dradis / dradis-ce Goto Github PK
View Code? Open in Web Editor NEWDradis Framework: Collaboration and reporting for IT Security teams
Home Page: https://dradis.com/ce/
License: GNU General Public License v2.0
Dradis Framework: Collaboration and reporting for IT Security teams
Home Page: https://dradis.com/ce/
License: GNU General Public License v2.0
Import a scan with the below issue in it:
<ReportItem port="0" svc_name="general" protocol="tcp" severity="3" pluginID="103964" pluginName="Oracle Java SE Multiple Vulnerabilities (October 2017 CPU) (Unix)" pluginFamily="Misc.">
<agent>unix</agent>
<bid>101315</bid>
<bid>101319</bid>
<bid>101321</bid>
<bid>101328</bid>
<bid>101333</bid>
<bid>101338</bid>
<bid>101341</bid>
<bid>101348</bid>
<bid>101354</bid>
<bid>101355</bid>
<bid>101369</bid>
<bid>101378</bid>
<bid>101382</bid>
<bid>101384</bid>
<bid>101396</bid>
<bid>101413</bid>
<cpe>cpe:/a:oracle:jre
cpe:/a:oracle:jdk</cpe>
<cve>CVE-2016-9841</cve>
<cve>CVE-2016-10165</cve>
<cve>CVE-2017-10274</cve>
<cve>CVE-2017-10281</cve>
<cve>CVE-2017-10285</cve>
<cve>CVE-2017-10293</cve>
<cve>CVE-2017-10295</cve>
<cve>CVE-2017-10309</cve>
<cve>CVE-2017-10345</cve>
<cve>CVE-2017-10346</cve>
<cve>CVE-2017-10347</cve>
<cve>CVE-2017-10348</cve>
<cve>CVE-2017-10349</cve>
<cve>CVE-2017-10350</cve>
<cve>CVE-2017-10355</cve>
<cve>CVE-2017-10356</cve>
<cve>CVE-2017-10357</cve>
<cve>CVE-2017-10388</cve>
<cvss3_base_score>9.6</cvss3_base_score>
<cvss3_temporal_score>8.3</cvss3_temporal_score>
<cvss3_temporal_vector>CVSS:3.0/E:U/RL:O/RC:C</cvss3_temporal_vector>
<cvss3_vector>CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H</cvss3_vector>
<cvss_base_score>9.3</cvss_base_score>
<cvss_temporal_score>6.9</cvss_temporal_score>
<cvss_temporal_vector>CVSS2#E:U/RL:OF/RC:C</cvss_temporal_vector>
<cvss_vector>CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C</cvss_vector>
<description>The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 1, 8 Update 151, 7 Update 161, or 6 Update 171. It is, therefore, affected by multiple vulnerabilities related to the following components :
- 2D (Little CMS 2)
- Deployment
- Hotspot
- JAX-WS
- JAXP
- Javadoc
- Libraries
- Networking
- RMI
- Security
- Serialization
- Smart Card IO
- Util (zlib)</description>
The list should be parsed into a list.
...multiple vulnerabilities related to the following components:
* 2D (Little CMS 2) - Deployment - Hotspot - JAX-WS - JAXP - Javadoc - Libraries - Networking - RMI - Security - Serialization - Smart Card IO - Util (zlib)
Dradis version: Dradis Pro 2.8.1
Ruby version:
OS version:
uninitialized constant ProjectScopedController
/Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/activesupport-4.2.5/lib/active_support/inflector/methods.rb:261:in const_get' /Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/activesupport-4.2.5/lib/active_support/inflector/methods.rb:261:in
block in constantize'
/Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/activesupport-4.2.5/lib/active_support/inflector/methods.rb:259:in each' /Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/activesupport-4.2.5/lib/active_support/inflector/methods.rb:259:in
inject'
/Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/activesupport-4.2.5/lib/active_support/inflector/methods.rb:259:in constantize' /Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/activesupport-4.2.5/lib/active_support/core_ext/string/inflections.rb:66:in
constantize'
/Users/konda.madhusudhan/RailsSpace/jackhammer/web/dradis-plugins/app/controllers/dradis/plugins/export/base_controller.rb:4:in <module:Export>' /Users/konda.madhusudhan/RailsSpace/jackhammer/web/dradis-plugins/app/controllers/dradis/plugins/export/base_controller.rb:3:in
module:Plugins'
/Users/konda.madhusudhan/RailsSpace/jackhammer/web/dradis-plugins/app/controllers/dradis/plugins/export/base_controller.rb:2:in <module:Dradis>' /Users/konda.madhusudhan/RailsSpace/jackhammer/web/dradis-plugins/app/controllers/dradis/plugins/export/base_controller.rb:1:in
<top (required)>'
/Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/railties-4.2.5/lib/rails/engine.rb:472:in block (2 levels) in eager_load!' /Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/railties-4.2.5/lib/rails/engine.rb:471:in
each'
/Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/railties-4.2.5/lib/rails/engine.rb:471:in block in eager_load!' /Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/railties-4.2.5/lib/rails/engine.rb:469:in
each'
/Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/railties-4.2.5/lib/rails/engine.rb:469:in eager_load!' /Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/railties-4.2.5/lib/rails/engine.rb:346:in
eager_load!'
/Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/railties-4.2.5/lib/rails/application/finisher.rb:56:in each' /Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/railties-4.2.5/lib/rails/application/finisher.rb:56:in
block in module:Finisher'
/Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/railties-4.2.5/lib/rails/initializable.rb:30:in instance_exec' /Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/railties-4.2.5/lib/rails/initializable.rb:30:in
run'
/Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/railties-4.2.5/lib/rails/initializable.rb:55:in block in run_initializers' /Users/konda.madhusudhan/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/tsort.rb:228:in
block in tsort_each'
/Users/konda.madhusudhan/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/tsort.rb:350:in block (2 levels) in each_strongly_connected_component' /Users/konda.madhusudhan/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/tsort.rb:431:in
each_strongly_connected_component_from'
/Users/konda.madhusudhan/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/tsort.rb:349:in block in each_strongly_connected_component' /Users/konda.madhusudhan/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/tsort.rb:347:in
each'
/Users/konda.madhusudhan/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/tsort.rb:347:in call' /Users/konda.madhusudhan/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/tsort.rb:347:in
each_strongly_connected_component'
/Users/konda.madhusudhan/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/tsort.rb:226:in tsort_each' /Users/konda.madhusudhan/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/tsort.rb:205:in
tsort_each'
/Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/railties-4.2.5/lib/rails/initializable.rb:54:in run_initializers' /Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/railties-4.2.5/lib/rails/application.rb:352:in
initialize!'
/Users/konda.madhusudhan/RailsSpace/jackhammer/web/app/config/environment.rb:5:in <top (required)>' /Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/sidekiq-4.1.1/lib/sidekiq/cli.rb:233:in
boot_system'
/Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/sidekiq-4.1.1/lib/sidekiq/cli.rb:49:in run' /Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/gems/sidekiq-4.1.1/bin/sidekiq:12:in
<top (required)>'
/Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/bin/sidekiq:23:in load' /Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/bin/sidekiq:23:in
eval' /Users/konda.madhusudhan/.rvm/gems/ruby-2.3.0/bin/ruby_executable_hooks:15:in
'Create a host node (OR import data from another scanner such as nmap) under the plugin.output node. Then, import scan data from Nikto (with same IP address).
When importing Nikto scanner output into Dradis, the host node should be named as the IP and only the IP so that identical nodes are properly merged in the plugin.output node.
The Nikto output host nodes are named as http://ip:port/
instead of simply IP
, preventing proper merging.
Dradis version:
2.6.0
Following the git install procedure from here using an unbutu 16.04 image, I'm running into an error, at the ./bin/setup
stage
the script downloads the plugins from github ok and then when it gets to Preparing database, the following error is returned
== Preparing database ==
Could not find gem 'dradis-calculator_cvss (~> 3.0)' in any of the gem sources listed in your Gemfile.
Runbundle install
to install missing gems.
In the past when I've seen this I've bypassed it by re-running bundle install
and then re-running ./bin/setup
, however trying that now fails when I re-run ./bin/setup
with the following error
== Cloning core Dradis add-ons at /dradis-ce/.. ==
fatal: destination path 'dradis-calculator_cvss' already exists and is not an empty directory.== Command ["git clone 'https://github.com/dradis/dradis-calculator_cvss'"] failed ==
Hi there,
I'm triying to install Dradis on my Kali 2016.2 but I've got this error. Steps:
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.
current directory: /tmp/bundler20170206-6640-g3ni6fmysql2-0.3.18/gems/mysql2-0.3.18/ext/mysql2
/usr/bin/ruby2.3 -r ./siteconf20170206-6640-1h0bbfv.rb extconf.rb
checking for ruby/thread.h... yes
checking for rb_thread_call_without_gvl() in ruby/thread.h... yes
checking for rb_thread_blocking_region()... no
checking for rb_wait_for_single_fd()... yes
checking for rb_hash_dup()... yes
checking for rb_intern3()... yes
-----
Using mysql_config at /usr/bin/mysql_config
-----
checking for mysql.h... yes
checking for errmsg.h... yes
checking for mysqld_error.h... yes
-----
Don't know how to set rpath on your system, if MySQL libraries are not in path mysql2 may not load
-----
-----
Setting libpath to /usr/lib/x86_64-linux-gnu
-----
creating Makefile
To see why this extension failed to compile, please check the mkmf.log which can be found here:
/tmp/bundler20170206-6640-g3ni6fmysql2-0.3.18/extensions/x86_64-linux/2.3.0/mysql2-0.3.18/mkmf.log
current directory: /tmp/bundler20170206-6640-g3ni6fmysql2-0.3.18/gems/mysql2-0.3.18/ext/mysql2
make "DESTDIR=" clean
current directory: /tmp/bundler20170206-6640-g3ni6fmysql2-0.3.18/gems/mysql2-0.3.18/ext/mysql2
make "DESTDIR="
compiling client.c
compiling infile.c
compiling mysql2_ext.c
compiling result.c
linking shared-object mysql2/mysql2.so
/usr/bin/ld: cannot find -lmysqlclient
collect2: error: ld returned 1 exit status
Makefile:255: recipe for target 'mysql2.so' failed
make: *** [mysql2.so] Error 1
make failed, exit code 2
Gem files will remain installed in /tmp/bundler20170206-6640-g3ni6fmysql2-0.3.18/gems/mysql2-0.3.18 for inspection.
Results logged to /tmp/bundler20170206-6640-g3ni6fmysql2-0.3.18/extensions/x86_64-linux/2.3.0/mysql2-0.3.18/gem_make.out
An error occurred while installing mysql2 (0.3.18), and Bundler cannot continue.
Make sure that `gem install mysql2 -v '0.3.18'` succeeds before bundling.
== Command ["bundle install"] failed ==
I don't know why. Could anybody help me?
Thanks in advance!
This issue really drives me crazy. Have this output:
== Cloning core Dradis add-ons at /dradis-git/server/.. ==
Cloning into 'dradis-calculator_cvss'...
Cloning into 'dradis-calculator_dread'...
Cloning into 'dradis-csv'...
Cloning into 'dradis-html_export'...
Cloning into 'dradis-mediawiki'...
Cloning into 'dradis-vulndb'...
Cloning into 'dradis-acunetix'...
Cloning into 'dradis-brakeman'...
Cloning into 'dradis-burp'...
Cloning into 'dradis-metasploit'...
Cloning into 'dradis-nessus'...
Cloning into 'dradis-nexpose'...
Cloning into 'dradis-nikto'...
Cloning into 'dradis-nmap'...
Cloning into 'dradis-ntospider'...
Cloning into 'dradis-openvas'...
Cloning into 'dradis-qualys'...
Cloning into 'dradis-zap'...
Cloning into 'dradis-plugins'...
Cloning into 'dradis-projects'...
== Installing dependencies ==
The Gemfile's dependencies are satisfied
== Copying sample files ==
== Preparing database ==
/usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/resolver.rb:379:in `block in verify_gemfile_dependencies_are_found!': Could not find gem 'dradis-calculator_cvss (~> 3.0)' in any of the gem sources listed in your Gemfile. (Bundler::GemNotFound)
from /usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/resolver.rb:349:in `each'
from /usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/resolver.rb:349:in `verify_gemfile_dependencies_are_found!'
from /usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/resolver.rb:203:in `start'
from /usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/resolver.rb:182:in `resolve'
from /usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/definition.rb:252:in `resolve'
from /usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/definition.rb:176:in `specs'
from /usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/definition.rb:235:in `specs_for'
from /usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/definition.rb:224:in `requested_specs'
from /usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/runtime.rb:118:in `block in definition_method'
from /usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/runtime.rb:19:in `setup'
from /usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler.rb:100:in `setup'
from /usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/setup.rb:20:in `<top (required)>'
from /usr/local/lib/ruby/site_ruby/2.2.0/rubygems/core_ext/kernel_require.rb:133:in `require'
from /usr/local/lib/ruby/site_ruby/2.2.0/rubygems/core_ext/kernel_require.rb:133:in `rescue in require'
from /usr/local/lib/ruby/site_ruby/2.2.0/rubygems/core_ext/kernel_require.rb:40:in `require'
from /dradis-git/server/config/boot.rb:3:in `<top (required)>'
from bin/rails:3:in `require_relative'
from bin/rails:3:in `<main>'
== Command ["bin/rails db:setup"] failed ==
/install-dradis.sh: line 20: expect: command not found
Bundler::GemNotFound: Could not find gem 'dradis-calculator_cvss (~> 3.0)' in any of the gem sources listed in your Gemfile.
/usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/resolver.rb:379:in `block in verify_gemfile_dependencies_are_found!'
/usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/resolver.rb:349:in `each'
/usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/resolver.rb:349:in `verify_gemfile_dependencies_are_found!'
/usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/resolver.rb:203:in `start'
/usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/resolver.rb:182:in `resolve'
/usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/definition.rb:252:in `resolve'
/usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/definition.rb:176:in `specs'
/usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/definition.rb:235:in `specs_for'
/usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/definition.rb:224:in `requested_specs'
/usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/runtime.rb:118:in `block in definition_method'
/usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/runtime.rb:19:in `setup'
/usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler.rb:100:in `setup'
/usr/local/lib/ruby/gems/2.2.0/gems/bundler-1.14.3/lib/bundler/setup.rb:20:in `<top (required)>'
/usr/local/lib/ruby/site_ruby/2.2.0/rubygems/core_ext/kernel_require.rb:55:in `require'
/usr/local/lib/ruby/site_ruby/2.2.0/rubygems/core_ext/kernel_require.rb:55:in `require'
bundler: failed to load command: rake (/usr/local/bundle/bin/rake)
As you can see, the dradis-calculator_cvss
plugin is cloned and not installed using gem. Shortly afterwards the script fails because the calculator is not in the Gemfile.
I'm trying to install on Debian jessie following partly this README and the guide on the website which has an extra step and lists dependencies.
I hope someone else has resolved this and can help.
Help us help you, how can we reproduce the problem?
Import xml report from Openvas 9 shows no output in output window.
It will only be visible as an attachment
It should be parsed and available
Nothing, no output, no xml processing
Dradis version:
3.6.0
Ruby version:
ruby 2.3.3p222 (2016-11-21) [x86_64-linux-gnu]
OS version:
Kali Linux
Linux kali 4.12.0-kali1-amd64 #1 SMP Debian 4.12.6-1kali6 (2017-08-30) x86_64 GNU/Linux
With gem 'dradis-pdf_export', '~> 3.6', github: 'dradis/dradis-pdf_export'
, it says that html_export doesn't have a 3.6 version (since it's 3.2.1), and ~> 3.2
gives
Bundler could not find compatible versions for gem "dradis-plugins":
In Gemfile:
dradis-calculator_dread (~> 3.6) was resolved to 3.6.0, which depends on
dradis-plugins (~> 3.0)
dradis-calculator_dread (~> 3.6) was resolved to 3.6.0, which depends on
dradis-plugins (~> 3.0)
dradis-html_export (~> 3.6) was resolved to 3.6.0, which depends on
dradis-plugins (~> 3.6)
dradis-html_export (~> 3.6) was resolved to 3.6.0, which depends on
dradis-plugins (~> 3.6)
dradis-html_export (~> 3.6) was resolved to 3.6.0, which depends on
dradis-plugins (~> 3.6)
dradis-pdf_export (~> 3.2) was resolved to 3.2.1, which depends on
dradis-plugins (~> 3.4.1)
dradis-projects (~> 3.6) was resolved to 3.6.0, which depends on
dradis-plugins (~> 3.6.2)
Is this a problem with my setup or should this plugin be updated?
Dradis version:
CE 3.6.0
Ruby version:
2.3.3
OS version:
Kali latest
Generate a word report with an image and a caption.
Image and caption should not be separable.
Currently Captions do not flow with Images, in some cases the captions for Images go to the next page instead of sticking with the images
Edit the word file manually. In Word this is normally achieved by Word Paragraph Formatting - Keep with Next
This issue was reported by Rahul.
So as part of an effort to upgrade to 3.6 I realised that as of 12th April my 3.1.0RC2 backups are no longer viable. I was trying to export my data from 3.1.0RC2 and import into 3.6. The instance 3.1.0RC2 environment is still workable, but now I am incredibly nervous committing further to using it for another 40 days through a project. But I'm also so far into the project it will be a real battle to switch to something else. Talk about a rock and a hard place.
Here's my extensive notes from the upgrade, backup import attempts and troubleshooting. As you can see there's many days of work spent trying to diagnose this issue:
All backups dated 11th April or earlier restore correctly into Dradis-CE 3.1.0 RC2 or 3.6. The key element to watch for is here:
[23:02:43] New tag detected: !9467bd_critical
[23:02:44] New tag detected: !d62728_high
[23:02:45] New tag detected: !ff7f0e_medium
[23:02:47] New tag detected: !6baed6_low
[23:02:47] New tag detected: !2ca02c_info
[23:02:49] Wrapping up...
[23:02:49] Setting issue_id for evidence
I then tried to manually re-enter data lost since these backups (102 pages copied from current working instance, saving a new backup file to try a node at a time). I then try making subsequent recovery attempts to bring the data into both 3.1.0RC2 or 3.6. All attempts fail with the error: Validation Failed - Taggable Can't be Blank at this point in the import process:
[23:41:26] New tag detected: !9467bd_critical
[23:41:26] Validation failed: Taggable can't be blank
[23:41:26] Worker process completed.
So i tried immediately exporting the project (in both 3.1.0RC2 & 3.6), reset the database and tried reimporting the same file. All recovery attempts fails with: Validation failed: Taggable can't be blank error.
Each time I've been trying a thor dradis:reset:database / thor dradis:reset:attachments and ALL recoveries fail. I've been trying a full bundle exec thor dradis:reset but also receive the same error mentioned in this thread:
It appears not only have the backup files become corrupted for some unknown reason, but when trying to recovery from backups, whilst the initial recovery works, all subsequent rework, which is then backed up cannot be imported into Dradis again should another recovery be required. Is seems Dradis does not have a viable backup recovery system.
The 11th April file: The dradis-repository.xml is 3.3MB, the 12th is 1.7MB. All backups files dated 12th April onwards fail.
I could keep using the current working 3.1.0RC2 version with data current as of 21st April, however I now know that backups cannot be recovered.
I need to think long and hard where to go from here, so any guidance to resolve this, much appreciated.
Thanks
When I upload the output of a security scanner, I want my name to appear next to the tool name in the :author field of the Issue, so others in the project know who uploaded what tool output.
This behaviour is controlled by dradis/dradis-plugins.
The request was originally mentioned by Bill.
Help us help you, how can we reproduce the problem?
I'm searching for the phrase windows_privesc_check which results in a new error:
Search results displayed
Error:
Dradis version:
3.6
Ruby version:
ruby 2.2.2p95 (2015-04-13 revision 50295) [i686-linux]
OS version:
Linux kali 4.6.0-kali1-686 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) i686 GNU/Linux
Starting with this post here I set out to upgrade my version to 3.6, but couldn't get the upgrade to run.
http://discuss.dradisframework.org/t/upgrading-dradis-ce-3-1-0rc2-to-latest-via-git-pull/449
I am a little confused. Up until now I have been running bundle exec rails server from the /usr/lib/dradis folder and using Dradis-CE 3.10RC2 through a project Maybe this was a mistake? Should I have been running this from opt/dradis-ce? I am in the middle of a project, but have taken a VMware snapshot prior so I can revert to a working state when possible.
Attached are my notes from the upgrade attempt. For now I'll roll back my snapshot and carry on working using 3.1.0RC2 from /usr/lib/dradis directory, but I'd love to see the new capabilities, so hoping we can resolve this with my extensive notes:
Many thanks
ruby bin/setup
.
[!] There was an error parsingGemfile
: Illformed requirement ["¬> 3.0"]. Bundler cannot continue.
Looks like there is a special character in the Gemfile.plugins.template file
gem 'dradis-qualys', '¬> 3.0'
Submit a search string that ends with an underscore.
Search results page
An error page is returned:
Oops! Something went wrong. But don't fret!
Here's the error message:
[ActionView::Template::Error] undefined method `+' for nil:NilClass
Here's the error stack:
/opt/dradispro/dradispro/releases/20171002004545/app/helpers/search_helper.rb:28:in `format_match_row' /opt/dradispro/dradispro/releases/20171002004545/app/helpers/search_helper.rb:14:in `text_snippet' /opt/dradispro/dradispro/releases/20171002004545/app/views/search/results/_note.html.erb:13:in `_app_views_search_results__note_html_erb___1615438047636702625_70039436417600'
/opt/dradispro/dradispro/shared/bundle/ruby/2.2.0/gems/actionview-5.0.5/lib/action_view/template.rb:159:in `block in render'
/opt/dradispro/dradispro/shared/bundle/ruby/2.2.0/gems/activesupport-5.0.5/lib/active_support/notifications.rb:166:in `instrument'
/opt/dradispro/dradispro/shared/bundle/ruby/2.2.0/gems/actionview-5.0.5/lib/action_view/template.rb:354:in `instrument'
/opt/dradispro/dradispro/shared/bundle/ruby/2.2.0/gems/actionview-5.0.5/lib/action_view/template.rb:157:in `render'
/opt/dradispro/dradispro/shared/bundle/ruby/2.2.0/gems/actionview-5.0.5/lib/action_view/renderer/partial_renderer.rb:343:in `render_partial'
/opt/dradispro/dradispro/shared/bundle/ruby/2.2.0/gems/actionview-5.0.5/lib/action_view/renderer/partial_renderer.rb:311:in `block in render'
/opt/dradispro/dradispro/shared/bundle/ruby/2.2.0/gems/actionview-5.0.5/lib/action_view/renderer/abstract_renderer.rb:42:in `block in instrument'
For more information, the application log can be found at /opt/dradispro/dradispro/releases/20171002004545/log/production.log.
v2.8.0:
Ruby version:
2.2.2p95
OS version:
Linux dradis 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
NameError in IssuesController#import
uninitialized constant Dradis::Plugins::Mediawiki::Filters::FullTextSearch::Net
@filter.run(@params)
elsif @filter.respond_to?(:query)
@filter.query(@params)
end
else
[{
I get this error when I try to search issues from Mediawiki.
I'm using the latest Version of dradis-ce and Mediawiki.
A little difficult to get it to reproduce reliably; it's a sporadic issue that happens many times a day.
Help us help you, how can we reproduce the problem?
Search Icon should be available
Search Icon disappaers, a page refresh will resolve the issue
Dradis version:
3.6
Ruby version:
ruby 2.2.2p95 (2015-04-13 revision 50295) [i686-linux]
OS version:
Linux kali 4.6.0-kali1-686 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) i686 GNU/Linux
I get everytime "This query yielded no results."
I couldn't Import any Issue from MediaWiki but if i search in the Mediawiki API manually i get results.
Import Qualys Scan
All host information (IP, OS, DNS name, etc.) is displayed under "Host properties" of the node
Ends up as a "Basic host info" note instead due to the lack of support for Qualys node properties (https://dradisframework.com/pro/support/guides/word_reports/node_properties.html#cheatsheet). Since the information is already being imported in note form, request is to move this information to a node property instead.
Dradis version: Dradis Pro 2.7
Ruby version:
OS version:
Currently all hosts with evidence are included in the HTML report. This is fine for compromised hosts with penetration evidence. We even have the ability to include notes for a host and change the category to allow the notes to be included in the report or not.
In many cases there are hosts in the database that have a wealth of evidence generated against them from automated tools. It may be the pentester has yet to review these hosts and needs to produce an interim report. Or perhaps they were never compromised.
Rather than deleting the entire host it would be great to be able to exclude a host or a folder from the generated report.
I am currently needing to produce an interim report that will require extensive cleanup to remove all of the details of the hosts yet to be manually compromised, yet have evidence from plugins....
Get some text with invalid characters, copy paste it in the browser to create an issue.
In this example text file there is a simple text with invalid characters than can be used:
test.txt
This file was generated with vim, typing "Ctrl + V" + "Ctrl + A" + "Ctrl + V" + "Ctrl + B" + "T" + "e" + "s" + "t"
Export the project using the "Export results" top link (as a dradis project template would be enough)
try to import that exported file. An example of a file like this would be:
dradis-template.txt
The file shold be imported, the issue created.
Import fails with error Invalid project template format.
Looks like nokogiri has problems parsing the xml file if it has invalid characters.
We may try to "validate" characters before writing them to database?
Dradis version:: 3.6
Ruby version: 2.2
OS version: macOs Sierra
I was reading CONTRIBUTING.md under the 'Submitting Changes' section. I tried to read the 'Contributors Agreement', but it redirects to the main repo of dradis-legacy. Browsing through dradis-ce and dradis-legacy, I can't find a 'Contributors Agreement'.
However I did find a cache of the old agreement
Is there a more updated one that I am missing? Does the dradis team want the reference to the agreement removed, to copy and use the old one, or to write a new agreement?
Tags like <P>
and <A>
that are present in the Qualys XML file aren't parsed by the dradis-qualys
plugin and appear in the project content.
Examples from sample Qualys file:
These import into the Dradis project with the HTML tags intact.
Consider handling tags in the way that the dradis-acunetix
plugin does.
Currently, when exporting an HTML report, the images added using the !URL! syntax use a relative URL. It means that if someone saves the webpage for later view, none of the images will load. To fix that, the export could inline the images in base64.
Hi folks, I wanna ask something
I want to add (https://github.com/dradis/dradis-word_export) to my dradis-ce (https://github.com/dradis/dradis-ce) because only XML and HTML export report available.
How to do that?
Thanks
--Habibie
There's a bug when process installation.
in `require': cannot load such file -- coffee-script (LoadError)
for solution, please check this:
activeadmin/activeadmin#1544
When I imported the data from an initial nmap and then ran nmap again to collect more data and imported that new file the data was duplicated instead of just updated with the additional details. This shows in the notes and services area within the details of a node.
When searching amongst issues it would be great to be able to filter all critical issues for example. At the moment when using a search term "critical" the results also include any record with the word "critical", whether it's tagged critical or not.
This would be a great workflow feature that would help initially target high risk vulnerabilities first...
I LOVE the search feature! I use it all the time to lookup a reference to a name or an IP that you know you've seen somewhere, but can't remember where!
I also use it a lot to search for a previously issued and documented command. You know, you can remember most of it, but not the full syntax...
The results page shows the context of the results but the search term is always the Last part of the results. So it's necessary to click on the link to drill down. A great workflow improvement would be to include some characters after the phrase is found too, maybe 30-50 chars and not so many before. This way we can search and then copy the command straight from the search results rather than drilling down.
What do you think?
View nodes
Ideally IP addresses of nodes should be sorted in a logical order
Sort order logic is counter intuitive, or not sorted...?
3.6
Ruby version:
OS version:
Using Dradid CE 3.1.0-rc2 on Kali Linux (all packages updated to the latest).
Importing Nmap scan results does not create any nodes and/or issues.
When in a word report template we use a structure like this one:
Node > Issue > Evidence
the report is populated with all Evidence for that Issue, not only the ones that relate the Issue to the Node.
That may be understood as the Issue is forcing its own scope.
But if I want to just check all evidence for that Node and I try:
Node > Evidence
this seems to provide an empty list of Evidence.
Dradis version: v2.8.1
Thank you @kulisu for reporting this
Hi,
I recently installed dradis-ce from github.
Guest OS: Kali 2016.1
ruby 2.3.0p0
I would like to upload a .nessus file.
When the file is larger then 1MB the upload fails.
When the file is smaller the upload succeeds.
I did have the same issue on dradis 3.0.0.
It looks like of the file is big then the job will run in the background.
I waited for about 25 minutes and without any information from dradis.
Further analysis of the failed run reveiled that dradis had a problem with the authenticity of the CSRF token.
The log shows in message:
Started POST "/session" for 172.16.2.3 at 2016-03-15 14:17:18 +0100
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"�", "authenticity_token"=>"iOoGeWkZ5mLiTPPFnCbRrbtnJ5gy3pz6P0XpwwYQs11QJ3mkE+15bT2D6o0pH57iLhptaknmUIjzGNZfBFc3/Q==", "login"=>"admin", "password"=>"[FILTERED]", "commit"=>"Let me in!"}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
and in message :
Started POST "/session" for 172.16.2.3 at 2016-03-15 14:17:27 +0100
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"�", "authenticity_token"=>"iOoGeWkZ5mLiTPPFnCbRrbtnJ5gy3pz6P0XpwwYQs11QJ3mkE+15bT2D6o0pH57iLhptaknmUIjzGNZfBFc3/Q==", "login"=>"admin", "password"=>"[FILTERED]", "commit"=>"Let me in!"}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 3ms (ActiveRecord: 0.0ms)
Here is the complete log of the import
It is an extract of the file /opt/dradis-ce/logs/development.log
attempt1 log import1.log more then 1 MBupload file R16A-LSV18_sepdej.nessus size 1063892 NOK
import1.log.zip
As a reference I added a logfile of a nessus import file smaller then 1MB.
attempt2 log import2.log less then 1 MBupload file R16A-LSV18_vsfrio.nessus size 808916 OK
import2.log.zip
Please let me know if you need more information.
zwebel
Hello,
I installed Dradis-DE from GIT as explained here https://dradisframework.com/ce/documentation/install_git.html I made some modification to the instance and tried to reset it without success. I already opened a thread on CE forums and was asked to add an issue here.
Here is the output that I got:
/opt/dradis/dradis-ce$ bundle exec thor dradis:reset
DEPRECATION WARNING: before_filter is deprecated and will be removed in Rails 5.1. Use before_action instead. (called from <top (required)> at /opt/dradis/dradis-ce/config/application.rb:16)
DEPRECATION WARNING: before_filter is deprecated and will be removed in Rails 5.1. Use before_action instead. (called from <top (required)> at /opt/dradis/dradis-ce/config/application.rb:16)
Loaded add-ons:
acunetix - Processes Acunetix XML format
api - Dradis REST HTTP API
brakeman - Processes Brakeman JSON output, use: brakeman -f json -o results.json
burp - Processes Burp Scanner XML output
csv - Export results in CSV format
cvss - Provides a CVSS score calculator under /calculators/cvss
dread - Provides a DREAD score calculator under /calculators/dread
html_export - Generate advanced HTML reports
metasploit - Processes Metasploit XML output, use: db_export
nessus - Processes Nessus XML v2 format (.nessus)
nexpose - Processes Nexpose XML format
nikto - Processes Nikto output
nmap - Processes Nmap output
nto_spider - Processes NTOSpider reports
open_vas - Processes OpenVAS XML v6 or v7 format
projects - Save and restore project information
qualys - Processes Qualys output
zap - Processes ZAP XML format
** Checking database migrations... [ DONE ]
** Saving backup... /opt/dradis/dradis-ce/lib/tasks/thorfile.rb:26:in `backup': uninitialized constant DradisTasks::ProjectExport (NameError)
from /var/lib/gems/2.3.0/gems/thor-0.19.4/lib/thor/command.rb:27:in `run'
from /var/lib/gems/2.3.0/gems/thor-0.19.4/lib/thor/invocation.rb:126:in `invoke_command'
from /var/lib/gems/2.3.0/gems/thor-0.19.4/lib/thor.rb:369:in `dispatch'
from /var/lib/gems/2.3.0/gems/thor-0.19.4/lib/thor/invocation.rb:115:in `invoke'
from /opt/dradis/dradis-ce/lib/tasks/thorfile.rb:50:in `reset'
from /var/lib/gems/2.3.0/gems/thor-0.19.4/lib/thor/command.rb:27:in `run'
from /var/lib/gems/2.3.0/gems/thor-0.19.4/lib/thor/invocation.rb:126:in `invoke_command'
from /var/lib/gems/2.3.0/gems/thor-0.19.4/lib/thor.rb:369:in `dispatch'
from /var/lib/gems/2.3.0/gems/thor-0.19.4/lib/thor/base.rb:444:in `start'
from /var/lib/gems/2.3.0/gems/thor-0.19.4/lib/thor/runner.rb:44:in `method_missing'
from /var/lib/gems/2.3.0/gems/thor-0.19.4/lib/thor/command.rb:29:in `run'
from /var/lib/gems/2.3.0/gems/thor-0.19.4/lib/thor/command.rb:126:in `run'
from /var/lib/gems/2.3.0/gems/thor-0.19.4/lib/thor/invocation.rb:126:in `invoke_command'
from /var/lib/gems/2.3.0/gems/thor-0.19.4/lib/thor.rb:369:in `dispatch'
from /var/lib/gems/2.3.0/gems/thor-0.19.4/lib/thor/base.rb:444:in `start'
from /var/lib/gems/2.3.0/gems/thor-0.19.4/bin/thor:6:in `<top (required)>'
from /usr/local/bin/thor:22:in `load'
from /usr/local/bin/thor:22:in `<main>'
OpenVAS:
For Nessus, adapt the above steps accordingly.
The tag of created issues reflects the severity reported in OpenVAS/Nessus.
All created issues are untagged.
Dradis version:
3.8.0
Ruby version:
ruby 2.3.3p222
OS version:
Raspbian 9
If the Nessus XML contains blank lines that actually contain a string of blank spaces, the code blocks will break within Dradis and cause errors on export.
The <plugin_output>
tag of the Nessus XML may contain blocks of code. If these blocks contain lines that appear blank but are actually strings of empty spaces, these blank lines will import into Dradis and break the code blocks on export, causing errors like the one pictured below:
The code block below will generate the error (above) when exported out of Dradis. If the lines that appear blank (e.g. the line before href="users [...]
) are deleted and replaced with regular line breaks, the export error will disappear.
#[Description]#
bc..
-------- output --------
<td><a class="button"
href="users [...]
-------- vs --------
<td><a class="button"
href="dashboard [...]
href="true [...]
------------------------
+ The parameter:
-------- output --------
<script type="text/javascript"></scrip [...]
createCookie('userName', '', 365);
createCookie('userLocale','en', 365);
document.location.href = "/dashboard [...]
-------- vs --------
<script type="text/javascript"></scrip [...]
createCookie('userName', '', 365);
document.location.href = "/systeminfo[...]
</script>The User [...]
------------------------
Bug initially reported by Keith
Attempting to run:
/opt/dradis-ce# RAILS_ENV=production bundle exec thor dradis
produces an error:
DEPRECATION WARNING: before_filter is deprecated and will be removed in Rails 5.1. Use before_action instead. (called from <top (required)> at /opt/dradis-ce/config/application.rb:16)
DEPRECATION WARNING: before_filter is deprecated and will be removed in Rails 5.1. Use before_action instead. (called from <top (required)> at /opt/dradis-ce/config/application.rb:16)
Loaded add-ons:
acunetix - Processes Acunetix XML format
api - Dradis REST HTTP API
brakeman - Processes Brakeman JSON output, use: brakeman -f json -o results.json
burp - Processes Burp Scanner XML output
csv - Export results in CSV format
WARNING: unable to load thorfile "/opt/dradis-ce/Thorfile": undefined method thor_helper_module' for Dradis::Plugins:Module /opt/dradis-csv/lib/tasks/thorfile.rb:2:in
class:CSVTasks'
Commands:
thor dradis:backup # creates a backup of your current repository
thor dradis:help [COMMAND] # Describe available commands or one specifi...
thor dradis:logs:clean DAYS # delete all logs older than DAYS days (defa...
thor dradis:reset # resets your local dradis repository
thor dradis:reset:attachments # removes all attachments
thor dradis:reset:database # removes all data from a dradis repository,...
thor dradis:reset:logs # removes all log files
thor dradis:reset:password # Set a new shared password to access the we...
thor dradis:server # start dradis server
thor dradis:setup:configure # Creates the Dradis configuration files fro...
thor dradis:setup:migrate # ensures the database schema is up-to-date
thor dradis:setup:seed # adds initial values to the database (i.e.,...
thor dradis:version # displays the version of the dradis server
So I commented out the CSV plugin in Gemfiles.plugins and when running again it progresses to the next plugin, then fails on the html export plugin with the same error.
This is critical as HTML export is seemingly not working in Dradis 3.6 within the browser or via the command line.
I've tried using the 3.3.4 version of the html export gem, but have the same issue.
root@kali:/opt/dradis-ce# RAILS_ENV=production bundle exec thor dradis:version
DEPRECATION WARNING: before_filter is deprecated and will be removed in Rails 5.1. Use before_action instead. (called from require at /usr/local/rvm/gems/ruby-2.2.2/gems/bundler-1.14.6/lib/bundler/runtime.rb:91)
DEPRECATION WARNING: before_filter is deprecated and will be removed in Rails 5.1. Use before_action instead. (called from require at /usr/local/rvm/gems/ruby-2.2.2/gems/bundler-1.14.6/lib/bundler/runtime.rb:91)
Loaded add-ons:
acunetix - Processes Acunetix XML format
api - Dradis REST HTTP API
brakeman - Processes Brakeman JSON output, use: brakeman -f json -o results.json
burp - Processes Burp Scanner XML output
cvss - Provides a CVSS score calculator under /calculators/cvss
dread - Provides a DREAD score calculator under /calculators/dread
html_export - Generate advanced HTML reports
WARNING: unable to load thorfile "/opt/dradis-ce/Thorfile": undefined method thor_helper_module' for Dradis::Plugins:Module /opt/dradis-ce/ruby/2.2.0/gems/dradis-html_export-3.3.3/lib/tasks/thorfile.rb:2:in
class:HtmlExportTasks'
bundler: failed to load command: thor (/opt/dradis-ce/ruby/2.2.0/bin/thor)
LoadError: cannot load such file -- lib/core/version
/opt/dradis-ce/ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/dependencies.rb:293:in require' /opt/dradis-ce/ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/dependencies.rb:293:in
block in require'
/opt/dradis-ce/ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/dependencies.rb:259:in load_dependency' /opt/dradis-ce/ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/dependencies.rb:293:in
require'
/opt/dradis-ce/lib/tasks/thorfile.rb:79:in version' /opt/dradis-ce/ruby/2.2.0/gems/thor-0.19.4/lib/thor/command.rb:27:in
run'
/opt/dradis-ce/ruby/2.2.0/gems/thor-0.19.4/lib/thor/invocation.rb:126:in invoke_command' /opt/dradis-ce/ruby/2.2.0/gems/thor-0.19.4/lib/thor.rb:369:in
dispatch'
/opt/dradis-ce/ruby/2.2.0/gems/thor-0.19.4/lib/thor/base.rb:444:in start' /opt/dradis-ce/ruby/2.2.0/gems/thor-0.19.4/lib/thor/runner.rb:44:in
method_missing'
/opt/dradis-ce/ruby/2.2.0/gems/thor-0.19.4/lib/thor/command.rb:29:in run' /opt/dradis-ce/ruby/2.2.0/gems/thor-0.19.4/lib/thor/command.rb:126:in
run'
/opt/dradis-ce/ruby/2.2.0/gems/thor-0.19.4/lib/thor/invocation.rb:126:in invoke_command' /opt/dradis-ce/ruby/2.2.0/gems/thor-0.19.4/lib/thor.rb:369:in
dispatch'
/opt/dradis-ce/ruby/2.2.0/gems/thor-0.19.4/lib/thor/base.rb:444:in start' /opt/dradis-ce/ruby/2.2.0/gems/thor-0.19.4/bin/thor:6:in
<top (required)>'
/opt/dradis-ce/ruby/2.2.0/bin/thor:22:in load' /opt/dradis-ce/ruby/2.2.0/bin/thor:22:in
<top (required)>'
HTML Export error in the browser:
NoMethodError in Dradis::Plugins::HtmlExport::BaseController#index
undefined method `constantize' for nil:NilClass
Extracted source (around line #13):
11
12
13
14
15
16
# these come from Export#create
export_manager_hash = session[:export_manager].with_indifferent_access
content_service_class = export_manager_hash[:content_service].constantize
exporter = Dradis::Plugins::HtmlExport::Exporter.new(
content_service: content_service_class.new(plugin: Dradis::Plugins::HtmlExport)
Rails.root: /opt/dradis-ce
Application Trace | Framework Trace | Full Trace
ruby/2.2.0/gems/dradis-html_export-3.3.3/app/controllers/dradis/plugins/html_export/base_controller.rb:13:in index' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_controller/metal/basic_implicit_render.rb:4:in
send_action'
ruby/2.2.0/gems/actionpack-5.0.2/lib/abstract_controller/base.rb:188:in process_action' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_controller/metal/rendering.rb:30:in
process_action'
ruby/2.2.0/gems/actionpack-5.0.2/lib/abstract_controller/callbacks.rb:20:in block in process_action' ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/callbacks.rb:126:in
call'
ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/callbacks.rb:126:in call' ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/callbacks.rb:506:in
block (2 levels) in compile'
ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/callbacks.rb:455:in call' ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/callbacks.rb:455:in
call'
ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/callbacks.rb:101:in __run_callbacks__' ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/callbacks.rb:750:in
_run_process_action_callbacks'
ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/callbacks.rb:90:in run_callbacks' ruby/2.2.0/gems/actionpack-5.0.2/lib/abstract_controller/callbacks.rb:19:in
process_action'
ruby/2.2.0/gems/actionpack-5.0.2/lib/action_controller/metal/rescue.rb:20:in process_action' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_controller/metal/instrumentation.rb:32:in
block in process_action'
ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/notifications.rb:164:in block in instrument' ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/notifications/instrumenter.rb:21:in
instrument'
ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/notifications.rb:164:in instrument' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_controller/metal/instrumentation.rb:30:in
process_action'
ruby/2.2.0/gems/actionpack-5.0.2/lib/action_controller/metal/params_wrapper.rb:248:in process_action' ruby/2.2.0/gems/activerecord-5.0.2/lib/active_record/railties/controller_runtime.rb:18:in
process_action'
ruby/2.2.0/gems/actionpack-5.0.2/lib/abstract_controller/base.rb:126:in process' ruby/2.2.0/gems/actionview-5.0.2/lib/action_view/rendering.rb:30:in
process'
ruby/2.2.0/gems/actionpack-5.0.2/lib/action_controller/metal.rb:190:in dispatch' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_controller/metal.rb:262:in
dispatch'
ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/routing/route_set.rb:50:in dispatch' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/routing/route_set.rb:32:in
serve'
ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/journey/router.rb:39:in block in serve' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/journey/router.rb:26:in
each'
ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/journey/router.rb:26:in serve' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/routing/route_set.rb:725:in
call'
ruby/2.2.0/gems/railties-5.0.2/lib/rails/engine.rb:522:in call' ruby/2.2.0/gems/railties-5.0.2/lib/rails/railtie.rb:193:in
public_send'
ruby/2.2.0/gems/railties-5.0.2/lib/rails/railtie.rb:193:in method_missing' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/routing/mapper.rb:17:in
block in class:Constraints'
ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/routing/mapper.rb:46:in call' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/routing/mapper.rb:46:in
serve'
ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/journey/router.rb:39:in block in serve' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/journey/router.rb:26:in
each'
ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/journey/router.rb:26:in serve' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/routing/route_set.rb:725:in
call'
ruby/2.2.0/gems/warden-1.2.7/lib/warden/manager.rb:36:in block in call' ruby/2.2.0/gems/warden-1.2.7/lib/warden/manager.rb:35:in
catch'
ruby/2.2.0/gems/warden-1.2.7/lib/warden/manager.rb:35:in call' engines/dradis-api/lib/dradis/ce/api/catch_json_parse_errors.rb:10:in
call'
ruby/2.2.0/gems/bullet-5.5.1/lib/bullet/rack.rb:10:in call' ruby/2.2.0/gems/rack-2.0.1/lib/rack/etag.rb:25:in
call'
ruby/2.2.0/gems/rack-2.0.1/lib/rack/conditional_get.rb:25:in call' ruby/2.2.0/gems/rack-2.0.1/lib/rack/head.rb:12:in
call'
ruby/2.2.0/gems/rack-2.0.1/lib/rack/session/abstract/id.rb:222:in context' ruby/2.2.0/gems/rack-2.0.1/lib/rack/session/abstract/id.rb:216:in
call'
ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/cookies.rb:613:in call' ruby/2.2.0/gems/activerecord-5.0.2/lib/active_record/migration.rb:553:in
call'
ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/callbacks.rb:38:in block in call' ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/callbacks.rb:97:in
run_callbacks'
ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/callbacks.rb:750:in _run_call_callbacks' ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/callbacks.rb:90:in
run_callbacks'
ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/callbacks.rb:36:in call' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/executor.rb:12:in
call'
ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/remote_ip.rb:79:in call' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/debug_exceptions.rb:49:in
call'
ruby/2.2.0/gems/web-console-3.5.0/lib/web_console/middleware.rb:135:in call_app' ruby/2.2.0/gems/web-console-3.5.0/lib/web_console/middleware.rb:28:in
block in call'
ruby/2.2.0/gems/web-console-3.5.0/lib/web_console/middleware.rb:18:in catch' ruby/2.2.0/gems/web-console-3.5.0/lib/web_console/middleware.rb:18:in
call'
ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/show_exceptions.rb:31:in call' ruby/2.2.0/gems/railties-5.0.2/lib/rails/rack/logger.rb:36:in
call_app'
ruby/2.2.0/gems/railties-5.0.2/lib/rails/rack/logger.rb:24:in block in call' ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/tagged_logging.rb:69:in
block in tagged'
ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/tagged_logging.rb:26:in tagged' ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/tagged_logging.rb:69:in
tagged'
ruby/2.2.0/gems/railties-5.0.2/lib/rails/rack/logger.rb:24:in call' ruby/2.2.0/gems/sprockets-rails-3.2.0/lib/sprockets/rails/quiet_assets.rb:13:in
call'
ruby/2.2.0/gems/request_store-1.3.2/lib/request_store/middleware.rb:9:in call' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/request_id.rb:24:in
call'
ruby/2.2.0/gems/rack-2.0.1/lib/rack/method_override.rb:22:in call' ruby/2.2.0/gems/rack-2.0.1/lib/rack/runtime.rb:22:in
call'
ruby/2.2.0/gems/activesupport-5.0.2/lib/active_support/cache/strategy/local_cache_middleware.rb:28:in call' ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/executor.rb:12:in
call'
ruby/2.2.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/static.rb:136:in call' ruby/2.2.0/gems/rack-2.0.1/lib/rack/sendfile.rb:111:in
call'
ruby/2.2.0/gems/railties-5.0.2/lib/rails/engine.rb:522:in call' ruby/2.2.0/gems/rack-2.0.1/lib/rack/urlmap.rb:68:in
block in call'
ruby/2.2.0/gems/rack-2.0.1/lib/rack/urlmap.rb:53:in each' ruby/2.2.0/gems/rack-2.0.1/lib/rack/urlmap.rb:53:in
call'
ruby/2.2.0/gems/rack-2.0.1/lib/rack/handler/webrick.rb:86:in service' /usr/local/rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/webrick/httpserver.rb:138:in
service'
/usr/local/rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/webrick/httpserver.rb:94:in run' /usr/local/rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/webrick/server.rb:294:in
block in start_thread'
Request
Parameters:
None
Toggle session dump
Toggle env dump
Response
Headers:
None
=========
Project should delete
Project does not delete and instead returns a 404. Can be deleted using the GUI. For a rough metric, GUI method takes about a minute.
Dradis version: Dradis Pro 2.7, appliance.
Ruby version:
OS version:
Help us help you, how can we reproduce the problem?
Nessus files provide CVSSv3 vector scores (<cvss3_vector>) for some of their plugins, however it is not an available field within Dradis.
Tell us what should happen
We would like to see CVSSv3 Vector Scores as an available field to include in our reports.
Tell us what happens instead
While the nessus files contain the <cvss3_vector> tags, we are unable to utilize the CVSSv3 vector scores as a field.
Dradis version:
Dradis Professional Edition v2.6.0
Ruby version:
ruby 2.2.2p95 (2015-04-13 revision 50295) [x86_64-linux]
OS version:
Linux version 3.2.0-4-amd64 ([email protected]) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.51-1
I've tested this with Nessus and Qualys. Import scanner output into Dradis.
Both of the above scanners include an issue that describes the results of the port scan. In a perfect world, Dradis would treat all port-scan related issues as the same and parse this data into a node service entry.
Qualys port scans are removed from All Issues and imported as expected.
Nessus port scans are treated as an issue.
The output of both scanners is combined at the node level, but is duplicated.
Dradis version: Dradis Pro 2.6
Ruby version:
OS version:
Currently when running vulnerability scans, particularly amalgamated from numerous tools a host can end up with a LARGE amount of issues.
When compiling the penetration test report it is essential to only report the issues that led to the compromise, so all other vulnerabilities must be deleted from the host.
This is a very time consuming process doing them one at a time. It would be great to have a select all checkbox and an ability to reverse any selections before deleting all in one go. Literally sometime I'll spend 20-30 minutes deleting irrelevant evidence under a host.
On the login page, request a password reset.
If the mail server is not configured, a verbose error message is displayed.
Set up the mail server using these instructions: https://dradisframework.com/pro/support/guides/customization/mail_server.html
Dradis version: Pro v2.7.0
Issue originally reported by Joel
The Qualys plugin currently doesn't import the <KEY value="NBHOST_ALIVE">
or <KEY value="NBHOST_TOTAL">
values from the XML file. Example: https://github.com/dradis/dradis-qualys/blob/master/spec/fixtures/files/two_hosts_common_issue.xml#L14
We could create Notes (example: https://github.com/dradis/dradis-nessus/blob/14420045f6c2f912693ff3d77cf821a48aa55b7e/lib/dradis/plugins/nessus/importer.rb#L89) and pull this in as a field (with the Plugin Manager configuration option).
Or we could pull this in as a Node property (example: https://github.com/dradis/dradis-nessus/blob/14420045f6c2f912693ff3d77cf821a48aa55b7e/lib/dradis/plugins/nessus/importer.rb#L55).
Originally requested by Austin
When a link includes brackets, they don't show up in the text. The link target is still correct.
The parentheses are being interpreted as URL's :title. Inquiring upstream for a workaround:
https://jgarber.lighthouseapp.com/projects/13054-redcloth/tickets/279-links-with-a-name-that-contains-a-trailing-whatever
If there is a colon after the link, it is duplicated in the report.
Also seems to be caused by the upstream parser that decides on purpose to leave railing : out of the link. So what we see is the one that is left outside but also the one that's coming from the link's text.
https://github.com/jgarber/redcloth/blob/master/spec/fixtures/links.yml#L179-L183
#[Description]#
https://test.com?alert(document.domain)
https://test.com?double_colon:
Links would export into the report like:
https://test.com?alert(document.domain)
https://test.com?double_colon:
Links export into the report like:
https://test.com?alert
https://test.com?double_colon::
Originally reported by Jarmo.
The text field under "New evidence content" is activated and writable.
The text field under "New evidence content" is deactivated. In order to write the evidence content, you need to save the empty evidence, click on edit, and then the text field is enabled.
Dradis version:
3.8.0
Ruby version:
ruby 2.3.3p222
OS version:
Raspbian 9
The 1234... field would be exposed as plugin_id.
The http://blah... field would be exposed as references.
Nothing!
Dradis version: 2.6
Ruby version:
OS version:
Most search requests return as expected, except the following which all produce the error below.
Search terms that break:
find
search
xml
python
exec
Search results should be displayed
ArgumentError in Search#index
Showing /opt/dradis-ce/app/views/kaminari/_paginator.html.erb where line #7 raised:
Attempting to generate a URL from non-sanitized request parameters! An attacker can inject malicious data into the generated URL, such as changing the host. Whitelist and sanitize passed parameters to be secure.
Extracted source (around line #7):
5
6
7
8
9
10
<%= prev_page_tag unless current_page.first? %>
<% each_page do |page| -%>
<% if page.left_outer? || page.right_outer? || page.inside_window? -%>
<%= page_tag page %>
<% elsif !page.was_truncated? -%>
<%= gap_tag %>
Trace of template inclusion: app/views/search/_results.html.erb, app/views/search/index.html.erb
Rails.root: /opt/dradis-ce
Application Trace | Framework Trace | Full Trace
app/views/kaminari/_paginator.html.erb:7:in block (2 levels) in _app_views_kaminari__paginator_html_erb__864226663__663325808' app/views/kaminari/_paginator.html.erb:5:in
block in _app_views_kaminari__paginator_html_erb__864226663__663325808'
app/views/kaminari/_paginator.html.erb:1:in _app_views_kaminari__paginator_html_erb__864226663__663325808' app/views/search/_results.html.erb:15:in
_app_views_search__results_html_erb__812644066__668098148'
app/views/search/index.html.erb:23:in `_app_views_search_index_html_erb__623506895__669320428'
Request
Parameters:
{"utf8"=>"✓", "q"=>"find"}
3.6
Ruby version:
ruby 2.2.2
OS version:
Linux kali 4.6.0-kali1-686 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) i686 GNU/Linux
Could you add a list of the required dependencies in the readme? It not very convenient to do trial and error.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
3 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up dradis (3.6.0-0kali1) ...
Warning: The home dir /var/lib/dradis you specified already exists.
The system user dradis' already exists. Exiting. DEPRECATION WARNING: before_filter is deprecated and will be removed in Rails 5.1. Use before_action instead. (called from require at /usr/lib/ruby/vendor_ruby/bundler/runtime.rb:91) DEPRECATION WARNING: before_filter is deprecated and will be removed in Rails 5.1. Use before_action instead. (called from require at /usr/lib/ruby/vendor_ruby/bundler/runtime.rb:91) Faraday::Builder is now Faraday::RackBuilder. Rails Error: Unable to access log file. Please ensure that /usr/lib/dradis/log/development.log exists and is writable (ie, make it writable for user and group: chmod 0664 /usr/lib/dradis/log/development.log). The log level has been raised to WARN and the output directed to STDERR until the problem is fixed. DEPRECATION WARNING: before_filter is deprecated and will be removed in Rails 5.1. Use before_action instead. (called from <top (required)> at /usr/lib/dradis/config/environment.rb:5) DEPRECATION WARNING: before_filter is deprecated and will be removed in Rails 5.1. Use before_action instead. (called from <top (required)> at /usr/lib/dradis/config/environment.rb:5) rails aborted! Errno::ENOENT: No such file or directory @ rb_sysopen - /usr/lib/dradis/log/resque.log bin/rails:4:in
require'
bin/rails:4:in `
dpkg: error processing package kali-linux-full (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of kali-linux-all:
kali-linux-all depends on kali-linux-full; however:
Package kali-linux-full is not configured yet.
dpkg: error processing package kali-linux-all (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
dradis
kali-linux-full
kali-linux-all
E: Sub-process /usr/bin/dpkg returned an error code (1)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.