Faraday - 开源漏洞管理平台

admin
admin
admin
138876
文章
114
评论
2024年1月3日09:43:25评论112 views字数 2126阅读7分5秒阅读模式

加微信入群

微信号:echo_Abyss

风信子官方网站:www.sterben.cc

Faraday - 开源漏洞管理平台

安全有两项艰巨的任务:设计获取新信息的智能方法,以及跟踪调查结果以改进补救工作。  借助法拉第,您可以专注于发现 漏洞 ,而我们则帮助您完成其余的工作。  只需在您的终端中使用它即可在运行中组织您的工作。  Faraday 旨在让您以真正的多用户方式利用社区中的可用工具。

Faraday 聚合并标准化您加载的数据,允许将其探索为对经理和分析师等有用的不同可视化效果。 

Faraday - 开源漏洞管理平台

Install

Docker-compose

The easiest way to get faraday up and running is using our docker-compose

$ wget https://raw.githubusercontent.com/infobyte/faraday/master/docker-compose.yaml$ docker-compose up

If you want to customize, you can find an example config over here Link

Docker

You need to have a Postgres  running first.

 $ docker run      -v $HOME/.faraday:/home/faraday/.faraday      -p 5985:5985      -e PGSQL_USER='postgres_user'      -e PGSQL_HOST='postgres_ip'      -e PGSQL_PASSWD='postgres_password'      -e PGSQL_DBNAME='postgres_db_name'      faradaysec/faraday:latest

PyPi

$ pip3 install faradaysec$ faraday-manage initdb$ faraday-server

Binary Packages (Debian/RPM)

You can find the installers on our releases page

$ sudo apt install faraday-server_amd64.deb# Add your user to the faraday group$ faraday-manage initdb$ sudo systemctl start faraday-server

Add your user to the faraday group and then run

Source

If you want to run directly from this repo, this is the recommended way:

$ pip3 install virtualenv$ virtualenv faraday_venv$ source faraday_venv/bin/activate$ git clone [email protected]:infobyte/faraday.git$ pip3 install .$ faraday-manage initdb$ faraday-server

Check out our documentation for detailed information on how to install Faraday in all of our supported platforms

For more information about the installation, check out our Installation Wiki.

In your browser now you can go to http://localhost:5985 and login with "faraday" as username, and the password given by the installation process

Getting Started

Learn about Faraday holistic approach and rethink vulnerability management.

  • Centralize your vulnerability data

  • Automate the scanners you need

Integrating faraday in your CI/CD

Setup Bandit and OWASP ZAP in your pipeline

  • GitHub [PDF]

  • Jenkins [PDF]

  • TravisCI [PDF]

Setup Bandit, OWASP ZAP and SonarQube in your pipeline

  • Gitlab [PDF]

Faraday Cli

Faraday-cli is our command line client, providing easy access to the console tools, work in faraday directly from the terminal!

This is a great way to automate scans,  integrate it to CI/CD pipeline  or just get metrics from a workspace

$ pip3 install faraday-cli

Check our faraday-cli repo

Check out the documentation here.

Faraday - 开源漏洞管理平台

原文始发于微信公众号(风信Purrs):Faraday - 开源漏洞管理平台

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2024年1月3日09:43:25
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   Faraday - 开源漏洞管理平台https://cn-sec.com/archives/2355691.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息