The Pentest notes enables you to easily collect and manage notes and evidences during a penetration testing engagement.

While reading as many PWK reviews as possible during my preparation time before the actual start of the course, I found this blog post with an interesting MS Access notes keeping solution.

Having developed many MS Access applications at work during the last few years, I decided to develop my own tool starting from that excellent idea.

Key features:

• Easily store target info and custom notes
• For each target host manages the following information:
  • users
  • groups
  • hashes
  • services
  • files
  • recon tool
  • local exploit
  • remote exploit
  • CWE
  • CVSS
• Windows snipping tool integration
• Windows file system integration for folder access
• Keepnote integration (launch keepnote application from within the Pentest notes app)
• Reporting

Requisites

• MS Access 2010-2013
• not tested with Office 2016

Installation

1. Place the .accdb file in the desired folder of your filesystem and simply:

    > double click on PentestNotes.accdb to execute it
   

Getting Started

Assuming you are testing a target host, simply start adding information to the main form as soon as you collect it (i.e. IP address, hostname, domain, etc).

Once you proceed with your assessment activities you can easily store other kind of information within the main form subforms:

1. Users: useful to collect different users on the target system

2. Groups: useful to collect different OS Groups easch user belongs to

3. Hashes: useful to collect retrieved password hashes for each user on the target system

4. Services: useful to collect different kind of services mapped during the enumeration phase along with their protcolo, running port, version, etc

5. Files: upload in the database useful files (i.e. images, etc) retrieved during the assessment

6. ReconTool: useful to store options and output of different tools executed against the target system

7. Local Exploit: useful to collect the applicable local exploits for the target system

8. Remote Exploit: useful to collect the applicable remote exploits for the target system

9. CWE: useful to collect possible [Common Weakness Enumeration] (https://cwe.mitre.org/) vulnerability information

10. CVSS: useful to generate Common Vulnerability Scoring System data. A CVSS chart is generated accordingly to the [CVSS version 3.0 calculator] (https://www.first.org/cvss/calculator/3.0)

Other available features:

• integration with Windows snipping tool to let you capture screenshots on the fly

• integration with Windows file system (open folder) to easily access your data

• integration with keepnote application (simply launch keepnote from within the main form)

• generate report in PDF format (requires a PDF reader application) ¹

---

I'm not planning to add any further feature at the moment.

Advanced customization

You can easily customize the database tables, forms and logic. Just remember to edit the entity relationships model too. Feel free to modify it accordingly to suit your needs.

Footnotes

1. need improvements (layout/cosmetics, etc) ↩