Dradis Framework in Grey Hat Hacking 3rd Edition

Grey Hat Hacking 3rd edition has a full chapter on Information Sharing During a Penetration Test featuring the Dradis Framework extensively.

Installation, configuration, upload, export and import plugins, OSVDB configuration are all covered. Some quotes:

The Dradis Server is the best way to collect and provide information sharing during a penetration test.

The real magic of Dradis occurs when multiple users enter data at the same time.

Access may be granted to the client, enabling them to keep abreast of the current status at all times. Later, when the assessment is done, a copy of the framework database may be left with the client as part of the report.


Dradis 2.6.1 released!

  • Update Rails to 3.0.4 and RedCloth to 4.2.5
  • Update the SSL certificate for 2011 (see ./server/conf/ssl/README)
  • Deal with Burp Scanner's opinionated handling of null bytes
  • Improve verify.sh to find Bundler even when not in the PATH
  • Fix the start.sh script to use UNIX forward slash instead of Windows back slash