September 9th 2024
As a pentester, there are many great resources, cheat sheets, and guidelines that contain a large amount of valuable information. However, it can be frustrating and time-consuming to find these notes or resources that are scattered all over the place. Not to mention the large amount of notes you have stored locally across your system with several different note-taking tools. In addition, some pentesters could be in assessments that are in a closed environment making it more challenging to transfer there notes and files on their devices.In the past I used Joplin to manage my notes but I ran into a few situations where I needed to recover my notes and the way Joplin saves it's notes is in a database. I needed something to handle my notes and I can pull them directly from raw markdown and also link them during an assessment. Even though, Joplin had plugins that would suite my needs I decided to move over to Obsidian.
Just like my Joplin Template, this template contains a variety of tools, commands, and resources that I reference from to use for certain cases when I am on an engagement. However, it is important that you learn about these tools and understand the references being used! Take some time to look over the resources I put in before you start running these tools or commands blindly. If the tool or command does not work the way it should, then take a step back and troubleshoot it. Critical thinking is a necessary skill that all pentesters need to have when they are assessing a variety of options to make a better informed decision.
- Hierarchical Structure: Organize notes in a structured folder system (e.g., by engagement, client, or phase of testing).
- Templates: Create reusable templates for different types of notes (e.g., recon, enumeration, exploitation).
- Code Blocks: Use fenced code blocks to neatly format scripts, commands, and outputs.
- Checklists: Implement task lists to track objectives, vulnerabilities, and tasks completed.
- Inline Code: Highlight important keywords or commands with inline code formatting.
- Wiki-style Links: Easily link between notes to create a web of related information (e.g., link a vulnerability note to the corresponding exploitation technique).
- Backlinks: Automatically generate backlinks to see all the notes that reference a particular topic or vulnerability.
- Tagging: Use tags to categorize notes by vulnerability type, tool, or stage of engagement.
- YAML Front Matter: Add metadata to notes for easy filtering and searching (e.g., severity level, client name).
- Visualize Relationships: Use the graph view to visualize connections between notes, which can be helpful in mapping out attack paths or understanding the scope of an engagement.
- Powerful Search: Quickly search across all notes for specific keywords, commands, or tags.
- Filters: Use search filters to narrow down results based on tags, links, or note contents.
- Command line references.
- Personal notes, tools, and resources that I left as reminders when I am assessing a target
- Pentesting reports that you can fill in and export into a PDF
-
Open Obsidian:
- Launch Obsidian and open the vault where you want to import the notes.
-
Locate Your Notes:
- Find the folder containing the notes you want to import on your computer.
-
Copy the Notes:
- Select and the files or folders containing you want.
-
Paste into the Vault:
- In your file explorer, navigate to the Obsidian vault directory on your computer.
- Paste the copied notes into the desired folder within the vault.
-
Refresh Obsidian:
- Return to Obsidian and click on the vault’s file explorer pane to refresh. The imported notes should now be visible and accessible.
-
Verify Links and Tags:
- Make sure you check to see if the internal links and tags are working correctly. (Currently a work in progress)
This template is just the beginning; there's always room to add new tips, resources, or guides for others to benefit from. If you have any suggestions or ideas you'd like to see included, please feel free to submit an issue in the repository.