Include screenshots stored in Dradis in your Word report

Every week, a Dradis user somewhere is thinking: "Damn, it would be nice if I could get my screenshots in the Word report". The problem has been discussed in the forum and the mailing list before, it is quite simple actually, we need a way to get our screenshots (stored in Dradis as attachments) into the final report.

Up until now I though that any solution to the problem would go through several layers of Word and WordML magic, packing and base64-encoding of the images, however, last week I realised that a simpler solution may exist. We are going to use a Word macro to do the heavy lifting.

The first thing we need is to upload our screenshot as an attachment in Dradis:

Then we need to include a reference to it in the text of our note. To do this, just double-click on the uploaded attachment and copy the URL assigned to it:

Note that in Textile (the markup language understood by Dradis) images are referenced by their URL between exclamation marks (!!). Make sure that the preview panel renders the image correctly. Otherwise review the URL:

(By the way, the screenshot is of the first entry from Google when searching for "Index of")

So, the last thing we need to do is to assign this note to the WordExport ready category and generate our Word report (export > Word export > Generate report):

And here comes the magic. I have created a Word macro (DradisScreenshot) that parses your document, searches for !! and pulls the corresponding images from your Dradis server.

I'm working on a separate post describing the inner workings of the macro, including for instance why I could use a simpler approach (e.g. ) [hint, bad SSL cert + HTTP authentication]. In the mean time, you can just grab the code from GitHub: etdsoft/dradis-macros and start using it.

The result:

I've also added this as an icon in my "Quick Access Toolbar":

Hope you find this quick tip useful. The code of the macro is sparsely documented but it should do the trick. Remember to assign the temporary directory and if you find any issues, please report them in the issue tracker.


  1. Grab the Word macro from GitHub: etdsoft/dradis-macros
  2. Enjoy


Windows cannot find 'blunder' error on Dradis 2.7.1

Update May/26: An updated installer has been published that fixes the issue described below and is available through the download page.

The Dradis 2.7.1 Windows package (dradis-v2.7.1-setup.exe) that we released yesterday contains a typo in in one of the batch files: server.bat.

If you try to run the file directly or through the Start menu start server icon, you will get an error message:

Windows cannot find 'blundler'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

In order to fix this open the file in an editor (go to the Start menu icon, right click > Edit) and adjust it to:

@echo off

::If the script doesn't work, uncomment and adjust the following:
set PATH=c:\Ruby187\bin;%PATH%
set RAILS_ENV=production
set BASE=%~dp0
cd %BASE%\server\

start "Dradis Framework Server (Ctrl+C to terminate)" bundle exec rails server webrick

Thanks to Doug Ipperciel for bringing this to our attention.


Upgrading from Dradis 2.7.0 to 2.7.1

This week we are releasing Dradis Framework 2.7.1 which closes several bugs and brings a new note editor.

If you're new to Dradis or upgrading from an older (2.6.x, 2.5.x...) release, go ahead and download the full package from the downloads page.

However, if you already have a working install of Dradis 2.7.0 maybe you don't want to run the Windows installer again, or wait until your distro prepares an updated version of the package (did you know that BackTrack 5 shipped with Dradis 2.7.0?). Here is how to get the latest 2.7.1 code up and running.

Go to your install location:

In Windows:

c:\> cd %APPDATA%\dradis-2.7

In BackTrack:

# cd /pentest/misc/dradis

Backup the old server folder:

# mv server 2.7.0-server

Now you have a decision to make: upgrade to 2.7.1 or clone the Dradis repository so you can upgrade to 2.7.1 but also to any forthcoming releases (recommended)

Upgrading to 2.7.1

Download and uncompress the tarball for Dradis server 2.7.1 from GitHub:

Uncompress in the drads-2.7 folder renaming the extracted directory to just server.

Using git repository for easy upgrading

From the current folder, clone Dradis git repository and point it to the latest release:

# git clone server
# cd server
# git checkout -b REL-2.7.1 REL-2.7.1
# cd ..

Reset the environment and run the server

# ./
# ./

If everything goes according to plan, you can now access Dradis on https://localhost:3004/ and in the top-right corner the version number will be 2.7.1.


Dradis 2.7.1 released!

This bug-fixing release features:

  • Several closed issues: #3, #4, #6, #7, #8 and #10.
  • A cleaner, leaner note editor:

And all the goodness introduced in 2.7.0:
  • Improved command line API with Thor (thor -T to view all commands)
  • New Configuration Manager to handle all plugin config settings
  • New Upload Manager that runs uploads in the background and updates the interface through Ajax
  • New plugins:
  • Updated plugins:
    • Nessus plugin supports .nessus v2
    • Vuln::DB import updated to support the latest release
  • Bugs fixed: #2888332, #2973256
  • Update Rails to 3.0.6


Dradis 2.7.0 in BackTrack 5

A couple of weeks ago, BackTrack 5 was released and it shipped with Dradis 2.7 out of the box. You can find your Dradis install in:


Run ./ to prepare the environment and ./ to start the Dradis server.

Kudos to the BT team.


Tidy up your note list

After a few days of testing, your Notes view can become a bit cluttered. Although we are already discussing how to fix this for future releases in this blog post we will see what can be done about it.

So image that you currently have something like this:

It is difficult to make some sense out of that mess. It would be nice if we could filter the Text shown for each issue and display just the Title field:

We are going to do this using a renderer function for our Text column. Fire up your editor and open


At around line#170, replace the existing renderer line with the following function:

What the new renderer does is look for notes that have a #[Title]# field defined and then extract the value of that title. Feel free to adjust the regular expression / extraction code to suit your needs.

After making the change, you need to delete the JavaScript bundle (autogenerated) and reload your browser:

$ rm ./server/public/javascripts/all.js

That's it, nice an easy. Now we have a much cleaner notes grid.