Dradis ships with a built-in CVSSv4 calculator (which also supports CVSSv3.1 and CVSSv3).
Use it to quickly assign the different metrics and calculate the risk vector, and have fine-grained control of what values you want to show in your pentest report.
Best of all, it's open-source: dradis/dradis-calculator_cvss
If you favor Microsoft's Damage, Reproducibility, Exploitability, Affected Users, and Discoverability (DREAD) risk assessment model, we have you covered: Dradis ships with a built-in DREAD calculator.
You have full control over what components and scores to include in your security report.
We released it as open-source: dradis/dradis-calculator_dread
Map your findings to the MITRE ATT&CK framework without leaving Dradis. The built-in calculator lets you select tactics, techniques, and sub-techniques—automatically populating issue fields with properly formatted references.
You have full control over how MITRE data appears in your security reports.
Perfect for threat intelligence documentation, compliance requirements (NIST CSF, SOC 2), and red team assessments.
You guessed it, also open-source 🙌: dradis/dradis-calculator_mitre
We know that neither CVSS nor DREAD are perfect. Some times you need your own risk assessment model.
Whether it's a combination of an Impact score and a Probability one, or a formula-based calculation, you can create a custom risk scoring system and load it in your Dradis instance, just for you.
You can't do that with any other platform!
Whether it's because you're whitelabelling your pentest deliverables for a partner, or because you have a customer that has a preferred risk assessment model, we have your back.
In Dradis you can have multiple risk calculators loaded and choose which one you want to use for each project.
Your email is kept private. We don't do the spam thing.
