lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 21 Dec 2015 16:43:08 -0300
From: Francisco Amato <famato@...obytesec.com>
To: fulldisclosure@...lists.org
Subject: [FD] Faraday v1.0.16: (Group vulns by fields, Filter false-positives,
 Canvas plugin)

We are proud to present Faraday v1.0.16!

This version comes with major changes to our Web UI, including the
possibility to mark vulnerabilities as false positives. You can now
create an Executive Report using only confirmed vulnerabilities,
saving you even more time.

A brand new feature that comes with v1.0.16 is the ability to group
vulnerabilities by any field in our Status Report view. Combine it
with bulk edit to manage your findings faster than ever!

This release also features several new features developed entirely by
our community.

Changes:
* Added group vulnerabilities by any field in our Status Report
* Added port to Service type target in new vuln modal
* Filter false-positives in Dashboard, Status Report and Executive Report

Filter in Status Report view
* Added Wiki information about running Faraday without configuring
CouchDB https://github.com/infobyte/faraday/wiki/APIs
* Added parametrization for port configuration on APIs
* Added scripts to:
    - get all IPs from targets that have no services
(/bin/getAllIpsNotServices.py)
    - get all IP addresses that have defined open port
(/bin/getAllbySrv.py) and get all IPs from targets without services
(/bin/delAllVulnsWith.py)
            It's important to note that both these scripts hold a
variable that you can modify to alter its behaviour.
/bin/getAllbySrv.py has a port variable set to 8080 by default.
/bin/delAllVulnsWith.py does the same with a RegExp
* Added three Plugins:
    - Immunity Canvas
    - Dig
    - Traceroute
* Refactor Plugin Base to update active WS name in var
* Refactor Plugins to use current WS in temp filename under
$HOME/.faraday/data. Affected Plugins:
    - amap
    - dnsmap
    - nmap
    - sslcheck
    - wcscan
    - webfuzzer
    - nikto

Bug fixes:
* When the last workspace was null Faraday wouldn't start
* CSV export/import in QT
* Fixed bug that prevented the use of "reports" and "cwe" strings in
Workspace names
* Unicode support in Nexpose-full Plugin
* Fixed bug get_installed_distributions from handler exceptions
* Fixed bug in first run of Faraday with log path and API errors

More information:
https://github.com/infobyte/faraday
http://blog.infobytesec.com/2015/12/presenting-faraday-1016.html

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ