Vulnerability Analysis

Faraday – Collaborative Penetration Test and Vulnerability Management Platform

Faraday v3.12 - Collaborative Penetration Test and Vulnerability Management Platform

[sc name=”ad_1″]

There are better ways than managing vulnerabilities with spreadsheets, especially when you are working with several tools. We know it’s easy to lose trail of your efforts. In faraday you can keep track of your scanners and your team in one place,

This update is focused on improving your everyday tasks in managing information. The Jira and ServiceNow integrations now support custom templates, allowing the easy creation of issues in those platforms with only one click.

We keep adding features to our agents, allowing the reuse of them in multiple workspaces, so for example, you can share a scanner with multiple projects at the same time.

And last but not least, we are also releasing a brand new tool for managing data from Faraday in your terminal, faraday- cli.

Reuse your agents!

Ever since we launched Agents, Faraday has improved automatization with external tools. In order to continue improving this feature, we have added the possibility to run your agents in several workspaces at the same time, allowing you to get the most out of it.

Currently we support automation of 11 tools, including Arachni, Burp, Nessus, w3af so you can schedule your scans directly on faraday.

Customization on ticketing tools integration

One of the main goals of Faraday is to integrate the security operations to the rest of the company by integrating popular issue trackers such as Jiras and Service Now. You can now export vulnerability information directly to such ticketing tools.

With this new version, you can finally customize what information is sent to those platforms. Thanks to the new template feature you can send the required information with just one click.

New plugins, new inputs

On this release, we continue integrating your favorite tools, many of which can be used to build DevSecOp pipelines. Faraday currently has more than 70+ plugins and we are happy to add the following ones:

  •     RDP scan
  •     HCL APPScan
  •     SSL labs

Want to see more? Check out this repo: https://github.com/infobyte/faraday_plugins

Work directly from your terminal

We know that many of you are command line lovers, we are too! We wanted a better way of interacting with Faraday directly from our terminal. This new helper allows any Faraday user to:

  •     Manage workspaces
  •     Get information of hosts
  •     Create vulnerabilities directly from commands and reports
  •     Run your agents

Faraday-cli in action:

First you need to install faraday-cli, you can do that directly from pip:

pip3 install faraday-cli

The first step is to authenticate, if you don’t have a Faraday server you can try our demo instance: https://demo101.faradaysec.com (faraday/demo101)

faraday-cli auth

 

Now you only need to select an available workspace, remember if you are using demo101 that is a public server:

faraday-cli workspace -n demo_workspace -a select

 

Once you have configured faraday-cli you can use the rest of the features.
In this example we are going to use rdpscan (https://github.com/robertdavidgraham/rdpscan) and keep track of the results in Faraday:

faraday-cli command "./rdpscan 192.168.0.1–192.168.0.254"

 

If you want to see more examples head to our github repo: https://github.com/infobyte/faraday-cli

For any requests/questions, please contact us at [email protected] and we’ll be happy to assist you on what you need.

There is a better way to work and manage your vulnerabilities, start now : https://faradaysec.com/faraday-landing/

[sc name=”ad-in-article”]