Importing

There are many ways to add vulnerabilities into Faraday, create them manually, import scan reports, with supported tools, Faraday Agents or using Faraday API.

Import your tool Reports¶

You can upload a scan report of your favorite tool to Faraday and have a nice look at your findings through the Vulns View. You can see a list of the tools that Faraday supports by clicking on this link

In order to upload a report to Faraday, follow these instructions:

Click on the button + Add Vulnerability.
Click on the button Import from file and a prompt will be displayed.
Click on Browse in order to select the report that you are going to upload, or just drag and drop the file into the box.
Once you have selected the report, click on Upload and your file will be uploaded.
Refresh the view with the top bar refresh icon.

Supported File formats¶

There is a variety of tools and they all have multiple export formats, to make it more simple we list the tool in order + the filetype

Name	ID	Command	Report
Acunetix XML Output Plugin	Acunetix	No	Yes
Acunetix360 Output Plugin	Acunetix360	No	Yes
Acunetix JSON Output Plugin	Acunetix_Json	No	Yes
Amap Output Plugin	Amap	Yes	No
Appscan XML Plugin	Appscan	No	Yes
Appscan CSV Output Plugin	Appscan_CSV	No	Yes
AppSpider XML Output Plugin	AppSpider	No	Yes
Arachni XML Output Plugin	Arachni	Yes	Yes
arp-scan network scanner	arp-scan	Yes	No
Bandit XML Output Plugin	Bandit	No	Yes
BeEF Online Service Plugin	Beef	Yes	No
brutexss	brutexss	Yes	No
Burp XML Output Plugin	Burp	No	Yes
Checkmarx XML Output Plugin	Checkmarx	No	Yes
CIS XML Output Plugin	CIS	No	Yes
Cobalt CSV Output Plugin	Cobalt	No	Yes
Crowdstrike JSON Output Plugin	Crowdstrike_Json	No	Yes
DiG	dig	Yes	No
Dirb	dirb	Yes	No
dirsearch	dirsearch	Yes	No
Dnsenum XML Output Plugin	Dnsenum	Yes	No
Dnsmap Output Plugin	Dnsmap	Yes	No
Dnsrecon XML Output Plugin	Dnsrecon	Yes	No
Dnswalk XML Output Plugin	Dnswalk	Yes	No
Faraday CSV Plugin	faraday_csv	No	Yes
Fierce Output Plugin	Fierce	Yes	No
Fortify XML Output Plugin	Fortify	No	Yes
Ftp	ftp	Yes	No
Goohost XML Output Plugin	Goohost	Yes	No
Grype JSON Plugin	grype	Yes	Yes
hping3	Hping3	Yes	No
Hydra XML Output Plugin	Hydra	Yes	No
Core Impact XML Output Plugin	CoreImpact	No	Yes
Invicti XML Output Plugin	Invicti	No	Yes
Ip360 CSV Output Plugin	Ip360	No	No
Junit XML Output Plugin	Junit	No	Yes
Lynis DAT Output Plugin	Lynis	Yes	Yes
Maltego MTGX & MTGL Output Plugin	Maltego	No	Yes
Microsoft Baseline Security Analyzer	MBSA	No	Yes
Medusa Output Plugin	Medusa	Yes	No
Metasploit XML Output Plugin	Metasploit	No	Yes
Naabu	naabu	Yes	Yes
ncrack XML Plugin	ncrack	No	Yes
ndiff	Ndiff	Yes	No
Nessus XML Output Plugin	Nessus	No	Yes
Nessus Sc Output Plugin	Nessus_sc	No	Yes
netdiscover	Netdiscover	Yes	No
Netsparker XML Output Plugin	Netsparker	No	Yes
NetsparkerCloud XML Output Plugin	NetsparkerCloud	No	Yes
Nexpose XML 2.0 Report Plugin	NexposeFull	No	Yes
nextnet	nextnet	Yes	No
Nikto XML Output Plugin	Nikto	Yes	Yes
Nipper XML Output Plugin	Nipper	No	Yes
Nmap XML Output Plugin	Nmap	Yes	Yes
Nuclei	nuclei	Yes	Yes
Nuclei	nuclei_legacy	Yes	Yes
OpenScap XML Output Plugin	OpenScap	No	Yes
Openvas XML Output Plugin	Openvas	No	Yes
pasteAnalyzer JSON Output Plugin	pasteAnalyzer	Yes	No
PeepingTom	peepingtom	Yes	No
Pentera Json Output Plugin	Pentera_Json	No	Yes
Ping	ping	Yes	No
Ping Castle XML Output Plugin	PingCastle	No	Yes
Popeye JSON Output Plugin	Popeye_Json	No	Yes
propecia port scanner	propecia	Yes	No
Prowler	prowler	No	Yes
Qualysguard XML Output Plugin	Qualysguard	No	Yes
QualysWebapp XML Output Plugin	QualysWebapp	No	Yes
rdpscan	rdpscan	Yes	No
Reconng XML Output Plugin	Reconng	No	Yes
Retina XML Output Plugin	Retina	No	Yes
Reverseraider XML Output Plugin	Reverseraider	Yes	No
Sarif Plugin	Sarif	No	Yes
Semgrep Json	Semgrep_JSON	No	Yes
Shodan	shodan	Yes	Yes
Skipfish Output Plugin	Skipfish	Yes	No
SonarQube API Plugin	sonarqubeAPI	No	Yes
Sourceclear	sourceclear	No	Yes
sshdefaultscan	sshdefaultscan	Yes	No
SSL Labs	ssllabs	No	Yes
Sslyze Plugin	Sslyze_XML	No	Yes
Sslyze Json	Sslyze_JSON	Yes	Yes
Syhunt XML Plugin	Syhunt	No	Yes
Telnet	Telnet	Yes	No
Terraform Plugin JSON Output Plugin	TerraformPluginJson	No	Yes
Theharvester XML Output Plugin	Theharvester	Yes	No
Traceroute	Traceroute	Yes	No
Trivy JSON Output Plugin	Trivy_Json	No	Yes
W3af XML Output Plugin	W3af	Yes	Yes
Wapiti XML Output Plugin	Wapiti	Yes	Yes
Wcscan XML Output Plugin	Wcscan	Yes	No
Webfuzzer Output Plugin	Webfuzzer	Yes	No
Webinspect	Webinspect	No	Yes
Wfuzz Plugin	Wfuzz	Yes	No
WhatWebPlugin	whatweb	No	Yes
whitesource	whitesource	No	Yes
Whois	whois	Yes	No
Windows Defender Jsonl	WindowsDefender_JSONL	No	Yes
WPscan	wpscan	Yes	Yes
Onapsis X1 XML Output Plugin	X1	Yes	Yes
xsssniper	xsssniper	Yes	No
Zap XML Output Plugin	Zap	No	Yes
Zap Json Output Plugin	Zap_Json	No	Yes

Acunetix (REPORT) (XML, JSON)
Appscan (REPORT) (XML, CSV)
AppSpider (REPORT) (XML)
Arachni (REPORT) (XML)
AWS Prowler (REPORT) (JSON)
Bandit (REPORT, XML)
Brutexss (REPORT)
Burp, BurpPro (REPORT, API) (XML)
Core Impact, Core Impact (REPORT) (XML)
Dirsearch (REPORT) (JSON)
Fierce (REPORT, CONSOLE)
Fortify (REPORT, XML)
Goohost (REPORT) (XML)
Hydra (REPORT) (XML)
Ip360 (REPORT) (CSV)
Junit (REPORT) (XML)
Lynis (REPORT) (DAT)
Maltego (REPORT) (MTGX & MTGL)
Microsoft Baseline Security Analyzer (REPORT) (LOG)
Metasploit, (REPORT) (XML)
Naabu (REPORT) (JSON)
Ncrack (REPORT)
Nessus, (REPORT) (XML .nessus)
Netsparker (REPORT) (XML)
Netsparker Cloud (REPORT)
Nexpose, Nexpose Enterprise, (REPORT) (simple XML, XML Export plugin (2.0))
Nikto (REPORT) (XML)
Nipper (REPORT)
Nmap (REPORT) (XML)
Nuclei (REPORT)
OpenScap (REPORT)
Openvas (REPORT) (XML)
Qualysguard (REPORT) (XML)
QualysWebApp (REPORT)
Recon-NG (REPORT)
Retina (REPORT) (XML)
Shodan (API)
SonarQube (REPORT)
SourceClear (REPORT)
SSL Labs (REPORT)
SSLyze (REPORT) (XML)
Sublist3r (REPORT)
W3af (REPORT) (XML)
WebInspect (REPORT)
WhatWebPlugin (REPORT)
WhiteSource (REPORT)
Xsssniper (REPORT)
X1, Onapsis (REPORT) (XML)
Zap (REPORT) (XML)