Vulnerability Templates (KB)

Vulnerability Templates (KB)


Find yourself writing the same descriptions over and over again? Tired of typos coming up in your reports? Faraday provides a simple solution: unify criteria for naming vulnerabilities and save time and effort to yourself and your team.

Write vulns once and use them forever!

Faraday Server comes with its own CWE Vulnerabilities DB for you to use. This is a simple CSV made using Open Source projects based in the CWE standard and allows you to create vulnerabilities without worrying about finding references, description, etc.

CSV -- Deprecated

Faraday ships with a CSV of the original Mitre project included in its tree in data/cwe.csv. However, we also ship two different scripts to generate CSVs for CFDB and VulnDB. These scripts will download and parse the contents of those databases.

  • CFDB Execute the following command to get a CSV for CFDB
  • VulnDb Execute the following command to get a CSV for VulnDB

Next copy this CSV file (either cfdb.csv or vulndb.csv) to /data/cwe.csv.

Sample .csv files for this feature can be downloaded here.

Upload CSV file

Go to the Web UI and click on the Vulnerability Templates icon , then click on the import icon 

A modal dialog will pop up asking you to choose a CSV file to upload, select it, click ok and you're done!

Manually Adding Templates

You can also create templates manually in the Web UI. Click on the Vulnerability Templates icon 

You will get a list of the existing templates in your installation:


Login to your Faraday Web UI and create or edit a Vulnerability. A search field will allow you to find your templates, as shown in the picture below.

You can also duplicate vulnerabilities easily by saving them as a template...

and later on importing the template.

Important: Name, Description and Resolution fields are replaced with the information stored in the templates database

    Still looking for answers? You can try opening a ticket.
      • Related Articles

      • Faraday vulnerability search

        The vulnerability search allows you to build search queries to search for vulnerabilities. screenshot of vulnerability search Understanding search For using the search you need to know the vulnerability attributes and its relationships. Vulnerability ...
      • Report a security vulnerability in Faraday

        If you've found a security vulnerability in Faraday, please send us an email with all relevant information about your discovery to: To encrypt your communications or to verify signed messages you receive from us you can use ...
      • Faraday Server Releases

        3.16.2 [Jul 2nd, 2021]:  * FIX bug where workspaces are not updatable by UI 3.16.1 [Jul 2nd, 2021]: MOD only show settings of this version in faraday-manage settings FIX update minimum version of click dependency 3.16.0 [Jun 29th, 2021]: BREAKING ...
      • Custom Fields

        Intro Custom Fields allow you to extend the Vulnerability's model with more fields. Custom fields type can be int, str, list, and choice. You can also use Custom Fields with your Executive Report templates. If you want to learn more about the usage ...
      • Using Markdown on a Report

        For using markdown on Executive Reports, please enable it on /home/faraday/.faraday/config/server.ini by adding: [executive_report] markdown = true On your templates, to render the markdown you must use the p filter, like this:  {{ p vuln.description ...