Penetration Testing
Faraday v2.2: Collaborative Penetration Test and Vulnerability Management Platform Nov 23 2016 02:37PM
Francisco Amato (famato infobytesec com)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to re-use the available tools in the
community taking advantage of them in a collaborative way!
Check out the Faraday project in Github. https://github.com/infobyte/faraday

This release features a brand new library to connect with Faraday Server!

Managing vulnerabilities is now easier in Faraday!

Changes:
- Status and creator fields:
A simple change can go a long way - we added two new ways of
classifying issues stored in Faraday.

With the new update it is now possible to check the status of an issue
- this could be opened, closed, re-opened or the risk is accepted.

If you set a vulnerability status as closed and later on when you
re-scan the target the same issue is found again, the status will
automatically change into re-opened allowing you to have a more
granular view of the results of your scans. This is perfect for doing
remediation retests, helping you to quickly understand what is still
vulnerable.

Also, issues created by a specific tool, can now be filtered and
sorted out. A great way to see where are the sources of information
used during an engagement.

For example, as we can see in the following screenshots, we have three
different issues that are closed [1]. After we import a Nessus scan
the issues are marked as re-opened [2], indicating that the
vulnerability is still present in the last scan.

- Added a message to configure the Webshell - added a descriptive
message for users who don't have the Webshell properly configured
- Fixed typo in Executive Report modal
- New library to connect with Faraday Server
- Fixed Fplugin, now it uses the new library to communicate with the Server
- Refactor in Faraday Core and GTK Client
- Bug fixing in Faraday Client and Server
- News boxes example in the WEB UI
- New plugins: Dirb, Netdiscover, FruityWifi, Sentinel
- Improvements on the WPscan plugin
- Fixed Licenses search - there was a bug that disabled the option to
search for licenses, now it is fixed and full-text search is enabled
in the Licenses component
- Refactor Licenses module to be compatible with JS Strict Mode - in
our efforts to improve our existing codebase for the WEB UI we
refactored this component in order to make it run using Strict Mode in
JavaScript

We hope you enjoy it, and let us know if you have any questions or comments.

https://www.faradaysec.com
https://github.com/infobyte/faraday
https://twitter.com/faradaysec
https://forum.faradaysec.com/

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus