dradis framework - 情報セキュリティ株式会社...information security confidential -...
TRANSCRIPT
Information Security Inc.
Dradis Framework
Information Security Confidential - Partner Use Only
Contents
2
• About Dradis
• Dradis Architecture
• Features
• Dradis Goals
• Testing Environment
• Required packages
• Installing Dradis
• Using Dradis
• References
Information Security Confidential - Partner Use Only
About Dradis
3
• Dradis is an open-source collaboration framework, tailored to
InfoSec teams
Information Security Confidential - Partner Use Only
About Dradis
4
• Two editions of Dradis Framework:
• Dradis Framework Community Edition (CE): open-source and available freely under the
GPLv2 license
• Dradis Framework Professional Edition (Pro): includes extra features that are more
useful for organizations dealing with bigger teams and multiple projects at a time
Information Security Confidential - Partner Use Only
Dradis Architecture
5
Information Security Confidential - Partner Use Only
Features
6
• Platform independent
• Markup support for the notes: text styles, code blocks, images,
links, etc.
Information Security Confidential - Partner Use Only
Features
7
• Integration with existing systems and tools:
Brakeman
Burp Suite
MediaWiki
Metasploit
Nessus
NeXpose
Nikto
Nmap
OpenVAS
….. Full list (https://dradisframework.com/ce/addons/)
Information Security Confidential - Partner Use Only
Dradis Goals
8
• Share the information effectively
• Easy to use, easy to be adopted. Otherwise it would present little
benefit over other systems
• Flexible: with a powerful and simple extensions interface
Information Security Confidential - Partner Use Only
Testing Environment
9
• Kali Linux 2017
Information Security Confidential - Partner Use Only
Required packages
10
• apt-get install libsqlite3-dev
• apt-get install libmariadbclient-dev-compat
• apt-get install mariadb-client-10.1
• apt-get install mariadb-server-10.1
• apt-get install redis-server
Information Security Confidential - Partner Use Only
Installing Dradis
11
• Installing Dradis on Kali Linux
• Installing required packages
Information Security Confidential - Partner Use Only
Installing Dradis
12
• Update “bundler”
Information Security Confidential - Partner Use Only
Installing Dradis
13
• Installing from GitHub
Information Security Confidential - Partner Use Only
Installing Dradis
14
• Installing from GitHub
Information Security Confidential - Partner Use Only
Installing Dradis
15
• Installing from GitHub
Information Security Confidential - Partner Use Only
Installing Dradis
16
• Setting up the app
• Fire up the server by running the following command
Information Security Confidential - Partner Use Only
Installing Dradis
17
• Point your browser to: http://localhost:3000
• Configure the shared password by entering it and confirming it:
Information Security Confidential - Partner Use Only
Installing Dradis
18
• Create a username, then enter the password you created above:
Information Security Confidential - Partner Use Only
Installing Dradis
19
• In a new tab in your terminal, start the Background worker that is
needed to upload and parse tool output
Information Security Confidential - Partner Use Only
Using Dradis
20
• The installation process is completed
Information Security Confidential - Partner Use Only
Using Dradis
21
• Importing nmap results
• Nmap scan saving output to Dradis.xml
Information Security Confidential - Partner Use Only
Using Dradis
22
• Importing Dradis.xml
Information Security Confidential - Partner Use Only
Using Dradis
23
• Importing Dradis.xml
Information Security Confidential - Partner Use Only
Using Dradis
24
• Host properties
Information Security Confidential - Partner Use Only
References
25
• Kitploit
http://www.kitploit.com/2017/10/dradis-framework-collaboration-and.html
• Kali Linux
https://www.kali.org/downloads/
• Dradis CE (Community Edition)
https://dradisframework.com/ce/
• Installing Dradis on Kali Linux
https://dradisframework.com/ce/documentation/install_kali.html
• Installing Dradis from GitHub
https://dradisframework.com/ce/documentation/install_git.html