Welcome. Here is a free text!
The full power of the dashboard is in vulnerability management, as shown in our introduction to Faraday. If you haven’t yet, it might be helpful to follow these instructions after creating an account and scanning your domain or uploading your vulnerabilities to Faraday.
In Faraday’s navigation bar you’ll find three sections: the activity feed, the vulnerability dashboard and the asset dashboard, each designed to guide you through the key steps of vulnerability management.
It will show you the type and number of vulnerabilities associated with each of your assets, as well as their severity, next to the asset ip and hostname.
You will be able to add comments to the vulnerability, in which you may tag other users and they will receive a notification, and to update evidence of the vulnerability, all with just a few clicks.
If the volume of vulnerabilities is too high, you may want to filter what to see to ease your navigation. To choose which information you wish to be shown, the filter and column features may be accessed on the top-right corner.
Instant Alerts: Stay informed with real-time notifications.
Setup your own actions strategy, assign tasks to users for each phase and easily follow them up You can create your own custom Methodologies, add Tasks, tag them and keep track of your whole project directly from Faraday. Faraday comes with Methodologies loaded by default that allow you to get to work quickly without having to create your own.
Process of determining the order in which security vulnerabilities should be addressed based on their severity and potential impact on an organization.
Faraday Cloud provides the most extensive continuous scanning and real-time insights for the security integrity of your systems Faraday Cloud gives you a multi-engine scanning platform that supports an ever-growing list of industry security tools.
Faraday supports 2nd Factor Authentication. We support any apps, e.g: Google Authenticator (Android) Google Authenticator (iOS) Authy (Android) Authy (iOS) OTP Authenticator (Android, Open Source)
Provide access to the platform through all its channels. Identified by username and profile, it allows to moderate accesses and keep under control data governance.
A workspace is a project presentation that allows you to summarize information from different sources, work with them as a unit, and generate information.
An asset is any device, resource or other component of the environment that supports information-related activities. For example, IP Addresses and FQDN in the scope of an assessment.
Facilitate the search for possible duplicates and provides the user with a friendly mechanism to associate a set of vulnerabilities that could refer to the same problem/vuln, with the option of leaving only one of these vulnerabilities visible and hiding the rest.
The Executive Report feature lets you create (as the name implies) reports using the results obtained in each workspace. When an Executive Report is created, all the data from the Status Report is automatically processed and placed in a PDF/Word compatible document that can then be downloaded.
Allows the user to automate tasks after an agent terminates and new vulnerabilities bulk into a workspace. Also when a user manually uploads a tool report to a workspace.
Bringing access to different data visualization to Manager, Pentesters, Clients and Assets Owner.
Use Faraday directly from your favourite terminal. faraday-cli is the official client that make automating your security workflows, easier.
Automate repetitive Agents’ actions and check results on your Dashboard
This is a feature that allows you to send data from Faraday to Jira/ServiceNow as tickets inside the system. In order to do it, go into our Status Report, select the desired vulnerabilities, click on the Tools button and then click on the ServiceNow/Jira option.
As Faraday allows you to keep all of your pentests in one place, we thought it would be interesting to add the possibility to see your assessments come to life. These charts allow you to find new relations between your data and clarify the state of an assessment. We will also add new charts in the future, and the possibility to customize them as well!
Setup your own actions strategy, assign tasks to users for each phase and easily follow them up. You can create your own custom Methodologies, add Tasks, tag them and keep track of your whole project directly from Faraday. Faraday comes with Methodologies loaded by default that allow you to get to work quickly without having to create your own.
Tags allow you to organize your vulnerabilities. by letting you make and edit categories: environment, technology, state, language, projects, whatever. The team can then see the tagged vulnerabilities and organize the security evaluation.
Define and execute your own actions from different sources and automatically import outputs into your repository.
Custom Fields allow you to extend the Vulnerability’s model with more fields. Custom fields type can be int, str, list, and choice.
You can use inline images with Faraday Evidence in the fields above by adding an Evidence file to your vulns and adding markdown like this:
No infrastructure changes needed: implement Faraday On-prem, Cloud or Hybrid without network changes.
The idea of the Web Shell is to allow you to work directly from the web using ZSH as a console. You would be connected to your own shell (listening in loopback interface).
This feature lets you easily see and assess the differences between two of your Workspaces.
Find yourself writing the same descriptions over and over again? Tired of typos coming up in your reports? Faraday provides a simple solution: unify criteria for naming vulnerabilities and save time and effort to yourself and your team.
There are three kinds of plugins available for Faraday; console, report and API also called online. However, these are not mutually exclusive, meaning that some tools have more than one Plugin to process their output. For example, Nmap has a Console plugin which allows you to run it directly from ZSH, but it also has a Report one, in order to import scans that were run outside of Faraday.