Dradis – Reporting Platform For IT Security Professionals


Dradis is an open source reporting platform for IT Security, tailored towards the types of information that need to be shared amongst an information security team during a professional engagement. It provides a centralized repository of information using a web interfaced based client/server architecture.

Dradis - Reporting Platform For IT Security Professionals

It also supports 15+ different tools including Burp, Nessus, Nmap, Qualys (listed below).

The goals of the project are to:

  • Share the information effectively.
  • Easy to use, easy to be adopted.
  • Flexible: with a powerful and simple extensions interface.
  • Small and portable.
    • You should be able to use it while on site (no outside connectivity).
    • It should be OS independent (no two testers use the same OS).

Features

  • Platform independent
  • Markup support for the notes: text styles, code blocks, images, links, etc.
  • Integration with existing systems and tools:
    • Burp Scanner
    • Metasploit
    • Nessus
    • NeXpose
    • Nikto
    • Nmap
    • OpenVAS
    • OSVDB
    • Retina
    • SureCheck
    • VulnDB
    • w3af
    • wXf
    • Zed Attack Proxy

New in v3.0

  • Support for Issue/Evidence separation
  • New HTML/CSS interface
  • Use BCrypt for password storage.
  • Gemified plugins in external repositories
  • Enhanced background workers
  • New plugins:
    • Export: CSV, PDF
    • Upload: Acunetix, Qualys
  • Rails 4.1

You can download Dradis 3.0.0.rc3 here:

Linux – dradis-3.0.0.rc3-linux-x86.tar.gz
Mac – dradis-3.0.0.rc3-osx.tar.gz

Or read more here.

Posted in: Hacking News, Security Software

,


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


Comments are closed.