secator 0.0.1__tar.gz

secator-0.0.1/LICENSE

@@ -0,0 +1,60 @@
+License text copyright (c) 2020 MariaDB Corporation Ab, All Rights Reserved.
+“Business Source License” is a trademark of MariaDB Corporation Ab.
+
+Parameters
+
+Licensor:             FreeLabz.
+Licensed Work:        Secator. The Licensed Work is (c) 2023 FreeLabz.
+Additional Use Grant: You may make production use of the Licensed Work,
+                      provided such use does not include offering the Licensed Work
+                      to third parties on a hosted or embedded basis which is
+                      competitive with FreeLabz's products.
+Change Date:          Four years from the date the Licensed Work is published.
+
+For information about alternative licensing arrangements for the Licensed Work,
+please contact sales@freelabz.com.
+
+Notice
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.

secator-0.0.1/MANIFEST.in

@@ -0,0 +1,3 @@
+include secator/configs/workflows/*.yaml
+include secator/configs/scans/*.yaml
+include secator/configs/profiles/*.yaml

secator-0.0.1/PKG-INFO

@@ -0,0 +1,199 @@
+Metadata-Version: 2.1
+Name: secator
+Version: 0.0.1
+Summary: Security tools command runner
+Author: FLZ Security
+Author-email: ocervello@freelabz.com
+License: MIT
+Keywords: recon framework vulnerability pentest automation
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: bs4
+Requires-Dist: celery
+Requires-Dist: cpe
+Requires-Dist: dotmap
+Requires-Dist: eventlet
+Requires-Dist: flower
+Requires-Dist: free-proxy
+Requires-Dist: furl
+Requires-Dist: gevent
+Requires-Dist: jinja2
+Requires-Dist: humanize
+Requires-Dist: memray
+Requires-Dist: netifaces
+Requires-Dist: pygments
+Requires-Dist: pyinstrument
+Requires-Dist: python-dotenv
+Requires-Dist: pyyaml
+Requires-Dist: pymongo
+Requires-Dist: redis
+Requires-Dist: requests
+Requires-Dist: rich
+Requires-Dist: rich-click<1.7
+Requires-Dist: tabulate
+Requires-Dist: termcolor
+Requires-Dist: validators
+Requires-Dist: xmltodict
+Provides-Extra: dev
+Requires-Dist: coverage; extra == "dev"
+Requires-Dist: flake8; extra == "dev"
+Requires-Dist: watchdog; extra == "dev"
+Requires-Dist: asciinema-automation; extra == "dev"
+Provides-Extra: google
+Requires-Dist: google-api-python-client; extra == "google"
+Requires-Dist: google-auth; extra == "google"
+Requires-Dist: gspread; extra == "google"
+
+<h1 align="center">
+	secator
+	<br>
+</h1>
+
+<h4 align="center">Security swiss-knife to speed up vulnerability assessments.</h4>
+
+<p align="center">
+<!-- <a href="https://goreportcard.com/report/github.com/freelabz/secator"><img src="https://goreportcard.com/badge/github.com/freelabz/secator"></a> -->
+<a href="https://github.com/freelabz/secator/issues"><img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat"></a>
+<a href="https://github.com/freelabz/secator/releases"><img src="https://img.shields.io/github/release/freelabz/secator"></a>
+<a href="https://www.apache.org/licenses/LICENSE-2.0"><img src="https://img.shields.io/badge/License-Apache-blue.svg"></a>
+<a href="https://twitter.com/freelabz"><img src="https://img.shields.io/twitter/follow/freelabz.svg?logo=twitter"></a>
+<!-- <a href="https://discord.gg/freelabz"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord"></a> -->
+</p>
+
+
+<p align="center">
+  <a href="#features">Features</a> •
+  <a href="#supported-commands">Supported commands</a> •
+  <a href="#install-secator">Installation</a> •
+  <a href="#usage">Usage</a> •
+  <a href="https://docs.freelabz.com">Documentation</a>
+</p>
+
+`secator` is a task and workflow runner used for security assessments. It supports dozens of well-known security tools
+and it is designed to improve productivity for pentesters and security researchers.
+
+# Features
+
+![](images/short_demo.gif)
+
+* **Curated list of commands**
+
+* **Unified input options**
+
+* **Unified output schema**
+
+* **CLI and library usage**
+
+* **Distributed options with Celery**
+
+* **Complexity from simple tasks to complex workflows**
+
+* **Customizable**
+
+## Supported commands
+
+`secator` integrates the following commands:
+
+| Name                                                          | Description                                                                    | Category       |
+|---------------------------------------------------------------|--------------------------------------------------------------------------------|----------------|
+| [httpx](https://github.com/projectdiscovery/httpx)            | Fast HTTP prober.                                                              | `http`         |
+| [cariddi](https://github.com/edoardottt/cariddi)              | Fast crawler and endpoint secrets / api keys / tokens matcher.                 | `http/crawler` |
+| [gau](https://github.com/lc/gau)                              | Offline URL crawler (Alien Vault, The Wayback Machine, Common Crawl, URLScan). | `http/crawler` |
+| [gospider](https://github.com/jaeles-project/gospider)        | Fast web spider written in Go.                                                 | `http/crawler` |
+| [katana](https://github.com/projectdiscovery/katana)          | Next-generation crawling and spidering framework.                              | `http/crawler` |
+| [dirsearch](https://github.com/maurosoria/dirsearch)          | Web path discovery.                                                            | `http/fuzzer`  |
+| [feroxbuster](https://github.com/epi052/feroxbuster)          | Simple, fast, recursive content discovery tool written in Rust.                | `http/fuzzer`  |
+| [ffuf](https://github.com/ffuf/ffuf)                          | Fast web fuzzer written in Go.                                                 | `http/fuzzer`  |
+| [h8mail](https://github.com/khast3x/h8mail)                   | Email OSINT and breach hunting tool.                                           | `osint`        |
+| [dnsx](https://github.com/projectdiscovery/dnsx)              | Fast and multi-purpose DNS toolkit designed for running DNS queries.           | `recon/dns`    |
+| [dnsxbrute](https://github.com/projectdiscovery/dnsx)              | Fast and multi-purpose DNS toolkit designed for running DNS queries (bruteforce mode).           | `recon/dns`    |
+| [subfinder](https://github.com/projectdiscovery/subfinder)    | Fast subdomain finder.                                                         | `recon/dns`    |
+| [fping](https://fping.org/)                                   | Find alive hosts on local networks.                                            | `recon/ip`     |
+| [mapcidr](https://github.com/projectdiscovery/mapcidr)        | Expand CIDR ranges into IPs.                                                   | `recon/ip`     |
+| [naabu](https://github.com/projectdiscovery/naabu)            | Fast port discovery tool.                                                      | `recon/port`   |
+| [maigret](https://github.com/soxoj/maigret)                   | Hunt for user accounts across many websites.                                   | `recon/user`   |
+| [gf](https://github.com/tomnomnom/gf)                         | A wrapper around grep to avoid typing common patterns.                         | `tagger`       |
+| [grype](https://github.com/anchore/grype)                     | A vulnerability scanner for container images and filesystems.                  | `vuln/code`    |
+| [dalfox](https://github.com/hahwul/dalfox)                    | Powerful XSS scanning tool and parameter analyzer.                             | `vuln/http`    |
+| [msfconsole](https://docs.rapid7.com/metasploit/msf-overview) | CLI to access and work with the Metasploit Framework.                          | `vuln/http`    |
+| [wpscan](https://github.com/wpscanteam/wpscan)                | WordPress Security Scanner                                                     | `vuln/multi`   |
+| [nmap](https://github.com/nmap/nmap)                          | Vulnerability scanner using NSE scripts.                                       | `vuln/multi`   |
+| [nuclei](https://github.com/projectdiscovery/nuclei)          | Fast and customisable vulnerability scanner based on simple YAML based DSL.    | `vuln/multi`   |
+| [searchsploit](https://gitlab.com/exploit-database/exploitdb) | Exploit searcher. | `exploit/search`    |
+
+Feel free to request new commands to be added by opening an issue, but please 
+check that the command complies with our selection criterias before doing so. If it doesn't but you still want to integrate it into `secator`, you can plug it in (see the [dev guide](https://docs.freelabz.com/for-developers/writing-custom-tasks)).
+
+
+## Install Secator
+
+Secator requires **python >= 3.8** to install successfully. Run the following command to install the latest version:
+
+```sh
+pip3 install git+https://github.com/freelabz/secator.git
+```
+
+<details>
+	<summary>Bash one-liner</summary>
+
+	git clone https://github.com/freelabz/secator && sh ./scripts/install.sh
+
+</details>
+
+<details>
+	<summary>Docker</summary>
+
+	docker build -t secator
+
+</details>
+
+<details>
+	<summary>Development build</summary>
+
+	git clone https://github.com/freelabz/secator
+	cd secator
+	python3 -m virtualenv -p python3 ~/.virtualenvs/secator
+	source ~/.virtualenvs/secator/bin/activate
+	pip3 install -e .
+
+</details>
+
+
+### Install specific tasks
+
+```sh
+secator u install <TASK_NAME>
+```
+
+## Usage
+```sh
+secator --help
+```
+![](images/help.png)
+
+
+### Running secator
+
+Run a fuzzing task (`ffuf`):
+
+```sh
+secator x ffuf http://testphp.vulnweb.com/FUZZ
+```
+
+Run a port scan:
+
+```sh
+secator w port_scan mydomain.com
+```
+
+Run a full host scan:
+
+```sh
+secator s host mydomain.com
+```
+
+For more, read the complete [documentation](https://docs.freelabz.com).

secator-0.0.1/README.md

@@ -0,0 +1,149 @@
+<h1 align="center">
+	secator
+	<br>
+</h1>
+
+<h4 align="center">Security swiss-knife to speed up vulnerability assessments.</h4>
+
+<p align="center">
+<!-- <a href="https://goreportcard.com/report/github.com/freelabz/secator"><img src="https://goreportcard.com/badge/github.com/freelabz/secator"></a> -->
+<a href="https://github.com/freelabz/secator/issues"><img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat"></a>
+<a href="https://github.com/freelabz/secator/releases"><img src="https://img.shields.io/github/release/freelabz/secator"></a>
+<a href="https://www.apache.org/licenses/LICENSE-2.0"><img src="https://img.shields.io/badge/License-Apache-blue.svg"></a>
+<a href="https://twitter.com/freelabz"><img src="https://img.shields.io/twitter/follow/freelabz.svg?logo=twitter"></a>
+<!-- <a href="https://discord.gg/freelabz"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord"></a> -->
+</p>
+
+
+<p align="center">
+  <a href="#features">Features</a> •
+  <a href="#supported-commands">Supported commands</a> •
+  <a href="#install-secator">Installation</a> •
+  <a href="#usage">Usage</a> •
+  <a href="https://docs.freelabz.com">Documentation</a>
+</p>
+
+`secator` is a task and workflow runner used for security assessments. It supports dozens of well-known security tools
+and it is designed to improve productivity for pentesters and security researchers.
+
+# Features
+
+![](images/short_demo.gif)
+
+* **Curated list of commands**
+
+* **Unified input options**
+
+* **Unified output schema**
+
+* **CLI and library usage**
+
+* **Distributed options with Celery**
+
+* **Complexity from simple tasks to complex workflows**
+
+* **Customizable**
+
+## Supported commands
+
+`secator` integrates the following commands:
+
+| Name                                                          | Description                                                                    | Category       |
+|---------------------------------------------------------------|--------------------------------------------------------------------------------|----------------|
+| [httpx](https://github.com/projectdiscovery/httpx)            | Fast HTTP prober.                                                              | `http`         |
+| [cariddi](https://github.com/edoardottt/cariddi)              | Fast crawler and endpoint secrets / api keys / tokens matcher.                 | `http/crawler` |
+| [gau](https://github.com/lc/gau)                              | Offline URL crawler (Alien Vault, The Wayback Machine, Common Crawl, URLScan). | `http/crawler` |
+| [gospider](https://github.com/jaeles-project/gospider)        | Fast web spider written in Go.                                                 | `http/crawler` |
+| [katana](https://github.com/projectdiscovery/katana)          | Next-generation crawling and spidering framework.                              | `http/crawler` |
+| [dirsearch](https://github.com/maurosoria/dirsearch)          | Web path discovery.                                                            | `http/fuzzer`  |
+| [feroxbuster](https://github.com/epi052/feroxbuster)          | Simple, fast, recursive content discovery tool written in Rust.                | `http/fuzzer`  |
+| [ffuf](https://github.com/ffuf/ffuf)                          | Fast web fuzzer written in Go.                                                 | `http/fuzzer`  |
+| [h8mail](https://github.com/khast3x/h8mail)                   | Email OSINT and breach hunting tool.                                           | `osint`        |
+| [dnsx](https://github.com/projectdiscovery/dnsx)              | Fast and multi-purpose DNS toolkit designed for running DNS queries.           | `recon/dns`    |
+| [dnsxbrute](https://github.com/projectdiscovery/dnsx)              | Fast and multi-purpose DNS toolkit designed for running DNS queries (bruteforce mode).           | `recon/dns`    |
+| [subfinder](https://github.com/projectdiscovery/subfinder)    | Fast subdomain finder.                                                         | `recon/dns`    |
+| [fping](https://fping.org/)                                   | Find alive hosts on local networks.                                            | `recon/ip`     |
+| [mapcidr](https://github.com/projectdiscovery/mapcidr)        | Expand CIDR ranges into IPs.                                                   | `recon/ip`     |
+| [naabu](https://github.com/projectdiscovery/naabu)            | Fast port discovery tool.                                                      | `recon/port`   |
+| [maigret](https://github.com/soxoj/maigret)                   | Hunt for user accounts across many websites.                                   | `recon/user`   |
+| [gf](https://github.com/tomnomnom/gf)                         | A wrapper around grep to avoid typing common patterns.                         | `tagger`       |
+| [grype](https://github.com/anchore/grype)                     | A vulnerability scanner for container images and filesystems.                  | `vuln/code`    |
+| [dalfox](https://github.com/hahwul/dalfox)                    | Powerful XSS scanning tool and parameter analyzer.                             | `vuln/http`    |
+| [msfconsole](https://docs.rapid7.com/metasploit/msf-overview) | CLI to access and work with the Metasploit Framework.                          | `vuln/http`    |
+| [wpscan](https://github.com/wpscanteam/wpscan)                | WordPress Security Scanner                                                     | `vuln/multi`   |
+| [nmap](https://github.com/nmap/nmap)                          | Vulnerability scanner using NSE scripts.                                       | `vuln/multi`   |
+| [nuclei](https://github.com/projectdiscovery/nuclei)          | Fast and customisable vulnerability scanner based on simple YAML based DSL.    | `vuln/multi`   |
+| [searchsploit](https://gitlab.com/exploit-database/exploitdb) | Exploit searcher. | `exploit/search`    |
+
+Feel free to request new commands to be added by opening an issue, but please 
+check that the command complies with our selection criterias before doing so. If it doesn't but you still want to integrate it into `secator`, you can plug it in (see the [dev guide](https://docs.freelabz.com/for-developers/writing-custom-tasks)).
+
+
+## Install Secator
+
+Secator requires **python >= 3.8** to install successfully. Run the following command to install the latest version:
+
+```sh
+pip3 install git+https://github.com/freelabz/secator.git
+```
+
+<details>
+	<summary>Bash one-liner</summary>
+
+	git clone https://github.com/freelabz/secator && sh ./scripts/install.sh
+
+</details>
+
+<details>
+	<summary>Docker</summary>
+
+	docker build -t secator
+
+</details>
+
+<details>
+	<summary>Development build</summary>
+
+	git clone https://github.com/freelabz/secator
+	cd secator
+	python3 -m virtualenv -p python3 ~/.virtualenvs/secator
+	source ~/.virtualenvs/secator/bin/activate
+	pip3 install -e .
+
+</details>
+
+
+### Install specific tasks
+
+```sh
+secator u install <TASK_NAME>
+```
+
+## Usage
+```sh
+secator --help
+```
+![](images/help.png)
+
+
+### Running secator
+
+Run a fuzzing task (`ffuf`):
+
+```sh
+secator x ffuf http://testphp.vulnweb.com/FUZZ
+```
+
+Run a port scan:
+
+```sh
+secator w port_scan mydomain.com
+```
+
+Run a full host scan:
+
+```sh
+secator s host mydomain.com
+```
+
+For more, read the complete [documentation](https://docs.freelabz.com).