This article will help you to learn the different ways that Faraday has to import a report. If you want to know more about our Plugins and available tools from which to import information, check our Plugin List page.
Go to the Vulns tab and click on this button:
Click on Select File in order to select the report that you are going to upload.
Once you have selected the report, click on Upload File and your file will be uploaded.
If you wish to add a report from a previous scan, you can do it from the GTK Client.
To do so, click on the Report Button and a dialog will open, from which you can select the tool that was used to generate the Report:
Once you click OK, select the file you want to import and all the data in the report will be processed and added to the active workspace, and the console will show a message when the plugin starts and ends.
To import multiple reports at once, drag-and-drop them into: /home/faraday/.faraday/report/[workspace_name]
Faraday will parse your reports and upload the information extracted from them.
If the client has problems detecting the plugin that should parse the report, you should change the report filename by adding _faraday_PLUGINNAME just before the extension. For example, if you have an Openvas plugin called myreport.xml and it isn't detected correctly, rename it to myreport_faraday_Openvas.xml.
It's possible to use Faraday in Command-Line Interface (CLI) mode, allowing you to process your reports in batch. More information about this available here.
Assuming that our credentials are:
In order to be able to login through the API, you must supply your credentials and store them in a cookie file just as the following example:
curl -s\ -H -H \ -H \ -H \ -H \ -H -H \ -H \ --data-binary \ --compressed -c cookie.txt /dev/null
On the first --form parameter, put the path of the file that you want to upload.
curl -X POST https://. : /_api/v3/ws/workspace_name/upload_report \ -H 'Content-Type: multipart/form-data' \ --cookie \ --form \ --form \ --compressed
The idea is to import a CSV file into Faraday's server uploading all the information into one of your workspaces.
The CSV file should have a special kind of formatting:
Fields in *bold* are mandatory
1) The names of columns (headers) must be:
Vulnerability Web fields:
2) The following fields have a special format you must follow:
Boolean (true or false):
List (values separated by comma):
3) Possible values for Vulnerability and Vulnerability Web SEVERITY:
4) Possible values for Vulnerability and Vulnerability Web STATUS:
5) Possible values for service STATUS:
Keep in mind the following before importing your file:
Hosts must ALWAYS have an interface associated.
Vulnerabilities must always have either a host OR a service associated to them.
Web Vulnerabilities must always be associated with a host AND a service.
Unicode chars not supported.
Anything not numeric entered on service_port will be ignored.
To import your file, run this command:
--csv: the name and path of your CSV.
-w: Faraday's workspace where all the information will go to.
--username: username of an Admin User.
--password: password of an Admin User.