Dradis Framework

Up until now, adding screenshots to your notes has been a bit problematic. You had to go to the Attachments upload the image, click, get the URL, go back to the Notes tab, open the editor and paste the link. This lead to a very upvoted feature request: Add image upload functionality to Note Editor.

Recently we've managed to sort this out and create a much cleaner solution to solve this problem: you can now drag and drop files to the Editor window, upload and copy the resulting attachment URLs to use them in the note's text. Let me show you how:

When invoking the note Editor (either from the add note button or double-clicking on an existing note), apart from the familiar Write and Preview tabs, there will be a third tab: Attachments.


This tab features a drop zone and some controls to manage the upload process. You can drag files from your desktop into the drop zone to stage them for upload:


Have you noticed the preview images you get even before uploading anything?

Anyway, you can upload them one at a time using the controls in each row or all at once using the general controls below the drop zone.


Once they are uploaded a link is provided to each attachment. You can right-click on the link to copy the attachment's URL for use in your notes.




The drag'n'drop feature is dependent on your browser, you will need Firefox 4.0+, Google Chrome or Safari 5.0+.

This feature is already available in the master branch of the Dradis Community and Dradis Professional editions.

I (@etdsoft) was given the opportunity to talk about Dradis Framework's past, present and future on Episode 11 of PaulDotCom Security Weekly en Espanol.

The podcast is in Spanish, but there is a full transcript in English in Security Root's blog:

http://blog.securityroots.com/2012/03/pauldotcom-en-espanol-interviews.html

Thanks to Carlos Perez aka "Darkoperator" (@Carlos_Perez) and the PaulDotCom team for having us in the show!

Today we got some amazing news, Dradis Framework was chosen the winner in the Security Assessment/Datamining category of the Best Tools Report 2011 by ToolsWatch Service

From the document:

The present document describes the Best Tools and Utilities from 2011. Divided into categories, carefully separated, based on the VulnerabilityDatabase.com Scoring Criteria.

We are thankful to the @ToolsWatch team and want to send congrats to all the participants!

Good day!

New plugins

• Retina Network Security Scanner upload plugin.
• Zed Attack Proxy upload plugin.

Updated plugins

• Nessus upload plugin is orders of magnitude faster.
• Nikto upload plugin is orders of magnitude faster.
• Nmap upload plugin is orders of magnitude faster.
• VulnDB import plugin (to support VulnDB HQ integration)

Internals

• Updated First Time User's Wizard.
• Updated to Rails 3.2

 

• Cleaner three-column layout
• Smarter Ajax polling and auto-updating
• New version of the Nmap upload plugin
• New version of the Nessus upload plugin
• ./verify.sh now checks that libxml2 is installed
• Bugs fixed: #17, #31, #37, #43, #48

 

In Dradis 2.8 we will have a brand new three-column layout.

We have already discussed that the current Dradis interface can get cluttered at times (Tidy up your note list). In Dradis 2.8 we are introducing a cleaner layout with less text in the note list and more space for the note's content. Here are some screenshots:

One of the best features that we have been working on for the next release of Dradis will be an improved Ajax refresh feature.

We have prepared a small screencast to show it. Two different browsers are shown side by side. Notes and nodes added in one browser are replicated in the other.


Dradis 2.8 smart Ajax refresh por etdsoft

It is already in our GitHub repository so you are free to git pull and give it a shot. We will be very interested in hearing what you have to say.