Skip to content

KB Vulnerability Templates

Find yourself writing the same descriptions over and over again? Tired of typos coming up in your reports? Faraday provides a simple solution: unify criteria for naming vulnerabilities and save time and effort to yourself and your team.

Write vulns once and use them forever!

Faraday Server allows you to import your own CWE Vulnerabilities DB for you to use as templates. Is a simple CSV made using Open Source projects based in the CWE standard and allows you to create vulnerabilities without worrying about finding references, description, etc.

Populate your KB

Import csv file

Download our CWE example:

Navigate into Knowledge Base tab in your Faraday Instance Web UI and click on the Add Template Button: A dropdown will appear and you have 2 options.

Adding a Template manually

Navigate into Knowledge Base tab in your Faraday Instance Web UI and click on the Add Template>Manual Creation button:

You will get a form to generate the template.

Required Fields: - name: The name of the template. - Severity: The severity level of the template.

Adding a Template with import from file

Supported Formats

The Vulnerability Template Module supports two primary formats for importing and exporting data: CSV and JSON. These formats allow users to manage vulnerability templates efficiently, enabling bulk operations and seamless integration with other tools.

CSV Format

Description

The application supports CSV (Comma-Separated Values) files for bulk importing vulnerability templates. CSV files must adhere to specific header requirements to ensure proper parsing and processing.

Use Cases

  • Bulk Import of Vulnerability Templates: Upload multiple vulnerability templates at once using a CSV file.

Requirements for CSV Files

  • Required Headers:
  • name: The name of the vulnerability template.
  • exploitation: The severity level of the vulnerability (e.g., low, medium, high).
  • Optional Headers:
  • Custom fields defined in the application (e.g., impact, policyviolations).

Example CSV File for Vulnerability Templates

(Example files in top) 

name,exploitation,impact,policyviolations
SQL Injection,high,confidentiality,policy1
XSS,medium,integrity,policy2

Adding a Template from Vuln

You can also create templates manually from a vuln. In the Web UI, select a vuln and select Create template from the dropdown menu.

You will get a list of the existing templates in your installation

Use Cases

Creating Vuln from Template

Click on new Vulnerability, on the name parameter Templates can be selected easily to select a Template form the name search.

You can also duplicate vulnerabilities easily by saving them as a template and later on importing the template.

Note

Name, Description and Resolution fields are replaced with the information stored in the templates database.