Skip to content

Faraday Cli

Use Faraday directly from your favorite terminal. faraday-cli is the official client that make automating your security workflows, easier.


Here you have some snippets of different workflows you can generate using faraday-cli

One-line Continuous Scan

Scan assets from workspace.

$ faraday-cli host list -ip -w other_ws | nmap -iL - -oX /tmp/nmap.xml && faraday-cli tool report -w other_ws /tmp/nmap.xml

One-Line to nmap to all the host in the workspace and import the results back to Faraday

To scan all the host list inside a workspace with nmap and import the results back to faraday.

for ip in $(faraday-cli host list -ip); faraday-cli tool run \"nmap -Pn -p443,80 -sV --script=+http-enum -vvv $ip\"

!!! info In this case it should have a workspace named "other_ws" with hostnames in it

Scan your subdomains

Use a tool like assetfinder to do a domains lookup, scan them with nmap and send the results to faraday

$ assetfinder -subs-only| sort | uniq |awk 'BEGIN { ORS = ""; print " {\"target\":\""}
{ printf "%s%s", separator, $1, $2
separator = ","}END { print "\"}" }' | faraday-cli agent run -a 1 -e nmap --stdin
!!! info For this purpouse, an agent is created and already connected to run the nmap executor

Send Faraday Executive Reports by mail

Run a daily scan and send your report

$ faraday-cli executive_report create -t \'"generic_default.docx (generic) (Word)"\' --confirmed -d /tmp/report.docx && echo "Faraday Daily Report" | mail -s "Daily Report" -A /tmp/report.docx

Load your assets from your cloud provider

Here you can list your assets using a cli from your provider (in this example Digital Ocean), then generate a json with that information and use faraday-cli to send it to faraday.

$ doctl compute droplet list --format PublicIPv4,Name --no-header | awk 'BEGIN { ORS = ""; print " ["}
{ printf "%s{\"ip\": \"%s\", \"description\": \"%s\"}", separator, $1, $2
separator = ", "}END { print "] " }' | faraday-cli host create --stdin

Too many secrets?