Faraday : Collaborative Penetration Test & Vulnerability Management Platform

Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Made for true pentesters!

It was made to let you take advantage of the available tools in the community in a truly multiuser way.

It crunches the data you load into different visualizations that are useful to managers and pentesters alike.

Designed for simplicity, users should notice no difference between their own terminal application and the one included in Faraday. Developed with a specialized set of functionalities, users improve their own work. Do you remember the last time you programmed without an IDE? What IDEs are to programming, Faraday is to pentesting.

To read about the latest features check out the release notes!

Also Read – Kaiten : A Undetectable Payload Generation

Installation

Refer to the releases page for the latest pre-made installers for all supported operating systems.

Check out our documentation for detailed information on how to install Faraday in all of our supported platforms:

To begin the installation process, check out our Installation Wiki.

Development

You need Python 3.6+ and postgres to run the faraday server.

If you want to develop for Faraday, please follow our development setup for linux or development setup for OSX.

Quickstart

Once you installed faraday packages, you will need to initialize the faraday database:

sudo faraday-manage initdb

This will give you a randomly generated password to log into the web UI. Now you can start the server with:

systemctl start faraday-server

In your browser, now you can go to localhost:5985 and login with “faraday” as username, and the password generated in the initdb step.

New Features!

All of Faraday’s latest features and updates are always available on our blog. There are new entries every few weeks, don’t forget to check out our amazing new improvements on its latest entry!

API

This is a branch for a PoC of automatically generating the API documentation in the OpenAPI/swagger format. To generate the API docs, for example, to use with swagger UI, run:

faraday-manage openapi-yaml

Plugins List

You feed data to Faraday from your favorite tools through Plugins. Right now there are more than 70+ supported tools, among which you will find:

There are three Plugin types: console plugins which intercept and interpret the output of the tools you execute, report plugins which allows you to import previously generated XMLs, and online plugins which access Faraday’s API or allow Faraday to connect to external APIs and databases.

Read more about Plugins.

Faraday plugins code can be found in faraday-plugin repository

Features

  • Workspaces

Information is organized into various Workspaces. Each Workspace contains a pentest team’s assignments and all the intel that is discovered.

  • Agents

Faraday Agents Dispatcher helps user develop integrations with Faraday written in any language. Agents collects information from different network location using different tools. You can use FaradaySEC to orchestrate tool execution.

  • Conflicts

If two plugins produce clashing information for an individual element, a conflict that the user will have to resolve is generated. An example is if user1 incorporates host 127.0.0.1 OS:Linux and user2 incorporates 127.0.0.1 OS: Linux Ubuntu 13.10.

On our GTK interface there’s a button on the bottom right corner of the main window displaying the number of conflicts in the current workspace. To resolve them, just click on the button and a window will open where you can edit the conflicting objects and select which one to keep.

  • Faraday plugin

Using our plugin you can perform various actions using the command line, for example:

$ cd faraday-dev/bin/
$ ./fplugin create_host 192.154.33.222 Android
1a7b2981c7becbcb3d5318056eb29a58817f5e67
$ ./fplugin filter_services http ssh -p 21 -a
Filtering services for ports: 21, 22, 80, 443, 8080, 8443

192.168.20.1 ssh [22] tcp open None
192.168.20.1 http [443] tcp open None
192.168.20.7 ssh [22] tcp open Linux
192.168.20.7 http [443] tcp open Linux
192.168.20.11 ssh [22] tcp open Linux

Read more about the Faraday Plugin.

CSV Exporting

Faraday supports CSV Exporting from its WEB UI. More information

Links

Request a Custom Demo

R K

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago