Results 1 to 5 of 5

Thread: BT4 serious Pentest documention with latest Dradis Framework (2.5.0)

  1. #1

    Default Serious Pentest documention with latest Dradis Framework (2.5.0)

    A key part of any serious Penetration Test is to provide a comprehensive documentation of
    all phases - reconnaissance, enumeration, exploitation and finale documentation.

    Now you have a fully loaded BT4 Pentest-Weapon, having a well-defined documentation process is another great way to extend the awesome BT4!

    Especially in larger engagements it is key to exchange all findings with the whole team in the
    most effiecent way and therefore I'd like to provide a little howto to use the great dradis information
    sharing framework.

    Dradis core components are based on ruby rails and sqlite3, fully customizable through the plugin
    API, importing information from key sec-tools like nmap, burb or nikto; simple frontend with essential
    tools to create your documentation (no fancy, overloaded editor or options, keep it simple and bring it to the point!)

    Export engine is also quite interesting, currently HTML and Word export is possible, wherby the Word one
    is the most interesting one, after you created an initial template with the specific dradis meta-tags, you are
    ready to go - takes some time, but once done, you have the power to create a quick report after all your tasks
    you have documented within dradis. Details can be found here:
    WordExport templates - dradis


    BT4 comes with dradis 2.4 (/pentest/misc/dradis) and 2.5 was just released. Dradis is simple
    to install and to initialize for the first run, but not really intuitive for novice users, especially performing
    some automated tasks. Also some confusing options during first-time initialization...



    Thefore I've created a shell-script to create a fully custom dradis initialization, just to use the tool and not
    spent to much time going through the internals to customize it yourself.

    Script features:

    -fully custom dradis 2.5.0 installation

    -script needs to be executed without parameter, but have a look in the script to set some basic parameters

    -Simple menue to choose between dradis features (custom ssl cert, view shared pwd, xml parser to see
    word export teplate meta tags etc)

    -Automated import of predefined templates (I've one basic pentest template included)

    -Full backup of sqlite3 & dradis environment settings, including using GPG to encrypt it
    (for any engagement you should create a new DB - data privacy ;-)

    -Import a basic Pentest template (you can set a parameter to define type of template
    you'd like to import, currently I've only added a simple one. Maybe ISECOM is a good
    reference or http://www.vulnerabilityassessment.c...rationTest.zip)

    -Create a custome SSL certificate (dradis runs default only on localhost/https)


    INSTALLATION:

    1. download http://zerohat.de/_shared_files/drad...ler_1.1.tar.gz
    2. unpack & start script
    Code:
    sudo ./startDradis
    3. start with menu option 1



    Please, this projects fully relies on community feedback and etd (key developer)
    is always looking for feedback - especially from the Pentest community.


    Give it a try, any comments/criticism are welcome...

    /brtw2003

    P.S.: for clarification, just have a look in the actual script - like stated above, never executed blindley any kind of tools, even if it's from so
    called 'trusted' sources! The installer includes some useful templates &
    the original dradis 2.5.0 source code,feel free to use...
    http://pastebin.com/m4e2b8bc
    Last edited by brtw2003; 02-10-2010 at 09:49 PM. Reason: NEW VERSION AVAILABLE!

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Serious Pentest documention with latest Dradis Framework (2.5.0)

    I mean no disrespect, but it would have been better to make a tool request then you don't have to support anyone if something goes wrong with your guide.
    Furthermore Without first downloading and investigating each line of code in your script there is no way to know what it may do.

  3. #3
    Junior Member JF1976's Avatar
    Join Date
    Jan 2010
    Location
    Kings Lynn, Norfolk UK
    Posts
    31

    Default Re: BT4 serious Pentest documention with latest Dradis Framework (2.5.0)

    this look very handy what about doing more of a write up on how to use with backtrack, that would be useful

  4. #4
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    24

    Default Re: Serious Pentest documention with latest Dradis Framework (2.5.0)

    Quote Originally Posted by Archangel-Amael View Post
    Furthermore Without first downloading and investigating each line of code in your script there is no way to know what it may do.
    Is there another way to know what a piece of software does? He does give an overview of what it should do. Also you can look at the script on pastebin: Bash | #!/bin/bash ## ## MADE CHA - Brtw2003 - m4e2b8bc - Pastebin.com

    OP, if I wrote additional sections, would you include it?

    For now, there are tutorials here: Documentation - dradis

  5. #5
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    4

    Default Re: BT4 serious Pentest documention with latest Dradis Framework (2.5.0)

    Just posted on how to get Dradis 2.6.1 running in BackTrack4 R2:

    http://usfl.fr/Dradis_BT4

    HTH,
    Daniel

Similar Threads

  1. BeEF Framework - No Zombies (Zombie browser connected)
    By mcurran in forum Beginners Forum
    Replies: 9
    Last Post: 04-20-2011, 09:20 AM
  2. framework 3 [...] no session
    By icebox19 in forum Beginners Forum
    Replies: 3
    Last Post: 02-08-2010, 02:41 PM
  3. Durzosploit - exploits generator framework
    By McFranco in forum Tool Requests
    Replies: 1
    Last Post: 01-26-2010, 11:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •