Build your own Report template

Build your own Report template

Available Variables

The data available to the Report template is:

General Variables

Hosts Variables

  • hosts_amount - an int containing the amount of hosts in the Workspace

  • hosts - a dictionary with all the hosts in the Workspace

    • type

    • description

    • default_gateway

    • ip

    • owned

    • tags

    • name

    • services

    • versions

    • mac

    • hostnames

    • vulns

    • owner

    • credentials

    • service_summaries

    • id

    • os

    • metadata

Service Variables

  • services_amount - an int containing the amount of services in the Workspace

  • services - a dictionary with all the services in the Workspace

    • status

    • protocol

    • description

    • parent

    • tags

    • vulns

    • metadata

    • owned

    • summary

    • port

    • owner

    • version

    • host_id

    • id

    • credentials

    • type

    • ports

    • name

Vulnerability Variables

  • counter_severity - a dictionary with all the severities and the amount of vulns for each one vulnerability pie charts

  • vulns_amount - an int containing the amount of vulnerabilities in the Workspace except for vulns with severity unclassified, which are not included

  • vulns - a dictionary with all the vulnerabilities in the Workspace except for vulns with severity unclassified, which are not included

    • update_user

    • parent_type

    • owned

    • owner

    • id

    • impact

    • confirmed

    • severity

    • service

    • data

    • policyviolations

    • evidence_subdoc

    • type

    • refs

    • metadata

    • status

    • issuetracker

    • description

    • parent

    • tags

    • easeofresolution

    • hostnames

    • date

    • host_os

    • desc

    • name

    • obj_id

    • target

    • resolution

    • severity_numbers

    • method

    • params

    • website

    • query

    • path

    • request

    • response


Grouped reports will have an additional field:
  • vulns_grouped_amount - an int containing the total amount of vulnerabilities after grouping


Workspace Variables

  • workspace.scope - a list containing the different scopes of the workspace.


  • workspace - a dictionary with all workspace information.


  • name

  • description

  • id

  • duration.start_date

  • duration.end_date

  • users

  • update_date

  • stats.total_vulns

  • stats.std_vulns

  • stats.web_vulns

  • stats.code_vulns

  • stats.hosts

  • stats.services

  • stats.credentials

  • public

  • readonly

  • active

  • create_date

  • _id

Note: start_date and end_date are displayed in timestamp format. If you want to change their format, you can use datetimeformat() function and pass the desired format as parameter. E.g.:

   workspace.duration.start_date|datetimeformat('%m-%d-%Y')

   workspace.duration.end_date|datetimeformat('%B %Y')


For more information about date format check Python docs.


Custom Fields in Executive Report

You can access your Custom Fields on the docx templates like a dictionary and by the field name:

vuln.custom_fields["cvss"] 

    Still looking for answers? You can try opening a ticket.
      • Related Articles

      • Executive Report

        Intro No more 3AM reporting! The Executive Report feature lets you create (as the name implies) reports using the results obtained in each workspace. When an Executive Report is created, all the data from the Status Report is automatically processed ...
      • Executive Report jinja2 Template Context json

        These are examples of jinja2 static dataset usage. You can access this information from the docx template. Executive reports use jinja for rendering the report, check jinja documentation for more details. methodologies can be used from version 3.12 ...
      • Using Markdown on a Report

        For using markdown on Executive Reports, please enable it on /home/faraday/.faraday/config/server.ini by adding: [executive_report] markdown = true On your templates, to render the markdown you must use the p filter, like this:  {{ p vuln.description ...
      • Faraday is not importing my report

        First let's make sure there is a Plugin to parse it so make sure your tool is listed in our Plugin List.  Not there? Code your own or ask us to do it. You can also try to force Faraday to process a report with a certain plugin. For example, let's say ...
      • Jinja was looking for the following tags: 'endmacro'.

        Upon FaradaySEC v3.12 we upgraded our jinja templates libraries, this affected our macro. In our original template the macro contains a "-" which is now incompatible and requires template update. The correct macro is: {% macro severity(name) %}{% if ...