We could introduce a plugin (e. g. reptor cmd alias reptor c to make it shorter) that takes tool commands and executes them: reptor c sudo nmap -p 80
The plugin creates a data structure like...
---
cmd: sudo nmap -p 80
started: 2023-08-03T08:50:07+00:00
finished: 2023-08-03T08:55:07+00:00
exit_code: 0
stdout: open port 80
stderr: starting nmap...
This allows us to create a protocol of pentesting activities.
We could create a timeline from this and upload it to the notes. (If we add a plugin to our markdown renderer, we could even create a nice visual timeline: https://www.npmjs.com/package/hexo-tag-mdline)
It could also allow us to dynamically find out, if there is a corresponding plugin that is able to process the output. The plugin could define a list of command name (cmds = ["nmap", "masscan"]) that is dynamically expanded (cmds = ["nmap", "masscan", "sudo nmap", "su -c nmap", "sudo masscan", "su -c masscan"]) to detect if the tool output can be processed.
(It might also be possible to add some conditionals, like if it contains "-oX" it must use xml parsing, or we iterate through all possible parsing algos.)
We could add an option that uploaded should be done right after execution (e. g. reptor c --upload sudo nmap -p 80).
If this was not specified, the user could upload later (e. g. reptor nmap --upload --cmd). The cmd switch defines that the input should be taken from the cmd outputs. This takes the cmd output that matches the command with the newest "started" timestamp and a valid "finished" timestamp. If the user wants to use a different output, he must specify a number (e. g. --cmd 1 for the second to last run).
aronmolnar
commented
1 year ago
We could introduce a plugin (e. g.
reptor cmdaliasreptor cto make it shorter) that takes tool commands and executes them:reptor c sudo nmap -p 80The plugin creates a data structure like...
This allows us to create a protocol of pentesting activities. We could create a timeline from this and upload it to the notes. (If we add a plugin to our markdown renderer, we could even create a nice visual timeline: https://www.npmjs.com/package/hexo-tag-mdline)
It could also allow us to dynamically find out, if there is a corresponding plugin that is able to process the output. The plugin could define a list of command name (
cmds = ["nmap", "masscan"]) that is dynamically expanded (cmds = ["nmap", "masscan", "sudo nmap", "su -c nmap", "sudo masscan", "su -c masscan"]) to detect if the tool output can be processed.(It might also be possible to add some conditionals, like if it contains "-oX" it must use xml parsing, or we iterate through all possible parsing algos.)
We could add an option that uploaded should be done right after execution (e. g.
reptor c --upload sudo nmap -p 80).If this was not specified, the user could upload later (e. g.
reptor nmap --upload --cmd). The cmd switch defines that the input should be taken from the cmd outputs. This takes the cmd output that matches the command with the newest "started" timestamp and a valid "finished" timestamp. If the user wants to use a different output, he must specify a number (e. g.--cmd 1for the second to last run).