We're pleased to present Faraday v3.1. In this release we added a new feature called Searcher which allows users to create rules and actions.
We have also improved the Activity Feed and updated several plugins.
Custom Workflows with rules (Searcher)
The Searcher allows you to search for specific objects inside your Faraday workspace and then to execute several actions over them if some conditions are met.
Usage example:
For example, you can change the severity to Criticaland confirm all vulnerabilities whose name begins with ‘Device’ and its parent being ’50.56.220.123’.
You can create exclusions, for example, if you know that certain ports should be ignored, you can create a rule to exclude these vulnerabilities of the ones that will be modified.
Activity Feed Upgrades
In this version we extended the Activity Feed to show more results and at the same time we allow to filter out empty results.
Plugin updates
With this release we reviewed several plugins and we updated them to support their latest version:
- OpenVas
- AppScan
- Nexpose
- Wapiti
Updated Continuous Scanning for Nessus 7
We also updated our Continuous Scanning for it to support Nessus 7. When Nessus released version 7, the API for starting scans was disabled. Faraday now downloads scheduled scan on Nessus and it only processes new results from Nessus (but if you are still using Nessus 6 it will work same as usual).
Workspace “Freedom of Speech” (Limitations of Workspace Naming Removed)
In the past, Faraday didn’t allow users to use numbers at the beginning of the workspace name, after our migration to Postgresql we decided to change this and with the release of v3.1 we allow more freedom for the workspace name. Currently we support alphanumeric strings on the workspace names.
And last but not less important...
One of the features most requested by our users: The new Vuln and Executive Report views will not be closed if you click outside of the box!
Changelog
- New feature: Searcher
- Added host_os column to status report
- Fixed an error while trying to execute server with --start
- Added option --choose-password to initdb
- Continuous Scan updated for Nessus 7
- Refactor on server.config to remove globals
- Added a directory for custom templates for executive reports (commercial versions)
- Activity Feed shows more results and allows to filter empty results
- Allow to create workspace that start with numbers
- Added more variables to Executive Reports (commercial versions)
- Fixed some value checking on Tasks API (date field)
- OpenVas plugin updated
- Appscan plugin updated
- Nexpose plugin updated
- Wapiti plugin updated
- Added not confirmed vulns to report API
- Fixed a bug on workspace API when the workspace already exists on database
- Fix owner filter on Status Report
- Fixes on import_csv fplugin when the API returned 409
- Fixes on status_check
- Fixed a bug on WebUI when workspace permission was changed (commercial versions)
- uigrid library updated to latest version
- Bug fix on automatic plugin detection
- Fixed a bug on Executive Reports when multiple reports were scheduled
- Avoid closing the Executive Report and new Vuln modal when the form has data
- Status Report open new tab for Evidence
- Added change_password to manage.py
- Fixed vuln count on Executive Report (commercial versions)
- Fixed CSS align in some tables
- Fixed ‘No ports available’ error on the Client
Enjoy Faraday 3.1 everyone ☺
https://forum.faradaysec.com/
https://www.faradaysec.com/ideas
https://github.com/infobyte/faraday
https://twitter.com/faradaysec