GetProjectReportData

This method can be used for the following: Get details in a reporting format for a project you have access to - including project vulnerabilities, test cases and other reporting data;

Parameters

The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.

Headers

POST /api/ss/project/:id/report/:type HTTP/1.1
Host: demo.attackforge.com
X-SSAPI-KEY: APIKey
Content-Type: application/json
Connection: close

Query

id (string)

Identifier for the project.

Example:

GET /api/ss/project/5e48c12ec0376309d73aad71/report/:type HTTP/1.1

type (string)

Type of report. This must be one of the following: raw, csv

Example:

GET /api/ss/project/:id/report/raw HTTP/1.1

excludeBinaries (boolean)

Exclude binaries from the response object. Only applies to type raw.

Example:

GET /api/ss/project/:id/report/raw?excludeBinaries=true HTTP/1.1

vulnerabilityIds (string array) (optional)

Ids for the vulnerabilities to scope the report to.

Example:

{
   "vulnerabilityIds": [
      "6639508f50523053f459d29f"
   ]
}

Example

The following example is a cURL request to get a raw report by the project id.

Request

Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.

curl -X POST 'https://localhost:3000/api/ss/project/5eab99471e18050942c7607a/report/raw' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{
  "vulnerabilityIds": [
    "6639508f50523053f459d29f"
  ]
}'

Response

Response contains a body. For RAW reports, the body is in JSON format.

{
    "timestamp": "2021-11-08T05:05:25.825Z",
    "project":
    {
        "name": "Bat Portal Pentest",
        "code": "PROJECT XYZ",
        "created": "2021-11-08T05:05:25.825Z",
        "groups":
        [
            {
                "name": "Wayne Technologies"
            }
        ]
    },
    "projectCustomTags":
    [
        {
            "ClientName": "Wayne Technologies"
        }
    ],
    "projectCustomFields":
    [
        {
            "customer_size": "5000+ Employees"
        },
        {
            "compliance_requirements":
            [
                "PCI DSS",
                "HIPAA"
            ]
        }
    ],
    "executive_summary":
    {
        "total_unique_vulnerabilities": 28,
        "total_critical_vulnerabilities": 1,
        "total_high_vulnerabilities": 7,
        "total_medium_vulnerabilities": 6,
        "total_low_vulnerabilities": 11,
        "total_informational_vulnerabilities": 3,
        "total_testcases": 142,
        "total_completed_testcases": 11,
        "total_not_tested_testcases": 125,
        "total_in_progress_testcases": 4,
        "total_not_applicable_testcases": 2,
        "total_zero_day_vulnerabilities": 1,
        "total_easily_exploitable_vulnerabilities": 12,
        "notes": "AttackForge was engaged by...",
        "files":
        [
            {
                "fileName": "screenshot.png",
                "fileType": "image/png",
                "fileSizeKB": "8064",
                "fileBase64": "data:image/png;base64,iVBORw0..."
            }
        ]
    },
    "testing_summary":
    {
        "start_date": "Mon Jun 14 2021",
        "progress": "9%",
        "end_date": "Wed Jun 23 2021",
        "total_assets_with_vulnerabilities": 28,
        "total_assets_with_vulnerabilities_not_fixed": 11,
        "total_assets_with_vulnerabilities_fixed": 13,
        "total_assets_with_vulnerabilities_retesting": 3,
        "assets":
        [
            "batportal.attackforge.com",
            "192.168.0.1"
        ],
        "assets_details":
        [
            {
                "id": "620f1707c66ef8821d35ee1d",
                "name": "13.56.222.64",
                "library_id": "60b3439187c9a3002f60c6f8",
                "library_created": "2021-05-30T07:49:37.207Z",
                "library_updated": "2022-02-22T02:07:17.730Z",
                "library_name": "13.56.222.64",
                "type": "API",
                "external_id": "EXT ID",
                "details": "DETAILS",
                "assetCustomFields":
                [
                    {
                        "test": "CUSTOM FIELD"
                    }
                ]
            }
        ],
        "project_team":
        [
            "Batman - Client",
            "Lucius Fox - Project Manager",
            "Robin - Pentest Lead"
        ],
        "retesting_history":
        [
            {
                "created": "2021-11-08T05:05:25.825Z",
                "retesting_round": 1,
                "retesting_round_status": "Completed",
                "retesting_round_actioned_by": "Robin",
                "retesting_custom_round_name": "Retest Round 1",
                "retesting_custom_status_name": "Completed Retest for Bat Portal",
                "vulnerabilities":
                [
                    {
                        "vulnerability": "Session Fixation",
                        "vulnerability_id": "5bdd2508128aa82e0040a814"
                    },
                    {
                        "vulnerability": "Strict Transport Security Policy Not Enforced",
                        "vulnerability_id": "5bdd276b128aa82e0040a832"
                    }
                ],
                "vulnerabilitiesNotTested":
                [
                    {
                        "vulnerability": "Inconsistent Access Control",
                        "vulnerability_id": "5bdd22ec128aa82e0040a7fc"
                    },
                    {
                        "vulnerability": "Persistent Cross Site Scripting",
                        "vulnerability_id": "5bdd232c128aa82e0040a7ff"
                    },
                    {
                        "vulnerability": "Cookie With Secure Flag Missing",
                        "vulnerability_id": "5bdd2659128aa82e0040a826"
                    },
                    {
                        "vulnerability": "Cookie Without HTTPOnly Flag Set",
                        "vulnerability_id": "5bdd268c128aa82e0040a829"
                    }
                ]
            },
            {
                "created": "2021-11-08T05:05:25.825Z",
                "retesting_round": 1,
                "retesting_round_status": "Requested",
                "retesting_round_actioned_by": "Robin",
                "retesting_custom_round_name": "Retest Round 1",
                "retesting_custom_status_name": "Requested Retest for Bat Portal",
                "vulnerabilities":
                [
                    {
                        "vulnerability": "Inconsistent Access Control",
                        "vulnerability_id": "5bdd22ec128aa82e0040a7fc"
                    },
                    {
                        "vulnerability": "Persistent Cross Site Scripting",
                        "vulnerability_id": "5bdd232c128aa82e0040a7ff"
                    },
                    {
                        "vulnerability": "Session Fixation",
                        "vulnerability_id": "5bdd2508128aa82e0040a814"
                    },
                    {
                        "vulnerability": "Cookie With Secure Flag Missing",
                        "vulnerability_id": "5bdd2659128aa82e0040a826"
                    },
                    {
                        "vulnerability": "Cookie Without HTTPOnly Flag Set",
                        "vulnerability_id": "5bdd268c128aa82e0040a829"
                    },
                    {
                        "vulnerability": "Strict Transport Security Policy Not Enforced",
                        "vulnerability_id": "5bdd276b128aa82e0040a832"
                    }
                ],
                "vulnerabilitiesNotTested":
                []
            }
        ],
        "project_notes":
        [
            {
                "created": "2020-06-18T22:48:42.937Z",
                "modified": "2020-06-18T22:50:33.990Z",
                "note": "Pentester was sick.",
                "note_raw": "...HTML...",
                "created_by": "Robin"
            }
        ]
    },
    "vulnerabilities_summary":
    {
        "totalCriticalVulnerabilitiesAllAssets": 1,
        "totalHighVulnerabilitiesAllAssets": 7,
        "totalMediumVulnerabilitiesAllAssets": 6,
        "totalLowVulnerabilitiesAllAssets": 11,
        "totalInfoVulnerabilitiesAllAssets": 3,
        "critical":
        [
            {
                "title": "Unrestricted Upload of File with Dangerous Type",
                "retest_status": "Fixed",
                "total_affected_assets": 1,
                "total_affected_assets_fixed": 1,
                "total_affected_assets_retesting": 0,
                "total_affected_assets_not_fixed": 0
            }
        ],
        "high":
        [
            {
                "title": "Inconsistent Access Control",
                "retest_status": "Fixed",
                "total_affected_assets": 1,
                "total_affected_assets_fixed": 1,
                "total_affected_assets_retesting": 0,
                "total_affected_assets_not_fixed": 0
            }
        ],
        "medium":
        [
            {
                "title": "Reflected Cross Site Scripting",
                "retest_status": "Fixed",
                "total_affected_assets": 1,
                "total_affected_assets_fixed": 1,
                "total_affected_assets_retesting": 0,
                "total_affected_assets_not_fixed": 0
            }
        ],
        "low":
        [
            {
                "title": "Server Discloses Supporting Technology",
                "retest_status": "Fixed",
                "total_affected_assets": 1,
                "total_affected_assets_fixed": 1,
                "total_affected_assets_retesting": 0,
                "total_affected_assets_not_fixed": 0
            }
        ],
        "informational":
        [
            {
                "title": "Weak Password Policy",
                "retest_status": "Not Fixed",
                "total_affected_assets": 1,
                "total_affected_assets_fixed": 0,
                "total_affected_assets_retesting": 0,
                "total_affected_assets_not_fixed": 0
            }
        ]
    },
    "attackchains":
    [
        {
            "title": "Gain control of Bat Portal application server to ...",
            "order": 1,
            "id": "26n2cnjcv34g7djv7gilxvzow",
            "links":
            [
                {
                    "type": "External Attacker",
                    "icon": "data:image/png;base64,iVBORw0...",
                    "description": "Attacker who has ...",
                    "arrow": "data:image/png;base64,iVBORw0",
                    "order": 1,
                    "mitre_attack": "Initial Access",
                    "mitre_attack_color": "#555555"
                },
                {
                    "type": "Action",
                    "icon": "data:image/png;base64,iVBORw0...",
                    "description": "Log into application and ...",
                    "arrow": "data:image/png;base64,iVBORw0",
                    "order": 2,
                    "mitre_attack": "Discovery",
                    "mitre_attack_color": "#660066"
                },
                {
                    "type": "Exploit Critical Vulnerability",
                    "icon": "data:image/png;base64,iVBORw0",
                    "description": "Attacker identifies vulnerable 'upload Avatar' functionality in ...",
                    "title": "Unrestricted Upload of File with Dangerous Type",
                    "likelihood_of_exploitation": "Likelihood of exploitation: 100%",
                    "discovered": "Discovered in batportal.attackforge.com by Robin on 2018-11-03T04:17:41.584Z",
                    "asset_name": "batportal.attackforge.com",
                    "asset_id": "5bdd276b128aa82e0040a913",
                    "discovered_by_name": "Robin",
                    "discovered_by_id": "5bdd276b128aa82e0040a913",
                    "discovered_timestamp": "2018-11-03T04:17:41.584Z",
                    "arrow": "data:image/png;base64,iVBORw0...",
                    "order": 3,
                    "mitre_attack": "Execution",
                    "mitre_attack_color": "#ffc425"
                }
            ]
        }
    ],
    "vulnerabilities":
    [
        {
            "id": "5ad737feccb39f330a8ef00d",
            "title": "Unrestricted Upload of File with Dangerous Type",
            "priority": "Critical",
            "zero_day": false,
            "easily_exploitable": true,
            "likelihood_of_exploitation": 10,
            "severity": 1,
            "sla": "2022-02-10T01:14:34.975Z",
            "release_date": "2022-02-03T01:14:38.433Z",
            "target_remediation_date": "2022-02-10T06:32:39.435Z",
            "description": "An unrestricted upload of ...",
            "attack_scenario": "Arbitrary code execution is ...",
            "remediation_recommendation": "Assume all input is ...",
            "tags":
            [
                "CWE-434: Unrestricted Upload of File with Dangerous Type",
                "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "CVSSv3.1 Base Score: 9.8"
            ],
            "cvssv3_vector": "/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "cvssv3_base_score": "9.8",
            "cvssv3_temporal_score": "NA",
            "cvssv3_environmental_score": "NA",
            "affected_assets":
            [
                {
                    "created": "2018-11-03T04:17:41.584Z",
                    "modified": "2018-11-03T04:17:41.584Z",
                    "asset": "batportal.attackforge.com",
                    "id": "5bdd2165128aa82e0040a7ef",
                    "proof_of_concept": "1. Do this... 2. Do that...",
                    "proof_of_concept_raw": "...HTML...",
                    "remediation_status": "Closed on 2018-11-03T04:17:41.584Z",
                    "notes":
                    [
                        {
                            "note": "During testing, it was possible to ..."
                        }
                    ],
                    "remediation_notes":
                    [
                        {
                            "note": "Issue Closed: Issue has been fixed",
                            "created": "2018-11-03T04:17:41.584Z"
                        },
                        {
                            "note": "Attempted to upload ...",
                            "created": "2018-11-03T04:17:41.584Z"
                        }
                    ],
                    "assetCustomTags":
                    [
                        {
                            "Source": "Internal"
                        },
                        {
                            "Category": "Web App"
                        }
                    ],
                    "assetCustomFields":
                    [
                        {
                            "af_sys_affected_endpoint": "https://bat-portal.attackforge.com"
                        }
                    ],
                    "assetLibraryCustomFields":
                    [
                        {
                            "asset_owner": "Bruce Wayne"
                        }
                    ],
                    "alternate_id": "WAYNETECH02-1",
                    "tags":
                    [
                        "cvss3_base_score:10.0",
                        "cvss3_vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                        "cvss_base_score:10.0",
                        "cvss_score_rationale:Unsupported Software",
                        "cvss_score_source:manual",
                        "cvss_vector:CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"
                    ],
                    "cvssv3_vector": "/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                    "cvssv3_base_score": "10.0",
                    "cvssv3_temporal_score": "NA",
                    "cvssv3_environmental_score": "NA",
                    "testcases":
                    [
                        {
                            "created": "2022-05-24T04:01:55.765Z",
                            "modified": "2022-05-24T04:01:55.765Z",
                            "modifiedBy": "AttackForge Admin",
                            "status": "Not Tested",
                            "title": "001 New Test Case",
                            "testcase_code": "001",
                            "testsuite_name": "001 Test Suite",
                            "abuse_case": "No"
                        }
                    ]
                }
            ],
            "remediation_status": "Closed",
            "evidence":
            [
                {
                    "fileName": "screenshot.png",
                    "fileType": "image/png",
                    "fileSizeKB": "8064",
                    "fileBase64": "data:image/png;base64,iVBORw0..."
                }
            ],
            "vulnerabilityCustomTags":
            [
                {
                    "TLS_weakness": "True"
                },
                {
                    "PCI-related": "True"
                }
            ]
        }
    ],
    "appendix_overview": true,
    "appendix_severity": true,
    "testcases":
    [
        {
            "created": "2018-11-03T04:17:41.584Z",
            "modified": "2018-11-03T04:17:41.584Z",
            "modifiedBy": "Robin",
            "title": "Verify all pages and resources by default require ...",
            "status": "Tested",
            "testsuite_name": "Standard Web App Penetration Testing",
            "tags":
            [
                "OWASP ASVS v2.1"
            ],
            "notes":
            [
                {
                    "note": "There was no function discovered to change user password.",
                    "modified": "2018-11-03T04:17:41.584Z",
                    "modifiedBy": "Robin"
                }
            ],
            "evidence":
            [
                {
                    "fileName": "screenshot.png",
                    "fileType": "image/png",
                    "fileSizeKB": "8064",
                    "fileBase64": "data:image/png;base64,iVBORw0..."
                }
            ],
            "is_failed": "Yes",
            "is_remediated": "Yes",
            "remediation_status": "Remediated",
            "linked_vulnerabilities":
            [
                {
                    "id": "5ad737feccb39f330a8ef00d",
                    "title": "Unrestricted Upload of File with Dangerous Type",
                    "priority": "Critical",
                    "zero_day": false,
                    "easily_exploitable": true,
                    "likelihood_of_exploitation": 10,
                    "severity": 1,
                    "sla": "2022-02-10T01:14:34.975Z",
                    "release_date": "2022-02-03T01:14:38.433Z",
                    "target_remediation_date": "2022-02-10T06:32:39.435Z",
                    "description": "An unrestricted upload of ...",
                    "attack_scenario": "Arbitrary code execution is ...",
                    "remediation_recommendation": "Assume all input is ...",
                    "tags":
                    [
                        "CWE-434: Unrestricted Upload of File with Dangerous Type",
                        "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                        "CVSSv3.1 Base Score: 9.8"
                    ],
                    "cvssv3_vector": "/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "cvssv3_base_score": "9.8",
                    "cvssv3_temporal_score": "NA",
                    "cvssv3_environmental_score": "NA",
                    "affected_assets":
                    [
                        {
                            "created": "2018-11-03T04:17:41.584Z",
                            "modified": "2018-11-03T04:17:41.584Z",
                            "asset": "batportal.attackforge.com",
                            "id": "5bdd2165128aa82e0040a7ef",
                            "proof_of_concept": "1. Do this... 2. Do that...",
                            "proof_of_concept_raw": "...HTML...",
                            "remediation_status": "Closed on 2018-11-03T04:17:41.584Z",
                            "notes":
                            [
                                {
                                    "note": "During testing, it was possible to ..."
                                }
                            ],
                            "remediation_notes":
                            [
                                {
                                    "note": "Issue Closed: Issue has been fixed",
                                    "created": "2018-11-03T04:17:41.584Z"
                                },
                                {
                                    "note": "Attempted to upload ...",
                                    "created": "2018-11-03T04:17:41.584Z"
                                }
                            ],
                            "assetCustomTags":
                            [
                                {
                                    "Source": "Internal"
                                },
                                {
                                    "Category": "Web App"
                                }
                            ],
                            "assetCustomFields":
                            [
                                {
                                    "af_sys_affected_endpoint": "https://bat-portal.attackforge.com"
                                }
                            ],
                            "assetLibraryCustomFields":
                            [
                                {
                                    "asset_owner": "Bruce Wayne"
                                }
                            ],
                            "alternate_id": "WAYNETECH02-1",
                            "tags":
                            [
                                "cvss3_base_score:10.0",
                                "cvss3_vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                                "cvss_base_score:10.0",
                                "cvss_score_rationale:Unsupported Software",
                                "cvss_score_source:manual",
                                "cvss_vector:CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"
                            ],
                            "cvssv3_vector": "/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                            "cvssv3_base_score": "10.0",
                            "cvssv3_temporal_score": "NA",
                            "cvssv3_environmental_score": "NA",
                            "testcases":
                            [
                                {
                                    "created": "2022-05-24T04:01:55.765Z",
                                    "modified": "2022-05-24T04:01:55.765Z",
                                    "modifiedBy": "AttackForge Admin",
                                    "status": "Not Tested",
                                    "title": "001 New Test Case",
                                    "testcase_code": "001",
                                    "testsuite_name": "001 Test Suite",
                                    "abuse_case": "No"
                                }
                            ]
                        }
                    ],
                    "remediation_status": "Closed",
                    "evidence":
                    [
                        {
                            "fileName": "screenshot.png",
                            "fileType": "image/png",
                            "fileSizeKB": "8064",
                            "fileBase64": "data:image/png;base64,iVBORw0..."
                        }
                    ],
                    "vulnerabilityCustomTags":
                    [
                        {
                            "TLS_weakness": "True"
                        },
                        {
                            "PCI-related": "True"
                        }
                    ]
                }
            ]
        }
    ],
    "vulnerability_to_asset_mapping":
    [
        {
            "vulnerability": "Unrestricted Upload of File with Dangerous Type",
            "priority": "Critical",
            "assets":
            [
                {
                    "status": "Fixed",
                    "asset": "batportal.attackforge.com"
                }
            ]
        }
    ],
    "asset_to_vulnerability_mapping":
    [
        {
            "asset": "batportal.attackforge.com",
            "vulnerabilities":
            [
                {
                    "vulnerability": "Unrestricted Upload of File with Dangerous Type",
                    "priority": "Critical",
                    "status": "Fixed"
                }
            ]
        }
    ]
}

Example

The following example is a cURL request to get a csv report by the project id.

Request

Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.

curl -X GET 'https://demo.attackforge.com/api/ss/project/5bdd20d8128aa82e0040a75d/report/csv' -H 'Host: demo.attackforge.com' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: text/csv' -H 'Connection: close' > vulnerabilities.csv

Response

Response contains a body. For CSV reports, the body is in CSV format. Using cURL, save the output with > filename.csv

The following vulnerability fields are returned in the CSV:

  • Status - Open / Ready for Retest / Closed

  • Priority- Critical / High / Medium / Low / Info

  • Vulnerability - vulnerability title

  • Affected Targets - asset name

  • Likelihood Of Exploitation - 1-10

  • Zeroday - Yes / No

  • Description - description for the vulnerability

  • Attack Scenario - attack scenario for the vulnerability

  • Recommendation - remediation recommendation for the vulnerability

  • Notes - array of notes e.g. [{"note":"..."}]

  • Proof of Concept - steps to reproduce the vulnerability

  • Tags - array of strings e.g. ["tag 1", "tag 2", ...]

  • ReportGen Tags - array of ReportGen tags e.g. [{"name":"...", "value":"..."}]

  • Custom Fields - array of custom fields e.g. [{"name":"...", "value":"..."}]

Last updated

Check YouTube for more tutorials: https://youtube.com/@attackforge