• Stars
    star
    4,784
  • Rank 8,807 (Top 0.2 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created about 11 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Open Source Vulnerability Management Platform

logo

Open Source Vulnerability Manager

Security has two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve remediation efforts. With Faraday, you may focus on discovering vulnerabilities while we help you with the rest. Just use it in your terminal and get your work organized on the run. Faraday was made to let you take advantage of the available tools in the community in a truly multiuser way.

Faraday aggregates and normalizes the data you load, allowing exploring it into different visualizations that are useful to managers and analysts alike.

manage dashboard

To read about the latest features check out the release notes!

Install


Docker-compose

The easiest way to get faraday up and running is using our docker-compose

$ wget https://raw.githubusercontent.com/infobyte/faraday/master/docker-compose.yaml
$ docker-compose up

If you want to customize, you can find an example config over here Link

Docker

You need to have a Postgres running first.

 $ docker run \
     -v $HOME/.faraday:/home/faraday/.faraday \
     -p 5985:5985 \
     -e PGSQL_USER='postgres_user' \
     -e PGSQL_HOST='postgres_ip' \
     -e PGSQL_PASSWD='postgres_password' \
     -e PGSQL_DBNAME='postgres_db_name' \
     faradaysec/faraday:latest

PyPi

$ pip3 install faradaysec
$ faraday-manage initdb
$ faraday-server

Binary Packages (Debian/RPM)

You can find the installers on our releases page

$ sudo apt install faraday-server_amd64.deb
# Add your user to the faraday group
$ faraday-manage initdb
$ sudo systemctl start faraday-server

Add your user to the faraday group and then run

Source

If you want to run directly from this repo, this is the recommended way:

$ pip3 install virtualenv
$ virtualenv faraday_venv
$ source faraday_venv/bin/activate
$ git clone [email protected]:infobyte/faraday.git
$ pip3 install .
$ faraday-manage initdb
$ faraday-server

Check out our documentation for detailed information on how to install Faraday in all of our supported platforms

For more information about the installation, check out our Installation Wiki.

In your browser now you can go to http://localhost:5985 and login with "faraday" as username, and the password given by the installation process

Getting Started


Learn about Faraday holistic approach and rethink vulnerability management.

Integrating faraday in your CI/CD

Setup Bandit and OWASP ZAP in your pipeline

Setup Bandit, OWASP ZAP and SonarQube in your pipeline

Faraday Cli


Faraday-cli is our command line client, providing easy access to the console tools, work in faraday directly from the terminal!

This is a great way to automate scans, integrate it to CI/CD pipeline or just get metrics from a workspace

$ pip3 install faraday-cli

Check our faraday-cli repo

Check out the documentation here.

Example

Faraday Agents


Faraday Agents Dispatcher is a tool that gives Faraday the ability to run scanners or tools remotely from the platform and get the results.

Plugins


Connect you favorite tools through our plugins. Right now there are more than 80+ supported tools, among which you will find:

Missing your favorite one? Create a Pull Request!

There are two Plugin types:

Console plugins which interpret the output of the tools you execute.

$ faraday-cli tool run \"nmap www.exampledomain.com\"
💻 Processing Nmap command
Starting Nmap 7.80 ( https://nmap.org ) at 2021-02-22 14:13 -03
Nmap scan report for www.exampledomain.com (10.196.205.130)
Host is up (0.17s latency).
rDNS record for 10.196.205.130: 10.196.205.130.bc.example.com
Not shown: 996 filtered ports
PORT     STATE  SERVICE
80/tcp   open   http
443/tcp  open   https
2222/tcp open   EtherNetIP-1
3306/tcp closed mysql
Nmap done: 1 IP address (1 host up) scanned in 11.12 seconds
⬆ Sending data to workspace: test
✔ Done

Report plugins which allows you to import previously generated artifacts like XMLs, JSONs.

faraday-cli tool report burp.xml

Creating custom plugins is super easy, Read more about Plugins.

API


You can access directly to our API, check out the documentation here.

Links

More Repositories

1

evilgrade

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
Perl
1,282
star
2

spoilerwall

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!
Python
760
star
3

emploleaks

An OSINT tool that helps detect members of a company with leaked credentials
Python
520
star
4

cve-2022-27255

Python
271
star
5

CVE-2023-21036

Detection and sanitization for Acropalypse Now - CVE-2023-21036
Python
77
star
6

faraday_plugins

Security tools report parsers for Faradaysec.com
Python
48
star
7

faraday-cli

Faraday's Command Line Interface
Python
41
star
8

faraday_agent_dispatcher

Faraday Agent Dispatcher launches any security tools and send results to Faradaysec Platform.
Python
39
star
9

cscan

Faraday Continuous Scanning
Python
33
star
10

distro_checker

Cross Distribution Exploit Testing
Shell
27
star
11

draytek-arsenal

Reverse Engineering and Observability toolkit for Draytek firewalls
Python
27
star
12

CVE-2016-2776

CVE-2016-2776
Ruby
27
star
13

Exploit-CVE-2021-21086

Python
26
star
14

faraday_bugbounty

Faraday Workspaces for Bug Bounties
20
star
15

isr-sqlget

ISR-sqlget It's a blind SQL injection tool developed in Perl.
Perl
14
star
16

wardriving

Wardriving ekoparty
Python
13
star
17

ezviz_lan_rce

C
10
star
18

faraday_angular_frontend

Faraday's frontend angular code, you need a Faraday server to serve the API
JavaScript
10
star
19

faraday_burp

Burp Extension for collaboration in Faraday
Java
9
star
20

code

Lab tools
Perl
8
star
21

gorrabot

Gorrabot is a bot made to automate checks and processes in the development process.
Python
8
star
22

faraday-client

GTK client of FaradaySEC
Python
6
star
23

alexafaraday

Alexa skill example for Faraday API
Python
5
star
24

faraday_templates

5
star
25

faraday_addon

A browser extension for faradaysec platform https://faradaysec.com
JavaScript
4
star
26

nec_aterm_tools

C
3
star
27

presentations

Talks & Workshops & Meetups slides
JavaScript
3
star
28

gha-faraday-report-uploader

Shell
2
star
29

Labs

Faraday Labs (security research)
2
star
30

faraday_agent_parameters_types

The faraday agents run code remotely from the faraday server. The server sets the parameters of the code, and this repository sets the models to by used by both sides.
Python
2
star
31

pictureme

Java
2
star
32

eko2020-challenge

JavaScript
1
star
33

faraday_zap

Zap Extension for collaboration in Faraday
Java
1
star
34

docker-faraday-report-uploader

Shell
1
star
35

faraday-vmpipelines

HTML
1
star
36

SymaX5SW-Rx-Tx

Syma X5SW Telemetry and Transmissor
Python
1
star