Faraday v1.0.16 – Pen Test Environment (IPE)

Faraday v1.0.16 – Pen Test Environment (IPE)

Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit.

The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Design for simplicity, users should feel no difference between their own terminal application and the one included in Faraday. Developed with a specialized set of functionalities that help users improve their own work. Do you remember yourself programming without an IDE? Well, Faraday does the same an IDE does for you when programming, but from the perspective of a penetration test.

screenshot_faraday

Changelog v1.0.16

Changes

  • Added group vulnerabilities by any field in our Status Report
  • Added port to Service type target in new vuln modal
  • Filter false-positives in Dashboard, Status Report and Executive Report (Pro&Corp)
  • Added Wiki information about running Faraday without configuring CouchDB https://github.com/infobyte/faraday/wiki/APIs
  • Added parametrization for port configuration on APIs
  • Added scripts to:
    • get all IPs from targets that have no services (/bin/getAllIpsNotServices.py)
    • get all IP addresses that have defined open port (/bin/getAllbySrv.py) and get all IPs from targets without services (/bin/delAllVulnsWith.py)

It’s important to note that both these scripts hold a variable that you can modify to alter its behaviour. /bin/getAllbySrv.py has a port variable set to 8080 by default. /bin/delAllVulnsWith.py does the same with a RegExp

  • Added three Plugins:
    • Immunity Canvas
    • Dig
    • Traceroute
  • Refactor Plugin Base to update active WS name in var
  • Refactor Plugins to use current WS in temp filename under $HOME/.faraday/data. Affected Plugins:
    • amap
    • dnsmap
    • nmap
    • sslcheck
    • wcscan
    • webfuzzer
    • nikto

Bug fixes

  • When the last workspace was null Faraday wouldn’t start
  • CSV export/import in QT
  • Fixed bug that prevented the use of “reports” and “cwe” strings in Workspace names
  • Unicode support in Nexpose-full Plugin
  • Fixed bug get_installed_distributions from handler exceptions
  • Fixed bug in first run of Faraday with log path and API errors

More Information: here

[button size=large style=round color=red align=none url=https://github.com/infobyte/faraday]Download Faraday v1.0.16[/button]

Thanks to our friend Fran Amato, for sharing this tool with us.

MaxiSoler

www.artssec.com @maxisoler
Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

Black Hat Arsenal 2024 Next Stop Singapore !

Black Hat Arsenal 2024 Next Stop Singapore !

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community