= Dradis Framework =

Dradis Framework
- Developer: The Dradis Framework community
- Latest Release Version: 4.18.0
- Programming Language: Ruby, Ruby on Rails
- Operating System: Cross-platform
- Genre: Penetration test tool
- License: GPLv2

Dradis Framework is an open-source web application designed for security testing teams to collaborate and generate reports. It functions as a centralized repository to consolidate findings, notes and evidence from various security tools and manual testing processes during penetration tests and vulnerability assessments.
== History ==
Dradis Framework was first released in 2007. It was created to address the challenge of managing and correlating information from multiple tools and testers during security engagements. The project's name is inspired by the radar-like system from the television series Battlestar Galactica, a reference to its role as a central information system.

The framework gained early exposure through presentations at major security conferences, starting with its introduction at DEF CON 17 in 2009. Its development has been community-driven, with its source code hosted on GitHub.

Like many mature software projects, it has addressed security vulnerabilities during its development, such as a XSS vulnerability documented in 2019.

== Features ==
The Dradis Framework is built on the Ruby on Rails framework. Its core functionality includes:

- A centralized database for project information, including notes, findings, and evidence.
- Collaboration features allowing multiple testers to work on the same project simultaneously.
- A reporting engine that generates consolidated reports from the collected data.
- An upload feature and a plugin architecture for importing data from other security tools.
- A REST API for programmatic interaction and integration with external systems.

The framework supports integration with web application testing tools such as Burp Suite through official extensions.

== Usage ==
Dradis is primarily used by penetration testers and security assessment teams. Its main use case is to serve as the central hub for a security test, where output from scanners like Nmap, Burp Suite, and Nessus is imported and enriched with manual findings. This consolidated data is then used to produce the final client report.

The framework is included in several security-focused Linux distributions, most notably Kali Linux.

=== Editions ===
- Dradis Community Edition (CE): The free and open-source version, available under the GPLv2 license.
- Dradis Professional: A commercial version that includes additional features such as advanced reporting templates, user management, and dedicated support.

== Reception ==
The Dradis Framework has been recognized as a tool for streamlining the reporting process in penetration testing. It is referenced in the syllabus for the CompTIA PenTest+ certification. The tool has been covered in multiple textbooks on penetration testing and ethical hacking, establishing its role in the field.

The framework has been referenced in security bulletins by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as part of recommended security assessment toolkits.

It has been featured in professional security training materials and presentations by international cybersecurity firms such as Japan's iSEC.

Dradis Framework has been adopted in academic settings, including graduate-level cybersecurity curricula and featured in peer-reviewed educational research.

The framework has been presented at security conferences, including DEF CON, Black Hat, and Security BSides.

== See also ==
- Metasploit Project
- Kali Linux
- Penetration test
