Skip to content

Finding

Create findings in your pentest report by JSON or TOML.

Examples

Create findings

1
2
cat finding.json | reptor finding
cat finding.toml | reptor finding

Update findings

1
2
cat finding.json | reptor finding --update c46fd6f7-b265-4434-a5b1-872b3b90ab71
cat finding.toml | reptor finding --update c46fd6f7-b265-4434-a5b1-872b3b90ab71

The --update switch takes the finding ID you want to update (find the ID in the finding URL).

Sample finding

Upload one finding by using the following structures.
Use a list to upload multiple findings.

JSON finding structure
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
{
  "status": "in-progress",
  "data": {
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
    "title": "Reflected XSS",
    "summary": "We detected a reflected XSS vulnerability.",
    "references": [
      "https://owasp.org/www-community/attacks/xss/"
    ],
    "description": "The impact was heavy.",
    "recommendation": "HTML encode user-supplied inputs.",
    "affected_components": [
      "https://example.com/alert(1)",
      "https://example.com/q=alert(1)"
    ]
  }
}
TOML finding structure
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
status = "in-progress"

[data]
cvss = "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
title = "Reflected XSS"
summary = "We detected a reflected XSS vulnerability."
references = [ "https://owasp.org/www-community/attacks/xss/",]
description = "The impact was heavy."
recommendation = "HTML encode user-supplied inputs."
affected_components = [ "https://example.com/alert(1)", "https://example.com/q=alert(1)",]

Usage

1
2
3
4
5
6
7
usage: reptor finding [-h] [--update FINDING ID]

Uploads findings from JSON or TOML

optional arguments:
  -h, --help           show this help message and exit
  --update FINDING ID  Update finding with the given ID