Category Archives: Dradis_Pro

Posts about features, announcements and updates of Dradis Professional Edition.

New in Dradis Pro v1.1

These are some of the new features in Dradis Professional edition:

New layout

  • Three-columns to maximize the amount of useful information on screen
  • Better context menus: add special node types and reassign notes easily

Advanced XSLT reporting

Dradis Pro now generates an intermediate XML file containing all your notes. This will contain both the raw Text and the custom fields you created for each note:

  
    
      
      
        Value1
        Value2
        [...]
      
    
    [...]
  

Then a XML transformation can be applied to this document to generate a report.

You can see a couple of XSLT files in ./vendor/plugins/advanced_word_export/templates/:

  • basic.xslt: is a very basic transform that just creates a new XML document from the data in the Dradis XML.
  • simple_report.xslt: is a transform that generates a WordXML document.

Create custom fields in your notes:

And use them in your reports, in any way you need:

So with 1.1, if you’re so inclined, you can create your own XSLT transforms to produce your reports in no time. Word is just one example. Any XML-based format is generated just as easily.

Of course if you don’t have an in-house XSLT-wizard at Security Roots we will be more than happy to help and create custom XSLT for your organization in no time! Report customization was always part of our professional services offering.

Other changes

  • An independent version module! Finally an easy way to know what version of Pro are you running.
  • Improved table styling inside notes
  • Rails 3.0.10
  • Bug fixing (read-only records, sign up process, project edit form…)

Dradis 2.7.2 released!

This bug-fixing release which includes:

  • Several closed issues: #5, #9, #13, #14, #15, #16, #19, #20.
  • Improved startup scripts
  • Update Rails to 3.0.9

And all the goodness introduced in 2.7.1:

  • A cleaner, leaner note editor
  • Improved command line API with Thor (thor -T to view all commands)
  • New Configuration Manager to handle all plugin config settings
  • New Upload Manager that runs uploads in the background and updates the interface through Ajax
  • New plugins:
  • Updated plugins:
    • Nessus plugin supports .nessus v2
    • Vuln::DB import updated to support the latest release
  • Bugs fixed: #3, #4, #6, #7, #8, #10, #2888332, #2973256

Dradis 2.7.2 released! download now

Announcing Dradis Professional Edition

Note: this is a cross-post and can be found in the Dradis blog too.

Today I am pleased to announce Dradis Framework Professional Edition. Back in 2007 when I started the Dradis Framework project I could have not anticipated the success that it would had. Four years, 3,000 commits, 19,000 downloads and 19 releases later we are still making a difference for hundreds of security professionals (and aficionados) out there.

Dradis was announced in the 1st edition of MWRICON after many hours of late-night coding. Today we have three full committers, a small number of trusted partial committers and dozens of contributors. Dradis 2.0 was a big thing, and when Dradis was featured in the Offensive Security‘s Metasploit Unleashed it was even bigger and Russ McRee’s coverage for the toolsmith column of ISSA’s magazine and our own chapter in Grey Hat Hacking and being included in BackTrack since BT4 and the talks at DC4420 and DEFCON 17 and so many other articles and references.

It was encouraging that some people believed in the project from the beginning. I am grateful that my current employer (NGS Secure which was still called NGSSoftware when I joined) and my previous one (MWR InfoSecurity) let me carry on working on Dradis as my side project and even gave me time to continue improving the tool.

We have gone a long way… it was only matter of time that organizations whose consultants were already using Dradis approached me to get some help to further tailor Dradis to their needs. Some times this consisted on helping them with small tweaks they were making to the code, others it consisted in developing for them full-blown custom plugins to interconnect Dradis to their other systems or to produce reports in their particular format. That is why I started Security Roots Ltd in 2010.

Dradis was started by a security consultant, with the security consultant’s needs and goals in mind (share information with the other teammates, portable, platform-independent, etc.). These are a subset of the needs and goals of the organization to which these consultants belong. The Technical Director of a security company understands the benefits of consultants using Dradis, but he needs more. He wants all his teams to work with Dradis in a standardized way. He wants everyone in the team to be able to use the latest version of Dradis without having to bother about upgrading and dependencies. He wants to be able to see how the different teams are doing, quickly check each team’s findings, maybe even extract some metrics or generate interim reports for clients with the critical issues already captured by the teams.

Enter Dradis Framework Professional Edition, a virtual appliance that leverages the advanced features of Dradis and extends it to enable multiple teams to work concurrently:

  • It provides a centralized information repository:
    • Information is always available: during the project and afterwards.
    • Quickly inspect the project history or review the projects for a given user.
    • Ideal for teams that work across multiple time zones.
  • Hassle-free deployment: power up the virtual appliance and you and your team can start working and sharing information.
  • The virtual appliance is easy to update and backup.
  • Bundled with Vuln::DB, import issues to your Dradis projects from the central issue database.

I am thrilled about the prospect of making consultants’ lives ever easier, helping organizations to work more effectively and to make sure their clients receive the best value for money. Let the consultants focus on what they are good at and what they enjoy most: breaking things while we minimize the hassle associated with the back-end tasks required to coordinate their efforts.

This is a great opportunity to make a difference. Let’s make the most of it.

Daniel
Lead developer

Dradis 2.7.1 released!

This bug-fixing release features:

  • Several closed issues: #3, #4, #6, #7, #8 and #10.
  • A cleaner, leaner note editor:

And all the goodness introduced in 2.7.0:

  • Improved command line API with Thor (thor -T to view all commands)
  • New Configuration Manager to handle all plugin config settings
  • New Upload Manager that runs uploads in the background and updates the interface through Ajax
  • New plugins:
  • Updated plugins:
    • Nessus plugin supports .nessus v2
    • Vuln::DB import updated to support the latest release
  • Bugs fixed: #2888332, #2973256
  • Update Rails to 3.0.6

download now

Dradis 2.7 released!

  • Improved command line API with Thor (thor -T to view all commands)
  • New Configuration Manager to handle all plugin config settings
  • New Upload Manager that runs uploads in the background and updates the interface through Ajax
  • New plugins:
  • Updated plugins:
    • Nessus plugin supports .nessus v2
    • Vuln::DB import updated to support the latest release
  • Bugs fixed: #2888332, #2973256
  • Update Rails to 3.0.6

download now

Dradis 2.6 released!

  • Improved performance across the board
  • Upgraded libraries: Rails 3 and ExtJS 3.3
  • New First Time User Content showing how to use the interface
  • You still get all the old features
    • HTML and Word reporting plugin.
    • Burp Upload plugin so you can use Burp Scanner output.
    • Nikto Upload plugin to use your Nikto scan results.
    • OSVDB Import plugin straight from the OSVDB.
  • Bugs fixed: #3021312, #3030629, #3076709.

download now

Dradis 2.5.2 released!

  • Improved Note editor: bigger, easier to use and supports formatting!
  • New First Time User Wizard
  • Keep track of all the activity with the built-in RSS feed
  • Plugin improvements

    • New HTML Export reporting plugin.
    • New Burp Upload plugin so you can use Burp Scanner output.
    • New Nikto Upload plugin to use your Nikto scan results.
  • Upgraded libraries: ExtJS 3.1.1, Rails 2.3.5
  • Bugs fixed: #2964273, #2932569, #2963253, #2974460.
  • Security fixes

download now

Dradis 2.5.1 released!

  • Improved Note editor: bigger, easier to use and supports formatting!
  • New First Time User Wizard
  • Keep track of all the activity with the built-in RSS feed
  • Plugin improvements
    • New HTML Export reporting plugin.
    • New Burp Upload plugin so you can use Burp Scanner output.
    • New Nikto Upload plugin to use your Nikto scan results.
  • Upgraded libraries: ExtJS 3.1.1, Rails 2.3.5
  • Bugs fixed: #2964273, #2932569, #2963253.

download now

Dradis 2.5 released!

  • Improved Note editor: bigger, easier to use and supports formatting!
  • New First Time User Wizard
  • Keep track of all the activity with the built-in RSS feed
  • Plugin improvements

    • New HTML Export reporting plugin.
    • New Burp Upload plugin so you can use Burp Scanner output.
    • New Nikto Upload plugin to use your Nikto scan results.
  • Upgraded libraries: ExtJS 3.0, Rails 2.3.5
  • Bugs fixed: #2936554, #2938593.

download now