Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to add "Tools" as assets along with Servers #512

Open
mynoc96 opened this issue Aug 30, 2024 · 3 comments
Open

Ability to add "Tools" as assets along with Servers #512

mynoc96 opened this issue Aug 30, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@mynoc96
Copy link

mynoc96 commented Aug 30, 2024

Is your feature request related to a problem? Please describe.
When performing tests that don't require an IP stack (WiFi, embedded, pick a protocol), there's no way to track what asset/tooling was used for the test.

Describe the solution you'd like
Ideally, I'd like a solution similar to servers, but labeled "Tools" with fields of:

  • Description
  • Location (tied to a table similar to "Server Provider")
  • Status: Available, Reserved, Unavailable, N/A
  • Tags
  • Notes

Describe alternatives you've considered
In the short term, repurposing servers and making IP address and data center optional could alleviate the issue, but the addition of a "Tools" section under assets would be awesome.
@er4z0r
Copy link

er4z0r commented Sep 10, 2024

What kinds of tools are your thinking? Stuff like drop-boxes and stuff for physical access? I'm asking because there is/was an issue for this #260 . I just never got around to looking into it. If that is what you're looking for, maybe we can reopen that and collaborate there.

@mynoc96
Copy link
Author

mynoc96 commented Sep 19, 2024
edited
Loading

That's pretty similar to what I'm after. I want to able to capture which tools (physical or virtual) were used either on a report or on a finding. We usually provide a list of tools used during the penetration test, to aid in reproduction, and I would like to able to look back and determine which tools were the most effective at creating findings.

I would envision that as an "uncountable" tool table (no checkout required), that would serve as a data source for a "tools" reference in either the finding or report (report would be "easier" to make it iterable without hitting duplicates). And, I understand that the implementation I am suggesting is A way, not necessarily THE way. :-)

@chrismaddalena chrismaddalena added the enhancement New feature or request label Sep 24, 2024
@mynoc96
Copy link
Author

mynoc96 commented Sep 25, 2024

I found a hackish work-around that gets at what I'm after. I created an extra field for oplogs called "Tool Description (tool_description)". For my report, I iterate through, and if there is a tool description, it grabs the tool name (with the capitalization used in the oplog) and tool description for my "Tools Used" table.

The downside is I have to enter the tool description for each test, rather than having a dataset of tools I could pull from.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@er4z0r @chrismaddalena @mynoc96