Repository files navigation

Security has two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve remediation efforts. With Faraday, you may focus on discovering vulnerabilities while we help you with the rest. Just use it in your terminal and get your work organized on the run.Faraday was made to let you take advantage of the available tools in the community in a truly multiuser way.

Faraday aggregates and normalizes the data you load, allowing exploring it into different visualizations that are useful to managers and analysts alike.

To read about the latest features check out therelease notes!

The easiest way to get faraday up and running is using our docker-compose

$ wget https://raw.githubusercontent.com/infobyte/faraday/master/docker-compose.yaml$ docker-compose up

If you want to customize, you can find an example config over hereLink

You need to have aPostgres running first.

 $ docker run \     -v$HOME/.faraday:/home/faraday/.faraday \     -p 5985:5985 \     -e PGSQL_USER='postgres_user' \     -e PGSQL_HOST='postgres_ip' \     -e PGSQL_PASSWD='postgres_password' \     -e PGSQL_DBNAME='postgres_db_name' \     faradaysec/faraday:latest

$ pip3 install faradaysec$ faraday-manage initdb$ faraday-server

You can find the installers on ourreleases page

$ sudo apt install faraday-server_amd64.deb# Add your user to the faraday group$ faraday-manage initdb$ sudo systemctl start faraday-server

Add your user to thefaraday group and then run

If you want to run directly from this repo, this is the recommended way:

$ pip3 install virtualenv$ virtualenv faraday_venv$source faraday_venv/bin/activate$ git clone git@github.com:infobyte/faraday.git$ pip3 install.$ faraday-manage initdb$ faraday-server

Check out our documentation for detailed information on how to install Faraday in all of our supported platforms

For more information about the installation, check out ourInstallation Wiki.

In your browser now you can go tohttp://localhost:5985 and login with "faraday" as username, and the password given by the installation process

Learn about Faraday holistic approach and rethink vulnerability management.

• Centralize your vulnerability data
• Automate the scanners you need

Setup Bandit and OWASP ZAP in your pipeline

• GitHub [PDF]
• Jenkins [PDF]
• TravisCI [PDF]

Setup Bandit, OWASP ZAP and SonarQube in your pipeline

• Gitlab [PDF]

Faraday-cli is our command line client, providing easy access to the console tools, work in faraday directly from the terminal!

This is a great way toautomate scans, integrate it toCI/CD pipeline or just getmetrics from a workspace

$ pip3 install faraday-cli

Check ourfaraday-cli repo

Check out the documentationhere.

Faraday Agents Dispatcher is a tool that givesFaraday the ability to run scanners or tools remotely from the platform and get the results.

Connect you favorite tools through ourplugins. Right now there are more than80+ supported tools, among which you will find:

Missing your favorite one?Create a Pull Request!

There are two Plugin types:

Console plugins which interpret the output of the tools you execute.

$ faraday-cli tool run\"nmap www.exampledomain.com\"💻 Processing NmapcommandStarting Nmap 7.80 ( https://nmap.org ) at 2021-02-22 14:13 -03Nmap scan reportfor www.exampledomain.com (10.196.205.130)Host is up (0.17s latency).rDNS recordfor 10.196.205.130: 10.196.205.130.bc.example.comNot shown: 996 filtered portsPORT     STATE  SERVICE80/tcp   open   http443/tcp  open   https2222/tcp open   EtherNetIP-13306/tcp closed mysqlNmap done: 1 IP address (1 host up) scannedin 11.12 seconds⬆ Sending data to workspace:test✔ Done

Report plugins which allows you to import previously generated artifacts like XMLs, JSONs.

faraday-cli tool report burp.xml

Creating custom plugins is super easy,Read more about Plugins.

You can access directly to our API,check out the documentationhere.

• Homepage:faradaysec.com
• Documentation:Faraday Docs
• Download:Download .deb/.rpm from releases page
• Issue tracker and feedback:Github issue tracker
• Frequently Asked Questions:FaradaySEC FAQ
• Twitter:@faradaysec
• Try one of ourDemos