Exploitation Tools

Faraday v3.11 – Collaborative Penetration Test and Vulnerability Management Platform

Faraday v3.11 - Collaborative Penetration Test and Vulnerability Management Platform

[sc name=”ad_1″]

This new release brings strong improvements to your security team’s daily performance, allowing them to operate quicker and smarter by increasing accessibility and stabilizing usual functionality.
Major enhancements are focused on providing global visualization of findings, improvements on our API allowing better 3rd party integrations, and outstanding tailoring of the results with our new methods for customizing executive reports, among others, but let’s go more in-depth!
[youtube https://www.youtube.com/watch?v=aTHO6ic7mjE]

Start integrating everything

As you may know Faraday allows you to unify all your vulnerability ecosystem, integrating results from tools. We’ve added new plugins to get more information into your instance: Qualys Web App, WPScan (in JSON format), Checkmarx, and WhiteSource.
We’ve also enhanced and updated some of our existing plugins: Netsparker, w3af, and Nessus (which now adds scan date from your report to Faraday instead of the upload date, and now has support for CISBenchmark).

 

Make more out of our API

We now support openAPI documentation for our API, which will allow for an automated and much more detailed knowledge base on how to use it.
We’ve also added the possibility of bulk deleting Hosts from the API, and the issuetracker_json field which, if you’re using our JIRA or Servicenow integration available for Corporate users, will give you details about the issue you created from Faraday to your ticketing instance. You can also use this field on your Executive Reports, and can render either the URL of your issue or just the ID for it.
{“jira”: 
{“key”: “YCN-51630”,
 “self”: “https://jira.yourcompany.com/browse/YCN-51630",
 “url”: “https://jira.yourcompany.com"}
}

Executive Reports

Showing the results correctly is an important step in the vuln management and there’s also a much asked for enhancement for Executive Reports: Markdown custom field, so you can format information directly on your Faraday instance and it will be rendered as such on your report.

Export/Import information seamlessly

Sharing information between Workspaces is now extremely easy. Simply download a CSV file with all your Vulns and directly upload it to a different space.

This will allow you to easily backup or import/export your Vuln information between Workspaces, or even unify WS into one, and create a general Dashboard, data analysis, and report that will show unified information between different projects!

For example, you have three WS with findings/mitigations from different countries and you want to get a regional visualization or global data analysis of them.

Enhancements to agent scheduling, encryption, workflows, dashboard, command-history, faraday-client were also done to increase reliability.

This is Faraday’s latest version and it is ready for you to update, but stay tuned, because our team is working to make a big leap in the coming months:

Faraday Cloud customers are already experiencing the mentioned improvements and also several upgrades within the backend to obtain the highest possible performance. Haven’t you tried our Cloud version yet? Tell us!

For any requests/questions, please contact us at [email protected] and we’ll be happy to assist you with what you need.

Faraday Crew
https://www.faradaysec.com
https://github.com/infobyte/faraday
https://twitter.com/faradaysec
https://www.instagram.com/faradaysec/
https://www.linkedin.com/company/faradaysec

[sc name=”ad-in-article”]