Appendix A

Screenshots of Docker Containers

The two different operating systems run six containers:

• Web-client you access in the browser
• Redis server for message brokering
• MySQL database to hold the data
• Keycloak authentication system
• API server to interact with the platform.

Figure A1. The Docker containers running Reconmap on Windows 11. Shown here in the Docker Desktop application.

Figure A2. Docker containers running Reconmap on an Ubuntu Server. These services are shown here launching from the terminal with docker-compose. Network and Application Diagrams

Figure A3. This diagram shows the network of the systems running Reconmap for this project. It was generated with a network mapper tool from Visual Paradigm (VisualParadigm, 2022). The green check marks show the systems needed to be compatible with Reconmap.

Appendix B

Screenshots of Reconmap

The following are screenshots of the finished Reconmap platform after it was installed. These screenshots show the user interface of the application and its customizable features.

Figure B1. A screenshot of the dashboard after successful installation of the Reconmap platform.

Figure B2. A screenshot of Reconmap’s templates page.

Figure B3. The system architecture for the Reconmap Platform (Santiago, 2022).

References

Alharbi, M. (2010, April 29). Writing a Penetration Testing Report. SANS Institute. Retrieved December 12, 2022, from https://www.sans.org/white-papers/33343/

Atlassian. (2019). What is Kanban? Retrieved December 18, 2022, from https://www.atlassian.com/agile/kanban

Detectify Labs. (2021, November 30). Hakluke: Creating the Perfect Bug Bounty Automation. Retrieved December 8, 2022, from https://labs.detectify.com/2021/11/30/haklukecreating-the-perfect-bug-bounty-automation/

Lean Enterprise Institute. (2022, June 3). Plan, Do, Check, Act (PDCA) — A Resource Guide. Retrieved December 8, 2022, from https://www.lean.org/lexicon-terms/pdca/

Martin, A., Raponi, S., Combe, T., & Di Pietro, R. (2018). Docker ecosystem – Vulnerability Analysis. Computer Communications, 122, 30–43. https://doi.org/10.1016/j.comcom.2018.03.011

Martin, D. (2013). Writing a cybersecurity report. Dradis Academy. Retrieved December 8, 2022, from https://dradisframework.com/academy/industry/infosec-101/writing-asecurity-report.html

Nationaal Cyber Security Centrum. (2022, October 28). Reporting a vulnerability (CVD).

National Cyber Security Centre. Retrieved December 19, 2022, from https://english.ncsc.nl/contact/reporting-a-vulnerability-cvd

OWASP. (2017, June). Docker Security - OWASP Cheat Sheet Series. owasp.org. Retrieved December 10, 2022, from https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html

OWASP Foundation. (2020, December). OWASP Web Security Testing Guide. owasp.org. Retrieved December 5, 2022, from https://owasp.org/www-project-web-security-testingguide/

PortSwigger. (2022, December). Dastardly, from Burp Suite. Retrieved December 10, 2022, from https://portswigger.net/burp/documentation/dastardly

ProjectDiscovery. (2022, November). ProjectDiscovery/Subfinder: Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. GitHub. Retrieved December 12, 2022, from https://github.com/projectdiscovery/subfinder

Roser, C. (2021, April 5). The Key to Lean – Plan, Do, Check, Act! AllAboutLean.com. Retrieved December 8, 2022, from https://www.allaboutlean.com/pdca/

Ross, M. (2022). Reflected Cross-Site Scripting Report Template.

Santiago. (2022). Reconmap Features: All-in-one pentesting collaboration platform.

Reconmap.com. Retrieved November 26, 2022, from https://reconmap.com/features

Scrum.org. (2022). What is Scrum? Scrum.org, the Home of Scrum. Retrieved December 18, 2022, from https://www.scrum.org/resources/what-is-scrum

Selenius, T. (2021, February 13). Web Application Security Checklist. AppSecMonkey.com. Retrieved December 11, 2022, from https://www.appsecmonkey.com/blog/webapplication-security-checklist

Shanley, A., & Johnstone, M. (2015, December). Selection of penetration testing methodologies: A comparison and evaluation. Research Online. Retrieved December 11, 2022, from https://ro.ecu.edu.au/ism/182/

VisualParadigm. (2022, December). Free Network Diagram Software. Visual-Paradigm.com. Retrieved December 14, 2022, from https://online.visualparadigm.com/diagrams/solutions/free-network-diagram-software