May 8th 2020

As a pentester, there are many great resources, cheat sheets, and guidelines that contain a large amount of valuable information. However, it can be frustrating and time-consuming to find these notes or resources that are scattered all over the place. Not to mention the large amount of notes you have stored locally across your system with several different note-taking tools. In addition, some pentesters could be in assessments that are in a closed environment making it more challenging to transfer there notes and files on their devices. That's when I found Joplin to be able to suit my needs when I am on engagements.

This template contains a variety of tools, commands, and resources that I reference from to use for certain cases when I am on an engagement. However, it is important that you learn about these tools and understand the references being used! Take some time to look over the resources I put in before you start running these tools or commands blindly. If the tool or command does not work the way it should, then take a step back and troubleshoot it. Critical thinking is a necessary skill that all pentesters need to have when they are assessing a variety of options to make a better informed decision.

• Notes can be searchable, copied, tagged, and modified either from the applications directly or from your text editor.
• Markdown Editor and Reader. Easy to import and export notes to multiple formats.
• WebClipper to save web pages and screenshot from Firefox and Chrome Browser
• Sync notes on various cloud applications such as NextCloud, Dropbox, OneDrive
• Sync notes on a local file share or WebDav.
• Compatible to work on Windows, Linux, macOS, iOS, and Android

• Command line references.
• Personal notes that I left as reminders when I am assessing a target.
• PWK Report in Markdown (Can be exported into a PDF)

NOTE: You must have Joplin installed on your system.

1. Open Joplin
2. Click File and select Import
3. Select JEX - Joplin Export File
4. Locate the pentest template and it should appear in Joplin

Although this template is just the start there can always be room to add new tips, resources, or guides for other people to use in this template. Feel free to post any suggestions that you may have or want to include by submitting an issue in the repo.

• A huge shout out goes to James Hall originally creating his own pentesting template in Cherry Tree that inspired me to build mine in Joplin. You can find it here.
• Offensive Security: For reviewing the template and giving me feedback on things to add/improve on the template.
• The developers at Joplin for making an awesome opensource note-taking tool.