Any keyboard cowboy, digital samurai, or professional pentester can tell you that keeping notes on the machines you are hacking just plain sucks. Most of the time you end up shimming some tool meant for doing something else into a workaround for your engagements. Kali linux had KeepNote for a while, and while it wasn't perfect it served a need. Unfortunately, KeepNote isn't maintained anymore and it's been removed from Kali.
Enter left stage: my insatiable need to reinvent tooling because... why not?
Redteam Notebook is an experiment to address all of the above. There really wasn't a decent document store which arranged data in a tree where all nodes were documents. Essentially, everything is a file and a folder at the same time.
Feel free to grab the source code now on GitHub.
I wanted to make this easy, so there were a few requirements:
- This has to be cross-platform.
I wrote this in Python 3 and QT5 to make it cross-platform and easily accessible. It should be as easy as installing the required dependencies and launching the app.
- Make it easy to create and keep notes.
Most applications still hold on to these old workflow models of yesteryear. How many times have you lost work because you were into a groove, writing things down, and then your program crashes? Hours of work, just down the toilet! Modern applications shouldn't require you to hit a button just to save your progress. So Redteam Notebook removes the save button entirely. Documents are automatically saved as you work to help minimize loosing data!
- Enable authors to use Markdown or WYSIWYG.
I want to have a live Markdown editor (something like what Typora does). For now, the documents are being saved as markdown on disk and rendered as rich text when loaded, so they will automatically render the next time you open a saved document. Eventually, this should happen live as you type, too.
- Allow importing of output from common tooling.
It will be great to add support for a bunch of common redteam tools. It would be great to see some pull requests in the project for some of these. For the initial alpha, I have put in support to import Nmap XML files. This should at least cover a lot of the things some doing OSCP would need to do.
An example in action
Let's see what it takes to run this on macOS.
You can install Python 3 in a variety of ways. In this example, let's use
pipenv. It's a great utility for creating virtual environments with custom Python versions and packages. This will let you have a small, self-contained environment which won't taint the rest of your system.
$ pip3 install pipenv
Alternately, you can use brew if you have it installed:
$ brew install pipenv
Once installed, down the project from git, initialize your virtual environment with Python 3, and install the required packages:
$ git clone https://github.com/unix-ninja/redteamnotebook.git
$ cd redteamnotebook/
$ pipenv --python 3
$ pipenv install -r requirements.txt
That's it! Now we can run the program.
$ pipenv run python redteamnotebook.py
Let's talk about storage
The notebooks themselves are just folders with a collection of content inside them. There is a SQLite catalog file which holds the node graphs (for organizing the documents), and the note data itself. Notes are currently stored in Markdown format. This means things like background styles on pasted text don't persist when reloading the document. If this is a desirable feature, maybe we just change the storage to HTML. There's also an
images subfolder which stores all of the images attached to the documents in the notebook.
There are some clear advantages to this approach. We're using widely supported, common technologies to store this data. This makes it easy to use other tools and scripts to interact with the data if you need it. If there's any reason you need to get access to the raw data, you can just view the files or query the SQL DB for information that you can easily port anywhere. This helps to prevent lock-in of your data to this product. It also provides an easy way to share notebook with colleagues. Anyone should be able to pass around a notebook and just open it up wherever you need it. (There's an argument to be made that the notebook should be zipped or otherwise archived on disk to make sharing easier. I may do this in an upcoming release.)
That's all for now
This is all a work in progress. It's definitely alpha, but maybe it can be valuable to someone. If you have comments or suggestions, feel free to open an issue in the GitHub repo. Or just submit a PR if you think you can help!