This guide contains
Node properties are slightly different from the Note controls. While new Notes are created for each plugin upload, there is only one set of properties per Node. Using Node properties can allow you to add Host details from more than one plugin.
To view the Node properties, simply navigate to any Node in your project.
Click Edit to see how the Node properties are formatted differently than other information in Dradis.
Pay attention to the difference in field name capitalization here. This will be important when you go to use the Node properties in your report.
In order to export the Node properties into your report template, you need to use a content control with the same name of the property as viewed when you click on Edit.
For example, use hostname
and not Hostname
and make sure it's wrapped in a Node
content control:
You can also use Node properties to filter your Node content control. For example, if you have a type
property and you want to limit a section of your report to only Nodes where the Type value is internal
, you can filter your Node control with type|internal
.
The services tables are a bit different as the data exports as a table, not a text string.
The services tables are auto-magically created when you upload the output of various tools into your project (e.g. Nmap, Qualys, Nessus, etc). The Services table (with Protocol, Port, State, Product, Reason, Name, and Version columns) will export into your report template as a table.
If two tools find the same port on the same Node, the services table will be de-duplicated, and any unique/extra data will appear in the Services Extras section below.
To pull the services table into your report, just add a ServicesTable
content control to your report and make sure it's wrapped in a Node
content control:
The sample services table shown above will export into the Word report template like:
Note: to automatically apply styling to your services tables, try updating the default table style in your report template.
Don't worry if your report template is using an old services
(case sensitive!) content control. That will continue to work moving forward!
The Services tables described in more detail above have many columns. What if you just want to export just a subset of the table, for example the Port and Protocol data and not have the output inside of a table? The servicesEntries
content control is just what you're looking for.
To pull just a subset of the Services table into your report, first add content controls with the name of the column you want to export. To check the column names, you can edit the Node properties to see the source of the Services table like:
"services": [ { "port": 21, "protocol": "tcp", "state": "open", "name": "ftp?", "x_nessus": "The service closed the connection without sending any data.\nIt might be protected by some sort of TCP wrapper." } ]
For example, use port
and not Port
as the capitalization matters.
Then, make sure to wrap the section with a servicesEntries
content control:
The sample services table shown above will export into the Word report template like:
Not all plugins define Node properties at this time. The table below outlines which plugins define Node properties and which properties they define.
Plugin | Defines | Node Properties Defined |
---|---|---|
Acunetix |
Short Name, Start URL, Start Time, Finish Time, Scan Time, Aborted, Responsive, Banner, OS, Web Server, Technologies 360: Scan ID, Initiated, Duration |
|
Brakeman | ||
Burp | Hostname | |
CoreImpact | IP, OS | |
Metasploit | Hostname, IP, Operating System, MAC Address, Services | |
Nessus | FQDN, IP, MAC Address, NetBIOS Name, Operating System, Services | |
NeXpose | Hostname, IP, OS, Risk Score | |
Nikto | Hostname, IP, Operating System | |
Nipper | Device Name, Device Type, OS Version | |
Nmap | Hostname, IP, Operating System, Services Table | |
AppSpider | ||
OpenVAS | Hostname, Asset ID | |
Pentera | IP, Hostname, OS, Identifier, Domain Name, FQDN, NetBIOS | |
Qualys |
Asset: Asset Tags, DNS, Host ID, OS, QG Host ID, Tracking Method Vuln: Hostname, IP, Operating System WAS: Webapp ID, Webapp Name, URL, Scope |
|
Veracode | Application ID, Business Criticality, Business Owner, Business Unit, Policy Name, Teams | |
Zed Attack Proxy (ZAP) |
Next help article: Evidence content controls →
Your email is kept private. We don't do the spam thing.