Kali Reporting with Git and Dradis

Introduction

In this lab, you will learn how to manage and report findings using Kali Linux with Git for version control and Dradis for structured reporting. You will initialize a Git repository, import sample results into Dradis, organize findings by severity, and export a professional report. These steps will help you build essential cybersecurity skills in a controlled environment. All operations will be performed within a Kali Linux container, which is automatically set up for you. When you open the terminal, you will be directly connected to the Kali Linux container's shell, ready to start practicing.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL kali(("Kali")) -.-> kali/KaliGroup(["Kali"]) kali/KaliGroup -.-> kali/file_ctrl("File Management") kali/KaliGroup -.-> kali/pkg_ops("Package Management") kali/KaliGroup -.-> kali/bash_code("Bash Scripting") kali/KaliGroup -.-> kali/git_ctrl("Git Version Control") subgraph Lab Skills kali/file_ctrl -.-> lab-552299{{"Kali Reporting with Git and Dradis"}} kali/pkg_ops -.-> lab-552299{{"Kali Reporting with Git and Dradis"}} kali/bash_code -.-> lab-552299{{"Kali Reporting with Git and Dradis"}} kali/git_ctrl -.-> lab-552299{{"Kali Reporting with Git and Dradis"}} end

Setting Up the Environment and Installing Required Tools

In this first step, you will set up your working environment inside the Kali Linux container and install the necessary tools for the lab. When you open the terminal in the LabEx VM environment, you will be automatically connected to the Kali Linux container's shell. There is no need to manually start the container or enter the shell; the environment is already configured for you.

Let's begin by updating the package list and installing essential tools like git for version control and other utilities that will be used later. Since we are working in a fresh Kali Linux container, we need to ensure all required software is installed.

Run the following commands in the terminal to update the package list and install git:

apt update
apt install -y git

The apt update command refreshes the package list from the configured repositories, ensuring you have the latest information on available packages. The apt install -y git command installs git without prompting for confirmation. This process may take a few seconds to complete.

Expected Output (example, actual output may vary):

Hit:1 http://mirrors.cloud.aliyuncs.com/kali kali-rolling InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
...
Setting up git (1:2.39.2-1) ...

This output indicates that the package list has been updated and git has been successfully installed. With git in place, you are ready to initialize a repository in the next step. This foundational setup ensures that all subsequent operations can be performed smoothly within the Kali Linux container.

Initializing a Git Repository

Now that you have git installed in your Kali Linux container, you will initialize a Git repository to manage your project files. Git is a version control system that helps track changes to your files over time, making it easier to collaborate and maintain different versions of your work.

You are already in the Kali Linux container's shell, as the terminal automatically connects you to it upon opening. By default, you start in the /root directory inside the container. For consistency, let's create a dedicated directory for our project at /root/project and initialize the Git repository there.

Run the following commands to create the directory and initialize a Git repository:

mkdir -p /root/project
cd /root/project
git init

The mkdir -p /root/project command creates the /root/project directory if it doesn't already exist. The cd /root/project command navigates you into this directory. Finally, git init initializes a new Git repository in this location, creating a hidden .git folder to store version control information.

Expected Output for git init (example, actual output may vary):

Initialized empty Git repository in /root/project/.git/

This output confirms that the Git repository has been successfully created in the /root/project directory. Initializing a Git repository is the first step in version control, allowing you to track changes to files as you add them in later steps. In the next step, you will create sample data to simulate importing results into Dradis, building on this repository setup.

Creating Sample Results for Dradis Import

In this step, you will create sample data to simulate importing results into Dradis, a tool used for collaboration and reporting in security assessments. Dradis helps centralize findings from various tools and organize them for reporting. Since setting up a full Dradis instance inside the Kali Linux container is complex, we will simulate the process by creating structured text files that represent scan results.

You are already working in the /root/project directory inside the Kali Linux container. Let's create a subdirectory named results to store these sample findings and add a text file with mock data. This step builds on the Git repository you initialized earlier, allowing you to track these files under version control.

Run the following commands to create the results directory and a sample file:

mkdir -p /root/project/results
nano /root/project/results/scan_results.txt

The mkdir -p /root/project/results command creates the results subdirectory within your project folder. The nano /root/project/results/scan_results.txt command opens the nano text editor to create and edit a file named scan_results.txt in that directory.

In the nano editor, type the following content to simulate a basic scan result:

Sample Scan Results
Vulnerability: Open Port 80
Severity: Medium
Description: HTTP service detected on port 80.

To save and exit nano, press Ctrl+O, then press Enter to write the file, and finally press Ctrl+X to exit the editor.

Now, add this file to your Git repository to track it by running:

cd /root/project
git add results/
git commit -m "Add sample scan results for Dradis import"

The git add results/ command stages the results directory and its contents for version control. The git commit -m "Add sample scan results for Dradis import" command commits the changes with a descriptive message.

Expected Output for git commit (example, actual output may vary):

[master (root-commit) xxxxxx] Add sample scan results for Dradis import
 1 file changed, 4 insertions(+)
 create mode 100644 results/scan_results.txt

This output confirms that the sample results file has been successfully committed to your Git repository. By creating and tracking this file, you are simulating the process of importing data into Dradis, which typically involves uploading results from security tools. In the next step, you will organize these findings into categories, mimicking how Dradis structures data for reporting.

Organizing Findings by Severity

Having created sample results in the previous step, you will now organize these findings into categories based on severity, simulating how Dradis structures data for reporting. In a real Dradis setup, you would categorize issues like vulnerabilities into groups such as critical or medium within a web interface. Here, we will mimic this process by creating subdirectories and files within your /root/project directory in the Kali Linux container.

Let's create a findings directory with two subdirectories, critical and medium, to represent different severity levels. You will then add specific finding files to each category and track them using Git.

Run the following commands to create the directory structure:

mkdir -p /root/project/findings/critical
mkdir -p /root/project/findings/medium

These commands create the findings directory with critical and medium subdirectories inside it. Now, let's add a sample finding to the critical category by creating a text file. Run:

nano /root/project/findings/critical/critical_issue.txt

In the nano editor, type the following content to represent a critical finding:

Critical Finding
Issue: Unencrypted Database Connection
Severity: Critical
Description: Database connection on port 3306 is not encrypted.
Recommendation: Enable TLS for database connections.

Save and exit nano by pressing Ctrl+O, then Enter, and finally Ctrl+X.

Next, add a sample finding to the medium category by running:

nano /root/project/findings/medium/medium_issue.txt

In the nano editor, type the following content:

Medium Finding
Issue: Open HTTP Port
Severity: Medium
Description: HTTP service detected on port 80.
Recommendation: Redirect HTTP to HTTPS.

Save and exit nano as before. Now, commit these files to your Git repository by running:

cd /root/project
git add findings/
git commit -m "Organize findings into critical and medium categories"

The git add findings/ command stages the new files, and the git commit command saves the changes with a message.

Expected Output for git commit (example, actual output may vary):

[master xxxxxx] Organize findings into critical and medium categories
 2 files changed, 10 insertions(+)
 create mode 100644 findings/critical/critical_issue.txt
 create mode 100644 findings/medium/medium_issue.txt

This output confirms that the files representing categorized findings have been committed to your repository. Organizing findings by severity is a key step in preparing structured reports, as it helps prioritize issues for remediation. In the next step, you will simulate exporting these findings as a report, building on the structure you've created.

Simulating Export of a Dradis Report

In this final step, you will simulate exporting a report from Dradis by creating a consolidated text file that summarizes the findings you've organized. In a real-world scenario, Dradis allows you to export findings as a formatted PDF report through its web interface. Due to the constraints of the Kali Linux container environment, we will mimic this process by manually creating a text file in the /root/project directory that represents the content of such a report.

Let's create a reports directory and a text file named dradis_report.txt to summarize the findings. Run the following commands to set up the directory and create the file:

mkdir -p /root/project/reports
nano /root/project/reports/dradis_report.txt

The mkdir -p /root/project/reports command creates a reports directory to store the simulated report. The nano command opens the editor for creating dradis_report.txt inside this directory.

In the nano editor, type the following content to summarize the findings as if exported from Dradis:

Dradis Report - Security Assessment
Generated on: [Current Date]

1. Critical Findings
Issue: Unencrypted Database Connection
Severity: Critical
Description: Database connection on port 3306 is not encrypted.
Recommendation: Enable TLS for database connections.

2. Medium Findings
Issue: Open HTTP Port
Severity: Medium
Description: HTTP service detected on port 80.
Recommendation: Redirect HTTP to HTTPS.

Summary: This report consolidates findings from the security assessment for review and action.

Save and exit nano by pressing Ctrl+O, then Enter, and finally Ctrl+X. Now, commit this report file to your Git repository by running:

cd /root/project
git add reports/
git commit -m "Add simulated Dradis report file"

The git add reports/ command stages the report file, and the git commit command saves the change.

Expected Output for git commit (example, actual output may vary):

[master xxxxxx] Add simulated Dradis report file
 1 file changed, 14 insertions(+)
 create mode 100644 reports/dradis_report.txt

This output confirms that the simulated report file has been committed to your repository. Creating this file simulates the process of exporting a structured report from Dradis, which is a critical skill for presenting findings to stakeholders in cybersecurity projects. This step completes the workflow from initializing a Git repository to producing a final report within the Kali Linux container.

Summary

In this lab, you have learned how to manage and report findings using Kali Linux with Git for version control and Dradis for structured reporting. You started by setting up your environment and installing necessary tools like Git within a Kali Linux container. Then, you initialized a Git repository, created sample results to simulate importing data into Dradis, organized findings by severity, and finally simulated exporting a report. These steps provided a foundational understanding of version control and structured reporting, essential skills for cybersecurity professionals working in controlled environments.