Dradis 3.0

About time

By Daniel Martin / @etdsoft

Agenda

  • New look & feel
  • How does everything fit together
  • Dradis packages
  • Dradis from Git
  • New / improved add-ons

You will ask questions now

And when you get stuck


https://discuss.dradisframework.org

New look & feel

Issues

Nodes

Notes, Evidence, Attachments

How does everything
fit together


Main app:

dradis/dradisframework


Connectors / add-ons

dradis/dradis-burp

dradis/dradis-nessus

dradis/dradis-qualys

Ruby on Rails


Web interface:

http://127.0.0.1:3000


Console interface:


  irb> Issue.count
  32
  irb> Issue.first.title
  "Out-of-date Apache"
            

Rails for hackers

Dradis on Kali

  • Non-Ruby prerequisites
  • Ruby prerequisites

Non-Ruby prerequisites (1/2): Redis

Linux:

Mac:

Non-Ruby prerequisites (2/2): SQlite3 libs

Linux:

Mac:

Ruby environment

  • Kali Linux 1.1.0
  • Ruby 1.9
  • Bundler 1.1 (Ruby "package manager")
  • This bring Bundler to 1.10.

Dradis packages

  • Background worker for long-running tasks (Redis).
  • Everything in one file.

What's inside the package?

  • Ruby interpreter (2.1.5)
  • Dradis Framework 3.0rc1
  • Ruby libraries and dependencies
  • Download and run...

Getting started

http://dradisframework.com/ce/download.html

Adding some Plugins

Note the

  • ../ruby/bin/bundle
  • PACKAGING=true

They are important ™

Dradis from Git

  • Best bet while things settle down.
  • Platform independent(ish)

Getting started

Getting started

  • Cloning core Dradis add-ons
  • Copying sample files (database.yml.template; Gemfile.plugins.template)
  • Installing dependencies
  • Preparing database
  • Removing old logs and tempfiles

Running the process(es)

What we need:

  • The Dradis app.
  • The Redis server.
  • The background worker.

Procfile

Run

  • `rerun`
  • `foreman start`

  $ bundle exec rerun --pattern '**/*.{rb,scss,sass,erb,haml,ru}' \
      foreman start
            

Or...


  $ bundle exec foreman start
            

New / improved add-ons


http://dradisframework.com/integrations/

Tool connectors

  • Acunetix
  • Brakeman
  • Burp
  • MediaWiki
  • Nessus
  • Nexpose
  • Nikto
  • NTOSpider
  • Nmap
  • OpenVAS
  • Qualys
  • Retina
  • SureCheck
  • w3af
  • wXf
  • ZAP

Reporting

Gemfile.plugins

Controls what add-ons are loaded into the framework.

Two steps to load an add-on:

  1. Include it in Gemfile.plugins
  2. Download the add-on repo
  3. Run `bundle`

Include the add-on in Gemfile.plugins

To:

Download repo

Bundle dependencies

Thank You

Daniel Martin / @etdsoft

You will ask questions now