BlackStone Project - Pentesting Reporting Tool

BlackStone project or "BlackStone Project" is a tool created in order to automate the work of drafting and submitting a report on audits of ethical hacking or pentesting.

In this tool we can register in the database the vulnerabilities that we find in the audit, classifying them by internal, external audit or wifi, in addition, we can put your description and recommendation, as well as the level of severity and effort for its correction. This information will then help us generate in the report a criticality table as a global summary of the vulnerabilities found.

We can also register a company and, just by adding its web page, the tool will be able to find subdomains, telephone numbers, social networks, employee emails...

Website: https://microjoan.com
Use and installation video: https://youtu.be/qasPlaaYxiU
Buy me a coffee: https://www.buymeacoffee.com/microjoan

Docker Install

Install Docker

/bin/bash -c "$(curl -fsSL https://get.docker.com)"
systemctl enable docker 
systemctl start docker

Install docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

Install BlackStone

git clone https://github.com/micro-joan/BlackStone
cd BlackStone
docker-compose up -d

User: blackstone

Password: blackstone

Manual Install

First, we must download an Apache server to host the tool, in my case I use Mamp (I recommend following these steps): https://www.mamp.info/en/downloads/
We will download the content of this repository and we will have 2 folders (BlackStone and BBDD)
Once the server starts we will go to c://MAMP/htdocs and paste all the contents of the downloaded folder "BlackStone"
For the application to work we will have to import the database, we will go to our browser and write "localhost/phpMyAdmin/", you have the database connection file in the folder BlackStone/conexion.php
We will create a database called blackstone and import the data from the downloaded BBDD folder
Log in to BlackStone with the username and password "blackstone"

Use

First, you need to go to profile settings and add Hunter.io and haveibeenpwned.com tokens:

After having vulnerabilities in the database, we will go to the audited client and we will register a client along with their web page, once registered we can go to customer details and we can see the following information:

THE USE OF THIS APPLICATION IS FOR PROFESSIONAL USE, THE AUTHOR IS NOT RESPONSIBLE FOR A MISUSE EMPLOYED

Name of business owner
Social networks of the company owner
Email and telephone number of the owner of the company
Exposed password check on the company owner's deep web
Subdomains of the website as well as information of interest found on google
Emails of company workers

Once we have the company that we are going to audit registered in the database, we will create a report, adding the date, name of the report and the company to which will be audited. When we register the report, we will give it an edit, and then we will select the vulnerabilities that we want to appear in the report:

Finally, we will generate the report by clicking on the "overview report" button, and later we will save the page that is generated as ".mht", then we will open it with Word to be able to work on the generated report:

August 8, 2022

Author

Hakin9 TEAM: Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.

Latest Articles

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments

Inline Feedbacks

View all comments

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

BlackStone Project - Pentesting Reporting Tool

Docker Install

Install Docker

Install docker-compose

Install BlackStone

Manual Install

Use

Author

Latest Articles

Popular Authors

Latest Courses

Hacking Blockchain based APIs (W69)

Penetration testing OWASP Top 10 Vulnerabilities (W68)

IoT Security - the DVID Challenge - NEW EDITION (W67)

https://hakin9.org/wp-content/uploads/2020/01/hakin91-copy-1-1.png