secator 0.0.1__py3-none-any.whl

secator/output_types/url.py

@@ -0,0 +1,76 @@
+import time
+from dataclasses import dataclass, field
+
+from secator.definitions import (CONTENT_LENGTH, CONTENT_TYPE, STATUS_CODE,
+								 TECH, TIME, TITLE, URL, WEBSERVER)
+from secator.output_types import OutputType
+from secator.utils import rich_to_ansi
+
+
+@dataclass
+class Url(OutputType):
+	url: str
+	host: str = field(default='', compare=False)
+	status_code: int = field(default=0, compare=False)
+	title: str = field(default='', compare=False)
+	webserver: str = field(default='', compare=False)
+	tech: list = field(default_factory=list, compare=False)
+	content_type: str = field(default='', compare=False)
+	content_length: int = field(default=0, compare=False)
+	time: str = field(default='', compare=False)
+	method: str = field(default='', compare=False)
+	words: int = field(default=0, compare=False)
+	lines: int = field(default=0, compare=False)
+	screenshot_path: str = field(default='', compare=False)
+	stored_response_path: str = field(default='', compare=False)
+	_source: str = field(default='', repr=True, compare=False)
+	_type: str = field(default='url', repr=True)
+	_timestamp: int = field(default_factory=lambda: time.time(), compare=False)
+	_uuid: str = field(default='', repr=True, compare=False)
+	_context: dict = field(default_factory=dict, repr=True, compare=False)
+	_tagged: bool = field(default=False, repr=True, compare=False)
+	_duplicate: bool = field(default=False, repr=True, compare=False)
+	_related: list = field(default_factory=list, compare=False)
+
+	_table_fields = [
+		URL,
+		STATUS_CODE,
+		TITLE,
+		WEBSERVER,
+		TECH,
+		CONTENT_TYPE,
+		CONTENT_LENGTH,
+		TIME
+	]
+	_sort_by = (URL,)
+
+	def __gt__(self, other):
+		# favor httpx over other url info tools
+		if self._source == 'httpx' and other._source != 'httpx':
+			return True
+		return super().__gt__(other)
+
+	def __str__(self):
+		return self.url
+
+	def __repr__(self):
+		s = f'🔗 [white]{self.url}'
+		if self.status_code and self.status_code != 0:
+			if self.status_code < 400:
+				s += f' \[[green]{self.status_code}[/]]'
+			else:
+				s += f' \[[red]{self.status_code}[/]]'
+		if self.title:
+			s += f' \[[green]{self.title}[/]]'
+		if self.webserver:
+			s += f' \[[magenta]{self.webserver}[/]]'
+		if self.tech:
+			techs_str = ', '.join([f'[magenta]{tech}[/]' for tech in self.tech])
+			s += f' [{techs_str}]'
+		if self.content_type:
+			s += f' \[[magenta]{self.content_type}[/]]'
+		if self.content_length:
+			s += f' \[[magenta]{self.content_length}[/]]'
+		if self.screenshot_path:
+			s += f' \[[magenta]{self.screenshot_path}[/]]'
+		return rich_to_ansi(s)

secator/output_types/user_account.py

@@ -0,0 +1,41 @@
+import time
+from dataclasses import dataclass, field
+
+from secator.definitions import SITE_NAME, URL, USERNAME
+from secator.output_types import OutputType
+from secator.utils import rich_to_ansi
+
+
+@dataclass
+class UserAccount(OutputType):
+	username: str
+	url: str = ''
+	email: str = ''
+	site_name: str = ''
+	extra_data: dict = field(default_factory=dict, compare=False)
+	_source: str = field(default='', repr=True)
+	_type: str = field(default='user_account', repr=True)
+	_timestamp: int = field(default_factory=lambda: time.time(), compare=False)
+	_uuid: str = field(default='', repr=True, compare=False)
+	_context: dict = field(default_factory=dict, repr=True, compare=False)
+	_tagged: bool = field(default=False, repr=True, compare=False)
+	_duplicate: bool = field(default=False, repr=True, compare=False)
+	_related: list = field(default_factory=list, compare=False)
+
+	_table_fields = [SITE_NAME, USERNAME, URL]
+	_sort_by = (URL, USERNAME)
+
+	def __str__(self) -> str:
+		return self.url
+
+	def __repr__(self) -> str:
+		s = f'👤 [green]{self.username}[/]'
+		if self.email:
+			s += f' \[[bold yellow]{self.email}[/]]'
+		if self.site_name:
+			s += f' \[[bold blue]{self.site_name}[/]]'
+		if self.url:
+			s += f' \[[white]{self.url}[/]]'
+		if self.extra_data:
+			s += ' \[[bold yellow]' + ', '.join(f'{k}:{v}' for k, v in self.extra_data.items()) + '[/]]'
+		return rich_to_ansi(s)

secator/output_types/vulnerability.py

@@ -0,0 +1,97 @@
+import time
+from dataclasses import dataclass, field
+from typing import List
+
+from secator.definitions import (CONFIDENCE, CVSS_SCORE, EXTRA_DATA, ID,
+								 MATCHED_AT, NAME, REFERENCE, SEVERITY, TAGS)
+from secator.output_types import OutputType
+from secator.utils import rich_to_ansi
+
+
+@dataclass
+class Vulnerability(OutputType):
+	name: str
+	provider: str = ''
+	id: str = ''
+	matched_at: str = ''
+	ip: str = field(default='', compare=False)
+	confidence: int = 'low'
+	severity: str = 'unknown'
+	cvss_score: float = 0
+	tags: List[str] = field(default_factory=list)
+	extra_data: dict = field(default_factory=dict, compare=False)
+	description: str = field(default='', compare=False)
+	references: List[str] = field(default_factory=list, compare=False)
+	reference: str = field(default='', compare=False)
+	confidence_nb: int = 0
+	severity_nb: int = 0
+	_source: str = field(default='', repr=True)
+	_type: str = field(default='vulnerability', repr=True)
+	_timestamp: int = field(default_factory=lambda: time.time(), compare=False)
+	_uuid: str = field(default='', repr=True, compare=False)
+	_context: dict = field(default_factory=dict, repr=True, compare=False)
+	_tagged: bool = field(default=False, repr=True, compare=False)
+	_duplicate: bool = field(default=False, repr=True, compare=False)
+	_related: list = field(default_factory=list, compare=False)
+
+	_table_fields = [
+		MATCHED_AT,
+		SEVERITY,
+		CONFIDENCE,
+		NAME,
+		ID,
+		CVSS_SCORE,
+		TAGS,
+		EXTRA_DATA,
+		REFERENCE
+	]
+	_sort_by = ('confidence_nb', 'severity_nb', 'matched_at', 'cvss_score')
+
+	def __post_init__(self):
+		super().__post_init__()
+		severity_map = {
+			'critical': 0,
+			'high': 1,
+			'medium': 2,
+			'low': 3,
+			'info': 4,
+			'unknown': 5,
+			None: 6
+		}
+		self.severity_nb = severity_map[self.severity]
+		self.confidence_nb = severity_map[self.confidence]
+		if len(self.references) > 0:
+			self.reference = self.references[0]
+
+	def __repr__(self):
+		data = self.extra_data
+		if 'data' in data and isinstance(data['data'], list):
+			data = ','.join(data['data'])
+		elif isinstance(data, dict):
+			data = ', '.join([f'{k}:{v}' for k, v in data.items()])
+		tags = self.tags
+		colors = {
+			'critical': 'bold red',
+			'high': 'red',
+			'medium': 'yellow',
+			'low': 'green',
+			'info': 'magenta',
+			'unknown': 'dim magenta'
+		}
+		c = colors[self.severity]
+		s = f'🚨 \[[green]{self.name} [link={self.reference}]🡕[/link][/]] \[[{c}]{self.severity}[/]] {self.matched_at}'
+		if tags:
+			tags_str = ','.join(tags)
+			s += f' \[[cyan]{tags_str}[/]]'
+		if data:
+			s += f' \[[yellow]{str(data)}[/]]'
+		return rich_to_ansi(s)
+
+	# def __gt__(self, other):
+	# 	# favor httpx over other url info tools
+	# 	if self._source == 'httpx' and other._source != 'httpx':
+	# 		return True
+	# 	return super().__gt__(other)
+
+	def __str__(self):
+		return self.matched_at + ' -> ' + self.name

secator/report.py

@@ -0,0 +1,107 @@
+import operator
+import os
+from pathlib import Path
+
+from secator.definitions import REPORTS_FOLDER
+from secator.output_types import OUTPUT_TYPES, OutputType
+from secator.utils import merge_opts, pluralize, get_file_timestamp, print_results_table
+from secator.rich import console
+
+
+# TODO: initialize from data, not from runner
+class Report:
+	"""Report class.
+
+	Args:
+		runner (secator.runners.Runner): Runner instance.
+		title (str): Report title.
+		exporters (list): List of exporter classes.
+	"""
+	def __init__(self, runner, title=None, exporters=[]):
+		self.title = title or f'{runner.__class__.__name__.lower()}_{runner.config.name}'
+		self.runner = runner
+		self.timestamp = get_file_timestamp()
+		self.exporters = exporters
+		self.workspace_name = runner.workspace_name
+		self.create_local_folders()
+
+	def as_table(self):
+		print_results_table(self.results, self.title)
+
+	def send(self):
+		for report_cls in self.exporters:
+			try:
+				report_cls(self).send()
+			except Exception as e:
+				console.print(
+					f'Could not create exporter {report_cls.__name__} for {self.__class__.__name__}: {str(e)}',
+					style='bold red')
+
+	def build(self):
+		# Trim options
+		from secator.decorators import DEFAULT_CLI_OPTIONS
+		opts = merge_opts(self.runner.config.options, self.runner.run_opts)
+		opts = {
+			k: v for k, v in opts.items()
+			if k not in DEFAULT_CLI_OPTIONS
+			and not k.startswith('print_')
+			and v is not None
+		}
+
+		# Prepare report structure
+		data = {
+			'info': {
+				'title': self.title,
+				'runner': self.runner.__class__.__name__,
+				'name': self.runner.config.name,
+				'targets': self.runner.targets,
+				'total_time': str(self.runner.elapsed),
+				'total_human': self.runner.elapsed_human,
+				'opts': opts,
+			},
+			'results': {},
+		}
+
+		# Fill report
+		for output_type in OUTPUT_TYPES:
+			if output_type.__name__ == 'Progress':
+				continue
+			output_name = output_type.get_name()
+			sort_by, _ = get_table_fields(output_type)
+			items = [
+				item for item in self.runner.results
+				if isinstance(item, OutputType) and item._type == output_name and not item._duplicate
+			]
+			if items:
+				if sort_by and all(sort_by):
+					items = sorted(items, key=operator.attrgetter(*sort_by))
+				data['results'][output_name] = items
+
+		# Save data
+		self.data = data
+
+	def create_local_folders(self):
+		output_folder = Path(REPORTS_FOLDER)
+		if self.runner.workspace_name:
+			output_folder = output_folder / Path(self.runner.workspace_name)
+		output_folder = output_folder / Path(pluralize(self.runner.__class__.__name__).lower())
+		output_folder = str(output_folder)
+		os.makedirs(output_folder, exist_ok=True)
+		self.output_folder = output_folder
+
+
+def get_table_fields(output_type):
+	"""Get output fields and sort fields based on output type.
+
+	Args:
+		output_type (str): Output type.
+
+	Returns:
+		tuple: Tuple of sort_by (tuple), output_fields (list).
+	"""
+	sort_by = ()
+	output_fields = []
+	if output_type in OUTPUT_TYPES:
+		sort_by = output_type._sort_by
+		output_fields = output_type._table_fields
+	return sort_by, output_fields

secator/rich.py

@@ -0,0 +1,124 @@
+import operator
+
+import click
+import rich_click
+import yaml
+from rich import box
+from rich.console import Console
+from rich.logging import RichHandler
+from rich.table import Table
+from rich.traceback import install
+
+from secator.definitions import DEBUG, RECORD
+
+console = Console(stderr=True, record=RECORD, color_system='truecolor')
+console_stdout = Console(record=True)
+handler = RichHandler(rich_tracebacks=True)
+install(show_locals=DEBUG > 2, suppress=[click, rich_click])
+
+
+def criticity_to_color(value):
+	if value == 'critical':
+		value = f'[bold red3]{value.upper()}[/]'
+	elif value == 'high':
+		value = f'[bold orange_red1]{value.upper()}[/]'
+	elif value == 'medium':
+		value = f'[bold dark_orange]{value.upper()}[/]'
+	elif value == 'low':
+		value = f'[bold yellow1]{value.upper()}[/]'
+	elif value == 'info':
+		value = f'[bold green]{value.upper()}[/]'
+	return value
+
+
+def status_to_color(value):
+	value = int(value) if value else None
+	if value is None:
+		return value
+	if value < 400:
+		value = f'[bold green]{value}[/]'
+	elif value in [400, 499]:
+		value = f'[bold dark_orange]{value}[/]'
+	elif value >= 500:
+		value = f'[bold red3]{value}[/]'
+	return value
+
+
+FORMATTERS = {
+	'confidence': criticity_to_color,
+	'severity': criticity_to_color,
+	'cvss_score': lambda score: '' if score == -1 else f'[bold cyan]{score}[/]',
+	'port': lambda port: f'[bold cyan]{port}[/]',
+	'url': lambda host: f'[bold underline blue]{host}[/]',
+	'ip': lambda ip: f'[bold yellow]{ip}[/]',
+	'status_code': status_to_color,
+	'reference': lambda reference: f'[link={reference}]🡕[/]',
+	'_source': lambda source: f'[bold gold3]{source}[/]'
+}
+
+
+def build_table(items, output_fields=[], exclude_fields=[], sort_by=None):
+	"""Build rich table.
+
+	Args:
+		items (list): List of items.
+		output_fields (list, Optional): List of fields to add.
+		exclude_fields (list, Optional): List of fields to exclude.
+		sort_by (tuple, Optional): Tuple of sort_by keys.
+
+	Returns:
+		rich.table.Table: rich table.
+	"""
+	# Sort items by one or multiple fields
+	if sort_by and all(sort_by):
+		items = sorted(items, key=operator.attrgetter(*sort_by))
+
+	# Create rich table
+	box_style = box.DOUBLE if RECORD else box.ROUNDED
+	table = Table(show_lines=True, box=box_style)
+
+	# Get table schema if any, default to first item keys
+	keys = output_fields
+
+	# List of fields to exclude
+	keys = [k for k in keys if k not in exclude_fields]
+
+	# Remove meta fields not needed in output
+	if '_cls' in keys:
+		keys.remove('_cls')
+	if '_type' in keys:
+		keys.remove('_type')
+	if '_uuid' in keys:
+		keys.remove('_uuid')
+
+	# Add _source field
+	if '_source' not in keys:
+		keys.append('_source')
+
+	# Create table columns
+	for key in keys:
+		key_str = key
+		if not key.startswith('_'):
+			key_str = ' '.join(key.split('_')).upper()
+		no_wrap = key in ['url', 'reference', 'references', 'matched_at']
+		overflow = None if no_wrap else 'fold'
+		table.add_column(
+			key_str,
+			overflow=overflow,
+			min_width=10,
+			no_wrap=no_wrap,
+			header_style='bold blue')
+
+	# Create table rows
+	for item in items:
+		values = []
+		for key in keys:
+			value = getattr(item, key)
+			value = FORMATTERS.get(key, lambda x: x)(value)
+			if isinstance(value, dict) or isinstance(value, list):
+				value = yaml.dump(value)
+			elif isinstance(value, int) or isinstance(value, float):
+				value = str(value)
+			values.append(value)
+		table.add_row(*values)
+	return table

secator/runners/__init__.py

@@ -0,0 +1,12 @@
+__all__ = [
+    'Runner',
+    'Command',
+    'Task',
+    'Workflow',
+    'Scan',
+]
+from secator.runners._base import Runner
+from secator.runners.command import Command
+from secator.runners.task import Task
+from secator.runners.scan import Scan
+from secator.runners.workflow import Workflow