[Note: The content of this post has been copied from /r/Pentesting in case users wish to continue the discussion during the reddit API price gouging blackout]
Pentesting project viability?
/u/ExcidionKahuna
TL;DR: Aspiring pentester/python noob looking for recommendations to optimize recon script written in python to populate an Obsidian vault, link findings efficiently with markdown/obsidian plugins, and wondering if this is would even be useful.
Hey all,
I’m not sure if this would be viable to the community in general, but was wanting some input.
This has been kind of a dream project of mine. I’m no developer, and aspire to be a pentester once my contract with my current job ends.
This is a project in python that will perform all my basic enumeration and execute additional commands and populating an Obsidian vault with the data. It starts with a ping/pingsweep and create a directory for each target. Cue nmap full port scan and create a .MD file for each port. Additional script and service scans on discovered ports, and the output for each port saved to each port file. Follow additional commands to run based on services discovered and saved to their own files. Each command will be piped to a bash script I wrote that will timestamp command output and screenshot it to be rendered in each file.
I know that golang and other languages would be faster for this, but this is a project I am using to learn Python and optimize/automate my notes. I guess this could be simplified as using autorecon and making an Obsidian vault, and doctoring it up with markdown and Obsidian features.
For Obsidian users, do you have any recommendations for markdown syntax I can use to better organize, link or make this project useful? Or any other optimizations you could recommend via python? And is this something anyone would actually like to see or even care about?
/u/frenchfry_wildcat
This is absolutely possible and essentially how the “automated pentest” platforms work (such as Penterra)