RESPONSE: Syhunt Hybrid already detects the Fastjson, Spring4Shell & Log4Shell RCE vulnerabilities Learn more

Integrating Syhunt with Faraday

The information in this document applies to version 6.9.18 of Syhunt Hybrid.

Important Note: this integration is a work in progress. The Faraday plugin for Syhunt has been included with the last release of Faraday. Currently Syhunt results can be uploaded through Faraday's web UI and CLI, but the below steps for auto submiting results through Faraday's REST API are not yet working.

Faraday is a platform that allows teams to manage their attack surface from a single place while automating and accelerating key steps of vulnerability management. It orchestrates an otherwise overwhelming amount of security tools and procedures available into a single, simple process.

Since version 6.9.17, Syhunt can be configured to automatically connect to Faraday server API and submit a SAST or DAST report.

Auto Submiting Results

Configuring the integration with Faraday is an easy task and after that vulnerabilities can be automatically submitted to its dashboard.

Firstly, you have to add a Faraday tracker:

  1. Click the Issue Trackers icon in the launcher toolbar. The Issue Trackers screen will open.
  2. Click the Add Tracker icon in the Issue Trackers screen toolbar and choose the Add tracker: Faraday menu option.
  3. Enter a reference name for the new tracker (like MyFaraday) and hit OK. A preferences dialog window will open.
  4. Enter the Faraday Server URL, eg: https://yourdashboard.apps.faradaysec.com/
  5. Enter your workspace name. If empty, my_workspace will be used.
  6. Enter your username and password and click the OK button.

The tracker is ready! Right click the item you just edited in the list and click the Submit Test option. If you configured everything properly, a test scan item should be created at https://yourdashboard.apps.faradaysec.com/. If not, you will see an error message giving a hint of what needs to be done.

Finally, associate the Faraday tracker to a scan:

  • Through the CLI, pass the parameter -tk:[trackername]
  • Through the Scheduled Scan preferences dialog, go to the Notifications tab and select the newly created tracker within Tracker Notifications.

Creating the Tracker through the CLI

If you are using the CLI version of Syhunt, you can add the tracker using the commands indicated below.


-- Example 1 - Adding a new Faraday tracker
scancore -tracker:add 
-- Specify the type Faraday and the name of the tracker, and press enter
-- Configure the tracker
scancore -tracker:set to:mytrackername -key:api.url -v:"https://yourdashboard.apps.faradaysec.com/"
scancore -tracker:set to:mytrackername -key:auth.username.encrypted -v:yourusername
scancore -tracker:set to:mytrackername -key:auth.password.encrypted -vsecret
-- Testing the tracker
scancore -tracker:send -tid:TEST -to:mytrackername

For additional product documentation, visit syhunt.com/docs