الثلاثاء، 16 ديسمبر 2014

Faraday v1.0.7 Release


We´re happy to announce Faraday v1.0.7. After several months of hard work, finally we've been able to release the new version! Enjoy!



Changes made to the UX/UI:
  • Improved Vulnerability Edition usability, selecting a vulnerability will load it's content automatically.
  • ZSH UI now is showing notifications.
  • ZSH UI displays active workspaces.
  • Faraday now asks confirmation when exiting out. If you have pending conflicts to resolve it will show the number for each one.
  • Vulnerability creation is now supported in the status report.
  • Introducing SSLCheck, a tool for verifying bugs in SSL/TLS Certificates on remote hosts. This is integrated with Faraday as a plugin.
  • Shodan Plugin is now working with the new API.
  • Some cosmetic changes for the status report.
Bugfixes:
  • Sorting columns in the Status Report is running smoothly.
  • The Workspace icon is now based on the type of workspace being used.
  • Opening the reports in QT UI opens the active workspace.
  • UI Web dates fixes, we were showing dates with a off-by-one error.
  • Vulnerability edition was missing 'critical' severity.
  • Objects merge bugfixing
  • Metadata recursive save fix
We really tried to make it so the users would be able to generate a vulnerability without any hassle. 


The way to make a new vulnerability is easy. You select a target, you choose the type of vulnerability and the severity, after, you fill out the other parts, click OK and you´re good to go.
  • Made significantly easier for this vulnerability edition
Selecting a vulnerability uploads its content.
  • A SSLCheck Plugin was added

Also, we added a plugin for Faraday that is a tool to verify SSL/TLS errors for remote hosts. A Python script using code from OpenSSL, lets a user check the SSL/TLS remote server. The potential vulnerabilities (or the real ones) show up in red on the analysis report, that one can easily export to XML format.

Follow the steps below:
  1. Open Faraday using the following command./faraday.py --dev-mode, so that it refreshes the plugins folder
  2. Now that you Faraday open, go to scripts folder (cd scripts)
  3. Execute the command ./sslcheck.py target (./sslcheck.py 192.168.10.254)
Also, you can quickly run  the command for several targets and domains, the targets need to be written separately with a single space.

./sslcheck.py 192.168.10.254 facebook.com www.google.com 192.168.10.168
  • Some touchups made to the Status Report
    • Create/Edit/ Erase vulnerabilities
    • Filters
    • New fields
    • Changeable columns
https://www.faradaysec.com/

We hope you like it!
مرسلة بواسطة في
التسميات: , , ,

ليست هناك تعليقات:

إرسال تعليق

الاشتراك في: تعليقات الرسالة (Atom)