Info

NoteTaker is a GUI application for use by security consultants to store security issues identified during tests. NoteTaker can generate output summary files using a plugin based architecture. I wanted something like this for ages and the concept is similar to the OWASP Report Generator application. The current plugins output to Text and HTML, the source code to both the plugins is included, so you can either create your own plugins or modify the existing ones. If you make some useful changes or create a new output plugin then let me know and I'll include it in a new release with the appropriate credit.

The core configuration is controlled by a number of XML files e.g. Severity Levels, Components, so you can define your own set of severity levels and components. The application allows for the storing of people involved in the project, including the role. Also the hosts are stored and can be imported from a file. Each issue has to be related to a existing host. The issues are defined as either of two formats e.g. basic or advanced, the basic view simply allows you to store one item of information, ideal for a web application issue like XSS. Where as the advanced format allows you to store the issue against a particular protocol and port, so is ideal for an infrastructure related issue e.g. unnecessary services.

There are two summary tabs which summarise all of the entered information. The first tab is General Summary, which summaries the project info, people and hosts. The other tab is the Issue Summary, which summarises all of the issues.

NoteTaker also has an inbuilt nmap XML parser, so when you create an issue, you can import your port scan results. When the import occurs, you are presented with a window that allows you to pick which ports are applicable to the issue.

Screenshot