Back to Cookbook

Dradis Fast Reporting Starter

Import tool output, dedupe, and generate consistent deliverables

Pentest reporting is tedious. Dradis CE centralizes evidence and automates imports from Nmap, Burp, and Nessus. This recipe is a pragmatic quickstart — get a Dradis instance running, import scan artifacts, triage findings, and generate a first-pass report.

House RecipeWork20 min

INGREDIENTS

🔍Web

PROMPT

Create a skill called "Dradis Fast Reporting Starter". Inputs I will provide: - Where my engagement files are stored (paths) - Which tools I used and what export formats I have - Required final report format (PDF/Word/HTML) and any client templates Task: 1) Provide a minimal Dradis setup/run plan suitable for local or internal server use. 2) Produce an import checklist per tool (Nmap, Burp, Nessus). 3) Provide a triage workflow: dedupe, normalize titles/severity, and attach evidence. 4) Provide a report skeleton outline so the imports map cleanly into deliverables.

What this fixes

Common symptoms:

  • Findings and evidence scattered across files and tools
  • Manual copy/paste into Word templates causes errors and inconsistency
  • Teams need a repeatable report structure and a reusable findings library

Prerequisites

  • A machine to host Dradis (local VM or dedicated internal server)
  • Engagement artifacts in importable formats (Nmap XML, Burp XML, Nessus, etc.)
  • Approved storage location for engagement data

Steps and commands

  1. Install/run Dradis Community Edition:
  • Decide where data will persist (volume or local directory).
  • Ensure you can access the web UI from your workstation.
  1. Create a project per engagement:
  • Set scope, methodology, and engagement metadata first.
  1. Import tool output:
  • Import Nmap XML and confirm hosts/services populate.
  • Import Burp findings/evidence if applicable.
  • De-duplicate overlapping findings during triage.
  1. Triage and normalize:
  • Standardize finding titles and severity ratings.
  • Attach evidence screenshots/outputs to each finding.
  • Remove informational noise that doesn't belong in the report.
  1. Generate a first-pass report:
  • Produce an executive summary shell + findings list.
  • Export to the required format (PDF/Word/HTML) if configured.

Expected outputs

  • A centralized project containing hosts, findings, and evidence
  • An initial report draft that can be refined by an analyst
  • A reusable findings library for future engagements

Common errors and troubleshooting

  • Imports succeed but data looks incomplete
  • Verify you exported the correct formats (Nmap XML, not grepable).
  • Spot-check with a small sample file first.
  • Report template mismatch
  • Start with a minimal template; add custom formatting after data imports stabilize.
  • Duplicate findings across tools
  • Triage after all imports are complete; merge overlapping entries before export.

References

  • https://github.com/dradis/dradis-ce
  • https://discuss.dradis.com/
  • https://www.reddit.com/r/AskNetsec/comments/dhxb80/pentest_reporting_framework_comparison_serpico_vs/

Example inputs

  • Nmap: nmap.xml
  • Burp: burp.xml
  • Nessus: nessus.nessus
Tags:#pentesting#reporting#dradis#collaboration#workflow