FACTION is your entire assessment workflow in a box. With FACTION you can:
- Automate pen testing and security assessment Reports
- Peer review and track changes for reports
- Create customized DOCX templates for different assessment types and retests
- Real-time collaboration with assessors via the web app and Burp Suite Extensions
- Customizable vulnerability templates with over 75 prepopulated
- Easily manage assessment teams and track progress across your organization
- Track vulnerability remediation efforts with custom SLA warnings and alerts
- Full Rest API to integrate with other tools
Other Features:
- LDAP Integration
- OAUTH2.0 Integration
- SMTP integration
- Extendable with Custom Plugins similar to Burp Extender.
- Custom Report Variables
Want to see it in action? -> Faction Video Overview
Requirements
- Java JDK11
- Maven (for building the project)
Run the following commands to build the war file and deploy it to the docker container.
git clone [email protected]:factionsecurity/faction.git
cd faction
mvn clean compile war:war
docker-compose up --build
Once the containers are up you can navigate to http://127.0.0.1:8080 to access your FACTION instance. On the first boot, it will ask you to create an admin account.
- Navigate to Templates -> Default Vulnerabilities
- Click Update from VulnDB.
You can find out more information about creating your own custom report templates here: Custom Security Report Templates - Faction Security
We can provide hosting for your instance. All instances are single tenants so you don't have to worry about sharing infrastructure with untrusted parties. Navigate to https://www.factionsecurity.com to learn more.