bug-bounty hunting & building a knowledge base
Created by
nil0x42 and
contributors
Trilium Notes is a hierarchical note taking application with focus on building large personal knowledge bases.
click for details..
✔️ Pros (for hackers)
- supports relation maps
- handles massive amount of notes
- easily scriptable (js)
- sync accross devices is possible (server mode)
- notes can have multiple parents
- main dev (@zadam) is very active & addresses issues quickly
❌ Cons (for hackers)
- heavy app (electronjs)
- no command-line interface
🔌 Useful plugins/extensions (for hackers)
- zadam/trilium-web-clipper
- web browser extension which allows user to clip text, screenshots, whole pages and short notes and save them directly to Trilium Notes.
- nil0x42/singlefile2trilium
- Save faithful copy of a web page in Trilium notes with SingleFile web extension
click for details..
✔️ Pros (for hackers)
- beautiful rich-text
- very used among pentesters
❌ Cons (for hackers)
- monolythic hierarchical system
- no note-tagging system
🔌 Useful plugins/extensions (for hackers)
- https://github.com/sergiodmn/cherrymap
- Import Nmap scans to Cherrytree
- https://github.com/gpalo/cherrypy-report
- Create a PDF from your pentesting cherrytree notes (with the OSCP exam in mind).
- https://github.com/mikaelkall/massrecon
- recon tool for OSCP engagements. Exports to cherrytree format
- https://github.com/rewardone/OSCPRepo/tree/master/CherryTrees
- templates for OSCP
- https://github.com/DriftSec/AutoRecon-OSCP
- Modified version of AutoRecon with a cherrytree helper script to import autorecon scan into cherrytree.
- https://github.com/CoolDadHacking/OSCP_Template
- CherryTree OSCP methodology templatte
click for details..
✔️ Pros (for hackers)
- Manage reusable Audit and Vulnerability Data
- Multi-User reporting
- Docx Report Generation
- Docx Template customization
❌ Cons (for hackers)
- not a knowledge base, focused on generating pentest reports
click for details..
✔️ Pros (for hackers)
- Focused on target-tracking (good for bug-bounty hunting)
- importable hacking
checklists
❌ Cons (for hackers)
- heavy app (electronjs)
- Last commit is from
Jul 19, 2019
🔌 Useful plugins/extensions (for hackers)
- https://github.com/ehrishirajsharma/swiftness-static/raw/master/Checklist/OWASP-Testing-Checklist.json
- OWASP-Testing-Checklist from @Ice3man543
click for details..
✔️ Pros (for hackers)
- Focused on OSINT
- in-notes executable scripts for result insertions
- Automate / parse recon to excel
❌ Cons (for hackers)
- Recent (small community)
🔌 Resources
- https://youtu.be/LTNKMA65BtI?t=653
- BSIDES presentation by @obheda12