Dradis CE or Pro for OSCP


#1

Hi

Finally got Dradis CE working on the OSCP PWK Kali 2016.2 VM…

I wanted to explore a little before starting my labs in a couple of weeks. Has anyone recently used Dradis for the OSCP labs and exams?

Would you need the pro version to have a different ‘project’ for the labs and the exams separately? Any advantages in the Pro version from an OSCP perspective, i.e. HTML / DOC output?

Any tips from any users? Given the nature of OSCP I am thinking it will just be used for collating the NMAP and Nikto scan’s and the rest manually.

Thanks


#2

Finished my OSCP without Dradis. Used Freemind + yed + keepnote + OpenOffice für documentation.
Looking back I would say it would waste way too much time to implement a workflow from dradis import to OSCP report.
(That is, if you cannot find an existing oscp dradis template).

OSCP expects the report as PDF. They provide an odt / docx template. I guess it would be a good marketing strategy for dradis to create an OSCP template.

I used my own tool to merge all nmap scans. As I am using the pro version of Dradis now, I would still keep with my tool. Although it is helpfull to import nmap scans and generate the tables for an office document… this can also be achieved with magictree.

I guess the greatest advantage of dradis pro would be the issueLibrary, where you can write a vulnerability description once and reuse it again and again. In the OSCP however, you are going to meet different vulnerabilities on each system.

Keep in mind: Whatever tool you use, in the exam you won’t have time for bugsearch in your reporting tool. Find the tool you can work best with. Test it during the lab time. And if you write your own scripts for recon, consider using an json/xml output. It will allow you to import it to other tools easier.


#3

Thanks for your feedback. Have been playing with Dradis’s OSCP Compliance Package which provides an easy Export into HTML. From there it’s a simple copy and paste into the Word OSCP template, although I haven’t used it extensively yet. It seems to provided sections for the labs and exams and plugins for NMAP, Nikto, Metasploit and Burp that may come in handy.

Thanks for the thoughts about e Pro version, so far the CE version seems to fit my needs as I don’t need multiple project. Good to know I won’t be missing much with the issues library.

I’m not sure how it will work out, but so far it seems stable in the cursory testing I’ve done, but haven’t tested the plugins yet…


#4

@Kalaratri I’m Rachael with the Dradis support team and built the OSCP compliance pack you linked (so glad that you found it!). I know you’re probably looking for feedback from other test-takers but thought I’d chime in here as well to let you know that we would love the chance to improve the compliance pack to better fit your needs.

We just updated it to v0.3 in the past couple of weeks so that the report is organized by Host instead of by vuln rating based on feedback from other test takers. Be sure to check that out if you are still playing around with v0.2. If you come across anything that could bear improving, please just let me know how we can make your life a bit easier :slight_smile:


#5

That’s awesome and perfect timing. I was indeed using the 0.2 version, so have just installed the v0.3 version and all looks to be working OK. I ended up having to manually copy dradis_template-oscp.v0.3.html.erb into /var/lib/dradis/templates/reports/html_export/ as trying to use the:

Dradis:Plugins:Projects:Uoload:Template tool the process failed. I then uploaded the package and tried again to upload the template, this time the log said it succeeded, but after stopping and starting the dradis service I still didn’t have access to the 0.3 export report. But all seemingly working now I manually copied it over.

Many thanks for the update, will be putting it through it’s paces over the coming weeks.