MagicTree Beta Two Publicly Available

Here we go with the first public release of MagicTree, unimaginatively called Beta Two. MagicTree is a penetration tester productivity tool, it allows easy and straightforward data consolidation, querying, external command execution, and (yeah!) report generation. In case you wonder, “Tree” is because its stores all the data in a tree, and “Magic” because it is designed to magically do the most cumbersome and boring part of penetration testing – data management and reporting. See What is MagicTree for more details.

You can download MagicTree here.

MagicTree is a closed-source, proprietary software. This release is distributed free of charge and so will be the future releases of MagicTree Community Edition. We plan on offering a reasonably priced professional edition soon.

MagicTree BetaTwo is mostly written in Java and has been tested on Linux, Windows, and MacOS. It has no complicated installation procedure. On a typical OS just download the JAR file and run it. Look at Using MagicTree or the detailed documentation to get some ideas about how to use the software.


After few tries, I've managed importing Burp xml report without server's response (images encoded cause pb with parser...)

Thk xsltproc (under Linux) for the debugging...

Nice tool.


Thanks for your feedback, we appreciate it.

Yes, there is sometimes a problem with importing Burp XML if it contains the response bodies. Burp includes the raw response in CDATA section. If the response contains characters that are illegal in CDATA, XML parser chokes on it.

The workaround (as you have already figured out on your own) it to generate Burp XML report without including the HTTP responses.