Faraday GUI (GTK) / Faraday ZSH terminal intercepts every command you execute and checks if there’s a plugin available. If there is, Faraday will interpret all the relevant information like IP addresses, hostnames, services, vulnerabilities, websites, and notes that the command generates.
Faraday Cloud provides the most extensive continous scanning and real-time insights for the security integrity of your systems Faraday Cloud gives you a multi-engine scanning plataform that supports an ever-growing list of industry security tools.
Automate repetitive Agents’ actions and check results on your Dashboard
This is a feature that allows you to send data from Faraday to Jira/ServiceNow as tickets inside the system. In order to do it, go into our Status Report, select the desired vulnerabilities, click on the Tools button and then click on the ServiceNow/Jira option.
As Faraday allows you to keep all of your pentests in one place, we thought it would be interesting to add the possibility to see your assessments come to life. These charts allow you to find new relations between your data and clarify the state of an assessment. We will also add new charts in the future, and the possibility to customize them as well!
Setup your own actions strategy, assign tasks to users for each phase and easily follow them up. You can create your own custom Methodologies, add Tasks, tag them and keep track of your whole project directly from Faraday. Faraday comes with Methodologies loaded by default that allow you to get to work quickly without having to create your own.
Tags allow you to organize your vulnerabilities. by letting you make and edit categories: environment, technology, state, language, projects, whatever. The team can then see the tagged vulnerabilities and organize the security evaluation.
The Executive Report feature lets you create (as the name implies) reports using the results obtained in each workspace. When an Executive Report is created, all the data from the Status Report is automatically processed and placed in a Word compatible document that can then be downloaded.
Define and execute your own actions from different sources and automatically import outputs into your repository.
Custom Fields allow you to extend the Vulnerability’s model with more fields. Custom fields type can be int, str, list, and choice.
You can use inline images with Faraday Evidence in the fields above by adding an Evidence file to your vulns and adding markdown like this:
No infrastructure changes needed: implement Faraday On-prem, Cloud or Hybrid without network changes.
The idea of the Web Shell is to allow you to work directly from the web using ZSH as a console. You would be connected to your own shell (listening in loopback interface).
This feature lets you easily see and assess the differences between two of your Workspaces.
Deduplicate Vulns and use your time to stay creative and moving forward Faraday’s Global Vuln KB allows you to customize descriptions and apply them accordingly.
Faraday supports 2nd Factor Authentication. We support any apps, e.g: Google Authenticator (Android) Google Authenticator (iOS) Authy (Android) Authy (iOS) OTP Authenticator (Android, Open Source)
Find yourself writing the same descriptions over and over again? Tired of typos coming up in your reports? Faraday provides a simple solution: unify criteria for naming vulnerabilities and save time and effort to yourself and your team.
There are three kinds of plugins available for Faraday; console, report and API also called online. However, these are not mutually exclusive, meaning that some tools have more than one Plugin to process their output. For example, Nmap has a Console plugin which allows you to run it directly from ZSH, but it also has a Report one, in order to import scans that were run outside of Faraday.
Bringing access to different data visualization to Manager, Pentesters, Clients and Fixers.