Dradis 3.10
Collaboration Edition
By Daniel Martin / @etdsoft
Agenda
- The basics
- Tool Connectors
- Integrations
- Reporting
- Running Dradis
You will ask questions now
And when you get stuck
The basics
Issues
Smart Issues Table
Tagging
["!d62728_high", "!ff7f0e_medium", "!6baed6_low"]Nodes
Notes, Evidence, Attachments
Testing Methodologies
Activity Feed
Comments
@-mentions...
...and Notifications
Tool Connectors
Combine the output of multiple tools
report_item.port
report_item.svc_name
report_item.protocol
report_item.severity
report_item.plugin_id
report_item.plugin_name
report_item.plugin_family
...
#[Title]#
%report_item.plugin_name%
#[Description]#
%report_item.description%
#[Solution]#
%report_item.solution%
Triage and Merge
Integrations
- REST API
- Scripting
- Burp Extender
- Slack Notifications
REST API
/api/issues/api/nodes./attachments./evidence./notes
$ curl -i -u etd http://dradisframework-ce.dev/api/issues/4
{
"id": 4,
"title": "Out-of-date Apache server",
"fields": {
"Title": "Out-of-date Apache server",
"OWASP": "A9",
"Risk": "High",
"Description": "The version of ...",
"Solution": "The Apache HTTP ...",
"References": "Apache HTTP Server Project\nhttp://httpd.apache.org"
},
"text": "#[Title]#\nOut-of-date Apache server\n\n#[OWASP]#\nA9\n\n...",
"created_at": "2016-06-08T05:53:52.703Z",
"updated_at": "2016-06-08T05:53:52.703Z"
}
Scripting
Issue.all.each do |issue|
puts "- #{issue.title}"
end
node = Node.find(123)
puts "#{node.label} has #{attachments.count} attachments."
Issue.last.evidence.create! node: node, content: "..."
Burp Extender
Slack Notification
Reporting
- CSV
- HTML
- XML / Zip
Ruby on Rails
version 5.1
Web interface:
Console interface:
irb> Issue.count
32
irb> Issue.first.title
"Out-of-date Apache"
Running Dradis
- Dradis on Kali
- Dradis from
git - Download-and-run packages
- Linux
- macOS
Dradis from git
$ mkdir dradis && cd dradis/
$ git clone https://github.com/dradis/dradis-ce
$ cd dradis-ce/
$ ./bin/setup
$ ./bin/rails server
- Cloning core Dradis add-ons
- Copying sample files (database.yml.template; Gemfile.plugins.template)
- Installing dependencies
- Preparing database
- Removing old logs and tempfiles
It's dangerous to go alone!
Take this
Rails for hackers
- Rails Basics series by @cktricky
- Railscasts learn by watching
- RailsForZombies.org step-by-step videos
- Getting Started with Rails guide
- Try ruby learn by doing (non-Rails)
Quick stats
- 263 downloads / 137 clones per week
- 817 commits in the last 12 months (604 in the last 6)
- 1 code base to rule them all
- 9 contributors
The Team
Your turn
You will ask questions now