dradis

dradis is an information sharing tool for penetration testing teams. It runs on linux and Windows (a Mac version is coming soon) and requires Ruby, Rake, RubyGemes, and SQLite3. Any penetration testing team will eventually have to figure out the best way to share information across the team during the test. As the team grows larger and team members become more specialized in their tasks, information sharing across the team becomes more important.

dradis Effective Information Sharing

What is dradis?
dradis is an open source tool for sharing information during security assessments.

It provides a centralised repository of information to keep track of what has been done so far, and what is still ahead.

Goals
share information effectively
easy to use and adopt: each team is different, so is each tester. dradis will not require you to change the way you test.
flexibility: learn more about extensions
small and portable: is platform independent and with a web interface

dradis Overview

Traditional pentesting teams face different types of challenges regarding information sharing. Different tools provide output in different formats, different testers capture evidence in different ways, different companies report differently, etc.

If you do not use a tool to share the information, every tester will use their own notes file to keep track of their findings. Each will store this file locally, or on a shared resource, but the information will not arrive inmediately to the rest of the team.

If you want to know what are the latest findings of your mate, you will need to look for the notes file. You also can try talking, but talking is not that effective when you need to know a speciffic cookie value or a sql query for an injection attack.

It seems reasonable that some effort must be put to increase the quality and efficiency of this process.

dradis v2.0 – flexibility unleashed

As you can see there are no Hosts/Protocols/Services in the screenshot above. It is just a tree of Nodes, and nodes can be anything, hosts, applications, locations, countries… you name it. This gives you the flexibility that was missing in previous releases, you can now use dradis for pentest, web apps, wireless, etc. No restrictions, you can structure your information in the most efficient way.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks

Categories: Tools
Tags: , , ,

By Omar Fink on February 3rd, 2009

Leave a Reply

You must be logged in to post a comment.

« »