SlideShare a Scribd company logo

dradis Framework: Overview

E
etd

Dradis is a system designed for effectively sharing information among penetration testers. It uses a client-server architecture and multiple interfaces to allow information from tests to be organized, shared in real-time, and included in reports to save time and improve quality. The goals were to create an easy to use and flexible system that promotes effective knowledge sharing whether used by individuals or teams doing on-site testing.

TechnologyBusiness
1 of 23
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
dradis Dradis Daniel Martín Gómez etd[-at-]nomejortu.com september '07 1
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
scenario: where are we? ➔ Penetration testing is about information ✔ port scan ✔ vuln. scan Information Discovery ✔ web app scan ✔ ... ✔ metasploit Exploiting ✔ milw0rm ✔ ... ✔ reporterator Reporting ✔ word ✔ pdf tools ✔ ... 3
scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator 4
scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping while testing ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator Does this sound anywhere near Quality or Efficiency? 5
scenario: where are we? What is DRADIS? < 6
Agenda ➔ Scenario: where are we? ➔ System design
system design ➔ Goals and chalenges ✔ create a system to effectively share information 8
system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted 9
system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ flexibility => growth ; good design 10
system design ➔ Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ✔ small and portable, so it can be used on site 11
system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed 12
system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting 13
system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing 14
system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ not too restrictive ✔ flexibility => growth ; good design ✔ small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing ➔ it is also good for one man testing 15
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture
architecture DRADIS ➔ Client / Server architecture ➔ Coded in Ruby ➔ Multiple interfaces ➔ Different user profiles 17
architecture SOAP Database Web 18
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
what's next? ➔ Give it a try! < Feature requests DRADIS ➔ ➔ Improve it yourself ➔ It will be released under GPL ➔ Hopefully on sourceforge 22
dradis ¿Questions? Daniel Martín Gómez etd[-at-]nomejortu.com september '07 23

More Related Content

PDF
Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...
UK Carbon Capture and Storage Research Centre
 
PDF
Defcon17 - dradis Framework: sharing information will get you root
etd
 
PPTX
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...
Intelligent Software Solutions
 
PDF
Beyond the Scrum Team: Delivering "Done" at Scale
Tasktop
 
PDF
Scaling Small App
Sabbir Ahmmed
 
PDF
BLUG 2013 - Mobile Application Delivery - Choices, choices, choices
René Winkelmeyer
 
PPTX
Streamlining Nonprofit Organizations: It's All About the Cloud
Debra Askanase
 
PPTX
Streamlining Nonprofit Organizations - It's all About the Cloud!
Marc Baizman
 
Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...
UK Carbon Capture and Storage Research Centre
 
Defcon17 - dradis Framework: sharing information will get you root
etd
 
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...
Intelligent Software Solutions
 
Beyond the Scrum Team: Delivering "Done" at Scale
Tasktop
 
Scaling Small App
Sabbir Ahmmed
 
BLUG 2013 - Mobile Application Delivery - Choices, choices, choices
René Winkelmeyer
 
Streamlining Nonprofit Organizations: It's All About the Cloud
Debra Askanase
 
Streamlining Nonprofit Organizations - It's all About the Cloud!
Marc Baizman
 

Similar to dradis Framework: Overview (20)

PDF
[Christopher Ngo] Intro DevOPS XP Day 2015
Agile đây Vietnam
 
PDF
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOpsDays Tel Aviv
 
PDF
Drupal and Devops , the Survey Results
Kris Buytaert
 
PPTX
Intro to Cloud Native _ v1.0en (2021/01)
Young Suk Ahn Park
 
ODP
Devops for drupal
Kris Buytaert
 
PDF
The Final Frontier, Automating Dynamic Security Testing
Matt Tesauro
 
ODP
The Cloud: CIO\'s Perspective
Ivo Vachkov
 
PDF
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays
 
PDF
Moby is killing your devops efforts
Kris Buytaert
 
PDF
Cynthia Wu: Satisfaction Not Guaranteed
Anna Royzman
 
PDF
South Coast Summit 2021 - 12 months of power automate pain
Peter Baddeley
 
PDF
Automation Patterns for Scalable Secret Management
Mary Racter
 
PDF
Enterprise system implementation strategies and phases
John Cachat
 
PPTX
Continuous Delivery: why ? where to start ? how to scale ?
Jean-Philippe Briend
 
PPTX
Executing for Every Screen: Build, launch and sustain products for your custo...
Steven Hoober
 
PDF
Lunch & Learn BigQuery & Firebase from other Google Cloud customers
Daniel Zivkovic
 
PDF
Agile and Secure
Denim Group
 
PPTX
Measure and Accelerate Your Software Delivery
Anand Chauhan
 
PDF
Understanding the Cloud
www.datatrak.com
 
PPT
Move your SharePoint Development to the Cloud
Chris Riley ☁
 
[Christopher Ngo] Intro DevOPS XP Day 2015
Agile đây Vietnam
 
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOpsDays Tel Aviv
 
Drupal and Devops , the Survey Results
Kris Buytaert
 
Intro to Cloud Native _ v1.0en (2021/01)
Young Suk Ahn Park
 
Devops for drupal
Kris Buytaert
 
The Final Frontier, Automating Dynamic Security Testing
Matt Tesauro
 
The Cloud: CIO\'s Perspective
Ivo Vachkov
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays
 
Moby is killing your devops efforts
Kris Buytaert
 
Cynthia Wu: Satisfaction Not Guaranteed
Anna Royzman
 
South Coast Summit 2021 - 12 months of power automate pain
Peter Baddeley
 
Automation Patterns for Scalable Secret Management
Mary Racter
 
Enterprise system implementation strategies and phases
John Cachat
 
Continuous Delivery: why ? where to start ? how to scale ?
Jean-Philippe Briend
 
Executing for Every Screen: Build, launch and sustain products for your custo...
Steven Hoober
 
Lunch & Learn BigQuery & Firebase from other Google Cloud customers
Daniel Zivkovic
 
Agile and Secure
Denim Group
 
Measure and Accelerate Your Software Delivery
Anand Chauhan
 
Understanding the Cloud
www.datatrak.com
 
Move your SharePoint Development to the Cloud
Chris Riley ☁
 
Ad

Recently uploaded (20)

PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PDF
August Patch Tuesday
Ivanti
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Encapsulation theory and applications.pdf
gurumoop
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
project resource management chapter-09.pdf
ssuser00e6e21
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
August Patch Tuesday
Ivanti
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Ad

dradis Framework: Overview

  • 1. dradis Dradis Daniel Martín Gómez etd[-at-]nomejortu.com september '07 1
  • 2. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
  • 3. scenario: where are we? ➔ Penetration testing is about information ✔ port scan ✔ vuln. scan Information Discovery ✔ web app scan ✔ ... ✔ metasploit Exploiting ✔ milw0rm ✔ ... ✔ reporterator Reporting ✔ word ✔ pdf tools ✔ ... 3
  • 4. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator 4
  • 5. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping while testing ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator Does this sound anywhere near Quality or Efficiency? 5
  • 6. scenario: where are we? What is DRADIS? < 6
  • 7. Agenda ➔ Scenario: where are we? ➔ System design
  • 8. system design ➔ Goals and chalenges ✔ create a system to effectively share information 8
  • 9. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted 9
  • 10. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ flexibility => growth ; good design 10
  • 11. system design ➔ Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ✔ small and portable, so it can be used on site 11
  • 12. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed 12
  • 13. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting 13
  • 14. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing 14
  • 15. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ not too restrictive ✔ flexibility => growth ; good design ✔ small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing ➔ it is also good for one man testing 15
  • 16. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture
  • 17. architecture DRADIS ➔ Client / Server architecture ➔ Coded in Ruby ➔ Multiple interfaces ➔ Different user profiles 17
  • 18. architecture SOAP Database Web 18
  • 19. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation
  • 20. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo
  • 21. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
  • 22. what's next? ➔ Give it a try! < Feature requests DRADIS ➔ ➔ Improve it yourself ➔ It will be released under GPL ➔ Hopefully on sourceforge 22
  • 23. dradis ¿Questions? Daniel Martín Gómez etd[-at-]nomejortu.com september '07 23