Serious Pentest documention with latest Dradis Framework (2.5.0)

A key part of any serious Penetration Test is to provide a comprehensive documentation of
all phases – reconnaissance, enumeration, exploitation and finale documentation.

Now you have a fully loaded BT4 Pentest-Weapon, having a well-defined documentation process is another great way to extend the awesome BT4!

Especially in larger engagements it is key to exchange all findings with the whole team in the
most effiecent way and therefore I’d like to provide a little howto to use the great dradis information
sharing framework.

Dradis core components are based on ruby rails and sqlite3, fully customizable through the plugin
API, importing information from key sec-tools like nmap, burb or nikto; simple frontend with essential
tools to create your documentation (no fancy, overloaded editor or options, keep it simple and bring it to the point!)

Export engine is also quite interesting, currently HTML and Word export is possible, wherby the Word one
is the most interesting one, after you created an initial template with the specific dradis meta-tags, you are
ready to go – takes some time, but once done, you have the power to create a quick report after all your tasks
you have documented within dradis. Details can be found here:
WordExport templates – dradis

BT4 comes with dradis 2.4 (/pentest/misc/dradis) and 2.5 was just released. Dradis is simple
to install and to initialize for the first run, but not really intuitive for novice users, especially performing
some automated tasks. Also some confusing options during first-time initialization…

Read more @


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s