147
0
一款开源的漏洞管理平台
一款开源的漏洞管理平台
Security has two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve remediation efforts. With Faraday, you may focus on discovering vulnerabilities while we help you with the rest. Just use it in your terminal and get your work organized on the run.
Faraday was made to let you take advantage of the available tools in the community in a truly multiuser way.
Faraday aggregates and normalizes the data you load, allowing exploring it into different visualizations that are useful to managers and analysts alike.
To read about the latest features check out the release notes!
The easiest way to get faraday up and running is using our docker-compose
1$ wget https://raw.githubusercontent.com/infobyte/faraday/master/docker-compose.yaml 2$ docker-compose up
If you want to customize, you can find an example config over here Link
You need to have a Postgres running first.
1 $ docker run \ 2 -v $HOME/.faraday:/home/faraday/.faraday \ 3 -p 5985:5985 \ 4 -e PGSQL_USER='postgres_user' \ 5 -e PGSQL_HOST='postgres_ip' \ 6 -e PGSQL_PASSWD='postgres_password' \ 7 -e PGSQL_DBNAME='postgres_db_name' \ 8 faradaysec/faraday:latest
1$ pip3 install faradaysec 2$ faraday-manage initdb 3$ faraday-server
You can find the installers on our releases page
1$ sudo apt install faraday-server_amd64.deb 2# Add your user to the faraday group 3$ faraday-manage initdb 4$ sudo systemctl start faraday-server
Add your user to the faraday
group and then run
If you want to run directly from this repo, this is the recommended way:
1$ pip3 install virtualenv 2$ virtualenv faraday_venv 3$ source faraday_venv/bin/activate 4$ git clone git@github.com:infobyte/faraday.git 5$ pip3 install . 6$ faraday-manage initdb 7$ faraday-server
Check out our documentation for detailed information on how to install Faraday in all of our supported platforms
For more information about the installation, check out our Installation Wiki.
In your browser now you can go to http://localhost:5985 and login with "faraday" as username, and the password given by the installation process
Learn about Faraday holistic approach and rethink vulnerability management.
Setup Bandit and OWASP ZAP in your pipeline
Setup Bandit, OWASP ZAP and SonarQube in your pipeline
Faraday-cli is our command line client, providing easy access to the console tools, work in faraday directly from the terminal!
This is a great way to automate scans, integrate it to CI/CD pipeline or just get metrics from a workspace
1$ pip3 install faraday-cli
Check our faraday-cli repo
Check out the documentation here.
Faraday Agents Dispatcher is a tool that gives Faraday the ability to run scanners or tools remotely from the platform and get the results.
Connect you favorite tools through our plugins. Right now there are more than 80+ supported tools, among which you will find:
Missing your favorite one? Create a Pull Request!
There are two Plugin types:
Console plugins which interpret the output of the tools you execute.
1$ faraday-cli tool run \"nmap www.exampledomain.com\" 2💻 Processing Nmap command 3Starting Nmap 7.80 ( https://nmap.org ) at 2021-02-22 14:13 -03 4Nmap scan report for www.exampledomain.com (10.196.205.130) 5Host is up (0.17s latency). 6rDNS record for 10.196.205.130: 10.196.205.130.bc.example.com 7Not shown: 996 filtered ports 8PORT STATE SERVICE 980/tcp open http 10443/tcp open https 112222/tcp open EtherNetIP-1 123306/tcp closed mysql 13Nmap done: 1 IP address (1 host up) scanned in 11.12 seconds 14⬆ Sending data to workspace: test 15✔ Done 16
Report plugins which allows you to import previously generated artifacts like XMLs, JSONs.
1faraday-cli tool report burp.xml
Creating custom plugins is super easy, Read more about Plugins.
You can access directly to our API,
check out the documentation here.
长亭科技
1.5k
7
一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术,作为反向代理接入,保护你的网站不受黑客攻击。
长亭科技
766
2
洞鉴是一款从资产视角出发,集Web漏洞扫描、主机服务漏洞扫描、基线合规检查于一体,实现资产风险闭环管理的安全评估系统。