Results 1 to 5 of 5

Thread: BT4 serious Pentest documention with latest Dradis Framework (2.5.0)

Threaded View

  1. #1

    Default Serious Pentest documention with latest Dradis Framework (2.5.0)

    A key part of any serious Penetration Test is to provide a comprehensive documentation of
    all phases - reconnaissance, enumeration, exploitation and finale documentation.

    Now you have a fully loaded BT4 Pentest-Weapon, having a well-defined documentation process is another great way to extend the awesome BT4!

    Especially in larger engagements it is key to exchange all findings with the whole team in the
    most effiecent way and therefore I'd like to provide a little howto to use the great dradis information
    sharing framework.

    Dradis core components are based on ruby rails and sqlite3, fully customizable through the plugin
    API, importing information from key sec-tools like nmap, burb or nikto; simple frontend with essential
    tools to create your documentation (no fancy, overloaded editor or options, keep it simple and bring it to the point!)

    Export engine is also quite interesting, currently HTML and Word export is possible, wherby the Word one
    is the most interesting one, after you created an initial template with the specific dradis meta-tags, you are
    ready to go - takes some time, but once done, you have the power to create a quick report after all your tasks
    you have documented within dradis. Details can be found here:
    WordExport templates - dradis

    BT4 comes with dradis 2.4 (/pentest/misc/dradis) and 2.5 was just released. Dradis is simple
    to install and to initialize for the first run, but not really intuitive for novice users, especially performing
    some automated tasks. Also some confusing options during first-time initialization...

    Thefore I've created a shell-script to create a fully custom dradis initialization, just to use the tool and not
    spent to much time going through the internals to customize it yourself.

    Script features:

    -fully custom dradis 2.5.0 installation

    -script needs to be executed without parameter, but have a look in the script to set some basic parameters

    -Simple menue to choose between dradis features (custom ssl cert, view shared pwd, xml parser to see
    word export teplate meta tags etc)

    -Automated import of predefined templates (I've one basic pentest template included)

    -Full backup of sqlite3 & dradis environment settings, including using GPG to encrypt it
    (for any engagement you should create a new DB - data privacy ;-)

    -Import a basic Pentest template (you can set a parameter to define type of template
    you'd like to import, currently I've only added a simple one. Maybe ISECOM is a good
    reference or

    -Create a custome SSL certificate (dradis runs default only on localhost/https)


    1. download
    2. unpack & start script
    sudo ./startDradis
    3. start with menu option 1

    Please, this projects fully relies on community feedback and etd (key developer)
    is always looking for feedback - especially from the Pentest community.

    Give it a try, any comments/criticism are welcome...


    P.S.: for clarification, just have a look in the actual script - like stated above, never executed blindley any kind of tools, even if it's from so
    called 'trusted' sources! The installer includes some useful templates &
    the original dradis 2.5.0 source code,feel free to use...
    Last edited by brtw2003; 02-10-2010 at 09:49 PM. Reason: NEW VERSION AVAILABLE!

Similar Threads

  1. BeEF Framework - No Zombies (Zombie browser connected)
    By mcurran in forum Beginners Forum
    Replies: 9
    Last Post: 04-20-2011, 09:20 AM
  2. framework 3 [...] no session
    By icebox19 in forum Beginners Forum
    Replies: 3
    Last Post: 02-08-2010, 02:41 PM
  3. Durzosploit - exploits generator framework
    By McFranco in forum Tool Requests
    Replies: 1
    Last Post: 01-26-2010, 11:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts