There is an unwritten rule that says that after doing something manually for the third time, you should automate it. We reached out to the same conclusion after completing our 4th or 5th pentest report. There is a lot of boilerplate and repetition that could be saved should a tool for managing security projects and their reports exist. We looked around for such tool on the open source community and to our surprise there weren’t many complete pentest report generation tools, with the level of documentation, support, and feature set that we were looking for. (Serpico was the closest but the project was no longer active).
That’s our history, we were born to get rid of some unnecessary tedious work in an elegant way. We hope to provide some value to all the infosec professionals (individuals or teams) who are finding themselves spending as much time in reporting as in the actual security work.
We picked the Reconmap name for two reasons:
- The pentest work starts typically with the reconnaissance phase (recon for short), and ends with a map of all the places visited, findings and so on (aka the report).
- Reconmap contains the word nmap in its name, a tribute to our favourite network mapper tool.