Dradis is an extremely useful tool for keeping track of security projects and issues. In this post, I’ll show you a step-by-step method to get the Community Edition of Dradis up and running on an Ubuntu 18.04 Server so you can keep track of scope, issues, and penetration test plans for your projects.
The first thing we’ll do, of course, is to make sure that our Ubuntu 18.04 server is all up-to-date:
sudo apt update sudo apt upgrade
Next, we’ll install a laundry list of dependencies that we’ll need to have on our system to get Dradis (it’s a Ruby on Rails app) up and running:
curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list sudo apt update sudo apt install libmariadbclient-dev-compat mariadb-client-10.1 mariadb-server-10.1 git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev software-properties-common libffi-dev nodejs yarn
Now that all of that installing is done, we’ll be able to get Ruby installed. I like to use rbenv, so that’s what I’ll show you here. Note that at the time of this writing Dradis likes Ruby version 2.4.1, so that’s what we’ll use:
cd git clone https://github.com/rbenv/rbenv.git ~/.rbenv echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc echo 'eval "$(rbenv init -)"' >> ~/.bashrc exec $SHELL git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc exec $SHELL rbenv install 2.4.1 rbenv global 2.4.1 ruby -v
Finally! We’ve got our environment all set up. Now we can clone the Dradis Git repository and get our installation going:
git clone https://github.com/dradis/dradis-ce.git cd dradis-ce/
Before we actually run the setup, though, let’s make sure we don’t get in trouble with our gem requirements. There’s a wonderful gem called Bundler that is used to manage gem dependencies and installations in Rails apps, and we want to make sure that we have the right version installed. There can be problems trying to run Bundler 2 for gemsets that were originally bundled with Bundler 1 and vice-versa:
cat Gemfile.lock | grep -A 1 "BUNDLED WITH"
Now, at the time of this writing, I got the response:
BUNDLED WITH 1.17.3
So I know that I’m dealing with Bundler 1. Let’s go ahead and install that ourselves so we don’t run into trouble later:
gem install bundler -v "~>1.0"
Now that we’ve got that potential problem taken care of we can just run the Dradis setup script:
That will take a little while to run, but once it’s done you can start Dradis with the following command:
bundle exec rails server
Once your app is up and running you’ll see a message that it’s listening on 0.0.0.0:3000. You can just navigate in your favorite web browser to the IP address of your server on port 3000 to kick it off.
My IP is 192.168.187.135, so I’ll navigate to “http://192.168.187.135:3000” and Dradis will direct me to the password setup page to set my password:
Now that I’ve got that page up I can set a password. Dradis Community Edition doesn’t allow for individual accounts or multiple projects, so there will be a shared password for all users of this instance. Set that, and then you’ll be directed to the login page. Anyone who uses this will just pick a username so their work can be identified and use the shared password.
I’ll go ahead and log in as “Jason”, again using the shared password I set up earlier, and then I’m in!