Category: Pentesting

A very common question in OSCP student chat rooms and channels I hang out in is “should I be using something other than Keepnote?”

It is a fair question considering Keepnote is recommended in the PWK course materials. However, you may notice that it hasn’t been updated in over 6 years, and has actually been dropped from recent Kali versions. I have heard tales of OSCP students’ notes getting corrupted and lost, which is not a good situation to face when you are paying for limited time to complete the coursework (and exam).

If you are starting down the PWK/OSCP path, you will soon realize that you will need to take a lot of notes. Not just on the course materials, but on every exercise you do and every machine in the lab that you work on. This includes screenshots, copy-pasted output from nmap and other tools, and the specific steps you took to conquer a box (and hopefully the steps that didn’t work, from which you can reference in the future).

It adds up quickly, and it’s a challenge to keep straight as you hack away at box after box in the lab. Being a person that has kept a keen eye on note taking apps in general, long before I got my OSCP, I have some recommendations, with pros and cons of each.

In no particular order (see my Recommendations at the bottom):

CherryTree

Learn more and download CherryTree here.

The Good

• Hierarchical (pretty much unlimited depth)
• Free, open-source software for Linux and Windows. You *can* get this to run on a Mac, but it’s buggy
• Highly customizable through preferences and templates
• Imports notes from tons of places, does some good exporting too

The Bad

• Can’t paste images from the clipboard directly into notes
• Not the greatest at embedding files in general
• Not easily synced between devices/VMs
• No Mac or mobile device support

CherryTree is like KeepNote in many ways, but it is has many more features and is actively maintained. If you are going to be solely storing and referencing your notes on one machine (your host or Kali VM), use this tool. The template feature is really awesome, and it lets you create a new note based on a template of your design. This means you could create a template for Lab VMs that you can quickly populate with data as you work on a given machine. You could do something similar for PWK exercises. It should make reporting much easier.

Evernote

Download Evernote here.

The Good

• Feature rich app, integrates with Web Clipper browser extension
• Windows, Mac, iPhone, Android native clients with web version for Linux
• Is modern and hip, if that matters to you

The Bad

• Costs $ if you want it to be any good. Free features seem to be waning as they push people into paying for the service
• Lacks true hierarchical organization (uses tags instead of folders)

My struggles with Evernote have been well documented on this blog in the past, but some people still swear by it, so I thought I’d mention it here. They do make ease-of-access a priority, and you can get to your Evernote stuff from just about anywhere. Using it is easy until you need to organize things with any complexity, and for the PWK labs, you’d have to be OK with using the #tags instead of folders.

Microsoft Onenote

Download Onenote from Microsoft here.

The Good

• Feature rich app, integrates with Onenote Clipper browser extension
• Free Windows, Mac, iPhone, Android native clients with web version for Linux
• Free version is not feature limited (just space, which hasn’t been a problem for me)
• Excellent hierarchical organization via notebooks > sections > pages > sub-pages

The Bad

• Some people feel it has a bloated interface
• Exporting notes can pose challenges with formatting if you stray outside the pre-made lines

After many trials and tribulations, I ended up going all-in with Onenote for PWK/OSCP, and life in general. The ability to create multiple, separate notebooks (and choose which ones you want to see on which devices) has been my favorite feature. I can separate work from life from projects from shared stuff this way, and I still have a good amount of hierarchical ability to organize things.

Your Favorite Markdown Editor

I see people profess their undying devotion to markdown when the note-taking discussion comes up in various OSCP forums/chats, and I respect their decision and desire for simplicity. However, the one feature I used most, and I can’t imagine living without in the OSCP course, is the ability to paste a screenshot into a note. I did this so much that it would have driven me crazy to have to do anything else, and with markdown, you have to do some form of “save image/reference image via text in the note/embed via some other mechanism”. There are extra steps involved, and you can’t easily do the copy/paste thing.

Clippers/Screenshot Tools

Speaking of screenshots and the need to embed them in your notes, there are several options I would recommend depending on your choice of note taking apps and the platforms upon which you use them. Here are my top three:

• Snap ‘n Drag Pro (Mac only). Awesome customization options, ability to edit captures (add arrows/highlight/blurs), automatically adds to clipboard.
• Skitch – If you use Evernote, use this (unless you are on a Mac, see above)
• Shutter – Native Linux screenshot app

For PWK, I found the Evernote and Onenote clipper browser extensions to be limiting in that they only let you clip things from your web browser, when I needed to clip terminal output most frequently.

My Recommendations

Because I am primarily a Mac user, I need good support for screenshot pasting, and I prefer hierarchical note structure for organization, I went with Onenote and Snap ‘n Drag Pro for my PWK and OSCP work. I continue to use these two tools in my personal and professional life, too.

If I were not a Mac user, I’d go with CherryTree and Skitch.

Have any opinions or additional input about all of this? Let me know in the comments.