are you a pentexter? · august 18, 2016 demo prologue: getting started 1. a clone of the pentext...
TRANSCRIPT
![Page 2: Are You a PenTexter? · August 18, 2016 Demo Prologue: Getting Started 1. A clone of the PenText repository 2. PenText toolchain (Saxon, Apache FOP) 3. Content (plaintext)](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec955b5cc38ac5a2a5ee484/html5/thumbnails/2.jpg)
August 18, 2016
When hackers grow up...
![Page 3: Are You a PenTexter? · August 18, 2016 Demo Prologue: Getting Started 1. A clone of the PenText repository 2. PenText toolchain (Saxon, Apache FOP) 3. Content (plaintext)](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec955b5cc38ac5a2a5ee484/html5/thumbnails/3.jpg)
August 18, 2016
What is ChatOps?
![Page 4: Are You a PenTexter? · August 18, 2016 Demo Prologue: Getting Started 1. A clone of the PenText repository 2. PenText toolchain (Saxon, Apache FOP) 3. Content (plaintext)](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec955b5cc38ac5a2a5ee484/html5/thumbnails/4.jpg)
August 18, 2016
What is PenText?
![Page 5: Are You a PenTexter? · August 18, 2016 Demo Prologue: Getting Started 1. A clone of the PenText repository 2. PenText toolchain (Saxon, Apache FOP) 3. Content (plaintext)](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec955b5cc38ac5a2a5ee484/html5/thumbnails/5.jpg)
August 18, 2016
Demo Prologue: Getting Started
1. A clone of the PenText repository
2. PenText toolchain (Saxon, Apache FOP)
3. Content (plaintext)
![Page 6: Are You a PenTexter? · August 18, 2016 Demo Prologue: Getting Started 1. A clone of the PenText repository 2. PenText toolchain (Saxon, Apache FOP) 3. Content (plaintext)](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec955b5cc38ac5a2a5ee484/html5/thumbnails/6.jpg)
August 18, 2016
Demo Setup
+----------------+ +----------------+ | - RocketChat | | | | - rosbot | <------------> | gitlab | | - hubot | | | +----------------+ +----------------+ ^ ^ | | | | +----------------------------------+ | | workstation | | | (technical writer / pentester) |--------+ | | +----------------------------------+
![Page 7: Are You a PenTexter? · August 18, 2016 Demo Prologue: Getting Started 1. A clone of the PenText repository 2. PenText toolchain (Saxon, Apache FOP) 3. Content (plaintext)](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec955b5cc38ac5a2a5ee484/html5/thumbnails/7.jpg)
August 18, 2016
Demo Time!
![Page 8: Are You a PenTexter? · August 18, 2016 Demo Prologue: Getting Started 1. A clone of the PenText repository 2. PenText toolchain (Saxon, Apache FOP) 3. Content (plaintext)](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec955b5cc38ac5a2a5ee484/html5/thumbnails/8.jpg)
August 18, 2016
Content - Pentest
* Main source: source/report.xml* Can re-use details from quote (e.g. client_info.xml)* Plus findings, non-findings and scan outputs (all XML)
<finding id="finding" threatLevel="Low" type="Information Leak"> <title>Title</title> <description>Description.</description> <technicaldescription>Techical description.</technicaldescription> <impact>Consequences of exploitation</impact> <recommendation>Steps to resolve the issue</recommendation></finding>
![Page 9: Are You a PenTexter? · August 18, 2016 Demo Prologue: Getting Started 1. A clone of the PenText repository 2. PenText toolchain (Saxon, Apache FOP) 3. Content (plaintext)](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec955b5cc38ac5a2a5ee484/html5/thumbnails/9.jpg)
August 18, 2016
More Demo Time!
![Page 10: Are You a PenTexter? · August 18, 2016 Demo Prologue: Getting Started 1. A clone of the PenText repository 2. PenText toolchain (Saxon, Apache FOP) 3. Content (plaintext)](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec955b5cc38ac5a2a5ee484/html5/thumbnails/10.jpg)
August 18, 2016
What Else Can We Integrate?
● Scanning + Exploitation:– Nmap, w3af, sqlmap, hydra, etc..
● Reconnaissance:– Whois, Google, PassiveScan, etc..
● Cryptography– Hash cracking, etc..
● Other:– Email/SMS integration, spearphishing,
CVEsearch
![Page 11: Are You a PenTexter? · August 18, 2016 Demo Prologue: Getting Started 1. A clone of the PenText repository 2. PenText toolchain (Saxon, Apache FOP) 3. Content (plaintext)](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec955b5cc38ac5a2a5ee484/html5/thumbnails/11.jpg)
August 18, 2016
Red/Blue Pentesting
![Page 12: Are You a PenTexter? · August 18, 2016 Demo Prologue: Getting Started 1. A clone of the PenText repository 2. PenText toolchain (Saxon, Apache FOP) 3. Content (plaintext)](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec955b5cc38ac5a2a5ee484/html5/thumbnails/12.jpg)
August 18, 2016
Now an OWASP Project!
https://pentext.org
https://github.com/radicallyopensecurity/pentext