Open-Source Vulnerability Assessment and Pentesting Management Platform @reconmap #pentesting #opensource #hacking #opensource #cybersecurity

Hi again!

Time to look at reconmap.

We in this line of work love abbreviation, so I call this OVAPMP (Vulnerability Assessment and Pentesting Management Platform).

I was looking for a tool/system documenting my work regarding vulnerability scans, pentest and bug bounty work. I have tried different kind of solutions, I think I have found the perfect one!

I know there is always things to improve, but remember this tool is free for you to download. And you can always fork these projects and make your own modifications.

And there is always other tools that other thinks is better or faster. vi, joplin, cherrytree and word.

The one thing that is mandatory for me is that it needs to be on-premises solution.

https://reconmap.org/

https://gitter.im/reconmap/community

https://github.com/santiagolizardo

Short list first

  1. Install a machine (I use Kali)
  2. Install docker
  3. Install reconmap
  4. Configure
  5. Run it

Docker commands that can be handy

Stop the container(s) using the following command:
docker-compose down
Delete all containers using the following command:
docker rm -f $(docker ps -a -q)
Delete all volumes using the following command:
docker volume rm $(docker volume ls -q)
Restart the containers using the following command:
docker-compose up -d --remove-orphans
To additionally remove any stopped containers and all unused images
docker system prune -a

Installation

We start to do the git clone

git clone https://github.com/reconmap/reconmap.git

After the git clone

cd reconmap
docker-compose up -d

Run it

Access the web gui on the local machine with http://localhost:5500/login

Username: admin
Password: admin123

First we change password. Under profile icon we have change password

Fix some stuff to get Attachments to work. Go check under System / Health

We see that we are not able to upload attachments to this system. We need to fix that

Go to a shell on the machine and find out what container is running rest-api

docker ps

Then interact with that container

docker exec -it 3b26c8413504 /bin/bash

chmod 777 logs
chmod 777 ./data/attachments/

Time to stop reconmap

docker-compose stop

and the start

docker-compose start

Use it

After above fix we are now ready to use it!

Dashboard view

How it works
Create a client
Create Projects and connect to the client

Created clients

Created project

Add target on Projects

Import data from Nessus

You can also import data from external applications for example Nessus

  1. Create a project
  2. Create the nessus command. Set the parser to nessus
  3. Create a task and link the command to the command you created.
  4. Click the task and go to command outputs and upload your .nessus file
  5. Done

More integration can be found here

https://reconmap.org/features/integrations.html

Destructive upgrade – Backup before

cd reconmap

docker-compose pull
docker-compose stop
docker-compose rm -v
rm -rf data-mysql
docker-compose up -d

That was all for today!

Keep hacking

//Roger

1 Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.