Faraday: continuous scanning

by faraday
Download
.json - original recording .txt - plain text version .gif - animated GIF
GNU/Linux xterm bash 489 views

Doing a security audit for your infrastructure, web site or services whether it be annually or every six months is a great first step to better securing your systems, but in many cases it is not enough.

Adding to that, if the audit only involves one tool, our attack surface unfortunately is pretty small.

The idea of this post is to tell everyone about how to use the Faraday platform to be able to do continuous scannings using almost all the auditing tools on the market.

The goal will be to do a scan every week or by events after a set of targets with different tools and obtain all the results on your Faraday platform. This should allow you to detect and mitigate new issues in your infrastructure.

While it is always necessary to conduct regular manual security audits (at least for the time being the software is not better than people). By doing continuous scannings it can help a company pick off a lot of the low hanging fruit and let them concentrate on trickier stuff.

More recordings by faraday

Cross Distribution Exploit Testing 0:25

by faraday

Cross Distribution Exploit Testing - Part 2 2:54

by faraday
Share this recording
https://asciinema.org/a/26710
Copied!

Append ?t=30 to start the playback at 30s, ?t=3:20 to start the playback at 3m 20s.

See sharing docs for more link customization options.

Embed as image link

Use snippets below to display a preview image linking to this recording.
Ideal for places where scripts are not allowed, such as project README files.

HTML: 

<a href="https://asciinema.org/a/26710" target="_blank"><img src="https://asciinema.org/a/26710.svg" /></a>
Copied!

Markdown: 

[![asciicast](https://asciinema.org/a/26710.svg)](https://asciinema.org/a/26710)
Copied!

Embed the player

If you're embedding on your own page or on a site which permits script tags, you can use the full player widget:

<script src="https://asciinema.org/a/26710.js" id="asciicast-26710" async="true"></script>
Copied!

Paste the above script tag where you want the player to be displayed on your page.

See embedding docs for more player customization options.

Download this recording

You can download this recording in asciicast v1 format, as a .json file.

Download

Replay in terminal

You can replay the downloaded recording in your terminal using the asciinema play command: 

asciinema play 26710.json
Copied!

If you don't have asciinema CLI installed then see installation instructions.

Use with stand-alone player on your website

Download asciinema player from the releases page (you only need .js and .css file), then use it like this: 

<!DOCTYPE html>
<html>
<head>
  <link rel="stylesheet" type="text/css" href="/assets/asciinema-player.css" />
</head>
<body>
  <div id="player"></div>
  <script src="/assets/asciinema-player.min.js"></script>
  <script>
    AsciinemaPlayer.create(
      '/assets/26710.json',
      document.getElementById('player'),
      { cols: 93, rows: 24 }
    );
  </script>
</body>
</html>

See asciinema player quick-start guide for full usage instructions.

Generate GIF from this recording

While this site doesn't provide GIF conversion at the moment, you can still do it yourself with the help of asciinema GIF generator utility - agg.

Once you have it installed, generate a GIF with the following command:

agg https://asciinema.org/a/26710 demo.gif
Copied!

Or, if you already downloaded the recording file:

agg demo.cast demo.gif
Copied!

Check agg --help for all available options. You can change font family and size, select color theme, adjust speed and more.

See agg manual for full usage instructions.