FAQs
FAQ¶
General¶
Where does the name come from?¶
The name was picked to honor Michael Faraday, an English scientist whose main discoveries include electromagnetism induction, diamagnetism and electrolysis. Mainly his six principles of scientific discipline, acquired at a young age from Isaac Watts' "The Improvement of the Mind":
- Always carry a small pad to take notes at any time
- Maintain abundant correspondence
- Collaborate regularly with others to exchange ideas
- Avoid controversy
- Verify everything that was said to him
- Do not generalize, speak and write as precisely as possible
Read more at: Wikipedia: Michael Faraday | Isaac Watts: The Improvement of the Mind
What is Faraday?¶
Faraday is a multiuser integrated penetration test and vulnerability management environment. It is to Penetration Testing what an IDE is to Development. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
Is there a Faraday Community Version?¶
Yes, the Community edition is free and open-source. You can download it from GitHub.
Commercial editions (Professional and Corporate) offer additional features such as additional API endpoints, executive reports, custom vulnerabilities attributes, analytics, advanced notifications, ticketing tool integrations, LDAP/SAML SSO, pipelines, and more. See Faraday Pricing for details.
Installation & Setup¶
Where can I install Faraday?¶
Faraday runs on Linux. Supported distributions include:
- Debian / Ubuntu (22.04 LTS and 24.04 LTS recommended)
- Red Hat / CentOS / Fedora (RHEL 8+)
- Kali Linux
- Docker (recommended method for quick deployment)
See the Installation Guide for all available methods.
What are the system requirements?¶
| Component | Minimum | Recommended |
|---|---|---|
| CPU | 2 cores | 4+ cores |
| RAM | 4 GB | 8+ GB |
| Disk | 40 GB | 80+ GB (depends on data volume) |
| PostgreSQL | 12+ | 14+ or 16 |
| Python | 3.9+ | 3.11 (matches Docker image) |
| Redis | 5.0+ | 6.x or 7.x |
For Docker deployments, ensure Docker Engine 20.10+ and Docker Compose v2 are installed.
Does Faraday work on my servers or on the cloud?¶
Yes. Faraday can be deployed on bare-metal servers, virtual machines, or cloud infrastructure (AWS, GCP, Azure, etc.). Docker Compose is the recommended deployment method. For cloud PostgreSQL (Amazon RDS, Cloud SQL), configure the connection_string in server.ini to point to your managed database instance.
For more information, contact sales@infobytesec.com.
How do I know which Faraday version I'm using?¶
Run:
faraday-server --version
Or hover your mouse over the Faraday logo at the top left of the Web UI.
To find the latest available version:
- Community: visit GitHub Releases
- Commercial: check the Customer Portal
Can I keep using the Kali version with my newly bought Professional/Corporate license?¶
Yes. Even though the Kali Faraday package is the Community edition, you can upgrade in place without losing data.
Remove the community package, then install the commercial .deb:
sudo apt remove python3-faraday
sudo dpkg -i ./faraday-server_amd64.deb
Credentials & Authentication¶
Where are my credentials?¶
How you retrieve your initial credentials depends on your installation method:
Docker Compose:
docker compose logs faraday-manage | grep -A2 "credentials"
Or check the change-password service output:
docker compose logs change-password
The default username is faraday. The password is auto-generated during first startup and printed to the container logs.
Bare-metal / PyPI / Source install:
When you first ran faraday-manage initdb, the credentials were displayed:
Username: faraday
Password: a7e8d3seWqy5
If you did not save these, see the next question.
I lost my credentials¶
You can either reset the default admin password or create a new admin user:
Reset faraday password (all editions):
faraday-manage change-password
Username: faraday
Password:
Repeat for confirmation:
Password changed successfully
In Docker, use the dedicated service or run:
docker compose run --rm faraday-manage change-password
Create a new admin user (Professional/Corporate only):
faraday-manage create-superuser
Username: admin
Email: admin@example.com
Password:
Repeat for confirmation:
User admin created successfully!
I'm getting 401 Unauthorized or 403 Forbidden from the API¶
Common causes:
- Expired API token — API tokens expire based on
api_token_expirationinserver.ini. The default is 12 hours on bare-metal (43200seconds) or 7 days on Docker (604800seconds). Re-authenticate to get a new token. - Wrong authentication method — The API expects a session cookie (from
/login) or an API token (Authorization: Token <token>). Check your request headers. - Edition-restricted endpoint — Some API endpoints (like
/hosts/bulk_create) are only available in Professional/Corporate editions. A 403 on these endpoints in Community edition is expected. - CSRF token missing — Browser-based API calls require a valid CSRF token. Use the
/_api/sessionendpoint to obtain one.
Networking & Access¶
How do I bind Faraday to 0.0.0.0?¶
Edit ~/.faraday/config/server.ini (or /home/faraday/.faraday/config/server.ini):
[faraday_server]
bind_address=0.0.0.0
Restart the Faraday Server after making changes.
For Docker deployments, the server already binds to 0.0.0.0 inside the container. Use Docker's port mapping (-p 5985:5985) to control external access.
How do I set up HTTPS?¶
Faraday does not handle TLS directly. Use a reverse proxy (NGINX, Apache, Caddy) in front of Faraday. Generate an NGINX config with:
faraday-manage generate-nginx-config
See the NGINX Setup Guide for detailed instructions.
Data & Reports¶
Which security tools does Faraday support?¶
Faraday supports 120+ tools via its plugin system, including:
- Scanners: Nmap, Nessus, OpenVAS, Nexpose, Qualys
- Web scanners: Burp Suite, ZAP, Nikto, Acunetix
- Pentesting: Metasploit, sqlmap, w3af
- Cloud/Infra: AWS Inspector, Prowler, ScoutSuite
- And many more — see the full Plugin List
How do I import scan results?¶
There are four methods:
- Web UI — Drag and drop report files onto the Faraday web interface
- Faraday CLI —
faraday-cli tool report /path/to/report.xml - Agents — Configure automated executors via the Agent Dispatcher
- REST API —
POST /v3/ws/{workspace}/upload_report
My report is not being imported¶
- Verify your tool is in the Plugin List.
- Ensure the report file is in the correct format (usually XML or JSON, not HTML).
- Try forcing plugin detection by renaming the file:
myreport_faraday_PluginName.xml(e.g.,scan_faraday_Nmap.xml). - Check the server logs at
~/.faraday/logs/for parsing errors. - For very large reports (>100 MB), consider splitting the scan or increasing worker timeouts.
- Common import issues:
- Nuclei: Use JSON output format (
-json), not the default stdout format. - Nessus: Export as
.nessus(XML), not CSV or HTML. - CSV imports: Must include required headers
nameandexploitation.
Support¶
Where can I get help?¶
- Community edition: Open an issue on GitHub
- Professional / Corporate: Submit a ticket at the Support Portal
- Documentation: docs.faradaysec.com
- Troubleshooting: See the Troubleshooting Guide