Executive Report jinja2 Template Context json

Executive Report jinja2 Template Context json

These are examples of jinja2 static dataset usage.

You can access this information from the docx template.
Executive reports use jinja for rendering the report, check jinja documentation for more details.
methodologies can be used from version 3.12 onwards

Generic Report context

This report lists all vulnerabilities of the workspace, there is an alternative way to create group reports.

  1. {
            "counter_severity": <severities dict>,
            "date": <datetime>,
            "enterprise": format_text_docxtpl_patch(report.enterprise),
            "hosts": <list host>,
            "hosts_amount": <int>,
            "overview_images": <image>,
            "vulnerabilities_image": <image>,
            "ease_resolution_image": <image>,
            "impact_image": <image>,
            "services": <list service>,
            "services_amount": <int>,
            "title": <str>,
            "vulns": <list of vuln>,
            "vulns_amount": <int>,
            "workspace": <workspace_object>,

           "conclusions": <string>,
            "objectives": <string>,
            "recommendations": <string>,
            "scope": <string>,
            "summary": <string>,
            "methodologies": [<methodology>]
    }

Grouped Report

This type of report groups the data using the name and description of the vulnerability. 
vulns_grouped_amount number of vulnerabilities in the group.
  1. {
            "counter_severity": <dict severities>,
            "date": <datetime>,
            "enterprise": format_text_docxtpl_patch((report.enterprise)),
            "hosts": <list host>,
            "hosts_amount": <int>,
            "overview_images": <image>,
            "vulnerabilities_image": <image>,
            "ease_resolution_image": <image>,
            "impact_image": <image>,
            "services": <list service>,
            "services_amount": <int>,
            "title": <str>,
            "vulns": <list of vuln>,
            "vulns_amount": <int>,
            "vulns_grouped_amount": <int>,
            "workspace":<str>,

            "conclusions": <string>,
            "objectives": <string>,
            "recommendations": <string>,
            "scope": <string>,
            "summary": <string>,
            "methodologies": [<methodology>]
    }

Host

  1. {
       '_rev': '',
       'type': 'Host',
       '_id': 1,
       'versions': [],
       'owned': False,
       'mac': <str>,
       'os': 'Linux Kernel 3.8',
       'owner': None,
       'services': 1,
       'ip': '127.0.0.1',
       'default_gateway': '',
       'service_summaries': ['(80/tcp) www'],
       'tags': ['QA'],
       'credentials': 0,
       'description': '',
       'name': '127.0.0.1',
       'hostnames': ['localhost'],
       'metadata': {'create_time': <datetime>,
       'update_time': <datetime>,
       'creator': '',
        'update_controller_action': '',
       'owner': None,
       'command_id': None,
       'update_action': 0,
       'update_user': None},
       'id': 1,
       'vulns': 91
    }

Service

  1. {
       '_rev': '',
       'type': 'Service',
       '_id': 1,
       'owned': False,
       'summary': '(80/tcp) http',
       'version': 'unknown',
       'parent': 4,
       'owner': None,
       'tags': ['QA'],
       'protocol': 'tcp',
       'credentials': 0,
       'port': <int>,
       'description': '',
       'name': 'http',
       'host_id': 4,
       'ports': 80,
       'metadata': {'create_time': <datetime>,
       'update_time': <datetime>,
       'creator': '',
       'update_controller_action': '',
       'owner': None,
       'command_id': None,
       'update_action': 0,
       'update_user': None},
       'id': 1,
       'vulns': 1,
       'status': 'open'
    }

Vulnerability


  1. {
        'data': <SubDoc>,
       'vulnerability_duplicate_id': None,
       'confirmed': False,
       '_rev': '',
       'easeofresolution': None,
       'childs': [],
       'type': 'Vulnerability',
       '_id': 1,
       'severity': 'med',
       'refs': ['CVSS: 3.2'],
       'date': <datetime>,
       'owned': False,
       'parent': 1,
       'policyviolations': [],
       'resolution': 'Resolution text',
       'owner': None,
       'service': {'version': 'unknown',
       'name': 'postgresql',
       'protocol': 'tcp',
       'ports': 80,
       '_id': 1,
       'summary': '(80/tcp) http',
       'status': 'open'},
       'issuetracker': {},
       'update_user': None,
       'external_id': '1233',
       'tags': [],
       'vulnerability_template_id': None,
       'impact': {'accountability': False,
       'confidentiality': False,
       'integrity': False,
       'availability': False},
       'obj_id': '1',
       'custom_fields': {'list': None, 'integer': None, 'choice': None},
       'parent_type': 'Service',
       'description': 'Description',
       'host_os': 'Linux Kernel 4.8',
       'name': 'Vulnerability title',
       '_attachments': {},
       'hostnames': ['localhost'],
       'desc': <SubDoc>,
       'target': '127.0.0.1',
       'metadata': {'create_time': <datetime>,
       'update_time': <datetime>,
       'creator': 'OpenVAS',
       'update_controller_action': '',
       'owner': None,
       'command_id': 1,
       'update_action': 0,
       'update_user': None},
       'status': 'opened',
       'id': 1,
       '__target__': '127.0.0.1 / 80 / tcp'
    }

Methodology 

  1. {
        "name": "<string>",
        
    "tasks": "<list task>",
    }

Task

  1. {
        "status": "<string>",
        "group_id": "<int>",
        "_id": "<int>",
        "name": "<string>",
        "assigned_to": "<list int>",
        "assigned_users": "<list string>",
        "description": "<string>",
        "due_date": "<int>",
        "workspace": "<int>",
        "tags": "<list string>"
    }

Example usage of methodologies



{% for methodology in methodologies %}
   Name: {{ methodology.name}}
   Tasks
   {% for task in methodology.tasks %}
      Task name:
      {{ task.name }}
      Status:
      {{ task.status }}
      Tags:
      {% for tag in task.tags %}
         * {{ tag }}
      {% endfor %}
      Assigned users:
      {% for assigned_user in task.assigned_users %}
          * {{assigned_user.username}}
      {% endfor %}
      Description:
      {{ task.description }}
      Due date:
      {{ task.due_date}}
   {% endfor %}
{% endfor %}









    Still looking for answers? You can try opening a ticket.
      • Related Articles

      • Executive Report

        Intro No more 3AM reporting! The Executive Report feature lets you create (as the name implies) reports using the results obtained in each workspace. When an Executive Report is created, all the data from the Status Report is automatically processed ...
      • Build your own Report template

        Available Variables The data available to the Report template is: General Variables conclusions - contains the text loaded when creating the report date - the date when the Report was created, as the name of the month and four digits for the year ...
      • Jinja was looking for the following tags: 'endmacro'.

        Upon FaradaySEC v3.12 we upgraded our jinja templates libraries, this affected our macro. In our original template the macro contains a "-" which is now incompatible and requires template update. The correct macro is: {% macro severity(name) %}{% if ...
      • Using Markdown on a Report

        For using markdown on Executive Reports, please enable it on /home/faraday/.faraday/config/server.ini by adding: [executive_report] markdown = true On your templates, to render the markdown you must use the p filter, like this:  {{ p vuln.description ...
      • Faraday is not importing my report

        First let's make sure there is a Plugin to parse it so make sure your tool is listed in our Plugin List.  Not there? Code your own or ask us to do it. You can also try to force Faraday to process a report with a certain plugin. For example, let's say ...