Collaborative Penetration Test and Vulnerability Management Platform
Clone or download
Permalink
Failed to load latest commit information.
.github Merge branch 'white/migration' Jul 26, 2018
apis Bug Fix localhost, no ports available Sep 5, 2018
bin [ADD] Checks the non-web vuln to be added already exists Sep 11, 2018
config Add changes to hotfix version. Sep 20, 2018
data Delete bad file cwe_all.csv Jul 23, 2018
debian Updated dependencies Feb 10, 2017
doc Document workspaced mixins Aug 14, 2018
gui Fix bug #5157, bad response in server.py gtk Sep 7, 2018
helpers Fix path calculation on vulndbToCsv.py Jun 15, 2018
managers Fix bug with report reading in report manager Aug 29, 2018
migrations [ADD] .gitignore to migrations/versions/ to add folder in pulls Jun 11, 2018
model Bug Fix localhost, no ports available Sep 5, 2018
nix Add alembic to server dependencies Jun 8, 2018
persistence [FIX] Add various response codes expected in _unsafe_io_with_server, … Aug 6, 2018
plugins Merge remote-tracking branch 'origin/supp_white_4896_plugin_wapiti_up… Sep 6, 2018
scripts Merge remote-tracking branch 'origin/sup_white_5142_cscan_nessus_upda… Sep 12, 2018
server Merge branch 'tkt_white_5196_fix_initdb' into white/dev Sep 20, 2018
test_cases [ADD] Backend regex control and tests Sep 4, 2018
tests_web Remove deprecated fields sdate, fdate in Workspace Dec 4, 2017
utils Fix bug in the client exception handler Aug 7, 2018
zsh Create fplugin alias if running in nogui mode with no faraday path se… Feb 17, 2017
.gitattributes Add .gitattributes file Aug 9, 2017
.gitignore Merge branch 'white/migration' into mig_white_4364_document_api Jul 3, 2018
AUTHORS Add eric as main dev on AUTHORS Sep 14, 2018
Jenkinsfile Fix unclosed brace in Jenkinsfile Aug 16, 2018
README.md Update README.md with new screenshots Jul 23, 2018
RELEASE.md Add changes to hotfix version. Sep 20, 2018
VERSION Add changes to hotfix version. Sep 20, 2018
__init__.py Changing Faraday banner Feb 26, 2015
alembic.ini Add alembic migrations. InitDB updates alembic.ini sqlalchemy.url May 9, 2018
credentials.json Add credentials.json file Nov 27, 2017
default.nix Refactor nix files Apr 11, 2018
faraday-server.py [FIX] if missing --port sets 5895 as string Sep 3, 2018
faraday-terminal.zsh Fix zsh path in faraday-terminal.zsh Aug 7, 2018
faraday.py Fixed some typos from faraday-server.py and faraday.py Aug 9, 2018
install.sh add postgresql to install.sh Jul 20, 2018
manage.py Merge branch 'white/dev' of git.assembla.com:faraday into white/dev Sep 11, 2018
requirements.txt [MOD] Accepting Flask 1.0 in white Jul 30, 2018
requirements_dev.txt More changes to developer documentation Aug 13, 2018
requirements_extras.txt Remove duplicated item in requirements_extras Jun 29, 2018
requirements_server.txt Add click to dependencies Aug 21, 2018
shell.nix Fix GTK open report dialog in nix Aug 8, 2018

README.md

About

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Made for true pentesters!

Faraday was made to let you take advantage of the available tools in the community in a truly multiuser way.

Designed for simplicity, users should notice no difference between their own terminal application and the one included in Faraday. Developed with a specialized set of functionalities, users improve their own work. Do you remember the last time you programmed without an IDE? What IDEs are to programming, Faraday is to pentesting.

GUI - GTK

Faraday crunches the data you load into different visualizations that are useful to managers and pentesters alike.

GUI - Web

To read about the latest features check out the release notes!

Getting Started!

Check out our documentacion for datailed information on how to install Faraday in all of our supported platforms:

Supported Os

To begin the instalation process check our out First Step Wiki.

New Features!

All of Faraday's latest features and updates are always available on our blog. There are new entries every few weeks, don't forget to check out our amaizing new improvements on it's last entry!

Plugins list

You feed data to Faraday from your favorite tools through Plugins. Right now there are more than 60+ supported tools, among which you will find:

There are three Plugin types: console plugins which intercept and interpret the output of the tools you execute, report plugins which allows you to import previously generated XMLs, and online plugins which access Faraday's API or allow Faraday to connect to external APIs and databases.

Read more about Plugins.

Features

Workspaces

Information is organized into various Workspaces. Each Workspace contains a pentest team's assignments and all the intel that is discovered.

Conflicts

If two plugins produce clashing information for an individual element, a conflict that the user will have to resolve is generated. An example is if user1 incorporates host 127.0.0.1 OS:Linux and user2 incorporates 127.0.0.1 OS: Linux Ubuntu 13.10.

On our GTK interface there's a button on the bottom right corner of the main window displaying the number of conflicts in the current workspace. To resolve them, just click on the button and a window will open where you can edit the conflicting objects and select which one to keep.

Faraday plugin

Using our plugin you can perform various actions using the command line, for example:

$ cd faraday-dev/bin/
$ ./fplugin create_host 192.154.33.222 Android
1a7b2981c7becbcb3d5318056eb29a58817f5e67
$ ./fplugin filter_services http ssh -p 21 -a
Filtering services for ports: 21, 22, 80, 443, 8080, 8443

192.168.20.1    ssh     [22]    tcp open    None
192.168.20.1    http    [443]   tcp open    None
192.168.20.7    ssh     [22]    tcp open    Linux
192.168.20.7    http    [443]   tcp open    Linux
192.168.20.11   ssh     [22]    tcp open    Linux

Read more about the Faraday Plugin.

Notifications

Updating objects on other Faraday instances result in notifications on your Faraday GTK Client.

CSV Exporting

Faraday supports CSV Exporting from its WEB UI. More information

Links

Presentations