Faraday v2.4 - Collaborative Penetration Test and Vulnerability Management Platform
Faraday is the Integrated Multiuser Risk Environment you
were looking for! It maps and leverages all the knowledge you generate
in real time, letting you track and understand your audits. Our
dashboard for CISOs and managers uncovers the impact and risk being
assessed by the audit in real-time without the need for a single email.
Developed with a specialized set of functionalities that helps users
improve their own work, the main purpose is to re-use the available
tools in the community taking advantage of them in a collaborative way!
LDAP support
Yes,
Faraday’s bucket list is an item shorter as of this release! LDAP
support has been on the horizon for quite some time now, but not
anymore - this brand new version comes with LDAP support out of the box,
no additional modules required, isn’t that neat?
Why LDAP? Well,
because a great number of companies around the world use it to
centralize their user account management. The protocol provides total
control over the credentials in all the platforms, which comes in pretty
handy when managing large volumes of data. In fact, LDAP is so popular
that some companies have a policy to only use tools that support LDAP
authentication.
By adding LDAP support to Faraday, we give our
clients the possibility to manage larger teams, implement large-scale
installations and maintain a granular and simple control over their user
accounts.
In addition, using Faraday over LDAP provides better
configuration than ever, allowing complex credential policies such as
password expiration and quality standards, or credential lockout.
Faraday Plugin
There are some changes to the Faraday Plugin, improving
its functionality by allowing users to run it through the GTK
interface, performing actions in batch and filtering objects.
One
of the best things about this new version of the Plugin is that you can
now use it to script some of the most boring tasks needed in every
assessment.
Example of task automation using Faraday Plugin - Running ping for every host that has a service on port 22
We also added a menu option to run directly from GTK!
New menu item in GTK allows users to run Fplugin without having to type anything!
Read more about FPlugin in our documentation
Details are everything
And that is what this release is all about. We believe that correcting very specific details and introducing small improvements also adds quality and efficiency to a platform like ours. So it is in those items that we focused on the last iteration.Changes
- Added LDAP support for authentication
- Removed grouping by issue tracker option in status report
- Added command line option to automatically install the license files before launching Faraday
- Fixed bug when editing workspaces with maximum allowed workspaces reached
- Improved login in Web UI
- Improved the validation applied to passwords when editing them in the Web UI
Better password validation
- Improved UX in users list Web UI
- Improved GTK UX when the client loses connection to the server
- Added link to name column in Hosts list
Host names with links
- Fixed bug in SQLMap plugin that made the client freeze
- Fixed bug when creating/updating Credentials
- Fixed bug in the WEB UI - menu explanation bubbles were hidden behind inputs
- Fixed conflict resolution when the object was deleted from another client before resolving the conflict
- Improved FPlugin
- Improved the installation process
- Improved SQLMap plugin to support –tables and –columns options
- Improved navigation in Web UI
- Merged PR #137 - CScan improvements: bug fixing, change plugin format and removed unnecessary file output
- Merged PR #173 - Hostnames: added hostnames to plugins
- Merged PR #105 - OSint: added the possibility of using a DB other than Shodan
- The Status Report now remembers the sorting column and order
- Created a requirements_extras.txt file to handle optional packages for specific features
We hope you enjoy it, and let us know if you have any questions or comments.
https://www.faradaysec.com
https://github.com/infobyte/faraday
https://twitter.com/faradaysec
Faraday v2.4 - Collaborative Penetration Test and Vulnerability Management Platform
Reviewed by Zion3R
on
11:14 AM
Rating: