Tool workflows for automating pentests #42
Comments
|
IMHO: I suggest you wait with this until there is more feedback from users and the reptor CLI has been made public. |
|
Yes, I would not address this now but just wanted to discuss a long term vision.Am 03.08.2023 16:51 schrieb Richard Schwabe ***@***.***>:
IMHO: I suggest you wait with this until there is more feedback from users and the reptor CLI has been made public.
Of course, the workflows and command integration sound great and would be beneficial. However, they are also introducing a new landscape and slightly changing the core functionality. As in: Reptor is purely for managing sysreptor notes and uploading any notes from projects. At the moment piping might be enough for users. Every line of code needs to be maintained and it might get too much.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Pentests often have parts that can easily be automated. Some tools could be automatically triggered, parsed, and added as issue to a report.
#41 would allow us to protocol commands and their outputs.
We could use this feature to implement workflows. A workflow is a definition of commands that should be executed.
The workflow could be executed (
reptor cmd --workflow wf.yaml), the tools run and upload their tool outputs to the current report.(Regarding parallelization, we could also introduce stages that should run in parallel.)
In the future, we could also take tool outputs from previous tools (like sslyze open ssl ports from nmap scan).
The text was updated successfully, but these errors were encountered: