Template - Filters

UPDATED: Please head over to our new GitHub Support Site for help, examples, tips and tricks: https://github.com/AttackForge/ReportGen

Sort

You can use this filter to sort the data within a tag by a key within scope (or multiple keys).

{tag | sort:["key:<asc/desc>"]}
  • key - JSON object key available in scope.

  • asc - sort data by key in ascending order

  • desc - sort data by key in descending order

To observe the keys available within scope for sorting - use the $help procedure.

Example 1: Single-Key Sort

You can sort by a single key as follows:

{#vulnerabilities | sort:["cvssv3_base_score:asc"]}
{title} - {cvssv3_base_score}
{/}

The example above will sort all vulnerabilities by their CVSSv3 Baseline score, in ascending order.

You can also sort affected_assets by their CVSSv3 Baseline scores:

{#affected_assets | sort:["cvssv3_base_score:asc"]}
{name} - {cvssv3_base_score}
{/}

Example 2: Multi-Key Sort

You can sort by multiple keys as follows:

{#vulnerabilities | sort:["cvssv3_base_score:asc","title:desc"]}
{title} - {cvssv3_base_score}
{/}

The example above will sort all vulnerabilities first by their CVSSv3 Baseline score, in ascending order, then by the vulnerability title, in descending order.

You can also sort affected_assets by their CVSSv3 Baseline scores and asset name:

{#affected_assets | sort:["cvssv3_base_score:asc","name:asc"]}
{name} - {cvssv3_base_score}
{/}

DateFormat

You can use this filter to adjust the date for a tag to a desired format.

{tag | dateFormat:["namedFormat/mask"]}

For example:

{timestamp | dateFormat:["fullDate"]}

will return Saturday, June 9, 2007

The full list of supported options are included below for reference.

You can use either a named format (for example fullDate, shortTime) or a mask (for example h:MM:ss TT Z).

Named formats

Name
Mask
Example

default

ddd mmm dd yyyy HH:MM:ss

Sat Jun 09 2007 17:46:21

shortDate

m/d/yy

6/9/07

paddedShortDate

mm/dd/yyyy

06/09/2007

mediumDate

mmm d, yyyy

Jun 9, 2007

longDate

mmmm d, yyyy

June 9, 2007

fullDate

dddd, mmmm d, yyyy

Saturday, June 9, 2007

shortTime

h:MM TT

5:46 PM

mediumTime

h:MM:ss TT

5:46:21 PM

longTime

h:MM:ss TT Z

5:46:21 PM EST

isoDate

yyyy-mm-dd

2007-06-09

isoTime

HH:MM:ss

17:46:21

isoDateTime

yyyy-mm-dd'T'HH:MM:sso

2007-06-09T17:46:21+0700

isoUtcDateTime

UTC:yyyy-mm-dd'T'HH:MM:ss'Z'

2007-06-09T22:46:21Z

Mask options

Mask
Description

d

Day of the month as digits; no leading zero for single-digit days.

dd

Day of the month as digits; leading zero for single-digit days.

ddd

Day of the week as a three-letter abbreviation.

DDD

"Ysd", "Tdy" or "Tmw" if date lies within these three days. Else fall back to ddd.

dddd

Day of the week as its full name.

DDDD

"Yesterday", "Today" or "Tomorrow" if date lies within these three days. Else fall back to dddd.

m

Month as digits; no leading zero for single-digit months.

mm

Month as digits; leading zero for single-digit months.

mmm

Month as a three-letter abbreviation.

mmmm

Month as its full name.

yy

Year as last two digits; leading zero for years less than 10.

yyyy

Year represented by four digits.

h

Hours; no leading zero for single-digit hours (12-hour clock).

hh

Hours; leading zero for single-digit hours (12-hour clock).

H

Hours; no leading zero for single-digit hours (24-hour clock).

HH

Hours; leading zero for single-digit hours (24-hour clock).

M

Minutes; no leading zero for single-digit minutes.

MM

Minutes; leading zero for single-digit minutes.

N

ISO 8601 numeric representation of the day of the week.

o

GMT/UTC timezone offset, e.g. -0500 or +0230.

p

GMT/UTC timezone offset, e.g. -05:00 or +02:30.

s

Seconds; no leading zero for single-digit seconds.

ss

Seconds; leading zero for single-digit seconds.

S

The date's ordinal suffix (st, nd, rd, or th). Works well with d.

l

Milliseconds; gives 3 digits.

L

Milliseconds; gives 2 digits.

t

Lowercase, single-character time marker string: a or p.

tt

Lowercase, two-character time marker string: am or pm.

T

Uppercase, single-character time marker string: A or P.

TT

Uppercase, two-character time marker string: AM or PM.

W

ISO 8601 week number of the year, e.g. 4, 42

WW

ISO 8601 week number of the year, leading zero for single-digit, e.g. 04, 42

Z

US timezone abbreviation, e.g. EST or MDT. For non-US timezones, the GMT/UTC offset is returned, e.g. GMT-0500

'...', "..."

Literal character sequence. Surrounding quotes are removed.

UTC

Must be the first four characters of the mask. Converts the date from local time to UTC/GMT/Zulu time before applying the mask. The "UTC:" prefix is removed.

HasAny

You can use this filter to check whether at least one value exists in a tag. This can be used to create logic gates or sections within your reports.

This filter accepts the following parameters:

  • [REQUIRED] Values to search - List of strings i.e. ['SQL','xss']

  • [OPTIONAL] Case Insensitive search - true/false. False by default. E.g. hasAny:['SQL','xss']:true

This filter returns true or false.

The example below combines this filter with the 'Includes' filter to print a list of all CVEs found on the affected asset, along with a section heading 'Associated CVEs'. If no CVEs are found, it will print 'No CVEs Identified'.

{#vulnerabilities}
Vulnerability: {title}
{#affected_assets}
Affected Asset: {asset}
{#tags | hasAny:['CVE','cve']}Associated CVEs
{#tags}{#this | includes:['CVE','cve']}{.}
{/}{/}{/}
{^tags | hasAny:['CVE','cve']}No CVEs Identified{/}
{/}{/}

Filter

You can use this filter to select objects within a list that match a particular condition.

For example, if you wanted to filter your vulnerabilities by critical AND easily exploitable you could use the following:

{#vulnerabilities | filter:’easily_exploitable === true AND priority === “Critical”’}
{title}
{/}

Another example is filtering affected assets based on remediation status AND priority. Note this example applies the filter to the {#affected_assets} and utilises "parent" to access the priority from the vulnerability.

{#vulnerabilities}
{#affected_assets | filter:’remediation_status === "Open" AND parent.priority === “Critical”’}
{title}
{/}{/}

Another example is applying the filter against custom tags. This example assumes you have defined a custom tag with name/key "owasp_top_10" and value of "yes".

{#vulnerabilities}
{#affected_assets} 
{#assetCustomTags | filter:’owasp_top_10 === "yes"’}
{title}
{/}{/}{/}

Another example is applying the filter against custom fields. This example assumes you have defined a custom field with name/key "owasp_top_10" and value of "yes".

{#vulnerabilities}
{#affected_assets} 
{#assetCustomFields | filter:’owasp_top_10 === "yes"’}
{title}
{/}{/}{/}

Another example is applying the filter combined with functions. This example will create a new list of all OWASP Top 10 vulnerabilities that can be referenced anywhere further in the report. This example assumes you have defined a custom tag with name/key "owasp_top_10" and value of "yes".

Example of pushing into new list using parent objects:

{$declare[OWASP_Top_10_Vulns][[]]}
{#vulnerabilities}
{#affected_assets} 
{#assetCustomTags | filter:’owasp_top_10 === "yes"’}
{$push[OWASP_Top_10_Vulns][“%(parent.parent)”]}
{/}{/}{/}
...
{#$value[OWASP_Top_10_Vulns]}
{title}
{/}

Example of pushing into new list using scope:

{$declare[OWASP_Top_10_Vulns][[]]}
{#vulnerabilities}
{#affected_assets} 
{#assetCustomTags | filter:’owasp_top_10 === "yes"’}
{$push[OWASP_Top_10_Vulns][“%(../../)”]}
{/}{/}{/}
...
{#$value[OWASP_Top_10_Vulns]}
{title}
{/}

The following operators are supported when using this filter:

  • NOT or ! - used to negate an expression. For example !(priority == "Critical")

  • AND or && - used to and multiple expressions. For example priority == "Critical" AND zero_day == true

  • OR or || - used to or multiple expressions. For example priority == "Critical" OR priority == "High"

  • == - used to check for equivalency. For example priority == "Critical"

  • === - used to check for equality. For example priority === "Critical"

  • !== - used to check for not equivalency. For example priority !== "Critical"

  • > - used to check for greater-than comparison. For example likelihood_of_exploitation > 5

  • < - used to check for less-than comparison. For example likelihood_of_exploitation < 5

  • >= - used to check for greater-than-or-equals comparison. For example likelihood_of_exploitation >= 5

  • <= - used to check for less-than-or-equals comparison. For example likelihood_of_exploitation <= 5

  • ( ) - used to group statements together. For example (priority == "Critical") AND (zero_day == true) OR ((priority == "Critical") AND (likelihood_of_exploitation >= 8))

HasAll

You can use this filter to check whether all supplied values exist in a tag. This can be used to create logic gates or sections within your reports.

This filter accepts the following parameters:

  • [REQUIRED] Values to search - List of strings i.e. ['SQL','xss']

  • [OPTIONAL] Case Insensitive search - true/false. False by default. E.g. hasAny:['SQL','xss']:true

This filter returns true or false.

The example prints 'OWASP Top 10 & CWE Top 25' for all affected assets which have both tags 'OWASP Top 10' & 'CWE Top 25'. If both matching tags are not found, it will print 'Not OWASP Top 10 & CWE Top 25'.

{#vulnerabilities}
Vulnerability: {title}
{#affected_assets}
Affected Asset: {asset}
{#tags | hasAll:['OWASP Top 10','CWE Top 25']}OWASP Top 10 & CWE Top 25{/}
{^tags | hasAll:['OWASP Top 10','CWE Top 25']}Not OWASP Top 10 & CWE Top 25{/}
{/}{/}

FilterBy

You can use this filter in order to extract filtered data for vulnerabilities using various conditions.

Currently the following conditions are supported:

  • filterBy:'AffectedAssetProperties'

  • filterBy:'AffectedAssetCustomTags'

  • filterBy:'AffectedAssetCustomFields'

  • filterBy:'AffectedAssetCustomTags-CountVulns'

  • filterBy:'AffectedAssetCustomFields-CountVulns'

!IMPORTANT: CustomFields are used in the exact same way as CustomTags within this filter.

filterBy:'AffectedAssetProperties'

This filter can be used to retrieve a set of vulnerabilities where the affected assets meet certain conditions.

For example, you can return a list of vulnerabilities and their affected assets which are closed.

{#vulnerabilities | filterBy:'AffectedAssetProperties':['status:Closed']}
{priority} - {title}
{#affected_assets}
{asset}
{/}{/}

Or you can extend the filter to match multiple AND or OR conditions. For example, you can return a list of vulnerabilities and their affected assets which are either open or ready for retest.

{#vulnerabilities | filterBy:’AffectedAssetProperties’:[‘status:Open’,’status:Retest’]:’OR’}
{priority} - {title}
{#affected_assets}
{asset}
{/}{/}

This filter works with any key:value pair on affected_assets. If you are unsure which properties you can use this filter on, try using the Helper function to see which fields are available to you.

{#vulnerabilities}
{#affected_assets}
{$help["%()"]}
{/}{/}

filterBy:'AffectedAssetCustomTags'

This filter can be used to retrieve a list of vulnerabilities which have affected assets that meet conditions in their custom tags.

The following example will return a list of vulnerabilities which have affected assets that have at least one custom tag that is set to Source = External. This is useful for reporting on External Vulnerabilities in your report.

{#vulnerabilities | filterBy:'AffectedAssetCustomTags':['Source:External']}
{priority} - {title}
{#affected_assets}
{asset}
{/}{/}
  • {#vulnerabilities | filterBy:'AffectedAssetCustomTags':['Source:External']}

    • Loop through vulnerabilities.

    • Apply filterBy filter with following parameters:

      • AffectedAssetCustomTags - this instructs the filter to use this condition

      • ['Source:External'] - this instructs the filter to only return vulnerabilities and their affected assets which specifically have a custom tag which equals Source = External.

  • {priority} - {title}

    • Print priority and title of vulnerability which meets the filter.

  • {#affected_assets}

    • Loop through affected assets on the vulnerability.

  • {asset}

    • Print name of the affected asset.

This filter supports an array of custom tags when inputting conditions, as well as AND and OR operators.

For example, using an AND operator with multiple custom tag conditions:

{#criticalVulnerabilities | filterBy:'AffectedAssetCustomTags':['Source:External','OWASPTop10:True']:'AND'}
{priority} - {title}
{#affected_assets}
{asset}
{/}{/}

This will return a list of critical vulnerabilities which have affected assets that have both custom tags Source = External and OWASPTop10 = True.

You can also omit the AND operator, as this filter uses AND condition by default.

For example, using an OR operator with multiple custom tag conditions:

{#criticalVulnerabilities | filterBy:'AffectedAssetCustomTags':['Source:External','OWASPTop10:True']:'OR'}
{priority} - {title}
{#affected_assets}
{asset}
{/}{/}

This will return a list of critical vulnerabilities which have affected assets that have either custom tags Source = External or OWASPTop10 = True.

filterBy:'AffectedAssetCustomTags-CountVulns'

This filter can be used to retrieve a count of vulnerabilities which have affected assets that meet conditions in their custom tags.

The following example will return a count of vulnerabilities which have affected assets that have at least one custom tag that is set to Source = External. This is useful for reporting on total number of External Vulnerabilities in your report.

{vulnerabilities | filterBy:'AffectedAssetCustomTags-CountVulns':['Source:External']}

  • {vulnerabilities | filterBy:'AffectedAssetCustomTags-CountVulns':['Source:External']}

    • Apply filterBy filter with following parameters:

      • AffectedAssetCustomTags-CountVulns - this instructs the filter to use this condition

      • ['Source:External'] - this instructs the filter to only count vulnerabilities where their affected assets specifically have a custom tag which equals Source = External.

This filter supports an array of custom tags when inputting conditions, as well as AND and OR operators.

For example, using an AND operator with multiple custom tag conditions:

{criticalVulnerabilities | filterBy:'AffectedAssetCustomTags':['Source:External','OWASPTop10:True']:'AND'}

This will return a count of critical vulnerabilities which have affected assets that have both custom tags Source = External and OWASPTop10 = True.

You can also omit the AND operator, as this filter uses AND condition by default.

For example, using an OR operator with multiple custom tag conditions:

{criticalVulnerabilities | filterBy:'AffectedAssetCustomTags':['Source:External','OWASPTop10:True']:'OR'}

This will return a count of critical vulnerabilities which have affected assets that have either custom tags Source = External or OWASPTop10 = True.

Example - using Scope or Variables in your filter

FilterBy supports the use of Scope or Variables in your filter criteria. For example, you can search a custom field without knowing the exact criteria you are search for.

The example below will loop over every 'Testing Phase' in the project custom fields, then filter the vulnerabilities by each testing phase, then print the 'Testing Phase' and it's vulnerabilities at the end. This is ideal if you have multi-phase projects and you want to print a section which has vulnerabilities for each phase.

{$declare[TestingPhaseVulns][<Dictionary>]}
{#projectCustomFields}
{#testing_phases}
{$declare[CurrentPhase][“%(./)”]}
{$declare[TestingPhaseVulns[“$(CurrentPhase)”]][[]]}
{#vulnerabilities | filterBy:“AffectedAssetCustomFields”:[“testing_phase:$(CurrentPhase)”]}
{$push[TestingPhaseVulns[“$(CurrentPhase)”]][“%(./)”]}
{/}{/}{/}
{#$keys[TestingPhaseVulns]}
Vulnerabilities for Testing Phase: {this[0]}
{#this[1]}
Vulnerability Title: {title}
{/}{/}

Includes

You can check to see if a tag contains a specified value, or array of values, and continue if true/exists.

{#vulnerabilities}
{#title | includes:['SQL Injection','Cross Site Scripting']}
{priority} - {title}
{/}{/}
  • {#vulnerabilities}

    • Loop through vulnerabilities.

  • {#title | includes:['SQL Injection','Cross Site Scripting']}

    • Check to see if the title of the vulnerability contains the values "SQL Injection" or "Cross Site Scripting", and if so proceed. Otherwise stop. This filter also includes partial matches e.g. "Blind SQL Injection" would also return true.

  • {priority} - {title}

    • Print priority and title of vulnerability assuming that it includes or partially includes

      "SQL Injection" or "Cross Site Scripting" in the title.

You can also use this filter on string arrays (lists) - for example if you want to only show CVE tags for a vulnerability you can use the following:

{#vulnerabilities}
{title}
{#tags}{#this | includes:['CVE','cve']}CVE: {.}
{/}{/}
{/}

The template above will print the title of each vulnerability, and loop through each vulnerability checking if the tag contains 'CVE' or 'cve' anywhere within the tag, and if so, it will print it.

Includes also supports Scope and Variables.

Scope Example:

{#projectCustomFields}
{#customer_name}
{#projectGroups}
{#name | includes:[“%(../customer_name)”]}
Customer {customer_name} has access to this project.
{/}{/}{/}{/}

Variables Example:

{$declare[CustomerName][“”]}
{#projectCustomFields}
{#customer_name}
{$assign[CustomerName][“%(customer_name)”]}
{/}{/}

{#projectGroups}
{#name | includes:[“$(CustomerName)”]}
Customer {$value[CustomerName]} has access to this project.
{/}{/}

Excludes

You can check to see if a tag does not contain a specified value, or array of values, and continue if true/doesn't exist.

{#vulnerabilities}
{#title | excludes:['SQL Injection','Cross Site Scripting']}
{priority} - {title}
{/}{/}
  • {#vulnerabilities}

    • Loop through vulnerabilities.

  • {#title | excludes:['SQL Injection','Cross Site Scripting']}

    • Check to see if the title of the vulnerability does not contain the values "SQL Injection" or "Cross Site Scripting", and if so proceed. Otherwise stop. This filter also includes partial matches e.g. "Blind SQL Injection" would also return true.

  • {priority} - {title}

    • Print priority and title of vulnerability assuming that it does not include or partially include

      "SQL Injection" or "Cross Site Scripting" in the title.

Excludes also supports Scope and Variables.

Replace

You can use the replace filter to replace data.

For example, say you had some assets that looked like this:

https://application.com

And you wanted to remove the https:// part so it appears as follows:

application.com

You could do the following:

{#vulnerabilities}
{#affected_assets}
{asset | replace:[“https://”,“”]}
{/}{/}

ReplaceRegExp

You can use the replace filter with a regular expression to replace data.

For example, say you had some assets that looked like this:

https://application.com?query=1

And you wanted to remove the ?query=1 part so it appears as follows:

https://application.com

You could do the following:

{#vulnerabilities}
{#affected_assets}
{asset | replaceRegExp:[“[?].*”,“”]}
{/}{/}

Resize

You can use the resize filter to resize images. It works by setting a fixed width in pixels for which each image will be upscaled or downscaled to match. The height will be automatically adjusted to match the same ratio.

Example resizing images in Steps to Reproduce (Proof of Concept) to 300 pixels wide:

{#vulnerabilities}
{#affected_assets}
{@proof_of_concept_styled | resize:[“300”]}
{/}{/}

Split

You can use the split function to split data based on a separator - and return a list of items.

For example, assuming you have tags in this format:

<LHS>:<RHS>

And you only want to show the right-hand-side (RHS), you could do the following:

{#vulnerabilities}
{#tags}
{$declare[tagSplitCounter][0]}
{#this | split:[“:”]}
{#$greaterThan[tagSplitCounter][0]}{.}{/}
{#$equals[tagSplitCounter][0]}{$increment[tagSplitCounter][1]}{/}
{/}{/}{/}

This example makes use of the split filter as well as functions. Functions are used as a way to instruct the logic to skip over the first iteration of the loop (LHS) and then print everything after that <RHS>.

SplitRegExp

You can use the splitRegExp function to split data based on a Regular Expression separator - and return a list of items.

For example, if you wanted to only display the 1st paragraph of the vulnerability description, you could do the following:

{#vulnerabilities}
{title}
{$declare[SplitDecriptionOnParagraph][1]}
{#description | splitRegExp:[“\n\n“]}
{#$lessThanOrEqual[SplitDecriptionOnParagraph][1]}{.}{/}{$increment[SplitDecriptionOnParagraph][1]}
{/}{/}

This example works as follows:

  • Loop through every vulnerability

    • Print the title of the vulnerability

    • Define a variable "SplitDecriptionOnParagraph" which determines how many paragraphs to print, e.g. 1 (only first paragraph)

    • Split description on double-newline ‘\n\n’ which indicates new paragraph. This creates a list/array of paragraphs.

    • Loop through each paragraph

      • If variable is less than or equal to the amount of paragraphs we want to keep (e.g. 1) – print it.

      • For each iteration of the loop, increment the variable counter

Index

You can use this filter to access an item in an array using its index number.

For example, if you needed to access the first vulnerability in a list - you can do the following:

{#vulnerabilities | index:["0"]}
{title}
{/}

You can use this filter to search for a value in a string, and return the results (substring) if found.

For example, if you had asset names which looked like the following:

  • https://application.com/route/api/1

  • http://application.com/route/api/2

And you wanted to only return the following:

  • /route/api/1

  • /route/api/2

You can do the following:

{#vulnerabilities}
{#affected_assets}
{asset | replace:["https://",""] | replace:["http://",""] | search:["/"]}
{/}{/}

The example above works by first removing the https:// and http:// part of the asset, then searching for the first forward slash character, then returning the remaining data if found.

Store

You can store custom data in arbitrarily defined tags using this filter.

For example we can create a new custom tag called 'AllVulns' and reference it, along with its data, later in the template as follows:

{#vulnerabilities}{#title | store:’AllVulns’:this}{/}{/}
{#$storedAllVulns}
{priority} {title}
{/}
  • {#vulnerabilities}{#title | store:’AllVulns’:this}{/}{/}

    • Loop through vulnerabilities.

    • Define a new custom tag called 'AllVulns'

    • Store the value of this in the new custom tag. In the context of {#vulnerabilities} - this will be equal to the vulnerability

  • {#$storedAllVulns}

    • Loop through the new custom tag we created above called AllVulns

    • You must include #$stored prefix in order to use this new custom tag

  • {priority} {title}

    • Print priority & title of vulnerability.

A more complex example includes how to create a custom tag that will hold all of the Critical Web Application vulnerabilities found on the project. This includes using ReportGen custom tags for affected_assets:

{#vulnerabilities}

{#priority == “Critical”}

{#affected_assets}

{#assetCustomTags}

{#Source == “Web”}

{#title | store:’CriticalWebVulns’:this:’affected_assets’:’assetCustomTags’:[‘Source:Web’]}



{/}
{/}
{/}
{/}
{/}
{/}
{#$storedCriticalWebVulns}
{priority} {title}
{/}

  • {#vulnerabilities}

    • Loop through vulnerabilities.

  • {#priority == “Critical”}

    • Check if vulnerability priority is equal to Critical, then proceed

    • This check is used to ascertain the vulnerability is a Critical vulnerability

  • {#affected_assets}

    • Loop through affected assets on the vulnerability

  • {#assetCustomTags}

    • Loop through custom ReportGen tags on the affected asset

  • {#Source == "Web"}

    • Check if custom ReportGen tag has key/name "Source" and a value "Web"

    • This check is used to ascertain the vulnerability is a Web Application vulnerability

  • {#title | store:’CriticalWebVulns’:this:’affected_assets’:’assetCustomTags’:[‘Source:Web’]}

    • Define a new custom tag called 'CriticalWebVulns'

    • Store the value of this which in this case is the vulnerability itself

    • Check if any of the custom affected asset tags contain any of the key/value pairs supplied, in this case ‘Source:Web’ – note this is an array, you can add more values, it is an OR operator

  • {/} {/} {/} {/} {/} {/}

    • Close all of the open loops (see above)

  • {#$storedCriticalWebVulns}

    • Loop through the new custom tag we created above called CriticalWebVulns. This custom tag now contains Critical vulnerabilities which have affected assets which have custom tags indicating they are web application vulnerabilities

    • You must include #$stored prefix in order to use this new custom tag

  • {priority} {title}

    • Print priority & title of vulnerability.

Find

You can search a tag which contains an array of objects to return an object which meets a specific condition

{#vulnerabilities | find:"title":"Missing X-XSS-Protection Header"}
{title}
{/}
  • {#vulnerabilities | find:"title":"Missing X-XSS-Protection Header"}

    • Loop through vulnerabilities and search each one until it finds a vulnerability with a title equal to Missing X-XSS-Protection Header, then return the vulnerability.

  • {title}

    • Print title of vulnerability, in this case it would be "Missing X-XSS-Protection Header" as that is the vulnerability which was returned from the list of vulnerabilities.

FindVulns

You can use this filter to find a vulnerability based on a Title & Priority.

For example, if you wanted to create a report which shows all Assets on the project, and their Vulnerabilities (Asset to Vulnerability table or mapping) - you can achieve that using this filter. Note this requires using the store filter in combination with findVulns filter as follows:

{#vulnerabilities}{#title | store:’allVulns’:this}{/}{/}
{#assetVulnerabilityMapping}
{asset}
{#vulnerabilities}
{priority} - {status} - {vulnerability}
{#vulnerabilities | findVuln:’allVulns’:this.vulnerability:this.priority}
{description}

{attack_scenario}

{remediation_recommendation}


{/}{/}{/}
  • {#vulnerabilities}{#title | store:’allVulns’:this}{/}{/}

    • Loop through vulnerabilities.

    • Define a new custom tag called 'allVulns'

    • Store the value of this which in this case is the vulnerability itself

  • {#assetVulnerabilityMapping}

    • Loop through Asset-to-Vulnerability mapping

  • {asset}

    • Print the name of the asset

  • {#vulnerabilities}

    • Loop through vulnerabilities linked to the Asset

    • NOTE: This is different to {#vulnerabilities} referenced at line 1 above.

  • {priority} - {status} - {vulnerability}

    • Print the priority, remediation status & name of the vulnerability

  • {#vulnerabilities | findVuln:’allVulns’:this.vulnerability:this.priority}

    • Find the vulnerability (from list of all project vulnerabilities) where it matches the name/title & priority of the current vulnerability linked to the asset

  • {description}

    • Print the description of the vulnerability linked to the asset

  • {attack_scenario}

    • Print the attack scenario of the vulnerability linked to the asset

  • {remediation_recommendation}

    • Print the remediation recommendation of the vulnerability linked to the asset

Unique

You can use a 'unique' filter to check if a value has already been printed in the report, and if so, it will skip printing it again.

{#vulnerabilities}
{#priority == “Critical”}
{#affected_assets}
{#assetCustomTags}
{#Source == “Internal”}
{#title | unique:'InternalVulnsTable'}
{title}
{/}{/}{/}{/}{/}{/}
  • {#vulnerabilities}

    • Loop through vulnerabilities.

  • {#priority == “Critical”}

    • Select vulnerabilities which have a priority of ‘Critical’.

  • {#affected_assets}

    • Loop through Affected Assets for each Critical vulnerability.

  • {#assetCustomTags}

    • Loop through Custom Tags for each Affected Asset for each Critical vulnerability.

  • {#Source == “Internal”}

    • Check to see whether a Custom Tag ‘Source’ exists, and if so check to see if it’s value is “Internal”.

  • {#title | unique:'InternalVulnsTable'}

    • This is a condition against the ‘title’ field for a vulnerability

    • This condition will check to see whether the value is unique (i.e. it hasn’t already been used/printed). This is useful to prevent printing duplicate values when looping through affected assets, for example vulnerability title.

    • This function works by taking 2 arguments – Key & Value. In the example above, Key = {title} e.g. Blind SQL Injection; and Value = ‘InternalVulnsTable’

    • This function will check to see if the Key/Value pair has already been printed in the report, and if so, it will skip printing it again – for example to avoid duplicating printing of vulnerability title for each affected asset in a table containing list of Internal Vulnerabilities.

  • {title}

    • Print title of vulnerability.

Count

You can use a 'count' filter to set an arbitrary counter for a condition, then reference that counter later on.

{#vulnerabilities}
{#priority == “Critical”}
{#affected_assets}
{#assetCustomTags}
{#Source == “Internal”}
{#title | unique:'InternalVulnsTable' | count:'InternalVulnsTableCritical'}
{title}
{/}{/}{/}{/}{/}{/}
{#$countInternalVulnsTableCritical}
{$countInternalVulnsTableCritical}
{/}
  • {#vulnerabilities}

    • Loop through vulnerabilities.

  • {#priority == “Critical”}

    • Select vulnerabilities which have a priority of ‘Critical’.

  • {#affected_assets}

    • Loop through Affected Assets for each Critical vulnerability.

  • {#assetCustomTags}

    • Loop through Custom Tags for each Affected Asset for each Critical vulnerability.

  • {#Source == “Internal”}

    • Check to see whether a Custom Tag ‘Source’ exists, and if so check to see if it’s value is “Internal”.

  • {#title | unique:'InternalVulnsTable' | count:'InternalVulnsTableCritical'}

    • We are chaining together the 'unique' filter with the 'count' filter against the ‘title’ field for a vulnerability

    • For details on how the 'unique' filter works - see above.

    • Count filter works by taking 2 arguments – Key & Value. In the example above, Key = {title} e.g. Blind SQL Injection; and Value = ‘InternalVulnsTableCritical’

    • This function will count the number of times it is executed and store the result in a tag called $countVALUE where VALUE = ‘InternalVulnsTableCritical’

    • Because we are chaining this filter with another filter - in this case the 'unique' filter - the unique filter condition must be met first before this function executes and counter is incremented.

    • For example, if the dataset had 3 unique Critical vulnerabilities - $countInternalVulnsTableCritical will be equal to 3.

  • {title}

    • Print title of vulnerability.

  • {#$countInternalVulnsTableCritical}

    • Access the new dynamic tag '$countInternalVulnsTableCritical' created when we ran count:'InternalVulnsTableCritical'

  • {$countInternalVulnsTableCritical}

    • Print the value of the counter for 'InternalVulnsTableCritical'

IsArray

You can check if a value is an array:

{tags | isArray}

IsBoolean

You can check if a value is a boolean:

{easily_exploitable | isBoolean}

IsInteger

You can check if a value is an integer:

{totalVulns | isInteger}

IsString

You can check if a value is a string:

{projectName | isString}

Trim

You can trim the whitespace before and after a tag using the following filter:

{#title | trim}

Float

You can convert a number to a floating point number. Decimal number e.g. '2' is optional and defaults to 2 if no option is provided. If the conversion doesn’t work it will return 0.0.

{#cvssv3_base_score | toFloat:'2'}

Integer

You can convert a number to an integer. If the conversion doesn’t work it will return 0.

{#cvssv3_base_score | integer}

Round

You can round a number to the nearest integer.

{#cvssv3_base_score | round}

RoundUp

You can round a number up to the nearest integer.

{#cvssv3_base_score | roundUp}

RoundDown

You can round a number down to the nearest integer.

{#cvssv3_base_score | roundDown}

Capitalize

You can capitalize the tag. The first character will be uppercase, all others lowercase.

{#title | capitalize}

Titlecase

You can titlecase the tag. Words will start with uppercase letters, all remaining characters are lowercase.

{#title | toTitleCase}

Uppercase

You can uppercase a tag:

{#title | toUpperCase}

Lowercase

You can lowercase a tag:

{#title | toLowerCase}

Last updated

Check YouTube for more tutorials: https://youtube.com/@attackforge