The Executive Report feature lets you create (as the name implies) reports using the results obtained in each workspace. When an Executive Report is created, all the data from the Status Report is automatically processed and placed in a Word compatible document or PDF that can then be downloaded from Faraday
Managing Executive Reports¶
To manage your reports you need to access Faraday's Web UI and go to the report icon on the left panel and hit on Create New Report.
All the reports will be listed, including their information, status and link to download.
Making a report¶
To create a new report, click on New. A form will open asking for the following fields:
Title - this is the name that will be used to create the cover of the report.
Client Name - Client name to be used inside the report.
Template - select the template to use as a base for your report. Depending on the selected dataset the options will change.
To edit a report, select it and click on the Edit button. A modal will appear allowing you to modify all the report fields. Save it and a brand new report will be generated, keeping the original version intact.
If, instead, you want a new report that is exactly like an existing one but with the current data of your workspace, you can click on the Regenerate button in the reports list. Reports can only be regenerated one at a time, so the regeneration buttons are disabled while this action is being performed.
Executive and Technical details tabs¶
The following are a sort of placeholder fields for information that's commonly added to most reports. They are text fields and can be used for any relevant information, not just for what they're named after:
Faraday processes all the information and spits out a shiny new report that is automatically available for download.
If you need a custom report that includes only some findings in the workspace, you can also use the filters to bring those specific vulnerabilities.
These filters can be mixed to create different outcomes.
Deleting a Report¶
From the Executive Report window, select the document and click on Delete.
We use Jinja2 to create Report Templates. Check this Article to get more information!
Faraday provides two different datasets to create Executive Reports - generic and grouped.
The generic dataset provides one entry for each individual vulnerability with all of its fields readily available as a dictionary. The field parent contains an ID corresponding to the Vulnerability's parent (either a Host or a Service).
The grouped dataset groups vulnerabilities by name and description. If two or more vulnerabilities share the same name and description, they will be presented as one. The field parent contains a Python Dictionary-style object with the parent IDs as keys and a Python Dictionary-style object containing evidence_subdoc, data and target as values. Tags and references will be merged for vulnerabilities that are grouped and not separated by parent.
Faraday has the ability to use a custom report, to do so, in the create reports section, there is a selector for a template. For a uploading the report as admin user click on "custom" and "upload template".
Select the file from your local and hit on open. A report will be generated with sample data to check on the report. Then select the report from the custom report view.
Keep in mind that each template should be designed for a specific dataset and that these are not interchangeable. The default templates that come with your instance are located at