Node properties

This guide contains

Node properties in your Dradis project

Node properties are slightly different from the Note controls. While new Notes are created for each plugin upload, there is only one set of properties per Node. Using Node properties can allow you to add Host details from more than one plugin.

To view the Node properties, simply navigate to any Node in your project.

Click Edit to see how the Node properties are formatted differently than other information in Dradis.

Pay attention to the difference in field name capitalization here. This will be important when you go to use the Node properties in your report.

Example: Using Node properties in your report

In order to export the Node properties into your report template, you need to use a content control with the same name of the property as viewed when you click on Edit.

For example, use hostname and not Hostname and make sure it's wrapped in a Node content control:

You can also use Node properties to filter your Node content control. For example, if you have a type property and you want to limit a section of your report to only Nodes where the Type value is internal, you can filter your Node control with type|internal.

Example: Services Tables

The services tables are a bit different as the data exports as a table, not a text string.

The services tables are auto-magically created when you upload the output of various tools into your project (e.g. Nmap, Qualys, Nessus, etc). The Services table (with Protocol, Port, State, Product, Reason, Name, and Version columns) will export into your report template as a table.

If two tools find the same port on the same Node, the services table will be de-duplicated, and any unique/extra data will appear in the Services Extras section below.

To pull the services table into your report, just add a ServicesTable content control to your report and make sure it's wrapped in a Node content control:

The sample services table shown above will export into the Word report template like:

Note: to automatically apply styling to your services tables, try updating the default table style in your report template.

Don't worry if your report template is using an old services (case sensitive!) content control. That will continue to work moving forward!

Example: Services Entries

The Services tables described in more detail above have many columns. What if you just want to export just a subset of the table, for example the Port and Protocol data and not have the output inside of a table? The servicesEntries content control is just what you're looking for.

To pull just a subset of the Services table into your report, first add content controls with the name of the column you want to export. To check the column names, you can edit the Node properties to see the source of the Services table like:

"services": [
    {
      "port": 21,
      "protocol": "tcp",
      "state": "open",
      "name": "ftp?",
      "x_nessus": "The service closed the connection without sending any data.\nIt might be protected by some sort of TCP wrapper."
    }
  ]
    

For example, use port and not Port as the capitalization matters.

Then, make sure to wrap the section with a servicesEntries content control:

The sample services table shown above will export into the Word report template like:

Node properties cheatsheet

Not all plugins define Node properties at this time. The table below outlines which plugins define Node properties and which properties they define.

Plugin Defines Node Properties Defined
Acunetix

Short Name, Start URL, Start Time, Finish Time, Scan Time, Aborted, Responsive, Banner, OS, Web Server, Technologies

360: Scan ID, Initiated, Duration

Brakeman
Burp Hostname
CoreImpact IP, OS
Metasploit Hostname, IP, Operating System, MAC Address, Services
Nessus FQDN, IP, MAC Address, NetBIOS Name, Operating System, Services
NeXpose Hostname, IP, OS, Risk Score
Nikto Hostname, IP, Operating System
Nipper Device Name, Device Type, OS Version
Nmap Hostname, IP, Operating System, Services Table
AppSpider
OpenVAS Hostname, Asset ID
Pentera IP, Hostname, OS, Identifier, Domain Name, FQDN, NetBIOS
Qualys

Asset: Asset Tags, DNS, Host ID, OS, QG Host ID, Tracking Method

Vuln: Hostname, IP, Operating System

WAS: Webapp ID, Webapp Name, URL, Scope

Veracode Application ID, Business Criticality, Business Owner, Business Unit, Policy Name, Teams
Zed Attack Proxy (ZAP)

Next help article: Evidence content controls →

Seven Strategies To Differentiate Your Cybersecurity Consultancy

You don’t need to reinvent the wheel to stand out from other cybersecurity consultancies. Often, it's about doing the simple things better, and clearly communicating what sets you apart.

  • Tell your story better
  • Improve your testimonials and case studies
  • Build strategic partnerships

Your email is kept private. We don't do the spam thing.