Reporting is one of the very important means in Ethical hacking or pen-testing, you must have heard the term called POC which is proof of concept. when a hacker or pen tester checks a system for loopholes or vulnerabilities then they need to provide an end report to the organization which consists of all the processes of discovering a vulnerability and also fixing it. These reports include all the information about the testing process, Vulnerabilities discovered in the network or system, and with that countermeasures to make it secure/unreachable. reporting is the last step of the ethical hacking process. Linux offers multiple Reporting Tools which helps pen tester to make these reports and process all the steps for making a good pen test report. Tools like Dradis, Pipal, and Metagoofil. let’s understand each of these in detail below.
Reporting Tools in Linux:
- Tool 1: Dradis Reporting Tool
- Tool 2: Pipal Reporting Tool
- Tool 3: Metagoofil Reporting Tool
Tool 1: Dradis Reporting Tool
It is a tool that helps in the process of penetration testing, which is all about information discovery, Exploiting useful information, and Reporting the findings. It is an open-source collaboration and reporting platform for IT security experts. this platform was developed in the Ruby programming language. this comes preinstalled with new versions of Kali Linux but you can install it manually also.
To install Dradis use the command:
sudo apt-get install dradis
Usage of Dradis Tool
Step 1: After installation you will see Dradis installed in your application under-reporting tools, To use Dradis open the terminal and run the command sudo Dradis or just simply click on the Dradis application.
sudo dradis
Step 2: Now we can go on the given link and a window will open for you to set up your Dradis password and log in.
Step 3: Now after setting your password and login you will be able to see the dashboard where you can create a new project or open and include your old projects to work on.
Tool 2: Pipal Reporting Tool
This tool is an Open Source Built Ruby for Password analysis. It can be used or come in handy when you are analyzing large password dumps that you used in the process of penetration testing activity. This tool also comes pre-installed with Kali Linux and is found under-reporting tools in the application menu.
To install Pipal use the command:
sudo apt-get install pipal
Usage of Pipal Tool
Step 1: As pipal is a password analyzer I have created a wordlist on the Desktop which consists of different words which we will be analyzing with the pipal tool.
Step 2: Now Go to the terminal and switch the directory where the wordlist is, you can type the command pipal -h to get the helping menu for the pipal tool.
pipal -h
Step 3: Now let’s analyze the wordlist we just created to do so simply type the command in the terminal in the location of the wordlist.
pipal wordlist.txt
In the above image, you can see that we have all the analysis that we could have obtained from the wordlist, in this way you can analyze password lists, wordlists and password dumps also with the pipal tool.
Tool 3: Metagoofil Reporting Tool
This Tool is used for information gathering, it is designed for extracting metadata of public documentation which belongs to a target organization. It can provide a lot of information after scanning documents, and obtaining files. It automatically generates an HTML page for the results of metadata with potential usernames and many more, which is going to be very useful when you are preparing for attacks like brute force which uses data lists to do so.
This tool follows a set of steps to get the useful metadata:
- It searches for the given file in the target website using Google search, you might have heard about Google Advanced search which allows users to get some really useful data by searching keywords which is not visible to regular users.
- Then it downloads the matched document that is found on the target website.
- Now the process of metadata extraction begins from the downloaded documents.
- Then it shows all the results on the HTML page.
Step 1: To download Metagoofil use the command:
sudo apt-get install metagoofil
Step 2: After installation, you can find this tool in applications under reporting tools, and run directly from there.
Step 3: Or you can go to the terminal and type the below command to get the help menu for the usage of this tool or you can easily go to its man page to get more information about it, as you can see in the image below.
metagoofil -h
To use it you can specify the domain and targeted file type you want to search for in that domain particularly.
Usage of Metagoofil Tool
Step 1: To use Metagoofil, go to your terminal and type the command to get the help menu.
metagoofil -h
Step 2: Now we will simply perform a file scan on the domain www.youtube.com for txt file types, to do so we need to specify two arguments that are:
- -d: it is to specify the domain in our case that is youtube.com
- -t: it is to specify which file type you are looking for in our case it is txt (text file type).
metagoofil -d www.youtube.com -t txt
Step 3: You can see it has looked up text files and downloaded the data into our local system, the download location is in my Desktop folder so let’s see some of the files that are downloaded.
cat robots.txt
So this is how you can use the Metagoofil reporting Tool in kali Linux.
Conclusion
There are many ways to make Ethical hacking Reports but these tools help you to dig in more and find accurate and more useful information regarding your target or victim which leads you to make an impressive and good report. If you want to master report writing start working and understanding these tools, there are many more tools that offer the ability to do report writing and manage the resources the same way the above tools do but it is not possible to cover all the tools in a single article, but you can always dig in and find more, or maybe you can build your tools and software’s which will help Linux developers community.