Vulnerability Management: FARADAY

by
This entry is part 2 of 4 in the series Governance Risk Compliance

Views: 21

Faraday: Open Source Vulnerability Manager

Faraday is a powerful open-source vulnerability management platform designed to help cybersecurity teams streamline their pentesting, vulnerability assessment, and remediation processes. Built with a collaborative and automation-driven approach, Faraday enables security professionals to efficiently collect, analyze, and manage security findings from various tools in a centralized environment.

With support for multiple integrations, real-time collaboration, and automated reporting, Faraday enhances the workflow of red, blue, and purple teams. It allows organizations to track vulnerabilities across their infrastructure, prioritize risks, and improve security posture effectively. Whether you are conducting penetration tests, managing compliance, or handling large-scale security operations, Faraday provides the necessary features to enhance efficiency and decision-making.

In this guide, we will:

  • Install Faraday Community Edition on an Ubuntu machine using DEB packages.
  • Configure it for first-time use.
  • Import an OpenVAS scan report in XML format.

Installation (on Ubuntu)

Download the DEB from this link and run the following commands to install Faraday on Ubuntu machine.

sudo apt update && sudo apt upgrade -y
sudo apt install faraday-server_amd64.deb

After installation, add your user to the faraday group.

sudo usermod -aG faraday <YOUR_USERNAME>

Initialize the DB (first time only), use it for Faraday Web UI and change it:

zyber@VulnMGMT:~$ faraday-manage initdb
2025-03-13T11:36:09+0100 - faraday.server.config - INFO {MainThread} [pid:10004] [config.py:72 - copy_default_config_to_local()]  Local faraday-server configuration created at /home/faraday/.faraday/config/server.ini
2025-03-13T11:36:09+0100 - faraday.server.app - WARNING {MainThread} [pid:10004] [app.py:466 - create_app()]  No storage section or path in the .faraday/config/server.ini. Setting the default value to .faraday/storage
2025-03-13T11:36:09+0100 - faraday.server.app - INFO {MainThread} [pid:10004] [app.py:494 - create_app()]  Missing [database] section on server.ini. Please configure the database before running the server.
/nix/store/q77nskf89iv0ararp6ab87h48qldhw1a-python3.10-flask-sqlalchemy-2.5.1/lib/python3.10/site-packages/flask_sqlalchemy/__init__.py:851: UserWarning: Neither SQLALCHEMY_DATABASE_URI nor SQLALCHEMY_BINDS is set. Defaulting SQLALCHEMY_DATABASE_URI to "sqlite:///:memory:".
  warnings.warn(
This script will  create a new postgres user  and  save faraday-server settings (server.ini).
[sudo] password for zyber: 
Creating database faraday
Saving database credentials file in /home/faraday/.faraday/config/server.ini
Creating tables
INFO  [alembic.runtime.migration] Context impl PostgresqlImpl.
INFO  [alembic.runtime.migration] Will assume transactional DDL.
INFO  [alembic.runtime.migration] Running stamp_revision  -> 618a59151523
Admin user created with 

username: faraday 
password: dfdfxxhdghdtjhthshsethet

Note down the username and password that are created at the end of the DB Initialization. This is the user account and password required to login to the Web GUI later.

Start the Faraday server and configure it to start & run automatically.

sudo systemctl enable faraday-server
sudo systemctl start faraday-server

Access the Faraday Web Interface

By default, Faraday server runs on port 5985. Login to the Web GUI using the URL http://localhost:5985 with the credentials created during the DB initialization.

After logging in, follow these steps:

Faraday supports multiple tools. Ensure OpenVAS is enabled in Settings → Plugins.

Change Default Password: Navigate to Settings → Users and update your password.

Create a Workspace:

Go to WorkspacesCreate New

Name the workspace (e.g., NetwerkLABS)

Set visibility: Public or Private

Click Create

Workspace is created now.

You can also add your assets using the “Assets” tab.

Importing an OpenVAS Scan Report

Export OpenVAS Report in XML

Log into Greenbone Security Assistant (GSA).

Navigate to Scans → Reports.

Select the desired scan report.

Click Download → Choose XML format.

Save the file (eg: openvas_scan.xml) in xml format when prompted.

Import the Report into Faraday

In the Faraday web interface, navigate to Workspaces → NetwerkLABS.

Goto Vulnerabilities and click on Add Vulnerability –> Import from file.

Faraday will parse the report and display vulnerabilities.

Select xml file (eg: openvas_scan.xml) and upload.

Click the Upload button.

Dashboard Overview

The dashboard provides:

  • Vulnerability distribution: Severity levels (Critical, High, Medium, Low).
  • Asset information: Affected hosts and services.
  • Trend analysis: View security trends over time.

Assets View after importing scan reports/data,

Vulnerabilities are listed out,

Vulnerability details,

Services View,

Managing the Vulnerabilities

  • Modify Severity tof vulnerabilities.
  • Add Evidence for tracking fixes.
  • Change vulnerability status (e.g., Open → Fixed → Closed).

You can edit a vulnerability by right clicking on it,

Easier integrations with Faraday Agents

Faraday agents are offered in both the Community and commercial versions of our product.

An Agent represents a process running continuously in a machine (not necessary the same running the Faraday Server). When a user decides to run an Agent (typically done through the Faraday Web UI), it will execute a code and send data back to a Workspace.

Faraday is a powerful tool for managing vulnerability assessments, providing structured analysis and team collaboration.

With Faraday, you can:

Optimize your security posture by drastically reducing the time spent on executing, managing, and prioritizing.

✅ Identify and prioritize vulnerabilities easily.


✅ Assign remediation tasks efficiently.


✅ Generate insightful reports for security compliance.

Series Navigation<< GRC 101: SimpleRisk Core (Community Edition)