Effectively managing your test results
A variety of tools will be used during the process of performing a penetration test. Almost all of these will have output that you will want to keep. One major challenge is to combine all of this data in one place so that it may easily be used to enhance testing efforts by providing you with a holistic view of your data, and to shorten the report generation phase.
Introduction to MagicTree
MagicTree, a Java application created by Gremwell, is an actively supported data collection and reporting tool. It manages your data using nodes in a tree structure. This hierarchical storage method is particularly efficient at managing host and network data. The true power of MagicTree is unleashed when one is attempting to analyze data. For instance, a search for all IIS web servers found during a scan of a large network will take mere moments.
In addition to providing an excellent data collection mechanism, MagicTree also enables you to create actionable reports based on priorities of your choosing. Reports generated with MagicTree are completely customizable, and are easily tailored to meet your reporting requirements. You can even use it to export your data into LibreOffice!
MagicTree allows for XML data imports and has XSLT transforms for many popular formats, such as:
- Nessus
- Nikto
- Nmap
- Burp
- Qualys
- Imperva Scuba
- OpenVAS
Tip
The developers of MagicTree are pentesters by trade. When exploring MagicTree, it becomes obvious that they understand the challenges that testers face on a daily basis. One example of this is the functionality they made available that allows you to create your own XSLT transforms for the tool. If the XML data you need cannot be imported using the provided transforms, you can make your own!
Starting MagicTree
As with most tools we will be using throughout this book, this one comes preinstalled on Kali.
To launch MagicTree from Kali, we select Applications | Reporting Tools | magictree. After the splash screen and license agreement has been displayed (the license will need to be accepted), you will be presented with the main application workspace. An example of the dashboard is shown in the following screenshot:
Adding nodes
To add a node, press Ctrl + N and type 127.0.0.1
into the Input pop-up box. This will populate the tree with two additional nodes: one for testdata
and one for host 127.0.0.1
.
There are several node types available when storing your data. To be able to use the tool effectively, you will need to familiarize yourself with the various node types:
- Branch node: It is used to create the structure of your tree. Make sure not to include spaces when using this node type.
- Simple node: The most common node type, it will be used to store simple data such as an IP address or a fully qualified domain name.
- Text node: It stores text data within the node and could be used to provide information about your testing, or data that you would like to appear in your reports.
- Data node: It stores non-image and non-XML attachments in the project file folder.
- XML data node: It stores XML data.
- Image node: It can store images such as screenshots or other important evidence.
- Cross-references: It creates a link between nodes to avoid duplication of information.
- Overview node: It is used to enter testing results and recommended mitigation strategies. It can be linked to affected hosts.
- Special node: It is created automatically and is used by the application to perform certain tasks. It is not user-created.
Tip
MagicTree will merge the data from disparate data sources into single nodes in an attempt to avoid data duplication; running multiple scanning tools against
127.0.0.1
will not result in multiple nodes representing the same data.
Data collection
Let's collect some data about 127.0.0.1. In addition to being able to select scan results from tools you have run outside MagicTree, you can also scan directly from within the tool and use variables to select your target ranges or hosts.
Select the host 127.0.0.1 node in the Tree View menu, click on the Q* button, which represents Query All, and type the following into the Command textfield (which must be clicked to make it active):
# nmap -vv -O -sS -A -p- P0 -oX $out.xml $host
This will initiate an Nmap scan against 127.0.0.1
and place the results in an XML file named $out.xml
.
Tip
We can customize the scan further by adding --open
and only reviewing the open ports; furthermore, we can make the scan significantly faster if we add the -n
option, which will tell the scanner to not resolve the DNS names.
An example of the completed scan is shown in the following screenshot:
We will select $out.xml
and click on the Import button to have MagicTree automatically generate our node structure based on the scan results. An example of this is shown in the following screenshot:
MagicTree has imported the Nmap results and merged them with our host. Looks like we have Postgresql running on our Kali virtual machine on port 5432!
Note
An older version of the software would leak the version number in the banner, but with the version 9.1, that is no longer the case.
Report generation
Now that we have some results, we will look at how simple report generation can be. The installation that comes preinstalled with Kali has five report templates for LibreOffice preconfigured; these can be used either as a reference to create your own templates or just as they are.
From the menu bar at the top, select the Report | Generate Report option followed by Browse. Select open-ports-and-summary-of-findings-by-host.odt
. Then, click on Open | Generate Report. After a few moments, LibreOffice will open up the automatically generated report listing all open ports by host along with any findings you may have had. An example of this is shown in the following screenshot:
This was just a quick introduction to the MagicTree project. This tool is immensely powerful and it will take you a bit of practice before its true potential can be unlocked. The documentation provided with MagicTree is well written and frequently updated. If you are primarily performing your penetration testing in very small teams, or in teams of one, then MagicTree will probably be the only data collection tool you will ever want.