secator 0.0.1__tar.gz → 0.1.0__tar.gz

secator-0.1.0/.flake8

@@ -0,0 +1,3 @@
+[flake8]
+extend-ignore = W191,E101,E128,E265,W605
+max-line-length = 120

secator-0.1.0/.gitignore

@@ -0,0 +1,136 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+#*.txt
+#*.sh
+
+# Others
+*.json
+*.yml
+resume.cfg
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/

secator-0.1.0/CONTRIBUTING.md

@@ -0,0 +1,88 @@
+
+Please read this document before opening a new pull request.
+
+## Create a dev environment
+
+To create a dev environment, you can either use `pipx` or `virtualenv` + `pip`:
+
+<details>
+	<summary>Pipx</summary>
+
+```sh
+git clone https://github.com/freelabz/secator
+cd secator
+pipx install -e .[dev]
+```
+
+</details>
+
+<details>
+	<summary>Pip</summary>
+
+```sh
+git clone https://github.com/freelabz/secator
+cd secator
+virtualenv .venv
+source .venv/bin/activate
+pip install -e .[dev]
+```
+
+</details>
+
+
+## Contribute a new task
+
+To contribute a new task back to `secator` repository, it needs to validate some requirements:
+
+- Verify your **task class definition**:
+  - It MUST have an `input_type` key.
+  - It MUST have an `output_types` key.
+  - It MUST have an `install_cmd` key.
+
+- Add your **task definition** to the `tasks/` directory. If your task class is named `MyAwesomeTask`, call it `my_awesome_task.py`
+
+- [Optional] Add your output type(s) to `secator`:
+	- Add your type(s) definition(s) to `output_types/` directory. If your output type is named `MyAwesomeType`, call the file `my_awesome_type.py`
+	- Import your type class in `__init__.py`
+
+- Add a **unit test** for your task:
+	- `tests/fixtures/<TASK_NAME>_output.(json|xml|rc|txt)`: add a fixture for the original command output.
+		- Make sure it is anonymized from PII data
+		- Run `secator x <TASK_NAME> <HOST>` to make sure the output is shown correctly on the CLI. Also run with `-json` to 
+			verify the output schema
+		- This fixture will be used by unit tests to emulate data sent by your task
+	- Validate your unit test by running: `secator test unit --task <TASK_NAME> --test test_tasks`
+
+- Add an **integration test** for your task:
+	- `tests/integration/inputs.py` - to modify integration inputs
+	- `tests/integration/outputs.py` - to modify expected outputs
+	- Validate your integration test by running: `secator test integration --task <TASK_NAME> --test test_tasks`
+
+- Run the lint tests: `secator test lint`
+
+- Open a new pull request with your changes.
+
+### New workflow / scan
+
+- Add your workflow / scan YAML definition `awesome_work.yml` to `configs/workflows/`
+
+- Make sure the `name` YAML key is the same as your workflow's file name.
+
+- Make sure the `type` YAML key is set to `workflow` or `scan`.
+
+- Add some integration tests:
+	- `inputs.py`: add inputs for your workflow
+	- `outputs.py`: add some expected outputs of your workflow
+
+- Run the integration tests:
+	- For workflows: `secator test integration --test test_workflows --workflows <WORKFLOW_NAME>`
+	- For scans: `secator test integration --test test_scans --scans <SCAN_NAME>`
+
+- Open a new pull request with your changes.
+
+## Other code
+
+- Make sure you pass the `lint` and `unit` tests:
+	- `secator test unit`
+	- `secator test lint`
+- Open a new pull request with your changes.

secator-0.1.0/Dockerfile

@@ -0,0 +1,47 @@
+FROM kalilinux/kali-rolling
+
+ENV PATH="${PATH}:/root/go/bin:/root/.local/bin"
+
+RUN apt update -y && \
+    apt install -y \
+	curl \
+	gcc \
+	git \
+	golang-go \
+    make \
+	pipx \
+	python3 \
+	python3-pip \
+	python3-venv \
+	ruby-full \
+	rubygems \
+	sudo \
+	vim \
+    wget \
+	chromium \
+    jq \
+    openssl \
+	proxychains \
+	proxychains-ng \
+	&& rm -rf /var/lib/apt/lists/*
+
+# Install Metasploit framework
+RUN curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
+RUN chmod 755 msfinstall
+RUN ./msfinstall
+
+# Copy code
+WORKDIR /code
+COPY . /code/
+
+# Install secator
+RUN pipx install .
+RUN secator install tools
+RUN secator install addons worker
+RUN secator install addons google
+RUN secator install addons mongodb
+RUN secator install addons redis
+RUN secator install addons dev
+
+# Set entrypoint
+ENTRYPOINT ["secator"]

secator-0.1.0/PKG-INFO

@@ -0,0 +1,379 @@
+Metadata-Version: 2.3
+Name: secator
+Version: 0.1.0
+Summary: The pentester's swiss knife.
+Project-URL: Homepage, https://github.com/freelabz/secator
+Project-URL: Issues, https://github.com/freelabz/secator/issues
+Author-email: FreeLabz <sales@freelabz.com>
+License-File: LICENSE
+Keywords: automation,cybersecurity,pentest,recon,vulnerability
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: Free for non-commercial use
+Classifier: Operating System :: Unix
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Requires-Dist: bs4<1
+Requires-Dist: celery<6
+Requires-Dist: cpe<2
+Requires-Dist: dotmap<2
+Requires-Dist: free-proxy<2
+Requires-Dist: furl<3
+Requires-Dist: humanize<5
+Requires-Dist: ifaddr<1
+Requires-Dist: jinja2<4
+Requires-Dist: python-dotenv<2
+Requires-Dist: pyyaml<7
+Requires-Dist: requests<3
+Requires-Dist: rich-click<1.7
+Requires-Dist: rich<14
+Requires-Dist: validators<1
+Requires-Dist: xmltodict<1
+Provides-Extra: dev
+Requires-Dist: asciinema-automation<1; extra == 'dev'
+Requires-Dist: coverage<8; extra == 'dev'
+Requires-Dist: flake8<8; extra == 'dev'
+Requires-Dist: watchdog<3; extra == 'dev'
+Provides-Extra: google
+Requires-Dist: google-api-python-client<3; extra == 'google'
+Requires-Dist: gspread<7; extra == 'google'
+Provides-Extra: mongodb
+Requires-Dist: pymongo<5; extra == 'mongodb'
+Provides-Extra: redis
+Requires-Dist: redis<6; extra == 'redis'
+Provides-Extra: trace
+Requires-Dist: memray<2; extra == 'trace'
+Requires-Dist: pyinstrument<5; extra == 'trace'
+Provides-Extra: worker
+Requires-Dist: eventlet<1; extra == 'worker'
+Requires-Dist: flower<3; extra == 'worker'
+Requires-Dist: gevent<25; extra == 'worker'
+Description-Content-Type: text/markdown
+
+<h1 align="center">
+	<img src="https://github.com/freelabz/secator/assets/9629314/ee203af4-e853-439a-af01-edeabfc4bf07/" width="400">
+</h1>
+
+<h4 align="center">The pentester's swiss knife.</h4>
+
+<p align="center">
+<!-- <a href="https://goreportcard.com/report/github.com/freelabz/secator"><img src="https://goreportcard.com/badge/github.com/freelabz/secator"></a> -->
+<img src="https://img.shields.io/badge/python-3.6-blue.svg">
+<a href="https://github.com/freelabz/secator/releases"><img src="https://img.shields.io/github/release/freelabz/secator"></a>
+<a href="https://github.com/freelabz/secator/blob/main/LICENSE"><img src="https://img.shields.io/badge/License-BSL%201.1-brightgreen.svg"></a>
+<a href="https://pypi.org/project/secator/"><img src="https://img.shields.io/pypi/dm/secator"></a>
+<a href="https://twitter.com/freelabz"><img src="https://img.shields.io/twitter/follow/freelabz.svg?logo=twitter"></a>
+<a href="https://youtube.com/@FreeLabz"><img src="https://img.shields.io/youtube/channel/subscribers/UCu-F6SpU0h2NP18zBBP04cw?style=social&label=Subscribe%20%40FreeLabz"></a>
+<!-- <a href="https://discord.gg/freelabz"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord"></a> -->
+</p>
+
+
+<p align="center">
+  <a href="#features">Features</a> •
+  <a href="#supported-commands">Supported commands</a> •
+  <a href="#install-secator">Installation</a> •
+  <a href="#usage">Usage</a> •
+  <a href="https://docs.freelabz.com">Documentation</a>
+</p>
+
+`secator` is a task and workflow runner used for security assessments. It supports dozens of well-known security tools
+and it is designed to improve productivity for pentesters and security researchers.
+
+# Features
+
+![](images/short_demo.gif)
+
+* **Curated list of commands**
+
+* **Unified input options**
+
+* **Unified output schema**
+
+* **CLI and library usage**
+
+* **Distributed options with Celery**
+
+* **Complexity from simple tasks to complex workflows**
+
+* **Customizable**
+
+
+## Supported tools
+
+`secator` integrates the following tools:
+
+| Name                                                          | Description                                                                    | Category       |
+|---------------------------------------------------------------|--------------------------------------------------------------------------------|----------------|
+| [httpx](https://github.com/projectdiscovery/httpx)            | Fast HTTP prober.                                                              | `http`         |
+| [cariddi](https://github.com/edoardottt/cariddi)              | Fast crawler and endpoint secrets / api keys / tokens matcher.                 | `http/crawler` |
+| [gau](https://github.com/lc/gau)                              | Offline URL crawler (Alien Vault, The Wayback Machine, Common Crawl, URLScan). | `http/crawler` |
+| [gospider](https://github.com/jaeles-project/gospider)        | Fast web spider written in Go.                                                 | `http/crawler` |
+| [katana](https://github.com/projectdiscovery/katana)          | Next-generation crawling and spidering framework.                              | `http/crawler` |
+| [dirsearch](https://github.com/maurosoria/dirsearch)          | Web path discovery.                                                            | `http/fuzzer`  |
+| [feroxbuster](https://github.com/epi052/feroxbuster)          | Simple, fast, recursive content discovery tool written in Rust.                | `http/fuzzer`  |
+| [ffuf](https://github.com/ffuf/ffuf)                          | Fast web fuzzer written in Go.                                                 | `http/fuzzer`  |
+| [h8mail](https://github.com/khast3x/h8mail)                   | Email OSINT and breach hunting tool.                                           | `osint`        |
+| [dnsx](https://github.com/projectdiscovery/dnsx)              | Fast and multi-purpose DNS toolkit designed for running DNS queries.           | `recon/dns`    |
+| [dnsxbrute](https://github.com/projectdiscovery/dnsx)              | Fast and multi-purpose DNS toolkit designed for running DNS queries (bruteforce mode).           | `recon/dns`    |
+| [subfinder](https://github.com/projectdiscovery/subfinder)    | Fast subdomain finder.                                                         | `recon/dns`    |
+| [fping](https://fping.org/)                                   | Find alive hosts on local networks.                                            | `recon/ip`     |
+| [mapcidr](https://github.com/projectdiscovery/mapcidr)        | Expand CIDR ranges into IPs.                                                   | `recon/ip`     |
+| [naabu](https://github.com/projectdiscovery/naabu)            | Fast port discovery tool.                                                      | `recon/port`   |
+| [maigret](https://github.com/soxoj/maigret)                   | Hunt for user accounts across many websites.                                   | `recon/user`   |
+| [gf](https://github.com/tomnomnom/gf)                         | A wrapper around grep to avoid typing common patterns.                         | `tagger`       |
+| [grype](https://github.com/anchore/grype)                     | A vulnerability scanner for container images and filesystems.                  | `vuln/code`    |
+| [dalfox](https://github.com/hahwul/dalfox)                    | Powerful XSS scanning tool and parameter analyzer.                             | `vuln/http`    |
+| [msfconsole](https://docs.rapid7.com/metasploit/msf-overview) | CLI to access and work with the Metasploit Framework.                          | `vuln/http`    |
+| [wpscan](https://github.com/wpscanteam/wpscan)                | WordPress Security Scanner                                                     | `vuln/multi`   |
+| [nmap](https://github.com/nmap/nmap)                          | Vulnerability scanner using NSE scripts.                                       | `vuln/multi`   |
+| [nuclei](https://github.com/projectdiscovery/nuclei)          | Fast and customisable vulnerability scanner based on simple YAML based DSL.    | `vuln/multi`   |
+| [searchsploit](https://gitlab.com/exploit-database/exploitdb) | Exploit searcher. | `exploit/search`    |
+
+Feel free to request new tools to be added by opening an issue, but please 
+check that the tool complies with our selection criterias before doing so. If it doesn't but you still want to integrate it into `secator`, you can plug it in (see the [dev guide](https://docs.freelabz.com/for-developers/writing-custom-tasks)).
+
+
+## Installation
+
+### Installing secator
+
+<details>
+	<summary>Pipx</summary>
+
+```sh
+pipx install secator
+```
+
+</details>
+
+<details>
+	<summary>Pip</summary>
+
+```sh
+pip install secator
+```
+
+</details>
+
+<details>
+  <summary>Bash</summary>
+
+```sh
+wget -O - https://raw.githubusercontent.com/freelabz/secator/main/scripts/install.sh | sh
+```
+
+</details>
+
+<details>
+	<summary>Docker</summary>
+
+```sh
+docker run -it freelabz/secator --help
+```
+
+</details>
+
+<details>
+	<summary>Docker Compose</summary>
+
+```sh
+git clone https://github.com/freelabz/secator
+cd secator
+docker-compose up -d
+docker-compose exec secator secator --help
+```
+
+</details>
+
+***Note:*** If you chose the Bash, Docker or Docker Compose installation methods, you can skip the next sections and go straight to [Usage](#usage).
+
+### Installing languages
+
+`secator` uses external tools, so you might need to install languages used by those tools assuming they are not already installed on your system.
+
+We provide utilities to install required languages if you don't manage them externally:
+
+<details>
+	<summary>Go</summary>
+
+```sh
+secator install langs go
+```
+
+</details>
+
+<details>
+	<summary>Ruby</summary>
+
+```sh
+secator install langs ruby
+```
+
+</details>
+
+### Installing tools
+
+`secator` does not install any of the external tools it supports by default.
+
+We provide utilities to install or update each supported tool which should work on all systems supporting `apt`:
+
+<details>
+	<summary>All tools</summary>
+
+```sh
+secator install tools
+```
+
+</details>
+
+<details>
+	<summary>Specific tools</summary>
+
+```sh
+secator install tools <TOOL_NAME>
+```
+
+For instance, to install `httpx`, use:
+
+```sh
+secator install tools httpx
+```
+
+</details>
+
+Please make sure you are using the latest available versions for each tool before you run secator or you might run into parsing / formatting issues.
+
+### Installing addons
+
+`secator` comes installed with the minimum amount of dependencies.
+
+There are several addons available for `secator`:
+
+<details>
+	<summary>worker</summary>
+
+Add support for Celery workers (see [Distributed runs with Celery](https://docs.freelabz.com/in-depth/distributed-runs-with-celery)).
+```sh
+secator install addons worker
+```
+
+</details>
+
+
+<details>
+	<summary>google</summary>
+
+Add support for Google Drive exporter (`-o gdrive`).
+
+```sh
+secator install addons google
+```
+
+</details>
+
+<details>
+	<summary>mongodb</summary>
+
+Add support for MongoDB driver (`-driver mongodb`).
+```sh
+secator install addons mongodb
+```
+
+</details>
+
+<details>
+	<summary>redis</summary>
+
+Add support for Redis backend (Celery).
+
+```sh
+secator install addons redis
+```
+
+</details>
+
+<details>
+	<summary>dev</summary>
+
+Add development tools like `coverage` and `flake8` required for running tests.
+
+```sh
+secator install addons dev
+```
+
+</details>
+
+<details>
+	<summary>trace</summary>
+
+Add tracing tools like `memray` and `pyinstrument` required for tracing functions.
+
+```sh
+secator install addons trace
+```
+
+</details>
+
+### Checking installation health
+
+To figure out which languages or tools are installed on your system (along with their version):
+```sh
+secator health
+```
+
+## Usage
+```sh
+secator --help
+```
+![](images/help.png)
+
+
+### Usage examples
+
+Run a fuzzing task (`ffuf`):
+
+```sh
+secator x ffuf http://testphp.vulnweb.com/FUZZ
+```
+
+Run a url crawl workflow:
+
+```sh
+secator w url_crawl http://testphp.vulnweb.com
+```
+
+Run a host scan:
+
+```sh
+secator s host mydomain.com
+```
+
+and more... to list all tasks / workflows / scans that you can use:
+```sh
+secator x --help
+secator w --help
+secator s --help
+```
+
+## Learn more
+
+To go deeper with `secator`, check out:
+* Our complete [documentation](https://docs.freelabz.com)
+* Our getting started [tutorial video](https://youtu.be/-JmUTNWQDTQ?si=qpAClDWMXo2zwUK7)
+* Our [Medium post](https://medium.com/p/09333f3d3682)
+* Follow us on social media: [@freelabz](https://twitter.com/freelabz) on Twitter and [@FreeLabz](https://youtube.com/@FreeLabz) on YouTube
+
+## Stats
+
+<a href="https://star-history.com/#freelabz/secator&Date">
+  <picture>
+    <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=freelabz/secator&type=Date&theme=dark" />
+    <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=freelabz/secator&type=Date" />
+    <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=freelabz/secator&type=Date" />
+  </picture>
+</a>