- [MOD] Introduced an option to retrieve all completed scans from Tenable SC. #242
- [FIX] Fixed connection issues. #238
- [FIX] Added more options to the Cisco Cyber Vision executor. #243
- [MOD] Changed type of TARGETS and PORT_LIST to list in Nmap agent. #231
- [ADD] Added check after parsing report on Tenable IO. #226
- [FIX] Fixed git log. #9999
- [ADD] Added agent for Microsoft Defender for Endpoint. #218
- [FIX] Implemented scan filtering by 'completed' status in Tenable SC Agent to prevent parsing errors. #223
- [MOD] Plugins & Agent parameters types requirements updated. #220
- [ADD] Introducing the new Tenable SC agent, now available for integration. This initial version focuses on supporting scan imports. #216
- [ADD] Added new agent for Cisco Cyber Vision. Also added severity calc utility. #217
- [FIX] Fixed agent websocket token not changing on registration token update #200
- [FIX] Resolved the issue where users were unable to execute user-defined templates and pre-defined TenableIO templates. Additionally, fixed the functionality to retrieve completed scan results and relaunch previously created scans. #214
- [ADD] Added hotspots option to SonarQube. #197
- [ADD] New GitHub CodeQL agent. #208
- [ADD] Added new agent for GitHub Secrets Scanning. #209
- [MOD] Now Nessus executor tries to log in again after a 401 response from the Nessus's server. #203
- [MOD] Change Dependabot agent to work with the new manifest of parameter types. #210
- [FIX] We were not verifying the configuration value
at the moment ofsocketio
connection. #212
- [ADD] Added dependabot agent. #206
- [FIX] Fixed on_disconnect method and limit python-socketio to 5.8.0 #199
- [MOD] Now faraday-dispatcher works with socketio. #195
- [FIX] Check the code response for burp executor. #194
- [MOD] Now you can download a existing report in TenableIO. #192
- [FIX] Now nuclei executor use -j flag instead of -json. #187
- [ADD] Added HCL AppScan executor. #186
- [DEL] Now nuclei doesn't check if the target is an ip
- [MOD] Add a fixes for bandit vuln:
- Replace assert return code with an if
- Remove default x_token in nessus executor
- [ADD] Add new Sonar Qube executor
- [ADD] Add tenableio executor
- [FIX] Make gvm executor compatible with new version of python-gvm
- [FIX] Now if a venv is int or float it will convert to string
- Add Qualys executor
- [MOD] Change pgrep for psutil in zap executor
- Now InsighVM's executer will executa a scan if a site_id is provided
- Add tags for plugins
- Add installation in docker file for nmap script: vulners
- Now the api-key from zap is a enviroment variable
- Update docs
- Add timeout parameter to arachni's executor
- Add python2.7, w3af and its dependencies to docker image
- Add ignore_info and hostname_resolution options for most executors.
- Nessus now list in the logs the available templates and uses posixpath.join instead of concat strings. Nikto now uses only requieres TARGET_URL argument.
- Fix logs and change .format to fstrings
- Remove ws from dispatcher.yaml.
- Now faraday-dispatcher send the parameters of the executors when it connects to faraday server. Also it checks if there are new enviroment variables defined in the manifest file and warn the user.
- Add --api-token --random-user-agent to wpscan
- Move shodan executor to official and change logic to work with plugins
- ADD script to nmap logic
- ADD option via configuration YAML file to ignore ssl errors
- MOD Wizard connection ports defaults vary if SSL value has changed in the previous configuration
- Faraday versions: 3.16.0, 3.16.1, 3.16.2, 3.17.0, 3.17.1, 3.17.2
- ADD Reminder message to run --token command after wizard
to be sent as UTC - FIX Receiving API error when faraday license is expired
- ADD Executor for insightvm
- REMOVE Host and api from burp executor parameters
- Faraday versions: 3.16.0, 3.16.1, 3.16.2, 3.17.0, 3.17.1, 3.17.2
- ADD Executor parameter typing
- ADD versioning for manifests from typing package
- FIX typo in wizard
- Faraday versions: 3.16.0, 3.16.1, 3.16.2, 3.17.0, 3.17.1, 3.17.2
- FIX Burp executor parse the IP
- Faraday versions: 3.14.3, 3.15.0, 3.15.1
- ADD having at least a executor is mandatory, if not it will not save the configuration
- UPD executor pagination, now each executor have a "unique" id
- MOD Update all reference to faraday to API v3
- MOD Connectivity endpoint is now
- MOD Now registration token is needed within the run command. Only needed the first time
- MOD setting host in the wizard now accepts full urls, such as
- ADD new plugin to support newer OpenVas/gvm versions (gvm_openvas). The old openvas executor was renamed to "openvas_legacy"
- Faraday versions: 3.14.3, 3.15.0, 3.15.1
- MOD Update faraday-plugins version, improving nessus plugin process
- Faraday versions: 3.14.0, 3.14.1, 3.14.2
- MOD Various UX improves in wizard:
- ADD special character control in name executor
- ADD More verbose info
- It is possible to exit wizard if its misconfigurated (will not be saved)
- FIX Not choosing executor (Using Q) generates correct config file
- MOD max data sent to server option is a manual edit configuration
- MOD more extensive default list of official executors
- MOD change color for options "next page" "don't choose"
- ADD new WPScan executor that does not need docker anymore
- FIX in nuclei_exclude parameter for nuclei executor
- Faraday versions: 3.14.0, 3.14.1, 3.14.2
- A base_route can be added before the root of the server (e.g: https://my.company.com/faraday/ as / of faraday)
- Add duration to bulk_create to be set correctly
- The new official executors are:
- nuclei
- reports: local report consumed by faraday-plugins
- Add new flags for nmap executor:
- Fix bug nmap and nessus executors to execute with the dispatcher environment
- Fix nmap executor when http(s) scheme passed as target
- Faraday versions: 3.14.0, 3.14.1, 3.14.2
- Add proxy setup by HTTP_PROXY or HTTPS_PROXY environment variables
- Fix default report name with the nessus executor
- Faraday versions: 3.12.0
- An Agent can post data to multiples workspaces
- The
command tries to migrate the configuration to the latest version from others as theconfig-wizard
does - Improve agent signal management and server disconnection, affecting the exit code
- The wizard page size can be customized (See:
faraday-dispatcher config-wizard --help
) - The new official executors are:
- burp
- crackmapexec
- Arachni executor generates reports in /tmp now
- Nmap executor updates use of nmap plugin (byte-string to string response)
- Faraday versions: 3.12.0
- Now the dispatcher runs the check commands before running an executor
- Fix error when connects with faraday fails when trying to access with SSL to not SSL server
- Fix error when connects with faraday fails when server does not respond
- Fix error when connects with faraday fails when SSL verification fails
- Fix error attempting to create an executor with a comma in the name
- Now the wizard ask if you want use the default SSL behavior
- Started the process of documentation
- The new official executors are:
- arachni
- openvas
- zap
- Nmap executor now acepted multi target
- Fix W3af executor now uses python2
- Escape user-controlled executor parameters in order to prevent OS argument injection (not command injection)
- Faraday versions: 3.11, 3.11.1, 3.11.2
- Now we have official executors, packaged with the dispatcher
- Fix error when killed by signal
- Fix error when server close connection
- Fix error when ssl certificate does not exists
- Fix error when folder
does not exists, creating it - The new official executors are:
- nessus
- nikto
- nmap
- sublist3r
- wpscan
- w3af
- Faraday versions: 3.11, 3.11.1, 3.11.2
- The dispatcher now runs with a
faraday-dispatcher run
command faraday-dispatcher wizard
command added which generates configuration .ini file- Manage execution_id within WS and API communication
- The route of Faraday ws comunication change from / to /websockets
- Better error management, now shows error and exceptions depending on log levels
- Better management of invalid token errors
- Add ssl support
- Faraday versions: 3.11, 3.11.1, 3.11.2
- You can add fixed parameters than shouldn't came by the web (e.g. passwords) are set in the dispatcher.ini
- Now its possible to manage multiple executors within one agent
- Now is possible to receive params from the Faraday server
- Faraday versions: 3.10, 3.10.1, 3.10.2
- First beta version published
- Basic structure implemented, with executor with fixed values
- Faraday versions: 3.9.2, 3.9.3