Advanced Penetration Testing for Highly:Secured Environments(Second Edition)
上QQ阅读APP看书,第一时间看更新

Introduction to the Dradis framework

The Dradis framework is a Rails application that can be used to help manage the data overload that can occur when pentesting. With its user-friendly web-based interface, it simplifies data collection throughout the testing cycle, and is priceless when sharing data with your team members.

When combining disparate data sources, such as Nmap, Nessus, and even Metasploit, you will typically need to build some sort of database and then use various methods of managing the imports. Dradis has plugins that allow you to import this data with just a few clicks. Dradis also allows you to upload attachments such as screenshots or to add your own notes to the database.

Tip

The Dradis framework can be installed on Linux, Windows, or OSX.

The Dradis server can be started by clicking through the shortcut menu Applications | ReportingTools | Dradis.

Once the server has started, the browser will open to the location for Dradis.

An example of the splash page for Dradis is shown in the following screenshot.

Tip

The browser will present you with warnings, as the certificate is self-signed. Add the certificate to your exceptions list and continue to the site.

In order to set the shared password for the server, you will need to click on the back to the app link in the top-right corner of the page.

An example of the welcome page for Dradis is shown in the following screenshot:

The Dradis framework uses a password that is shared by all team members. Enter a password of your choice in the Password field.

Tip

Never reuse passwords!

Once you have entered your password and confirmed it, click on the Initialize button to continue. This will set up the new password and accept the default Meta-Server options.

You will now be able to choose a new username in the Login field. The user login field is used for informational purposes only and will not affect the work area. Type the shared server password into the Password field. Once you click on the Login button, you are presented with the primary Dradis work area.

We will begin setting up our Dradis environment by creating a new branch to represent our penetration test. These branches allow you to manage your findings based on various user-created criteria.

  1. Click on the add branch button displayed in the toolbar at the top of the application window.
  2. The new branch will be ready for you to rename it. Overwrite branch #2 with PracticePenTest and press Enter.
  3. Right-click PracticePenTest and select add child to start your hierarchy.
  4. Experiment a bit and add additional folders. Start thinking about how you would like to have your data arranged for easy access and manageability.

A suggested folder hierarchy is as follows:

  • Planning
  • Reconnaissance and Enumeration
  • Vulnerability Analysis

This is just a small sampling of what you could potentially place into this tool. An example of a project tree that could hypothetically be used for data collection during a penetration test is shown in the following screenshot:

Exporting a project template

The testing will consist of a series of planned stages and procedures that do not fluctuate much from one test to another. To take full advantage of this fact, we will be creating a reusable template.

With the PracticePenTest node selected, we will click on the export icon in the top menu bar. When expanding the Project export menu, we are presented with the As template option. Clicking this will allow us to save the project template as an .xml file.

Save the file to your Kali Downloads folder and keep the default name of dradis-template.xml. Go back to your Dradis web application window, select the PracticePenTest node, and delete it by right-clicking on it and then choosing Delete node.

Importing a project template

The PracticePenTest node has been deleted along with the rest of our data. Now, it is time for us to reuse it, so we need to import the dradis-template.xml file. Click on Import from file from the menu bar and select old importer. Select Project template upload from the drop-down menu and click on Upload to complete the import sequence. Once it has refreshed the screen, we have two new folders in place: one named Uploaded files and then, of course, our original PracticePenTest node structure.

Preparing sample data for import

To fully appreciate the value of the Dradis framework, we will be generating some test results using some of the tools commonly used in penetration and vulnerability testing. Most of you probably have some familiarity with these tools, so we will not cover them in depth.

The first thing we need to do is to use our Kali Linux machine. If it is not up and running, start it and log in to the machine.

Tip

You may have noticed that you are running as root. Many of the tools you will be using require administrative rights to function properly.

Change the directory to Downloads and then make yourself a new directory named testData. This will be used to store the few exports we will be using. Change your present working directory to /Downloads/testData:

# cd Downloads/
# mkdir testData
# cd testData/

Now, we will be using nmap to generate data that will later be imported into Dradis:

 nmap -vv -O -sS -A -p- -Pn -oA nmapScan 127.0.0.1

The preceding command initializes Nmap to run against the localhost and instructs it to send the results to three file types: XML, standard, and grepable. As a directory was not specified, the files will be placed into the present working directory. We are performing a very verbose TCP SYN scan against all ports with OS and version detection in which the command treats all hosts as online.

Importing your Nmap data

With the Dradis web console open and the PracticePenTest project tree loaded, select Import from file, old importer, and then, in the Import from file menu, select the Nmap upload format, and click on the folder icon to the right of the Select a file: input field. Browse to and highlight the nmapScan.xml file, and click on Open. An example of this is shown in the following screenshot:

Clicking on Upload will complete the import. It will take a few moments to process the data. The length of time it takes to process is proportional to the amount of data you have. An example of the view after the command has completed is shown in the following screenshot:

The import has added an additional node to our tree. This can be moved to whichever location in the PracticePenTest node you would like it to be in by dragging it with the left mouse button. By moving the 127.0.0.1 scan result into the logical hierarchy of PracticePenTest, it is now easy to associate it with this penetration test and other correlating data. An example of the view after the data has been moved to the appropriate location is shown in the following screenshot:

Exporting data into HTML

One of the benefits of using this type of centralized data collection is that you will be able to set certain flags on notes to have the data exported into PDF, MS Word, or HTML format.

With Dradis up and running, we will need to select the PracticePenTest node and click on the Add note button in the workspace to the right of your project tree. Type This is a note into the editor that pops up, and then click on Save. This will add your note to the list.

Tip

These notes are critical to your penetration test and should be carefully thought-out and clearly written. Avoid using notes that only make sense in the current context, as you may need to revisit these at a later date.

Dradis Category field

You will not always want to export everything into your reporting formats. To address this fact, the Dradis development team added the Category field. This field will flag the data to be exported into the various formats available. In this case, we will right-click on the default category text listed to the right of our new note titled This is a note. Choose the HTMLExport ready option from the drop-down menu. An example of this is shown in the following screenshot:

To see our data, select the export option in the top toolbar and click on HTML export. You will be presented with an HTML output of all PracticePenTest notes that are members of the HTMLExport category throughout the project tree.

Changing the default HTML template

As you can see, the output is very nice, but what if you would like to have something that is a bit more customized? The standard templates can be changed to customize the look and feel of the export. Here is an example of how to change the footer of the document.

Change the current working directory to the export plugin of your choice. In this case, we will be modifying the html_export/template.html.erb file:

# cd /usr/lib/dradis/server/vendor/plugins/html_export

To modify template.html.erb, we will be using nano, a very powerful, easy to use text editor:

# nano template.html.erb

The file will be displayed within the nano text editor. The nano commands will be listed at the bottom of the application if reference is needed. We are presented with the HTML that makes up the template.html.erb file. Make a small change to the template by placing <h1>You can change this template to suit your needs.</h1> into the template HTML right below the <title><%=title%></title> line:

<title><%= title %></title>
<h1>You can change this template to suit your needs.</h1>

An example of this is shown in the following screenshot:

Save the changes in nano using Ctrl + O, which will write out the file to disk. You will be asked what filename you would like to use to save the file; accept the defaults by pressing Enter on your keyboard.

To see your changes in action, go back to the Dradis web console, select PraticePenTest, click on export, and then select HTML export from toolbar menu. Your new template will load and your change will be visible in the report export. The template is very customizable and can be made to have the look and feel you want it to with a bit of effort and HTML skill. An example that shows the results of the custom report we created is shown in the following screenshot:

Tip

Please note that the MS Word export functionality requires you to have MS Office installed.

This means that we cannot use our Kali instance to fully appreciate the power of Dradis. The Word templates can be easily customized to include your company information, list the data in your preferred formatting, and to add standard footers and headers to the document.

Because Dradis is very portable, if you need the power to export into MS Word, but do not have a license available to install it in Kali, install Dradis on a Windows machine that has Microsoft Office installed, export the Dradis project from Kali, and re-import it into the Windows Dradis installation.

The last record-keeping tool we will look at is the KeepNote tool. In the Kali Linux machine, click on Applications | Reporting Tools | KeepNote. This will open the main window of the tool, an example of which is shown in the following screenshot:

The KeepNote tool is an excellent way to keep notes and create a file of your testing. The first thing we want to do is create a report. Click on File | New Notebook and, in the window that comes up, name the pentesting report. Then, select a location to save the report to, and click on New to save the report. The left side of the window will now contain the name of your report. From here, it is only a question of adding information to the report. The first one we want to add is the executive summary. Right-click the Pentesting Report, select the option New Child Page, and in the name box enter a name for the executive summary. This is the process that you follow to create a complete and detailed report for later use. Once you have the pages, you can attach files to them. We will do that now. Right-click the pentesting report, select the option New Child Page and in the name box name the nmap scan. From here, it is the same process: right-click the Nmap scan and select Attach File. From here, you can select the results from an Nmap scan and attach them to the report.

An example of a typical report after it has been completed is shown in the following screenshot:

The last feature we will look at for the tool is the export capability, which allows us to export the information from the tool into an HTML file. You can do this by clicking on File | Export Notebook | HTML. This will output the report into HTML format. An example of this is shown in the following screenshot:

This is another tool that you will want to explore more. It is recommended that you develop your own reporting and documentation methods to support your professional security testing. The tools we have covered in this section can assist you in achieving this.