So it looks like I’ll be giving a workshop during BSides London 2014 on the new Dradis HTTP API.
I’ve started a new repo for the engine that will implement the API and opened this thread to try to manage feature requests and ideas about implementation details. Feel free to contribute!
Sounds great Daniel!
Besides, the typical CRUD actions on User, Client and Project (incl. creating nodes, referencing a template, assigning authors), I think exposing the import/export functionality would make the API very useful.
2 Use cases:
- API call that creates a Word report for a project based on the template id and returns the docx file.
- API call that takes e.g an xml file, an import plugin name (e.g Nessus Scan) and the project id and then parses and imports the results.
Looks like you are well ahead in the game considering we don’t have any code yet. Buy yes, both are good ideas.
I think that 1 though will be slightly different, because going forwards I’ll be moving report generation to a background queue, meaning that it won’t be processed synchronously. So most likely you’ll get a Job UUID for your reporting request and then you can poll the server to check the job completion status. Once completed you’ll get a URL to download the report. Or something like that.
I’ve already added infrastructure to the repo to have versioned APIs which I think will be key to allow for a more organic growth of the interface (e.g. v1 ships with CRUD operations for basic classes, then in v2 we move on to CRUD for other classes, in v3 … etc. It’s just an example though).
Thanks for sharing these ideas.
To query all the nodes in the repo:
$ curl -u etd:dradis http://dradisframework.dev/api/nodes
"text":"Dradis Framework v2.10.0",
Or create a new node with:
$ curl -u etd:dradis -d "node[label]=from_api" http://dradisframework.dev/api/nodes
See the README for instructions on how to get this up and running in your Dradis today
A Question on the API. Does it work with CE / Pro or both? Was thinking I’d like to have a play with it as I get some time, but would be easier to run a test CE instance to avoid any chance of messing up my production Pro one…
CE should work now, see the README on how to activate.
I’m also working on a wrapper for Pro, will announce when ready though.