NotesOverview
Notes provide flexible documentation for:
- Technical observations
- Ideas and hypotheses
- Questions for the client
- Temporary findings
- Context and background
- Team communications
Creating Notes
- Navigate to Reporting → Notes
- Click Create Note
- Write note content
- Add tags and links
- Save
Note Types
Technical Notes
Document technical observations:
- "SMB signing disabled on file servers"
- "Web app uses outdated jQuery version"
- "Firewall allows outbound DNS on all ports"
Operational Notes
Track engagement logistics:
- "Client requested testing pause Dec 20-31"
- "VPN credentials expire in 3 days"
- "Need client approval before database access"
Analysis Notes
Record analysis and hypotheses:
- "Password pattern suggests default policy"
- "Network segmentation appears non-existent"
- "Multiple services running as SYSTEM"
Question Notes
Track questions for client:
- "Is X.X.X.X subnet in scope?"
- "Can we test admin portal after hours?"
- "Who is responsible for patch management?"
Note Features
Rich Text Editing
Notes support:
- Bold, italic,
code - Bulleted and numbered lists
- Code blocks with syntax highlighting
- Links to URLs
- Inline images
Tagging
Organize notes with tags:
Tags:
- technical
- needs-clarification
- high-priority
- for-report
- client-question
Filter notes by tag for quick access.
Linking
Link notes to engagement items:
- Targets: Notes about specific systems
- Findings: Context for vulnerabilities
- Objectives: Notes related to goals
- Activities: Observations during operations
Search
Find notes quickly:
- Full-text search
- Search by tags
- Search by linked items
- Date range filters
Organization
By Phase
Organize notes by engagement phase:
- Reconnaissance notes
- Initial access notes
- Post-exploitation notes
- Report preparation notes
By Category
Group by purpose:
- Technical findings (potential report content)
- Questions (need answers)
- Ideas (future testing)
- Context (background information)
By Priority
Tag for urgency:
urgent- Immediate attention neededhigh-priority- Address soonlow-priority- Nice to havereference- For future use
Common Workflows
During Testing
- Make quick notes as you work
- Tag appropriately
- Link to relevant targets
- Review daily for action items
Converting to Findings
When note becomes a finding:
- Create proper finding
- Use note content as starting point
- Add evidence and details
- Link finding to note for reference
- Tag note as
converted-to-finding
Client Questions
- Tag note as
client-question - Review before client meetings
- Document answers in same note
- Update related items based on answers
Report Writing
- Filter for
for-reporttag - Review technical notes
- Incorporate into findings
- Use as context for report sections
Best Practices
During Engagement
- Write immediately: Capture thoughts when they occur
- Be concise: Short notes are easier to review
- Tag consistently: Use same tag names throughout
- Link everything: Connect notes to related items
- Review regularly: Don't let notes pile up
Note Quality
- Clear titles: Make notes easy to find
- Sufficient detail: Include enough context
- Actionable: Note what needs to be done
- Timestamped: Automatic, but check for accuracy
Organization
- Regular cleanup: Review and organize notes weekly
- Archive old notes: Remove outdated information
- Consolidate: Merge related notes when appropriate
- Action items: Flag notes requiring follow-up
Tips
- Quick capture: Don't worry about perfect formatting initially
- Refine later: Clean up notes during downtime
- Use templates: Create note templates for common types
- Share context: Link notes to provide context for findings
- Question tracking: Use notes to track all client questions
- Daily review: Spend 10 minutes daily reviewing notes
- Tag liberally: Better to over-tag than under-tag
- Search frequently: Use search instead of scrolling
Integration with Reporting
Notes enhance reports by:
- Providing context for findings
- Documenting methodology decisions
- Recording client interactions
- Explaining unusual observations
- Supporting technical details