Home

Installation

The following platforms are supported

Read more about this.

Quick install

Download the latest tarball or clone the Faraday Git Project:

$ git clone https://github.com/infobyte/faraday.git faraday-dev
$ cd faraday-dev

$ pip2 install -r requirements_server.txt
$ ./faraday-server.py

$ pip2 install -r requirements.txt
$ ./faraday.py

Read more about the installation process.

About

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the data generated during a security audit.

Made for true pentesters!

The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Designed for simplicity, users should notice no difference between their own terminal application and the one included in Faraday. Developed with a specialized set of functionalities that help users improve their own work. Do you remember yourself programming without an IDE? Well, Faraday does the same as an IDE does for you when programming, but from the perspective of a penetration test.

Once the data is loaded Faraday crunches it into different visualizations useful not only for managers, but also for pentesters.

To read about the latest features check out the release notes!

Plugins list

Plugins are the way to feed Faraday data from your favorite tools. Right now there are more than 60+ supported tools, among them you will find:

There are three Plugin types: console which intercept the tools you execute to import their output, report which allow you to import previously generated XMLs and online which are either external tools accessing Faraday's API or Faraday connecting to external APIs or databases.

Read more about Plugins.

Features

Workspaces

Information is classified in Workspace units. Each Workspace maps into a pentest team's assignments containing all the intel discovered by that team.

Conflicts

If two plugins have different information for the same element it will generate a conflict that the user will have to resolve. For example, user1 incorporates host 127.0.0.1 OS:Linux and user2 incorporates 127.0.0.1 OS: Linux Ubuntu 13.10.

On our GTK interface there's a button on the bottom right corner of the main window with the number of conflicts in the current workspace. To solve them, just click that button and a window will open where you can edit the conflicting objects and select which one to keep.

Faraday plugin

Using our plugin you can do different actions using the command line, for example:

$ cd faraday-dev/bin/
$ ./fplugin create_host 192.154.33.222 Android
1a7b2981c7becbcb3d5318056eb29a58817f5e67
$ ./fplugin filter_services http ssh -p 21 -a
Filtering services for ports: 21, 22, 80, 443, 8080, 8443

192.168.20.1    ssh [22]    tcp open    None
192.168.20.1    http    [443]   tcp open    None
192.168.20.7    ssh [22]    tcp open    Linux
192.168.20.7    http    [443]   tcp open    Linux
192.168.20.11   ssh [22]    tcp open    Linux

Read more about the Faraday Plugin.

Notifications

Updating objects on other Faraday instances result in notifications on your Faraday GTK Client.

ZSH UI no-gui notifications

CSV Exporting

More information

Links

• Homepage: https://www.faradaysec.com
• User forum: https://forum.faradaysec.com
• User's manual: https://github.com/infobyte/faraday/wiki
• Download: .tar.gz
• Commits RSS feed: https://github.com/infobyte/faraday/commits/master.atom
• Issue tracker: https://github.com/infobyte/faraday/issues
• Frequently Asked Questions (FAQ): https://github.com/infobyte/faraday/wiki/FAQ
• Mailing list subscription: https://groups.google.com/forum/#!forum/faradaysec
• Twitter: @faradaysec
• Demos
• IRC: ircs://irc.freenode.net/faraday-dev WebClient
• Screenshots: https://github.com/infobyte/faraday/wiki/Screenshots
• Send your ideas and suggestions here: https://www.faradaysec.com/ideas

Presentations

• Ekoparty Security Conference - 2017:

  • http://blog.infobytesec.com/2017/10/ekoparty-2017-review_23.html

• Black Hat Arsenal Asia - 2017:

  • https://www.blackhat.com/asia-17/arsenal.html#faraday

• Zero Nights - 2016

  • https://www.slideshare.net/AlexanderLeonov2/enterprise-vulnerability-management-zeronights16

• AV Tokio - 2016:

  • http://en.avtokyo.org/avtokyo2016/event

• Black Hat Arsenal USA - 2016:

  • https://www.blackhat.com/us-16/arsenal.html#faraday

• Black Hat Arsenal Europe - 2016

  • https://www.blackhat.com/eu-16/arsenal.html#faraday

• SecurityWeekly - 2016:

  • http://securityweekly.com/2016/08/02/security-weekly-475-federico-kirschbaum/

• Bsides Latam - 2016:

  • http://www.infobytesec.com/down/Faraday_BsideLatam_2016.pdf

• Black Hat Arsenal Asia - 2016:

  • https://www.blackhat.com/asia-16/arsenal.html#faraday

• Black Hat Arsenal Europe - 2015:

  • https://www.blackhat.com/eu-15/arsenal.html#faraday

• Black Hat Arsenal USA - 2015:

  • https://www.blackhat.com/us-15/arsenal.html#faraday
  • http://blog.infobytesec.com/2015/08/blackhat-2015_24.html

• RSA - 2015:

  • http://www.rsaconference.com/events/us15/expo-sponsors/exhibitor-list/1782/infobyte-llc
  • http://blog.infobytesec.com/2015/05/infobyte-en-la-rsa-2015.html

• Ekoparty Security Conference - 2014:

  • https://www.youtube.com/watch?v=_j0T2S6Ppfo

• Black Hat Arsenal - 2011

  • http://www.infobytesec.com/down/Faraday_BH2011_Arsenal.pdf

• Ekoparty Security Conference - 2010:

  • http://prezi.com/fw46zt6_zgi8/faraday/
  • http://vimeo.com/16516987