Faraday v3.14 released: Collaborative Penetration Test & Vulnerability Management Platform
Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation, and analysis of the data generated during a security audit.
The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
Designed for simplicity, users should notice no difference between their own terminal application and the one included in Faraday. Developed with a specialized set of functionalities that help users improve their own work. Do you remember yourself programming without an IDE? Well, Faraday does the same as an IDE does for you when programming, but from the perspective of a penetration test.
- ADD RESTless filter to multiples views, improving the searchs
- ADD “extras” modal in options menu, linking to other Faraday resources
import vulnerability templatescommand to faraday-manage
generate nginx configcommand to faraday-manage
- ADD vulnerabilities severities count to host
- ADD Active Agent columns to workspace
- ADD critical vulns count to workspace
Remember melogin option
- ADD distinguish host flag
- ADD a create_date field to comments
- FIX to use new webargs version
- FIX Custom Fields view in KB (Vulnerability Templates)
- FIX bug on filter endpoint for vulnerabilities with offset and limit parameters
- FIX bug raising
403 ForbiddenHTTP error when the first workspace was not active
- FIX bug when changing the token expiration change
- FIX bug in Custom Fields type Choice when choice name is too long.
- FIX Vulnerability Filter endpoint Performance improvement using joinedload. Removed several nplusone uses
- MOD Updating the template.ini for new installations
- MOD Improve SMTP configuration
- MOD The agent now indicates how much time it had run (faraday-agent-dispatcher v1.4.0)
- MOD Type “Vulnerability Web” cannot have “Host” type as a parent when creating data in bulk
- MOD Expiration default time from 1 month to 12 hour
- MOD Improve data reference when uploading a new report
- MOD Refactor Knowledge Base’s bulk create to take to take also multiple creation from vulns in status report.
- MOD All HTTP OPTIONS endpoints are now public
- MOD Change documentation and what’s new links in about
- REMOVE Flask static endpoint
- REMOVE of our custom logger
Don’t change the way you work today! Faraday plays well with others, right now it has more than 50 supported tools, among them you will find:
There is 3 kind of plugins:
- Plugins that intercept commands, fired directly when a command is detected in the console. These are transparent to you and no additional action on your part is needed.
- Plugins that import file reports. You have to copy the report to $HOME/.faraday/report/[workspacename] (replacing [workspacename] with the actual name of your Workspace) and Faraday will automatically detect, process and add it to the HostTree.
- Plugin connectors or online (BeEF, Metasploit, Burp), these connect to external APIs or databases or talk directly to Faraday’s RPC API.