Faraday-penetration testing IDE and vulnerability management platform

You can download this article in PDF format via the link below to support us.
Download the guide in PDF formatturn off

In order to protect your organization from constant hacker attacks, scripted crooks, and poorly motivated everyone, then you must improve your game every day. There is no doubt that the servers and applications running on them are always in danger of being exploited, especially when they are exposed to the public domain. With this in mind, you must equip yourself with the best tools, skills and team to do your best to protect and protect the things you cherish.

Combined with this revelation, protecting your applications, servers, and network should be an integral part of every business, because obviously an online presence is very important. Therefore, we have shared another tool that can help your developers and penetration testers identify vulnerabilities in their code. It’s best to stop trouble before peeking. damage. Introducing Faraday.

Faraday introduced a new concept-IPE (Integrated Penetration Testing Environment), which is a multi-user penetration testing IDE. Faraday aims to distribute, index and analyze the data generated during the security audit process. It is designed to allow you to take advantage of the tools available in the community in a truly multi-user manner.

In this guide, we will install and explore how Faraday does its best. Let’s check the functions it has:

Features of Faraday

You will find the following packages in this application:

  • Work area: Information is organized into various work areas. Each work area contains a 5-month team task and all discovered intels.
  • Conflict: If two plugins generate conflict information for a single element, it will generate a conflict that the user must resolve.
  • CSV export: Faraday supports exporting CSV from its WEB UI
  • Faraday plug-in: Provides Faraday’s powerful scripting function and allows you to query the database without leaving your favorite workspace, whether it is a GTK interface or a terminal.

The following are the requirements that Faraday can install:

you need to:

  • Python 3.6 and higher
  • PostgreSQL database

How to install Faraday

Faraday Server is the interface between PostgreSQL and Faraday Client and WebUI. The responsibility of the server is to transfer information between the client or WebUI and PostgreSQL and to ensure that they stay synchronized.

Step 1: Install Python 3 Linux

Since Python is the main package that Faraday depends on, let’s proceed with the installation, just in case you don’t have it, please follow the steps below

Install Python 3.6+ on Ubuntu

If you are using Ubuntu 16.10 or higher, you can easily install Python 3.6 with the following command:

sudo apt-get update
sudo apt-get install python3.6 python3-pip -y

If you are using another version of Ubuntu (such as the latest LTS version), or you want to use the latest Python, it is recommended that you install Python 3.8 using Deadsnakes PPA:

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt-get update
sudo apt-get install python3.8 python3-pip python3-dev -y

Install Python 3.6+ on CentOS

If you are using CentOS 7 or 8, you need to run the following command to install Python 3.

sudo yum update
sudo yum install -y python3  python3-pip python3-devel

Step 2: Install the PostgreSQL database server

Before proceeding to install Faraday, please make sure you have installed the PostgreSQL database. You can quickly install postgreSQL using the following link:

Install PostgreSQL 13 on Ubuntu Install PostgreSQL 12 on Debian How to install PostgreSQL 12 on Ubuntu

After the installation is complete, verify that the PostgreSQL version is higher than or equal to 9.6 by running the following command:

$ sudo su - postgres
$ psql -c "SELECT version()" postgres

Configure PostgreSQL

Open the pg_hba.conf file (remember to specify the correct PostgreSQL version):

sudo vim /etc/postgresql/POSTGRESQL_VERSION/main/pg_hba.conf

If you cannot find the pg_hba.conf file in the above path, just follow the steps below to locate

sudo find / -name pg_hba.conf

After opening the file, you need to edit the following lines to set the authentication type from “ident” to “md5”:

# IPv4 local connections:
host    all             all             127.0.0.1/32            md5 <==
# IPv6 local connections:
host    all             all             ::1/128                 md5 <==

Step 3: Install Faraday on Debian | Ubuntu | Kali | CentOS

Everything should now be ready for Faraday, we will download and set it up without hesitation. The good news is that Faraday developers provide DEB packages for easy installation on all Debian-based systems.According to the version number, visit Faraday publishes GitHub page Grab the latest.

sudo apt update
sudo apt install wget -y
wget https://github.com/infobyte/faraday/releases/download/v3.12/faraday-server_amd64.deb

Go to the download directory and run the following command to set it up.

sudo dpkg -i faraday-server_amd64.deb

If the above command completes successfully, you must use the following command to initialize the database.

sudo faraday-manage initdb

After the command is completed, it will provide you with a randomly generated password to log in to the Web UI as shown below.Faraday-penetration testing IDE and vulnerability management platform

Configure Faraday for remote access

By default, Faraday listens on localhost. With this configuration, if your server is located at a remote location, you will not be able to access your application. To change this setting, open the following file and change localhost to the IP you want, or you can only allow all IP addresses as shown below:

port = 5985
bind_address = 0.0.0.0   ##This Part
websocket_port = 9000
debug = false
secret_key = TBdhDvbWXo6p9MJOH1SPcD1cs
agent_token = 7gDQ35BvIqWt18z0omP5Amxw6

Our application should be ready and can be started by running the following command:

sudo systemctl start faraday-server

Then check its status as follows.

sudo systemctl status faraday-server

● faraday-server.service - Faraday Server
     Loaded: loaded (/etc/systemd/system/faraday-server.service; disabled; vendor preset: enabled)
     Active: active (running) since Fri 2020-11-06 09:32:37 UTC; 5s ago
   Main PID: 40670 (.faraday-server)
      Tasks: 3 (limit: 2204)
     Memory: 91.8M
     CGroup: /system.slice/faraday-server.service
             └─40670 /nix/store/m9g361va65ccbj2v5nil4dfr194zgarn-python3-3.8.3/bin/python3.8 /nix/store/ws2ix6dhr7hj2k1r8x0iv9ssjcx0bpvr-python3.8-faradaysec-3.11.1/bin/.faraday-server-wrapped

Nov 06 09:32:37 ubuntu2004.localdomain systemd[1]: Starting Faraday Server...
Nov 06 09:32:37 ubuntu2004.localdomain systemd[1]: Started Faraday Server.

If you are running a firewall, please allow port 5985 to run on the firewall

sudo ufw allow 5985/tcp

Now open the browser and point it to http:// : 5985, and use “faraday” as the user name to log in, and generate a password in the initdb step.Faraday-penetration testing IDE and vulnerability management platform

Install Faraday plugin

We need plug-ins like nmap, and the rest need the server to scan the client.Get the Faraday plugin as follows

sudo pip3 install faraday-plugins

Step 4: Install Faraday on CentOS 7 | CentOS 8

Just like in Debian, Ubuntu or Kali, before proceeding to install Faraday, please make sure you have installed Python and PostgreSQL database. You can quickly install PostgreSQL using the following link:

How to install PostgreSQL 13 on CentOS 7 Install PostgreSQL 13 on CentOS 8. RHEL 8

Configure PostgreSQL

Open the pg_hba.conf file and make changes according to the suggestions below.

vim /var/lib/pgsql/POSTGRESQL_VERSION/data/pg_hba.conf

After opening the file, you need to edit the following lines to set the authentication type from “ident” to “md5”:

# IPv4 local connections:
host    all             all             127.0.0.1/32            md5 <==
# IPv6 local connections:
host    all             all             ::1/128                 md5 <==

After installation and configuration are complete, verify that the PostgreSQL version is higher than or equal to 9.6 by running the following command:

$ psql -c "SELECT version()" postgres

After finishing, you find that Python3 is missing for some reason, please run the following command to install

sudo yum install python3 -y

On our RPM-based system, Faraday developers are proud to provide you with rpm packages.According to the version number, visit Faraday publishes GitHub page And get the latest.

sudo yum update
sudo yum install wget vim epel-release -y
wget https://github.com/infobyte/faraday/releases/download/v3.12/faraday-server_amd64.rpm

Navigate to the directory where you downloaded the rpm file and run the following command to set it up.

sudo rpm -ivh faraday-server_amd64.rpm

Restart the PostgreSQL server and initialize the database:

sudo systemctl restart postgresql
sudo faraday-manage initdb

The second command will provide you with a randomly generated password to log in to the Web UI.

Configure Faraday for remote access

By default, Faraday listens on localhost. With this configuration, in case your server is located at a remote location, you will not be able to access your application. To change this setting, open the following file and change localhost to the IP you want, or you can only allow all IP addresses as shown below:

port = 5985
bind_address = 0.0.0.0   ##This Part
websocket_port = 9000
debug = false
secret_key = TBdhDvbWXo6p9MJOH1SPcD1cs
agent_token = 7gDQ35BvIqWt18z0omP5Amxw6

After the configuration is complete, start the Faraday server

systemctl start faraday-server

Now open the browser and point it to http:// : 5985, and use “faraday” as the user name to log in, and generate a password in the initdb step.

If there is a connection problem, please allow port 5985 to run on the firewall

sudo firewall-cmd --permanent --add-port=5985/tcp
sudo firewall-cmd --reload

Step 5: Create a workspace

After logging in, create a workspace where the client can connect and load the scan results.To create a workspace, please follow the screenshot below

Click the user icon drop-down menu and select “WorkspaceFaraday-penetration testing IDE and vulnerability management platform

On the workspace page, click “newFaraday-penetration testing IDE and vulnerability management platform

A form will pop up. Enter the details and target host, and then save. You will be done.Faraday-penetration testing IDE and vulnerability management platform

Install Faraday plugin

The Faraday plug-in is the core of Faraday. They include most of the open source security tools available, such as Nmap, Hydra, Lynis, etc.You can install the Faraday plugin as follows

sudo pip3 install faraday-plugins

##On Ubuntu 20 you have to copy faraday-plugins to a directory on PATH###
$ sudo cp ~/.local/bin/faraday-plugins /usr/local/bin/

List all plugins

faraday-plugins list-plugins

Available Plugins:
Acunetix         - [Command:  No - Report: Yes] - Acunetix XML Output Plugin
Amap             - [Command: Yes - Report:  No] - Amap Output Plugin
Appscan          - [Command:  No - Report: Yes] - Appscan XML Plugin
AppSpider        - [Command:  No - Report: Yes] - AppSpider XML Output Plugin
Arachni          - [Command: Yes - Report: Yes] - Arachni XML Output Plugin
arp-scan         - [Command: Yes - Report:  No] - arp-scan network scanner
awsprowler       - [Command:  No - Report: Yes] - AWS Prowler
Beef             - [Command: Yes - Report:  No] - BeEF Online Service Plugin
brutexss         - [Command: Yes - Report:  No] - brutexss
Burp             - [Command:  No - Report: Yes] - Burp XML Output Plugin
Checkmarx        - [Command:  No - Report: Yes] - Checkmarx XML Output Plugin
Cobalt           - [Command:  No - Report: Yes] - Cobalt CSV Output Plugin
dig              - [Command: Yes - Report:  No] - DiG
dirb             - [Command: Yes - Report:  No] - Dirb
dirsearch        - [Command: Yes - Report:  No] - dirsearch
Dnsenum          - [Command: Yes - Report:  No] - Dnsenum XML Output Plugin
Dnsmap           - [Command: Yes - Report:  No] - Dnsmap Output Plugin
Dnsrecon         - [Command: Yes - Report:  No] - Dnsrecon XML Output Plugin
Dnswalk          - [Command: Yes - Report:  No] - Dnswalk XML Output Plugin
faraday_csv      - [Command:  No - Report: Yes] - Faraday CSV Plugin
Fierce           - [Command: Yes - Report:  No] - Fierce Output Plugin
Fortify          - [Command:  No - Report: Yes] - Fortify XML Output Plugin
fruitywifi       - [Command: Yes - Report:  No] - FruityWiFi
ftp              - [Command: Yes - Report:  No] - Ftp
Goohost          - [Command: Yes - Report:  No] - Goohost XML Output Plugin
Hping3           - [Command: Yes - Report:  No] - hping3

Step 5: Install Faraday Client on CentOS 8

So far, we have installed the server part of Faraday. It follows a server-client architecture, and it is recommended not to mix server and client on the same computer. To this end, we completely install the Faraday client on another machine. Note that in this example, the client requires a GUI. GNOME is a good choice for launching GTK App. First, update the computer as follows:

sudo yum update

Then install the Python server into the client server step 1. Once Python is installed, follow the steps below to install Faraday client for CentOS 8

sudo yum install cairo cairo-devel libjpeg-turbo-devel pango pango-devel pangomm
sudo dnf -y install dnf-plugins-core
sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf config-manager --set-enabled PowerTools
sudo dnf install gobject-introspection-devel cairo-gobject-devel gtk3 -y
sudo pip3 install faraday_client

Then start the Faraday client as shown below. You will need to enter the server URL at the end of the application output. Type it accordingly and press Enter. Later, you will enter the username and password of the Faraday client and the workspace we created earlier.

$ faraday-client


  _____                           .___
_/ _________  ____________     __| _/_____   ___.__.
   __ __   _  __ __     / __ | __   <   |  |
 |  |    / __ _|  | // __ _/ /_/ |  / __ ____  |
 |__|   (____  /|__|  (____  /____ | (____  // ____|
             /            /      /      / /

[*[       Open Source Penetration Test IDE       ]*]
            Where pwnage goes multiplayer

2020-11-06T13:07:06+0000 - faraday_client.start_client - INFO {MainThread} [start_client.py:323 - printBanner()]  Starting Faraday IDE.
2020-11-06T13:07:06+0000 - faraday_client.start_client - INFO {MainThread} [start_client.py:435 - main()]  Dependencies met.
2020-11-06T13:07:06+0000 - faraday_client.start_client - INFO {MainThread} [start_client.py:279 - checkConfiguration()]  Checking configuration.
2020-11-06T13:07:06+0000 - faraday_client.start_client - INFO {MainThread} [start_client.py:280 - checkConfiguration()]  Setting up ZSH integration.
2020-11-06T13:07:06+0000 - faraday_client.start_client - INFO {MainThread} [start_client.py:282 - checkConfiguration()]  Setting up user configuration.
2020-11-06T13:07:06+0000 - faraday_client.start_client - INFO {MainThread} [start_client.py:265 - setupXMLConfig()]  Copying default configuration from project.
2020-11-06T13:07:06+0000 - faraday_client.start_client - INFO {MainThread} [start_client.py:183 - setConf()]  Setting configuration.

Please enter the Faraday Server URL (Press enter for http://localhost:5985): http://172.17.106.186:5985

Step 6: Use Faraday

As shown above, when Faraday is installed using the .deb or .rpm installer, Faraday’s commands will be installed. In order to start scanning the client, run the faraday-client above, and then issue a security command such as Nmap. In this example, we will use Nmap.Faraday-penetration testing IDE and vulnerability management platform

We will use the real-time server to run a simple nmap command on the IP. You should observe that faraday-client will immediately take over the work and send the report to the server when finished.Faraday-penetration testing IDE and vulnerability management platform

You can view the report by logging in to the dashboard and selecting the workspace where the client is connected, as shown belowFaraday-penetration testing IDE and vulnerability management platform

Final thoughts

Security has penetrated and penetrated the telecommunications industry, and it continues to grow in a huge proportion. With the growth of cashless transactions, ensuring the security of assets, money and information is nothing more than important. With Faraday, you can use the powerful OpenSource tools that have been developed to test and patch vulnerabilities before they are discovered.

We hope that this guide will be helpful to you and lay a good foundation for more exploits you are ready to join. Thank you for your support and perseverance. Cheers! !Find other guides below

Install security updates/patches on CentOS 8 only

Install Nessus Vulnerability Scanner on Kali Linux 2020.x

Vuls – the best vulnerability scanner for Linux/FreeBSD/WordPress/web

You can download this article in PDF format via the link below to support us.
Download the guide in PDF formatturn off

Sidebar