jhj7476/ March 13, 2019/ Security/ 0 comments

Dradis is an extremely useful tool for keeping track of security projects and issues. In this post, I’ll show you a step-by-step method to get the Community Edition of Dradis up and running on an Ubuntu 18.04 Server so you can keep track of scope, issues, and penetration test plans for your projects.

The first thing we’ll do, of course, is to make sure that our Ubuntu 18.04 server is all up-to-date:

sudo apt update
sudo apt upgrade

Next, we’ll install a laundry list of dependencies that we’ll need to have on our system to get Dradis (it’s a Ruby on Rails app) up and running:

curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list

sudo apt update
sudo apt install libmariadbclient-dev-compat mariadb-client-10.1 mariadb-server-10.1 git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev software-properties-common libffi-dev nodejs yarn

Now that all of that installing is done, we’ll be able to get Ruby installed. I like to use rbenv, so that’s what I’ll show you here. Note that at the time of this writing Dradis likes Ruby version 2.4.1, so that’s what we’ll use:

cd
git clone https://github.com/rbenv/rbenv.git ~/.rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
exec $SHELL

git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc
exec $SHELL

rbenv install 2.4.1
rbenv global 2.4.1
ruby -v

Finally! We’ve got our environment all set up. Now we can clone the Dradis Git repository and get our installation going:

git clone https://github.com/dradis/dradis-ce.git
cd dradis-ce/

Before we actually run the setup, though, let’s make sure we don’t get in trouble with our gem requirements. There’s a wonderful gem called Bundler that is used to manage gem dependencies and installations in Rails apps, and we want to make sure that we have the right version installed. There can be problems trying to run Bundler 2 for gemsets that were originally bundled with Bundler 1 and vice-versa:

cat Gemfile.lock | grep -A 1 "BUNDLED WITH"

Now, at the time of this writing, I got the response:

BUNDLED WITH
  1.17.3

So I know that I’m dealing with Bundler 1. Let’s go ahead and install that ourselves so we don’t run into trouble later:

gem install bundler -v "~>1.0"

Now that we’ve got that potential problem taken care of we can just run the Dradis setup script:

./bin/setup

That will take a little while to run, but once it’s done you can start Dradis with the following command:

bundle exec rails server

Once your app is up and running you’ll see a message that it’s listening on 0.0.0.0:3000. You can just navigate in your favorite web browser to the IP address of your server on port 3000 to kick it off.

My IP is 192.168.187.135, so I’ll navigate to “http://192.168.187.135:3000” and Dradis will direct me to the password setup page to set my password:

Dradis Setup

Dradis Setup

Now that I’ve got that page up I can set a password. Dradis Community Edition doesn’t allow for individual accounts or multiple projects, so there will be a shared password for all users of this instance. Set that, and then you’ll be directed to the login page. Anyone who uses this will just pick a username so their work can be identified and use the shared password.

Dradis Login Screen

Dradis Login Screen

I’ll go ahead and log in as “Jason”, again using the shared password I set up earlier, and then I’m in!

Dradis Running

Dradis Running

Share this Post

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>
*
*