Time
3 hours 55 minutes
Difficulty
Advanced
CEU/CPE
5

Video Description

In this lab, Subject Matter Expert Dean Pompilio discusses Dradis, a useful tool for gathering information and generating reports on that information. Dradis is a self- contained Web application that is a repository for gathering and organizing all your information. It is very simple to use and to configure to organize output from scans and word lists for password cracking and to attach files to a folder for a particular project. SME Pompilio stresses that life is a lot easier when you are organized, and good organization leads to fewer mistakes. This demonstration shows you how to:

  • access the Kali Web site
  • choose the reporting tools you will use, including Dradis
  • explore other options besides Dradis
  • generate a new password
  • open the command shell and start the service
  • login as an administrator and use the new password you created

SME Pompilio demonstrates the following Dradis functions that will allow you to thoroughly gather and organize all information for a project: - adding notes and attachments

  • adding a branch to the default options
  • adding a subfolder
  • using the functions and features of the system
  • generating filters
  • adding hosts
  • using the various export options

Video Transcription

00:04
Hello, everyone. This is Dean, Pompey, Leo,
00:08
and we're gonna do a demo of a tool that is useful for
00:13
gathering and organizing your information
00:16
and giving you some options for generating reports
00:20
on that information.
00:22
These could be things like
00:24
your outputs from certain types of scans or
00:28
perhaps your your word list that you're generating for password cracking.
00:34
Maybe you want to attach some some files, too,
00:38
your your folder for a particular
00:41
project.
00:42
And Dre just gives us a nice, nice tool to do this.
00:46
So first thing we'll do is
00:50
open up our Web browser and we'll go to the ER
00:54
Callie Tools website.
01:03
Well, look at our list of tools,
01:04
and if we scroll down
01:07
to the reporting tools we confined greatest here.
01:11
There are other options.
01:14
Feel free to explore these as as you wish.
01:17
But Dre, this is really easy to use, so we'll go ahead and try this one.
01:23
So this allows you to share the information,
01:26
and it's a self contained Web application. So lets you have a repositories that you can use for,
01:36
as I said, organizing and gathering all of your information.
01:41
So the first thing you need to do is start service
01:45
and then connect to the Web site on poor 3004.
01:52
The first time you connect, you'll be prompted to generate a password. I've already done that step, so you're not going to see that here.
01:59
But this is what the screen would look like.
02:02
All right, let's open up our command shell
02:06
and we will start.
02:12
The service
02:17
takes couple seconds. All right, that's done.
02:22
Now let's go back to our Web browser.
02:27
Notice that it is as I sell.
02:35
So we'll go to our loop back address and pour 3004
02:40
so I'll go ahead and log in with the the the admin
02:45
user name and password that I created.
02:54
Okay, so we get a sample
02:59
that's created for for the default install,
03:02
and we can see we've got some areas here. We can add notes,
03:07
and we can add attachments. There's tabs along the bottom to do this
03:14
as you can explore the
03:16
the default information that was generated. What I'm gonna do is add a branch and a branch is just
03:24
a another folder, if you will,
03:27
for
03:30
let's let's actually call this
03:32
social engineering audit. Okay,
03:37
so I have
03:38
I've got my my branch that created just a folder to organize my information.
03:43
And the first thing I want to do is look at my no categories.
03:47
I've got HTML export possibilities. I've got the ability to export and word format.
03:55
I'm gonna go ahead and add a note,
04:06
So just a little sample there
04:10
and the preview shows you what it would look like once you, uh,
04:14
to an export.
04:15
So save that Now that's created,
04:18
and I can have another note,
04:25
and these will just accumulate. And we've got a nice time. Stamp information here
04:30
can also import notes,
04:33
and so you'll pick a source and a few different formats are supported.
04:40
So med exploit ah, database format or from wiki or from a vulnerability database.
04:46
Depending on the kind of work you're doing,
04:48
this could be a really useful feature.
04:55
We can also,
04:57
uh,
04:58
generate some filters.
05:00
For instance, I'll just pick this format
05:02
and I can look for ah, filter for a particular version of Wiki,
05:13
and then you would
05:15
point this towards the director that you're searching for.
05:19
But in the case of the audit,
05:23
we can have a child,
05:26
So this means that I've got a sub folder.
05:31
So maybe I've got
05:34
Target number one
05:36
as part of the
05:41
activity.
05:42
And I wanted generate another folder for target number two.
05:47
Ah, you can even add
05:50
hosts if you want to, uh, use this level of detail.
06:00
And if, for instance, I might go to my my first target,
06:08
I don't have any notes generated for for this target,
06:11
but I could select an attachment.
06:15
And maybe I decide that there is a
06:23
file that I'd like to attach to this
06:27
particular audits. I'll go to a director, Rhino. I gots an interesting files.
06:32
I did a demo
06:34
for the Seif Chul earlier.
06:42
I'm gonna scroll down and find that folder.
06:54
And in this folder, I generated
07:01
a nice
07:03
list of words that I can use for a dictionary attack
07:11
so I can open that file now that out filed, that tax is attached to the target one folder.
07:17
So if you're organizing your information for your
07:20
you're you're sprawling social engineering audit,
07:25
this could make your life a lot easier.
07:27
It's always good to be organized,
07:30
and it helps to
07:32
avoid making mistakes.
07:34
For instance, you might be
07:36
collecting
07:38
information about it. Several different targets at a given organization, and you want to make sure you've got all the information straight. For each of those, you might have notes about
07:47
some of the targets, names or the names of their associates or the names of their
07:54
their management staff.
07:56
So keeping this information organized on a per folder basis
08:01
gives you a much better chance of avoiding making a mistake that will
08:07
will blow your cover, so to speak.
08:11
All right, so hope you enjoy the demo. Here. You can use this tool. Thio do some interesting things.
08:18
Let's look real quick
08:20
at our export options
08:24
so we can generate a report in word format
08:30
we got
08:30
Have a look, a template.
08:33
If that was an option,
08:35
lips, you re select that
08:41
we have HT helm html export information.
08:46
So depending on what, there's no data here to really see right now, because I haven't really entered any
08:52
notes,
08:56
I shall have some information on this records. Let's see if we can
09:15
so you can generate through the export as a template or as a project.
09:20
And
09:20
as you'll see when you start using the tool
09:24
during the process of your audit, you'll have a differing requirements for how you want to organize the information on what's gonna be most useful for your personal style that you like Thio operate with
09:39
anyway. Very simple tool to use their simple to configure and pretty useful.
09:43
So go ahead and explored Greatest. And I'll see you in the next demo.
09:46
Thank you.

Up Next

Social Engineering and Manipulation

In this online, self-paced Social Engineering and Manipulation training class, you will learn how some of the most elegant social engineering attacks take place. Learn to perform these scenarios and what is done during each step of the attack.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor