Announcements

11^th of March 2011

Dradis Framework live demo

You can try Dradis before downloading / installing. Check out our live demo at:

20^th of February 2011

Dradis Framework in Grey Hat Hacking 3rd Edition

Grey Hat Hacking 3rd edition has a full chapter on Information Sharing During a Penetration Test featuring the Dradis Framework extensively.

Installation, configuration, upload, export and import plugins, OSVDB configuration are all covered. Some quotes:

The Dradis Server is the best way to collect and provide information sharing during a penetration test.

The real magic of Dradis occurs when multiple users enter data at the same time.

Access may be granted to the client, enabling them to keep abreast of the current status at all times. Later, when the assessment is done, a copy of the framework database may be left with the client as part of the report.

11^th of February 2011

Dradis v2.6.1 released!

• Update Rails to 3.0.4 and RedCloth to 4.2.5
• Update the SSL certificate for 2011 (see ./server/conf/ssl/README)
• Deal with Burp Scanner's opinionated handling of null bytes
• Improve verify.sh to find Bundler even when not in the PATH
• Fix the start.sh script to use UNIX forward slash instead of Windows back slash

17^th of December 2010

Dradis Winter Week of Code 2010

The guys from the development team of MWR Infosecurity are going to be working full-time on Dradis for a week next week!

See the official announcement of the first ever Dradis Winter Week of Coding. If you want to start tinkering around with your own Dradis plugins or want to help out the project by advancing some of the stuff in the roadmap you are welcome to join.

Follow the progress on #dradis at irc.freenode.org and @dradisfw on Twitter.

3^rd of December 2010

Dradis v2.6 released!

• Improved performance across the board
• Upgraded libraries: Rails 3 and ExtJS 3.3
• New First Time User Content showing how to use the interface
• You still get all the old features
  • HTML and Word reporting plugin.
  • Burp Upload plugin so you can use Burp Scanner output.
  • Nikto Upload plugin to use your Nikto scan results.
  • OSVDB Import plugin straight from the OSVDB.
• Bugs fixed: #3021312, #3030629, #3076709.

30^th of November 2010

Do you want to contribute to Dradis?

We have updated the How to become a comitter page with the guidelines for commit access approval.

If you want to contribute with a plugin or a new feature, now it is easier than ever.

27^th of June 2010

Running Dradis inside Metasploit's Cygwin

Getting Dradis up and running in your Windows environment has never been easier. If you already have Metasploit installed, you can start using Dradis in a few minutes with the Running Dradis inside Metasploit's Cygwin tutorial.

19^th of May 2010

Running Dradis in Apache

Ever wanted to configure Dradis in Apache using mod_passenger? We just wrote the Running Dradis in Apache guide for the documentation section.

18^th of May 2010

dradis v2.5.2 released!

• Improved Note editor: bigger, easier to use and supports formatting!
• New First Time User Wizard
• Keep track of all the activity with the built-in RSS feed
• Plugin improvements
  • New HTML Export reporting plugin.
  • New Burp Upload plugin so you can use Burp Scanner output.
  • New Nikto Upload plugin to use your Nikto scan results.
• Upgraded libraries: ExtJS 3.1.1, Rails 2.3.5
• Bugs fixed: #2964273, #2932569, #2963253, #2974460.
• Security fixes

6^th of April 2010

Dradis in the ISSA Journal

The Dradis Framework has been featured in Russ McRee's Toolsmith column for the ISSA Journal. Read the blog post and the article

7^th of March 2010

dradis v2.5.1 released!

• Improved Note editor: bigger, easier to use and supports formatting!
• New First Time User Wizard
• Keep track of all the activity with the built-in RSS feed
• Plugin improvements
  • New HTML Export reporting plugin.
  • New Burp Upload plugin so you can use Burp Scanner output.
  • New Nikto Upload plugin to use your Nikto scan results.
• Upgraded libraries: ExtJS 3.1.1, Rails 2.3.5
• Bugs fixed: #2964273, #2932569, #2963253.

5^th of February 2010

dradis v2.5 released!

• Improved Note editor: bigger, easier to use and supports formatting!
• New First Time User Wizard
• Keep track of all the activity with the built-in RSS feed
• Plugin improvements
  • New HTML Export reporting plugin.
  • New Burp Upload plugin so you can use Burp Scanner output.
  • New Nikto Upload plugin to use your Nikto scan results.
• Upgraded libraries: ExtJS 3.0, Rails 2.3.5
• Bugs fixed: #2936554, #2938593.

31^st of October 2009

dradis v2.4.1 released!

Mainly minor changes and bug fixes:

• server:
  • Plugin improvements
    • Nmap Upload is now using the Nmap::Parser library.
    • Featuring the new OSVDB Import plugin to query the largest independent and open source vulnerability database.
  • Upload plugins. Better progress feedback. Improved error condition checking.
  • Note drag'n'drop.
  • New handy Rake tasks:
    • dradis:reset: When you are done with your project, use this task to start over. It clears the database and removes the uploaded files.
    • dradis:backup: If you want to create a backup of your current project, this is the right task for it.
  • Bugs fixed: #2881746, #2888245, #2889402.
• client:
  • Bugs fixed: #2888411.

29^th of October 2009

Hacker's Guide to dradis updated

The Hacker's Guide to dradis has been updated with additional information on how to use our Subversion repository.

16^th of October 2009

New Server Plugins

• Open Source Vulnerability Database (OSVDB) Import Plugin
• Nikto XML output Upload Plugin
• Burp Scanner XML Upload Plugin

Keep an eye on the forums for updates.

9^th of September 2009

dradis v2.4 released!

Mainly minor changes and bug fixes:

• server:
  • Plugin improvements
    • Nmap Upload is now using the Nmap::Parser library.
    • Featuring the new OSVDB Import plugin to query the largest independent and open source vulnerability database.
  • Upload plugins. Better progress feedback. Improved error condition checking.
  • Note drag'n'drop.
  • New handy Rake tasks:
    • dradis:reset: When you are done with your project, use this task to start over. It clears the database and removes the uploaded files.
    • dradis:backup: If you want to create a backup of your current project, this is the right task for it.
• client:
  • Bugs fixed: #2848909.

8^th of September 2009

Import Plugin Tutorial

A new tutorial is avaliable in the Information for Developers page: learn how to create your own Import Plugin.

In this tutorial you will learn how to create a dradis import plugin to import into the framework's repository information held in external systems.

The step-by-step guide shows how to create a plugin that queries the Open Source Vulnerability Database (OSVDB) to extract vulnerability information.

5^th of August 2009

dradis Framework presented in DEFCON 17

After much anticipation, we presented our framework at DEFCON 17 in Las Vegas this year.

picture by @roncharette

The talk went fine, good attendance and really good feedback and ideas from the attendees. Thanks for coming to see us!

The updated set of slides has already been sent to the organisers so they can update the official site. In the mean time:

2^nd of August 2009

dradis v2.3 released!

A new release full of DEFCON goodness:

• server:
  • upload plugins. A new server plugin category: import into dradis the contents of any file (nmap, nessus, etc.).
  • refactor the WordExport plugin:
    • create templates using Word only
    • convert any document into a dradis template in < 10 minutes
    • read more about it the WordExport templates tutorial.
  • project management plugin update:
    • create project templates for future re-use (read methodologies)
    • export project in .zip format (DB + attachments)
    • import projects/templates
    • checkout / commit project revisions from and to the Meta-Server (stay tuned, soon to be released)
  • email connector: you can pipe emails into the framework and get your messages (and attachments) added into the repository
  • enhanced nodes tree: filtering and quick actions buttons
• client:
  • new import extensions: Nessus and Qualys

1^st of July 2009

dradis framework in DEFCON 17

Oh yes! dradis framework is going to be in this year's DEFCON. Checkout the schedule and the talk summary.

29^th of June 2009

dradis framework in BackTrack 4

The dradis framework is now part of BackTrack 4. Checkout the Pre Release ISO.

Thanks to TheX1le, muts and the rest of the BT team for making this possible.

11^th of June 2009

dradis v2.2.0 released!

A new release with some juicy features:

• server:
  • add attachments to nodes
  • refresh buttons to the tree and the notes list
  • force webrick even if mongrel is installed (no SSL support in mongrel)
  • Rails runs in "production" mode
• client:
  • dradis can be used with wxRuby 2.0.0
  • better error handling for REST web service communication errors
  • easier REST credentials configuration in ./conf/dradis.xml

9^th of June 2009

New flash demo

dradis 2.2 flash demo available here.

3^rd of June 2009

dradis new logo

The project finally has a new logo:

It is the work of Matthew Rex Downham and it is released under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 license.

Ideas about the logo? Comments? Suggestions? Join the conversation at the community forums.

17^th of April 2009

dradis v2.1.1 released!

We have a new release with many of the features showcased at dc4420:

• server:
  • import/export plugin architecture
  • import/export plugin generators
  • sample WordXML export plugin
  • sample WikiMedia import plugin
• client:
  • import extention allows nmap output imports
  • import note from plain text file
  • more powerful add extension: add a note from the console

4^th of April 2009

dradis community forums

dradis community forums are open!

20^th of March 2009

dradis presentation at dc4420

dradis was presented at the Defcon London meeting yesterday. It was good fun and we had lots of valuable feedback. dc4420 - Thanks for the invitation!

Here are the slides: dradis - Effective Information Sharing.

8^th of March 2009

22^nd of February 2009

dradis v2.0.1 released!

After three weeks, over 60 commits and nearly 1k downloads of dradis 2.0.0 we have a new release:

• Smart command line parsing: the console client accepts multi-word parameters using quote characters
• The add extension brings back the ability to add nodes and categories from the console
• Close bug 2572271: ruby 1.8.7 compatibility fix for wxWidgets interface
• First security patch (and a new security reports page)
• Minor bug fixes

16^th of February 2009

New documentation and how-to guides:

• Screencast: Installing Dradis 2.0 on Backtrack 4.0 Beta (by dyngnosis).
• Client side extensions: Dradis extensions: how they work and how to write them
• How-to export the dradis repository to a Word report: dradis reporting: quick & neat word export

31^st of January 2009

dradis v2.0 released!

After a pre-release in DEFCON-16 dradis 2.0 is out with some awesome new features:-

• New web interface: demo.
• More flexibility: the new tree structure makes dradis useful for any type of testing.
• Improved security: with SSL support and user authentication.
• Better integration with other tools and systems through the new REST interface.

Read the full CHANGELOG.

11^th of November 2008

dradis 2.0 flash demo available here.

6^th of August 2008

dradis 2.0 (prerelease-vegas) will be presented at DEFCON-16 as part of john's Virtually Hacking presentation. New features:

• SSL communication between client and server.
• information is structured using a flexible nodes framework. Check the screenshots.
• the dradis Multiverse has arrived.

No official package has been created for this release, you will need to check out the trunk (client/trunk/ and server/trunk) of the subversion repository at sourceforge. [browse the web svn]

12^th of June 2008

We have created a one-click installer for Windows users. It takes care of all the prerequisites and dependencies.

4^th of April 2008

dradis v1.2 released!

• client:
  • export to XML module is now part of the standard module set.
  • a new implementation of the command line parser: now it is possible to use single and double quotes to pass multi-word arguments to the different commands.
  • fixed the window.rb:159 bug.
• server:
  • a slightly less annoying implementation of the web interface auto refresh functionality.
  • the services added through the web interface can have a name now :)
  • simple prevention against embedded XSS.

29^th of February 2008

dradis v1.1 released!

• New client GUI that runs in Linux, Windows and Mac OS (screenshots).
• New web interface.
• Improved step-by-step install and setup instructions.
• New modules:
  • Export to XML.
  • nmap: run nmap from dradis and store the results in the knowledge base.