Skip to content

Vulns

To view a full list of yours findings you can access the Vulns view under Manage

The Vulns View provides several options including vulnerability search, filtering and management

Personalize this view by adding columms on the left side or removing columns with the x in the table

These changes will be persisted in your browser from session to session, so you only have to apply them once

There many different ways to add vulnerabilities into Faraday, create them manually, import scan reports, with sopported tools, Faraday Agents or using Faraday API

Import Scan Reports

You can upload a scan report of your favorite tool to Faraday and have a nice look at your findings through the Vulns View. You can see a list of the tools that Faraday supports by clicking on this link

In order to upload a report to Faraday, follow these instructions:

  • Click on the button that has a cloud shape
  • Click on Select File in order to select the report that you are going to upload
  • Once you have selected the report, click on Upload File and your file will be uploaded
  • Refresh the view with the top bar refresh icon

Create a Vulnerability

To create vulnerabilities manually, you can go to the Vulns View page and click the New button at the top left corner. You should see a dialog similar to this:

The image above shows the tab Hosts that allows you to select the target of your vulnerability. To specify the name and description of your vulnerability, you can click on the second tab named General

You also have another tabs in order to add more information to your vulnerability:

  • Technical Details: allows you to add the field data to your vulnerability. If you create a web vulnerability, you will have more fields available such as path, method, request, response and so on

  • Evidence: allows you to add an evidence to the vulnerability. It can be a PNG or JPG image

  • Custom Fields: allows you to add information to a field that you have created. For more information about Custom Fields, you can check its here

Make sure you select a host (and a service if the vulnerability applies to it), a name and a description. These fields are mandatory to create a vulnerability

Edit Vulnerabilities

You can edit the vulnerabilities that you have created or imported. You have multiple ways to edit them

From Vuln Preview

You can see a preview of the vulnerability by click on the vuln's name. From here you can edit your vulnerability and it will be saved automatically.

As you can see in the image above, there is a new tab named Comments where you can leave comments and mention other users to notify them about important events in real time. For more information about Comments, you can check its here

Edit Button

When you select a vulnerability with a tick, the Edit icon (next to trashcan) will be enable and also a drop-box will be displayed for more actions

If you click on the Edit icon itself, the vulnerability edit mode will open

Once you finish updating click on OK at the end

Edit Multiple Vulnerabilities

You can edit multiple vulnerabilities with just one click. Next to the edit button, you will find an arrow that will show a dropdown with the multiple values that you can edit at once or actions like, Create vulnerability templates (KB)

Delete Vulnerabilities

Select one or more vulnerabilities and click Delete icon

Grouping Vulnerabilities

To group vulnerabilities by field you can use the Group By button. After the vulns are grouped you can select them for easy batch editing.

Confirmed Vulnerabilities

You can filter your vulnerabilities by confirmed, unconfirmed or all by clicking on the All button:

Tags

Profesional & Corporate version only

Tags allow you to organize your vulnerabilities by letting you make and edit categories: environment, technology, state, language, projects, etc
You can also use Tags for Reports, allowing you to filter which vulnerablities you want to generate a report for

How to Tag Vulnerabilities

Select the vulnerabilities that you want to tag (for example those that have to do with SSL protocol)

Click on the "Tags" icon

Put a name like SSL or select from existing tags (you can use multiple tags) and click OK

Now the vulnerabiliy has tags that you can use for filtering, searching or reporting

Search and Filter Vulnerabilities

Vulns View allows you to filter vulnerabilities so you can have a better workflow
You can search or filter your data by specifying a keyword or multiple keywords

Field values are not case-sensitive

Filter by One Field

In order to perform a search by one field, follow these steps:

  1. Enter the name of the field (e.g. severity)
  2. Type a colon (:) right next to the name of the field specified above
  3. Type in the word that you want to find inside quotation marks (")

Examples:

You can also click on blue fields of the vulnerablity like Service, Hostnames, Target, Owner, etc to trigger a search on the specific field

Filter by Many Fields

In order to perform a search by many fields, you can use the logical operators and & or
To perform a search, follow the next steps:

  1. Type a search for one field
  2. Type and or or
  3. Type a search for another field

Examples:

Filter Fields

Now, let's take a look at which fields are available for filtering with an example. All of them are searched through the search field

  • name:"TCP timestamps"
  • description:"Vulnerability testing"
  • severity:"medium"
  • target_host_ip:"127.0.0.1"
  • service:"https"
  • easeofresolution:"moderate"
  • references:"cvss"
  • resolution:"Resolution for testing vuln"
  • data:"Search and filter"
  • request:"POST"
  • response:"OK"
  • method:"POST"
  • pname:"Parameter name"
  • params:"Vulnerability parameters"
  • path:"Vulnerability Path"
  • query:"name:test"
  • website:"Vulnerability website"
  • creator:"Nessus"
  • type:"vulnerability_web"
  • confirmed:"true"
  • id:"57448"

Profesional & Corporate version can also search by Tags:

From the Vulns view you will be able to find the information using the tags parameter
For example: tags:"ssl" as shown in the image below