Utility Commands¶
General-purpose commands for inspecting the server, generating API specs, listing plugins, and importing templates.
show-urls¶
Display all registered URL routes in the Faraday Server API.
faraday-manage show-urls
Options¶
None.
Behavior¶
Prints Flask's url_map showing all registered URL patterns, HTTP methods, and endpoint names. Useful for debugging API routing or discovering available endpoints.
Example Output¶
Map([<Rule '/_api/v3/ws/<workspace_name>/vulns/' (OPTIONS, HEAD, GET, POST) -> ...>,
<Rule '/_api/v3/ws/<workspace_name>/hosts/' (OPTIONS, HEAD, GET, POST) -> ...>,
...])
openapi-swagger¶
Generate an OpenAPI 3.0.2 specification file from the Faraday server's registered routes and marshmallow schemas.
Note: The previous documentation incorrectly called this command
openapi-yaml. The actual command name isopenapi-swagger. The output format is JSON, not YAML.
faraday-manage openapi-swagger [OPTIONS]
Options¶
| Option | Type | Default | Description |
|---|---|---|---|
--server |
String | http://localhost:5985 (prompted) |
Server URL to include in the OpenAPI spec |
--modify_default |
Boolean | false |
If true, overwrite the bundled spec at faraday/openapi/faraday_swagger.json. If false, write to the local config directory. |
Behavior¶
- Iterates all registered Flask routes and view functions
- Uses
apispecwith Flask and Marshmallow plugins to build the spec - Adds security scheme (Basic Auth)
- Extracts tags from endpoints
- Writes the JSON spec to one of two locations:
- Default:
~/.faraday/config/faraday_swagger.json(user's local config) --modify_default:faraday/openapi/faraday_swagger.json(source tree)
Examples¶
# Generate spec with default server URL
faraday-manage openapi-swagger
# Server [http://localhost:5985]: http://localhost:5985
# Generate spec for a specific server URL
faraday-manage openapi-swagger --server https://faraday.example.com
# Overwrite the bundled specification in the source tree
faraday-manage openapi-swagger --server https://faraday.example.com --modify_default true
Output Format¶
The generated file is a standard OpenAPI 3.0.2 JSON document:
{
"info": {
"title": "Faraday <version> API",
"description": "The Faraday REST API enables you to interact with our server...",
"version": "v3"
},
"openapi": "3.0.2",
"servers": [{"url": "http://localhost:5985"}],
"security": [{"basicAuth": []}],
"paths": { ... },
"components": { ... }
}
list-plugins¶
List all available Faraday plugins (parsers for security tool output).
faraday-manage list-plugins
Options¶
None.
Behavior¶
Instantiates the PluginsManager and iterates all registered plugins, printing each plugin's ID (one per line).
Example Output¶
acunetix
arachni
burp
nessus
nmap
openvas
qualys
...
Faraday supports 120+ plugins for parsing output from security tools. Plugins are organized into categories: - Console plugins (~42): Parse real-time tool output - Report plugins (~70+): Parse saved report files - API/Online plugins (4): Interact with tool APIs
import-vulnerability-templates¶
Import vulnerability template definitions (CWE entries) from bundled files. Templates provide standardized vulnerability names, descriptions, and references.
faraday-manage import-vulnerability-templates [OPTIONS]
Options¶
| Option | Type | Default | Description |
|---|---|---|---|
--language |
String | en |
Language code for the templates to import |
--list-languages |
Flag | false |
List available template languages and exit |
Examples¶
# Import English templates (default)
faraday-manage import-vulnerability-templates
# Import Spanish templates
faraday-manage import-vulnerability-templates --language es
# List available languages
faraday-manage import-vulnerability-templates --list-languages
Behavior¶
Loads vulnerability template data from bundled files and imports them into the database. Templates include CWE identifiers, descriptions, severity information, and remediation guidance.
This command can be run multiple times safely — existing templates are updated rather than duplicated.