MagicTree v1.3 Available For Download – Pentesting Productivity

Use Netsparker


Have you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting bits of output from a bunch of typescripts into a report? We certainly did, and that’s why we wrote MagicTree – so that it does such mind-numbing stuff for us, while we spend our time hacking.

MagicTree is a pentesting productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and (yeah!) report generation. In case you wonder, “Tree” is because all the data is stored in a tree structure, and “Magic” is because it is designed to magically do the most cumbersome and boring part of penetration testing – data management and reporting.

MagicTree v1.3 - Pentesting Productivity

Changelog for v1.3

  • Fix for #307 “Cannot create a working report template in LibreOffice 3.5.4.2”.
  • Better parsing of Imperva Scuba XML
  • Fixed NullPointerException in FileFilter
  • Added debugging to idTracker and sanity checking to TreeController to catch the integrity bug
  • Fix for NullPointerException when handling MtSimpleObjects with no text
  • Fixes for data integrity bugs causing duplicated ids and broken xrefs
  • Added support for AppScan XML – contributed by VienHa Tran

Installation

No installation is required for MagicTree. The application is distrubuted as a single JAR file which has to be executed with JRE. Just save the file on your desktop. Double-click on it to execute it or, for less user-friendly OSes, issue “java -jar MagicTree.jar’ command.

Can’t get much better than that really, penetration testing report generation! Who wants to do that manually. IF you combined this with using something like Kvasir the Penetration Testing Data Management Tool, you’d be onto a pretty good process I reckon.

You can download MagicTree here:

MagicTree-build1814.jar

Or read more here.

Posted in: Hacking News, Security Software

, , , , , , , , , , , ,


Latest Posts:


Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.


2 Responses to MagicTree v1.3 Available For Download – Pentesting Productivity

  1. Scb May 8, 2014 at 3:05 pm #

    Isn’t it ironic? Pen test tool written in Java, which has like 11 thousand zero-day vulns each week? ;)

    • Darknet May 8, 2014 at 10:15 pm #

      Heh yah, but well it’s not a service and unfortunately if you want a cross platform executable..Java is still the best.