Skip to content

Faraday

Official Documentation: https://faradaysec.com/penetration-testing-reporting/

Cheat Sheet: Faraday Commands

Purpose

Faraday is a collaborative penetration testing IDE that centralizes results, provides issue tracking, and integrates many security tools for team workflows.

Scenarios

  • CTF: Share discoveries and scan outputs with teammates in real time to divide tasks and avoid duplication.
  • Real world: Centralize scan results (Nmap, Nikto, SQLmap), annotate findings, track remediation status, and generate reports.

All needed info to run

  • Deployment: Faraday Server + Client (Docker images available) or package installs. Typical ports: 5985 (API/UI) depending on version.
  • Basic workflow:
  • Start Faraday server and web UI (or use docker-compose).
  • Create workspace and invite team members.
  • Import scan outputs (Nmap, Nessus, Burp, OpenVAS) via UI or CLI importer.
  • Tag findings, add notes, and link evidence (screenshots, pcap).
  • Export reports (CSV, HTML) or integrate with issue trackers (Jira).
  • CLI import examples: faraday_importer -i nmap.xml -w workspace_name (actual CLI depends on installed package/version).
  • Integrations: many scanners, issue trackers, and CI pipelines.

Example commands & outputs

# Example docker-compose quickstart (depends on version)
$ docker-compose up -d
# Output: starts faraday-server, faraday-client containers, UI accessible at configured port

# Import an Nmap XML from server CLI (example helper)
$ faraday-import nmap -f nmap.xml -w myworkspace
# Output:
# Imported 12 hosts and 34 services into workspace "myworkspace"

# Use web UI: open server URL, select workspace, view hosts/services, add issues and notes
# Export CSV/HTML from the Export menu

Faraday Basics

  • Faraday centralizes many tool outputs — import scanner XMLs to build a single source of truth.
  • Use workspaces per engagement and control user permissions for collaboration.
  • Integrates with trackers (Jira) and CI for automated workflows.
  • CLI import helper names may vary by version — check faraday --help or package docs.

Faraday Commands