This new version has made major architectural changes to adapt the software to the new challenges of cybersecurity. It focuses on processing large volumes of data and facilitating user interaction with Faraday in their environment.Faraday just got much fasterArchitecture changes and a new database (PostgreSQL) gives us a new and revamped structure that allows us to support new objects and a bigger data volume. This dramatically improves most of the backend services that directly impact your day-to-day use…Big changes require timeThe total amount of work, in terms of commits, for the migration consisted of 29% of the total work done for the the project to this day. We changed and reviewed around 75440 lines of code, including the addition a lot of unit tests.Commits per week on faraday code repository from July 2017 to June 2018What’s new on the BackendNew Server: Implemented with Flask.New Database engine: PostgreSQL.New REST API: With complete support for CRUD for every object from Faraday. It makes it simpler to do queries for the DB and it opens up new ways for personalized integrations. Run python manage.py show_urls to see all our new API endpoints.Example usage for getting hosts from the new api:curl ‘http://localhost:5985/_api/v2/ws/europe/hosts’ -H ‘Cookie: AuthSession=[COOKIE]; session=[COOKIE];’Better scalability and performance improvements. There’s a drastic reduction in time needed for searches in our API and with the new architecture it’s significantly easier to scale-up horizontally.What’s new on the frontFor this version we listened to feedback from our users to make Faraday friendlier with a major focus on making specific data more readily available and a faster interface.The new dashboardThe new dashboard has been organized with a new layout to show relevant information first, helping users to find vulnerable spots in their workspace.Updated Status ReportChanged and simplified the status report design:Redesign of the hosts listNow you can add and remove columns, plus see and filter by hostnames and services:Small improvements that make your dayImports Scan Outputs directly from the Web UI.Now you can import results from your scans directly on our Web UI:Check here a video about report upload from WebGUI:Import Scan Outputs via API.Here’s an example of the new API:curl ‘http://127.0.0.1:5985/_api/v2/ws/test/upload_report’ -H ‘Content-Type: multipart/form-data’ -H ‘Cookie: AuthSession=[COOKIE]; session=[COOKIE];’ –data-binary $’[FILE BINARY DATA]’ –compressedDramatic performance upgrades.Simplification of the model we used. Say “adios" to the interface object.Access to the server using “/” instead of /_ui/ .Ability to edit the names of workspaces.New PluginsHP WebInspectIP360SslyzeWfuzzXsssniperBrutexssRecon-NGSublist3rDirsearchFull List of ChangesAllow faraday-server to have multiple instancesAdd hostname to hostInterface removed from model and from persistence server lib (fplugin)Performance improvements on the backendAdd quick change workspace name (from all views)Allow user to change workspaceNew faraday styles in all Webui viewsAdd search by id for vulnerabilitiesAdd new plugin SslyzeAdd new plugin WfuzzAdd xsssniper pluginFix W3af, Zap pluginsAdd Brutexss pluginAllow to upload report file from external tools from the webFix sshcheck import file from GTKAdd reconng pluginAdd sublist3r pluginAdd HP Webinspect pluginAdd dirsearch pluginAdd ip360 pluginCouchDB was replaced by PostgreSQL :)Host object changed, now the name property is called ipInterface object was removedNote object was removed and replaced with CommentCommunication object was removed and replaced with CommentShow credentials count in summarized report on the dashboardRemove vuln template CWE fields, join it with referencesAllow to search hosts by hostname, os and service nameAllow the user to specify the desired fields of the host list tableAdd optional hostnames, services, MAC and description fields to the host listWorkspace names can be changed from the Web UIChanged the scope field of a workspace from a free text input to a list of targetsExploitation and severity fields only allow certain values.CWE CVEs were fixed to be valid. A script to convert custom CSVs was added.Web UI path changed from /ui/ to / (ui has now a redirection to / for keeping backwards compatibility)dirb plugin should creates a vulnerability type information instead of a note.Add confirmed column to exported CSV from WebuiFixes in Arachni pluginAdd new parameters –keep-old and –keep-new for faraday CLIAdd new screenshot fplugin which takes a screenshot of the ip:ports of a given protocolAdd fix for net sparker regular and cloud fix on severityAdmin users can list and access all workspaces, even if they don’t have permissionsRemoved Chat feature (data is kept inside notes)Plugin reports now can be imported in the server, from the Web UIAdd CVSS score to reference field in Nessus plugin.Fix unicode characters bug in Netsparker plugin.Fix Qualys plugin.Fix bugs with MACOS and GTK.Add response field added to model in grouped report template.Add tooltip in WebUi with information about errors in executive report.Ldap now login is with [email protected], not user only anymore.Fix Jira bugs in WebUihttps://www.faradaysec.comhttps://forum.faradaysec.com/https://www.faradaysec.com/ideashttps://github.com/infobyte/faradayhttps://twitter.com/faradaysec

Link: http://feedproxy.google.com/~r/PentestTools/~3/973DH-EtFDU/faraday-v30-collaborative-penetration.html

This new version has made major architectural changes to adapt the software to the new challenges of cybersecurity. It focuses on processing large volumes of data and facilitating user interaction with Faraday in their environment.Faraday just got much fasterArchitecture changes and a new database (PostgreSQL) gives us a new and revamped structure that allows us to support new objects and a bigger data volume. This dramatically improves most of the backend services that directly impact your day-to-day use…Big changes require timeThe total amount of work, in terms of commits, for the migration consisted of 29% of the total work done for the the project to this day. We changed and reviewed around 75440 lines of code, including the addition a lot of unit tests.Commits per week on faraday code repository from July 2017 to June 2018 What’s new on the BackendNew Server: Implemented with Flask.New Database engine: PostgreSQL.New REST API: With complete support for CRUD for every object from Faraday. It makes it simpler to do queries for the DB and it opens up new ways for personalized integrations. Run python manage.py show_urls to see all our new API endpoints.Example usage for getting hosts from the new api:curl ‘http://localhost:5985/_api/v2/ws/europe/hosts’  -H ‘Cookie: AuthSession=[COOKIE]; session=[COOKIE];’Better scalability and performance improvements. There’s a drastic reduction in time needed for searches in our API and with the new architecture it’s significantly easier to scale-up horizontally.What’s new on the frontFor this version we listened to feedback from our users to make Faraday friendlier with a major focus on making specific data more readily available and a faster interface.The new dashboardThe new dashboard has been organized with a new layout to show relevant information first, helping users to find vulnerable spots in their workspace.Updated Status ReportChanged and simplified the status report design:Redesign of the hosts listNow you can add and remove columns, plus see and filter by hostnames and services:Small improvements that make your dayImports Scan Outputs directly from the Web UI.Now you can import results from your scans directly on our Web UI:Check here a video about report upload from WebGUI:Import Scan Outputs via API.Here’s an example of the new API:curl ‘http://127.0.0.1:5985/_api/v2/ws/test/upload_report’ -H ‘Content-Type: multipart/form-data’ -H ‘Cookie: AuthSession=[COOKIE]; session=[COOKIE];’ –data-binary $’[FILE BINARY DATA]’ –compressedDramatic performance upgrades.Simplification of the model we used. Say “adios" to the interface object.Access to the server using “/” instead of /_ui/ .Ability to edit the names of workspaces.New PluginsHP WebInspectIP360SslyzeWfuzzXsssniperBrutexssRecon-NGSublist3rDirsearchFull List of ChangesAllow faraday-server to have multiple instancesAdd hostname to hostInterface removed from model and from persistence server lib (fplugin)Performance improvements on the backendAdd quick change workspace name (from all views)Allow user to change workspaceNew faraday styles in all Webui viewsAdd search by id for vulnerabilitiesAdd new plugin SslyzeAdd new plugin WfuzzAdd xsssniper pluginFix W3af, Zap pluginsAdd Brutexss pluginAllow to upload report file from external tools from the webFix sshcheck import file from GTKAdd reconng pluginAdd sublist3r pluginAdd HP Webinspect pluginAdd dirsearch pluginAdd ip360 pluginCouchDB was replaced by PostgreSQL :)Host object changed, now the name property is called ipInterface object was removedNote object was removed and replaced with CommentCommunication object was removed and replaced with CommentShow credentials count in summarized report on the dashboardRemove vuln template CWE fields, join it with referencesAllow to search hosts by hostname, os and service nameAllow the user to specify the desired fields of the host list tableAdd optional hostnames, services, MAC and description fields to the host listWorkspace names can be changed from the Web UIChanged the scope field of a workspace from a free text input to a list of targetsExploitation and severity fields only allow certain values. CWE CVEs were fixed to be valid. A script to convert custom CSVs was added.Web UI path changed from /ui/ to / (ui has now a redirection to / for keeping backwards compatibility)dirb plugin should creates a vulnerability type information instead of a note.Add confirmed column to exported CSV from WebuiFixes in Arachni pluginAdd new parameters –keep-old and –keep-new for faraday CLIAdd new screenshot fplugin which takes a screenshot of the ip:ports of a given protocolAdd fix for net sparker regular and cloud fix on severityAdmin users can list and access all workspaces, even if they don’t have permissionsRemoved Chat feature (data is kept inside notes)Plugin reports now can be imported in the server, from the Web UIAdd CVSS score to reference field in Nessus plugin.Fix unicode characters bug in Netsparker plugin.Fix Qualys plugin.Fix bugs with MACOS and GTK.Add response field added to model in grouped report template.Add tooltip in WebUi with information about errors in executive report.Ldap now login is with [email protected], not user only anymore.Fix Jira bugs in WebUihttps://www.faradaysec.comhttps://forum.faradaysec.com/https://www.faradaysec.com/ideashttps://github.com/infobyte/faradayhttps://twitter.com/faradaysec

Link: http://feedproxy.google.com/~r/PentestTools/~3/WQlCi8tK3ng/faraday-beta-v30-collaborative.html