HOWTO : Information gathering with Dradis on Back|Track 4 R2

Dradis is an effective information sharing tool. It is pre-installed in Back|Track 4 R2.



Step 1 :



Setting up Dradis server.



cd /pentest/misc/dradis/server

ruby ./script/server



Open your browser and the address is "https://localhost:3004". Accepted the certificate. Enter your password twice. Then, login to the system with your desired username and the previous password.



Or, you can use the default username and password, they are "etd" and "dradis" respectively.



Step 2 :



Setting up Dradis client.



nano /pentest/misc/dradis/client/conf/dradis.xml



Locate the following lines.









Change the default value of "etd" and "dradis" according to the Step 1 above when necessary.



cd /pentest/misc/dradis/client

ruby ./dradis.rb



A "dradis>" prompt will be displayed.



Step 3 :



Start MySQL. Open a new terminal and execute the following commands :



/etc/init.d/mysql start



msfconsole



At the "msf>" prompt, enter the following :



db_driver mysql



db_connect root:toor@127.0.0.1/msf3



load db_tracker



Then, scan the port of the target "192.168.56.101" with NMap.



nmap -v -sV 192.168.56.101 -oA subnet_1



db_import subnet_1.xml



Now, you can issue the following commands to inspect the result :



db_host

db_services



Step 4 :



Go back to the terminal where it has the "dradis>" prompt. Issue the following command :



import nmap /root/subnet_1.gnmap grepable



Then, go back to the browser and refresh. You will see the data has been imported.



Reference



How to use Dradis



That's all! See you.