Vulns

Vulns

The Vulns tab holds a full list of findings for your workspace. It provides several options including Vulnerability search, filtering and management.



You can personalize this view by clicking Add Column to add columns you wish to see, and remove the ones you don't need with the X's beside their names. These changes will be persisted in your browser from session to session, so you only have to apply them once.



Vulnerability Creation

To create Vulnerabilities manually, you can go to the Status Report page and click the New button at the top left corner. You should see a dialog similar to this:


The image above shows the tab Hosts that allows you to select the target of your Vulnerability. To specify the name and description of your Vulnerability, you can click on the second tab named General



You can also add more information to your Vulnerability:

  • Technical Details: allows you to add the field data to your Vulnerability. If you create a Web Vulnerability, you will have more fields available such as path, method, request, response and so on.

  • Evidence: allows you to add an evidence image to your Vulnerability. It can be a PNG or JPG image.

  • Custom Fields: allows you to add information to a field that you have created. More info on those here.

Make sure you select a Host (and a Service if the Vulnerability applies to it), a name and a description. These fields are mandatory to create a Vulnerability.



Vulnerability Edition

You can edit the Vulnerabilities that you have created. You have multiple ways to do so:

Edit vulnerability from preview

You can see a preview of your Vulnerability by clicking on its name. From here you can edit your Vulnerability and it will be saved automatically.


As you can see in the image above, there is a new tab named Comments where you can leave comments and mention other users to notify them about important events in real time. For more information about Comments, you can check this page.


Edit Vulnerability from modal

You can click on the Edit button (next to the New button) to open the edit modal:



Edit multiple Vulnerabilities at once

If you select multiple Vulnerabilities, next to the Edit button you will find an arrow that will show a drop-down menu with the multiple values that you can edit at once:




Search & Filter


You can search or filter your data by specifying a keyword or multiple keywords. In order to perform a search, type the keyword in the text field above the table. Field values are not case-sensitive.




How to filter by one field

In order to perform a search by one field, follow these steps:

  1. Enter the name of the field (e.g. severity).

  2. Type a colon (:) right next to the name of the field specified above.

  3. Type in the word that you want to find inside quotation marks (")

Examples:

  • severity:"unclassified"

  • name:"Nessus scan info"



How to filter by many fields

In order to perform a search by many fields, you can use the logical operators and & or. To perform a search, follow the next steps:

  1. Type a search for one field.

  2. Type and or or.

  3. Type a search for another field.

Examples:

  • severity:"unclassified" and target:"173.252.100.18"

  • severity:"low" or service:"ssh" or target:"173.252"



Use cases

Now, let's take a look at which fields are available for filtering with an example. All of them are searched through the search field.

  • name:"TCP timestamps"

  • description:"Vulnerability testing"

  • severity:"medium"

  • target:"127.0.0.1"

  • service:"https" (only service's name)

  • easeofresolution:"moderate"

  • references:"cvss"

  • resolution:"Resolution for testing vuln"

  • data:"Search and filter"

  • request:"POST"

  • response:"OK"

  • method:"POST"

  • pname:"Parameter name"

  • params:"Vulnerability parameters"

  • path:"Vulnerability Path"

  • query:"name:test"

  • website:"Vulnerability website"

  • creator:"Nessus"

  • type:"vulnerability_web"

  • confirmed:"true"

  • id:"57448"

To search by Tags:

  • tags:internal

Filtering Troubleshooting

If you're trying to filter or search and Faraday prompts the following error: "Expected "'", "-", ".", "/", ":", "\"", [ \t], or [a-zA-Z0-9_.-/] but "(" found.", you need to keep in mind that the filter does not accept "( )", "{ }"  or "[ ]". As a workaround, you can replace those characters for "_" in the filter field. The "_" will accept any character.
E.g: if you want to search"Vulnerability (February)", this search will fail due to the parenthesis. But if you search "Vulnerability _February_", it will succeed.


Grouping Vulnerabilities

To group vulnerabilities by field you can use the Group By button. After the vulns are grouped you can select them for easy batch editing.



Confirmed Vulnerabilities

You can filter your vulnerabilities by confirmed, unconfirmed or all by clicking on the All button:



Tag Use

Tags allow you to organize your vulnerabilities. by letting you make and edit categories: environment, technology, state, language, projects, whatever. The team can then see the tagged vulnerabilities and organize the security evaluation.

The tags are assigned to the team's workspace letting you use different tags for different projects.

How to tag vulnerabilities

Select the vulnerabilities that you want to tag (for example those that have to do with SSL protocol):


After picking one of the vulnerabilities click on the "Tags" button:


Create the tag that you want (in our case SSL) and click OK:




Exporting information in .csv

Faraday supports CSV Exporting from its Web UI.

In order to download a CSV file containing all your findings, click on the green download link next to the search bar:


If you filter findings or hide columns in the Status Report, those changes will impact the output of the CSV Export (what you see on screen is what you’ll get in your exported file).

For example, if we use the search box to filter out vulnerabilities and leave only a few columns the resulting CSV will contain the same information as the list, as you can see in the images below.









    Still looking for answers? You can try opening a ticket.
      • Related Articles

      • Build your own Report template

        Available Variables The data available to the Report template is: General Variables conclusions - contains the text loaded when creating the report date - the date when the Report was created, as the name of the month and four digits for the year ...
      • Executive Report jinja2 Template Context json

        These are examples of jinja2 static dataset usage. You can access this information from the docx template. Executive reports use jinja for rendering the report, check jinja documentation for more details. methodologies can be used from version 3.12 ...
      • Walkthrough

        Login Open your Faraday Web UI (http://localhost or https://example.faradaysec.com) and log in with your credentials. If you wish to change your password, run faraday-manage change-password Once in, this is the default view. Workspaces So, let's ...
      • Faraday Plugin

        Intro In order to manage, add, and list information stored in faraday, we created fplugin, a simple plugin that allows you to interact directly with our Python API from the command line. It gives Faraday powerful scripting features and allows you to ...
      • Hosts & Services

        How to manage Hosts To manage your Hosts you need to access Faraday's Web UI and click on the Hosts icon:   Here you can create, edit or eliminate Hosts as you wish. Creating Hosts From the Hosts window, click New and fill out the form. Editing Hosts ...