Projects 101

Team and permissions

Activity feed and revision history

The Project Scheduler

Comments, Notifications, & Subscriptions

Using Nodes to structure the project

Node properties

Working with Notes

The Report Content page

Adding issues and evidence

Liquid Dynamic Content

Combine multiple Issues

Bulk-update Issues

CVSS and DREAD calculators

Add attachments

Tagging issues

Using methodologies

Project templates

Upload and work with tool output

Upload and work with CSV files

Search your project

Restore deleted content with the Trash feature

Quality Assurance View

Generate your report

Importing and exporting projects

Performing a retest

The Administrator role

Managing users

Enabling / disabling sign ups

Working with teams

Working with projects

The Instance-wide Trash

Integration and Tool Manager

Project Scheduler

The Business Intelligence Dashboard

The Remediation Tracker

The Mappings Manager

The Rules Engine

The IssueLibrary

Report templates

Report template properties

Note templates

Project templates

Methodology templates

Kit Uploads

System settings

Upgrading the app

Customizations and Configurations

Re-encrypt your LUKS-encrypted disk and generate a new volume key

Automatically unlock your LUKS-encrypted drive

Change your LUKs-encrypted drive's passphrase

Change default OS and database passwords

Change default CIC password

Set up SSL certificates so that upgrades won't override them

Set up SSL certificates with Let's Encrypt

Increase the number of puma threads

Increase the number of export worker processes

Set maximum login attempts

Increase session timeout period

Usage analytics sharing

Configure the mail server

Configure the Burp-Dradis Extension

Connecting Dradis to MediaWiki

Enable extra import add-ons

API basics

Teams endpoint

Users endpoint

Projects endpoint

Nodes endpoint

Issues endpoint

Evidence endpoint

Content Blocks endpoint

Notes endpoint

Attachments endpoint

Document Properties endpoint

Methodologies endpoint

IssueLibrary endpoint

Intro to the BI Dashboard

Custom Team Properties

Custom Project Properties

From Properties to Metrics

Trend Analysis

Intro to Liquid Gateway Themes

Creating Liquid Gateway Themes

Using Liquid Gateway Themes

  1. Support Home
  2. Collaborate
  3. Command Line Interface
  4. [scripting] Find projects with XSS issues

Find projects with XSS issues

The find_xss.rb cycles through all recent projects to locate those that have XSS issues in them.

The meat of the script is the following loop:

recent_projects.each do |project|
  with_scope(project) do
    issue_library = Node.issue_library
    Issue.where(node_id: issue_library.id).each do |issue|
      if issue.title =~ /XSS/i
        puts "* Project #{project.name} has '#{issue.title}'"
        break
      end
    end
  end
end

We cycle through each of the recent projects. For each of them we gather all the issues with the following line:

Issue.where(node_id: issue_library.id)

And match each Issue's #title with the /XSS/ regular expression.

Next help article: [scripting] Find Issues added in the past 24 hours →

Seven Strategies To Differentiate Your Cybersecurity Consultancy

You don’t need to reinvent the wheel to stand out from other cybersecurity consultancies. Often, it's about doing the simple things better, and clearly communicating what sets you apart.

  • Tell your story better
  • Improve your testimonials and case studies
  • Build strategic partnerships

Your email is kept private. We don't do the spam thing.