Easier integrations with Faraday Agents

Faraday Team
Jun 26 · 7 min read

Integrating systems is an elusive but mandatory job in any software product’s life. Developers have to deal with languages they don’t know, undocumented APIs or new paradigms. This leads to the fact that many product teams decide not to open the possibility to integrate to them.

In Faraday’s case, we are aware that integrations with other security tools are a critical part of our product. However, we’ve realized that our existing Plugin system wasn’t as easy as we expected to develop some integrations: it required some level of interactivity (either running a command from the console or importing a report), so it was hard to use on a periodic basis. It also forced integration developers to use our Python API, even when the tool to integrate with wasn’t programmed in Python, making it harder for the developer.

To solve this problem, we decided to implement the Agents feature in the already released Faraday v.3.9. Since we expect this to be a core feature of our product, it will be available both in the community and commercial versions!

Architecture

Image for post
Image for post

Overview of the Agents Feature

An Agent represents a process running continuously in a machine (not necessary the same running the Faraday Server). When a user decides to run an Agent (typically done through the Faraday Web UI), it will execute a code and send data back to a Workspace.

Image for post
Image for post

In the image above, you can see a Workspace with many custom Agents. They’re in charge of finding hosts in the network with nmap, finding subdomains with sublist3r, and provision data from our Heroku-hosted services.

In addition to running the Agents manually with their “Run” button, you can also schedule them to run periodically. This can be done from the Web UI if you have our Corporate versions:

Image for post
Image for post
Image for post
Image for post

or with simple cronjobs if you are using the Community version.

Agents’ technical details

To make integrations with Faraday as easy as possible, we developed a project we called Faraday Agent Dispatcher that is in charge of handling the communication between the Faraday Server and your own Agents.

The only thing you’ll need to build your own integrations is a script (we call it an Executor) that prints to standard output all the data you want to send to Faraday (hosts info, vulnerabilities, etc.) encoded in JSON. There is no need to use complex APIs or communication methods, as all of this is abstracted by the Dispatcher. You just need to print JSON to standard out, and the Dispatcher will handle the rest! If you want to know a little bit about the idea behind build this project, one of our developers explain a little about it

This also means that you could use virtually any programming language you want to build your integrations, as long as they support printing data to standard output. We’ve already made agents in Python, Bash, and even a Brainfuck one!

We have some official executors, which are ready to go with minimum configuration. If you want to develop and run your own executor, you can configure a custom one!

How to start using Agents

Lets try with an example with Nmap to check the Faraday Agents’ capabilities both as a custom executor, and run an official one.

First of all you have to get your Agent’s token. On your Web UI go to Settings — Agents or directly access https://faradayserver/#/admin/agents.

Image for post
Image for post
Your token is: ImalA8Cg1L6Z5Qbx2u9CFAsob

Now you must install the Faraday Dispatcher inside the server you want to run the Agent on. You can do so running one of the following commands:

$ git clone https://github.com/infobyte/faraday_agent_dispatcher

$ pip3 install faraday_agent_dispatcher

After this, you need to run the configuration wizard:

$ faraday-dispatcher config-wizard

All the information you added with the configuration wizard should appear on a new dispatcher.ini file at your /.faraday/config/ directory:

Now you have to run the dispatcher to register the Agent on your Faraday Server:

After this, you’ll see your new Agent on the Web UI:

Image for post
Image for post

The last step is that you just run the nmap Agent:

Image for post
Image for post

And the Dispatcher log will give you details about this action:

Right after the Agent executes these actions, return to your Workspace and you can review all the information that was found.

Now you are ready to deploy your own Faraday Agents through your network!

The Dispatcher README file has more detailed documentation to run and build your Agents. Also, we recommend you check our example and official executors to get an idea of what a custom integration looks like.

What’s next

We will continue to improve Agents’ features, usability, and adding new executors into the Dispatcher repository.

In the next few releases we would also like to give some Agents read access to their Workspace, so they can benefit from the existing data in order to find more valuable information.

We hope you enjoy this feature and find it useful!

If you have any requests or questions, feel free to open an issue in the Dispatcher repo, or contact us at sales@faradaysec.com and we’ll be happy to assist you on what you need.

Faraday

Faraday Platform helps you perform security engineering by…

Faraday Team

Written by

Faraday

Faraday

Faraday Platform helps you perform security engineering by maximizing your team’s resources, increasing risk visibility by converting all your data into valuable information https://www.faradaysec.com/

Faraday Team

Written by

Faraday

Faraday

Faraday Platform helps you perform security engineering by maximizing your team’s resources, increasing risk visibility by converting all your data into valuable information https://www.faradaysec.com/

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store