I'm glad you've decided to equip your ship with a Dradis unit; it will make your life significantly easier. As you may be aware, DRADIS stands for Direction RAnge and DIStance, and it is your ship's main navigational system.
Dradis stores information about your current mission (aka Project), tasks you've completed, actions you still need to perform, and much more. Whether you're testing the security of a web application or reviewing the configuration of one of our mainframes for security holes, Dradis will help you navigate your way to a successful achievement of your goals.
Today, we'll learn a fundamental lesson: how to feed Dradis information you've obtained from your security scanning tools to build a better picture of the environment out there.
Our fleet engineers are constantly working to improve Dradis. Today, it connects with 20+ security integrations including all the usual suspects (Burp, Nessus, Metasploit, etc.). The list is always evolving, so be sure to always apply the latest updates to your ship's Dradis unit.
Dradis needs an upload integration to parse the output of each of these security scanners. Not every ship and team need the same Dradis add-ons and you are free to customize your Dradis unit to best suit your current mission.
This file tells the system what add-ons should be loaded. Based on our experience, we've made some educated guesses about what add-ons you may need, but feel free to adjust the list. Remember, you'll have to restart your Dradis service after making changes to this file.
After you've configured your unit with the add-ons you need, open your browser interface and click on "Upload output from tool" in the header. Select the tool you want to upload results from and upload the file from your local system. That's it!
Dradis is used on ships of all sizes from the mighty Battlestars to the tiny Vipers. Dradis should be able to take any file size, even those mammoth Nessus and Qualys VA reports. If the upload console isn't showing anything after a few seconds, make sure your Dradis background worker module is up and running with:
$ bundle exec rake resque:work
This first lesson of your training is intentionally light on strategy and tactics and is meant to make you think about how you'll be using Dradis in the future. There are a few moving parts in Dradis, but once they are up and running, it will be smooth sailing!
Here’s your first assignment:
Your email is kept private. We don't do the spam thing.