The Administrator role

Managing users

Enabling / disabling sign ups

Working with teams

Working with projects

The Instance-wide Trash

Integration and Tool Manager

Project Scheduler

The Business Intelligence Dashboard

The Remediation Tracker

The Mappings Manager

The Rules Engine

The IssueLibrary

Report templates

Report template properties

Note templates

Project templates

Methodology templates

Kit Uploads

System settings

Upgrading the app

Customizations and Configurations

Re-encrypt your LUKS-encrypted disk and generate a new volume key

Automatically unlock your LUKS-encrypted drive

Change your LUKs-encrypted drive's passphrase

Change default CIC password

Set up SSL certificates so that upgrades won't override them

Set up SSL certificates with Let's Encrypt

Increase the number of puma threads

Increase the number of export worker processes

Set maximum login attempts

Increase session timeout period

Usage analytics sharing

Configure the mail server

Configure the Burp-Dradis Extension

Connecting Dradis to MediaWiki

Enable extra import add-ons

API basics

Teams endpoint

Users endpoint

Projects endpoint

Nodes endpoint

Issues endpoint

Evidence endpoint

Content Blocks endpoint

Notes endpoint

Attachments endpoint

Document Properties endpoint

Methodologies endpoint

IssueLibrary endpoint

Intro to the Command Line Interface

User's guide to the Dradis Console

Upload tool output from the command line

[scripting] Find projects with XSS issues

[scripting] Find Issues added in the past 24 hours

[scripting] Statistics on Issues and Projects

[scripting] From Nessus output to custom report

[scripting] Update your IssueLibrary entries

Intro to the BI Dashboard

Custom Team Properties

Custom Project Properties

From Properties to Metrics

Trend Analysis

Intro to Liquid Gateway Themes

Creating Liquid Gateway Themes

Using Liquid Gateway Themes

  1. Support Home
  2. Collaborate
  3. Working with projects
  4. CVSS and DREAD calculators

CVSS and DREAD calculators

CVSS score calculator

Dradis now supports CVSSv3, CVSSv3.1, and CVSSv4. Our Common Vulnerability Scoring System Calculator is heavily inspired by FIRST.

The Dradis CVSS score calculator is included as a tab when browsing individual Issues. Click on the tab to access the calculator and edit its values. You can select v3.0, v3.1, or v4.0 of the CVSS Calculator with the toggle in the top right.

Alternatively, from the projects page, you can navigate to Tools > Risk Calculators - CVSS in the header to access the instance-wide Dradis CVSS score calculator.

Then, copy/paste the output in the right hand sidebar into the corresponding Issue in your Dradis project or IssueLibrary entry.

CVSSv4

Select the correct values for:

  • Base: Attack Vector, Attack Complexity, Attack Requirements, Privileges Required, User Interaction, Vulnerable System Confidentiality, Vulnerable System Integrity, Vulnerable System Availability, Subsequent System Confidentiality, Subsequent System Integrity, Subsequent System Availability

  • Supplemental: Safety, Automatable, Recovery, Value Density, Vulnerability Response Effort, Provider Urgency

  • Environmental: Modified Attack Vector, Modified Attack Complexity, Modified Attack Requirements, Modified Privileges Required, Modified User Interaction, Modified Vulnerable System Confidentiality, Modified Vulnerable System Integrity, Modified Vulnerable System Availability, Modified Subsequent System Confidentiality, Modified Subsequent System Integrity, Modified Subsequent System Availability, Confidentiality Requirements, Integrity Requirements, Availability Requirements

  • Threat: Exploit Maturity

Then, click the "Update Issue" button to update the corresponding Issue in your Dradis project with the data from the calculator.

Note that the calculator uses the CVSSv4.BaseVector field to pre-populate the form. If you later edit your Issue manually and change some of the calculator values, other items such as CVSS score and Severity will not update accordingly. If you change the CVSSv4.BaseVector field, the changes should be reflected across all relevant fields.

CVSSv3 and CVSSv3.1

Select the correct values for:

  • Base: Attack Vector, Attack Complexity, Privileges Required, User Interaction, Scope, Confidentiality, Integrity, Availability.

  • Temporal: Exploit Code Maturity, Remediation Level, Report Confidence

  • Environmental: Confidentiality Requirement, Integrity Requirement, Availability Requirement, Modified Attack Vector, Modified Attack Complexity, Modified Privileges Required, Modified User Interaction, Modified Scope, Modified Confidentiality, Modified Integrity, Modified Availability

Then, click the "Update Issue" button to update the corresponding Issue in your Dradis project with the data from the calculator.

Note that the calculator uses the CVSSv3.Vector field to pre-populate the form. If you later edit your Issue manually and change some of the calculator values, other items such as CVSS score and Severity will not update accordingly. If you change the CVSSv3.Vector field, the changes should be reflected across all relevant fields.

DREAD score calculator

DREAD stands for (D)amage, (R)eproducibility, (E)xploitability, (A)ffected users, (D)iscoverability and is a common risk assessment model introduced by Microsoft.

You can add a DREAD rating to an existing issue by navigating to the DREAD tab in the issue and clicking Edit to access the Dradis DREAD score calculator.

Select the correct values for Damage Potential, Affected users or systems, Reproducibility, Exploitability, and Discoverability.

Alternatively, from the projects page, you can navigate to Tools > Risk Calculators - DREAD in the header to access the instance-wide Dradis DREAD score calculator.

Then, copy/paste the output in the right hand sidebar into the corresponding Issue in your Dradis project or IssueLibrary entry.

Disabling the calculators

Want to remove the calculators from view to de-clutter your workspace? Go to Configuration, then Configure plugins, and you have the option to disable either or both of the calculators by setting their value of show to 0.

Next help article: Add attachments →

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.