Faraday v3.9.2 released: Collaborative Penetration Test & Vulnerability Management Platform

Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation, and analysis of the data generated during a security audit.

The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Designed for simplicity, users should notice no difference between their own terminal application and the one included in Faraday. Developed with a specialized set of functionalities that help users improve their own work. Do you remember yourself programming without an IDE? Well, Faraday does the same as an IDE does for you when programming, but from the perspective of a penetration test.

Changelog

v3.9.2

• Add agents feature for distributed plugin execution
• Add an API endpoint to to perform a bulk create of many objects (hosts,
  services, vulns, commands and credentials). This is used to avoid doing a lot
  of API requests to upload data. Now one request should be enough
• Major style and color changes to the Web UI
• Add API token authentication method
• Use server side stored sessions to properly invalidate cookies of logged out users
• Add “New” button to create credentials without host or service assigned yet
• Allow filtering hosts by its service’s ports in the Web UI
• Performance improvements in vulnerabilities and vulnerability templates API (they
  were doing a lot of SQL queries because of a programming bug)
• Require being in the faraday-manage group when running faraday from a .deb or .rpm package
• Change the first page shown after the user logs in. Now it displays a workspace
  selection dialog
• Add API endpoint to import Vuln Templates from a CSV file
• Create the exported CSV of the status report in the backend instead of in the
  problem, which was much slower
• Add API endpoint to import hosts from a CSV file
• Add faraday-manage rename-user command to change a user’s username
• Allow resizing columns in Vulnerability Templates view
• Avoid copying technical details when a vuln template is generated from the status report
• Use exact matches when searching vulns by target
• Add API endpoint to get which tools impacted in a host
• Add pagination to activity feed
• Add ordering for date and creator to vuln templates view
• Modify tabs in vuln template, add Details tab
• Add copy IP to clipboard button in hosts view
• Add creator and create date columns to vuln template view
• When a plugin creates a host with its IP set to a domain name,
  resolve the IP address of that domain
• Add support for logging in RFC5254 format
• Add active filter in workspaces view. Only show active workspaces
  in other parts of the Web UI
• Enforce end date to be greater than start date in workspaces API
• Fix bug in faraday-manage create-tables that incorrectly marked schema
  migrations as applied
• Fix bug in many plugins that loaded hostnames incorrectly (one hostname per chararcter)
• Improve references parsing in OpenVAS plugin
• Fix a bug in Nessus plugin when parsing reports without host_start
• Fix bug hostname search is now working in status-report
• Fix showing of services with large names in the Web UI
• Fix broken select all hosts checkbox
• Fix bug viewing an attachment/evidence when its filename contained whitespaces
• Fix “Are you sure you want to quit Faraday?” dialog showing twice in GTK

Plugins

Don’t change the way you work today! Faraday plays well with others, right now it has more than 50 supported tools, among them you will find:

There is 3 kind of plugins:

• Plugins that intercept commands, fired directly when a command is detected in the console. These are transparent to you and no additional action on your part is needed.
• Plugins that import file reports. You have to copy the report to $HOME/.faraday/report/[workspacename] (replacing [workspacename] with the actual name of your Workspace) and Faraday will automatically detect, process and add it to the HostTree.
• Plugin connectors or online (BeEF, Metasploit, Burp), these connect to external APIs or databases or talk directly to Faraday’s RPC API.

Installation & Tutorial

Source: https://github.com/infobyte/