Hack The Box

Documentation

When it comes to documentation, we must first determine the report audience. We will document our activities differently than we would present our results to a customer. The purpose of documentation is to present the information we have obtained in a comprehensible and easy way to reproduce a specific activity.

Therefore the essential characteristics of documentation are:

  • Overview
  • Structure
  • Clarity

As we learn and practice, we will come across many different situations and resources. As discussed before, we will have to process massive amounts of information.

There are many resources available for documentation. We recommend a tool called CherryTree.

It is essential to get clarity, and a picture is worth a thousand words. For this, we can use a tool called FlameShot that makes it easier for us to take screenshots and edit them directly.

  • kappa@kappa-Aspire-Z5600:~$ cherrytree
    Command 'cherrytree' not found, but can be installed with: sudo apt install cherrytree
    kappa@kappa-Aspire-Z5600:~$
  • kappa@kappa-Aspire-Z5600:~$ flameshot
    Command 'flameshot' not found, but can be installed with: sudo apt install flameshot
    kappa@kappa-Aspire-Z5600:~$

No matter whom the documentation is intended for, here are some guidelines we can follow:

  • It is beneficial to put ourselves in the position of our readers. This will make it much easier for us to design the documentation.
  • Avoid repetition and ambiguity.
  • Make documentation as easy to read as possible. No one wants to read the documentation that is difficult to understand or follow.

Before we create documentation for our customers, we can clarify which points are most important to them.

Optional Exercise:

Do some research and find examples of penetration test reports and pick out the essential features. Get an overview of the following:

  1. What topics have been covered?
  2. How are they structured?
  3. How are they presented?