Faraday is an integrated multi-user penetration testing environment that maps and leverages all the knowledge you generate in real time. It gives CISOs a better overview of their team’s job, tools and results. You can run it on Windows, Linux and OS X.
The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multi-user way. Faraday supports more than 50 tools, including Burp Suite, w3af, Maltego, Metasploit, Qualysguard, Nessus, Netsparker, and Shodan.
The tool was first presented at the EkoParty Security Conference in 2010, and included in the prestigious Black Hat USA Arsenal in 2011.
Faraday development challenges
“The challenges were many, but looking back, one of the most important was understanding and correctly assessing all the ideas we had and selecting those which were most important for us to have on the first version so we could have a realistic minimal viable product which was published as the first community version,” Faraday developers told Help Net Security.
Once it took off, this mentality of adding only essential features totally changed the developing process. Nowadays the team works on an agile development cycle, with releases being pushed out every 15 days.
Radical changes to the tool – how looks and behaves – are in the works. One is a brand new GTK interface, which will replace the old QT3-based one, and will make the tool more stable as well as more pleasant to use.
“Another change that will come soon is Faraday Server, which will allow the users to experience a better performance when working with the Web UI. From our perspective as developers, this change is also very exciting as it will allow us to add features and fix bugs much more quickly,” the developers added.
Once these modifications are done, the developers plan to start working on changes to the Faraday Cloud, and the way information is extracted for the plugins. “We want to improve the workflow when using Faraday Cloud – Continuous Scanning and start giving Faraday the ability to make decisions with the information it gets from the security tools it works with,” they explained.