Lead Image © kritiya, 123RF.com
Automated health checks
Vital Signs
In most cases, the basis for collaboration is good communication and documenting processes, events, and results. Today, you have access to countless tools and frameworks for this process, often specialized for particular kinds of work. London-based Security Roots is the developer of the open source Dradis [1] software for IT security teams. The framework creates standardized reports specifically for security checks, helps teams prepare for penetration testing of IT infrastructures, and organizes the implementation and evaluation.
Security experts often use an expansive kit of tools, each with its specific focus, when carrying out penetration tests. Although some of these tools support standardized output formats for the results, the penetration tester is then ultimately forced to compile and organize things on their own to create a comprehensive report for all the tests. Because no uniform standards exist for organizing or creating reports from the individual results, the developers at Dradis stepped in with a web application that acts as a central interface for the penetration testing process.
The free community version allows several employees to work on one project per instance. You can use various plugins to provide data from common penetration testing tools within the scope of the project, including add-ons for Metasploit, Nessus, Nikto, and Nmap.
First Steps in the Container
Of the various installation options for viewing Dradis in action, I'll first take a quick look at the Docker image:
docker run -it --rm -p 3000:3000 dradis/dradis-ce
Of course, you can also download sources from the Git repository [2] and install the software on your local system. If you have access to Heroku or DigitalOcean, you can install Dradis there directly from
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- Penetration Testing DVD Backtrack Version 4 R1 Released
-
Kali Linux is the complete toolbox for penetration testing
The Kali Linux distribution is a complete toolbox for penetration testing. -
PowerShell add-on security modules
Numerous PowerShell add-on modules provide security and attack functions for penetration tests and forensic analyses, to help admins search for vulnerabilities in their networks. -
Test your system to help fight phishing attacks
The Gophish phishing framework lets you set up your own phishing campaigns to identify vulnerabilities and make users aware of these dangers. -
Open source intelligence tools for pen testing
Automating the pen test discovery process in the era of IoT, the cloud, and social media.