Security and Technology

Faraday v2.2 – Collaborative Penetration Test and Vulnerability Management Platform

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time without the need for a single email. Developed with a specialized set of functionalities that help users improve their own work, the main purpose is to re-use the available tools in the community taking advantage of them in a collaborative way!

This release features a brand new library to connect with Faraday Server!

Managing vulnerabilities is now easier in Faraday!

Status and creator fields
A simple change can go a long way – we added two new ways of classifying issues stored in Faraday.
With the new update it is now possible to check the status of an issue – this could be opened, closed, re-opened or the risk is accepted.
If you set a vulnerability status as closed and later on when you re-scan the target the same issue is found again, the status will automatically change into re-opened allowing you to have a more granular view of the results of your scans. This is perfect for doing remediation retests, helping you to quickly understand what is still vulnerable.
Also, issues created by a specific tool, can now be filtered and sorted out. A great way to see where are the sources of information used during an engagement.
For example, as we can see in the following screenshots, we have three different issues that are closed [1]. After we import a Nessus scan the issues are marked as re-opened [2], indicating that the vulnerability is still present in the last scan.

1. Closed issues

2. Re-opened by Nessus scan import
Corporate Changes:

Added a message to configure the Webshell – added a descriptive message for users who don’t have the Webshell properly configured

Webshell configuration message
Changes:

New library to connect with Faraday Server

Fixed Fplugin, now it uses the new library to communicate with the Server

New fields for Vulnerabilities: plugin creator and status

Refactor in Faraday Core and GTK Client

Bug fixing in Faraday Client and Server

News boxes example in the WEB UI

New plugins: Dirb, Netdiscover, FruityWifi, Sentinel

Improvements on the WPscan plugin

Fixed Licenses search – there was a bug that disabled the option to search for licenses, now it is fixed and full-text search is enabled in the Licenses component

Licenses search

Refactor Licenses module to be compatible with JS Strict Mode – in our efforts to improve our existing codebase for the WEB UI we refactored this component in order to make it run using Strict Mode in JavaScript

https://www.faradaysec.comhttps://github.com/infobyte/faradayhttps://twitter.com/faradaysechttps://forum.faradaysec.com/
Download Faraday http://ift.tt/2gwTf6O http://ift.tt/2aM8QhC

Deixe uma resposta

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s