The menu bar gives you access to the most common options, you can:
open a new tab
create a new workspace
toggle the log
set your Faraday Server URL in the preferences dialog
login to the database
At the rightmost border, you'll be able to open a file chooser to import any report by our supported Plugins to Faraday.
The sidebar has two tabs, one for Workspaces and the other for Hosts. The workspaces tab allows you to change workspaces, while the hosts tab shows you all the hosts in your current workspace, plus the amount of vulnerabilities found in each one of them inside parenthesis. Clicking on a host will show you more detailed information:
Here, the leftmost tree represents the Host itself, with all its interfaces as children. The interfaces, too, have children, which are the services of each interface. All of these items have the number of vulnerabilities discovered, inside parentheses.
The list of vulnerabilities shows the name of all the vulns found in the selected item of the leftmost tree.
The rightmost side of the windows shows detailed information of the host, the selected item of the leftmost tree (be it a service or an interface) and the selected vulnerability.
The log console works just as you'd expect, showing you what Faraday's doing in the background at all times. For more verbose output, you can run Faraday with the --debug flag.
The status-bar has information about your workspace and also buttons to access the Conflicts Resolution dialog and the Notifications dialog.
When Faraday finds an object which clashes with one you have already saved, it will inform you there's a conflict. Imagine you have a host marked as a Windows machine, but a tool detects a Linux installation. It's a conflict!
Faraday will show you the two conflicting objects, with its differences highlighted in red. You can edit the information in the objects, and then decide if you want to keep the left or right one.
While working, the notifications counter will increase as new changes come from other instances of Faraday clients connected to the same database. If you click on the button, you'll be presented with a list of all the updates, so you are never kept in the dark of what your collaborators are up to.
If you wish to add a report from a previous scan, you can also do it from the GTK Client. To do so, click on the Report Button
A dialog will open, from which you can select the tool that was used to generate the Report:
All the data in the report will be processed and added to the active Workspace, and the console will show a message when the plugin starts and ends.
You can even run Faraday in detached mode connecting with a ZSH terminal to it:
First, you need to run Faraday with no GUI:
Now, run Faraday Terminal:
To import your reports, drag-and-drop them into:
Faraday will parse your reports and upload the information extracted from them.
It's possible to use Faraday in Command-Line Interface (CLI) mode, allowing you to process your reports in batch. So let's say you want to process the XML output of a nmap scan located in /tmp/nmap_scan.xml and send the results to a workspace called project_one .
You'll need to run Faraday as a certain user, with permissions to access your workspaces. You can pass your credentials using a simple json file that contains both your username and password. You have a template in the directory of your Faraday installation called credentials.json , but you are allowed to use any path and filename for this json file. The structure is this:
And then run this command:
Keep in mind the workspace has to already exist for the command to work.