A tool that aims to “keep the fun in hacking” by simplifying penetration test reports is being showcased at Black Hat USA’s Arsenal track yesterday (August 10).
AttackForge is a pen test management and collaboration platform created to facilitate security testing across large and small organizations.
As previously reported by The Daily Swig, the developers demonstrated an earlier version of the tool at Black Hat Europe 2021.
This year’s offering, ReportGen, includes new features designed to remove the “most loathed part” of pen testing, according to Stas Filshtinskiy, co-founder of the DevSecOps aid.
“Reporting is the most loathed part of any pen test,” he told The Daily Swig. “It is highly time consuming and can take out all the fun of being a hacker.
“There are other tools available, however, most of them require complex programming or multiple tools to use – making it difficult to create templates and to maintain them.
“We created a very different approach, which makes it simple for people to get started fast with minimal learning curve; and easy to maintain templates.
“We made the tool free so security community can focus more on what matters, which is finding vulnerabilities and getting them fixed faster!”
New offerings
The key highlights for the latest version include:
- New pen test reporting templates
- The ability to use AttackForge ReportGen with any arbitrary JSON file, providing people with ability to generate reports on any data set in JSON format
- Introduced ReportGen Functions – giving people the ability to program custom logic into templates to create sophisticated and powerful reports
- And extended ReportGen Filters, providing people with greater flexibility on filtering data in their reports.
Asked why the team decided to create the tool, Filshtinskiy said that many of the best tools either cost money or have vendor lock-in to their products.
“Existing tools require significant investment to learn how to use, and have limited template libraries,” he explained.
Fil Filiposki, AttackForge co-founder, told The Daily Swig that AttackForge ReportGen is aimed at “anybody who needs to create pen test reports”.
“This can include people learning about pen testing, professional pen testers and bug bounty hunters, and security teams.
“Users don’t need to have any particular knowledge or experience to effectively use AttackForge ReportGen.”
He told The Daily Swig prior to the demonstration: “There are many other enhancements and new capabilities also included in this upgrade, and we will be showing them during our Black Hat Arsenal presentation.”
Source: https://portswigger.net/daily-swig/black-hat-usa-pen-testing-tool-that-aims-to-keep-the-fun-in-hacking-unveiled
