Introduction to Faction
Faction is an open-source penetration testing report generation and collaboration framework designed to streamline your entire security assessment workflow. As an official OWASP project, Faction helps security teams automate report generation, track vulnerabilities, and collaborate effectively throughout the testing lifecycle.Faction is your entire assessment workflow in a box - from initial testing through remediation tracking and retesting.
What is Faction?
Faction is a comprehensive platform that transforms how security teams manage penetration tests and security assessments. Built by penetration testers for penetration testers, Faction eliminates the tedious aspects of report writing while maintaining professional quality and consistency.Key Features
Automated Report Generation
Generate professional DOCX reports automatically with customizable templates for different assessment types and retests.
Real-Time Collaboration
Work together with your team through the web application and Burp Suite extension integration.
Peer Review & Track Changes
Built-in peer review workflow with track changes functionality to ensure report quality.
Vulnerability Templates
Access over 75 prepopulated vulnerability templates to speed up reporting.
Remediation Tracking
Monitor vulnerability remediation efforts with custom SLA warnings and alerts.
Team Management
Easily manage assessment teams and track progress across your organization.
Full REST API
Integrate Faction with other security tools through the comprehensive REST API.
Extensible App Store
Extend functionality with custom plugins similar to Burp Extender, including Jira integration.
Additional Capabilities
- LDAP Integration - Connect to your existing directory services
- OAuth 2.0 & SAML Support - Enterprise single sign-on integration
- SMTP Integration - Automated email notifications and alerts
- Custom Report Variables - Tailor reports to your organization’s needs
- Burp Suite Extension - Seamlessly push findings from Burp to Faction
Who Should Use Faction?
Faction is designed for:Security Teams
Internal security teams conducting regular assessments and managing remediation tracking across the organization.
Penetration Testers
Professional pentesters who need to generate consistent, high-quality reports efficiently.
Security Consultants
Consulting firms managing multiple client assessments with different reporting requirements.
Why Choose Faction?
Open Source & Community-DrivenAs an OWASP project, Faction benefits from community contributions and security-focused development practices. Self-Hosted Control
Maintain complete control over your sensitive assessment data by hosting Faction on your own infrastructure. Battle-Tested
Used by security teams worldwide, Faction has proven its effectiveness in real-world penetration testing engagements. Extensible Architecture
Customize and extend Faction to match your specific workflow with the App Store and plugin system.
Getting Started
Ready to streamline your penetration testing workflow?Quickstart Guide
Get up and running with Faction in minutes using Docker Compose.
Installation Guide
Detailed installation instructions and configuration options.
Community & Support
Join the growing Faction community to get help, share experiences, and contribute to the project.
- OWASP Slack - Join #project-faction for community support
- GitHub - Report issues and contribute at factionsecurity/faction
- Blog - Follow updates and tutorials on Medium
- BlueSky - Get the latest news at @factionsecurity.com
Managed Hosting
Prefer not to manage your own infrastructure? Faction Security offers single-tenant managed hosting solutions. Visit factionsecurity.com to learn more.Next Steps: Follow the Quickstart Guide to set up your first Faction instance and create your first assessment.