Faction: Open-source pentesting report generation and collaboration framework

Faction is an open-source solution that enables pentesting report generation and assessment collaboration.

faction pentest

Josh Summitt, the creator of Faction, has always disliked the process of writing reports, preferring to focus on uncovering bugs. A key frustration for him was the redundant step of using a separate note-taking app for storing screenshots and findings before compiling the final report.

He envisioned an integrated solution where the report generation tool would serve as the note-taking platform, incorporating all the standard templates typically used in reports. He hopes Faction will help others save time, reduce stress, and improve their information security workflow.

“I built Faction to be extendable in ways like you would extend BurpSuite. It’s designed to be flexible and extended to fit seamlessly in any environment. It is easy for internal teams to build and support their small modules versus a large code base. In addition, I hope the project will get a growing list of prebuilt modules developed by the community to expand capabilities without requiring internal development,” Summitt told Help Net Security.

Faction features

With Faction, you can:

  • Streamline penetration testing and security assessment reporting through automation.
  • Facilitate peer review and monitor modifications in reports.
  • Design docx templates for various assessments and follow-up retests.
  • Collaborate in real-time with assessors using the web application and extensions for Burp Suite.
  • Utilize adaptable vulnerability templates featuring 75 pre-filled options.
  • Oversee assessment teams and monitor organizational progress.
  • Monitor the remediation of vulnerabilities with tailored SLA warnings and notifications.
  • Leverage a comprehensive Rest API for seamless integration with other tools.

Other features:

  • LDAP, OAuth 2.0 and SMTP Integration.
  • Extendable with Custom Plugins similar to Burp Extender.
  • Custom Report Variables.

Future plans

The developer is currently working on enhancing the extendability of Faction by introducing a full app store, reminiscent of those found in platforms like Slack and Burp. This expansion will allow for the inclusion of additional features such as custom UI elements.

“Faction has had a strong focus on penetration testing from an application security mindset. I want to expand that to be more Red and Blue Team inclusive. Not that it won’t work for these teams out of the box but it could be more flexible,” Summitt added.

Faction is available for free on GitHub.

Must read: 15 open-source cybersecurity tools you’ll wish you’d known earlier

Must read:

Don't miss