Tools I use – Dradis

Oct 28th, 2009

Comments: 0
Category: Penetration Testing

Tools I use – Dradis

I’ve been using Dradis for a couple of months now. It’s an interesting piece of software that’s designed to help teams of people share information on penetration tests.
That said I find it useful on the tests I do even when I work alone.
Essentially Dradis provides the base environment for users to work in, either from the command line or the rails based web interface, and then pretty much lets them get on with it, so it can be a bit difficult to work out how you want to use it at first, but once you get used to it it’s very handy!
What I’ve done is started to create templates for information that I need to collect during a test and areas to review, that way it reduces the number of times I get into writing the report and realised I’ve missed something ;o). Once you create the tree structure in Dradis, containing any information you want, you can export it as a single file and then re-use it as a template on future tests (for example one for web application tests, one for infrastructure etc)
you can also import information from other tools (nmap, nikto, nessus and burp at the moment) into Dradis, meaning you’ve got a single place to view all the information relating to the test.
It’s well worth a look, as it’s under active development there are new features coming pretty frequently. Also there are guides on the site for prospective developers and as it’s all done in ruby it’s nice and easy to start coding for!

Add a comment

Your email address will not be shared or published. Required fields are marked *