When it comes to collaboration and sharing of data during a penetration test it is hard to beat the benefits and options available in Dradis. This is one of the two primary data collection tools we had discussed in Chapter 1, Planning and Scoping for a Successful Penetration Test, and is oftentimes the tool of choice for data collection. As always, there needs to be some data available to us prior to being able to start. For this example, we will assume that a small business has asked us to perform a penetration test on their web server, which is still in the development stage and not available on the Internet. According to the rules of engagement we are not allowed to access anything other than this one particular server which can be reached locally on the 192.168.75.0/24 subnet. We are given VPN access to the 192.168.75.0/24 network and are allowed up to two simultaneous connections. The timeframe for testing is limited and as such we intend to use two...