-
Notifications
You must be signed in to change notification settings - Fork 922
Home
The following platforms are supported
Download the latest tarball or clone the Faraday Git Project:
$ git clone https://github.com/infobyte/faraday.git faraday-dev
$ cd faraday-dev
$ pip2 install -r requirements_server.txt
$ ./faraday-server.py
$ pip2 install -r requirements.txt
$ ./faraday.py
Read more about the installation process.
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the data generated during a security audit.
Made for true pentesters!
The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
Designed for simplicity, users should notice no difference between their own terminal application and the one included in Faraday. Developed with a specialized set of functionalities that help users improve their own work. Do you remember yourself programming without an IDE? Well, Faraday does the same as an IDE does for you when programming, but from the perspective of a penetration test.
Once the data is loaded Faraday crunches it into different visualizations useful not only for managers, but also for pentesters.
To read about the latest features check out the release notes!
Plugins are the way to feed Faraday data from your favorite tools. Right now there are more than 60+ supported tools, among them you will find:
There are three Plugin types: console which intercept the tools you execute to import their output, report which allow you to import previously generated XMLs and online which are either external tools accessing Faraday's API or Faraday connecting to external APIs or databases.
Information is classified in Workspace units. Each Workspace maps into a pentest team's assignments containing all the intel discovered by that team.
If two plugins have different information for the same element it will generate a conflict that the user will have to resolve. For example, user1 incorporates host 127.0.0.1 OS:Linux and user2 incorporates 127.0.0.1 OS: Linux Ubuntu 13.10.
On our GTK interface there's a button on the bottom right corner of the main window with the number of conflicts in the current workspace. To solve them, just click that button and a window will open where you can edit the conflicting objects and select which one to keep.
Using our plugin you can do different actions using the command line, for example:
$ cd faraday-dev/bin/
$ ./fplugin create_host 192.154.33.222 Android
1a7b2981c7becbcb3d5318056eb29a58817f5e67
$ ./fplugin filter_services http ssh -p 21 -a
Filtering services for ports: 21, 22, 80, 443, 8080, 8443
192.168.20.1 ssh [22] tcp open None
192.168.20.1 http [443] tcp open None
192.168.20.7 ssh [22] tcp open Linux
192.168.20.7 http [443] tcp open Linux
192.168.20.11 ssh [22] tcp open Linux
Read more about the Faraday Plugin.
Updating objects on other Faraday instances result in notifications on your Faraday GTK Client.
- Homepage: https://www.faradaysec.com
- User forum: https://forum.faradaysec.com
- User's manual: https://github.com/infobyte/faraday/wiki
- Download: .tar.gz
- Commits RSS feed: https://github.com/infobyte/faraday/commits/master.atom
- Issue tracker: https://github.com/infobyte/faraday/issues
- Frequently Asked Questions (FAQ): https://github.com/infobyte/faraday/wiki/FAQ
- Mailing list subscription: https://groups.google.com/forum/#!forum/faradaysec
- Twitter: @faradaysec
- Demos
- IRC: ircs://irc.freenode.net/faraday-dev WebClient
- Screenshots: https://github.com/infobyte/faraday/wiki/Screenshots
- Send your ideas and suggestions here: https://www.faradaysec.com/ideas
-
Ekoparty Security Conference - 2017: *http://blog.infobytesec.com/2017/10/ekoparty-2017-review_23.html
-
Black Hat Arsenal Asia - 2017:
*Zero Nights - 2016 *https://www.slideshare.net/AlexanderLeonov2/enterprise-vulnerability-management-zeronights16
-
AV Tokio - 2016:
-
Black Hat Arsenal USA - 2016:
-
Black Hat Arsenal Europe - 2016
-
SecurityWeekly - 2016:
-
Bsides Latam - 2016:
-
Black Hat Arsenal Asia - 2016:
-
Black Hat Arsenal Europe - 2015:
-
Black Hat Arsenal USA - 2015:
-
RSA - 2015:
-
Ekoparty Security Conference - 2014:
-
Black Hat Arsenal - 2011
-
Ekoparty Security Conference - 2010: