Supported Tools

The Mappings Manager can work with outputs from many different tools (previously known as "plugins" in older Dradis versions); however, not all are supported in the same way. Check the list below to see which tools are included in the Mappings Manager, as well as to view a list of all available data sources and their associated fields.

The Data Sources

The Mappings Manager allows you to choose a data source for every tool. Each tool has it's own set of data sources, which will populate a corresponding destination of the selected report template. For example, Nessus has 3 data sources: Evidence (for populating Evidence), Report Item (for populating Issues), and Note: Report Host (for populating Notes). You can pick the source to use from the dropdown.

Create a mapping for each data source separately to achieve the exact output you need for your report template. More details on the specifics of integration with your report template will be provided later in this guide.

On upload, Dradis uses the plugin_id field (an automatically created field containing the unique ID from each tool) to create new Issues. If one Issue appears more than once in a file, one Issue will be created with multiple instances of Evidence. If you upload more than one file from the same tool, and the same Issue is present in multiple files, the first tool upload will define the severity of the Issue.

The Fields

Each tool provides a list of fields that can be automatically imported into your mapping. Click on Choose a field to view a list of all the fields supported by the tool for that particular data source.

You can also check the fields you have mapped against your report template properties by selecting the Validation tab on the right side.

The combination of chosen data sources and the their mappings takes your uploaded tool output and creates a new Issue, Evidence, or Note in Dradis, customized exactly how you need it.

What does this mapping create when I upload my file?

You'll notice that each of the Supported Tools has a different naming convention for the different data sources. These names match up with the field names within the different tool outputs. For example, the Nessus Report Item data source corresponds to the data available in the ReportItem tags in the .nessus file.

Dradis::Plugins::Acunetix

The Report Item data source defines Issue fields.

The following fields are available:

name
module_name
severity
type
impact
description
detailed_information
recommendation
request
response
cvss_descriptor
cvss_score
cvss3_descriptor
cvss3_score
cvss3_tempscore
cvss3_envscore
cve_list
references

The Evidence data source defines Evidence fields.

The following fields are available:

details
affects
parameter
aop_source_file
aop_source_line
aop_additional
is_false_positive
request
response

The Evidence 360 data source defines Evidence fields for Acunetix 360 scans.

The following fields are available:

http_request
http_request_method
http_response
http_response_status_code
http_response_duration

The Vulnerability 360 data source defines Issue fields for Acunetix 360 scans.

The following fields are available:

name
type
url
description
impact
remedial_actions
exploitation_skills
remedial_procedure
remedy_references
external_references
severity
certainty
confirmed
state
owasp
wasc
cwe
capec
pci32
hipaa
owasppc
iso27001
cvss_vector
cvss_base
cvss_temporal
cvss_environmental
cvss31_vector
cvss31_base
cvss31_temporal
cvss31_environmental

The Note: Scan data source defines the fields for a Note set to the Default category on each Node.

The following fields are available:

name
short_name
start_url
start_time
finish_time
scan_time
aborted
responsive
banner
os
web_server
technologies

Dradis::Plugins::AppSpider

The Evidence data source defines Evidence fields.

The following fields are available:

attack_config_description
attack_description
attack_id
attack_matched_string
attack_post_params
attack_request
attack_response
attack_user_notes
attack_value
attack_vuln_url
benign
original_value
original_response_code

The Vuln data source defines Issue fields.

The following fields are available:

attack_class
attack_score
attack_type
attack_value
capec
confidence
cwe_id
description
dissa_asc
html_entity_attacked
imperva_bl
imperva_wl
mod_security_bl
mod_security_wl
normalized_url
oval
owasp2007
owasp2010
owasp2013
owasp2017
pcre_regex_bl
pcre_regex_wl
recommendation
scan_date
snort_bl
snort_wl
statistically_prevalent_original_response_code
vuln_method
vuln_param
vuln_type
wasc
vuln_url

Dradis::Plugins::Brakeman

The Warning data source defines Issue fields.

The following fields are available:

warning_type
warning_code
fingerprint
message
file
line
link
code
render_path
location_type
location_class
location_method
user_input
confidence

The Note: Scan Info data source defines the fields for a Note set to the Default category.

The following fields are available:

app_path
rails_version
security_warnings
start_time
end_time
duration
number_of_controllers
number_of_models
number_of_templates
ruby_version
brakeman_version

Dradis::Plugins::Burp

The XML Evidence data source defines Evidence fields.

The following fields are available:

host
path
location
severity
confidence
request
response
detail

The XML Issue data source defines Issue fields.

The following fields are available:

background
detail
name
references
remediation_background
remediation_detail
severity
vulnerability_classifications

The HTML Evidence data source defines fields for the instances of Evidence that are created when you upload a Burp HTML re If you're uploading a Burp XML file, configure the Evidence data source instead.

The following fields are available:

confidence
detail
host
location
path
request
request_1
request_2
request_3
response
response_1
response_2
response_3
severity

The HTML Issue data source defines Issue fields. If you're uploading a Burp XML file, configure the Issue data source instead.

The following fields are available:

background
detail
name
references
remediation_background
remediation_detail
severity
vulnerability_classifications

Dradis::Plugins::CoreImpact

The Evidence data source defines Evidence fields.

The following fields are available:

agent_deployed
description
tried_to_install_agent
port

The Issue data source defines Issue fields.

The following fields are available:

title
agent_deployed
cve
description
port
tried_to_install_agent

Dradis::Plugins::Metasploit

The Note: Host Note data source defines the fields for a Note set to the Default category.

The following fields are available:

id
ntype
data

Dradis::Plugins::Nessus

The Evidence data source defines Evidence fields.

cm_actual_value
cm_audit_file
cm_check_id
cm_check_name
cm_info
cm_output
cm_policy_value
cm_reference
cm_result
cm_see_also
cm_solution
plugin_output
port
protocol
svc_name
severity
plugin_name

The Report Item data source defines Issue fields.

The following fields are available:

age_of_vuln
bid_entries
cve_entries
cvss3_base_score
cvss3_temporal_score
cvss3_temporal_vector
cvss3_vector
cvss_base_score
cvss_temporal_score
cvss_temporal_vector
cvss_vector
cwe_entries
description
exploitability_ease
exploit_available
exploit_code_maturity
exploit_framework_canvas
exploit_framework_core
exploit_framework_metasploit
metasploit_name
patch_publication_date
plugin_family
plugin_id
plugin_modification_date
plugin_name
plugin_output
plugin_publication_date
plugin_type
plugin_version
port
protocol
risk_factor
see_also_entries
severity
solution
svc_name
synopsis
threat_intensity_last_28
threat_recency
threat_sources_last_28
vpr_score
vuln_publication_date
xref_entries

The Note: Report Host data source defines the fields for a Note set to the Default category on each Node.

The following fields are available:

name
ip
fqdn
operating_system
mac_address
netbios_name
scan_start_time
scan_stop_time

Dradis::Plugins::Netsparker

The Evidence data source defines Evidence fields.

The following fields are available:

extrainformation
rawrequest
rawresponse
url
vulnerableparameter
vulnerableparametertype
vulnerableparametervalue

The Issue data source defines Issue fields.

The following fields are available:

actions_to_take
certainty
classification_asvs40
classification_capec
classification_cvss_vector
classification_cvss_base_value
classification_cvss_base_severity
classification_cvss_environmental_value
classification_cvss_environmental_severity
classification_cvss_temporal_value
classification_cvss_temporal_severity
classification_cwe
classification_disastig
classification_hipaa
classification_iso27001
classification_nistsp80053
classification_owasp2013
classification_owasp2017
classification_owasp2021
classification_owasppc
classification_pci31
classification_pci32
classification_wasc
description
external_references
extrainformation
impact
knownvulnerabilities
remedy
remedy_references
required_skills_for_exploitation
severity
title
type

Dradis::Plugins::Nexpose

The Full Evidence data source defines Evidence fields.

The following fields are available:

content
id
port
protocol
status

The Full Vulnerability data source defines Issue fields.

The following fields are available:

added
cvss_score
cvss_vector
description
modified
nexpose_id
pci_severity
published
risk_score
references
severity
solution
tags
title

The Note: Full Scan data source defines the fields for a Note set to the Default category on the Nexpose Scan Summary Node.

The following fields are available:

end_time
name
scan_id
start_time
status

For a simple scan format, the Note: Simple port data source defines the fields for a Note set to the Default category for each Port associated with a specific Host (e.g. Node).

The following fields are available:

finding
id

For a full scan format, the Note: Full service data source defines the fields for a Note set to the Default category for each Service associated with a specific Host (e.g. Node).

The following fields are available:

configurations
fingerprints
name
tests

The Note: Full node data source defines the fields for a Note set to the Default category on each Node.

The following fields are available:

address
device_id
fingerprints
hardware_address
names
tests
site_name
status
software

Dradis::Plugins::Nikto

The Evidence data source defines Evidence fields.

The following fields are available:

request_method
uri
namelink
iplink

The Issue data source defines Issue fields.

The following fields are available:

id
request_method
osvdbid
osvdblink
references
description
uri
namelink
iplink

The Note: Scan data source defines the fields for a Note set to the Default category on each Node.

The following fields are available:

filename
targetip
targethostname
targetport
targetbanner
starttime
sitename
siteip
hostheader
errors
checks

The Note: SSL data source defines the fields for a Note set to the Default category on each Node.

The following fields are available:

ciphers
issuers
info

Dradis::Plugins::Nipper

The Evidence data source defines Evidence fields.

The following fields are available:

device_name
device_type
device_osversion

The Issue data source defines Issue fields.

The following fields are available:

title
cvss_base
cvss_base_vector
cvss_temporal
cvss_temporal_vector
cvss_environmental
cvss_environmental_vector
finding
impact
ease
recommendation

Dradis::Plugins::Nmap

The Note: Host data source defines the fields for a Note set to the Default category on each Node.

The following fields are available:

hostnames
ip
service_table
os

The Note: Port data source defines the fields for a Note set to the Default category for each Port associated with a specific Host (e.g. Node).

The following fields are available:

number
protocol
state
reason
name
product
tunnel
version
host

Dradis::Plugins::OpenVAS

The Evidence data source defines Evidence fields.

The following fields are available:

port
description

The Result data source defines Issue fields.

The following fields are available:

threat
description
original_threat
notes
overrides
name
cvss_base
cvss_base_vector
risk_factor
cve
bid
xref
summary
insight
info_gathered
impact
impact_level
vuldetect
affected_software
solution
solution_type

Dradis::Plugins::Pentera

The Evidence template defines Evidence fields

The following fields are available:

evidence.found_on
evidence.port
evidence.protocol
evidence.target
evidence.target_id

The Issue template defines Issue fields

The following fields are available:

issue.insight
issue.name
issue.priority
issue.remediation
issue.summary
issue.severity

Dradis::Plugins::Qualys

The Vuln Evidence data source defines Evidence fields that are created when you upload a Qualys Vulnerability Management report.

The following fields are available:

cat_fqdn
cat_misc
cat_port
cat_protocol
cat_value
result

The Vuln Element data source defines Issue fields fields that are created when you upload a Qualys Vulnerability Management report.

The following fields are available:

number
severity
cveid
title
last_update
cvss_base
cvss_temporal
pci_flag
vendor_reference_list
cve_id_list
bugtraq_id_list
diagnosis
consequence
solution
compliance
result
qualys_collection

The WAS Evidence data source defines fields for the instances of Evidence that are created when you upload a Qualys Web Application Scan report.

The following fields are available:

was-access_paths
was-ajax
was-authentication
was-ignored
was-potential
was-request_headers
was-request_method
was-request_url
was-response_evidence
was-response_contents
was-url

The WAS Issue data source defines fields for the Issue that are created when you upload a Qualys Web Application Scan report.

The following fields are available:

was-category
was-cvss_base
was-cvss_temporal
was-cvss3_base
was-cvss3_temporal
was-cvss3_vector
was-cwe
was-description
was-group
was-impact
was-owasp
was-qid
was-severity
was-solution
was-title
was-wasc

The Asset Evidence data source defines fields for the instances of Evidence that are created when you upload a Qualys Asset Scan report.

The following fields are available:

asset-cvss3_final
asset-cvss_final
asset-first_found
asset-last_found
asset-result
asset-ssl
asset-times_found
asset-type
asset-vuln_status

The Asset Issue data source defines fields for the Issue that are created when you upload a Qualys Asset Scan report.

The following fields are available:

asset-category
asset-cvss3_base
asset-cvss3_temporal
asset-cvss_base
asset-cvss_temporal
asset-impact
asset-last_update
asset-pci_flag
asset-qid
asset-result
asset-severity
asset-solution
asset-threat
asset-title

Dradis::Plugins::Saint

The Evidence data source defines Evidence fields.

The following fields are available:

port
severity
class
cve
cvss_base_score

The Vulnerability data source defines Issue fields.

The following fields are available:

description
hostname
ipaddr
hosttype
scan_time
status
severity
cve
cvss_base_score
impact
background
problem
resolution
reference

Dradis::Plugins::Veracode

The Evidence data source defines Evidence fields for the Flaw findings.

The following fields are available:

description
exploitlevel
issueid
line
mitigation_status
mitigation_status_desc
module
remediation_status
remediationeffort
sourcefile
sourcefilepath

The Issue data source defines Issue fields for the Flaw findings.

The following fields are available:

categoryid
categoryname
cweid
cwename
description
exploitlevel
issueid
line
mitigation_status
mitigation_status_desc
module
note
remediation_status
remediationeffort
severity
sourcefile
sourcefilepath

The SCA Evidence data source defines Evidence fields for the Software Composition Analysis findings.

The following fields are available:

file_name
file_path_value
library
library_id
mitigation

The SCA Issue data source defines Issue fields for the Software Composition Analysis findings.

The following fields are available:

cve_id
cve_summary
cvss_score
cwe_id
mitigation
severity
severity_desc
vulnerability_affects_policy_compliance

Dradis::Plugins::WPScan

The Evidence data source defines Evidence fields.

The following fields are available:

evidence

The Vulnerability data source defines Issue fields.

The following fields are available:

title
fixed_in
cve
url
wpvulndb_url

The Note: Scan Info data source defines Note fields.

The following fields are available:

target_url
wordpress_version
plugins_string
themes_string
users
wpscan_version
start_time
elapsed

Dradis::Plugins::Zap

The Evidence data source defines Evidence fields.

The following fields are available:

uri
param
attack

The Issue data source defines Issue fields.

The following fields are available:

pluginid
alert
riskcode
confidence
riskdesc
desc
count
solution
otherinfo
reference
cweid
wascid

Now that you understand how the Mappings Manager uses Tools, Data Sources, and Fields together to customize your findings, let's move on and integrate the Mappings Manager with YOUR report template.

Seven Strategies To Differentiate Your Cybersecurity Consultancy

You don’t need to reinvent the wheel to stand out from other cybersecurity consultancies. Often, it's about doing the simple things better, and clearly communicating what sets you apart.

  • Tell your story better
  • Improve your testimonials and case studies
  • Build strategic partnerships

Your email is kept private. We don't do the spam thing.