search

Faraday Integration

Faraday is a collaborative vulnerability management platform. reconFTW integrates with Faraday to automatically import scan results.

hashtag
What is Faraday?

Faraday provides:

  • Centralized vulnerability database

  • Team collaboration features

  • Report generation

  • Integration with 80+ security tools

  • Workspace management

hashtag
Prerequisites

hashtag
Faraday Installation

# Docker installation (recommended)
docker pull faradaysec/faraday:latest
docker run -d --name faraday -p 5985:5985 faradaysec/faraday

# Or native installation
pip install faradaysec

hashtag
Faraday Setup

  1. Access Faraday web interface: http://localhost:5985

  2. Create admin account

  3. Create workspace for your project

  4. Generate API token

hashtag
Configuration in reconFTW

hashtag
Enable Faraday Integration

hashtag
secrets.cfg Setup

hashtag
Data Imported to Faraday

reconFTW automatically sends:

Data Type
Source
Faraday Entity

Hosts

Subdomain resolution

Host

Services

Port scan (nmap)

Service

Vulnerabilities

Nuclei results

Vulnerability

CVEs

Nmap vulners script

Vulnerability

hashtag
Integration Flow

hashtag
Workspace Management

hashtag
Create Workspace

hashtag
Workspace Strategy

Strategy
Description
Use Case

Per-target

One workspace per domain

Isolated scans

Per-program

One workspace per bug bounty

Program tracking

Unified

Single workspace

Overview of all targets

hashtag
Viewing Results

hashtag
Faraday Web Interface

  1. Open http://localhost:5985

  2. Select workspace (reconftw)

  3. Navigate to:

    • Hosts: All discovered hosts with IPs

    • Services: Ports and services per host

    • Vulns: All vulnerabilities by severity

hashtag
Faraday CLI

hashtag
Report Generation

hashtag
Built-in Reports

Faraday generates reports in multiple formats:

  • PDF

  • HTML

  • Markdown

  • CSV

hashtag
Custom Templates

hashtag
Advanced Configuration

hashtag
Severity Mapping

reconFTW maps nuclei severities to Faraday:

Nuclei Severity
Faraday Severity

critical

Critical

high

High

medium

Medium

low

Low

info

Informational

hashtag
Custom Fields

hashtag
Bulk Import

For large scans, results are batched:

hashtag
Troubleshooting

hashtag
Connection Issues

hashtag
Authentication Errors

hashtag
Missing Data

  1. Check workspace exists

  2. Verify scan completed successfully

  3. Review Faraday logs: docker logs faraday

hashtag
Duplicate Entries

Faraday deduplicates by:

  • Host: IP address

  • Service: IP + port + protocol

  • Vulnerability: Name + host + service

hashtag
Best Practices

  1. Workspace naming: Use consistent naming convention

  2. Token security: Keep API token in secrets.cfg

  3. Regular cleanup: Archive old workspaces

  4. Backup: Export workspaces regularly

  5. Access control: Use Faraday roles for team access

hashtag
Alternative: Manual Import

If automatic integration fails, import manually:

hashtag
Next Steps

PreviousAxiom IntegrationNextDeployment Guide

Last updated