💀 Awesome note-taking apps for hackers !

A collection of awesome note-taking apps, plugins and techiques for pentest report generation, bug-bounty hunting & building a knowledge base

_{Created by nil0x42 and contributors}

---

zadam/trilium

Trilium Notes is a hierarchical note taking application with focus on building large personal knowledge bases.

click for details..

✔️ Pros (for hackers)

• supports relation maps
• handles massive amount of notes
• easily scriptable (js)
• sync accross devices is possible (server mode)
• notes can have multiple parents
• main dev (@zadam) is very active & addresses issues quickly

❌ Cons (for hackers)

• heavy app (electronjs)
• no command-line interface

🔌 Useful plugins/extensions (for hackers)

• zadam/trilium-web-clipper
  • web browser extension which allows user to clip text, screenshots, whole pages and short notes and save them directly to Trilium Notes.
• nil0x42/singlefile2trilium
  • Save faithful copy of a web page in Trilium notes with SingleFile web extension

giuspen/cherrytree

A hierarchical note taking application, featuring rich text and syntax highlighting

click for details..

✔️ Pros (for hackers)

• beautiful rich-text
• very used among pentesters

❌ Cons (for hackers)

• monolythic hierarchical system
• no note-tagging system

🔌 Useful plugins/extensions (for hackers)

• https://github.com/sergiodmn/cherrymap
  • Import Nmap scans to Cherrytree
• https://github.com/gpalo/cherrypy-report
  • Create a PDF from your pentesting cherrytree notes (with the OSCP exam in mind).
• https://github.com/mikaelkall/massrecon
  • recon tool for OSCP engagements. Exports to cherrytree format
• https://github.com/rewardone/OSCPRepo/tree/master/CherryTrees
  • templates for OSCP
• https://github.com/DriftSec/AutoRecon-OSCP
  • Modified version of AutoRecon with a cherrytree helper script to import autorecon scan into cherrytree.
• https://github.com/CoolDadHacking/OSCP_Template
  • CherryTree OSCP methodology templatte

pwndoc/pwndoc

A pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report.

click for details..

✔️ Pros (for hackers)

• Manage reusable Audit and Vulnerability Data
• Multi-User reporting
• Docx Report Generation
• Docx Template customization

❌ Cons (for hackers)

• not a knowledge base, focused on generating pentest reports

ehrishirajsharma/SwiftnessX

A cross-platform note-taking & target-tracking app for penetration testers built on ElectronJS.

click for details..

✔️ Pros (for hackers)

• Focused on target-tracking (good for bug-bounty hunting)
• importable hacking checklists

❌ Cons (for hackers)

• heavy app (electronjs)
• Last commit is from Jul 19, 2019

🔌 Useful plugins/extensions (for hackers)

• https://github.com/ehrishirajsharma/swiftness-static/raw/master/Checklist/OWASP-Testing-Checklist.json
  • OWASP-Testing-Checklist from @Ice3man543

obheda12/JupyterPen

Create modular and automated penetration testing frameworks utilizing Jupyter Notebooks.

click for details..

✔️ Pros (for hackers)

• Focused on OSINT
• in-notes executable scripts for result insertions
• Automate / parse recon to excel

❌ Cons (for hackers)

• Recent (small community)

🔌 Resources

• https://youtu.be/LTNKMA65BtI?t=653
  • BSIDES presentation by @obheda12