Faraday v3.12 released: Collaborative Penetration Test & Vulnerability Management Platform
Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation, and analysis of the data generated during a security audit.
The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
Designed for simplicity, users should notice no difference between their own terminal application and the one included in Faraday. Developed with a specialized set of functionalities that help users improve their own work. Do you remember yourself programming without an IDE? Well, Faraday does the same as an IDE does for you when programming, but from the perspective of a penetration test.
- Now agents can upload data to multiples workspaces
- Add agent and executor data to Activity Feed
- Add session timeout configuration to server.ini configuration file
- Add hostnames to already existing hosts when importing a report
- Add new faraday background image
- Display an error when uploading an invalid report
- Use minimized JS libraries to improve page load time
- Fix aspect ratio distortion in evidence tab of vulnerability preview
- Fix broken Knowledge Base upload modal
- Fix closing of websocket connections when communicating with Agents
- Change Custom Fields names in exported CSV to make columns compatible with
- Fix import CSV for vuln template: some values were overwritten with default values.
- Catch errors in faraday-manage commands when the connection string is not
specified in the server.ini file
- Fix bug that generated a session when using Token authentication
- Fix bug that requested to the API when an invalid filter is used
- Cleanup old sessions when a user logs in
- Remove unmaintained Flask-Restless dependency
- Remove pbkdf2_sha1 and plain password schemes. We only support bcrypt
Don’t change the way you work today! Faraday plays well with others, right now it has more than 50 supported tools, among them you will find:
There is 3 kind of plugins:
- Plugins that intercept commands, fired directly when a command is detected in the console. These are transparent to you and no additional action on your part is needed.
- Plugins that import file reports. You have to copy the report to $HOME/.faraday/report/[workspacename] (replacing [workspacename] with the actual name of your Workspace) and Faraday will automatically detect, process and add it to the HostTree.
- Plugin connectors or online (BeEF, Metasploit, Burp), these connect to external APIs or databases or talk directly to Faraday’s RPC API.