naturtrunken / penman Goto Github PK

View Code? Open in Web Editor NEW

0.0 2.0 0.0 589 KB

Penetration test manager. Keeps a pentester's notes and thoughts organized.

License: GNU General Public License v3.0

Dockerfile 0.37% Ruby 50.89% Shell 1.15% HTML 12.89% JavaScript 0.46% TypeScript 33.71% CSS 0.54%

penman's Introduction

Penman: Penetration test manager

Web-based system to keep a pentester's notes and thoughts organized.

Features:

Manage networks and targets.
Add notes and screenshots to different phases of a pentest.
Add ideas and attack vectors to not forget them.
Add checklists to make sure not to forget important tests.

Installation

Prerequisites: Make sure that the Docker daemon is running.

mkdir penman && cd penman
wget https://raw.githubusercontent.com/naturtrunken/penman/main/docker-compose.yml
docker-compose up # Or "docker compose up", depending how you installed compose.

You can now access Penman via http://localhost:8080/.

To install Penman via source, see INSTALL.md

License

GPLv3

penman's People

Contributors

Watchers

penman's Issues

Show time until reaching the flags

On the target page (or timeline tab...?) should be the time visible from each state to the next one. Example:

Open => 43 User => 21 User => 49 Root

From the beginning, the user needed 43 minutes to the first user access, then another 21 minutes to escalate to the next user, then 49 minuter after that until he gained root access.

Add checklists to services

There should be mandatory and optional checkpoints available for some services so that a user has a default checklist provided for things to try. The list should be editable.

Update status of target if content is added or goal reached

If target.status == new, update this automatically to open as soon as some content is added.

Also, if some note has the user or root flag set, update the status accordingly.

Enable multiple IPs for targets

A target should have 1..n IPs, IPv4 and IPv6.

Add popup to change the target's state

Currently, a click on the state brings it to the next one. If somebody clicks it by mistake, there is no undo and the state has to been toggled multiple time to get the old state. And the timeline contains all state changes.

Now, a click on the state should open a small popover with the states in their sequence. The current one, the previous and next one should be clickable. The user can then with a second click update the status.

Add intro assistent on all pages

In the navbar, there should be a (?) which opens a short "intro help assistent". It explains in a series of popovers what the user can do on this site.

Add detailed help texts on each page

Detailed information should appear on each site to inform the user, what he/she can do here.

(Un-) Checking of ideas should appear in the timeline

Add customized api_vars script file for download

The api_vars.sh script has to been edited with the target / network / user id. It should be generated automatically with the proper values and offered to download on the appropriate pages.

Enable inline-editing of tables

A user should be able to click on an entry in a table (e.g. ideas, services) and edit/update it directly.

Add a example journey to the readme

The readme should contain an overview to see how the system works. Use some target (like Lame on HTB) and show in a sequence of images the steps from adding the network/target and how to work with the system. (Or maybe a video?)

Add global search

A user should be able to search (via the navigation bar) strings in all content he/she added.

Make all tables sortable and searchable

Make the checkboxes more beautiful

Replace the default checkbox layout with an improved version via some css.