usefulfor.com/security security dojo

30Jan/090

dradis v2.0 – flexibility unleashed

It has been a long time since the last formal release of dradis (remember the dradis v1.2 one-click installer?). But that does not mean we have been doing nothing in the mean time ;-)

We have been working as hard as one can work: over 487 commits since then (check the stats), we went to DEFCON 16 where a pre-release of the new dradis v2.0 was showcased... But finally we are here, there is a new release ready for you to try and get addicted to!

Lots of new features: new web interface (+10 neatness, +20 usability), new internal architecture (+30 flexibility), new built-in modules (+10 usefulness)...

Changes in the Server

First, we can start having a look at the new web interface:-

As you can see there are no Hosts/Protocols/Services in the screenshot above. It is just a tree of Nodes, and nodes can be anything, hosts, applications, locations, countries... you name it. This gives you the flexibility that was missing in previous releases, you can now use dradis for pentest, web apps, wireless, etc. No restrictions, you can structure your information in the most efficient way.

dradis is built on top of the Rails framework, and with the evolution of Rails comes the evolution of our tool. We now expose our web services through REST, this goes a long way towards extending and connecting dradis with your own tools.

Have you noticed the https:// in the enlarged image? That's right! This release comes with security! (tm). SSL transport and user authentication are finally here.

And as for the fancy, shiny look, we are using ExtJS 2.2 to build the interface. Awesome cross-browser functionality.

Changes in the Client

To match the changes made on the server, we have updated the wxWidgets client to the new Node tree structure. Communication is through SSL, and uses REST web services.

The console interface that was broken in the pre-release is working again, to the delight of hardcore testers and extension developers.

Some obscure re-factoring of the code took place to prepare the different components of the client to work with the Multiverse (not fully complete, not released yet). Some less obscure changes were made to the modules architecture and now we have renamed them to extensions. Old modules will still work in v2.0 only with minor tweaks (john's string encoding extension is now built in and was ported by changing two lines of code 8O).

And for tomorrow we have...

Last but not least, we need to say that there is still lots to be done, lots of enhancements and cool features to add to the framework. Some of them have already been spotted (checkout the roadmap) and some of them will come through feature requests (yes, if you like this or that cool new feature implemented,let us know: feedback[ {at} ]nomejortu{ [dot] }com).

We are all excited about what we have accomplished so far, by the feedback we got from some of the industry's leading professionals. We believe we are already making a difference for the people using dradis in their day-to-day testing, and intend to keep it going, improving a tool that will let us all focus on what we really want: hack them.

Popularity: 6% [?]

Share and Enjoy:
  • Digg
  • del.icio.us
  • Slashdot
  • Technorati
  • Meneame
  • Twitter
Filed under: Tools Leave a comment
Comments (0) Trackbacks (3)

No comments yet.


Leave a comment


dradis
dradis v2.0 Released - Open Source Security Reporting Tool at bLackhammer.org
Consola Open Source de Reportes de Seguridad…dradis v2.0!!! «
« Bypassing Java thick client SSL checks DeepSec 2008 »

Popular Posts

Categories

Archive