Dradis v2.9 – Information Sharing For Security Assessments

Use Netsparker


Dradis is an open source framework to enable effective information sharing, specially during security assessments. It’s a tool specifically to help in the process of penetration testing. Penetration testing is about information:

  1. Information discovery
  2. Exploit useful information
  3. Report the findings

But penetration testing is also about sharing the information you and your teammates gather. Not sharing the information available in an effective way will result in exploitation opportunities lost and the overlapping of efforts.

Dradis v2.9 - Information Sharing For Security Assessments

Dradis is a self-contained web application that provides a centralised repository of information to keep track of what has been done so far, and what is still ahead.

Features

  • Easy report generation.
  • Support for attachments.
  • Integration with existing systems and tools through server plugins.
  • Platform independent.



Traditional pentesting teams face different types of challenges regarding information sharing. Different tools provide output in different formats, different testers capture evidence in different ways, different companies report differently, etc.

If you do not use a tool to share the information, every tester will use their own notes file to keep track of their findings. Each will store this file locally, or on a shared resource, but the information will not arrive immediately to the rest of the team.

If you want to know what are the latest findings of your mate, you will need to look for the notes file. You also can try talking, but talking is not that effective when you need to know a specific cookie value or a sql query for an injection attack.

It seems reasonable that some effort must be put to increase the quality and efficiency of this process.

You can download Dradis Framework v2.9 here:

Windowsdradis-v2.9.0-setup.exe
Othersdradis-v2.9.0.tar.gz

Or read more here.

Posted in: Hacking News, Security Software

, , , , ,


Latest Posts:


StaCoAn - Mobile App Static Analysis Tool StaCoAn – Mobile App Static Analysis Tool
StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.
snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.


2 Responses to Dradis v2.9 – Information Sharing For Security Assessments

  1. Sudlo June 29, 2014 at 12:06 pm #

    Pretty neat

    For a beginner like me this is a really great.

    Are there any links where i could read up on this..

    • Darknet July 1, 2014 at 5:12 pm #

      What exactly do you wish to read up on?