Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 40 million developers.Sign up
- Add agents feature for distributed plugin execution
- Add an API endpoint to to perform a bulk create of many objects (hosts,
services, vulns, commands and credentials). This is used to avoid doing a lot
of API requests to upload data. Now one request should be enough
- Major style and color changes to the Web UI
- Add API token authentication method
- Use server side stored sessions to properly invalidate cookies of logged out users
- Add "New" button to create credentials without host or service assigned yet
- Allow filtering hosts by its service's ports in the Web UI
- Performance improvements in vulnerabilities and vulnerability templates API (they
were doing a lot of SQL queries because of a programming bug)
- Require being in the faraday-manage group when running faraday from a .deb or .rpm package
- Change the first page shown after the user logs in. Now it displays a workspace
- Add API endpoint to import Vuln Templates from a CSV file
- Create the exported CSV of the status report in the backend instead of in the
problem, which was much slower
- Add API endpoint to import hosts from a CSV file
faraday-manage rename-usercommand to change a user's username
- Allow resizing columns in Vulnerability Templates view
- Avoid copying technical details when a vuln template is generated from the status report
- Use exact matches when searching vulns by target
- Add API endpoint to get which tools impacted in a host
- Add pagination to activity feed
- Add ordering for date and creator to vuln templates view
- Modify tabs in vuln template, add Details tab
- Add copy IP to clipboard button in hosts view
- Add creator and create date columns to vuln template view
- When a plugin creates a host with its IP set to a domain name,
resolve the IP address of that domain
- Add support for logging in RFC5254 format
- Add active filter in workspaces view. Only show active workspaces
in other parts of the Web UI
- Enforce end date to be greater than start date in workspaces API
- Fix bug in
faraday-manage create-tablesthat incorrectly marked schema
migrations as applied
- Fix bug in many plugins that loaded hostnames incorrectly (one hostname per chararcter)
- Improve references parsing in OpenVAS plugin
- Fix a bug in Nessus plugin when parsing reports without host_start
- Fix bug hostname search is now working in status-report
- Fix showing of services with large names in the Web UI
- Fix broken select all hosts checkbox
- Fix bug viewing an attachment/evidence when its filename contained whitespaces
- Fix "Are you sure you want to quit Faraday?" dialog showing twice in GTK
- Refactor the project to use absolute imports to make the installation easier
(with a setup.py file). This also was a first step to make our codebase
compatible with python 3.
- Change the commands used to run faraday.
bin/fluginare replaced for
- Changed suggested installation method. Now we provide binary executables with all python dependencies
embedded into them
- Add admin panel to the Web UI to manage custom fields
- Fix slow host list when creating vulns in a workspace with many hosts
- Usability improvements in status report: change the way vulns are selected and confirmed
- Improve workspace workspace creation from the Web UI
- Fix attachment api when file was not found in .faraday/storage
- Fix visualization of the fields Policy Violations and References.
- Add a setting in server.ini to display the Vulnerability Cost widget of the Dashboard
- Fix status report resize when the browser console closes.
- Fix severity dropdown when creating vulnerability templates
- Update OS icons in the Web UI.
- Fix bug when using custom fields, we must use the field_name instead of the display_name
- Prevent creation of custom fields with the same name
- Add custom fields to vuln templates.
- Fix user's menu visibily when vuln detail is open
- Remove "show all" option in the status report pagination
- The activity feed widget of the dashboard now displays the hostname of the
machine that runned each command
- Add loading spinner in hosts report.
- Fix "invalid dsn" bug in sql-shell
- Fix hostnames bug in Nikto and Core Impact plugins
- Change Openvas plugin: Low and Debug threats are not taken as vulnerabilities.
- Add fplugin command to close vulns created after a certain time
- Add list-plugins command to faraday-manage to see all available plugins
- Fix a logging error in PluginBase class
- Fix an error when using NexposePlugin from command line.
- Add CSV parser to Dnsmap Plugin
- Fix bug when creating web vulnerabilities in dirb plugin
- Change Nexpose Severity Mappings.
- New feature vulnerability preview to view vulnerability data.
- Update Fierce Plugin. Import can be done from GTK console.
- Update Goohost plugin and now Faraday imports Goohost .txt report.
- Update plugin for support WPScan v-3.4.5
- Update Qualysguard plugin to its 184.108.40.206.2 version
- Update custom fields with Searcher
- Update Recon-ng Plugin so that it accepts XML reports
- Add postresql version to status-change command
- Couchdb configuration section will not be added anymore
- Add unit test for config/default.xml
3.6 [Feb 21th, 2019]:
- Fix CSRF (Cross-Site Request Forgery) vulnerability in vulnerability attachments API.
This allowed an attacker to upload evidence to vulns. He/she required to know the
desired workspace name and vulnerability id so it complicated the things a bit. We
classified this vuln as a low impact one.
- Readonly and disabled workspaces
- Add fields 'impact', 'easeofresolution' and 'policyviolations' to vulnerability_template
- Add pagination in 'Command history', 'Last Vulnerabilities', 'Activity logs' into dashboard
- Add status_code field to web vulnerability
- Preserve selection after bulk edition of vulnerabilities in the Web UI
- Faraday's database will be created using UTF-8 encoding
- Fix bug of "select a different workspace" from an empty list loop.
- Fix bug when creating duplicate custom fields
- Fix bug when loading in server.ini with extra configs
./manage.py command. It wasn't working since the last schema migration
./manage.py createsuperusercommand renamed to
- Fix bug when non-numeric vulnerability IDs were passed to the attachments API
- Fix logic in search exploits
- Add ability to 'Searcher' to execute rules in loop with dynamic variables
- Send searcher alert with custom mail
- Add gitlab-ci.yml file to execute test and pylint on gitlab runner
- Fix 500 error when updating services and vulns with specific read-only parameters set
- Fix SQLMap plugin to support newer versions of the tool
- Improve service's parser for Lynis plugin
- Fix bug when parsing URLs in Acunetix reports
- Fix and update NetSparker Plugin
- Fix bug in nessus plugin. It was trying to create a host without IP. Enabled logs on the server for plugin processing (use --debug)
- Fix bug when parsing hostnames in Nessus reports
- Fix SSLyze report automatic detection, so reports can be imported from the web ui
- Update Dnsmap Plugin
- Redesgin of new/edit vulnerability forms
- Add new custom fields feature to vulnerabilities
- Add ./manage.py migrate to perform alembic migrations
- Faraday will use webargs==4.4.1 because webargs==5.0.0 fails with Python2
- New system for online plugins using Threads, a few fixes for metasploit plugin online also.
- Fix Command "python manage.py process-reports" now stops once all reports have been processed
- Fix bug in query when it checks if a vulnerability or a workspace exists
- Fix Once a workspace is created through the web UI, a folder with its name is created inside ~/.faraday/report/
- The manage.py now has a new support funtionality that creates a .zip file with all the information faraday's support team will need to throubleshoot your issue
- Status-check checks PostgreSQL encoding
- Fix a bug when fail importation of reports, command duration say "In Progress" forever.
- Fix confirmed bug in vulns API
- Update websockets code to use latest lib version
- bootstrap updated to v3.4.0
- Manage.py support now throws a message once it finishes the process.
- Update Lynis to its version 2.7.1
- Updated arp-scan plugin, added support in the Host class for mac address which was deprecated before v3.0
- OpenVAS Plugin now supports OpenVAS v-9.0.3
- In GTK, check active_workspace its not null
- Add fbruteforce services fplugin
- Attachments can be added to a vulnerability through the API.
- Catch gaierror error on lynis plugin
- Add OR and NOT with parenthesis support on status report search
- Info API now is public
- Web UI now detects Appscan plugin
- Improve performance on the workspace using cusotm query
- Workspaces can be set as active/disable in welcome page.
- Change Nmap plugin, response field in VulnWeb now goes to Data field.
- Update code to support latest SQLAlchemy version
create_vulnfplugin bug that incorrectly reported duplicated vulns
- Add workspace disable feature
- Add mac vendor to host and services
- Fix typos and add sorting in workspace name (workspace list view)
- Improve warning when you try to select hosts instead of services as targets of a Vulnerability Web
- Deleted old Nexpose plugin. Now Faraday uses Nexpose-Full.
- Update sqlmap plugin
- Add updated zap plugin
- Add hostnames to nessus plugin
- Python interpreter in SSLCheck plugin is not hardcoded anymore.
- Fix importer key error when some data from couchdb didn't contain the "type" key
- Fix AttributeError when importing vulns without exploitation from CouchDB
- Fix KeyError in importer.py. This issue occurred during the import of Vulnerability Templates
- Fix error when file config.xml doesn't exist as the moment of executing initdb
- Improve invalid credentials warning by indicating the user to run Faraday GTK with --login option
- Fix typos in VulnDB and add two new vulnerabilities (Default Credentials, Privilege Escalation)
- Improved tests performance with new versions of the Faker library
abort()calls were checked and changed to
- Added logical operator AND to status report search
- Restkit dependency removed.
- Improvement on manage.py change-password
- Add feature to show only unconfirmed vulns.
- Add ssl information to manage.py status-check
- Update wpscan plugin to support latest version.
- Allow workspace names starting with numbers.
- Fix get exploits API
- New searcher feature
- Added host_os column to status report
- Fix and error while trying to execute server with --start
- Added option --choose-password to initdb
- Continous scan updated for Nessus 7
- Refactor on server.config to remove globals
- Added a directory for custom templates for executive reports (pro and corp)
- Activity feed shows more results and allows to filter empty results
- Allow ot create workspace that start with numbers
- Added more variables to executive reports (pro and corp)
- Fixed some value checking on tasks api (date field)
- OpenVas plugin updated
- Appscan plugin update
- Added no confirmed vulns to report api
- Fixed a bug on workspace API when the workspace already exists on database
- Fix owner filter on status report
- Fixes on import_csv fplugin when the api returned 409
- Fixes on status_check
- Fixed a bug on webui when workspace permission was changed (pro and corp)
- Update nexpose plugin
- Ugrid library updated to latest version
- Bug fix on plugin automatic detection
- Fixed a bug on executive reports when multiple reports were scheduled
- Avoid closing the executive report and new vuln modal when the form has data
- Status report open new tab for evidence
- Added change_password to manage.py
- Update wapiti plugin
- Fixed vuln count on executive report (pro and corp)
- Fixed css align in some tables
- Fixed No ports available error on the client