What is the best note-taking application for pentesters? It’s a hot debate, and if you prefer to watch than read then we recently compared many of the popular options in this video. Otherwise, let’s take a look at what each app has on offer to help you decide what’s right for you.
Our examination consists of eight commonly-used note-keeping tools, some of which are web applications. While these web-based options enhance portability, remember that there may be security implications. Essentially you’re trusting a third party with all of the confidential and private information that you decide to add to your notebook. Always make sure to set the access control settings appropriately, and lean towards reputable products.
Cherrytree
Starting with Cherrytree, this software comes pre-packaged with Kali and encourages a logical hierarchy for organization, coupled with a decent range of formatting tools. However, its lack of syncing capability is a significant drawback. Furthermore, potential corruption issues may deter some users. We put Cherrytree into C-tier.
| Cherrytree | |
| Pros | Cons |
| Pre-installed with kali | No portability |
| Structure of notes | Notes can easily get messy |
| Range of formatting tools | File corruption |
| Export to PDF | |
GitBook
Next up is GitBook. The tool gives us just enough formatting flexibility while preventing distractions. However, its confusing account/ownership model can be off-putting. Despite being somewhat costly for individuals, GitBook offers an effective page structure, and of course our notes can be accessed from anywhere. For its robust features and few drawbacks, GitBook is rated as B-tier.
| GitBook | |
| Pros | Cons |
| Portability | Cost |
| Structure of notes | Account/Organisation setup complexity |
| Just the right amount of formatting | |
Joplin
Joplin has gained a lot of momentum over the years, and for a good reason. It offers a clean user interface and a split edit and preview view for better visibility. With rich text support, syncing via Joplin cloud, and no significant downsides, it easily earns an S-tier ranking.
| Joplin | |
| Pros | Cons |
| Web and local options | …none really… |
| Great range of features | |
| Split view | |
| Export to PDF | |
| E2E encryption | |
| APIs | |
Obsidian
As a dedicated Obsidian user, I like the simple layout, use of markdown, and ability to sync to a private GitHub repository. Obsidian has plenty of available plugins, a free-to-use API and the ability to easily publish content to the web. A solid A-tier contender.
| Obsidian | |
| Pros | Cons |
| Portability | Plugins need manual configuration |
| Plugins & API | Closed source |
| Just the right amount of formatting | |
Notion
Notion has rich functionality and also the recent addition of Notion AI. It supports markdown and offers an array of integrations. You can make use of templates and easily export to PDF. Considering all the aspects, it gets an A-tier ranking.
| Notion | |
| Pros | Cons |
| Portability | Grids are a pain to work with |
| Features | Search isn’t great |
| Formatting | Have to learn the tool |
| Easy to collaborate | |
Google Docs
A flexible tool with markdown support, easy document sharing, and PDF export options. A unique advantage is the inclusion of spreadsheet functionality. Despite a few minor hiccups such as awkward pagination and the need for a plugin for code display, it ranks in the B-tier.
| Google Docs | |
| Pros | Cons |
| Portability | Formatting source code |
| Features | UI is awkward |
| Spreadsheets | |
| Easy to collaborate | |
OneNote
OneNote has an interesting layout and the easy separation of notebooks is definitely a pleasure to work with. However, its code block support is sub-par, and unorganized notes can easily become chaotic. For its relative strengths and weaknesses, it is placed in the C-tier.
| OneNote | |
| Pros | Cons |
| Portability | Placing text anywhere on a page is not nice |
| Easy to collaborate | UI is awkward |
| Notebooks and separation | |
About the Author: Alex Olsen
Alex is a Web Application Security specialist with experience working across multiple sectors, from single-developer applications all the way up to enterprise web apps with tens of millions of users. He enjoys building applications almost as much as breaking them and has spent many years supporting the shift-left movement by teaching developers, infrastructure engineers, architects, and anyone who would listen about cybersecurity.
Alex holds a Master’s Degree in Computing, as well as the PNPT, CEH, and OSCP certifications.
About TCM Security
TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.
Pentest Services: https://tcmdev.tcmsecurity.com/our-services/
Follow Us: Blog | LinkedIn | YouTube | Twitter | Facebook | Instagram
Contact Us: sales@tcm-sec.com
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.