How to manage Pentest Projects with Cervantes?


Written by - Kennedy Muthii
Reviewed by - Deepak Prasad

Introduction to Cervantes

Cervantes is an open source, a collaborative platform designed for pen-testers and red teams looking to save time and manage their projects, clients, vulnerabilities, and reports in one place. This powerful tool allows users to easily monitor, track, and report their findings to stakeholders in a secure environment. With Cervantes, pen-testers and red teams can quickly gain insight into their clients' risk posture and take proactive steps to ensure their security. Some of the features of Cervantes tools include;

  • It is open source.
  • It is multiplatform.
  • It is multilanguage.
  • Allows for team collaboration.
  • It has built-in dashboards and analytics.
  • It helps you manage your clients and Offensive Security projects.
  • Penetration testing reports can be generated in one click.

In this guide, I will be showing you how to install and use Cervantes vulnerability management

 

Requirements

  1. PC running on any operating system (Linux, Windows, Mac OS).
  2. Have docker installed on the PC.

 

Installation

There are several ways we can use to install, run and use Cervantes. In this guide, we will be running Cervantes on docker. The first step is to clone the application files from the official GitHub repository to our computer using the command.

git clone https://github.com/CervantesSec/docker.git

Once the download is complete, we navigate to the folder having the files and run the command below to build Cervantes and start using it.

docker-compose -p cervantes up -d

Cervantes

 

Login to Cervantes

After installation is complete, you can visit http://localhost on your favorite browser to access the dashboard. The default admin login details username: admin@cervantes.local  password: ”Admin123.

cervantes

 

Dashboard

Once logged into Cervantes, we are redirected to the tool’s dashboard. On the dashboard, the user is able to view different kinds of information related to clients, vulnerabilities, tasks, and even projects as shown in the image below.

cervantes

 

Calendar

The next Tab is the calendar page. On the calendar page, we can be able to view the available projects and their current status. Within the calendar, we can view backlog, ToDo, InProgress, Blocked, and completed tasks. Cervantes provides different color codes for these different states of the projects on the calendar.

With different color codes, a user is able to determine the status of the projects by just looking at the calendar hence he/she can prioritize tasks accordingly as shown in the image below.

Cervantes

 

My Workspaces

On Workspaces, the user is able to view his/her assigned projects. Within the workspace, the user can also be able to view the status of each project. He/Se can know whether the project is active or has been completed.

cervantes

 

Projects

Within the projects page, the user can view the list of projects, their status, start and completion dates, and the type of testing which is to be done i.e. BlackBox, White Box, and Gray Box. Under the projects option, we can also be able to create new project entries. You can also create templates that we can use later when creating new projects on Cervantes as shown in the image below.

Cervantes

 

Clients

Under the Clients Tab, we can view a list of all the registered clients. We can also be able to edit and add new clients prior to project creation on Cervantes.

Cervantes

 

Documents

The documents Tab holds the information regarding all the uploaded documents i.e. name of the document, the document description, and the user who uploaded the document. Penetration testers can be able to upload documents used for reference while performing penetration testing.

Cervantes

 

Vulnerabilities

This is one of the most important Tabs on Cervantes. The effectiveness of Cervantes largely depends on the vulnerabilities recorded. On this tab, we can view the recorded vulnerabilities, the project having the vulnerability, the risk level of the record, the category, and even the user who created the vulnerability entry.

Under vulnerabilities, we also have categories that are used to classify the vulnerabilities found. We can also create custom templates which we will use when creating an entry.

cervantes

 

Application Logs

Just like any other tool, Cervantes records the changes and actions performed by a user on the application. Keeping logs of all actions important since we can be able to determine who did what if the need arises.

cervantes

 

Backup

Since creating regular backups of your application is a recommended practice, Cervantes has a tab for users to create both database and other attachment backups. On this Tab, we can also restore database and attachments backups on a new instance.

cervantes

 

Organization

Under the organization Tab, we can change the name of the organization, the contact name, email, phone, URL, and GitHub, add the company description, and update the organization logo.

How to manage Pentest Projects with Cervantes?

 

Report Templates

On this Tab, the user can create the report templates. By default, Cervantes has two templates. It is from these templates that we will create reports for our penetration testing projects.  We can also add more custom templates for use on our reports.

Cervantes

 

Users

Under the users Tab, we can view all the users registered on Cervantes. We can view details related to specific users such as the email, full name, and position of the user in the organization. Editing and adding new users to the application is also possible. To ensure maximum security, Cervantes has two-factor authentication security. Although it is optional, it is recommended to have it enabled on each user of the system.

How to manage Pentest Projects with Cervantes?

 

Conclusion

Cervantes offers users a wide range of features such as automated vulnerability scanning, asset identification, issue tracking, and reporting. With that, users can quickly identify and track threats, vulnerabilities, and other security risks in their environments. The platform also provides users with powerful reporting capabilities to help them quickly and accurately generate reports for their stakeholders.

The platform is designed to be highly secure, with features such as two-factor authentication, data encryption, and role-based access control. This ensures that only authorized personnel can access the platform and view the data. Additionally, Cervantes allows users to collaborate with other pentesters or red teams in real-time, so they can quickly identify and address any potential issues.

In the next guide on Cervantes, we will be learning how to add users, add projects, carry out reporting and finally generate a report for our penetration testing project.

 

Kennedy Muthii

He is an accomplished professional proficient in Python, ethical hacking, Linux, cybersecurity, and OSINT. With a track record including winning a national cybersecurity contest, launching a startup in Kenya, and holding a degree in information science, he is currently engaged in cutting-edge research in ethical hacking. You can connect with him on LinkedIn.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment