# GetProjectReportData ## Parameters The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as *mandatory*. ### Headers ``` POST /api/ss/project/:id/report/:type HTTP/1.1 Host: demo.attackforge.com X-SSAPI-KEY: APIKey Content-Type: application/json Connection: close ``` ### Query #### **id (*****string*****)** Identifier for the project. Example: ``` GET /api/ss/project/5e48c12ec0376309d73aad71/report/:type HTTP/1.1 ``` #### **type (*****string*****)** Type of report. This must be one of the following: *raw, csv* Example: ``` GET /api/ss/project/:id/report/raw HTTP/1.1 ``` #### **excludeBinaries (*****boolean*****)** Exclude binaries from the response object. Only applies to type *raw*. Example: ``` GET /api/ss/project/:id/report/raw?excludeBinaries=true HTTP/1.1 ``` **vulnerabilityIds (string array) (optional)** Ids for the vulnerabilities to scope the report to. Example: ``` { "vulnerabilityIds": [ "6639508f50523053f459d29f" ] } ``` **asset\_cf\_key\_allowlist (string) (optional)** List of Asset custom field keys to include in response. Add multiple for more than one key e.g. `?asset_cf_key_allowlist=key1&asset_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?asset_cf_key_allowlist=` Example: ``` GET /api/ss/project/:id/report/raw?asset_cf_key_allowlist=key1&asset_cf_key_allowlist=key2 HTTP/1.1 ``` **asset\_cf\_key\_blocklist (string) (optional)** List of Asset custom field keys to exclude from response. Add multiple for more than one key e.g. `?asset_cf_key_blocklist=key1&asset_cf_key_blocklist=key2` Example: ``` GET /api/ss/project/:id/report/raw?asset_cf_key_blocklist=key1&asset_cf_key_blocklist=key2 HTTP/1.1 ``` **project\_cf\_key\_allowlist (string) (optional)** List of Project custom field keys to include in response. Add multiple for more than one key e.g. `?project_cf_key_allowlist=key1&project_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?project_cf_key_allowlist=` Example: ``` GET /api/ss/project/:id/report/raw?project_cf_key_allowlist=key1&project_cf_key_allowlist=key2 HTTP/1.1 ``` **project\_cf\_key\_blocklist (string) (optional)** List of Project custom field keys to exclude from response. Add multiple for more than one key e.g. `?project_cf_key_blocklist=key1&project_cf_key_blocklist=key2` Example: ``` GET /api/ss/project/:id/report/raw?project_cf_key_blocklist=key1&project_cf_key_blocklist=key2 HTTP/1.1 ``` **project\_reporting\_cf\_key\_allowlist (string) (optional)** List of Project Reporting custom field keys to include in response. Add multiple for more than one key e.g. `?project_reporting_cf_key_allowlist=key1&project_reporting_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?project_reporting_cf_key_allowlist=` Example: ``` GET /api/ss/project/:id/report/raw?project_reporting_cf_key_allowlist=key1&project_reporting_cf_key_allowlist=key2 HTTP/1.1 ``` **project\_reporting\_cf\_key\_blocklist (string) (optional)** List of Project Reporting custom field keys to exclude from response. Add multiple for more than one key e.g. `?project_reporting_cf_key_blocklist=key1&project_reporting_cf_key_blocklist=key2` Example: ``` GET /api/ss/project/:id/report/raw?project_reporting_cf_key_blocklist=key1&project_reporting_cf_key_blocklist=key2 HTTP/1.1 ``` **project\_summary\_cf\_key\_allowlist (string) (optional)** List of Project Summary custom field keys to include in response. Add multiple for more than one key e.g. `?project_summary_cf_key_allowlist=key1&project_summary_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?project_summary_cf_key_allowlist=` Example: ``` GET /api/ss/project/:id/report/raw?project_summary_cf_key_allowlist=key1&project_summary_cf_key_allowlist=key2 HTTP/1.1 ``` **project\_summary\_cf\_key\_blocklist (string) (optional)** List of Project Summary custom field keys to exclude from response. Add multiple for more than one key e.g. `?project_summary_cf_key_blocklist=key1&project_summary_cf_key_blocklist=key2` Example: ``` GET /api/ss/project/:id/report/raw?project_summary_cf_key_blocklist=key1&project_summary_cf_key_blocklist=key2 HTTP/1.1 ``` **vulnerability\_cf\_key\_allowlist (string) (optional)** List of Vulnerability custom field keys to include in response. Add multiple for more than one key e.g. `?vulnerability_cf_key_allowlist=key1&vulnerability_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?vulnerability_cf_key_allowlist=` Example: ``` GET /api/ss/project/:id/report/raw?vulnerability_cf_key_allowlist=key1&vulnerability_cf_key_allowlist=key2 HTTP/1.1 ``` **vulnerability\_cf\_key\_blocklist (string) (optional)** List of Vulnerability custom field keys to exclude from response. Add multiple for more than one key e.g. `?vulnerability_cf_key_blocklist=key1&vulnerability_cf_key_blocklist=key2` Example: ``` GET /api/ss/project/:id/report/raw?vulnerability_cf_key_blocklist=key1&vulnerability_cf_key_blocklist=key2 HTTP/1.1 ``` **writeup\_cf\_key\_allowlist (string) (optional)** List of Writeup custom field keys to include in response. Add multiple for more than one key e.g. `?writeup_cf_key_allowlist=key1&writeup_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?writeup_cf_key_allowlist=` Example: ``` GET /api/ss/project/:id/report/raw?writeup_cf_key_allowlist=key1&writeup_cf_key_allowlist=key2 HTTP/1.1 ``` **writeup\_cf\_key\_blocklist (string) (optional)** List of Writeup custom field keys to exclude from response. Add multiple for more than one key e.g. `?writeup_cf_key_blocklist=key1&writeup_cf_key_blocklist=key2` Example: ``` GET /api/ss/project/:id/report/raw?writeup_cf_key_blocklist=key1&writeup_cf_key_blocklist=key2 HTTP/1.1 ``` **group\_cf\_key\_allowlist (string) (optional)** List of Group custom field keys to include in response. Add multiple for more than one key e.g. `?group_cf_key_allowlist=key1&group_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?group_cf_key_allowlist=` Example: ``` GET /api/ss/project/:id/report/raw?group_cf_key_allowlist=key1&group_cf_key_allowlist=key2 HTTP/1.1 ``` **group\_cf\_key\_blocklist (string) (optional)** List of Group custom field keys to exclude from response. Add multiple for more than one key e.g. `?group_cf_key_blocklist=key1&group_cf_key_blocklist=key2` Example: ``` GET /api/ss/project/:id/report/raw?group_cf_key_blocklist=key1&group_cf_key_blocklist=key2 HTTP/1.1 ``` **project\_testcase\_cf\_key\_allowlist (string) (optional)** List of Project Test Case custom field keys to include in response. Add multiple for more than one key e.g. `?project_testcase_cf_key_allowlist=key1&project_testcase_cf_key_allowlist=key2` or specify no keys to exclude all fields e.g. `?project_testcase_cf_key_allowlist=` Example: ``` GET /api/ss/project/:id/report/raw?project_testcase_cf_key_allowlist=key1&project_testcase_cf_key_allowlist=key2 HTTP/1.1 ``` **project\_testcase\_cf\_key\_blocklist (string) (optional)** List of Project Test Case custom field keys to exclude from response. Add multiple for more than one key e.g. `?project_testcase_cf_key_blocklist=key1&project_testcase_cf_key_blocklist=key2` Example: ``` GET /api/ss/project/:id/report/raw?project_testcase_cf_key_blocklist=key1&project_testcase_cf_key_blocklist=key2 HTTP/1.1 ``` ## Example The following example is a cURL request to get a raw report by the project id. ### Request Include API Token instead of stars in 'X-SSAPI-KEY: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*' parameter. ``` curl -X POST 'https://localhost:3000/api/ss/project/5eab99471e18050942c7607a/report/raw' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{ "vulnerabilityIds": [ "6639508f50523053f459d29f" ] }' ``` ### Response Response contains a body. For RAW reports, the body is in JSON format. ``` { "timestamp": "2021-11-08T05:05:25.825Z", "project": { "name": "Bat Portal Pentest", "code": "PROJECT XYZ", "created": "2021-11-08T05:05:25.825Z", "groups": [ { "name": "Wayne Technologies" } ] }, "projectCustomTags": [ { "ClientName": "Wayne Technologies" } ], "projectCustomFields": [ { "customer_size": "5000+ Employees" }, { "compliance_requirements": [ "PCI DSS", "HIPAA" ] } ], "executive_summary": { "total_unique_vulnerabilities": 28, "total_critical_vulnerabilities": 1, "total_high_vulnerabilities": 7, "total_medium_vulnerabilities": 6, "total_low_vulnerabilities": 11, "total_informational_vulnerabilities": 3, "total_testcases": 142, "total_completed_testcases": 11, "total_not_tested_testcases": 125, "total_in_progress_testcases": 4, "total_not_applicable_testcases": 2, "total_zero_day_vulnerabilities": 1, "total_easily_exploitable_vulnerabilities": 12, "notes": "AttackForge was engaged by...", "files": [ { "fileName": "screenshot.png", "fileType": "image/png", "fileSizeKB": "8064", "fileBase64": "data:image/png;base64,iVBORw0..." } ] }, "testing_summary": { "start_date": "Mon Jun 14 2021", "progress": "9%", "end_date": "Wed Jun 23 2021", "total_assets_with_vulnerabilities": 28, "total_assets_with_vulnerabilities_not_fixed": 11, "total_assets_with_vulnerabilities_fixed": 13, "total_assets_with_vulnerabilities_retesting": 3, "assets": [ "batportal.attackforge.com", "192.168.0.1" ], "assets_details": [ { "id": "620f1707c66ef8821d35ee1d", "name": "13.56.222.64", "library_id": "60b3439187c9a3002f60c6f8", "library_created": "2021-05-30T07:49:37.207Z", "library_updated": "2022-02-22T02:07:17.730Z", "library_name": "13.56.222.64", "type": "API", "external_id": "EXT ID", "details": "DETAILS", "assetCustomFields": [ { "test": "CUSTOM FIELD" } ] } ], "project_team": [ "Batman - Client", "Lucius Fox - Project Manager", "Robin - Pentest Lead" ], "retesting_history": [ { "created": "2021-11-08T05:05:25.825Z", "retesting_round": 1, "retesting_round_status": "Completed", "retesting_round_actioned_by": "Robin", "retesting_custom_round_name": "Retest Round 1", "retesting_custom_status_name": "Completed Retest for Bat Portal", "vulnerabilities": [ { "vulnerability": "Session Fixation", "vulnerability_id": "5bdd2508128aa82e0040a814" }, { "vulnerability": "Strict Transport Security Policy Not Enforced", "vulnerability_id": "5bdd276b128aa82e0040a832" } ], "vulnerabilitiesNotTested": [ { "vulnerability": "Inconsistent Access Control", "vulnerability_id": "5bdd22ec128aa82e0040a7fc" }, { "vulnerability": "Persistent Cross Site Scripting", "vulnerability_id": "5bdd232c128aa82e0040a7ff" }, { "vulnerability": "Cookie With Secure Flag Missing", "vulnerability_id": "5bdd2659128aa82e0040a826" }, { "vulnerability": "Cookie Without HTTPOnly Flag Set", "vulnerability_id": "5bdd268c128aa82e0040a829" } ] }, { "created": "2021-11-08T05:05:25.825Z", "retesting_round": 1, "retesting_round_status": "Requested", "retesting_round_actioned_by": "Robin", "retesting_custom_round_name": "Retest Round 1", "retesting_custom_status_name": "Requested Retest for Bat Portal", "vulnerabilities": [ { "vulnerability": "Inconsistent Access Control", "vulnerability_id": "5bdd22ec128aa82e0040a7fc" }, { "vulnerability": "Persistent Cross Site Scripting", "vulnerability_id": "5bdd232c128aa82e0040a7ff" }, { "vulnerability": "Session Fixation", "vulnerability_id": "5bdd2508128aa82e0040a814" }, { "vulnerability": "Cookie With Secure Flag Missing", "vulnerability_id": "5bdd2659128aa82e0040a826" }, { "vulnerability": "Cookie Without HTTPOnly Flag Set", "vulnerability_id": "5bdd268c128aa82e0040a829" }, { "vulnerability": "Strict Transport Security Policy Not Enforced", "vulnerability_id": "5bdd276b128aa82e0040a832" } ], "vulnerabilitiesNotTested": [] } ], "project_notes": [ { "created": "2020-06-18T22:48:42.937Z", "modified": "2020-06-18T22:50:33.990Z", "note": "Pentester was sick.", "note_raw": "...HTML...", "created_by": "Robin" } ] }, "vulnerabilities_summary": { "totalCriticalVulnerabilitiesAllAssets": 1, "totalHighVulnerabilitiesAllAssets": 7, "totalMediumVulnerabilitiesAllAssets": 6, "totalLowVulnerabilitiesAllAssets": 11, "totalInfoVulnerabilitiesAllAssets": 3, "critical": [ { "title": "Unrestricted Upload of File with Dangerous Type", "retest_status": "Fixed", "total_affected_assets": 1, "total_affected_assets_fixed": 1, "total_affected_assets_retesting": 0, "total_affected_assets_not_fixed": 0 } ], "high": [ { "title": "Inconsistent Access Control", "retest_status": "Fixed", "total_affected_assets": 1, "total_affected_assets_fixed": 1, "total_affected_assets_retesting": 0, "total_affected_assets_not_fixed": 0 } ], "medium": [ { "title": "Reflected Cross Site Scripting", "retest_status": "Fixed", "total_affected_assets": 1, "total_affected_assets_fixed": 1, "total_affected_assets_retesting": 0, "total_affected_assets_not_fixed": 0 } ], "low": [ { "title": "Server Discloses Supporting Technology", "retest_status": "Fixed", "total_affected_assets": 1, "total_affected_assets_fixed": 1, "total_affected_assets_retesting": 0, "total_affected_assets_not_fixed": 0 } ], "informational": [ { "title": "Weak Password Policy", "retest_status": "Not Fixed", "total_affected_assets": 1, "total_affected_assets_fixed": 0, "total_affected_assets_retesting": 0, "total_affected_assets_not_fixed": 0 } ] }, "attackchains": [ { "title": "Gain control of Bat Portal application server to ...", "order": 1, "id": "26n2cnjcv34g7djv7gilxvzow", "links": [ { "type": "External Attacker", "icon": "data:image/png;base64,iVBORw0...", "description": "Attacker who has ...", "arrow": "data:image/png;base64,iVBORw0", "order": 1, "mitre_attack": "Initial Access", "mitre_attack_color": "#555555" }, { "type": "Action", "icon": "data:image/png;base64,iVBORw0...", "description": "Log into application and ...", "arrow": "data:image/png;base64,iVBORw0", "order": 2, "mitre_attack": "Discovery", "mitre_attack_color": "#660066" }, { "type": "Exploit Critical Vulnerability", "icon": "data:image/png;base64,iVBORw0", "description": "Attacker identifies vulnerable 'upload Avatar' functionality in ...", "title": "Unrestricted Upload of File with Dangerous Type", "likelihood_of_exploitation": "Likelihood of exploitation: 100%", "discovered": "Discovered in batportal.attackforge.com by Robin on 2018-11-03T04:17:41.584Z", "asset_name": "batportal.attackforge.com", "asset_id": "5bdd276b128aa82e0040a913", "discovered_by_name": "Robin", "discovered_by_id": "5bdd276b128aa82e0040a913", "discovered_timestamp": "2018-11-03T04:17:41.584Z", "arrow": "data:image/png;base64,iVBORw0...", "order": 3, "mitre_attack": "Execution", "mitre_attack_color": "#ffc425" } ] } ], "vulnerabilities": [ { "id": "5ad737feccb39f330a8ef00d", "title": "Unrestricted Upload of File with Dangerous Type", "priority": "Critical", "zero_day": false, "easily_exploitable": true, "likelihood_of_exploitation": 10, "severity": 1, "sla": "2022-02-10T01:14:34.975Z", "release_date": "2022-02-03T01:14:38.433Z", "target_remediation_date": "2022-02-10T06:32:39.435Z", "description": "An unrestricted upload of ...", "attack_scenario": "Arbitrary code execution is ...", "remediation_recommendation": "Assume all input is ...", "tags": [ "CWE-434: Unrestricted Upload of File with Dangerous Type", "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CVSSv3.1 Base Score: 9.8" ], "cvssv3_vector": "/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvssv3_base_score": "9.8", "cvssv3_temporal_score": "NA", "cvssv3_environmental_score": "NA", "affected_assets": [ { "created": "2018-11-03T04:17:41.584Z", "modified": "2018-11-03T04:17:41.584Z", "asset": "batportal.attackforge.com", "id": "5bdd2165128aa82e0040a7ef", "proof_of_concept": "1. Do this... 2. Do that...", "proof_of_concept_raw": "...HTML...", "remediation_status": "Closed on 2018-11-03T04:17:41.584Z", "notes": [ { "note": "During testing, it was possible to ..." } ], "remediation_notes": [ { "note": "Issue Closed: Issue has been fixed", "created": "2018-11-03T04:17:41.584Z" }, { "note": "Attempted to upload ...", "created": "2018-11-03T04:17:41.584Z" } ], "assetCustomTags": [ { "Source": "Internal" }, { "Category": "Web App" } ], "assetCustomFields": [ { "af_sys_affected_endpoint": "https://bat-portal.attackforge.com" } ], "assetLibraryCustomFields": [ { "asset_owner": "Bruce Wayne" } ], "alternate_id": "WAYNETECH02-1", "tags": [ "cvss3_base_score:10.0", "cvss3_vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_base_score:10.0", "cvss_score_rationale:Unsupported Software", "cvss_score_source:manual", "cvss_vector:CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C" ], "cvssv3_vector": "/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvssv3_base_score": "10.0", "cvssv3_temporal_score": "NA", "cvssv3_environmental_score": "NA", "testcases": [ { "created": "2022-05-24T04:01:55.765Z", "modified": "2022-05-24T04:01:55.765Z", "modifiedBy": "AttackForge Admin", "status": "Not Tested", "title": "001 New Test Case", "testcase_code": "001", "testsuite_name": "001 Test Suite", "abuse_case": "No" } ] } ], "remediation_status": "Closed", "evidence": [ { "fileName": "screenshot.png", "fileType": "image/png", "fileSizeKB": "8064", "fileBase64": "data:image/png;base64,iVBORw0..." } ], "vulnerabilityCustomTags": [ { "TLS_weakness": "True" }, { "PCI-related": "True" } ] } ], "appendix_overview": true, "appendix_severity": true, "testcases": [ { "created": "2018-11-03T04:17:41.584Z", "modified": "2018-11-03T04:17:41.584Z", "modifiedBy": "Robin", "title": "Verify all pages and resources by default require ...", "status": "Tested", "testsuite_name": "Standard Web App Penetration Testing", "tags": [ "OWASP ASVS v2.1" ], "notes": [ { "note": "There was no function discovered to change user password.", "modified": "2018-11-03T04:17:41.584Z", "modifiedBy": "Robin" } ], "evidence": [ { "fileName": "screenshot.png", "fileType": "image/png", "fileSizeKB": "8064", "fileBase64": "data:image/png;base64,iVBORw0..." } ], "is_failed": "Yes", "is_remediated": "Yes", "remediation_status": "Remediated", "linked_vulnerabilities": [ { "id": "5ad737feccb39f330a8ef00d", "title": "Unrestricted Upload of File with Dangerous Type", "priority": "Critical", "zero_day": false, "easily_exploitable": true, "likelihood_of_exploitation": 10, "severity": 1, "sla": "2022-02-10T01:14:34.975Z", "release_date": "2022-02-03T01:14:38.433Z", "target_remediation_date": "2022-02-10T06:32:39.435Z", "description": "An unrestricted upload of ...", "attack_scenario": "Arbitrary code execution is ...", "remediation_recommendation": "Assume all input is ...", "tags": [ "CWE-434: Unrestricted Upload of File with Dangerous Type", "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CVSSv3.1 Base Score: 9.8" ], "cvssv3_vector": "/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvssv3_base_score": "9.8", "cvssv3_temporal_score": "NA", "cvssv3_environmental_score": "NA", "affected_assets": [ { "created": "2018-11-03T04:17:41.584Z", "modified": "2018-11-03T04:17:41.584Z", "asset": "batportal.attackforge.com", "id": "5bdd2165128aa82e0040a7ef", "proof_of_concept": "1. Do this... 2. Do that...", "proof_of_concept_raw": "...HTML...", "remediation_status": "Closed on 2018-11-03T04:17:41.584Z", "notes": [ { "note": "During testing, it was possible to ..." } ], "remediation_notes": [ { "note": "Issue Closed: Issue has been fixed", "created": "2018-11-03T04:17:41.584Z" }, { "note": "Attempted to upload ...", "created": "2018-11-03T04:17:41.584Z" } ], "assetCustomTags": [ { "Source": "Internal" }, { "Category": "Web App" } ], "assetCustomFields": [ { "af_sys_affected_endpoint": "https://bat-portal.attackforge.com" } ], "assetLibraryCustomFields": [ { "asset_owner": "Bruce Wayne" } ], "alternate_id": "WAYNETECH02-1", "tags": [ "cvss3_base_score:10.0", "cvss3_vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvss_base_score:10.0", "cvss_score_rationale:Unsupported Software", "cvss_score_source:manual", "cvss_vector:CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C" ], "cvssv3_vector": "/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvssv3_base_score": "10.0", "cvssv3_temporal_score": "NA", "cvssv3_environmental_score": "NA", "testcases": [ { "created": "2022-05-24T04:01:55.765Z", "modified": "2022-05-24T04:01:55.765Z", "modifiedBy": "AttackForge Admin", "status": "Not Tested", "title": "001 New Test Case", "testcase_code": "001", "testsuite_name": "001 Test Suite", "abuse_case": "No" } ] } ], "remediation_status": "Closed", "evidence": [ { "fileName": "screenshot.png", "fileType": "image/png", "fileSizeKB": "8064", "fileBase64": "data:image/png;base64,iVBORw0..." } ], "vulnerabilityCustomTags": [ { "TLS_weakness": "True" }, { "PCI-related": "True" } ] } ] } ], "vulnerability_to_asset_mapping": [ { "vulnerability": "Unrestricted Upload of File with Dangerous Type", "priority": "Critical", "assets": [ { "status": "Fixed", "asset": "batportal.attackforge.com" } ] } ], "asset_to_vulnerability_mapping": [ { "asset": "batportal.attackforge.com", "vulnerabilities": [ { "vulnerability": "Unrestricted Upload of File with Dangerous Type", "priority": "Critical", "status": "Fixed" } ] } ] } ``` ## Example The following example is a cURL request to get a csv report by the project id. ### Request Include API Token instead of stars in 'X-SSAPI-KEY: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*' parameter. ``` curl -X GET 'https://demo.attackforge.com/api/ss/project/5bdd20d8128aa82e0040a75d/report/csv' -H 'Host: demo.attackforge.com' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: text/csv' -H 'Connection: close' > vulnerabilities.csv ``` ### Response Response contains a body. For CSV reports, the body is in CSV format. Using cURL, save the output with > filename.csv The following vulnerability fields are returned in the CSV: * **Status** - Open / Ready for Retest / Closed * **Priority**- Critical / High / Medium / Low / Info * **Vulnerability** - vulnerability title * **Affected Targets** - asset name * **Likelihood Of Exploitation** - 1-10 * **Zeroday** - Yes / No * **Description** - description for the vulnerability * **Attack Scenario** - attack scenario for the vulnerability * **Recommendation** - remediation recommendation for the vulnerability * **Notes** - array of notes e.g. \[{"note":"..."}] * **Proof of Concept** - steps to reproduce the vulnerability * **Tags** - array of strings e.g. \["tag 1", "tag 2", ...] * **ReportGen Tags** - array of ReportGen tags e.g. \[{"name":"...", "value":"..."}] * **Custom Fields** - array of custom fields e.g. \[{"name":"...", "value":"..."}] --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getprojectreportdata.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.