Heitor Gouvêa
menu

How to better organize your notes while hunting for bugs

June 11, 2019

A while time ago I did a Tweet about the importance of the effective organization on your annotations for Bug Bounty Hunting and I was asked about how I do it and through this article, I want to share my favorite tool.

SwiftnessX: “A cross-platform note-taking & target-tracking app for penetration testers”

Image

Certainly, my favorite tool for information organization is Swiftness. I discovered it through my Github feed and as soon as I used it for the first time I found myself in love with all the ease and dynamics it delivers.

Swiftness is a cross-platform (Windows, Linux, and MacOS) annotation software for Pentesters/Bug Bounty Hunters made in ElectronJS.

Templates

The first feature that I want mention is the section of “Templates”, with the content templates for reports, you are reusing reports that you already write in another moment, example:

Image

Payloads

In addition, Swiftness has an excellent solution for you to save your Payloads in an organized way:

Image

Libraries

Through the Libraries you are able to pre-establish a workflow/checklist that you will follow during your hunting:

Image

This for example is a Checklist based on OTGv5. You can download the same by clicking here. You can create your own Libraries.

-

Switness is an incredible tool, but it by itself is still not enough. I still use a structured folder organization for the files, Quiver for more essay notes, the option for projects in the Burp Suite, and I also try to make my API-related tests in Insomnia well organized. Maybe someday I can write a little more about this in more detail.


Heitor Gouvêa: with more than 3 years of experience in the field of information security offensive, today he acts Independent Information Security Consultant, as well as being the main developer of the Nipe project, a tool responsible for guaranteeing the anonymity of its users, present in several Linux distributions like: Black Arch, Weak Net and LionSec Linux.