The Dradis Framework

Whether you are performing a pen-test as part of a team or are working on your own, you will want to be able to store your results for quick reference, share your data with your team, and assist with writing your final report. An excellent tool for performing all of the above is the dradis framework. Dradis is an open source framework for sharing information during security assessments and can be found here. The dradis framework is being actively developed with new features being added regularly.

Dradis is far more than just a mere note-taking application. Communicating over SSL, it can import Nmap and Nessus result files, attach files, generate reports, and can be extended to connect with external systems (e.g. vulnerability database). In back|track4 you can issue the following command:

root@bt4: apt-get install dradis
Once the framework has installed we can now go to the directory and start the server.

root@bt4: cd /pentest/misc/dradis/server root@bt4: ruby ./script/server => Booting WEBrick... => Rails application started on https://localhost:3004 => Ctrl-C to shutdown server; call with --help for options [2009-08-29 13:40:50] INFO WEBrick 1.3.1 [2009-08-29 13:40:50] INFO ruby 1.8.7 (2008-08-11) [i486-linux] [2009-08-29 13:40:50] INFO [2009-08-29 13:40:50] INFO WEBrick::HTTPServer#start: pid=8881 port=3004
At last, we are ready to open the dradis web interface. Navigate to https://localhost:3004 (or use the IP address), accept the certificate warning, enter a new server password when prompted, and login using the password set in the previous step. Note that there are no usernames to set so on login, you can use whichever login name you like. If all goes well, you will be presented with the main dradis workspace.

On the left-hand side you can create a tree structure. Use it to organise your information (eg: Hosts, Subnets, Services, etc). On the right-hand you can add the relevant information to each element (think notes or attachments).

Prior to starting the dradis console, you will need to edit the file 'dradis.xml' to reflect the username and password you set when initially running the server. This file can be located under back|track4 under '/pentest/misc/dradis/client/conf'.

You can now launch the dradis console by issuing the following command from the '/pentest/misc/dradis/client/' directory:

root@bt4:/pentest/misc/dradis/client# ruby ./dradis.rb event(s) registered: [:exception] Registered observers: {:exception=>[#>, @io=#>]} dradis>

For further information on the dradis framework, you can visit the project site at http://dradisframework.org/.

The Dradis Framework

root@bt4: apt-get install dradis

Once the framework has installed we can now go to the directory and start the server.

 root@bt4: cd /pentest/misc/dradis/server
root@bt4: ruby ./script/server

=> Booting WEBrick...
=> Rails application started on https://localhost:3004
=> Ctrl-C to shutdown server; call with --help for options
[2009-08-29 13:40:50] INFO  WEBrick 1.3.1
[2009-08-29 13:40:50] INFO  ruby 1.8.7 (2008-08-11) [i486-linux]
[2009-08-29 13:40:50] INFO

[2009-08-29 13:40:50] INFO  WEBrick::HTTPServer#start: pid=8881 port=3004

At last, we are ready to open the dradis web interface. Navigate to https://localhost:3004 (or use the IP address), accept the certificate warning, enter a new server password when prompted, and login using the password set in the previous step. Note that there are no usernames to set so on login, you can use whichever login name you like. If all goes well, you will be presented with the main dradis workspace.

You can now launch the dradis console by issuing the following command from the '/pentest/misc/dradis/client/' directory:

root@bt4:/pentest/misc/dradis/client# ruby ./dradis.rb
event(s) registered: [:exception]
Registered observers:
        {:exception=>[#>, @io=#>]}

dradis>

For further information on the dradis framework, you can visit the project site at http://dradisframework.org/.

Username
Password
Remember me

System message

The Dradis Framework

The Dradis Framework