This post is more of a note for myself then an interesting technical stuff but it might be useful for somebody else as well.

You might already know the Dradis Framework if not check it out here. It is basically a note taking web application which focuses on penetration tests and other security assessments. It allows testing teams to quickly share the collected information about the tested environment with each other.

If I remember correctly some times ago Dradis was included in Backtrack by default however I didn’t find it in my newly installed BT 5R3. It is quite simple to get it up and running but I tend to forget such things, hence this blog post. So our goal will be to get Dradis working.

Installation

It is a piece of cake to install Dradis because it’s available in the apt repository of Backtrack:

root@bt:~# apt-get install dradis

It will ask whether you want to initialize the database, I just chose initialize all.

After the installation had been completed the framework is available at /pentest/misc/dradis.

Starting

You can start the framework with the /pentest/misc/dradis/start.sh script:

Don’t believe the logs, Dradis will listen on https://127.0.0.1:3004 instead of http. You can simply load it in the browser. At the first start you will get the information page which you can read through and when you are ready just click the back to the app link.

In Dradis there is a shared password for every users. There is a reason for that but I don’t really want to go into this, let’s just accept it. First you will have to create the shared password and initialize the system. When the password is ready you will get the login page and you can just choose a username and log in. If the user doesn’t exist, it will be created (again, shared password policy). If everything went fine you will get the following empty home page:

You can start importing you databases and scan results and sharing your stuff with your hacker buddies, but that is another story.