Home

Rethink Vulnerability Management for your Network Security¶

Security faces two challenging objectives: developing intelligent methods for obtaining new information and effectively managing and enhancing remediation efforts. With the utilization of Faraday, you can prioritize vulnerability discovery while we assist you with the remaining tasks. Simply access Faraday through your terminal and effortlessly organize your work on the go.

Faraday was specifically designed to enable you to leverage the diverse range of tools within the security community, fostering a truly collaborative multiuser environment.

By consolidating and standardizing the data you input, Faraday empowers you to explore it through various visualizations that prove valuable to both managers and analysts.

Faraday is meticulously crafted to optimize the process of Vulnerability Management. It excels at normalizing, tracking, and identifying assets and vulnerability data from over 90 different security tools.

To read about the latest features check out the release notes!

Getting Started¶

Learn about Faraday holistic approach and rethink vulnerability management.

• Centralize your vulnerability data

• Automate the scanners you need

Integrating faraday in your CI/CD¶

Setup Bandit and OWASP ZAP in your pipeline

• GitHub [PDF]

• Jenkins [PDF]

• TravisCI [PDF]

Setup Bandit, OWASP ZAP and SonarQube in your pipeline

• Gitlab [PDF]

Faraday Cli¶

Faraday-cli is our command line client, providing easy access to the console tools, work in faraday directly from the terminal!

This is a great way to automate scans, integrate it to CI/CD pipeline or just get metrics from a workspace

$ pip3 install faraday-cli

Check our faraday-cli repo

Check out the documentation here.

Faraday Agents¶

Faraday Agents Dispatcher is a tool that gives Faraday the ability to run scanners or tools remotely from the platform and get the results.

Actionable reporting and Vulnerability templates¶

Every company has a different approach to reporting. Faraday provides a way for companies to export their data into their own compliance-ready formats.

Plugins¶

Connect you favorite tools through our plugins. Right now there are more than 80+ supported tools, among which you will find:

Missing your favorite one? Create a Pull Request!

There are two Plugin types:

Console plugins which interpret the output of the tools you execute.

$ faraday-cli tool run \"nmap www.exampledomain.com\"
💻 Processing Nmap command
Starting Nmap 7.80 ( https://nmap.org ) at 2021-02-22 14:13 -03
Nmap scan report for www.exampledomain.com (10.196.205.130)
Host is up (0.17s latency).
rDNS record for 10.196.205.130: 10.196.205.130.bc.example.com
Not shown: 996 filtered ports
PORT     STATE  SERVICE
80/tcp   open   http
443/tcp  open   https
2222/tcp open   EtherNetIP-1
3306/tcp closed mysql
Nmap done: 1 IP address (1 host up) scanned in 11.12 seconds
⬆ Sending data to workspace: test
✔ Done

Report plugins which allows you to import previously generated artifacts like XMLs, JSONs.

faraday-cli tool report burp.xml

Creating custom plugins is super easy, Read more about Plugins. Vulnerability Templates

Quickly fill out the gaps in your vulnerability data with Templates from your personalized Knowledge Base.

Reduce and Prioritize

An interface built around collaboration and simplicity: manage, tag, prioritize with ease.

Faraday Client

Our Shell allows you to upload results while pentesting actively.

Custom Workflows and seamless Deduplication¶

Trigger any action with custom events built to avoid repetitive tasks. Import all your data and never worry about duplicates, as Faraday automatically identifies and merges duplicated issues.

Easily schedule scanners and jobs with Agents¶

Agents are a lightweight, highly-scalable way to automate repetitive scheduled scans or triggered jobs that unnecessarily take up team resources.

Jira, GitLab, ServiceNow, SolarWinds, 2^nd Factor Authentication (2FA) and LDAP¶

Synchronize your favorite ticketing systems (JIRA, GitLab, ServiceNow, SolarWinds) and integrate with your existing Direct Access Protocol (LDAP).

We are continuously adding new integrations based on customer requests.

Easy-to-use REST API¶

Leverage our REST API to scale your own strategy by directly accessing integrations, analytics capabilities, and reporting depending on your needs.

Presentations¶

Some of the leading Security Conferences we present Faraday

• Ekoparty : 2010 - 2014 - 2017 - 2018

• Black Hat:

  • USA : 2011 - 2015 - 2016 - 2017 - 2018

  • Asia : 2016 - 2017 - 2018

  • Europe : 2015 - 2016

• RSA USA : 2015

• HITBSecConf Dubai : 2018

• SecurityWeekly : 2016

• Zero Nights : 2016

• AVTokyo : 2016 - 2018

• Tel Aviv-Yafo : 2018

• SECCON : 2018

• PyConAr : 2018

• 8.8 Chile : 2018

• CharruaCon : 2018

• NotPinkCon : 2018

• plusCODE : 2018

• BSides LATAM : 2016

Links¶

• Homepage: faradaysec.com

• Documentation: Faraday Docs

• Download: Download .deb/.rpm from releases page

• Issue tracker and feedback: Github issue tracker

• Frequently Asked Questions: FaradaySEC FAQ

• Twitter: @faradaysec

• Try one of our Demos