faction: Pen Test Report Generation and Assessment Collaboration
FACTION Pen Test Report Generation and Collaboration Engine
FACTION is your entire assessment workflow in a box. With FACTION you can:
- Automate pen testing and security assessment Reports
- Peer review and track changes for reports
- Create customized DOCX templates for different assessment types and retests
- Real-time collaboration with assessors via the web app and Burp Suite Extensions
- Customizable vulnerability templates with over 75 prepopulated
- Easily manage assessment teams and track progress across your organization
- Track vulnerability remediation efforts with custom SLA warnings and alerts
- Full Rest API to integrate with other tools
Other Features:
- LDAP Integration
- OAUTH2.0 Integration
- SMTP integration
- Extendable with Custom Plugins similar to Burp Extender.
- Custom Report Variables
Quick Setup
Requirements
- Java JDK11
- Maven (for building the project)
Run the following commands to build the war file and deploy it to the docker container.
cd faction
mvn clean compile war:war
docker-compose up –build
Once the containers are up you can navigate to http://127.0.0.1:8080 to access your FACTION instance. On the first boot, it will ask you to create an admin account.
Import the Vulnerability Templates
- Navigate to Admin -> Default Vulnerabilities
- Click import VulnDB.
Customize reports
You can find out more information about creating your custom report templates here: Custom Security Report Templates – Faction Security
Burp Suite Extension
Burp Suite Extensions
Tutorial
Copyright (C) 2023 factionsecurity