Collaborative Pentest & Vulnerability Management Platform – [Faraday]

Last Release: 04/04/2019     Last Commit: 04/03/2019

Collaborative Pentest & Vulnerability Management Platform – [Faraday]

Introduction

Faraday is a Collaborative Penetration Test & Vulnerability Management platform with a completely new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. This IDE platform is developed in Python by InfoByte.

Collaborative Penetration Test & Vulnerability Management Platform [Faraday]

Faraday is the Integrated Multiuser Risk Environment for distributing, indexing, and analyzing the data generated during a security audit (collaboration, penetration testing, security assessment, vulnerability scanning, etc.). Faraday platform provides different views such as management, executive summary, and also an overall issues list.

Vulnerability Management Platform Dash

 

The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way. Designed for simplicity, users should notice no difference between their own terminal application and the one included in Faraday. Developed with a specialized set of functionalities that help users improve their own.

Requirements

Server

Faraday Server is the interface between PostgreSQL, Faraday Client and WebUI. Full list of Python requirements can be fing in requirements_server.txt file:

Important: You should keep in mind that is recommended to install Faraday server on the same instance as PostgreSQL.

Client

Faraday Client works under any modern Linux distribution or Mac OS X. Requirements:

  • Python 2.6.x or 2.7.x
  • CouchDB >= 1.2.0
  • GTK+3, PyGobject >= 3.12.0, Vte (API >= 2.90)
  • Zsh
  • Curl

For Python requirements check requirements.txt file.

Supported Platforms:

  • ArchAssault, Archlinux, Debian, Kali, OSX, Ubuntu.

For more information and details on installation guide for each platform visit Faraday’s Wiki page.

Faraday Install

1 – Download

First of all, you need to download the latest tarball or clone the Faraday Git Project repository:

$ git clone https://github.com/infobyte/faraday.git faraday-dev
$ cd faraday-dev

2 – Install system dependencies

Debian-based platforms (Debian, Backtrack,Ubuntu, etc.):

$ sudo apt update
$ sudo apt install build-essential ipython python-setuptools \
                python-pip python-dev libssl-dev libffi-dev \
                pkg-config libssl-dev libffi-dev libxml2-dev \
                libxslt1-dev libfreetype6-dev libpng-dev postgresql

For different platforms check here.

In order to run the server, it is necessary to install Python modules using pip:

$ pip2 install -r requirements_server.txt -U

3 – Configure

To initialize Postgresql database, just run:

python manage.py initdb

By default, Faraday server will listen on port 5985. You can edit this on ~/.faraday/config/server.ini.

Note: If you are using Nginx and https, make sure you put this settings in yout nginx.conf file:

proxy_pass http://localhost:5985/;
proxy_redirect http:// $scheme://;

These are just the basic installation steps. For the complete documentation and installation guide, refer to the Faraday GitHub Project page.

Plugins

Available plugins for Faraday (Console, Report & API):

  • Acunetix, Arachni, Burp, Core Impact, Maltego, Metasploit, Nessus, Netsparker, Nexpose, NexposeFull, Nikto, Nmap, Openvas, Qualysguard, Retina, W3af, X1, Zap.

Faraday Plugins