Jan 30 2024

Faction: Open-source pentesting report generation and collaboration framework

Category: Pen Testdisc7 @ 8:49 am

Josh Summitt, the creator of Faction, has always disliked the process of writing reports, preferring to focus on uncovering bugs. A key frustration for him was the redundant step of using a separate note-taking app for storing screenshots and findings before compiling the final report.

He envisioned an integrated solution where the report generation tool would serve as the note-taking platform, incorporating all the standard templates typically used in reports. He hopes Faction will help others save time, reduce stress, and improve their information security workflow.

“I built Faction to be extendable in ways like you would extend BurpSuite. It’s designed to be flexible and extended to fit seamlessly in any environment. It is easy for internal teams to build and support their small modules versus a large code base. In addition, I hope the project will get a growing list of prebuilt modules developed by the community to expand capabilities without requiring internal development,” Summitt told Help Net Security.

Faction features

With Faction, you can:

  • Streamline penetration testing and security assessment reporting through automation.
  • Facilitate peer review and monitor modifications in reports.
  • Design docx templates for various assessments and follow-up retests.
  • Collaborate in real-time with assessors using the web application and extensions for Burp Suite.
  • Utilize adaptable vulnerability templates featuring 75 pre-filled options.
  • Oversee assessment teams and monitor organizational progress.
  • Monitor the remediation of vulnerabilities with tailored SLA warnings and notifications.
  • Leverage a comprehensive Rest API for seamless integration with other tools.

Other features:

  • LDAP, OAuth 2.0 and SMTP Integration.
  • Extendable with Custom Plugins similar to Burp Extender.
  • Custom Report Variables.

Future plans

The developer is currently working on enhancing the extendability of Faction by introducing a full app store, reminiscent of those found in platforms like Slack and Burp. This expansion will allow for the inclusion of additional features such as custom UI elements.

“Faction has had a strong focus on penetration testing from an application security mindset. I want to expand that to be more Red and Blue Team inclusive. Not that it won’t work for these teams out of the box but it could be more flexible,” Summitt added.

Faction is available for free on GitHub.

More open-source tools to consider:

Burp Suite Cookbook: Web application security made easy with Burp Suite

To explore Pen Testing

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Pen testing, Pen testing report

Leave a Reply

You must be logged in to post a comment. Login now.