One of the most common problems in IT is miscommunication. Especially in the security arena it is common to have multiple teams and companies involved in one assignment. Communication tends to be an issue, and a lack of collaboration can be crucial to the resolution of the task at hand.
Having done security assessments for over 10 years, we always found ourselves needing to know the results of the tests performed by other team members. Sharing the knowledge of the system proved to be useful not only to avoid overlapping but also to reuse what we had found.
Our Red Team Services and Faraday tries to tackle this problem by easily facilitating collaboration between team members in a non-invasive way. Instead of creating yet another tool to let team members speak to one another, we created a framework that helps data speak for itself.
CISOs and managers can now see in real-time the impact and risks uncovered from the assessments being done to their infrastructure without the need to send a single email.
Pentesters use a lot of tools on a daily basis, and everybody has a "favorite" toolset, ranging from full blown vulnerability scanners to in-house tools. Instead of trying to change the way people like to work, we designed Faraday as a bridge that allows tools to work in a collaborative way on a single platform. Faraday's plug-in engine currently supports more than 40 well known tools but also provides an easy-to-use API to support custom tools.
All the information uploaded in Faraday can be queried, filtered and exported to feed other tools. For example, extracting all discovered hosts that have SSH in order to perform mass brute force or see which commands or tools have been executed. All this helps to increase the coverage of the tests being done.
Besides helping penetration testers, project managers can also benefit from a central database containing several assessments at once. All the information is recorded in one central database which allows for quick and easy access both for internal teams and outside providers.