Faraday Client

Faraday Client

GTK

To access Faraday GTK, run faraday-client in the instance where you installed your Faraday Client .deb or .rpm (or .pkg, in Mac).




You will be presented with a special version of your own ZSH terminal . Just as with GTK, Faraday intercepts every command you execute and checks if there's a plugin available. If there is, Faraday will interpret all the relevant information like IP addresses, hostnames, services, vulnerabilities, websites, and notes that the command generates.

The menu bar gives you access to the most common options, you can: 

  • open a new tab 

  • create a new workspace

  • toggle the log 

  • set your Faraday Server URL in the preferences dialog 

  • login to the database


At the rightmost border, you'll be able to open a file chooser to import any report by our supported Plugins to Faraday.

The sidebar has two tabs, one for Workspaces and the other for Hosts. The workspaces tab allows you to change workspaces, while the hosts tab shows you all the hosts in your current workspace, plus the amount of vulnerabilities found in each one of them inside parenthesis. Clicking on a host will show you more detailed information:



Here, the leftmost tree represents the Host itself, with all its interfaces as children. The interfaces, too, have children, which are the services of each interface. All of these items have the number of vulnerabilities discovered, inside parentheses.

The list of vulnerabilities shows the name of all the vulns found in the selected item of the leftmost tree.

The rightmost side of the windows shows detailed information of the host, the selected item of the leftmost tree (be it a service or an interface) and the selected vulnerability.

The log console works just as you'd expect, showing you what Faraday's doing in the background at all times. For more verbose output, you can run Faraday with the --debug flag.

The status-bar has information about your workspace and also buttons to access the Conflicts Resolution dialog and the Notifications dialog.


Conflicts Resolution dialog

 

When Faraday finds an object which clashes with one you have already saved, it will inform you there's a conflict. Imagine you have a host marked as a Windows machine, but a tool detects a Linux installation. It's a conflict!

Faraday will show you the two conflicting objects, with its differences highlighted in red. You can edit the information in the objects, and then decide if you want to keep the left or right one.


Notifications dialog



Faraday is a multi-user integrated penetration test environment. That's why keeping up with changes coming from your collaborators is so important, and it's why the Notifications dialog exists.

While working, the notifications counter will increase as new changes come from other instances of Faraday clients connected to the same database. If you click on the button, you'll be presented with a list of all the updates, so you are never kept in the dark of what your collaborators are up to.


Adding Reports

If you wish to add a report from a previous scan, you can also do it from the GTK Client.   To do so, click on the Report Button 

A dialog will open, from which you can select the tool that was used to generate the Report:



All the data in the report will be processed and added to the active Workspace, and the console will show a message when the plugin starts and ends.




ZSH UI

You can even run Faraday in detached mode connecting with a ZSH terminal to it:

First, you need to run Faraday with no GUI: 

$ faraday-client --gui=nogui




Now, run Faraday Terminal: 

$ faraday-terminal




Using oh-my-zsh

You can use oh-my-zsh for managing your ZSH configuration. All you need to do is to install oh-my-zsh framework and then run the faraday-terminal command.


Importing your reports

To import your reports, drag-and-drop them into: 

$ /home/faraday/.faraday/reports/[workspace_name]


Faraday will parse your reports and upload the information extracted from them.




CLI

It's possible to use Faraday in Command-Line Interface (CLI) mode, allowing you to process your reports in batch. So let's say you want to process the XML output of a nmap scan located in /tmp/nmap_scan.xml and send the results to a workspace called project_one

You'll need to run Faraday as a certain user, with permissions to access your workspaces. You can pass your credentials using a simple json file that contains both your username and password. You have a template in the directory of your Faraday installation called credentials.json , but you are allowed to use any path and filename for this json file. The structure is this: 

{
    "username": "your_user_here",
    "password": "your_password_here"
}


And then run this command: 

$ faraday-client --cli --workspace project_one --report /tmp/nmap_scan.xml --creds-file /path/to/file/creds.json


Keep in mind the workspace has to already exist for the command to work.




    Still looking for answers? You can try opening a ticket.
      • Related Articles

      • Faraday Client Installation

        How to Install Faraday-Client We announced our decision to no longer maintain Faraday Client for our customers. We want to thank you for using it and provide feedback! See how to move into faraday-cli We do not recommend to install the Faraday Client ...
      • API - Client

        Faraday Client API We now support openAPI documentation for our API Faraday has 2 APIs on the Client: An RPC GTK API Service by default running on 127.0.0.1:9876. (This API will be soon deprecated) and a RESTful GTK API Service by default running on ...
      • Faraday Server

        Faraday's installers (.deb or .rpm) will install Faraday Server as a service. Faraday Server is the interface between PostgreSQL, Faraday Client and the WebUI. The Server's responsibility is to transmit information between the Client or WebUI and ...
      • Updating Faraday

        Faraday will be installed as a service if you use .deb or .rpm.  Note: if you're updating from Faraday v3.8.1 or lower, follow the instructions specified in the last section of this article. Once you're done, you can proceed with the instructions ...
      • [Errno 2] No such file or directory: '/home/USERNAME/.faraday/config/config.xml'

        Before running the Server for the first time you need to execute: $ faraday-client --login This will throw an error and exit but before doing that the file user.xml will be created in your .faraday/config directory. Now run the Server again, and ...