Overview

dradis is an open source tool for sharing information during Security Testing.

While plenty of tools exist to help in the different stages of the test (information gathering, discovery, exploitation, etc.) not so many exist to share interesting information captured.

When a team of testers is working on the same set of targets having a common repository of information is esential to avoid duplication of efforts. Nevertheless, having all the information in a single place will make the task of reporting a lot easier :)

Not sharing the information available in an effective way will result in exploitation oportunities lost and the overlapping of efforts.

Project goals and benefits

Four main goals have driven and will drive the development of dradis:

• effective information sharing
• ease of use, ease of adoption
• flexibility
• smallness and portability

The main benefits derived from the use of dradis are:

• information is organized
• it saves time, both while testing and while reporting
• the knowledge is effectively shared
• it is also good for one-man testing

Since flexibility is one of the design goals, dradis can be extended using a powerful module interface. You can easily create modules to add new functionality or to connect dradis to other tools and systems that are part of your current security testing methodology.

Although the developer manual is not ready yet, there is plenty of documentation in the source code (also available via rdoc). You can also use the discuss & contribute page to browse through the core and contributed modules.