Faraday - 开源漏洞管理平台

加微信入群

微信号：echo_Abyss

风信子官方网站：www.sterben.cc

安全有两项艰巨的任务：设计获取新信息的智能方法，以及跟踪调查结果以改进补救工作。  借助法拉第，您可以专注于发现 漏洞 ，而我们则帮助您完成其余的工作。  只需在您的终端中使用它即可在运行中组织您的工作。  Faraday 旨在让您以真正的多用户方式利用社区中的可用工具。

Faraday 聚合并标准化您加载的数据，允许将其探索为对经理和分析师等有用的不同可视化效果。 

Install

Docker-compose

The easiest way to get faraday up and running is using our docker-compose

$ wget https://raw.githubusercontent.com/infobyte/faraday/master/docker-compose.yaml$ docker-compose up

If you want to customize, you can find an example config over here Link

Docker

You need to have a Postgres  running first.

 $ docker run      -v $HOME/.faraday:/home/faraday/.faraday      -p 5985:5985      -e PGSQL_USER='postgres_user'      -e PGSQL_HOST='postgres_ip'      -e PGSQL_PASSWD='postgres_password'      -e PGSQL_DBNAME='postgres_db_name'      faradaysec/faraday:latest

PyPi

$ pip3 install faradaysec$ faraday-manage initdb$ faraday-server

Binary Packages (Debian/RPM)

You can find the installers on our releases page

$ sudo apt install faraday-server_amd64.deb# Add your user to the faraday group$ faraday-manage initdb$ sudo systemctl start faraday-server

Add your user to the faraday group and then run

Source

If you want to run directly from this repo, this is the recommended way:

$ pip3 install virtualenv$ virtualenv faraday_venv$ source faraday_venv/bin/activate$ git clone [email protected]:infobyte/faraday.git$ pip3 install .$ faraday-manage initdb$ faraday-server

Check out our documentation for detailed information on how to install Faraday in all of our supported platforms

For more information about the installation, check out our Installation Wiki.

In your browser now you can go to http://localhost:5985 and login with "faraday" as username, and the password given by the installation process

Getting Started

Learn about Faraday holistic approach and rethink vulnerability management.

• Centralize your vulnerability data

• Automate the scanners you need

Integrating faraday in your CI/CD

Setup Bandit and OWASP ZAP in your pipeline

• GitHub [PDF]

• Jenkins [PDF]

• TravisCI [PDF]

Setup Bandit, OWASP ZAP and SonarQube in your pipeline

• Gitlab [PDF]

Faraday Cli

Faraday-cli is our command line client, providing easy access to the console tools, work in faraday directly from the terminal!

This is a great way to automate scans,  integrate it to CI/CD pipeline  or just get metrics from a workspace

$ pip3 install faraday-cli

Check our faraday-cli repo

Check out the documentation here.

原文始发于微信公众号（风信Purrs）：Faraday - 开源漏洞管理平台