faraday-cli 2.0.1

Faraday cli package

Faraday on the terminal

Use faraday directly from your favorite terminal

faraday-cli is the official client that make automating your security workflows, easier.

Install from source

git clone https://github.com/infobyte/faraday-cli.git
cd faraday-cli
pip install .

Install from pip

pip install faraday-cli

Documentation

For more info you can check our documentation

Use it like a command

Login

Configure auth for farday-cli

$ faraday-cli auth

Create a workspace

When you create a workspace by default is selected as active, unless you use the "-d" flag

$ faraday-cli create_ws some_name
✔ Created workspace: some_name

Select active workspace

$ faraday-cli select_ws some_name
✔ Selected workspace: some_name

List workspaces

$ faraday-cli list_ws
NAME         HOSTS    SERVICES    VULNS  ACTIVE    PUBLIC    READONLY
---------  -------  ----------  -------  --------  --------  ----------
some_name       14          13       39  True      False     False

List hosts of a workspace

$ faraday-cli list_host
  ID  IP           OS       HOSTNAMES          SERVICES  VULNS
----  -----------  -------  ---------------  ----------  -------
 574  127.0.0.1    unknown                            1  3
 566  127.0.0.10   unknown                            1  3
 569  127.0.0.11   unknown                            1  3
 568  127.0.0.12   unknown                            1  3
 570  127.0.0.13   unknown                            1  3
 576  127.0.0.2    unknown                            1  3
 565  127.0.0.3    unknown                            1  3
 572  127.0.0.4    unknown                            1  3
 573  127.0.0.5    unknown                            1  3
 567  127.0.0.6    unknown                            1  3
 571  127.0.0.7    unknown                            1  3
 564  127.0.0.8    unknown                            1  3
 575  127.0.0.9    unknown                            1  3
 590  58.76.184.4  unknown  www.googlec.com           0  -

Get host

$ faraday-cli get_host 574

$ faraday-cli get_host 574
Host:
  ID  IP         OS       HOSTNAMES    OWNER    OWNED      VULNS
----  ---------  -------  -----------  -------  -------  -------
 574  127.0.0.1  unknown               faraday  False          3

Services:
  ID  NAME    DESCRIPTION    PROTOCOL      PORT  VERSION    STATUS      VULNS
----  ------  -------------  ----------  ------  ---------  --------  -------
2638  ssh                    tcp             22  unknown    open            2

Vulnerabilities:
   ID  NAME                                      SEVERITY    STATUS    CONFIRMED    TOOL
-----  ----------------------------------------  ----------  --------  -----------  -------
13509  SSH Weak Encryption Algorithms Supported  MED         opened    False        Openvas
13510  SSH Weak MAC Algorithms Supported         LOW         opened    False        Openvas
13511  TCP timestamps                            LOW         opened    False        Openvas

Create hosts

$ faraday-cli create_host -d \''[{"ip": "stan.local", "description": "some server"}]'\'

Or pipe it

$ echo '[{"ip": "1.1.1.5", "description": "some text"}]' | faraday-cli create_host --stdin

The escaping of the single quotes (\') is only needed when using it as a command. In the shell or using pipes it not necessary

Import vulnerabilities from tool report

$ faraday-cli process_report "/path/to/report.xml"

Import vulnerabilities from command

$ faraday-cli ping -c 1 www.google.com

List agents

$ faraday-cli list_agent
  id  name      active    status    executors
----  --------  --------  --------  -----------
   8  internal  True      online    nmap

Run executor

$ faraday-cli run_executor -a 1 -e nmap -p \''{"target": "www.google.com"}'\'
Run executor: internal/nmap [{'successful': True}]

Use it like a shell

Faraday-cli can be used as a shell and have all the same commands you have as a cli

Use cases

Continuous scan your assets with faraday

For example run nmap for all the hosts in faraday that listen on the 443 port and import the results back to faraday

$ faraday-cli list_host --port 443 -ip | nmap -iL - -oX /tmp/nmap.xml  && faraday-cli process_report /tmp/nmap.xml

Scan your subdomains

Use a tool like assetfinder to do a domains lookup, scan them with nmap and send de results to faraday

$ assetfinder -subs-only example.com| sort | uniq |awk 'BEGIN { ORS = ""; print " {\"target\":\""}
{ printf "%s%s", separator, $1, $2
separator = ","}END { print "\"}" }' | faraday-cli  run_executor -a 1 -e nmap --stdin

2.0.1 [Jun 29th, 2021]:

• [FIX] Show help if no subcommand is provided

2.0.0 [Jun 29th, 2021]:

• [MOD] Change commands to verbs
• Enable and disable Workspaces
• Fix to use cmd2 2.0 and update requirements
• Show message if license is expired
• [MOD] Change to V3 api of faraday
• Add command to upload evidence to vuln

1.1.1 [Jun 9th, 2021]:

• Fix to use cmd2 2.0 and update requirements
• Show message if license is expired
• [MOD] Change to V3 api of faraday

1.1.0 [Apr 16th, 2021]:

• Add new command to process a tool execution
• Add command to list vulnerabilities
• Add versions to dependencies
• Add setting to ignore INFO vulns
• Show only active workspaces by default unless you use the --show-inactive parameter
• [MOD] Add support for tags
• Update faraday_plugins version dependency
• Fix create_hosts docs typo
• Show user in status
• [MOD] Update faraday-plugins

1.0.2 [Feb 17th, 2021]:

• ADD documentation (made with mkdocs)
• MOD Convert some command and help to plural
• FIX Exit shell in case of invalid authorization result
• FIX faraday 3.14.1 updated security lib, and make login bugged

1.0.1 [Jan 4th, 2021]:

• Fix error in list_host command

1.0.0 [Dec 28th, 2020]:

• Add List Services command
• Change the import command/report message
• Add support for executive reports
• Show in status if token is valid

0.1.0 [Aug 28th, 2020]:

• First version released, use with caution as it is still beta phase.
• Access a faraday server from your CLI, your CI o any other bash interpreter.