Skip to content

WEBINAR  Beyond Trends: Actionable Cybersecurity Advice for 2023 with Bugcrowd and Red Canary · December 14, 2022 ·  Save your spot!

VIDEO

Create a Pentest Report in 5 Minutes or Less with PlexTrac

Every penetration tester hates reporting, but it doesn’t have to stay that way! What was once a mundane and time-consuming task is made easy with PlexTrac. In this video you’ll see how PlexTrac can save you hours of time on report generation so you can focus on the fun security stuff… Hacking!

Series: PlexTrac Demos

Category: Product Features, Reports

   BACK TO VIDEOS

Play

Please accept marketing cookies to watch this video.

Transcript

Let’s dive in and use the PlexTrac platform to rapidly generate a penetration testing report and also provide a collection of data, including hosts and findings that people can interact with as well. I’ve created a client called Example Company. We’ll create a new penetration test report. We’re going to assign it a report template. I’ll sign it to myself and let’s give it a start and end date.

Also put in the data to custom fields that we can use with short codes. Later, I’ve selected this template and I can rapidly begin filling in perhaps an attack narrative section. But let’s utilize our content library to take in one of our narratives. If we look at the sections for this report, we have some of the typical data like introduction methodology. Because of this Pen test, I have an attack narrative that I want to add in. I’m going to grab it from my narratives. DB notice we use this concept of shortcodes throughout stored content for this report.

For all of my reports, I want the attack chain right up to go. Let’s say maybe right after the methodology here. I can rapidly begin adding data in and get our evident screenshots, copy and paste it right in.

This is just an example of a typical attack scenario.

Writing down concept section. Sample commands have been given. Your methodology may vary, but you get now we’ve got this robust attack scenario.

By using short codes in store text, we can rapidly replace them with their subsequent values. We see in the report well as the attack scenario section, or place these short codes.

I’m moving on to findings. Perhaps I’ve got some automated tooling running some vulnerability assessment scans. But I’m also going through and doing what a good Pen tester does finding manual findings. I’ve decided to add the finding manually for my write ups database. Find the sequel injection flaw that I found, keeping in mind that I could add this data directly from Burp if I were so inclined. But this is an example of using the write up database to add manual. In this case, I want to edit the finding.

I’m going to decide that this is a critical flaw. I’m also going to decide to go in, add the evidence manually to the finding itself. Keep in mind, again, this is really for demonstration purposes. If you were so inclined, if you wanted to find this data directly from a tool, this could be coming in directly from Birth or Acnetics or any kind of tool. It’s just showing you the manual workflow. Again, go to our readout sections here. Added our finding, our evidence.

Now, working with the finding, I can come in, make sure that we like it.

You get that full UA peer review workflow in this process. Now, perhaps we also want to add some context.

I didn’t say comment.

You can also ingest from common tool and integrations like security center macro, one elio, etc. But for this, I’m just going to pull in an assets file.

We could have tagged findings and assets. Now we have all the data we need in the platform. We could collaborate here. You could work on associating Findings A status.

Good mass sign Findings A status you can see. You can really collaborate here.

Get an idea of what’s going on. I log in. I can sort by substatus.

All of this data has been built in.

But we also forgot one of our situations here the ability to short codes within Findings as well. Make sure we replace that.

Now generate our report. Keep in mind, the PlexTrac offers the ability to have stock templates from us. But our customer success team can work to engineer a template that really fits your needs and is exactly what you want from out of the platform. Let’s take a look at the stock template. Here we see our report.

Our sections tack proof of concept. Here we’ve moved into the rest of the report. Name the data, break down the information. And lastly, we have our detail findings in five minutes or less. You too can have a swanky pen test report.

Take care.