MagicTree is often the go-to tool for data collection and reporting for many pentesters. It organizes data in nodes in a tree-structure which is very efficient at managing host and network data. Reports can be completely customized to meet the user's needs. Also, MagicTree allows you to import XML data and has XSLT transforms for Nessus, Nmap, OpenVas, Burp, Nikto. MagicTree comes pre-installed in Kali.
In this tutorial, I will show you how to use MagicTree to run an Nmap scan and import the results into the tree to be organized.
Fire up Kali and navigate to Applications> Kali Tools> Reporting Tools> Evidence Management> magictree. A pop up will require you to accept a license agreement. Click 'accept'.
Click on Note> Autocreate
When prompted, enter the target's IP and click 'ok'
A. Under the 'table view' tap, near the bottom of the screen, you will see the 'Command' box, call nmap and specify the scan you'd like performed. In addition,
B. Specify that you'd like the results to be placed inside an xml file by including the '$' sign followed by the name you'd like to save your result file as followed by '.xml' to specify the type of file you're saving the results as. In my example, I am naming my output file 'results.xml'.
C. Because we've already told MagicTree the IP of my target address, I don't need to include it in nmap. Instead I'll simply use '$host'.
nmap -v -A $results.xml $host
D. Hit the 'Q*' button under 'tree view', then hit run for it to run the nmap commands.
Under the 'task manager' tab, once the scan is complete you'll see your .xml file pop up under 'Output files'. Hit the 'import' button and MagicTree will automatically generate the node structure based on the results of nmap.
MagicTree is one of those tools you need to mess with a bit to get it down and appreciate it's full power. I hope you enjoyed this.
Want to start making money as a white hat hacker? Jump-start your hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from cybersecurity professionals.
Other worthwhile deals to check out: