Merge branch 'white/master'

CHANGELOG/3.4/date.md

@@ -0,0 +1 @@
+December 6th, 2018

CHANGELOG/3.4/white.md

@@ -1,23 +1,14 @@
  * In GTK, check active_workspace its not null
-
  * Add fbruteforce services fplugin
-
-
  * Attachments can be added to a vulnerability through the API.
-
  * Catch gaierror error on lynis plugin
-
  * Add OR and NOT with parenthesis support on status report search
-
  * Info API now is public
  * Web UI now detects Appscan plugin
-
  * Improve performance on the workspace using cusotm query
-
  * Workspaces can be set as active/disable in welcome page.
  * Change Nmap plugin, response field in VulnWeb now goes to Data field.
-
  * Update code to support latest SQLAlchemy version
-
  * Fix `create_vuln` fplugin bug that incorrectly reported duplicated vulns
-
+ * Attachments on a vulnerability can be deleted through the API.
+ * Improvement in the coverage of the tests.

CHANGELOG/3.5/date.md

@@ -0,0 +1 @@
+Jan 16th, 2019

CHANGELOG/3.5/white.md

@@ -0,0 +1,18 @@
+ * Redesgin of new/edit vulnerability forms
+ * Add new custom fields feature to vulnerabilities
+ * Add ./manage.py migrate to perform alembic migrations
+ * Faraday will use webargs==4.4.1 because webargs==5.0.0 fails with Python2
+ * New system for online plugins using Threads, a few fixes for metasploit plugin online also.
+ * Fix Command "python manage.py process-reports" now stops once all reports have been processed
+ * Fix bug in query when it checks if a vulnerability or a workspace exists
+ * Fix Once a workspace is created through the web UI, a folder with its name is created inside ~/.faraday/report/
+ * The manage.py now has a new support funtionality that creates a .zip file with all the information faraday's support team will need to throubleshoot your issue
+ * Status-check checks PostgreSQL encoding
+ * Fix a bug when fail importation of reports, command duration say "In Progress" forever.
+ * Fix confirmed bug in vulns API
+ * Update websockets code to use latest lib version
+ * bootstrap updated to v3.4.0
+ * Manage.py support now throws a message once it finishes the process.
+ * Update Lynis to its version 2.7.1
+ * Updated arp-scan plugin, added support in the Host class for mac address which was deprecated before v3.0
+ * OpenVAS Plugin now supports OpenVAS v-9.0.3

CHANGELOG/RELEASE.md

@@ -2,38 +2,50 @@ IMPORTANT
 ===========
 
 Please be kind to remove all your pyc files before running faraday if you are updating this piece of software.
-Make sure you run ```./faraday.py --update``` the first time after an update!
+Make sure you run ```./manage.py migrate``` the first time after an update!
 
 
 New features in the latest update
 =====================================
 
 
-3.4:
+3.5 [Jan 16th, 2019]:
+---
+ * Redesgin of new/edit vulnerability forms
+ * Add new custom fields feature to vulnerabilities
+ * Add ./manage.py migrate to perform alembic migrations
+ * Faraday will use webargs==4.4.1 because webargs==5.0.0 fails with Python2
+ * New system for online plugins using Threads, a few fixes for metasploit plugin online also.
+ * Fix Command "python manage.py process-reports" now stops once all reports have been processed
+ * Fix bug in query when it checks if a vulnerability or a workspace exists
+ * Fix Once a workspace is created through the web UI, a folder with its name is created inside ~/.faraday/report/
+ * The manage.py now has a new support funtionality that creates a .zip file with all the information faraday's support team will need to throubleshoot your issue
+ * Status-check checks PostgreSQL encoding
+ * Fix a bug when fail importation of reports, command duration say "In Progress" forever.
+ * Fix confirmed bug in vulns API
+ * Update websockets code to use latest lib version
+ * bootstrap updated to v3.4.0
+ * Manage.py support now throws a message once it finishes the process.
+ * Update Lynis to its version 2.7.1
+ * Updated arp-scan plugin, added support in the Host class for mac address which was deprecated before v3.0
+ * OpenVAS Plugin now supports OpenVAS v-9.0.3
+
+3.4 [December 6th, 2018]:
 ---
  * In GTK, check active_workspace its not null
-
  * Add fbruteforce services fplugin
-
-
  * Attachments can be added to a vulnerability through the API.
-
  * Catch gaierror error on lynis plugin
-
  * Add OR and NOT with parenthesis support on status report search
-
  * Info API now is public
  * Web UI now detects Appscan plugin
-
  * Improve performance on the workspace using cusotm query
-
  * Workspaces can be set as active/disable in welcome page.
  * Change Nmap plugin, response field in VulnWeb now goes to Data field.
-
  * Update code to support latest SQLAlchemy version
-
  * Fix `create_vuln` fplugin bug that incorrectly reported duplicated vulns
-
+ * Attachments on a vulnerability can be deleted through the API.
+ * Improvement in the coverage of the tests.
 
 3.3 [Novemeber 14th, 2018]:
 ---

CHANGELOG/header.md

@@ -2,7 +2,7 @@ IMPORTANT
 ===========
 
 Please be kind to remove all your pyc files before running faraday if you are updating this piece of software.
-Make sure you run ```./faraday.py --update``` the first time after an update!
+Make sure you run ```./manage.py migrate``` the first time after an update!
 
 
 New features in the latest update

Jenkinsfile

@@ -19,7 +19,7 @@ node (label: "master"){
     stage ("Install Application Dependencies") {
         sh """
             source ${ENV_PATH}/bin/activate
-            pip install virtualenv responses
+            pip install virtualenv responses pytest-xdist
             pip install -U -r $WORKSPACE/requirements.txt
             pip install -U -r $WORKSPACE/requirements_server.txt
             pip install -U -r $WORKSPACE/requirements_extras.txt
@@ -70,7 +70,7 @@ node (label: "master"){
             withCredentials([string(credentialsId: 'postgresql_connection_string', variable: 'CONN_STRING')]) {
                 sh """
                     source ${ENV_PATH}/bin/activate
-                    cd $WORKSPACE && pytest -v --junitxml=$WORKSPACE/xunit-postgres.xml --connection-string "$CONN_STRING" || :
+                    cd $WORKSPACE && pytest -v --junitxml=$WORKSPACE/xunit-postgres.xml --connection-string "$CONN_STRING" -n 15 || :
                     deactivate
                 """
                 step([$class: 'CoberturaPublisher', autoUpdateHealth: false, autoUpdateStability: false, coberturaReportFile: '**/coverage.xml', failNoReports: false, failUnhealthy: false, failUnstable: false, maxNumberOfBuilds: 0, onlyStable: false, sourceEncoding: 'ASCII', zoomCoverageChart: false])

README.md

@@ -97,51 +97,66 @@ Faraday supports CSV Exporting from its WEB UI.
 
 ## Presentations
 
-* Ekoparty Security Conference - 2017:
-   * http://blog.infobytesec.com/2017/10/ekoparty-2017-review_23.html
+* Ekoparty ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/argentina.png):
+    [2010](http://vimeo.com/16516987) -
+    [2014](https://www.youtube.com/watch?v=_j0T2S6Ppfo) -
+    [2017](http://blog.infobytesec.com/2017/10/ekoparty-2017-review_23.html) -
+    [2018](http://blog.infobytesec.com/2018/10/ekoparty-2018-review_18.html)
 
-* Black Hat Arsenal Asia - 2017:
-   * https://www.blackhat.com/asia-17/arsenal.html#faraday
+* Black Hat:
+    * USA ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/usa.png):
+        [2011](http://www.infobytesec.com/down/Faraday_BH2011_Arsenal.pdf) -
+        [2015](https://www.blackhat.com/us-15/arsenal.html#faraday) -
+        [2016](https://www.blackhat.com/us-16/arsenal.html#faraday) -
+        [2017](https://www.blackhat.com/us-17/event-sponsors.html#faraday) -
+        [2018](https://www.blackhat.com/us-18/event-sponsors.html#faraday)
 
-* Zero Nights - 2016
-   * https://www.slideshare.net/AlexanderLeonov2/enterprise-vulnerability-management-zeronights16
+    * Asia ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/singapore.png):
+        [2016](https://www.blackhat.com/asia-16/arsenal.html#faraday) -
+        [2017](https://www.blackhat.com/asia-17/arsenal.html#faraday) -
+        [2018](https://www.blackhat.com/asia-18/arsenal.html#faraday-v3-collaborative-penetration-test-and-vulnerability-management-platform)
 
-* AV Tokio - 2016:
-   * http://en.avtokyo.org/avtokyo2016/event
+    * Europe ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/europe.png):
+        [2015](https://www.blackhat.com/eu-15/arsenal.html#faraday) -
+        [2016](https://www.blackhat.com/eu-16/arsenal.html#faraday)
 
-* Black Hat Arsenal USA - 2016:
+* RSA USA ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/usa.png):
+    [2015](https://www.rsaconference.com/events/us15/expo-sponsors/exhibitor-list/1782/infobyte-llc)
 
-   * https://www.blackhat.com/us-16/arsenal.html#faraday
+* HITBSecConf Dubai ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/uae.png):
+   [2018](https://conference.hitb.org/hitbsecconf2018dxb/hitb-armory/)
 
-* Black Hat Arsenal Europe - 2016
-   * https://www.blackhat.com/eu-16/arsenal.html#faraday
+* SecurityWeekly ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/usa.png):
+   [2016](http://securityweekly.com/2016/08/02/security-weekly-475-federico-kirschbaum/)
 
-* SecurityWeekly - 2016:
-   * http://securityweekly.com/2016/08/02/security-weekly-475-federico-kirschbaum/
+* Zero Nights ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/russia.png):
+   [2016](https://www.slideshare.net/AlexanderLeonov2/enterprise-vulnerability-management-zeronights16)
 
-* Bsides Latam - 2016:
-   * http://www.infobytesec.com/down/Faraday_BsideLatam_2016.pdf
+* AVTokyo ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/japan.png):
+    [2016](http://en.avtokyo.org/avtokyo2016/event) -
+    [2018](http://en.avtokyo.org/avtokyo2018/event)
 
-* Black Hat Arsenal Asia - 2016:
-   * https://www.blackhat.com/asia-16/arsenal.html#faraday
+* Tel Aviv-Yafo ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/israel.png):
+   [2018](https://www.meetup.com/infobyte/events/254031671/)
 
-* Black Hat Arsenal Europe - 2015:
-   * https://www.blackhat.com/eu-15/arsenal.html#faraday
+* SECCON ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/japan.png):
+   [2018](https://2018.seccon.jp/seccon/yorozu2018.html)
 
-* Black Hat Arsenal USA - 2015:
-   * https://www.blackhat.com/us-15/arsenal.html#faraday
-   * http://blog.infobytesec.com/2015/08/blackhat-2015_24.html
 
-* RSA - 2015:
-   * http://www.rsaconference.com/events/us15/expo-sponsors/exhibitor-list/1782/infobyte-llc
-   * http://blog.infobytesec.com/2015/05/infobyte-en-la-rsa-2015.html
+* PyConAr ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/argentina.png):
+   [2018](https://eventos.python.org.ar/events/pyconar2018/activity/75/)
 
-* Ekoparty Security Conference - 2014:
-   * https://www.youtube.com/watch?v=_j0T2S6Ppfo
+* 8.8 Chile ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/chile.png):
+   [2018](http://blog.infobytesec.com/2018/11/chronicles-of-trip-to-santiago-88-review.html)
 
-* Black Hat Arsenal - 2011
-   * http://www.infobytesec.com/down/Faraday_BH2011_Arsenal.pdf
+* CharruaCon ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/uruguay.png):
+   [2018](https://charrua.org/presentaciones2018/Love_is_in_the_air__Reverse_Engineering_a_hitty_drone.pdf)
 
-* Ekoparty Security Conference - 2010:
-   * http://prezi.com/fw46zt6_zgi8/faraday/
-   * http://vimeo.com/16516987
+* NotPinkCon ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/argentina.png):
+   [2018](https://twitter.com/NotPinkCon)
+
+* plusCODE ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/argentina.png):
+   [2018](http://pluscode.cc/portfolio_page/introduccion-practica-al-hardware-hacking/)
+
+* BSides LATAM ![](https://raw.github.com/wiki/infobyte/faraday/images/flags/brazil.png):
+   [2016](http://www.infobytesec.com/down/Faraday_BsideLatam_2016.pdf)

RELEASE.md

@@ -2,38 +2,50 @@ IMPORTANT
 ===========
 
 Please be kind to remove all your pyc files before running faraday if you are updating this piece of software.
-Make sure you run ```./faraday.py --update``` the first time after an update!
+Make sure you run ```./manage.py migrate``` the first time after an update!
 
 
 New features in the latest update
 =====================================
 
 
-3.4:
+3.5 [Jan 16th, 2019]:
+---
+ * Redesgin of new/edit vulnerability forms
+ * Add new custom fields feature to vulnerabilities
+ * Add ./manage.py migrate to perform alembic migrations
+ * Faraday will use webargs==4.4.1 because webargs==5.0.0 fails with Python2
+ * New system for online plugins using Threads, a few fixes for metasploit plugin online also.
+ * Fix Command "python manage.py process-reports" now stops once all reports have been processed
+ * Fix bug in query when it checks if a vulnerability or a workspace exists
+ * Fix Once a workspace is created through the web UI, a folder with its name is created inside ~/.faraday/report/
+ * The manage.py now has a new support funtionality that creates a .zip file with all the information faraday's support team will need to throubleshoot your issue
+ * Status-check checks PostgreSQL encoding
+ * Fix a bug when fail importation of reports, command duration say "In Progress" forever.
+ * Fix confirmed bug in vulns API
+ * Update websockets code to use latest lib version
+ * bootstrap updated to v3.4.0
+ * Manage.py support now throws a message once it finishes the process.
+ * Update Lynis to its version 2.7.1
+ * Updated arp-scan plugin, added support in the Host class for mac address which was deprecated before v3.0
+ * OpenVAS Plugin now supports OpenVAS v-9.0.3
+
+3.4 [December 6th, 2018]:
 ---
  * In GTK, check active_workspace its not null
-
  * Add fbruteforce services fplugin
-
-
  * Attachments can be added to a vulnerability through the API.
-
  * Catch gaierror error on lynis plugin
-
  * Add OR and NOT with parenthesis support on status report search
-
  * Info API now is public
  * Web UI now detects Appscan plugin
-
  * Improve performance on the workspace using cusotm query
-
  * Workspaces can be set as active/disable in welcome page.
  * Change Nmap plugin, response field in VulnWeb now goes to Data field.
-
  * Update code to support latest SQLAlchemy version
-
  * Fix `create_vuln` fplugin bug that incorrectly reported duplicated vulns
-
+ * Attachments on a vulnerability can be deleted through the API.
+ * Improvement in the coverage of the tests.
 
 3.3 [Novemeber 14th, 2018]:
 ---

VERSION

@@ -1 +1 @@
-3.4
+3.5.0

apis/rest/api.py

@@ -52,13 +52,11 @@ def startAPIs(plugin_controller, model_controller, hostname, port):
     ioloop_instance = IOLoop.current()
     _http_server = HTTPServer(WSGIContainer(app))
     hostnames = [hostname]
-    
+
     #Fixed hostname bug
     if hostname == "localhost":
-
         hostnames.append("127.0.0.1")
-    print hostname
-
+
     listening = False
     for hostname in hostnames:
         try:

bin/create_cred.py

@@ -54,7 +54,7 @@ def main(workspace='', args=None, parser=None):
             models.create_credential(workspace, obj)
             old = models.get_credential(workspace, **params)
     else:
-        print "A credential with ID %s already exists!" % old.getID()
+        print("A credential with ID %s already exists!" % old.getID())
         return 2, None
 
     return 0, old.getID()

bin/create_host.py

@@ -50,7 +50,7 @@ def main(workspace='', args=None, parser=None):
         else:
             return 0, None
     else:
-        print "A host with ID %s already exists!" % old_host.getID()
+        print("A host with ID %s already exists!" % old_host.getID())
         return 2, None
 
     return 0, old_host.getID()

bin/create_service.py

@@ -54,7 +54,7 @@ def main(workspace='', args=None, parser=None):
                 models.create_service(workspace, obj)
                 old = models.get_service(workspace, **params)
         else:
-            print "A service with ID %s already exists!" % old.getID()
+            print("A service with ID %s already exists!" % old.getID())
 
         res_ids.append(old.getID())
 

bin/create_vuln.py

@@ -62,16 +62,16 @@ def main(workspace='', args=None, parser=None):
             try:
                 old_id = ex.answer.json()['object']['_id']
             except KeyError:
-                print "Vulnerability already exists. Couldn't fetch ID"
+                print("Vulnerability already exists. Couldn't fetch ID")
                 return 2, None
             else:
-                print "A vulnerability with ID %s already exists!" % old_id
+                print("A vulnerability with ID %s already exists!" % old_id)
                 return 2, None
         else:
-            print "Unknown error while creating the vulnerability"
+            print("Unknown error while creating the vulnerability")
             return 2, None
     except CantCommunicateWithServerError as ex:
-        print "Error while creating vulnerability:", ex.response.text
+        print("Error while creating vulnerability:", ex.response.text)
         return 2, None
 
     new = models.get_vulns(

bin/create_vulnweb.py

@@ -82,7 +82,7 @@ def main(workspace='', args=None, parser=None):
             models.create_vuln_web(workspace, obj)
             old = models.get_web_vuln(workspace, **params)
     else:
-        print "A web vulnerability with ID %s already exists!" % old.getID()
+        print("A web vulnerability with ID %s already exists!" % old.getID())
         return 2, None
 
     return 0, old.getID()