Skip to content

Faraday Cli

Use Faraday directly from your favorite terminal. faraday-cli is the official client that make automating your security workflows, easier.

Examples

Here you have some snippets of different workflows you can generate using faraday-cli

One-line Continuous Scan

Scan assets from workspace.

$ faraday-cli list_hosts -ip | nmap -iL - -oX /tmp/nmap.xml && faraday-cli process_report -w other_ws /tmp/nmap.xml

Scan your subdomains

Use a tool like assetfinder to do a domains lookup, scan them with nmap and send de results to faraday

$ assetfinder -subs-only example.com| sort | uniq |awk 'BEGIN { ORS = ""; print " {\"target\":\""}
{ printf "%s%s", separator, $1, $2
separator = ","}END { print "\"}" }' | faraday-cli  run_executor -a 1 -e nmap --stdin

Send Faraday Executive Reports by mail

Run a dalily scan and send your report

$ faraday-cli generate_executive_report -t \'"generic_default.docx (generic)"\' --confirmed -o /tmp/report.docx && echo "Faraday Daily Report" | mail -s "Daily Report" user@example.com -A /tmp/report.docx

Load your assets from your cloud provider

Here you can list your assets using a cli from your provider (in this example Digital Ocean), then generate a json with that information and use faraday-cli to send it to faraday.

$ doctl compute droplet list --format PublicIPv4,Name --no-header | awk 'BEGIN { ORS = ""; print " ["}
{ printf "%s{\"ip\": \"%s\", \"description\": \"%s\"}", separator, $1, $2
separator = ", "}END { print "] " }' | faraday-cli create_hosts --stdin