PyPI - secator - Versions diffs - 0.0.1__py3-none-any.whl - Mend

secator 0.0.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of secator might be problematic. Click here for more details.

Files changed (114) hide show

secator/__init__.py +0 -0
secator/celery.py +482 -0
secator/cli.py +617 -0
secator/config.py +137 -0
secator/configs/__init__.py +0 -0
secator/configs/profiles/__init__.py +0 -0
secator/configs/profiles/aggressive.yaml +7 -0
secator/configs/profiles/default.yaml +9 -0
secator/configs/profiles/stealth.yaml +7 -0
secator/configs/scans/__init__.py +0 -0
secator/configs/scans/domain.yaml +18 -0
secator/configs/scans/host.yaml +14 -0
secator/configs/scans/network.yaml +17 -0
secator/configs/scans/subdomain.yaml +8 -0
secator/configs/scans/url.yaml +12 -0
secator/configs/workflows/__init__.py +0 -0
secator/configs/workflows/cidr_recon.yaml +28 -0
secator/configs/workflows/code_scan.yaml +11 -0
secator/configs/workflows/host_recon.yaml +41 -0
secator/configs/workflows/port_scan.yaml +34 -0
secator/configs/workflows/subdomain_recon.yaml +33 -0
secator/configs/workflows/url_crawl.yaml +29 -0
secator/configs/workflows/url_dirsearch.yaml +29 -0
secator/configs/workflows/url_fuzz.yaml +35 -0
secator/configs/workflows/url_nuclei.yaml +11 -0
secator/configs/workflows/url_vuln.yaml +55 -0
secator/configs/workflows/user_hunt.yaml +10 -0
secator/configs/workflows/wordpress.yaml +14 -0
secator/decorators.py +309 -0
secator/definitions.py +165 -0
secator/exporters/__init__.py +12 -0
secator/exporters/_base.py +3 -0
secator/exporters/csv.py +30 -0
secator/exporters/gdrive.py +118 -0
secator/exporters/json.py +15 -0
secator/exporters/table.py +7 -0
secator/exporters/txt.py +25 -0
secator/hooks/__init__.py +0 -0
secator/hooks/mongodb.py +212 -0
secator/output_types/__init__.py +24 -0
secator/output_types/_base.py +95 -0
secator/output_types/exploit.py +50 -0
secator/output_types/ip.py +33 -0
secator/output_types/port.py +45 -0
secator/output_types/progress.py +35 -0
secator/output_types/record.py +34 -0
secator/output_types/subdomain.py +42 -0
secator/output_types/tag.py +46 -0
secator/output_types/target.py +30 -0
secator/output_types/url.py +76 -0
secator/output_types/user_account.py +41 -0
secator/output_types/vulnerability.py +97 -0
secator/report.py +107 -0
secator/rich.py +124 -0
secator/runners/__init__.py +12 -0
secator/runners/_base.py +833 -0
secator/runners/_helpers.py +153 -0
secator/runners/command.py +638 -0
secator/runners/scan.py +65 -0
secator/runners/task.py +106 -0
secator/runners/workflow.py +135 -0
secator/serializers/__init__.py +8 -0
secator/serializers/dataclass.py +33 -0
secator/serializers/json.py +15 -0
secator/serializers/regex.py +17 -0
secator/tasks/__init__.py +10 -0
secator/tasks/_categories.py +304 -0
secator/tasks/cariddi.py +102 -0
secator/tasks/dalfox.py +65 -0
secator/tasks/dirsearch.py +90 -0
secator/tasks/dnsx.py +56 -0
secator/tasks/dnsxbrute.py +34 -0
secator/tasks/feroxbuster.py +91 -0
secator/tasks/ffuf.py +86 -0
secator/tasks/fping.py +44 -0
secator/tasks/gau.py +47 -0
secator/tasks/gf.py +33 -0
secator/tasks/gospider.py +71 -0
secator/tasks/grype.py +79 -0
secator/tasks/h8mail.py +81 -0
secator/tasks/httpx.py +99 -0
secator/tasks/katana.py +133 -0
secator/tasks/maigret.py +78 -0
secator/tasks/mapcidr.py +32 -0
secator/tasks/msfconsole.py +174 -0
secator/tasks/naabu.py +52 -0
secator/tasks/nmap.py +344 -0
secator/tasks/nuclei.py +97 -0
secator/tasks/searchsploit.py +52 -0
secator/tasks/subfinder.py +40 -0
secator/tasks/wpscan.py +179 -0
secator/utils.py +445 -0
secator/utils_test.py +183 -0
secator-0.0.1.dist-info/LICENSE +60 -0
secator-0.0.1.dist-info/METADATA +199 -0
secator-0.0.1.dist-info/RECORD +114 -0
secator-0.0.1.dist-info/WHEEL +5 -0
secator-0.0.1.dist-info/entry_points.txt +2 -0
secator-0.0.1.dist-info/top_level.txt +2 -0
tests/__init__.py +0 -0
tests/integration/__init__.py +0 -0
tests/integration/inputs.py +42 -0
tests/integration/outputs.py +392 -0
tests/integration/test_scans.py +82 -0
tests/integration/test_tasks.py +103 -0
tests/integration/test_workflows.py +163 -0
tests/performance/__init__.py +0 -0
tests/performance/loadtester.py +56 -0
tests/unit/__init__.py +0 -0
tests/unit/test_celery.py +39 -0
tests/unit/test_scans.py +0 -0
tests/unit/test_serializers.py +51 -0
tests/unit/test_tasks.py +348 -0
tests/unit/test_workflows.py +96 -0

secator/decorators.py ADDED Viewed

@@ -0,0 +1,309 @@
+from collections import OrderedDict
+import rich_click as click
+from rich_click.rich_click import _get_rich_console
+from rich_click.rich_group import RichGroup
+from secator.celery import is_celery_worker_alive
+from secator.definitions import OPT_NOT_SUPPORTED
+from secator.runners import Scan, Task, Workflow
+from secator.utils import (deduplicate, expand_input, get_command_category,
+						   get_command_cls)
+RUNNER_OPTS = {
+	'output': {'type': str, 'default': '', 'help': 'Output options (-o table,json,csv,gdrive)', 'short': 'o'},
+	'workspace': {'type': str, 'default': 'default', 'help': 'Workspace', 'short': 'ws'},
+	'json': {'is_flag': True, 'default': False, 'help': 'Enable JSON mode'},
+	'orig': {'is_flag': True, 'default': False, 'help': 'Enable original output (no schema conversion)'},
+	'raw': {'is_flag': True, 'default': False, 'help': 'Enable text output for piping to other tools'},
+	'show': {'is_flag': True, 'default': False, 'help': 'Show command that will be run (tasks only)'},
+	'format': {'default': '', 'short': 'fmt', 'help': 'Output formatting string'},
+	# 'filter': {'default': '', 'short': 'f', 'help': 'Results filter', 'short': 'of'}, # TODO add this
+	'quiet': {'is_flag': True, 'default': False, 'help': 'Enable quiet mode'},
+}
+RUNNER_GLOBAL_OPTS = {
+	'sync': {'is_flag': True, 'help': 'Run tasks synchronously (automatic if no worker is alive)'},
+	'worker': {'is_flag': True, 'help': 'Run tasks in worker (automatic if worker is alive)'},
+	'proxy': {'type': str, 'help': 'HTTP proxy'},
+	'driver': {'type': str, 'help': 'Export real-time results. E.g: "mongodb"'}
+	# 'debug': {'type': int, 'default': 0, 'help': 'Debug mode'},
+}
+DEFAULT_CLI_OPTIONS = list(RUNNER_OPTS.keys()) + list(RUNNER_GLOBAL_OPTS.keys())
+class OrderedGroup(RichGroup):
+	def __init__(self, name=None, commands=None, **attrs):
+		super(OrderedGroup, self).__init__(name, commands, **attrs)
+		self.commands = commands or OrderedDict()
+	def group(self, *args, **kwargs):
+		"""Behaves the same as `click.Group.group()` except if passed
+		a list of names, all after the first will be aliases for the first.
+		"""
+		def decorator(f):
+			aliases = kwargs.pop('aliases', [])
+			aliased_group = []
+			if aliases:
+				max_width = _get_rich_console().width
+				# we have a list so create group aliases
+				aliases_str = ', '.join(f'[bold cyan]{alias}[/]' for alias in aliases)
+				padding = max_width // 4
+				f.__doc__ = f'{f.__doc__:<{padding}}[dim](aliases)[/] {aliases_str}'
+				for alias in aliases:
+					grp = super(OrderedGroup, self).group(
+						alias, *args, hidden=True, **kwargs)(f)
+					aliased_group.append(grp)
+			# create the main group
+			grp = super(OrderedGroup, self).group(*args, **kwargs)(f)
+			grp.aliases = aliases
+			# for all of the aliased groups, share the main group commands
+			for aliased in aliased_group:
+				aliased.commands = grp.commands
+			return grp
+		return decorator
+	def list_commands(self, ctx):
+		return self.commands
+def get_command_options(*tasks):
+	"""Get unified list of command options from a list of secator tasks classes.
+	Args:
+		tasks (list): List of secator command classes.
+	Returns:
+		list: List of deduplicated options.
+	"""
+	opt_cache = []
+	all_opts = OrderedDict({})
+	for cls in tasks:
+		opts = OrderedDict(RUNNER_GLOBAL_OPTS, **RUNNER_OPTS, **cls.meta_opts, **cls.opts)
+		for opt, opt_conf in opts.items():
+			# Get opt key map if any
+			opt_key_map = getattr(cls, 'opt_key_map', {})
+			# Opt is not supported by this task
+			if opt not in opt_key_map\
+				and opt not in cls.opts\
+				and opt not in RUNNER_OPTS\
+				and opt not in RUNNER_GLOBAL_OPTS:
+				continue
+			if opt_key_map.get(opt) == OPT_NOT_SUPPORTED:
+				continue
+			# Get opt prefix
+			prefix = None
+			if opt in cls.opts:
+				prefix = cls.__name__
+			elif opt in cls.meta_opts:
+				# TODO: Add options categories
+				# category = get_command_category(cls)
+				# prefix = category
+				prefix = 'Meta'
+			elif opt in RUNNER_OPTS:
+				prefix = 'Output'
+			elif opt in RUNNER_GLOBAL_OPTS:
+				prefix = 'Execution'
+			# Check if opt already processed before
+			opt = opt.replace('_', '-')
+			if opt in opt_cache:
+				continue
+			# Build help
+			conf = opt_conf.copy()
+			conf['show_default'] = True
+			conf['prefix'] = prefix
+			all_opts[opt] = conf
+			opt_cache.append(opt)
+	return all_opts
+def decorate_command_options(opts):
+	"""Add click.option decorator to decorate click command.
+	Args:
+		opts (dict): Dict of command options.
+	Returns:
+		function: Decorator.
+	"""
+	def decorator(f):
+		reversed_opts = OrderedDict(list(opts.items())[::-1])
+		for opt_name, opt_conf in reversed_opts.items():
+			conf = opt_conf.copy()
+			short = conf.pop('short', None)
+			conf.pop('prefix', None)
+			long = f'--{opt_name}'
+			short = f'-{short}' if short else f'-{opt_name}'
+			f = click.option(long, short, **conf)(f)
+		return f
+	return decorator
+def task():
+	def decorator(cls):
+		cls.__task__ = True
+		return cls
+	return decorator
+def register_runner(cli_endpoint, config):
+	fmt_opts = {
+		'print_cmd': True,
+	}
+	short_help = ''
+	input_type = 'targets'
+	input_required = True
+	runner_cls = None
+	tasks = []
+	no_args_is_help = True
+	if cli_endpoint.name == 'scan':
+		# TODO: this should be refactored to scan.get_tasks_from_conf() or scan.tasks
+		from secator.cli import ALL_CONFIGS
+		tasks = [
+			get_command_cls(task)
+			for workflow in ALL_CONFIGS.workflow
+			for task in Task.get_tasks_from_conf(workflow.tasks)
+			if workflow.name in list(config.workflows.keys())
+		]
+		input_type = 'targets'
+		name = config.name
+		short_help = config.description or ''
+		if config.alias:
+			short_help += f' [dim]alias: {config.alias}'
+		fmt_opts['print_start'] = True
+		fmt_opts['print_run_summary'] = True
+		runner_cls = Scan
+	elif cli_endpoint.name == 'workflow':
+		# TODO: this should be refactored to workflow.get_tasks_from_conf() or workflow.tasks
+		tasks = [
+			get_command_cls(task) for task in Task.get_tasks_from_conf(config.tasks)
+		]
+		input_type = 'targets'
+		name = config.name
+		short_help = config.description or ''
+		if config.alias:
+			short_help = f'{short_help:<55} [dim](alias)[/][bold cyan] {config.alias}'
+		fmt_opts['print_start'] = True
+		fmt_opts['print_run_summary'] = True
+		runner_cls = Workflow
+	elif cli_endpoint.name == 'task':
+		tasks = [
+			get_command_cls(config.name)
+		]
+		task_cls = Task.get_task_class(config.name)
+		task_category = get_command_category(task_cls)
+		input_type = task_cls.input_type or 'targets'
+		name = config.name
+		short_help = f'[magenta]{task_category:<15}[/]{task_cls.__doc__}'
+		fmt_opts['print_item_count'] = True
+		runner_cls = Task
+		no_args_is_help = False
+		input_required = False
+	options = get_command_options(*tasks)
+	# TODO: maybe allow this in the future
+	# def get_unknown_opts(ctx):
+	# 	return {
+	# 		(ctx.args[i][2:]
+	# 		if str(ctx.args[i]).startswith("--") \
+	# 		else ctx.args[i][1:]): ctx.args[i+1]
+	# 		for i in range(0, len(ctx.args), 2)
+	# 	}
+	@click.argument(input_type, required=input_required)
+	@decorate_command_options(options)
+	@click.pass_context
+	def func(ctx, **opts):
+		opts.update(fmt_opts)
+		sync = opts['sync']
+		worker = opts['worker']
+		# debug = opts['debug']
+		ws = opts.pop('workspace')
+		driver = opts.pop('driver', '')
+		show = opts['show']
+		context = {'workspace_name': ws}
+		# TODO: maybe allow this in the future
+		# unknown_opts = get_unknown_opts(ctx)
+		# opts.update(unknown_opts)
+		targets = opts.pop(input_type)
+		targets = expand_input(targets)
+		if sync or show:
+			sync = True
+		elif worker:
+			sync = False
+		else:  # automatically run in worker if it's alive
+			sync = not is_celery_worker_alive()
+		opts['sync'] = sync
+		opts.update({
+			'print_item': not sync,
+			'print_line': sync,
+			'print_remote_status': not sync,
+			'print_start': not sync
+		})
+		# Build hooks from driver name
+		hooks = {}
+		if driver == 'mongodb':
+			from secator.hooks.mongodb import MONGODB_HOOKS
+			hooks = MONGODB_HOOKS
+		# Build exporters
+		runner = runner_cls(config, targets, run_opts=opts, hooks=hooks, context=context)
+		runner.run()
+	settings = {'ignore_unknown_options': False, 'allow_extra_args': False}
+	cli_endpoint.command(
+		name=config.name,
+		context_settings=settings,
+		no_args_is_help=no_args_is_help,
+		short_help=short_help)(func)
+	generate_rich_click_opt_groups(cli_endpoint, name, input_type, options)
+def generate_rich_click_opt_groups(cli_endpoint, name, input_type, options):
+	sortorder = {
+		'Execution': 0,
+		'Output': 1,
+		'Meta': 2,
+	}
+	prefixes = deduplicate([opt['prefix'] for opt in options.values()])
+	prefixes = sorted(prefixes, key=lambda x: sortorder.get(x, 3))
+	opt_group = [
+		{
+			'name': 'Targets',
+			'options': [input_type],
+		},
+	]
+	for prefix in prefixes:
+		prefix_opts = [
+			opt for opt, conf in options.items()
+			if conf['prefix'] == prefix
+		]
+		opt_names = [f'--{opt_name}' for opt_name in prefix_opts]
+		if prefix == 'Execution':
+			opt_names.append('--help')
+		opt_group.append({
+			'name': prefix + ' options',
+			'options': opt_names
+		})
+	aliases = [cli_endpoint.name, *cli_endpoint.aliases]
+	for alias in aliases:
+		endpoint_name = f'secator {alias} {name}'
+		click.rich_click.OPTION_GROUPS[endpoint_name] = opt_group

secator/definitions.py ADDED Viewed

@@ -0,0 +1,165 @@
+#!/usr/bin/python
+import os
+from pkg_resources import get_distribution
+from dotenv import load_dotenv, find_dotenv
+load_dotenv(find_dotenv(usecwd=True), override=False)
+# Globals
+VERSION = get_distribution('secator').version
+ASCII = f"""
+                         __
+   ________  _________ _/ /_____  _____
+  / ___/ _ \/ ___/ __ `/ __/ __ \/ ___/
+ (__  /  __/ /__/ /_/ / /_/ /_/ / /
+/____/\___/\___/\__,_/\__/\____/_/     v{VERSION}
+                    freelabz.com
+"""  # noqa: W605,W291
+# Secator folders
+ROOT_FOLDER = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
+CONFIGS_FOLDER = ROOT_FOLDER + '/secator/configs'
+EXTRA_CONFIGS_FOLDER = os.environ.get('SECATOR_EXTRA_CONFIGS_FOLDER')
+DATA_FOLDER = os.environ.get('SECATOR_DATA_FOLDER', f'{os.path.expanduser("~")}/.secator')
+TASKS_FOLDER = os.environ.get('SECATOR_TASKS_FOLDER', f'{DATA_FOLDER}/tasks')
+REPORTS_FOLDER = os.environ.get('SECATOR_REPORTS_FOLDER', f'{DATA_FOLDER}/reports')
+WORDLISTS_FOLDER = os.environ.get('SECATOR_WORDLISTS_FOLDER', '/usr/share/seclists')
+SCRIPTS_FOLDER = f'{ROOT_FOLDER}/scripts'
+CVES_FOLDER = f'{DATA_FOLDER}/cves'
+PAYLOADS_FOLDER = f'{DATA_FOLDER}/payloads'
+REVSHELLS_FOLDER = f'{DATA_FOLDER}/revshells'
+os.makedirs(DATA_FOLDER, exist_ok=True)
+os.makedirs(TASKS_FOLDER, exist_ok=True)
+os.makedirs(REPORTS_FOLDER, exist_ok=True)
+os.makedirs(WORDLISTS_FOLDER, exist_ok=True)
+os.makedirs(SCRIPTS_FOLDER, exist_ok=True)
+os.makedirs(CVES_FOLDER, exist_ok=True)
+os.makedirs(PAYLOADS_FOLDER, exist_ok=True)
+os.makedirs(REVSHELLS_FOLDER, exist_ok=True)
+# Celery local fs folders
+CELERY_DATA_FOLDER = f'{DATA_FOLDER}/celery/data'
+CELERY_RESULTS_FOLDER = f'{DATA_FOLDER}/celery/results'
+os.makedirs(CELERY_DATA_FOLDER, exist_ok=True)
+os.makedirs(CELERY_RESULTS_FOLDER, exist_ok=True)
+# Environment variables
+DEBUG = int(os.environ.get('DEBUG', '0'))
+DEBUG_COMPONENT = os.environ.get('DEBUG_COMPONENT', '').split(',')
+RECORD = bool(int(os.environ.get('RECORD', 0)))
+CELERY_BROKER_URL = os.environ.get('CELERY_BROKER_URL', 'filesystem://')
+CELERY_RESULT_BACKEND = os.environ.get('CELERY_RESULT_BACKEND', f'file://{CELERY_RESULTS_FOLDER}')
+CELERY_BROKER_POOL_LIMIT = int(os.environ.get('CELERY_BROKER_POOL_LIMIT', 10))
+CELERY_BROKER_CONNECTION_TIMEOUT = float(os.environ.get('CELERY_BROKER_CONNECTION_TIMEOUT', 4.0))
+CELERY_BROKER_VISIBILITY_TIMEOUT = int(os.environ.get('CELERY_BROKER_VISIBILITY_TIMEOUT', 3600))
+CELERY_OVERRIDE_DEFAULT_LOGGING = bool(int(os.environ.get('CELERY_OVERRIDE_DEFAULT_LOGGING', 1)))
+GOOGLE_DRIVE_PARENT_FOLDER_ID = os.environ.get('GOOGLE_DRIVE_PARENT_FOLDER_ID')
+GOOGLE_CREDENTIALS_PATH = os.environ.get('GOOGLE_CREDENTIALS_PATH')
+# Defaults HTTP and Proxy settings
+DEFAULT_SOCKS5_PROXY = os.environ.get('SOCKS5_PROXY', "socks5://127.0.0.1:9050")
+DEFAULT_HTTP_PROXY = os.environ.get('HTTP_PROXY', "https://127.0.0.1:9080")
+DEFAULT_STORE_HTTP_RESPONSES = bool(int(os.environ.get('STORE_HTTP_RESPONSES', 1)))
+DEFAULT_PROXYCHAINS_COMMAND = "proxychains"
+DEFAULT_FREEPROXY_TIMEOUT = 1  # seconds
+# Default worker settings
+DEFAULT_INPUT_CHUNK_SIZE = int(os.environ.get('DEFAULT_INPUT_CHUNK_SIZE', 1000))
+DEFAULT_STDIN_TIMEOUT = 1000  # seconds
+# Default tasks settings
+DEFAULT_HTTPX_FLAGS = os.environ.get('DEFAULT_HTTPX_FLAGS', '-td')
+DEFAULT_KATANA_FLAGS = os.environ.get('DEFAULT_KATANA_FLAGS', '-jc -js-crawl -known-files all -or -ob')
+DEFAULT_NUCLEI_FLAGS = os.environ.get('DEFAULT_NUCLEI_FLAGS', '-stats -sj -si 20 -hm -or')
+DEFAULT_FEROXBUSTER_FLAGS = os.environ.get('DEFAULT_FEROXBUSTER_FLAGS', '--auto-bail --no-state')
+DEFAULT_PROGRESS_UPDATE_FREQUENCY = 10
+# Default wordlists
+DEFAULT_HTTP_WORDLIST = os.environ.get('DEFAULT_HTTP_WORDLIST', f'{WORDLISTS_FOLDER}/Fuzzing/fuzz-Bo0oM.txt')
+DEFAULT_DNS_WORDLIST = os.environ.get('DEFAULT_DNS_WORDLIST', f'{WORDLISTS_FOLDER}/Discovery/DNS/combined_subdomains.txt')  # noqa:E501
+# Constants
+OPT_NOT_SUPPORTED = -1
+OPT_PIPE_INPUT = -1
+# Vocab
+ALIVE = 'alive'
+AUTO_CALIBRATION = 'auto_calibration'
+COOKIES = 'cookies'
+CONTENT_TYPE = 'content_type'
+CONTENT_LENGTH = 'content_length'
+CIDR_RANGE = 'cidr_range'
+CPES = 'cpes'
+CVES = 'cves'
+DELAY = 'delay'
+DOMAIN = 'domain'
+DEPTH = 'depth'
+EXTRA_DATA = 'extra_data'
+EMAIL = 'email'
+FAILED_HTTP_STATUS = -1
+FILTER_CODES = 'filter_codes'
+FILTER_WORDS = 'filter_words'
+FOLLOW_REDIRECT = 'follow_redirect'
+FILTER_REGEX = 'filter_regex'
+FILTER_SIZE = 'filter_size'
+HEADER = 'header'
+HOST = 'host'
+INPUT = 'input'
+IP = 'ip'
+JSON = 'json'
+LINES = 'lines'
+METHOD = 'method'
+MATCH_CODES = 'match_codes'
+MATCH_REGEX = 'match_regex'
+MATCH_SIZE = 'match_size'
+MATCH_WORDS = 'match_words'
+OUTPUT_PATH = 'output_path'
+PATH = 'path'
+PAYLOAD = 'payload'
+PERCENT = 'percent'
+PROBE = 'probe'
+PORTS = 'ports'
+PORT = 'port'
+PROXY = 'proxy'
+QUIET = 'quiet'
+RATE_LIMIT = 'rate_limit'
+RETRIES = 'retries'
+TAGS = 'tags'
+THREADS = 'threads'
+TIME = 'time'
+TIMEOUT = 'timeout'
+TOP_PORTS = 'top_ports'
+TYPE = 'type'
+URL = 'url'
+USER_AGENT = 'user_agent'
+USERNAME = 'username'
+SCREENSHOT_PATH = 'screenshot_path'
+STORED_RESPONSE_PATH = 'stored_response_path'
+SCRIPT = 'script'
+SERVICE_NAME = 'service_name'
+SOURCES = 'sources'
+STATE = 'state'
+STATUS_CODE = 'status_code'
+SUBDOMAIN = 'subdomain'
+TECH = 'tech'
+TITLE = 'title'
+SITE_NAME = 'site_name'
+SERVICE_NAME = 'service_name'
+VULN = 'vulnerability'
+CONFIDENCE = 'confidence'
+CVSS_SCORE = 'cvss_score'
+DESCRIPTION = 'description'
+ID = 'id'
+MATCHED_AT = 'matched_at'
+NAME = 'name'
+PROVIDER = 'provider'
+REFERENCE = 'reference'
+REFERENCES = 'references'
+SEVERITY = 'severity'
+TAGS = 'tags'
+VULN_TYPE = 'type'
+WEBSERVER = 'webserver'
+WORDLIST = 'wordlist'
+WORDS = 'words'

secator/exporters/__init__.py ADDED Viewed

@@ -0,0 +1,12 @@
+__all__ = [
+    'CsvExporter',
+    'GdriveExporter',
+    'JsonExporter',
+    'TableExporter',
+    'TxtExporter'
+]
+from secator.exporters.csv import CsvExporter
+from secator.exporters.gdrive import GdriveExporter
+from secator.exporters.json import JsonExporter
+from secator.exporters.table import TableExporter
+from secator.exporters.txt import TxtExporter

secator/exporters/_base.py ADDED Viewed

@@ -0,0 +1,3 @@
+class Exporter:
+    def __init__(self, report):
+        self.report = report

secator/exporters/csv.py ADDED Viewed

@@ -0,0 +1,30 @@
+import csv as _csv
+from secator.exporters._base import Exporter
+from secator.rich import console
+class CsvExporter(Exporter):
+    def send(self):
+        title = self.report.data['info']['title']
+        results = self.report.data['results']
+        csv_paths = []
+        for output_type, items in results.items():
+            items = [i.toDict() for i in items]
+            if not items:
+                continue
+            keys = list(items[0].keys())
+            csv_path = f'{self.report.output_folder}/{title}_{output_type}_{self.report.timestamp}.csv'
+            csv_paths.append(csv_path)
+            with open(csv_path, 'w', newline='') as output_file:
+                dict_writer = _csv.DictWriter(output_file, keys)
+                dict_writer.writeheader()
+                dict_writer.writerows(items)
+        if len(csv_paths) == 1:
+            csv_paths_str = csv_paths[0]
+        else:
+            csv_paths_str = '\n   • ' + '\n   • '.join(csv_paths)
+        console.print(f':file_cabinet: Saved CSV reports to {csv_paths_str}')

secator/exporters/gdrive.py ADDED Viewed

@@ -0,0 +1,118 @@
+import os
+import csv
+import yaml
+from secator.definitions import GOOGLE_CREDENTIALS_PATH, GOOGLE_DRIVE_PARENT_FOLDER_ID
+from secator.exporters._base import Exporter
+from secator.rich import console
+from secator.utils import pluralize
+class GdriveExporter(Exporter):
+	def send(self):
+		import gspread
+		ws = self.report.workspace_name
+		info = self.report.data['info']
+		title = self.report.data['info']['title']
+		sheet_title = f'{self.report.data["info"]["title"]}_{self.report.timestamp}'
+		results = self.report.data['results']
+		if not GOOGLE_CREDENTIALS_PATH:
+			console.print(':file_cabinet: Missing GOOGLE_CREDENTIALS_PATH to save to Google Sheets', style='red')
+			return
+		if not GOOGLE_DRIVE_PARENT_FOLDER_ID:
+			console.print(':file_cabinet: Missing GOOGLE_DRIVE_PARENT_FOLDER_ID to save to Google Sheets.', style='red')
+			return
+		client = gspread.service_account(GOOGLE_CREDENTIALS_PATH)
+		# Create workspace folder if it doesn't exist
+		folder_id = self.get_folder_by_name(ws, parent_id=GOOGLE_DRIVE_PARENT_FOLDER_ID)
+		if ws and not folder_id:
+			folder_id = self.create_folder(
+				folder_name=ws,
+				parent_id=GOOGLE_DRIVE_PARENT_FOLDER_ID)
+		# Create worksheet
+		sheet = client.create(title, folder_id=folder_id)
+		# Add options worksheet for input data
+		info = self.report.data['info']
+		info['targets'] = '\n'.join(info['targets'])
+		info['opts'] = yaml.dump(info['opts'])
+		keys = [k.replace('_', ' ').upper() for k in list(info.keys())]
+		ws = sheet.add_worksheet('OPTIONS', rows=2, cols=len(keys))
+		sheet.values_update(
+			ws.title,
+			params={'valueInputOption': 'USER_ENTERED'},
+			body={'values': [keys, list(info.values())]}
+		)
+		# Add one worksheet per output type
+		for output_type, items in results.items():
+			items = [i.toDict() for i in items]
+			if not items:
+				continue
+			keys = [
+				k.replace('_', ' ').upper()
+				for k in list(items[0].keys())
+			]
+			csv_path = f'{self.report.output_folder}/{title}_{output_type}_{self.report.timestamp}.csv'
+			if not os.path.exists(csv_path):
+				console.print(
+					f'Unable to find CSV at {csv_path}. For Google sheets reports, please enable CSV reports as well.')
+				return
+			sheet_title = pluralize(output_type).upper()
+			ws = sheet.add_worksheet(sheet_title, rows=len(items), cols=len(keys))
+			with open(csv_path, 'r') as f:
+				data = csv.reader(f)
+				data = list(data)
+				data[0] = [
+					k.replace('_', ' ').upper()
+					for k in data[0]
+				]
+				sheet.values_update(
+					ws.title,
+					params={'valueInputOption': 'USER_ENTERED'},
+					body={'values': data}
+				)
+		# Delete 'default' worksheet
+		ws = sheet.get_worksheet(0)
+		sheet.del_worksheet(ws)
+		console.print(f':file_cabinet: Saved Google Sheets reports to [u magenta]{sheet.url}[/]')
+	def create_folder(self, folder_name, parent_id=None):
+		from googleapiclient.discovery import build
+		from google.oauth2 import service_account
+		creds = service_account.Credentials.from_service_account_file(GOOGLE_CREDENTIALS_PATH)
+		service = build('drive', 'v3', credentials=creds)
+		body = {
+			'name': folder_name,
+			'mimeType': "application/vnd.google-apps.folder"
+		}
+		if parent_id:
+			body['parents'] = [parent_id]
+		folder = service.files().create(body=body, fields='id').execute()
+		return folder['id']
+	def list_folders(self, parent_id):
+		from googleapiclient.discovery import build
+		from google.oauth2 import service_account
+		creds = service_account.Credentials.from_service_account_file(GOOGLE_CREDENTIALS_PATH)
+		service = build('drive', 'v3', credentials=creds)
+		driveid = service.files().get(fileId='root').execute()['id']
+		response = service.files().list(
+			q=f"'{parent_id}' in parents and mimeType='application/vnd.google-apps.folder'",
+			driveId=driveid,
+			corpora='drive',
+			includeItemsFromAllDrives=True,
+			supportsAllDrives=True
+		).execute()
+		return response
+	def get_folder_by_name(self, name, parent_id=None):
+		response = self.list_folders(parent_id=parent_id)
+		existing = [i for i in response['files'] if i['name'] == name]
+		if existing:
+			return existing[0]['id']
+		return None

secator/exporters/json.py ADDED Viewed

@@ -0,0 +1,15 @@
+from secator.exporters._base import Exporter
+from secator.rich import console
+from secator.serializers.dataclass import dumps_dataclass
+class JsonExporter(Exporter):
+	def send(self):
+		title = self.report.data['info']['title']
+		json_path = f'{self.report.output_folder}/{title}_{self.report.timestamp}.json'
+		# Save JSON report to file
+		with open(json_path, 'w') as f:
+			f.write(dumps_dataclass(self.report.data, indent=2))
+		console.print(f':file_cabinet: Saved JSON report to {json_path}')

secator/exporters/table.py ADDED Viewed

@@ -0,0 +1,7 @@
+from secator.exporters._base import Exporter
+from secator.utils import print_results_table
+class TableExporter(Exporter):
+	def send(self):
+		print_results_table(self.report.runner.results, self.report.title)

secator/exporters/txt.py ADDED Viewed

@@ -0,0 +1,25 @@
+from secator.exporters._base import Exporter
+from secator.rich import console
+class TxtExporter(Exporter):
+    def send(self):
+        title = self.report.data['info']['title']
+        results = self.report.data['results']
+        txt_paths = []
+        for output_type, items in results.items():
+            items = [str(i) for i in items]
+            if not items:
+                continue
+            txt_path = f'{self.report.output_folder}/{title}_{output_type}_{self.report.timestamp}.txt'
+            with open(txt_path, 'w') as f:
+                f.write('\n'.join(items))
+            txt_paths.append(txt_path)
+        if len(txt_paths) == 1:
+            txt_paths_str = txt_paths[0]
+        else:
+            txt_paths_str = '\n   • ' + '\n   • '.join(txt_paths)
+        console.print(f':file_cabinet: Saved TXT reports to {txt_paths_str}')

secator/hooks/__init__.py ADDED Viewed

File without changes