Collaborative Penetration Test and Vulnerability Management Platform - Faraday v2.4


Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time without the need for a single email. Developed with a specialized set of functionalities that helps users improve their own work, the main purpose is to re-use the available tools in the community taking advantage of them in a collaborative way!

LDAP support

Yes, Faraday’s bucket list is an item shorter as of this release! LDAP support has been on the horizon for quite some time now, but not anymore - this brand new version comes with LDAP support out of the box, no additional modules required, isn’t that neat?

Why LDAP? Well, because a great number of companies around the world use it to centralize their user account management. The protocol provides total control over the credentials in all the platforms, which comes in pretty handy when managing large volumes of data. In fact, LDAP is so popular that some companies have a policy to only use tools that support LDAP authentication.

By adding LDAP support to Faraday, we give our clients the possibility to manage larger teams, implement large-scale installations and maintain a granular and simple control over their user accounts.

In addition, using Faraday over LDAP provides better configuration than ever, allowing complex credential policies such as password expiration and quality standards, or credential lockout.

Faraday Plugin

There are some changes to the Faraday Plugin, improving its functionality by allowing users to run it through the GTK interface, performing actions in batch and filtering objects.

One of the best things about this new version of the Plugin is that you can now use it to script some of the most boring tasks needed in every assessment.

Example of task automation using Faraday Plugin - Running ping for every host that has a service on port 22

We also added a menu option to run directly from GTK!


New menu item in GTK allows users to run Fplugin without having to type anything!
Read more about FPlugin in our documentation

Details are everything

And that is what this release is all about. We believe that correcting very specific details and introducing small improvements also adds quality and efficiency to a platform like ours. So it is in those items that we focused on the last iteration.

Changes

  • Added LDAP support for authentication 
  • Removed grouping by issue tracker option in status report
  • Added command line option to automatically install the license files before launching Faraday 
  • Fixed bug when editing workspaces with maximum allowed workspaces reached 
  • Improved login in Web UI 
  • Improved the validation applied to passwords when editing them in the Web UI


Better password validation

  • Improved UX in users list Web UI 
  • Improved GTK UX when the client loses connection to the server 
  • Added link to name column in Hosts list



Host names with links
  • Fixed bug in SQLMap plugin that made the client freeze 
  • Fixed bug when creating/updating Credentials 
  • Fixed bug in the WEB UI - menu explanation bubbles were hidden behind inputs




  • Fixed conflict resolution when the object was deleted from another client before resolving the conflict 
  • Improved FPlugin
  • Improved the installation process 
  • Improved SQLMap plugin to support –tables and –columns options 
  • Improved navigation in Web UI 
  • Merged PR #137 - CScan improvements: bug fixing, change plugin format and removed unnecessary file output 
  • Merged PR #173 - Hostnames: added hostnames to plugins 
  • Merged PR #105 - OSint: added the possibility of using a DB other than Shodan 
  • The Status Report now remembers the sorting column and order
  • Created a requirements_extras.txt file to handle optional packages for specific features

We hope you enjoy it, and let us know if you have any questions or comments.

https://www.faradaysec.com
https://github.com/infobyte/faraday
https://twitter.com/faradaysec