Reporting

This brings us to the final, and some would say most boring, part of the test; however, if you followed the previous phases, reporting shouldn't be tedious or difficult. I try to make notes as I go along, either on paper or using Dradis, a built-in Kali tool, which can be summoned with service dradis start. Keep in mind that it is a web service, so anyone on the LAN would be able to access it using the https://IP of kali machine:3004 URL – at first run, it will prompt you to set a password.

Dradis allows you to import files from Nmap, NESSUS, NEXPOSE, and a few others, this makes taking notes when working with teammates hassle-free; you can easily share info and keep updated with the most recent results from scans.