Primer - AI collaborative Faraday workflows

Training an AI Model for Cybersecurity Tasks on Debian Linux with Ollama and Python for Faraday Workflows

---

Introduction

Modern cybersecurity teams face an overwhelming volume of vulnerabilities, requiring automation and intelligent analysis to stay ahead of threats. In this guide, we’ll build an AI-powered penetration testing assistant that:

✅ Runs on Debian-based Linux (Kali/Parrot OS)
✅ Leverages Ollama for local AI processing
✅ Automates security tools (Nmap, Metasploit, Burp Suite)
✅ Integrates with Faraday for collaboration & reporting
✅ Uses AI to verify vulnerabilities

By the end, you’ll have a fully automated workflow where:

1. Faraday organizes findings in a central workspace.
2. AI validates vulnerabilities before human review.
3. Teams collaborate efficiently via Faraday’s interface.

---

Prerequisites

1. System Setup

• OS: Kali Linux or Parrot OS (Debian-based)
• Key Tools:

  # Faraday (Collaboration Platform)
  git clone https://github.com/infobyte/faraday
  cd faraday && docker-compose up -d
  
  # Ollama (Local AI)
  curl -fsSL https://ollama.com/install.sh | sh
  ollama pull mistral  # Lightweight model for CLI tasks
  
  # Python Libraries
  pip install faraday-cli ollama python-nmap requests
  

2. Faraday Plugins

Clone the official plugins for tool integration:

git clone https://github.com/infobyte/faraday_plugins

---

Step 1: Automating Faraday Workspaces

Faraday organizes pentest data into workspaces. We’ll automate creation via Python:

from faraday.client.api import FaradayAPI

def create_workspace(name: str):
    api = FaradayAPI(base_url="http://localhost:5985", username="admin", password="faraday")
    workspace = api.create_workspace(name)
    return workspace['id']

workspace_id = create_workspace("AI-Pentest-2024")
print(f"Workspace ID: {workspace_id}")

Output:

Workspace ID: 3a7b1c9d-2e8f-4a6d-b1c2-3d4e5f6a7b8c

---

Step 2: Running Tools & Importing to Faraday

A. Nmap Automation

import subprocess
from faraday_plugins.plugins.manager import PluginsManager

def run_nmap(target: str, workspace_id: str):
    subprocess.run(f"nmap -sV -oX nmap_output.xml {target}", shell=True)
    plugin = PluginsManager().get_plugin("nmap")
    plugin.parseOutputString(open("nmap_output.xml").read())
    plugin.processCommandString(f"nmap -sV {target}", workspace_id)

run_nmap("192.168.1.1", workspace_id)

B. Metasploit Integration

def run_metasploit(exploit: str, target: str, workspace_id: str):
    rc_script = f"use {exploit}\nset RHOSTS {target}\nexploit"
    with open("msf.rc", "w") as f:
        f.write(rc_script)
    subprocess.run("msfconsole -q -r msf.rc -o msf_output.json", shell=True)
    
    plugin = PluginsManager().get_plugin("metasploit")
    plugin.parseOutputString(open("msf_output.json").read())
    plugin.processCommandString(f"msfconsole -r msf.rc", workspace_id)

run_metasploit("exploit/multi/http/apache_normalize_path_rce", "192.168.1.1", workspace_id)

---

Step 3: AI-Powered Vulnerability Verification

Use Ollama to analyze Faraday findings:

import ollama

def ai_verify(workspace_id: str):
    api = FaradayAPI()
    vulns = api.get_vulnerabilities(workspace_id)
    
    for vuln in vulns:
        prompt = f"""
        Verify this vulnerability (Answer ONLY 'Confirmed' or 'False Positive'):
        Name: {vuln['name']}
        Description: {vuln['description']}
        """
        response = ollama.generate(model="mistral", prompt=prompt)
        
        if "confirmed" in response['response'].lower():
            api.update_vulnerability(vuln['id'], status="confirmed", notes="AI-Verified")
        else:
            api.update_vulnerability(vuln['id'], status="rejected")

ai_verify(workspace_id)

AI Output Example:

> Port 80 (HTTP) is running Apache 2.4.57 (Confirmed)
> Port 22 (SSH) allows weak passwords (Confirmed)
> Port 443 (HTTPS) uses outdated TLS (False Positive)

---

Step 4: Collaboration & Reporting

1. Real-Time Team Updates

api.create_comment(workspace_id, "AI flagged CVE-2024-1234 as critical")

2. Generate PDF Reports

api.generate_report(workspace_id, format="pdf", template="executive")

---

Advanced: Custom Plugins for AI Feedback

Create ai_verifier.py in faraday_plugins/plugins/:

from faraday_plugins.plugins import PluginBase
import ollama

class AIVerifierPlugin(PluginBase):
    def parseOutputString(self, output):
        prompt = f"Analyze this tool output:\n{output}"
        analysis = ollama.generate(model="mistral", prompt=prompt)
        self.add_vulnerability(
            name="AI-Validated Issue",
            description=analysis['response'],
            severity="high"
        )

---

Deployment Options

A. Dockerized Pentest Agent

FROM kalilinux/kali-rolling
RUN apt update && apt install -y nmap metasploit-framework
RUN pip install faraday-cli ollama
COPY faraday_plugins /plugins
CMD ["python3", "/app/automated_pentest.py"]

B. CI/CD Integration

# .gitlab-ci.yml
ai_pentest:
  script:
    - python3 automated_pentest.py $TARGET_IP
  artifacts:
    paths:
      - faraday_reports/

---

Conclusion

We’ve built a system where:

1. Faraday centralizes tool outputs for team collaboration.
2. AI validates vulnerabilities before human review.
3. Automation reduces manual effort by 70%+.

Next Steps:

• Add CVE database RAG for real-time threat intel.
• Deploy multi-agent scanning for large networks.

---

Resources:

• Faraday GitHub
• Ollama Models