fplugin improvement

[s0i37]

Hello. What's the problem this feature will solve? Pentesters use many tools include own scripts. Not all of these can create report which understand faraday. I want to propose to improve current CLI infrastructure.

I couldn't find any approaches to manage a few simple operations like create or show vulns and so on.

For example I can't create new service for some host: fplugin create_service 1.2.3.4 someservice 443 This script requires some parent parameter. What is the parent? Where I can find this?

Also I can't create new vuln from CLI: fplugin create_vuln --severity info --description 'some descr' Host 1.2.3.4 or fplugin create_vuln --severity info --description 'some descr' Host 1.2.3.4 Service 443 And show vulns: fplugin filter_vulns -p 80,443 --severety info or fplugin filter_vulns 'some descr' This script is not exist at all. BTW, internal database of metasploit has a huge disadvantage - impossibility of creating a notes for service (just host). In same time faraday alllow it, but I don't know why do you don't provide this scripts :-D

Show hostnames: fplugin list_hosts

Of course I can do all of these from GUI. But hackers always prefer CLI before GUI. Lets imagine situation when we need to add some information for hundred ports from for example hping3 tool or some third-party script. Please make your fplugin scripts more useful and convenient like a commands hosts/services/notes/vulns/creds in metasploit. Thank you.

[llazzaro]

Hi,

Thanks for your feedback. Did you try to use our API to solve this issue? Our API support all operations on FaradaySEC Models.

I recommend using our bulk_create API endpoint which accepts a JSON with all the information you want to send.

For example:

        'hosts': [
            {
                'ip': '192.168.0.1',
                'description': 'Host description, example: Router',
                'vulnerabilities': [
                    {
                        'name': 'Default root password',
                        'severity': 'critical',
                        'desc': 'YOur router uses default password admin',
                        'type': 'Vulnerability',
                    }
                ],
                'credentials': [
                    {
                        'name': 'admin',
                        'username': 'admin',
                    }
                ],
                'services': [
                    {
                        'name': 'ssh',
                        'protocol': 'tcp',
                        'port': 22,
                        'vulnerabilities': [
                            {
                                'name': 'Insecure OpenSSH version',
                                'severity': 'high',
                                'desc': 'An insecure OpenSSH version was found',
                                'type': 'Vulnerability',
                            }

                        ]
                    }
                ]
            }
        ]
    }

The previous JSON will create a host with a vulnerability called Default root password and service with a vulnerability called Insecure OpenSSH version.

You could also try to send a JSON with a list of several hosts with the respective services to the bulk create an endpoint, vulnerabilities are optional.

To use the bulk create to send a POST request to the URL _api/v2/ws/<workspace_name>/bulk_create/ with content-type application/json

You can see all the API endpoints by running: faraday-manage show-urls

If you want to integrate with another tool check how to create a plugin https://github.com/infobyte/faraday/wiki/Basic-plugin-development on our https://github.com/infobyte/faraday_plugins.

Feel free to open an issue to request a plugin for a tool. We are very close to release our API documentation soon, but you can check here some doculementation https://github.com/infobyte/faraday/wiki/API-Server

Thanks!

[fedek]

PSA: The component fplugin is deprecated please refer to faraday-cli, closing this issue.