When it comes to collaboration and sharing data during a penetration test, it is hard to beat the benefits and options available in Dradis. This is one of the two primary data collection tools we discussed in Chapter 3, Assessment Planning, and is often the tool of choice for data collection. As always, there needs to be some data available to us prior to being able to start. For this example, we will assume that a small business has asked us to perform a penetration test on their web server, which is still in the development stage and not available on the Internet. According to the rules of engagement, we are not allowed to access anything other than this one particular server, which can be reached locally on the 192.168.75.0/24
subnet. We are given VPN access to the 192.168.75.0/24
network and are allowed up to two simultaneous connections. The timeframe for testing is limited, and as such we intend to use two people to perform our test.
In order to follow...