The Dradis Framework

From Metasploit Unleashed
Jump to: navigation, search

Whether you are performing a pen-test as part of a team or are working on your own, you will want to be able to store your results for quick reference, share your data with your team, and assist with writing your final report. An excellent tool for performing all of the above is the dradis framework. Dradis is an open source framework for sharing information during security assessments and can be found here. The dradis framework is being actively developed with new features being added regularly.

Dradis is far more than just a mere note-taking application. Communicating over SSL, it can import Nmap and Nessus result files, attach files, generate reports, and can be extended to connect with external systems (e.g. vulnerability database). In back|track5 you can issue the following commands to start dradis: 

root@bt:~# cd /pentest/misc/dradis/
root@bt:/pentest/misc/dradis# ./start.sh 
=> Booting WEBrick
=> Rails 3.0.6 application starting in production on http://127.0.0.1:3004
=> Call with -d to detach
=> Ctrl-C to shutdown server
[2011-05-20 09:47:29] INFO  WEBrick 1.3.1
[2011-05-20 09:47:29] INFO  ruby 1.9.2 (2010-07-02) [i486-linux]
[2011-05-20 09:47:29] INFO  
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            8a:d4:1d:fe:b0:01:ee:b4
        Signature Algorithm: sha1WithRSAEncryption
...snip...

Once the server has completed starting up, we are ready to open the dradis web interface. Navigate to https://localhost:3004 (or use the IP address), accept the certificate warning, read through the wizard, then enter the app and set a new server password when prompted. You can then proceed to login to dradis. Note that there are no usernames to set so on login, you can use whichever login name you like. If all goes well, you will be presented with the main dradis workspace.

Dradis.png



On the left-hand side you can create a tree structure. Use it to organise your information (eg: Hosts, Subnets, Services, etc). On the right-hand you can add the relevant information to each element (think notes or attachments).
You can find more information on the Dradis Framework Project Site.


Information Gathering > The Dradis Framework

The Dradis Framework | Configuring Databases | Port Scanning | Auxiliary Plugins | Hunting For MSSQL | Service Identification | Password Sniffing | SNMP Sweeping | Writing Your Own Scanner

Retrieved from "http://www.offensive-security.com/w/index.php?title=The_Dradis_Framework&oldid=31"