Yearly Archives: 2011

New in Dradis Pro v1.2

A new version of Dradis Pro is available to download. Apart from performance tweaks and bug fixes the major improvements in this release are smart refresh and project templates.

Project templates

Project methodologies can be used to provide a template for new projects.

It is likely that project of a given class (e.g. webapp assessment) will have a similar structure (e.g. scope, authentication, access control, etc.).

You can use a project methodology to create a template that contains the standard nodes and notes required for a specific project class.

You can also use the methodology to ensure that certain checks are always performed (e.g. verify logout implementation) ensuring that all your projects are consistent.

Smart refresh

Get instant updates with the information your team mates are adding to your Dradis project:

Dradis 2.8 smart Ajax refresh por etdsoft

[this feature will also be available in the upcoming community Dradis 2.8]

Want to give it a try?

If you would like to give Dradis Pro a try, please contact us or ping us on Twitter: @securityroots.

Find out more:
http://securityroots.com/dradispro/

New in Dradis Pro v1.1

These are some of the new features in Dradis Professional edition:

New layout

  • Three-columns to maximize the amount of useful information on screen
  • Better context menus: add special node types and reassign notes easily

Advanced XSLT reporting

Dradis Pro now generates an intermediate XML file containing all your notes. This will contain both the raw Text and the custom fields you created for each note:

  
    
      
      
        Value1
        Value2
        [...]
      
    
    [...]
  

Then a XML transformation can be applied to this document to generate a report.

You can see a couple of XSLT files in ./vendor/plugins/advanced_word_export/templates/:

  • basic.xslt: is a very basic transform that just creates a new XML document from the data in the Dradis XML.
  • simple_report.xslt: is a transform that generates a WordXML document.

Create custom fields in your notes:

And use them in your reports, in any way you need:

So with 1.1, if you’re so inclined, you can create your own XSLT transforms to produce your reports in no time. Word is just one example. Any XML-based format is generated just as easily.

Of course if you don’t have an in-house XSLT-wizard at Security Roots we will be more than happy to help and create custom XSLT for your organization in no time! Report customization was always part of our professional services offering.

Other changes

  • An independent version module! Finally an easy way to know what version of Pro are you running.
  • Improved table styling inside notes
  • Rails 3.0.10
  • Bug fixing (read-only records, sign up process, project edit form…)

Dradis 2.7.2 released!

This bug-fixing release which includes:

  • Several closed issues: #5, #9, #13, #14, #15, #16, #19, #20.
  • Improved startup scripts
  • Update Rails to 3.0.9

And all the goodness introduced in 2.7.1:

  • A cleaner, leaner note editor
  • Improved command line API with Thor (thor -T to view all commands)
  • New Configuration Manager to handle all plugin config settings
  • New Upload Manager that runs uploads in the background and updates the interface through Ajax
  • New plugins:
  • Updated plugins:
    • Nessus plugin supports .nessus v2
    • Vuln::DB import updated to support the latest release
  • Bugs fixed: #3, #4, #6, #7, #8, #10, #2888332, #2973256

Dradis 2.7.2 released! download now

Announcing Dradis Professional Edition

Note: this is a cross-post and can be found in the Dradis blog too.

Today I am pleased to announce Dradis Framework Professional Edition. Back in 2007 when I started the Dradis Framework project I could have not anticipated the success that it would had. Four years, 3,000 commits, 19,000 downloads and 19 releases later we are still making a difference for hundreds of security professionals (and aficionados) out there.

Dradis was announced in the 1st edition of MWRICON after many hours of late-night coding. Today we have three full committers, a small number of trusted partial committers and dozens of contributors. Dradis 2.0 was a big thing, and when Dradis was featured in the Offensive Security‘s Metasploit Unleashed it was even bigger and Russ McRee’s coverage for the toolsmith column of ISSA’s magazine and our own chapter in Grey Hat Hacking and being included in BackTrack since BT4 and the talks at DC4420 and DEFCON 17 and so many other articles and references.

It was encouraging that some people believed in the project from the beginning. I am grateful that my current employer (NGS Secure which was still called NGSSoftware when I joined) and my previous one (MWR InfoSecurity) let me carry on working on Dradis as my side project and even gave me time to continue improving the tool.

We have gone a long way… it was only matter of time that organizations whose consultants were already using Dradis approached me to get some help to further tailor Dradis to their needs. Some times this consisted on helping them with small tweaks they were making to the code, others it consisted in developing for them full-blown custom plugins to interconnect Dradis to their other systems or to produce reports in their particular format. That is why I started Security Roots Ltd in 2010.

Dradis was started by a security consultant, with the security consultant’s needs and goals in mind (share information with the other teammates, portable, platform-independent, etc.). These are a subset of the needs and goals of the organization to which these consultants belong. The Technical Director of a security company understands the benefits of consultants using Dradis, but he needs more. He wants all his teams to work with Dradis in a standardized way. He wants everyone in the team to be able to use the latest version of Dradis without having to bother about upgrading and dependencies. He wants to be able to see how the different teams are doing, quickly check each team’s findings, maybe even extract some metrics or generate interim reports for clients with the critical issues already captured by the teams.

Enter Dradis Framework Professional Edition, a virtual appliance that leverages the advanced features of Dradis and extends it to enable multiple teams to work concurrently:

  • It provides a centralized information repository:
    • Information is always available: during the project and afterwards.
    • Quickly inspect the project history or review the projects for a given user.
    • Ideal for teams that work across multiple time zones.
  • Hassle-free deployment: power up the virtual appliance and you and your team can start working and sharing information.
  • The virtual appliance is easy to update and backup.
  • Bundled with Vuln::DB, import issues to your Dradis projects from the central issue database.

I am thrilled about the prospect of making consultants’ lives ever easier, helping organizations to work more effectively and to make sure their clients receive the best value for money. Let the consultants focus on what they are good at and what they enjoy most: breaking things while we minimize the hassle associated with the back-end tasks required to coordinate their efforts.

This is a great opportunity to make a difference. Let’s make the most of it.

Daniel
Lead developer

Windows cannot find ‘blunder’ error on Dradis 2.7.1

Update May/26: An updated installer has been published that fixes the issue described below and is available through the download page.

The Dradis 2.7.1 Windows package (dradis-v2.7.1-setup.exe) that we released yesterday contains a typo in in one of the batch files: server.bat.

If you try to run the file directly or through the Start menu start server icon, you will get an error message:

Windows cannot find ‘blundler’. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

In order to fix this open the file in an editor (go to the Start menu icon, right click > Edit) and adjust it to:


@echo off

::If the script doesn't work, uncomment and adjust the following:
set PATH=c:\Ruby187\bin;%PATH%
set RAILS_ENV=production
set BASE=%~dp0
cd %BASE%\server\

start "Dradis Framework Server (Ctrl+C to terminate)" bundle exec rails server webrick

Thanks to Doug Ipperciel for bringing this to our attention.

5 comments:

  1. Unknown said,its not working on my windows 8 version
    ON 16 DECEMBER 2012 AT 15:38
  2. Unknown said,my message says

    bundle
    windows cannot find ‘bundle’.Make sure you typed the name correctly and then try againON 16 DECEMBER 2012 AT 15:41
  3. Unknown said,hey got it to work thanks my bad i install it on xp very simple then 7 then 8 pretty goodON 16 DECEMBER 2012 AT 17:20
  4. Anonymous said,not working on v 2.9 yetON 26 SEPTEMBER 2015 AT 04:36
  5. Unknown said,It works. Thank you for sharing. If you have problems with dll files, look there http://fix4dll.com/mfc110u_dll. I had a problem with it, do not run the program’s. After fixes dll files, everything worked. Good luck.ON 2 JUNE 2016 AT 15:40

Dradis 2.7.1 released!

This bug-fixing release features:

  • Several closed issues: #3, #4, #6, #7, #8 and #10.
  • A cleaner, leaner note editor:

And all the goodness introduced in 2.7.0:

  • Improved command line API with Thor (thor -T to view all commands)
  • New Configuration Manager to handle all plugin config settings
  • New Upload Manager that runs uploads in the background and updates the interface through Ajax
  • New plugins:
  • Updated plugins:
    • Nessus plugin supports .nessus v2
    • Vuln::DB import updated to support the latest release
  • Bugs fixed: #2888332, #2973256
  • Update Rails to 3.0.6

download now

Upgrading from Dradis 2.7.0 to 2.7.1

This week we are releasing Dradis Framework 2.7.1 which closes several bugs and brings a new note editor.

If you’re new to Dradis or upgrading from an older (2.6.x, 2.5.x…) release, go ahead and download the full package from the downloads page.

However, if you already have a working install of Dradis 2.7.0 maybe you don’t want to run the Windows installer again, or wait until your distro prepares an updated version of the package (did you know that BackTrack 5 shipped with Dradis 2.7.0?). Here is how to get the latest 2.7.1 code up and running.

Go to your install location:

In Windows:

c:\> cd %APPDATA%\dradis-2.7


In BackTrack:

# cd /pentest/misc/dradis


Backup the old server folder:

# mv server 2.7.0-server


Now you have a decision to make: upgrade to 2.7.1 or clone the Dradis repository so you can upgrade to 2.7.1 but also to any forthcoming releases (recommended)

Upgrading to 2.7.1

Download and uncompress the tarball for Dradis server 2.7.1 from GitHub:

https://github.com/dradis/dradisframework/tarball/REL-2.7.1

Uncompress in the drads-2.7 folder renaming the extracted directory to just server.

Using git repository for easy upgrading

From the current folder, clone Dradis git repository and point it to the latest release:


# git clone https://github.com/dradis/dradisframework.git server
# cd server
# git checkout -b REL-2.7.1 REL-2.7.1
# cd ..

Reset the environment and run the server


# ./reset.sh
# ./start.sh

If everything goes according to plan, you can now access Dradis on https://localhost:3004/ and in the top-right corner the version number will be 2.7.1.

Dradis 2.7.1 released!

This bug-fixing release features:

  • Several closed issues: #3, #4, #6, #7, #8 and #10.
  • A cleaner, leaner note editor:

And all the goodness introduced in 2.7.0:

  • Improved command line API with Thor (thor -T to view all commands)
  • New Configuration Manager to handle all plugin config settings
  • New Upload Manager that runs uploads in the background and updates the interface through Ajax
  • New plugins:
  • Updated plugins:
    • Nessus plugin supports .nessus v2
    • Vuln::DB import updated to support the latest release
  • Bugs fixed: #2888332, #2973256
  • Update Rails to 3.0.6

download now

Open-source project released: passdb

On Wednesday we released passdb a Ruby gem to search CIRT.net’s default password database.

We have decided to host our gem’s source code in GitHub (which we will be using in the future to host all our open-source contributions). Find the repository, documentation and install instructions in:

https://github.com/securityroots/passdb

Future plans for the library include adding an option to submit new entries, so the guys at CIRT.net can keep their database updated with the latest additions.

Feel free to fork and submit pull requests. If you find the library useful or have suggestions for improvements, we will love to hear about them.