Faraday v3.12

Faraday Team
Sep 4, 2020 · 4 min read
Image for post
Image for post

There are better ways than managing vulnerabilities with spreadsheets, especially when you are working with several tools. We know it’s easy to lose trail of your efforts. In faraday you can keep track of your scanners and your team in one place,

This update is focused on improving your everyday tasks in managing information. The Jira and ServiceNow integrations now support custom templates, allowing the easy creation of issues in those platforms with only one click.

We keep adding features to our agents, allowing the reuse of them in multiple workspaces, so for example, you can share a scanner with multiple projects at the same time.

And last but not least, we are also releasing a brand new tool for managing data from Faraday in your terminal, faraday- cli.

Reuse your agents!

Ever since we launched Agents, Faraday has improved automatization with external tools. In order to continue improving this feature, we have added the possibility to run your agents in several workspaces at the same time, allowing you to get the most out of it.

Currently we support automation of 11 tools, including Arachni, Burp, Nessus, w3af so you can schedule your scans directly on faraday.

Image for post
Image for post

Customization on ticketing tools integration

One of the main goals of Faraday is to integrate the security operations to the rest of the company by integrating popular issue trackers such as Jira and Service Now. You can now export vulnerability information directly to such ticketing tools.

With this new version, you can finally customize what information is sent to those platforms. Thanks to the new template feature you can send the required information with just one click.

Image for post
Image for post
Image for post
Image for post

New plugins, new inputs

On this release, we continue integrating your favorite tools, many of which can be used to build DevSecOp pipelines. Faraday currently has more than 80+ plugins and we are happy to add the following ones:

  • RDP scan
  • HCL APPScan
  • SSL labs

Want to see more? Check out this repo: https://github.com/infobyte/faraday_plugins

Work directly from your terminal

We know that many of you are command line lovers, we are too! We wanted a better way of interacting with Faraday directly from your terminal. This new helper allows any Faraday user to:

  • Manage workspaces
  • Get information of hosts
  • Create vulnerabilities directly from commands and reports
  • Run your agents

Faraday-cli in action:

First you need to install faraday-cli, you can do that directly from pip:

> `pip3 install faraday-cli`

The first step is to authenticate, if you don’t have a Faraday server you can try our demo instance: https://demo101.faradaysec.com (faraday/demo101)

> `faraday-cli auth`
Image for post
Image for post

Now you only need to select an available workspace, remember if you are using demo101 that is a public server:

> `faraday-cli workspace -n demo_workspace -a select`
Image for post
Image for post

Once you have configured faraday-cli you can use the rest of the features.
In this example we are going to use rdpscan (https://github.com/robertdavidgraham/rdpscan) and keep track of the results in Faraday:

> `faraday-cli command “./rdpscan 192.168.0.1–192.168.0.254”`
Image for post
Image for post

If you want to see more examples head to our github repo: https://github.com/infobyte/faraday-cli

For any requests/questions, please contact us at sales@faradaysec.com and we’ll be happy to assist you on what you need.

There is a better way to work and manage your vulnerabilities, start now : https://faradaysec.com/faraday-landing/

Faraday Crew

https://www.faradaysec.com
https://github.com/infobyte/faraday
https://twitter.com/faradaysec
https://www.instagram.com/faradaysec/
https://www.linkedin.com/company/faradaysec

Faraday

Faraday Platform helps you perform security engineering by…

Faraday Team

Written by

Faraday

Faraday

Faraday Platform helps you perform security engineering by maximizing your team’s resources, increasing risk visibility by converting all your data into valuable information https://www.faradaysec.com/

Faraday Team

Written by

Faraday

Faraday

Faraday Platform helps you perform security engineering by maximizing your team’s resources, increasing risk visibility by converting all your data into valuable information https://www.faradaysec.com/

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store