The Tools

Supported Plugins

The Plugin Manager can work with the output of many different tools/plugins but not all of them are supported in the same way. Check the table below to see what tools are included in the plugin manager, whether they are supported, as well as a list of all available templates and fields.

Plugin Name Templates Available
Dradis::Plugins::Acunetix Scan, Evidence, Report
Dradis::Plugins::Brakeman Warning, Scan info
Dradis::Plugins::Burp Evidence, Issue
Dradis::Plugins::Metasploit Note
Dradis::Plugins::Nessus Evidence, Report item, Report host
Dradis::Plugins::Netsparker Evidence, Issue
Dradis::Plugins::Nexpose Full vulnerability, Full scan, Simple port, Full service, Full node, Full evidence
Dradis::Plugins::Nikto Item, Scan, Ssl
Dradis::Plugins::Nmap Host, Port
Dradis::Plugins::NTOSpider Evidence, Vuln
Dradis::Plugins::OpenVAS Issue
Dradis::Plugins::Qualys Evidence, Element
Dradis::Plugins::Saint Vulnerability, Evidence
Dradis::Plugins::Zap Evidence, Issue

The Templates

As noted in the table above, The Plugin Manager can customize multiple templates for each plugin (e.g. one template for the Scan note, one for the Evidence note, one for the Report item note, etc.)

Customize each template separately to get the exact output that you need for your report template. More on the specifics of integrating with your report template later.

What does this template create when I upload my file?

You'll notice that each of the Supported Tools has a different naming convention for the different templates. These names match up with the field names within the different tool outputs. For example, the Nessus Report Item template corresponds to the data available in the ReportItem tags in the .nessus file.

Dradis::Plugins::Acunetix

  • Scan: defines the fields for a Note set to the Default category on each Node
  • Evidence: defines Evidence fields
  • Report: defines Issue fields

Dradis::Plugins::Brakeman

  • Warning: defines the fields for a Note set to the Default category
  • Scan info: defines the fields for a Note set to the Default category

Dradis::Plugins::Burp

Dradis::Plugins::Metasploit

  • Node: defines the fields for a Note set to the Default category

Dradis::Plugins::Nessus

  • Evidence: defines Evidence fields
  • Report item: defines Issue fields
  • Report host: defines the fields for a Note set to the Default category on each Node

Dradis::Plugins::Netsparker

Dradis::Plugins::Nexpose

  • Full vulnerability: defines Issue fields
  • Full scan: defines the fields for a Note set to the Default category on the Nexpose Scan Summary Node
  • Simple port: for a simple scan format, this defines the fields for a Note set to the Default category for each Port associated with a specific Host (e.g. Node)
  • Full service: for a full scan format, this defines the fields for a Note set to the Default category for each Service associated with a specific Host (e.g. Node)
  • Full node: defines the fields for a Note set to the Default category on each Node
  • Full evidence: defines Evidence fields

Dradis::Plugins::Nikto

Dradis::Plugins::Nmap

  • Host: defines the fields for a Note set to the Default category on each Node
  • Port: defines the fields for a Note set to the Default category for each Port associated with a specific Host (e.g. Node)

Dradis::Plugins::NTOSpider

Dradis::Plugins::OpenVAS

  • Issue: defines Issue fields

Dradis::Plugins::Qualys

  • Evidence: defines Evidence fields
  • Element: defines Issue fields

Dradis::Plugins::Saint

  • Evidence: defines Evidence fields
  • Vulnerability: defines Issue fields

Dradis::Plugins::Zap

The Fields

Each supported plugin has a list of fields that you can automatically import into your plugin template. Click on Available fields to view a popup of all the fields that the plugin supports.

The combination of plugin templates and plugin fields take in your uploaded tool output and create a new Note, Issue, or Evidence in Dradis, customized exactly how you need it to be.

Now that you understand how the Plugin Manager uses Tool outputs, Templates, and Fields together to customize your findings, let's move on and integrate the Plugin Manager with YOUR report template.