Faraday 1.0.16 Is A Multiuser Penetration Test IDE
A new concept called IPE, or Integrated Penetration-Test Environment has been introduced by the Faraday 1.0.16. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit.
The main aim of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
The version comes up with a lot of changes in Web UI. It has the ability to group vulnerabilities by any field in our Status Report view. If you have a Pro or Corp license you can now create an Executive Report using only confirmed vulnerabilities, saving you, even more, time.
Changes Made In This New Version:
- In our Status Report, it has added group vulnerabilities.
- It also had added a port to Service type target.
- It able to filter false-positives in all these (Dashboard, Status Report, and Executive Report).
- Its design structure is simple.
- Its unable for users to notice any difference between their own terminal application and the one included in Faraday.
- It is developed with a specialized set of functionalities that help users improve their own work.
- Faraday is same as IDE does for you when programming but from the perspective of a penetration test.
There are 3 kinds of plugins:
- First plugins can intercept commands, fired directly when a command is detected in the console. These are transparent to you and no additional action on your part is needed.
- Second plugins can import file reports. You have to copy the report to $HOME/.faraday/report/[workspacename] (replacing [workspacename] with the actual name of your Workspace) and Faraday will automatically detect, process and add it to the HostTree.
- Third plugin connectors or online (BeEF, Metasploit, Burp), these connect to external APIs or databases or talk directly to Faraday's RPC API.
- Faraday wouldn't start when the last workspace was null.
- CSV export/import in QT.
- It can fix a bug that prevented the use of "reports" and "cwe" strings in Workspace names.
- Unicode supports in Nexpose-full Plugin.
- It also fixed bug get_installed_distributions from handler exceptions.
- It enables to a fixed bug in the first run of Faraday with log path and API errors.
This installation process applies only to Debian, Ubuntu, Kali and Backtrack OS.
Download the latest tarball or clone the Faraday Git Project:
$ git clone https://github.com/infobyte/faraday.git faraday-dev
$ cd faraday-dev