Projects 101

Team and permissions

Activity feed and revision history

The Project Scheduler

Comments, Notifications, & Subscriptions

Using Nodes to structure the project

Node properties

Working with Notes

The Report Content page

Adding issues and evidence

Liquid Dynamic Content

Combine multiple Issues

Bulk-update Issues

CVSS and DREAD calculators

Add attachments

Tagging issues

Using methodologies

Project templates

Upload and work with tool output

Upload and work with CSV files

Search your project

Restore deleted content with the Trash feature

Quality Assurance View

Generate your report

Importing and exporting projects

Performing a retest

The Administrator role

Managing users

Enabling / disabling sign ups

Working with teams

Working with projects

The Instance-wide Trash

Integration and Tool Manager

Project Scheduler

The Business Intelligence Dashboard

The Remediation Tracker

The Mappings Manager

The Rules Engine

The IssueLibrary

Report templates

Report template properties

Note templates

Project templates

Methodology templates

Kit Uploads

System settings

Upgrading the app

API basics

Teams endpoint

Users endpoint

Projects endpoint

Nodes endpoint

Issues endpoint

Evidence endpoint

Content Blocks endpoint

Notes endpoint

Attachments endpoint

Document Properties endpoint

Methodologies endpoint

IssueLibrary endpoint

Intro to the Command Line Interface

User's guide to the Dradis Console

Upload tool output from the command line

[scripting] Find projects with XSS issues

[scripting] Find Issues added in the past 24 hours

[scripting] Statistics on Issues and Projects

[scripting] From Nessus output to custom report

[scripting] Update your IssueLibrary entries

Intro to the BI Dashboard

Custom Team Properties

Custom Project Properties

From Properties to Metrics

Trend Analysis

Intro to Liquid Gateway Themes

Creating Liquid Gateway Themes

Using Liquid Gateway Themes

  1. Support Home
  2. Collaborate
  3. Customization
  4. Connecting Dradis to MediaWiki

Connecting Dradis to MediaWiki

Would the IssueLibrary be a better fit for your team?

The MediaWiki add-on has basically been superseded by the IssueLibrary at this point. At their core, both are libraries that allow you to save vulnerabilities for reuse across projects. You can add issues from MediaWiki to Dradis but the IssueLibrary also lets you add issues to your library from Dradis.

The IssueLibrary runs locally on the VM instead of running in the cloud like MediaWiki.

We can convert all your existing MediaWiki entries into a custom import script for you so that you can upload them into your IssueLibrary all at once.

Having a repository of common issue descriptions is a good way of saving time during the reporting phase of the engagement.

One of the options available to our users is to import issue descriptions from a MediaWiki instance.

In this guide we're going to cover how to connect your Dradis Professional appliance to a MediaWiki instance, how to structure your content and how to query and import entries from your wiki.

This guide contains:

The result

We want to be able to maintain a repository of issues in wiki instance somewhere in our network and we want to be able to import those issues from Dradis.

This will allow us to pull complete issue descriptions quickly from the wiki into our project.

We want to be able to use the Import new issue module in Dradis to pull data from the wiki:

Get MediaWiki up and running

Providing detailed instructions on setting up MediaWiki is outside the scope of this guide (see the "Installation guide":http://www.mediawiki.org/wiki/Installation on their website for a good starting point). However if all goes according to plan, these are the steps required:

  1. Download the latest version of the app.
  2. Uncompress in your web server (for instance under /var/www/mediawiki-1.21.2).
  3. Point your browser to that directory: http://[domain]/mediawiki-1.21.2/index.php
  4. Follow the instructions

You'll need to configure a database connection so MediaWiki can store its contents.

Adding your first entries

You can structure your entries however you want and use the field names you want. For instance, typically each entry will have:

  • Title
  • Description
  • Recommendation
  • Impact
  • Probability
  • ...

You can have other fields, CVSSv2, References... The important thing is that the fields in your entries repository match the fields in your report template.

Here is an example of what one of these entries should look like in the wiki format:

And also rendered inside the wiki:

We recommend that you create an index page with a reference to all the entries, but this is for your own convenience, it is not really required:

Configuring the connection

Once you have a few sample entries in your wiki, it is time to connect Dradis to it.

  1. First, make sure that you've enabled the MediaWiki import add-on

  2. Log into Dradis and create a new project for testing purposes, lets call it MediaWiki.

  3. Open that project and click on the Settings icon in the upper-right corner of the window, then select Configure plugins:

    Configuration settings are sorted alphabetically, go to the bottom of the screen to locate the wiki-related ones:

    Field Description Default value
    fields The fields in your entries Title,Impact,Probability,Description,Recommendation
    host The host name of the wiki server localhost
    path The path to the wiki install /mediawiki/api.php
    port The port number of your wiki server 80
    scheme http vs https http(s)

Importing entries

After providing all the relevant configuration you can navigate back to the Project and go to the All Issues page:

You can see the different search fields of the Import new issue module on the right-hand side of the window. Go down to the MediaWiki one and input some text and hit Enter. The results will be displayed underneath the search field:

Browse through the results, click on the one you're interested in to review the details, and click on the add issue link to import that entry into the project:

And the issue will appear in your Issues list:

Next help article: Enable extra import add-ons →

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.