Francisco Amato

Hi everyone! Just to notify that today was released Faraday V3.0 ! I hope you all like it!

Introduction We are pleased to announce the newest version of Faraday v3.0. In this new version we have made major architecture changes to adapt our software to the new challenges of cyber security. We focused on processing large data volumes and to making it easier for the user to interact with Faraday in its environment.To install it you can checkout the new version on github or if you are a customer access to the portal to download the beta ova. Faraday just got much faster Architecture changes and a new database (PostgreSQL) gives us a new and revamped structure that allows us to support new objects and a bigger data volume. This dramatically improves most of the backend services that directly impact your day-to-day use.. Big changes require time The total amount of work, in terms of commits, for the migration consisted of 29% of the total work done for the the project to this day. We changed and reviewed around 75440 lines of code, including the addition a lot of unit tests. Commits per week on faraday code repository from July 2017 to June 2018 What’s new on the Backend New Server: Implemented with Flask. New Database engine: PostgreSQL. New REST API: With complete support for CRUD for every object from Faraday. It makes it simpler to do queries for the DB and it opens up new ways for personalized integrations. Run python manage.py show_urls to see all our new API endpoints. Example usage for getting hosts from the new api: Better scalability and performance improvements. There’s a drastic reduction in time needed for searches in our API and with the new architecture it’s significantly easier to scale-up horizontally. What’s new on the front For this version we listened to feedback from our users to make Faraday friendlier with a major focus on making specific data more readily available and a faster interface. The new dashboard The new dashboard has been organized with a new layout to show relevant information first, helping users to find vulnerable spots in their workspace. Updated Status Report We changed and simplified the status report design: Redesign of the hosts list Now you can add and remove columns, plus see and filter by hostnames and services: Small improvements that make your day Imports Scan Outputs directly from the Web UI. Now you can import results from your scans directly on our Web UI: Import Scan Outputs via API. Here’s an example of the new API: Dramatic performance upgrades. Simplification of the model we used. Say "adios" to the interface object. Access to the server using “/” instead of /_ui/ . Ability to edit the names of workspaces. New Plugins HP WebInspect IP360 More plugins: Sslyze Wfuzz Xsssniper Brutexss Recon-NG Sublist3r Dirsearch Full List of Changes Allow faraday-server to have multiple instances Add hostname to host Interface removed from model and from persistence server lib (fplugin) Performance improvements on the backend Add quick change workspace name (from all views) Allow user to change workspace New faraday styles in all Webui views Add search by id for vulnerabilities Add new plugin Sslyze Add new plugin Wfuzz Add xsssniper plugin Fix W3af, Zap plugins Add Brutexss plugin Allow to upload report file from external tools from the web Fix sshcheck import file from GTK Add reconng plugin Add sublist3r plugin Add HP Webinspect plugin Add dirsearch plugin Add ip360 plugin CouchDB was replaced by PostgreSQL :) Host object changed, now the name property is called ip Interface object was removed Note object was removed and replaced with Comment Communication object was removed and replaced with Comment Show credentials count in summarized report on the dashboard Remove vuln template CWE fields, join it with references Allow to search hosts by hostname, os and service name Allow the user to specify the desired fields of the host list table Add optional hostnames, services, MAC and description fields to the host list Workspace names can be changed from the Web UI Changed the scope field of a workspace from a free text input to a list of targets Exploitation and severity fields only allow certain values. CWE CVEs were fixed to be valid. A script to convert custom CSVs was added. Web UI path changed from /ui/ to / (ui has now a redirection to / for keeping backwards compatibility) dirb plugin should creates a vulnerability type information instead of a note. Add confirmed column to exported CSV from Webui Fixes in Arachni plugin Add new parameters --keep-old and --keep-new for faraday CLI Add new screenshot fplugin which takes a screenshot of the ip:ports of a given protocol Add fix for net sparker regular and cloud fix on severity Admin users can list and access all workspaces, even if they don't have permissions Removed Chat feature (data is kept inside notes) Plugin reports now can be imported in the server, from the Web UI Add CVSS score to reference field in Nessus plugin. Fix unicode characters bug in Netsparker plugin. Fix Qualys plugin. Fix bugs with MACOS and GTK. Add response field added to model in grouped report template. Add tooltip in WebUi with information about errors in executive report. Ldap now login is with user@domain.com, not user only anymore. Fix Jira bugs in WebUi We hope you enjoy it, and let us know if you have any questions or comments. https://www.faradaysec.comhttps://forum.faradaysec.com/https://www.faradaysec.com/ideashttps://github.com/infobyte/faradayhttps://twitter.com/faradaysec

You can use just Alfa https://www.amazon.com/Alfa-AWUS051NH-802-11a-Wireless-9dBi/dp/B003YH1X48?tag=wireleshackt-20

You can use powershell: Set-MpPreference -DisableRealtimeMonitoring $true Or just delete it: sc stop windefend sc delete windefend

Is it possible to do MiTM teacher's computer using the same AP network? maybe you can try to poison every AP using ettercap including the students

Hi there, do you have more info about the output? F options include any response. Are you using latest version of hydra? https://github.com/vanhauser-thc/thc-hydra Maybe you can try with medusa http://foofus.net/goons/jmk/medusa/medusa.html You have some youtube reference on burp as well:

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time without the need for a single email. Developed with a specialized set of functionalities that help users improve their own work, the main purpose is to re-use the available tools in the community taking advantage of them in a collaborative way! Check out the Faraday project in Github. Two years ago we published our first community version consisting mainly of what we now know as the Faraday Client and a very basic Web UI. Over the years we introduced some pretty radical changes, but nothing like what you are about to see - we believe this is a turning point for the platform, and we are more than happy to share it with all of you. Without further ado we would like to introduce you to Faraday 2.0! https://github.com/infobyte/faraday/releases/tag/v2.0 This release, presented at Black Hat Arsenal 2016, spins around our four main goals for this year: * Faraday Server - a fundamental pillar for Faraday's future. Some of the latest features in Faraday required a server that could step between the client and CouchDB, so we implemented one! It still supports a small amount of operations but it was built thinking about performance. Which brings us to objective #2... * Better performance - Faraday will now scale as you see fit. The new server allows to have huge workspaces without a performance slowdown. 200k hosts? No problem! * Deprecate QT3 - the QT3 interface has been completely erased, while the GTK one presented some versions ago will be the default interface from now on. This means no more problems with QT3 non-standard packages, smooth OSX support and a lighter Faraday Client for everyone. * Licenses - managing a lot of products is time consuming. As you may already know we've launched Faraday's own App Store https://appstore.faradaysec.com/ where you can get all of your favourite tools (Burp suite, IDA Debugger, etc) whether they're open source or commercial ones. But also, in order to keep your licenses up to date and never miss an expiry date we've built a Licenses Manager inside Faraday. Our platform now stores the licenses of third party products so you can easily keep track of your licenses while monitoring your pentest. With this new release we can proudly say we already met all of this year's objectives, so now we have more than four months to polish the details. Some of the features released in this version are quite basic, and we plan to extend them in the next few iterations. Changes: * Improved executive report generation performance. * Totally removed QT3, GTK is now the only GUI. * Added Faraday Server. * Added some basic APIs to Faraday Server. * Deprecated FileSystem databases: now Faraday works exclusively with Faraday Server and CouchDB. * Improved performance in web UI. * Added licenses management section in web UI. * Fixed bug when deleting objects from Faraday Web. * Fixed bug when editing services in the web UI. * Fixed bug where icons were not copied to the correct directory on initialization. * Added a button to go to the Faraday Web directly from GTK. * Fixed bug where current workspace wouldn't correspond to selected workspace on the sidebar on GTK. * Fixed bug in 'Refresh Workspace' button on GTK. * Fixed bug when searching for a non-existent workspace in GTK. * Fixed bug where Host Sidebar and Status Bar information wasn't correctly updated on GTK. * Fixed sqlmap plugin. * Fixed metasploit plugin. We hope you enjoy it, and let us know if you have any questions or comments. https://www.faradaysec.com https://github.com/infobyte/faraday https://twitter.com/faradaysec