Web Application Security
Faraday v2.4: Collaborative Penetration Test and Vulnerability Management Platform Mar 21 2017 02:09PM
Francisco Amato (famato infobytesec com)
March is already rolling and so is our work. Today we feel so happy to
share a new release, Faraday v2.4!

Before preparing an upcoming release, we try to focus not only on
improving the product but also on perfecting the user experience. We
want to go beyond optimizing your everyday work, inspiring you to do

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that helps users improve their
own work, the main purpose is to re-use the available tools in the
community taking advantage of them in a collaborative way! Check out
the Faraday project in Github.

LDAP support:

Yes, Faraday's bucket list is an item shorter as of this release! LDAP
support has been on the horizon for quite some time now, but not
anymore - this brand new version comes with LDAP support out of the
box, no additional modules required, isn't that neat?

Why LDAP? Well, because a great number of companies around the world
use it to centralize their user account management. The protocol
provides total control over the credentials in all the platforms,
which comes in pretty handy when managing large volumes of data. In
fact, LDAP is so popular that some companies have a policy to only use
tools that support LDAP authentication.

By adding LDAP support to Faraday, we give our clients the possibility
to manage larger teams, implement large-scale installations and
maintain a granular and simple control over their user accounts.

In addition, using Faraday over LDAP provides better configuration
than ever, allowing complex credential policies such as password
expiration and quality standards, or credential lockout.

Faraday Plugin:

We made some changes to the Faraday Plugin, improving its
functionality by allowing users to run it through the GTK interface,
performing actions in batch and filtering objects.

One of the best things about this new version of the Plugin is that
you can now use it to script some of the most boring tasks needed in
every assessment.

We also added a menu option to run directly from GTK!

New menu item in GTK allows users to run Fplugin without having to
type anything!
Read more about FPlugin in our documentation -
Details are everything

And that is what this release is all about. We believe that correcting
very specific details and introducing small improvements also adds
quality and efficiency to a platform like ours. So it is in those
items that we focused on the last iteration.


- Added LDAP support for authentication
- Removed grouping by issue tracker option in status report
- Added command line option to automatically install the license files
before launching Faraday
- Fixed bug when editing workspaces with maximum allowed workspaces reached
- Improved login in Web UI
- Improved the validation applied to passwords when editing them in the Web UI
- Better password validation
- Improved UX in users list Web UI
- Improved GTK UX when the client loses connection to the server
- Host names with links
- Fixed bug in SQLMap plugin that made the client freeze
- Fixed bug when creating/updating Credentials
- Fixed bug in the WEB UI - menu explanation bubbles were hidden behind inputs
- Fixed menu bubbles - Before and After
- Fixed conflict resolution when the object was deleted from another
client before resolving the conflict
- Improved FPlugin
- Improved the installation process
- Improved SQLMap plugin to support --tables and --columns options
- Improved navigation in Web UI
- Merged PR #137 - CScan improvements: bug fixing, change plugin
format and removed unnecessary file output
- Merged PR #173 - Hostnames: added hostnames to plugins
- Merged PR #105 - OSint: added the possibility of using a DB other than Shodan
- The Status Report now remembers the sorting column and order
- Created a requirements_extras.txt file to handle optional packages
for specific features

We hope you enjoy it, and let us know if you have any questions or comments.


This list is sponsored by Cenzic
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus