Importing information

Importing information


This article will help you to learn the different ways that Faraday has to import a report. If you want to know more about our Plugins and available tools from which to import information, check our Plugin List page.


Through the Web UI

  • Go to the Vulns tab and click on this button:

  • Click on Select File in order to select the report that you are going to upload.

  • Once you have selected the report, click on Upload File and your file will be uploaded.


Through Faraday Client

Faraday Client must be running in each case.


GTK Client

If you wish to add a report from a previous scan, you can do it from the GTK Client.

To do so, click on the Report Button and a dialog will open, from which you can select the tool that was used to generate the Report:


Once you click OK, select the file you want to import and all the data in the report will be processed and added to the active workspace, and the console will show a message when the plugin starts and ends.


Import multiple reports

To import multiple reports at once, drag-and-drop them into: /home/faraday/.faraday/report/[workspace_name]


Faraday will parse your reports and upload the information extracted from them.

If the client has problems detecting the plugin that should parse the report, you should change the report filename by adding _faraday_PLUGINNAME just before the extension. For example, if you have an Openvas plugin called myreport.xml and it isn't detected correctly, rename it to myreport_faraday_Openvas.xml.


CLI

It's possible to use Faraday in Command-Line Interface (CLI) mode, allowing you to process your reports in batch. More information about this available here.


Through the API

Assuming that our credentials are: 

      username: "faraday"

      password: "changeme"


In order to be able to login through the API, you must supply your credentials and store them in a cookie file just as the following example:


    curl -s 'https://127.0.0.1:5985/_api/login' \
        -H 'Origin: https://127.0.0.1:5985/' -H 'Accept-Encoding: gzip, deflate, br' \
        -H 'Accept-Language: en-US,en;q=0.9' \
        -H 'Content-Type: application/json' \
        -H 'Accept: application/json, text/javascript, */*; q=0.01' \
        -H 'Referer: https://127.0.0.1:5985/' -H 'X-Requested-With: XMLHttpRequest' \
        -H 'Connection: keep-alive' \
        --data-binary '{"email":"faraday","password": "changeme"}' \
        --compressed -c cookie.txt > /dev/null

Then, in order to be able to upload a report, you need the CSRF token and session’s cookies. To get session’s cookies, go to the Status Report, and take it from Request Headers section of the console. And to get the CSRF token, in the same console, go to the tab Response.

On the first --form parameter, put the path of the file that you want to upload.


    curl -X POST https://127.0.0.1:5985/_api/v3/ws/workspace_name/upload_report \
       -H 'Content-Type: multipart/form-data' \
       --cookie "session=.eJw90M2KwjAQB_BXWXL2YGu9CB6UlGJhpgSCZeZS2FpNJ2YXqkI24rtv18O-wO__8VTdeRpuTm3u02NYqG48qc1TfXyqjWK9SyyUYVsWmMrUWDei9Etsj4FaDKydw-Qj5KZo9CWSNUu2uzXktQM5XSnxyJVZgTaRrYkk-xEt5ZQfVmT3DmcfKvrhcBQUKMgeIoQysb0knjMh-QIEliyQQzJZ0-IV_kx7DWDZY1WPmNCD9Fv1Wqj-Np27-7cfvv4noNTSVCZjXSaYK2KgiLqMTTtX1H7daMpmPnLFgtpHSk7YbN_c4zZM7ztUoV6_3rRiDA.DkoypQ.q7eGzh1oof8dKnbF4q6xD_n1d6o" \
       --form "file=@PATH/TO/FILE" \
       --form "csrf_token=IjYyYzhkNWQxMzA4MTZmMTQxMTliYTA5OTg2NWYzMWRmYzQ5MWM4Y2Ui.Dko4Zw.sZ-LLdGoxaNFUaySFFQMvyLecxc" \
       --compressed

CSV Importer


The idea is to import a CSV file into Faraday's server uploading all the information into one of your workspaces.

The CSV file should have a special kind of formatting:

Fields in *bold* are mandatory

1) The names of columns (headers) must be:

  • Host fields:

    • *host_name*

    • host_description

    • host_owned


  • Services fields:

    • *service_name*

    • service_description

    • service_owned #boolean

    • *service_port*

    • service_protocol

    • service_version

    • service_status


  • Vulnerability fields:

    • *vulnerability_name*

    • *vulnerability_desc*

    • vulnerability_data

    • *vulnerability_severity*

    • vulnerability_refs

    • vulnerability_confirmed #boolean

    • vulnerability_resolution

    • vulnerability_status

    • vulnerability_policyviolations


  • Vulnerability Web fields:

    • *vulnerability_web_name*

    • *vulnerability_web_desc*

    • vulnerability_web_data

    • *vulnerability_web_severity*

    • vulnerability_web_refs

    • vulnerability_web_confirmed

    • vulnerability_web_status

    • vulnerability_web_website

    • vulnerability_web_request

    • vulnerability_web_response

    • vulnerability_web_method

    • vulnerability_web_pname

    • vulnerability_web_params

    • vulnerability_web_query

    • vulnerability_web_resolution

    • vulnerability_web_policyviolations

    • vulnerability_web_path

    • vulnerability_web_tagstags


2) The following fields have a special format you must follow:

  • Boolean (true or false):

    • host_owned

    • service_owned

    • vulnerability_confirmed

    • vulnerability_web_confirmed


  • List (values separated by comma):

    • service_port

    • vulnerability_refs

    • vulnerability_policyviolations

    • vulnerability_web_refs

    • vulnerability_web_policyviolations

    • vulnerability_web_tags

3) Possible values for Vulnerability and Vulnerability Web SEVERITY:

  • info

  • low

  • med

  • high

  • critical

4) Possible values for Vulnerability and Vulnerability Web STATUS:

  • opened

  • closed

  • re-opened

  • risk-accepted

5) Possible values for service STATUS:

  • open

  • filtered

  • close


Keep in mind the following before importing your file:

  1. Hosts must ALWAYS have an interface associated.

  2. Vulnerabilities must always have either a host OR a service associated to them.

  3. Web Vulnerabilities must always be associated with a host AND a service.

  4. Unicode chars not supported.

  5. Anything not numeric entered on service_port will be ignored.


To import your file, run this command:

$ fplugin import_csv -u http://127.0.0.1:5985/ --csv /path/to/file/file.csv -w WORSKPACE_NAME --username USERNAME --password PASSWORD

Options:

  • --csv: the name and path of your CSV.

  • -w: Faraday's workspace where all the information will go to.

  • --username: username of an Admin User.

  • --password: password of an Admin User.



    Still looking for answers? You can try opening a ticket.
      • Related Articles

      • A plugin added too much information to my database

        You can go to the Manage - Vulns tab in the Web GUI, filter the vulnerabilities by whichever parameter you'd like, select them all and then click on Delete to remove them from the database. If you know which tool brought the information you want to ...
      • Faraday is not importing my report

        First let's make sure there is a Plugin to parse it so make sure your tool is listed in our Plugin List.  Not there? Code your own or ask us to do it. You can also try to force Faraday to process a report with a certain plugin. For example, let's say ...
      • Vulnerability Templates (KB)

        Intro Find yourself writing the same descriptions over and over again? Tired of typos coming up in your reports? Faraday provides a simple solution: unify criteria for naming vulnerabilities and save time and effort to yourself and your team. Write ...
      • Import CSV using faraday_csv Plugin

        With faraday_csv Plugin, you can upload data to Faraday by using CSV files.  Main header: The main headers for faraday_csv Plugin are target or ip. Both columns contain the same information (host's IP). Without any of them, Faraday won't recognize ...
      • Faraday Client

        GTK To access Faraday GTK, run faraday-client in the instance where you installed your Faraday Client .deb or .rpm (or .pkg, in Mac). You will be presented with a special version of your own ZSH terminal . Just as with GTK, Faraday intercepts every ...