vFeed


Tools

Published on December 28th, 2015 | by MaxiSoler

0

Faraday v1.0.16 – Pen Test Environment (IPE)

Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit.

The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Design for simplicity, users should feel no difference between their own terminal application and the one included in Faraday. Developed with a specialized set of functionalities that help users improve their own work. Do you remember yourself programming without an IDE? Well, Faraday does the same an IDE does for you when programming, but from the perspective of a penetration test.

screenshot_faraday

Changelog v1.0.16

Changes

  • Added group vulnerabilities by any field in our Status Report
  • Added port to Service type target in new vuln modal
  • Filter false-positives in Dashboard, Status Report and Executive Report (Pro&Corp)
  • Added Wiki information about running Faraday without configuring CouchDB https://github.com/infobyte/faraday/wiki/APIs
  • Added parametrization for port configuration on APIs
  • Added scripts to:
    • get all IPs from targets that have no services (/bin/getAllIpsNotServices.py)
    • get all IP addresses that have defined open port (/bin/getAllbySrv.py) and get all IPs from targets without services (/bin/delAllVulnsWith.py)

It’s important to note that both these scripts hold a variable that you can modify to alter its behaviour. /bin/getAllbySrv.py has a port variable set to 8080 by default. /bin/delAllVulnsWith.py does the same with a RegExp

  • Added three Plugins:
    • Immunity Canvas
    • Dig
    • Traceroute
  • Refactor Plugin Base to update active WS name in var
  • Refactor Plugins to use current WS in temp filename under $HOME/.faraday/data. Affected Plugins:
    • amap
    • dnsmap
    • nmap
    • sslcheck
    • wcscan
    • webfuzzer
    • nikto

Bug fixes

  • When the last workspace was null Faraday wouldn’t start
  • CSV export/import in QT
  • Fixed bug that prevented the use of “reports” and “cwe” strings in Workspace names
  • Unicode support in Nexpose-full Plugin
  • Fixed bug get_installed_distributions from handler exceptions
  • Fixed bug in first run of Faraday with log path and API errors

More Information: here

Thanks to our friend Fran Amato, for sharing this tool with us.

Tags: , , , ,


About the Author

www.artssec.com @maxisoler



Back to Top ↑