Kit Upload

This page contains:

Kits allow you to configure your instance with a single upload. Kits can do the following:

  • Create projects

  • Upload methodology templates

  • Add Note templates

  • Upload report templates (Excel, Word, HTML etc)

  • Configure report template properties

  • Create Rules in the Rules Engine

Creating a kit

The kit is simply a .zip file that contains the specific files that you need to upload. The kit must follow a specific structure.

Administration 74

When you unzip a kit.zip file, you will see the following:

Seeding the Rules Engine

The rules_seed.rb file creates new Rules in the Rules Engine:

# ================================================================ Rules Engine
project      = Project.last
tag_critical = project.tags.find_by(name: '!9467bd_critical').try(:name)
tag_high     = project.tags.find_by(name: '!d62728_high').try(:name)
tag_medium   = project.tags.find_by(name: '!ff7f0e_medium').try(:name)
tag_low      = project.tags.find_by(name: '!6baed6_low').try(:name)
tag_info     = project.tags.find_by(name: '!2ca02c_info').try(:name)

if Dradis::Pro::Rules::Rules::AndRule.where(name: 'Nessus N/A CVSS to 0.0').empty?
  nessus1 = Dradis::Pro::Rules::Rules::AndRule.create!(name: 'Nessus N/A CVSS to 0.0')
  Dradis::Pro::Rules::Conditions::FieldCondition.create!(rule: nessus1, properties: { plugin: :nessus, field: 'CVSSv3.BaseScore', operator: '==', value: 'n/a' })
  Dradis::Pro::Rules::Actions::ChangeValueAction.create!(rule: nessus1, properties: { field: 'CVSSv3.BaseScore', new_value: '0.0' })
end

if Dradis::Pro::Rules::Rules::AndRule.where(name: 'Nessus: Tag High').empty?
  nessus3 = Dradis::Pro::Rules::Rules::AndRule.create!(name: 'Nessus: Tag High')
  Dradis::Pro::Rules::Conditions::FieldCondition.create!(rule: nessus3, properties: { plugin: :nessus, field: 'CVSSv3.BaseScore', operator: '<=', value: '8.9' })
  Dradis::Pro::Rules::Conditions::FieldCondition.create!(rule: nessus3, properties: { plugin: :nessus, field: 'CVSSv3.BaseScore', operator: '>=', value: '7.0' })
  Dradis::Pro::Rules::Actions::TagAction.create!(rule: nessus3, properties: { tag_name: tag_high })
end
    

First, the tags are defined, then individual rules are created. The Rule Title is set with name: (e.g. "Nessus: Tag High").

Then, the Triggers are created with Conditions. If you want to use Match All, use Conditions::MatchAllCondition, and if you want to Match Field, use Conditions::FieldCondition.

To match properly on the field, you'll want to define the plugin, field, operator, and value.

plugin    field operator value

acunetix
brakeman
burp
metasploit
nessus
netsparker
nexpose
nikto
nmap
nto_spider
open_vas
projects
qualys
saint
zap

The field name is specific to the plugin
that you are using and is determined
by your settings in the Plugin Manager.
Use the field name (e.g. Rating) that
you set in the Plugin Manager.

Equals: ==

Does not equal: !=

Is greater than: >

Is greater than or equals: >=

Is less than: <

Is less than or equals: <=

Contains: include?

The value will contain a number, word,
or a phrase depending on how you've
configured the rest of the rule.

The end of rules_seed.rb file above creates Rules to automatically tag Nessus findings based on CVSS score. For example, the "Tag High" rule shown above creates a Rule in the Rules Engine like:

Administration 73

The Templates

  1. The /templates/methodologies subfolder

    This folder contains any methodology templates that you want to add to your instance. Example, OWASPv4_Testing_Methodology.xml.

  2. The /templates/notes subfolder

    This folder contains any note templates that you want to add to your instance. Example, issue.txt.

  3. The /templates/projects subfolder

    This folder contains any project templates that you want to add to your instance. Example, dradis-template.xml.

  4. The /templates/reports subfolder

    This folder contains 3 more subfolders:

    • /templates/reports/excel

    • /templates/reports/html_export

    • /templates/reports/word

    Add any report templates that you want to add to your instance. Example, dradis_template-client.v0.1.docm (in the /word subfolder), dradis_template-excel-client.v0.1.xlsm (in the /excel subfolder), dradis_html_template.html.erb (in the /html_export folder).

    Configure Report Template Properties

    To automatically configure report template properties on upload, create an .rb file that has the same filename as your report template. For example, if your report template is "dradis_welcome_template.v0.5.docm", the configuration file name would be dradis_welcome_template.v0.5.rb.

    Example .rb file:

    ReportTemplateProperties.create_from_hash!(
      definition_file: File.basename(__FILE__, '.rb'),
      # plugin_name: 'excel',
      plugin_name: 'word',
      # plugin_name: 'html_export',
      content_block_fields: {
        'Conclusion' => [
          {name: 'Title', type: 'string', values: nil},
          {name: 'Type', type: 'string', values: 'Conclusion'},
        ],
        'Scope' => [
          {name: 'Title', type: 'string', values: nil},
          {name: 'Type', type: 'string', values: 'Scope'},
        ]
      },
      document_properties: [
        'dradis.project',
        'dradis.client',
      ],
      evidence_fields: [
        {name: 'Details', type: 'number', values: nil}
      ],
      issue_fields: [
        {name: 'Title', type: 'string', values: nil},
        {name: 'CVSSv3.BaseScore', type: 'number', values: nil},
      ]
    )
            

First, set plugin_name: to excel, word, or html_export as required.

Then, set content_block_fields by creating Content Blocks. Set the Block Group name at the first level (e.g. 'Conclusion'), then create a new row for each field that needs to be defined. Use Name as the field name, set type to either string or number, and set values as needed.

Create a list of document_properties (e.g. dradis.project).

Create evidence_fields and issue_fields as needed. Use Name as the field name, set type to either string or number, and set values as needed.

Uploading a kit

  1. Sign in as an Administrator.

  2. Navigate to Templates > Kit Upload.

  3. Use the Drop zone or the blue Add kit button to select your kit.zip file.

    Administration 71
  4. Then, just click the green Start button to upload it.

  5. The on-screen log will display all the changes that are being made. Wait until it displays Worker process completed before moving on.

    Administration 72

Uploading a kit via the command line

  1. SCP your kit (e.g. kit.zip) to your Dradis instance (e.g. to the /tmp folder).

  2. Run the following commands in the console as dradispro:

    $ cd /opt/dradispro/dradispro/current/
    $ RAILS_ENV=production bundle exec thor dradis:setup:kit /tmp/kit.zip

    Make sure to update the filename and path to match yours!

Next help article: System settings →