Page 1
http://www.infobytesec.com
Francisco AmatoFaraday
BsideLatam 2016
Page 2
WHOAMI
http://www.infobytesec.com
ContactFrancisco Amato
[email protected] @famato
https://www.faradaysec.com
Page 3
WHOAMI
http://www.infobytesec.com
Ekoparty
Page 4
WHOAMI
http://www.infobytesec.com
#Eko12 October 26, 27, 28
Page 5
Introduction
http://www.infobytesec.com
Agenda
• Penetration Test • Faraday Platform• Testing Lab
Page 6
Introduction
http://www.infobytesec.com
Penetration Test
• Collaborative• Reporting• Vulnerability Assessment• Issues• Task
Page 7
Introduction
http://www.infobytesec.com
Faraday
• Collaborative Penetration Test• Vulnerability Management Platform• An Integrated Multiuser Risk Environment that maps and leverages all the knowledge you generate in real time.
Page 8
Faraday
http://www.infobytesec.com
Open Source - v1.0.20
Page 9
Platforms
http://www.infobytesec.com
Page 10
Introduction
http://www.infobytesec.com
Interfaces
• QT• GTK• ZSH• Web
Page 11
Interfaces
http://www.infobytesec.com
QT - Deprecated
Page 12
Interfaces
http://www.infobytesec.com
GTK
Page 13
Interfaces
http://www.infobytesec.com
ZSH
Page 14
Interfaces
http://www.infobytesec.com
Web-UI
Page 15
Plugins
http://www.infobytesec.com
50+
Page 16
Plugins
http://www.infobytesec.com
Types
Console (Nmap, Nikto, etc)Report (Nessus, Acunetix, ZAP )Api (BeFF, Metasploit, Burp)
Page 17
Database
http://www.infobytesec.com
CouchDB
Page 18
Vulnerability Database
http://www.infobytesec.com
Page 19
Workspaces
http://www.infobytesec.com
Page 20
Dashboard
http://www.infobytesec.com
Page 21
Dashboard
http://www.infobytesec.com
Page 22
Status Report
http://www.infobytesec.com
Page 23
Status Report
http://www.infobytesec.com
Page 24
Hosts
http://www.infobytesec.com
Page 25
Faraday Plugin
http://www.infobytesec.com
Page 26
Faraday Plugin
http://www.infobytesec.com
Page 27
Continuous Scanning
http://www.infobytesec.com
Page 28
APIs
http://www.infobytesec.com
Faraday
- RPC API 127.0.0.1:9876- RESTful 127.0.0.1:9977
Page 29
Get Involve!
http://www.infobytesec.com
* https://groups.google.com/d/forum/faradaysec* Freenode: #faraday-dev* http://twitter.com/faradaysec* http://github.com/infobyte/faraday
Page 30
Faraday Awards
http://www.infobytesec.com
Page 31
Labs!
http://www.infobytesec.com
Labs!