Testing Data [Example Inc.]

To test the Kikimora Agent without providing your own data, we have pre-populated these example tables below. You can simply tell Kikimora agent to 'Add this data.. [Paste Table]'.

You can add data in an unstructured format or by copying/pasting it straight into the agent. This method will require you to provide additional and/or missing details manually in the prompt window.

Assets (Example Inc.)

To fully explore the features of Kikimora Agent we need a starting point. Lets add some dummy data to populate the instance and then experiment with some prompts.

Mapping assets helps you prioritize which vulnerabilities to fix first by understanding which systems are most critical to your business.

⌨️ 'Add the following assets...'

Hostname	IP Address	Criticality	Environment	Exposed
web-prod-01	10.0.1.5	High	Production	True
db-dev-02	10.0.5.12	Medium	Development	False
api-gateway-03	10.0.1.20	High	Production	True
file-server-04	10.0.3.15	Low	Production	False
jenkins-ci	10.0.5.50	Medium	Development	False

You can also upload custom data by following the annotation below. ⬇️

{
  "name": "create a new asset",
  "data": {
    "name": "string (unique asset name)",
    "hostname": "string (unique hostname)",
    "ip": "string (optional unique IP address)",
    "risk_owner_id": "string (unique risk owner ID)",
    "description": "string (optional description)",
    "criticality_id": "string (optional criticality ID)",
    "environment": "string (optional environment)",
    "infrastructure": "string (optional infrastructure)",
    "exposed": "boolean (optional status: true/false)"
  }
}

---

Projects (Example Inc.)

A 'project' section organizes and tracks specific security initiatives, grouping vulnerabilities, assigning ownership, and setting deadlines for clear management.

The data below is randomized to provide a variety scenarious.

Project Name	Type	Status	Owner	Execution Dates	Associated Assets	Checks / Notes
Q3 2025 Web App Pentest	Penetration Test	In Progress	Alice Johnson	2025-07-20 → 2025-09-01	web-prod-01, api-gateway-03	Auth = Passed, XSS = Failed, Injection = Failed
AWS Cloud Audit	Cloud Audit	To Be Executed	Bob Williams	2025-09-05 → 2025-09-18	—	Planned
Internal Network Scan	Vulnerability Scan	Completed	Charlie Davis	2025-07-10 → 2025-07-11	—	Finished

You can also manually add data following the anotation below. ⬇️

{
  "name": "create a new project",
  "data": {
    "name": "string (name of the project)",
    "owner_id": "string (UUID of the project owner)",
    "execution_start": "string (start date in YYYY-MM-DD format)",
    "execution_end": "string (end date in YYYY-MM-DD format)",
    "status": "string ('to_be_executed', 'in_progress', 'completed', 'on_hold', 'closed')",
    "type": "string (type of the project, e.g., 'Vulnerability Scan', 'Penetration Test')",
    "description": "string (optional description)",
    "executive": "string (optional executive summary)",
    "scope": "string (optional scope of the project)",
    "conclusion": "string (optional conclusion of the project)",
    "infrastructure": "string (optional infrastructure where the security assessment is carried out)"
  }
}

---

Vulnerabilities (Example Inc.)

The vulnerability section gives an overview of discovered weaknesses, detailing their impact, status, and remediation to help teams prioritize and fix them faster.

The information below is completely random.

CVE ID	Impact	Status	Source	CVSS Score	Vector	Description	Remediation	Asset	Project
CVE-2023-45678	High	Open	Penetration Test	8.5	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	SQL Injection in login form	Sanitize inputs; use prepared statements	web-prod-01	Q3 2025 Web App Pentest
CVE-2022-12345	Medium	Remediated	Qualys	6.2	AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L	Outdated OpenSSL version	Update OpenSSL	api-gateway-03	—
CVE-2024-98765	Critical	Open	Vulnerability Scan	9.1	AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	Unauthenticated RCE in Jenkins instance	Update Jenkins, restrict access	jenkins-ci	Internal Network Scan

You can also manually add data following the anotation below. ⬇️

{
  "name": "create a new project vulnerability",
  "data": {
    "project": "string (UUID of the project to which the vulnerability belongs)",
    "asset_id": "string (UUID of the asset where the vulnerability exists)",
    "name": "string (name of the vulnerability)",
    "impact": "string ('none', 'low', 'medium', 'high', or 'critical')",
    "risk_owner_id": "string (UUID of the risk owner)",
    "status": "string ('open', 'in_progress', 'deleted', 'remediated', or 'closed')",
    "cve": "string (optional CVE identifier, e.g., CVE-2021-44228)",
    "cvss_score": "float (optional CVSS score, 0.0-10.0)",
    "cvss_vector": "string (optional CVSS vector string)",
    "description": "string (optional detailed description of the vulnerability)",
    "poc": "string (optional proof-of-concept demonstrating the vulnerability)",
    "port": "integer (optional port number of the affected service)",
    "protocol": "string (optional protocol of the affected service, e.g., TCP, UDP)",
    "remediation": "string (optional steps required to remediate the vulnerability)",
    "request": "string (optional HTTP request that triggered the vulnerability, Base64 encoded)",
    "response": "string (optional HTTP response that confirmed the vulnerability, Base64 encoded)",
    "source": "string (optional source of the vulnerability, e.g., 'Penetration Test', 'Qualys')",
    "temporal_score": "float (optional CVSS temporal score, 0.0-10.0)",
    "time_to_resolve": "string (optional target date for resolution, YYYY-MM-DD)",
    "uri": "string (optional URI path of the vulnerability)",
    "url": "string (optional URL where the vulnerability was found)"
  }
}

---

Attack Surface Management (ASM, Example Inc.)

Continuously discovering, analyzing, and prioritizing an organization's digital assets and vulnerabilities to help with the proactive remediation of weaknesses and misconfigurations.

The information below is completely random.

Domain	Subdomains	Associated IPs	SSL Expiration	Monitored IP	Services/Ports	Detected Vulnerabilities
exampleinc.com	app.exampleinc.com, blog, dev	198.51.100.10, .11	2025-09-15	198.51.100.20	80 (HTTP), 443 (HTTPS), 22 (SSH)	OpenSSH RCE (CVE-2023-12345)

You can also manually import ASM domain data, but it's typically publicly available and unnecessary. You will need to initiate a scan to populate the rest of the fields via the integrated ASM module.

{
  "name": "add monitored assets",
  "data": {
    "assets": [
      {
        "hostname": "string (hostname of the asset, e.g., example.com)",
        "ip": "string (IP address of the asset, e.g., 192.0.2.1)",
        "id": "string (unique identifier, e.g., example.com-192.0.2.1-1)"
      }
      // You can add more asset objects here if importing multiple domains
    ]
  }
}

By using the dummy data provided you can create the necessary infrastructure to test some of the features of the agent. To get the full picture you can test the live vulnerable websites ->Testing Data [Vulnerable Website].