Faraday vulnerability search

Faraday vulnerability search


The vulnerability search allows you to build search queries to search for vulnerabilities.

screenshot of vulnerability search
For using the search you need to know the vulnerability attributes and its relationships.
Vulnerability contains the following attributes:
  1. name
  2. target
  3. confirmed
  4. severity (informational, low, medium, high, critical)
  5. confirmed (true, false)
  6. status (open, closed, re-opened, risk-accepted)
  7. id
  8. service__port
  9. hostname
  10. tags (use tags:qa or tags:dev )
  11. method
  12. status_code (http status code for vulnerability web)
  13. tool (ex. tool:Nessus)

Examples

The query syntax is attribute_name:search_value. For example, lets suppose you want to search for critical or high, but also confirmed:
  1. (severity:high or severity:critical) and confirmed:true
In the previous example we use parenthesis since the search allows you to nest conditions.

Another interesting query could be:
  1. (tags:qa or tags:dev) and (severity:high or severity:critical)
The previous example will search for critical or high issues in qa or dev environments.

You can also search by service port:
  1. (service__port:80) and hostname:www.test.com

    Still looking for answers? You can try opening a ticket.
      • Related Articles

      • Vulnerability Templates (KB)

        Intro Find yourself writing the same descriptions over and over again? Tired of typos coming up in your reports? Faraday provides a simple solution: unify criteria for naming vulnerabilities and save time and effort to yourself and your team. Write ...
      • Report a security vulnerability in Faraday

        If you've found a security vulnerability in Faraday, please send us an email with all relevant information about your discovery to: security@faradaysec.com To encrypt your communications or to verify signed messages you receive from us you can use ...
      • Faraday Server Releases

        New features in the latest update 3.17.0 [Aug 10th, 2021]: ADD --data parameter to faraday-manage settings MOD Process report files in a separate process MOD Make bulk_create requests asynchronous 3.16.1 [Jul 2nd, 2021]: MOD only show settings of ...
      • Faraday Manage

        Faraday Manage is a backend tool that helps us administrate Faraday's configuration. To use Faraday Manage, you can run it as follow: $ faraday-manage COMMAND If you run faraday-manage, it will list all the available commands. Available Commands ...
      • Faraday Client

        GTK To access Faraday GTK, run faraday-client in the instance where you installed your Faraday Client .deb or .rpm (or .pkg, in Mac). You will be presented with a special version of your own ZSH terminal . Just as with GTK, Faraday intercepts every ...