Dradis Framework an Automated Pentest Reporting Tool

Dradis is an open-source collaboration framework and penetration testing report generator that helps InfoSec teams streamline reporting workflows. With support for importing data from tools like Burp Suite, Nessus, and Nmap, Dradis automates the tedious parts of the cybersecurity testing workflow so you can focus on analysis and recommendations.

Generate consistent, professional pentest reports faster — with less manual work.

Getting Started

Run the app and point your browser to http://use.your.ip:3000/

Our goals

• Share the information effectively.
• Easy to use, easy to be adopted. Otherwise it would present little benefit over other systems.
• Flexible: with a powerful and simple extensions interface.
• Small and portable. You should be able to use it while on site (no outside connectivity). It should be OS independent (no two testers use the same OS).

Some of the features:

• Platform independent
• Markup support for the notes: text styles, code blocks, images, links, etc.
• Integration with existing systems and tools:
  • Brakeman
  • Burp Suite
  • MediaWiki
  • Metasploit
  • Nessus
  • NeXpose
  • Nikto
  • Nmap
  • OpenVAS
  • Qualys
  • SAINT
  • Zed Attack Proxy
  • ...
  • Full list

Editions

There are two editions of Dradis Framework:

• Dradis Framework Community Edition (CE): open-source and available freely under the GPLv2 license.
• Dradis Framework Professional Edition (Pro): looking for more advanced features, designed for collaborating as a InfoSec team? Dradis Pro offers report automation, collaboration, and client communication tools built for modern cybersecurity teams.

Getting help

• Community Forums
• Slack channel

License

Dradis Framework Community Edition is released under GNU General Public License version 2.0

Dradis Framework Professional Edition is released under a commercial license.