Dradis 3.0
About time
By Daniel Martin / @etdsoft
Agenda
- New look & feel
- How does everything fit together
- Dradis packages
- Dradis from Git
- New / improved add-ons
You will ask questions now
And when you get stuck
New look & feel
Issues
Nodes
Notes, Evidence, Attachments
How does everything
fit together
Main app:
Connectors / add-ons
Ruby on Rails
Web interface:
Console interface:
irb> Issue.count
32
irb> Issue.first.title
"Out-of-date Apache"
Rails for hackers
- Rails Basics series by @cktricky
- Railscasts learn by watching
- RailsForZombies.org step-by-step videos
- Getting Started with Rails guide
- Try ruby learn by doing (non-Rails)
Dradis on Kali
- Non-Ruby prerequisites
- Ruby prerequisites
Non-Ruby prerequisites (1/2): Redis
Linux:
$ apt-get install redis-server
Mac:
$ brew install redis
$ redis-server /usr/local/etc/redis.conf
Non-Ruby prerequisites (2/2): SQlite3 libs
Linux:
$ apt-get install libsqlite3-dev
Mac:
$ brew install sqlite
Ruby environment
- Kali Linux 1.1.0
- Ruby 1.9
- Bundler 1.1 (Ruby "package manager")
$ gem install bundler --no-rdoc --no-ri
$ bash -l
This bring Bundler to 1.10.
Dradis packages
- Background worker for long-running tasks (Redis).
- Everything in one file.
What's inside the package?
- Ruby interpreter (2.1.5)
- Dradis Framework 3.0rc1
- Ruby libraries and dependencies
- Download and run...
Getting started
https://dradis.com/ce/download.html
# mkdir dradis3-pkg
# cd dradis3-pkg/
# # wget http://sourceforge.net/projects/dradis/files/dradis/v3.0/dradis-3.0.0.rc1-linux-x86_64.tar.gz/download
# tar -xvvzf dradis-3.0.0.rc1-linux-x86_64.tar.gz
# cd dradis-3.0.0.rc0-linux-x86/
# ./dradis-webapp && ./dradis-worker
Adding some Plugins
# cd lib/vendor/
# vi Gemfile.plugins
# PACKAGING=true ../ruby/bin/bundle --local
Note the
../ruby/bin/bundlePACKAGING=true
They are important ™
Dradis from Git
- Best bet while things settle down.
- Platform independent(ish)
Getting started
$ mkdir dradis3-git
$ cd dradis3-git/
$ git clone https://github.com/dradis/dradis-ce
$ cd dradis-ce/
$ rm Gemfile.lock
$ git checkout release-3.0
Getting started
$ ruby ./bin/setup
- Cloning core Dradis add-ons
- Copying sample files (database.yml.template; Gemfile.plugins.template)
- Installing dependencies
- Preparing database
- Removing old logs and tempfiles
Running the process(es)
What we need:
- The Dradis app.
- The Redis server.
- The background worker.
Procfile
web: bundle exec rails server
# Uncomment for Mac:
# redis: redis-server /usr/local/etc/redis.conf
resque: bundle exec rake resque:work
Run
- `rerun`
- `foreman start`
$ bundle exec rerun --pattern '**/*.{rb,scss,sass,erb,haml,ru}' \
foreman start
Or...
$ bundle exec foreman start
New / improved add-ons
Tool connectors
- Acunetix
- Brakeman
- Burp
- MediaWiki
- Nessus
- Nexpose
- Nikto
- NTOSpider
- Nmap
- OpenVAS
- Qualys
- Retina
- SureCheck
- w3af
- wXf
- ZAP
Reporting
Gemfile.plugins
Controls what add-ons are loaded into the framework.
Two steps to load an add-on:
- Include it in
Gemfile.plugins - Download the add-on repo
- Run `bundle`
Include the add-on in Gemfile.plugins
# if Dir.exists?('../dradis-pdf_export') && !ENV['PACKAGING']
# gem 'dradis-pdf_export', path: '../dradis-pdf_export'
# else
# gem 'dradis-pdf_export', github: 'dradis/dradis-pdf_export'
# end
To:
if Dir.exists?('../dradis-pdf_export') && !ENV['PACKAGING']
gem 'dradis-pdf_export', path: '../dradis-pdf_export'
else
gem 'dradis-pdf_export', github: 'dradis/dradis-pdf_export'
end
Download repo
$ cd ~/dradis3-git/
$ git clone https://github.com/dradis/dradis-pdf_export
Bundle dependencies
$ bundle
Thank You
Daniel Martin / @etdsoft
You will ask questions now