Faraday

Faraday is a vulnerability management platform and security tool aggregator designed to centralize security findings from multiple scanners into a single dashboard. It utilizes a relational security database to catalog hosts, services, and security flaws, enabling users to track remediation and analyze organizational risk.

The platform distinguishes itself through a plugin-based system that normalizes diverse security tool outputs into a unified data model. It supports deep integration with a wide array of scanners and CLI tools, intercepting shell command output or parsing report files to aggregate findings. Additionally, it provides bidirectional synchronization with external ticketing systems via webhooks to maintain consistency between vulnerability states and remediation tasks.

Broad capabilities include automated scan scheduling, role-based access control, and identity federation via SAML 2.0 and LDAP. The system also features template-driven report generation for executive and compliance documents, as well as a Model Context Protocol server to expose management data to AI assistants.

The project is written in Python and integrates with PostgreSQL for data storage and Elasticsearch for high-performance querying.

Features

Vulnerability Data Aggregators - Collects vulnerability data from diverse scanners and CLI tools into a unified data model.

Elasticsearch Integrations - Integrates with Elasticsearch to index vulnerability data for high-performance retrieval and analysis.

Vulnerability De-duplication - Automatically identifies and merges duplicate security issues during the ingestion of scan results.

Data Normalization - Normalizes diverse security tool outputs into a unified data model with standardized severity levels.

Data Normalization Utilities - Normalizes diverse security tool outputs into a unified data model using a plugin-based system of parsers.

PostgreSQL Adapters - Implements a relational PostgreSQL storage system to catalog hosts, services, and security flaws.

External Indexing Offloaders - Offloads complex vulnerability querying and fast data retrieval to an integrated external Elasticsearch instance.

Security Asset Relational Mapping - Catalogs hosts, services, and vulnerabilities within a relational database to track security flaw lifecycles and risk.

Command-Line Output Parsing - Intercepts and parses the real-time output of security tool commands executed via the CLI.

External Security Tool Integrations - Deno X processes structured data from external tools to identify hosts, services, and vulnerabilities.

Workspace Organization - Groups assets and findings into logical scopes to isolate different security projects or scan cycles.

Distributed Scanning Agents - Manages the deployment and execution of remote security scanning agents that report results to a central server.

Security Parser Plugins - Allows the creation of extensions to parse security tool output from files or shell command interception.

Scan Result Uploads - Imports external report files and XML results from security tools into the workspace for normalization.

Scan Result Importers - Ingests vulnerability reports through web interfaces, CLI tools, REST APIs, and automated agents.

Bulk Vulnerability Actions - Applies rule-based filters to workspace data to perform bulk updates, tagging, or deletions of vulnerabilities.

Asset De-duplication - Normalizes IP addresses to combine identical assets discovered by multiple scanners into a single record.

Asset Inventory Aggregators - Aggregates totals for hosts, services, and vulnerabilities to provide a high-level asset inventory overview.

API Request Authentication - Uses time-limited tokens associated with specific users to authorize and secure API requests.

Identity Management - Provides an authentication layer that integrates with external identity providers and LDAP for secure user access.

Security Scan Organizers - Groups vulnerability data and tool results into project-specific containers to centralize security discovery.

Role-Based Access Control - Manages granular user permissions and workspace isolation through a system of defined roles and group mapping.

Group Role Assignments - Automatically assigns system access levels and permissions based on a user's membership in directory groups.

Custom Role Definitions - Allows the creation of granular access roles by toggling specific operations like view, create, edit, and delete.

Security Asset Inventories - Maintains a centralized inventory of hosts, services, and open ports to map vulnerabilities to assets.

Finding Aggregators - Provides a centralized system to import and normalize scan results from various security tools using plugins.

Security Tool Normalization - Implements a plugin-based system to normalize diverse security tool outputs into a unified data model.

Vulnerability Management Systems - Centralizes security findings from multiple scanners into a single dashboard to track remediation and analyze risk.

Vulnerability Scanner Integrations - Integrates a wide array of third-party security scanners and tools into a centralized management platform.

Vulnerability Lifecycle Managers - Maps security vulnerabilities to specific network assets and services to track their lifecycle and prioritize remediation.

Asynchronous Task Queues - Utilizes Redis or RabbitMQ to process heavy report ingestion and automated scanning in the background.

Asset Risk Scoring - Calculates and updates risk scores for vulnerabilities and hosts using a multiplicative severity model.

Identity Federation - Authenticates users through a federated identity layer supporting local accounts, LDAP, and SAML 2.0.

Remediation Tracking - Coordinates the remediation of security flaws by managing tasks, milestones, and user assignments.

Model Context Protocol Servers - Exposes vulnerability management data to AI assistants through a Model Context Protocol server.

Vulnerability Alerting - Sends proactive notifications based on vulnerability severity, risk score thresholds, or age.

Web Vulnerability Scanning - Runs dedicated scanners to identify dangerous files and configuration issues on web servers.

Manual Finding Entry - Allows security analysts to manually record vulnerability details discovered during penetration testing.

Security Scan Schedulers - Runs security scanners on fixed timetables or via triggers using remote agents.

Task Tracking Systems - Organizes task groups and methodology templates to track the progress of security remediation.

Vulnerability Ticketing Integrators - Automates the creation of tickets in external help desk and issue tracking platforms based on detected vulnerabilities.

Document Generation Templates - Renders security reports by injecting vulnerability datasets into customizable Jinja2 templates for PDF and Word output.

Custom Asset Metadata Fields - Defines and assigns flexible data types to assets and jobs to track domain-specific metadata.

Template-Based Reports - Uses a templating engine to render reports by injecting vulnerability, host, and service datasets into custom layouts.

Custom Vulnerability Schemas - Extends the vulnerability data model with additional fields to capture domain-specific security data.

Security Finding Exports - Deno X sends confirmed security findings as incidents to ServiceNow with custom formatting and attached evidence.

State Synchronization Webhooks - Maintains real-time consistency between internal vulnerability states and external tickets using bidirectional webhooks.

Search and Indexing - Indexes vulnerability information in a search engine to enable high-performance querying and analysis.

Security Scanner Integrations - Integrates with BeEF servers via REST API to ingest security data.

Vulnerability - Executes background jobs based on defined conditions, such as the last detection date of a vulnerability.

Command Line Interfaces - Provides a command-line client for automating security data management and task execution.

Security Scanner Integrations - Connects to Burp Suite instances to trigger scans and retrieve vulnerability findings.

REST APIs - Provides a comprehensive REST interface for programmatic access to analytics, reporting, and platform integrations.

Asset Management APIs - Provides REST endpoints for programmatically managing host and service assets, including IP and port tracking.

User Management APIs - Provides programmatic endpoints for the administration of user accounts, workspaces, and role assignments.

Background Processing - Utilizes an asynchronous task queue to process security data and generate reports without blocking the API.

CI/CD Security Metrics Automation - Triggers security scans and retrieves performance metrics via a CLI for CI/CD integration.

Ticketing System Exports - Deno X creates GitLab issues from identified vulnerabilities using customizable templates to streamline remediation.

API Credential Managers - Offers an API for storing and updating authentication credentials associated with specific network assets.

Custom Security Scan Extensions - Provides a pluggable architecture to include custom security tools and specialized executor scripts for scanning.

Enterprise Identity Providers - Provides integration with enterprise-grade authentication protocols including SAML, LDAP, and local accounts for centralized user identity management.

User Account Management - Includes administrative tools for creating users, updating account details, and managing password resets.

LDAP Authentication - Integrates with LDAP providers to manage user identity and access control via a centralized directory.

LDAP User Synchronization - Integrates with LDAP or Active Directory to externally manage and synchronize user identities.

Network Vulnerability Scanning - Executes network scans to identify services and security weaknesses across targeted IP addresses and domains.

Distributed Scanner Execution - Manages the deployment and execution of security scanners across remote agents to collect vulnerability data centrally.

SAML SSO Integrations - Implements SAML 2.0 integrations to delegate user authentication to external identity providers.

Secret Scanning - Retrieves exposed secret detections from GitHub and converts them into vulnerability records.

Finding Filters - Provides advanced operators and date ranges to query and isolate high-risk vulnerabilities and assets.

Security Report Generation - Produces structured security reports based on defined templates for distribution via API.

Credential Management Tools - Provides mechanisms to attach and update authentication credentials for vulnerabilities via bulk operations and API.

Subdomain Enumeration Tools - Discovers and maps subdomains for target domains to generate a comprehensive attack surface map.

Session Token Issuance - Generates JWTs for authenticated users to enable secure automated workflows and scripts.

Two-Factor Authentication - Mandates time-based one-time passwords from authenticator apps to secure the login process.

Vulnerability Management APIs - Enables programmatic CRUD operations on vulnerability objects and the attachment of evidence files to findings.

Finding Grouping - Consolidates similar security findings into groups using automated criteria or manual definitions.

Vulnerability Tagging - Organizes security findings using custom tags to group items by environment or technology.

Executive Summaries - Creates executive-level Word or PDF documents by aggregating and filtering vulnerability data from multiple workspaces.

CI Pipeline Integration - Embeds security scanning tools directly into CI/CD build pipelines to automate vulnerability detection.

Scanning Template Libraries - Executes security scans based on predefined YAML templates for consistent vulnerability detection.

Vulnerability Deleters - Enables mass creation, deletion, and updating of security findings and their associated credentials.

Vulnerability-to-Task Linking - Deno X connects specific security findings to actionable work items to ensure every detected vulnerability is tracked.

Bidirectional State Synchronizations - Maintains real-time consistency between internal vulnerability states and external ticketing systems via two-way webhooks.

Compliance Reporting - Generates audit-ready reports by transforming security findings into company-specific formats for external compliance requirements.

Task Sequence Orchestrations - Executes sequences of tasks based on specific rules with automatic recovery from worker failures.

Ticketing System Synchronizations - Integrates with external project management tools to synchronize vulnerability data with task tracking.

Vulnerability - Visualizes security posture through dashboards showing vulnerability counts and top hosts over time.

Issue Synchronization - Synchronizes the status of security vulnerabilities and linked tickets across external platforms via webhooks.

Security Orchestration - Suite for security orchestration and centralized information management.

Pentesting Frameworks - Collaborative environment for managing security audits.

infobytefaraday

Features

Star history