Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multi-user Penetration test IDE. Designed for distribution, indexation and analysis of the data generated during a security audit.
The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multi-user way.
Designed for simplicity, users should notice no difference between their own terminal application and the one included in Faraday. Developed with a specialized set of functionalities that help users improve their own work. Do you remember yourself programming without an IDE? Well, Faraday does the same as an IDE does for you when programming, but from the perspective of a penetration test.
Faraday also has multiple differences in platform models. They take the usual business model of Community edition, which is a stripped down version, and then paid for versions which have additional tools and features. For this blog post we will be focusing on the Community edition, and thus will be using this instruction guide for setup.
Before installing I will be downloading and install a fresh install of Kali Linux to keep everything uniform and clean. This will also help to illustrate how to intertwine a server/client setup. Faraday sever could in fact be setup on the client as well, but typically you want to keep your Kali machine in a state that can easily be blown (deleted) and rebuilt in a short time. Thus, separating persistent data and the testing environments work best for this setup. In the screenshot below you an see that I am importing the Kali Linux ova into VMware with the title FaradayServer.
Once booted into Kali I am going to run the standard update and upgrade to make sure the OS is on the latest versions of software
apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y
Now that the operating system is fully up to date we can download the necessary Faraday files.
# I typically will move into the Downloads folder first, but this is optional $ cd ~/Downloads $ git clone https://github.com/infobyte/faraday.git faraday-dev $ cd faraday-dev # now we want to move to the dev branch for additional scripts $ git checkout dev
Faraday Server is built with minimum requirements. This is by design, so you can install it even on the most bare-bones machine you can possibly imagine. You can run the following command to install the required dependencies on any the Kali Linux based distribution. If you are installing on a different operating system look in the installation link above for different dependencies.
$ sudo apt-get install build-essential ipython python-setuptools \ python-pip python-dev libssl-dev libffi-dev couchdb \ pkg-config libssl-dev libffi-dev libxml2-dev \ libxslt1-dev libfreetype6-dev libpng-dev
Once you have the required system dependencies, you just have to install the Python modules needed to run the server using
$ pip2 install -r requirements_server.txt
The pip command is a tool for installing and managing Python packages, such as those found in the Python Package Index. Pip does come pre-installed on Kali Linux 2018.2, but if you need to install it the following guide should walk you through the appropriate steps.
As well, Faraday server comes with a convenient
install.sh script that will automate the installation of the necessary files. You can run this install script by simply typing
./install.sh. For my blog post I will be utilizing the PostgreSQL database since Kali and Metasploit already rely on it. Therefore, we need to make sure PostgreSQL is running.
$ /etc/init.d/postgresql start # or $ service postgresql start
Finally we can initialize the database with some user data so we can login. This can be done with the
dev branch of Faraday by using the
manage.py script. Using the following command with initialize the database.
$ python manage.py initdb
Take note of this username and password listed here, as this will be how you will login to the Faraday Server. You can start the Faraday server by running one of the two commands shown below:
$ cd ~/Downloads/faraday-dev # start with debugging $ python2 faraday-server.py # start headless python2 faraday-server.py --start
Now you can simply navigate in your browser to http://localhost:5985.
Using the credentials we took note of earlier we can simply login to Faraday Server, and be greeted with the Welcome screen.
From here you can click on the
Dashboard button to be taken to the dashboard, which will give us access to the
User Accounts link. In the top right hand corner there should be a link like the one shown below.
I highly recommend changing your password at this time to something more secure. This can be done by clicking the
Change password button, and typing the current and new password into the fields. Take note of the password requirements that Faraday enforces.
Now that we have the server up and running we can now tie in the clients to this server. For this demonstration I will be using a separate Kali instance to show the connection between two machines.
To begin we need to change a setting on the Faraday Server side. Faraday must be setup to accept connections on external interfaces. We can stop the Faraday Server from within the
faraday-dev directory by using the same command used to start. The command is
python2 faraday-server.py --stop. Now the following commands will help us navigate to the appropriate directory and make the change.
$ cd ~/.faraday/config/ # we need to change server.ini [faraday-server] ... bind_address=0.0.0.0
Once the change has been completed you may restart the Faraday Server with the
python2 faraday-server.py --start inside of the
faraday-dev directory. Now we can configure the Faraday Client. The Faraday Client is the software which will allow you to work with your favorite security tools and capture their output in an organized manner. Much like how we installed the server side, we will also be downloading the dev on the second Kali instance.
$ cd ~/Downloads/ $ git clone https://github.com/infobyte/faraday.git faraday-dev $ cd faraday-dev $ git checkout dev # Install the dependencies $ sudo apt-get install libpq-dev python-pip python-dev gir1.2-gtk-3.0 gir1.2-vte-2.91 python-gobject zsh curl # Install the required packages. $ pip2 install -r requirements.txt # If you are working inside a VM you will also need these two additional # dependencies $ pip2 install vext $ pip2 install vext.pygtk
Now we can launch the Faraday Client, and have it connect back to the server. To launch Faraday client simply run this command from within the Dev directory:
python2 faraday.py. You should get a screen like the one shown below.
Simply follow along with the input prompts entering the information from your Faraday Server. As you can see from the screenshot below the Faraday Client reports that we have successfully connected back to the Faraday Server. Once this finishes Faraday will open the Python GTK GUI for the Faraday Client.
Here we can enter the name of the workspace we will be entering data into. The workspace feature helps keep the different assessments organized either between different projects or even different customers.
We can now inject information into the Faraday Server by running some standard Kali tools directly from the ZSH shell that has spawned from the client. To begin with I will simply try a standard nmap scan of the Faraday Server.
As you can see from the screenshot above when running Nmap from within the ZSH shell Faraday automatically recognizes Nmap and will add additional commands to send the information back to the Faraday Server. Now when we return to the Server Dashboard we should see that information of the workspace and even the host that was scanned as been populated.
Excellent! At this point, we have setup a Faraday Server on a standalone Kali instance and tied in our testing Kali machine into the server. From here we could easily add more Kali machines for different engineers to feed data in. Additionally, there are many different plugins that are already supported by Faraday and can be referenced here. However, there is also the ability to custom write plugins using the Python API extension, which is also defined in the link above.
Thanks for reading!