Time to look at reconmap.
We in this line of work love abbreviation, so I call this OVAPMP (Vulnerability Assessment and Pentesting Management Platform).
I was looking for a tool/system documenting my work regarding vulnerability scans, pentest and bug bounty work. I have tried different kind of solutions, I think I have found the perfect one!
I know there is always things to improve, but remember this tool is free for you to download. And you can always fork these projects and make your own modifications.
And there is always other tools that other thinks is better or faster. vi, joplin, cherrytree and word.
The one thing that is mandatory for me is that it needs to be on-premises solution.
Short list first
- Install a machine (I use Kali)
- Install docker
- Install reconmap
- Run it
Docker commands that can be handy
Stop the container(s) using the following command:
Delete all containers using the following command:
docker rm -f $(docker ps -a -q)
Delete all volumes using the following command:
docker volume rm $(docker volume ls -q)
Restart the containers using the following command:
docker-compose up -d --remove-orphans
To additionally remove any stopped containers and all unused images
docker system prune -a
We start to do the git clone
git clone https://github.com/reconmap/reconmap.git
After the git clone
cd reconmap docker-compose up -d
Access the web gui on the local machine with http://localhost:5500/login
First we change password. Under profile icon we have change password
Fix some stuff to get Attachments to work. Go check under System / Health
We see that we are not able to upload attachments to this system. We need to fix that
Go to a shell on the machine and find out what container is running rest-api
Then interact with that container
docker exec -it 3b26c8413504 /bin/bash
chmod 777 logs chmod 777 ./data/attachments/
Time to stop reconmap
and the start
After above fix we are now ready to use it!
How it works
Create a client
Create Projects and connect to the client
Add target on Projects
Import data from Nessus
You can also import data from external applications for example Nessus
- Create a project
- Create the nessus command. Set the parser to nessus
- Create a task and link the command to the command you created.
- Click the task and go to command outputs and upload your .nessus file
More integration can be found here
Destructive upgrade – Backup before
docker-compose rm -v
rm -rf data-mysql
docker-compose up -d
That was all for today!