Vulnerability Templates (KB)

Vulnerability Templates (KB)


Find yourself writing the same descriptions over and over again? Tired of typos coming up in your reports? Faraday provides a simple solution: unify criteria for naming vulnerabilities and save time and effort to yourself and your team.

Write vulns once and use them forever!

Faraday Server comes with its own CWE Vulnerabilities DB for you to use. This is a simple CSV made using Open Source projects based in the CWE standard and allows you to create vulnerabilities without worrying about finding references, description, etc.

CSV -- Deprecated

Faraday ships with a CSV of the original Mitre project included in its tree in data/cwe.csv. However, we also ship two different scripts to generate CSVs for CFDB and VulnDB. These scripts will download and parse the contents of those databases.

  • CFDB Execute the following command to get a CSV for CFDB
  • VulnDb Execute the following command to get a CSV for VulnDB

Next copy this CSV file (either cfdb.csv or vulndb.csv) to /data/cwe.csv.

Sample .csv files for this feature can be downloaded here.

Upload CSV file

Go to the Web UI and click on the Vulnerability Templates icon , then click on the import icon 

A modal dialog will pop up asking you to choose a CSV file to upload, select it, click ok and you're done!

Manually Adding Templates

You can also create templates manually in the Web UI. Click on the Vulnerability Templates icon 

You will get a list of the existing templates in your installation:


Login to your Faraday Web UI and create or edit a Vulnerability. A search field will allow you to find your templates, as shown in the picture below.

You can also duplicate vulnerabilities easily by saving them as a template...

and later on importing the template.

Important: Name, Description and Resolution fields are replaced with the information stored in the templates database

    Still looking for answers? You can try opening a ticket.
      • Related Articles

      • Faraday vulnerability search

        The vulnerability search allows you to build search queries to search for vulnerabilities. screenshot of vulnerability search Understanding search For using the search you need to know the vulnerability attributes and its relationships. Vulnerability ...
      • Report a security vulnerability in Faraday

        If you've found a security vulnerability in Faraday, please send us an email with all relevant information about your discovery to: To encrypt your communications or to verify signed messages you receive from us you can use ...
      • Faraday Server Releases

        New features in the latest update 3.17.0 [Aug 10th, 2021]: ADD --data parameter to faraday-manage settings MOD Process report files in a separate process MOD Make bulk_create requests asynchronous 3.16.1 [Jul 2nd, 2021]: MOD only show settings of ...
      • Faraday Manage

        Faraday Manage is a backend tool that helps us administrate Faraday's configuration. To use Faraday Manage, you can run it as follow: $ faraday-manage COMMAND If you run faraday-manage, it will list all the available commands. Available Commands ...
      • Custom Fields

        Intro Custom Fields allow you to extend the Vulnerability's model with more fields. Custom fields type can be int, str, list, and choice. You can also use Custom Fields with your Executive Report templates. If you want to learn more about the usage ...