Vulnerability Templates

The Vulnman server relies on the existing vulnerability templates.

Since my current focus is on the core modules, the current templates are minimalistic and rather unsuitable for meaningful reports.

Feel free to contribute new vulnerability templates or improve existing ones.

Currently there is little to consider, and the creation is very simple.

Structure of Vulnerability Templates

First of all, the default community vulnerability templates repository is located here.

There are 3 required files for a vulnerability template:

• info.yaml: Contains meta data information of the template
• description.md: A description of the vulnerability written in markdown syntax
• resolution.md: A recommendation of how the vulnerability can be fixed. Also supports markdown syntax.

Vulnman supports multiple languages for report creation. This requires to have vulnerability templates in these languages.

The directory structure of a vulnerability template looks similar to the one below:

| - my_vulnerability
  | - info.yaml
  | - locale
    | - en
      | - description.md
      | - recommendation.md
    | - de
      | - description.md
      | - recommendation.md

info.yaml template

- id: cross-site-scripting
  name: Cross-Site Scripting
  severity: critical
  references:
    - "https://owasp.org/www-community/attacks/xss/"
  cwe:
    - CWE-79
  categories:
    - input-validation
  locale:
    en:
      name: Cross-Site Scripting
    de:
      name: Cross-Site Scripting