How many Dradis projects did you create this year? How many Issues did you find? Which were the most commonly found Issues? What was the most common severity of the Issues that you found?

Credit for this script idea goes to Marc Ligthart. His teammate reached out via the support inbox to see if we could create a quick “Year in Review” script that would list out the following:

1. Count of Projects created this year
2. Total Critical/High/Medium/Low Issues (by Tag)
3. Top 10 most found Issues (by title)
4. Top 10 most found Critical/High/Medium Issues (by title)

You can already head over to our scripting repo and check out the Year in Review script. To use it:

1. SCP the file you your instance (e.g. to the /tmp folder)

2. Run the following in the command line as “dradispro”:
$ cd /opt/dradispro/dradispro/current/
$ RAILS_ENV=production bundle exec rails runner /tmp/year_in_review.rb

The output will list out the yearly review for all of the projects present on your Dradis instance.

Now, for the fun part? We want your feedback. If you like this idea, you’ll like version 2.0 even better. We want to include this functionality as part of the existing Business Intelligence Dashboard within Dradis. But first, we want to hear from you. What else would you like to see in a summary view like this in the BI Dashboard? What other metrics would be helpful for your team or what isn’t particularly useful about the current output? Please email our support team directly with feedback! We’re excited to continue working with you in 2020 and get you some more valuable insights into your Dradis usage along the way.

Update May/26: An updated installer has been published that fixes the issue described below and is available through the download page.

The Dradis 2.7.1 Windows package (dradis-v2.7.1-setup.exe) that we released yesterday contains a typo in in one of the batch files: server.bat.

If you try to run the file directly or through the Start menu start server icon, you will get an error message:

Windows cannot find ‘blundler’. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

In order to fix this open the file in an editor (go to the Start menu icon, right click > Edit) and adjust it to:


@echo off

::If the script doesn't work, uncomment and adjust the following:
set PATH=c:\Ruby187\bin;%PATH%
set RAILS_ENV=production
set BASE=%~dp0
cd %BASE%\server\

start "Dradis Framework Server (Ctrl+C to terminate)" bundle exec rails server webrick


Thanks to Doug Ipperciel for bringing this to our attention.

5 comments:

1. Unknown said,its not working on my windows 8 version
   ON 16 DECEMBER 2012 AT 15:38
   
2. Unknown said,my message says
   
   bundle
   windows cannot find ‘bundle’.Make sure you typed the name correctly and then try againON 16 DECEMBER 2012 AT 15:41
   
3. Unknown said,hey got it to work thanks my bad i install it on xp very simple then 7 then 8 pretty goodON 16 DECEMBER 2012 AT 17:20
   
4. Anonymous said,not working on v 2.9 yetON 26 SEPTEMBER 2015 AT 04:36
   
5. Unknown said,It works. Thank you for sharing. If you have problems with dll files, look there http://fix4dll.com/mfc110u_dll. I had a problem with it, do not run the program’s. After fixes dll files, everything worked. Good luck.ON 2 JUNE 2016 AT 15:40

This bug-fixing release features:

• Several closed issues: #3, #4, #6, #7, #8 and #10.
• A cleaner, leaner note editor:

And all the goodness introduced in 2.7.0:

• Improved command line API with Thor (thor -T to view all commands)
• New Configuration Manager to handle all plugin config settings
• New Upload Manager that runs uploads in the background and updates the interface through Ajax
• New plugins:
  
  • Metasploit import
  • NeXpose (.xml) upload
  • OpenVAS (.xml) upload
  • SureCheck (.sc) upload
  • w3af (.xml) upload
  • Web Exploitation Framework (wXf) upload
• Updated plugins:
  
  • Nessus plugin supports .nessus v2
  • Vuln::DB import updated to support the latest release
• Bugs fixed: #2888332, #2973256
• Update Rails to 3.0.6

download now

This week we are releasing Dradis Framework 2.7.1 which closes several bugs and brings a new note editor.

If you’re new to Dradis or upgrading from an older (2.6.x, 2.5.x…) release, go ahead and download the full package from the downloads page.

However, if you already have a working install of Dradis 2.7.0 maybe you don’t want to run the Windows installer again, or wait until your distro prepares an updated version of the package (did you know that BackTrack 5 shipped with Dradis 2.7.0?). Here is how to get the latest 2.7.1 code up and running.

Go to your install location:

In Windows:

c:\> cd %APPDATA%\dradis-2.7


In BackTrack:

# cd /pentest/misc/dradis


Backup the old server folder:

# mv server 2.7.0-server


Now you have a decision to make: upgrade to 2.7.1 or clone the Dradis repository so you can upgrade to 2.7.1 but also to any forthcoming releases (recommended)

Upgrading to 2.7.1

Download and uncompress the tarball for Dradis server 2.7.1 from GitHub:

Uncompress in the drads-2.7 folder renaming the extracted directory to just server.

Using git repository for easy upgrading

From the current folder, clone Dradis git repository and point it to the latest release:


# git clone https://github.com/dradis/dradisframework.git server
# cd server
# git checkout -b REL-2.7.1 REL-2.7.1
# cd ..


Reset the environment and run the server


# ./reset.sh
# ./start.sh


If everything goes according to plan, you can now access Dradis on https://localhost:3004/ and in the top-right corner the version number will be 2.7.1.

A couple of weeks ago, BackTrack 5 was released and it shipped with Dradis 2.7 out of the box. You can find your Dradis install in:


/pentest/misc/dradis


Run ./reset.sh to prepare the environment and ./start.sh to start the Dradis server.

Kudos to the BT team.

Following the series of articles on how to get the Dradis Framework running in different operating system, this time is the turn of BackTrack 4 R2.

Note this is almost a re-post of my Running Dradis Framework in BackTrack 4 R2 but updated to 2.7 (instead of 2.6.1).



First, get a download link for the latest Dradis from http://dradisframework.org/downloads.html and get it:

# wget http://downloads.sourceforge.net/dradis/dradis-v2.7.0.tar.bz2

Extract it:

# tar -xvvjf dradis-v2.7.0.tar.bz2


Next we need to update the version of RubyGems installed in BT4:

# gem -v
1.3.1
# gem update --system
[...]
# gem -v
1.7.2


And install the Bundler gem:

# gem install bundler


There is only one missing prerequisite to ensure everything runs smoothly, the development bindings of the libxslt package. You can get them with:


# apt-get install libxslt-dev


Now we are ready to get things going:

# cd dradis-2.7

# ./reset.sh
Your Gemfile's dependencies could not be satisfied
Install missing gems with `bundle install`
Some Ruby gems are missing, do you want to install them now? [y] y

Ok then, I am going to run bundle install for you, then you should run this script again.

Fetching source index for http://rubygems.org/
Installing rake (0.8.7)
Installing RedCloth (4.2.5) with native extensions
Installing abstract (1.0.0)
[...]
Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed.


After all the dependencies are installed, we are ready to initialize the database and start the server. However, there is just one thing that have to be changed in the startup scripts.

Edit the last line of reset.sh to look like this:

bundle exec thor dradis:reset

Now we are ready, run the reset script again to generate the database:

# ./reset.sh


And start the server with:

# ./start.sh


Everything should be up and running in: https://127.0.0.1:3004/

New documentation and how-to guides:

• Screencast: Installing Dradis 2.0 on Backtrack 4.0 Beta (by dyngnosis).
• Client side extensions: Dradis extensions: how they work and how to write them
• How-to export the Dradis repository to a Word report: Dradis reporting: quick & neat word export

Dradis 2.0 flash demo available here.