python-faraday 介绍

Faraday 引入了一个新的概念——IPE IDE(集成渗透测试环境)多用户渗透测试。专为分布、指数化和分析数据的生成在安全审计。

Faraday的主要目的是重用现有的社区中利用多用户的方式的工具。

设计为简单起见,用户应该注意没有区别自己的终端应用程序和一个包含在Faraday。开发一套专用的功能,帮助用户改善他们自己的工作。你还记得自己没有IDE编程?嗯,从渗透测试的角度,Faraday IDE为你在编程时也做同样的事情。

工具来源 主页:
Faraday 主页
python-faraday 安装包下载
Faraday 仓库

Author: Infobyte LLC
License: GPLv3

python-faraday IDE协作渗透测试

root@kali:~# python-faraday -h
usage: faraday.py [-h] [-n HOST] [-px PORT_XMLRPC] [-pr PORT_REST] [-d]
        [--profile] [--profile-output PROFILE_OUTPUT]
        [--profile-depth PROFILE_DEPTH] [--disable-excepthook]
        [--dev-mode] [--ignore-deps] [--update] [--cert CERT_PATH]
        [--gui GUI] [--cli] [-w WORKSPACE] [-r FILENAME]

Faraday's launcher parser.

optional arguments:
  -h, --help 显示帮助,
  -d, --debug debug 模式,Default = disabled
  --disable-excepthook 禁用应用程序异常钩,允许开发人员发送错误报告,
  --dev-mode 使开发模式,这将使用用户配置和插件文件夹中,
  --ignore-deps 忽略python依赖项
  --update 更新,
  --cert CERT_PATH 指定CouchDB路径有效证书,
  --gui GUI 选择图形界面,默认为GTK,
  --cli 选择字符界面,,
  -w WORKSPACE, --workspace WORKSPACE 打开工作区,
  -r FILENAME, --report FILENAME 报告给cli解析,

connection:
  -n HOST, --hostname HOST 服务器的主机名,api会听(XMLRPC和RESTful)。默认= localhost ,
  -px PORT_XMLRPC, --port-xmlrpc PORT_XMLRPC 设置api XMLRPCServer 的监听端口,默认=9876
  -pr PORT_REST, --port-rest PORT_REST 设置api RESTful Server 的端口,默认=9977

profiling:
  --profile 使应用程序文件,当使用这个选项--profile-output和--profile-depth也可以使用,Default = disabled
  --profile-output PROFILE_OUTPUT nbsp;设置配置文件输出文件名,如果没有提供值,将使用标准输出,
  --profile-depth PROFILE_DEPTH 设置配置文件的条目数(深度), Default=500

Faraday 用法示例

Faraday是一个GUI应用程序,由工作区的ZSH终端、边栏区、主机的详细信息组成。


Faraday支持所运行的命令时,它会自动检测并导入结果。在下面的示例中,最初的nmap命令进入nmap-192.168.0.7,Faraday的动态转换。

>>> WELCOME TO FARADAY
[+] Current Workspace: dev1
[+] API: OK
[faraday](dev1) kali#  nmap -oX /root/.faraday/data/devel1_Nmap_output-3.46164772371.xml -A 192.168.0.7 2>&1 | tee -a tmp.tu0ldZUG2JgzuHvLOjBYEzBx3Bu7O

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-07 13:46 MST
Nmap scan report for pi-hole (192.168.0.7)
Host is up (0.0011s latency).
Not shown: 995 closed ports
PORT    STATE SERVICE    VERSION
22/tcp  open  ssh        OpenSSH 6.7p1 Raspbian 5+deb8u3 (protocol 2.0)
| ssh-hostkey:
|   1024 f7:5d:7c:e2:c5:46:32:19:08:e9:4b:79:5e:80:1c:83 (DSA)
|   2048 3c:f9:1d:ce:03:0f:2e:d2:17:05:77:af:81:54:32:fc (RSA)
|_  256 ea:20:d1:e0:e1:89:2c:65:9e:0d:d0:d0:e9:8b:9b:28 (ECDSA)
53/tcp  open  domain     dnsmasq 2.72
| dns-nsid:
|_  bind.version: dnsmasq-2.72
80/tcp  open  http       lighttpd 1.4.35
|_http-server-header: lighttpd/1.4.35
|_http-title: Welcome page
110/tcp open  tcpwrapped
143/tcp open  tcpwrapped
Device type: general purpose
Running: Linux 2.4.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.4.37 cpe:/o:linux:linux_kernel:3.2
OS details: DD-WRT v24-sp2 (Linux 2.4.37), Linux 3.2
Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 80/tcp)
HOP RTT     ADDRESS
1   0.27 ms 172.16.206.2
2   0.21 ms pi-hole (192.168.0.7)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 18.41 seconds
[faraday](devel1) kali#

nmap扫描完成后,双击下的主机主机选项卡将弹出关于主机的详细信息,它的服务,任何发现的漏洞。


优秀dirb实用程序还支持通过faraday的默认值:

[faraday](devel1) kali#  dirb http://192.168.0.23/commix-testbed -w 2>&1 | tee -a tmp.qNejUxvvrPpbGPVEfwf8OZOuM1F1E

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Tue Mar 7 13:58:52 2017
URL_BASE: http://192.168.0.23/commix-testbed/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
OPTION: Not Stoping on warning messages

-----------------

GENERATED WORDS: 4612

---- Scanning URL: http://192.168.0.23/commix-testbed/ ----
DIRECTORY: http://192.168.0.23/commix-testbed/css/
==> DIRECTORY: http://192.168.0.23/commix-testbed/fonts/
==> DIRECTORY: http://192.168.0.23/commix-testbed/img/
+ http://192.168.0.23/commix-testbed/index.php (CODE:200|SIZE:14346)
==> DIRECTORY: http://192.168.0.23/commix-testbed/js/
==> DIRECTORY: http://192.168.0.23/commix-testbed/readme/
---- Entering directory: http://192.168.0.23/commix-testbed/css/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
    (Use mode '-w' if you want to scan it anyway)

---- Entering directory: http://192.168.0.23/commix-testbed/fonts/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
    (Use mode '-w' if you want to scan it anyway)

---- Entering directory: http://192.168.0.23/commix-testbed/img/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
    (Use mode '-w' if you want to scan it anyway)

---- Entering directory: http://192.168.0.23/commix-testbed/js/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
    (Use mode '-w' if you want to scan it anyway)

---- Entering directory: http://192.168.0.23/commix-testbed/readme/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
    (Use mode '-w' if you want to scan it anyway)

-----------------
END_TIME: Tue Mar 7 14:04:24 2017
DOWNLOADED: 27672 - FOUND: 1

当扫描完成后,双击主机将其细节,包括dirb检测到的目录。


看看/usr/share/python-faraday /插件/回购目录,看看faraday其他应用的支持。


farady还包括一个功能齐全的web接口,它还提供给你、你的团队,和任何其他利害关系方的大量信息。