secator 0.1.0__py2.py3-none-any.whl → 0.2.0__py2.py3-none-any.whl

secator/cli.py

@@ -12,10 +12,12 @@ from rich.rule import Rule
 
 from secator.config import ConfigLoader
 from secator.decorators import OrderedGroup, register_runner
-from secator.definitions import (ASCII, CVES_FOLDER, DATA_FOLDER,
+from secator.definitions import (ASCII, CVES_FOLDER, DATA_FOLDER,  # noqa: F401
+								 BUILD_ADDON_ENABLED, DEV_ADDON_ENABLED, DEV_PACKAGE,
+								 GOOGLE_ADDON_ENABLED, LIB_FOLDER, MONGODB_ADDON_ENABLED,
 								 OPT_NOT_SUPPORTED, PAYLOADS_FOLDER,
-								 ROOT_FOLDER, SCRIPTS_FOLDER, VERSION,
-								 WORKER_ADDON_ENABLED, DEV_ADDON_ENABLED, DEV_PACKAGE)
+								 REDIS_ADDON_ENABLED, REVSHELLS_FOLDER, ROOT_FOLDER,
+								 TRACE_ADDON_ENABLED, VERSION, WORKER_ADDON_ENABLED)
 from secator.rich import console
 from secator.runners import Command
 from secator.serializers.dataclass import loads_dataclass
@@ -28,10 +30,6 @@ ALL_TASKS = discover_tasks()
 ALL_CONFIGS = ConfigLoader.load_all()
 ALL_WORKFLOWS = ALL_CONFIGS.workflow
 ALL_SCANS = ALL_CONFIGS.scan
-DEFAULT_CMD_OPTS = {
-	'no_capture': True,
-	'print_cmd': True,
-}
 
 
 #-----#
@@ -48,7 +46,11 @@ def cli(ctx, no_banner, version):
 		print(ASCII, file=sys.stderr)
 	if ctx.invoked_subcommand is None:
 		if version:
-			print(f'Current Version: v{VERSION}')
+			console.print(f'[bold gold3]Current version[/]: v{VERSION}', highlight=False)
+			console.print(f'[bold gold3]Python binary[/]: {sys.executable}')
+			if DEV_PACKAGE:
+				console.print(f'[bold gold3]Root folder[/]: {ROOT_FOLDER}')
+			console.print(f'[bold gold3]Lib folder[/]: {LIB_FOLDER}')
 		else:
 			ctx.get_help()
 
@@ -142,11 +144,7 @@ def worker(hostname, concurrency, reload, queue, pool, check, dev, stop, show):
 	if reload:
 		patterns = "celery.py;tasks/*.py;runners/*.py;serializers/*.py;output_types/*.py;hooks/*.py;exporters/*.py"
 		cmd = f'watchmedo auto-restart --directory=./ --patterns="{patterns}" --recursive -- {cmd}'
-	Command.run_command(
-		cmd,
-		name='secator worker',
-		**DEFAULT_CMD_OPTS
-	)
+	Command.execute(cmd, name='secator worker')
 
 
 #--------#
@@ -211,11 +209,7 @@ def which(command):
 	Returns:
 		secator.Command: Command instance.
 	"""
-	return Command.run_command(
-		f'which {command}',
-		quiet=True,
-		print_errors=False
-	)
+	return Command.execute(f'which {command}', quiet=True, print_errors=False)
 
 
 def version(cls):
@@ -245,11 +239,7 @@ def get_version(version_cmd):
 		str: Version string.
 	"""
 	regex = r'[0-9]+\.[0-9]+\.?[0-9]*\.?[a-zA-Z]*'
-	ret = Command.run_command(
-		version_cmd,
-		quiet=True,
-		print_errors=False
-	)
+	ret = Command.execute(version_cmd, quiet=True, print_errors=False)
 	match = re.findall(regex, ret.output)
 	if not match:
 		return 'n/a'
@@ -265,7 +255,7 @@ def health(json, debug):
 	status = {'tools': {}, 'languages': {}, 'secator': {}}
 
 	def print_status(cmd, return_code, version=None, bin=None, category=None):
-		s = '[bold green]ok     [/]' if return_code == 0 else '[bold red]failed [/]'
+		s = '[bold green]ok      [/]' if return_code == 0 else '[bold red]missing [/]'
 		s = f'[bold magenta]{cmd:<15}[/] {s} '
 		if return_code == 0 and version:
 			if version == 'N/A':
@@ -287,12 +277,12 @@ def health(json, debug):
 
 	# Check languages
 	console.print('\n:wrench: [bold gold3]Checking installed languages ...[/]')
-	version_cmds = {'go': 'version', 'python3': '--version', 'ruby': '--version', 'rustc': '--version'}
+	version_cmds = {'go': 'version', 'python3': '--version', 'ruby': '--version'}
 	for lang, version_flag in version_cmds.items():
 		ret = which(lang)
 		ret2 = get_version(f'{lang} {version_flag}')
 		if not json:
-			print_status(lang, ret.return_code, ret2, ret.output, 'lang')
+			print_status(lang, ret.return_code, ret2, ret.output, 'langs')
 		status['languages'][lang] = {'installed': ret.return_code == 0}
 
 	# Check tools
@@ -305,6 +295,14 @@ def health(json, debug):
 			print_status(tool.__name__, ret.return_code, ret2, ret.output, 'tools')
 		status['tools'][tool.__name__] = {'installed': ret.return_code == 0}
 
+	# Check addons
+	console.print('\n:wrench: [bold gold3]Checking installed addons ...[/]')
+	for addon in ['google', 'mongodb', 'redis', 'dev', 'trace', 'build']:
+		addon_var = globals()[f'{addon.upper()}_ADDON_ENABLED']
+		ret = 0 if addon_var == 1 else 1
+		bin = None if addon_var == 0 else ' '
+		print_status(addon, ret, 'N/A', bin, 'addons')
+
 	# Print JSON health
 	if json:
 		console.print(status)
@@ -316,12 +314,7 @@ def health(json, debug):
 
 def run_install(cmd, title, next_steps=None):
 	with console.status(f'[bold yellow] Installing {title}...'):
-		ret = Command.run_command(
-			cmd,
-			cls_attributes={'shell': True},
-			print_cmd=True,
-			print_line=True
-		)
+		ret = Command.execute(cmd, cls_attributes={'shell': True}, print_cmd=True, print_line=True)
 		if ret.return_code != 0:
 			console.print(f':exclamation_mark: Failed to install {title}.', style='bold red')
 		else:
@@ -349,7 +342,7 @@ def addons():
 def install_worker():
 	"Install worker addon."
 	run_install(
-		cmd=f'{sys.executable} -m pip install secator[worker]',
+		cmd=f'{sys.executable} -m pip install .[worker]',
 		title='worker addon',
 		next_steps=[
 			'Run "secator worker" to run a Celery worker using the file system as a backend and broker.',
@@ -363,7 +356,7 @@ def install_worker():
 def install_google():
 	"Install google addon."
 	run_install(
-		cmd=f'{sys.executable} -m pip install secator[google]',
+		cmd=f'{sys.executable} -m pip install .[google]',
 		title='google addon',
 		next_steps=[
 			'Set the "GOOGLE_CREDENTIALS_PATH" and "GOOGLE_DRIVE_PARENT_FOLDER_ID" environment variables.',
@@ -376,7 +369,7 @@ def install_google():
 def install_mongodb():
 	"Install mongodb addon."
 	run_install(
-		cmd=f'{sys.executable} -m pip install secator[mongodb]',
+		cmd=f'{sys.executable} -m pip install .[mongodb]',
 		title='mongodb addon',
 		next_steps=[
 			'[dim]\[optional][/] Run "docker run --name mongo -p 27017:27017 -d mongo:latest" to run a local MongoDB instance.',
@@ -390,7 +383,7 @@ def install_mongodb():
 def install_redis():
 	"Install redis addon."
 	run_install(
-		cmd=f'{sys.executable} -m pip install secator[redis]',
+		cmd=f'{sys.executable} -m pip install .[redis]',
 		title='redis addon',
 		next_steps=[
 			'[dim]\[optional][/] Run "docker run --name redis -p 6379:6379 -d redis" to run a local Redis instance.',
@@ -416,6 +409,34 @@ def install_dev():
 	)
 
 
+@addons.command('trace')
+def install_trace():
+	"Install trace addon."
+	run_install(
+		cmd=f'{sys.executable} -m pip install secator[trace]',
+		title='dev addon',
+		next_steps=[
+			'Run "secator test lint" to run lint tests.',
+			'Run "secator test unit" to run unit tests.',
+			'Run "secator test integration" to run integration tests.',
+		]
+	)
+
+
+@addons.command('build')
+def install_build():
+	"Install build addon."
+	run_install(
+		cmd=f'{sys.executable} -m pip install secator[build]',
+		title='build addon',
+		next_steps=[
+			'Run "secator test lint" to run lint tests.',
+			'Run "secator test unit" to run unit tests.',
+			'Run "secator test integration" to run integration tests.',
+		]
+	)
+
+
 @install.group()
 def langs():
 	"Install languages."
@@ -427,7 +448,10 @@ def install_go():
 	"""Install Go."""
 	run_install(
 		cmd='wget -O - https://raw.githubusercontent.com/freelabz/secator/main/scripts/install_go.sh | sudo sh',
-		title='Go'
+		title='Go',
+		next_steps=[
+			'Add ~/go/bin to your $PATH'
+		]
 	)
 
 
@@ -459,21 +483,13 @@ def install_tools(cmds):
 @install.command('cves')
 @click.option('--force', is_flag=True)
 def install_cves(force):
-	"""Install CVEs to file system for passive vulnerability search."""
+	"""Install CVEs (enables passive vulnerability search)."""
 	cve_json_path = f'{CVES_FOLDER}/circl-cve-search-expanded.json'
 	if not os.path.exists(cve_json_path) or force:
 		with console.status('[bold yellow]Downloading zipped CVEs from cve.circl.lu ...[/]'):
-			Command.run_command(
-				'wget https://cve.circl.lu/static/circl-cve-search-expanded.json.gz',
-				cwd=CVES_FOLDER,
-				**DEFAULT_CMD_OPTS
-			)
+			Command.execute('wget https://cve.circl.lu/static/circl-cve-search-expanded.json.gz', cwd=CVES_FOLDER)
 		with console.status('[bold yellow]Unzipping CVEs ...[/]'):
-			Command.run_command(
-				f'gunzip {CVES_FOLDER}/circl-cve-search-expanded.json.gz',
-				cwd=CVES_FOLDER,
-				**DEFAULT_CMD_OPTS
-			)
+			Command.execute(f'gunzip {CVES_FOLDER}/circl-cve-search-expanded.json.gz', cwd=CVES_FOLDER)
 	with console.status(f'[bold yellow]Installing CVEs to {CVES_FOLDER} ...[/]'):
 		with open(cve_json_path, 'r') as f:
 			for line in f:
@@ -591,8 +607,8 @@ def utils():
 @utils.command()
 @click.option('--timeout', type=float, default=0.2, help='Proxy timeout (in seconds)')
 @click.option('--number', '-n', type=int, default=1, help='Number of proxies')
-def get_proxy(timeout, number):
-	"""Get a random proxy."""
+def proxy(timeout, number):
+	"""Get random proxies from FreeProxy."""
 	proxy = FreeProxy(timeout=timeout, rand=True, anonym=True)
 	for _ in range(number):
 		url = proxy.get()
@@ -605,8 +621,9 @@ def get_proxy(timeout, number):
 @click.option('--port', '-p', type=int, default=9001, show_default=True, help='Specify PORT for revshell')
 @click.option('--interface', '-i', type=str, help='Interface to use to detect IP')
 @click.option('--listen', '-l', is_flag=True, default=False, help='Spawn netcat listener on specified port')
-def revshells(name, host, port, interface, listen):
-	"""Show reverse shell source codes and run netcat listener."""
+@click.option('--force', is_flag=True)
+def revshell(name, host, port, interface, listen, force):
+	"""Show reverse shell source codes and run netcat listener (-l)."""
 	if host is None:  # detect host automatically
 		host = detect_host(interface)
 		if not host:
@@ -615,7 +632,18 @@ def revshells(name, host, port, interface, listen):
 				style='bold red')
 			return
 
-	with open(f'{SCRIPTS_FOLDER}/revshells.json') as f:
+	# Download reverse shells JSON from repo
+	revshells_json = f'{REVSHELLS_FOLDER}/revshells.json'
+	if not os.path.exists(revshells_json) or force:
+		ret = Command.execute(
+			f'wget https://raw.githubusercontent.com/freelabz/secator/main/scripts/revshells.json && mv revshells.json {REVSHELLS_FOLDER}',  # noqa: E501
+			cls_attributes={'shell': True}
+		)
+		if not ret.return_code == 0:
+			sys.exit(1)
+
+	# Parse JSON into shells
+	with open(revshells_json) as f:
 		shells = json.loads(f.read())
 		for sh in shells:
 			sh['alias'] = '_'.join(sh['name'].lower()
@@ -663,10 +691,7 @@ def revshells(name, host, port, interface, listen):
 	if listen:
 		console.print(f'Starting netcat listener on port {port} ...', style='bold gold3')
 		cmd = f'nc -lvnp {port}'
-		Command.run_command(
-			cmd,
-			**DEFAULT_CMD_OPTS
-		)
+		Command.execute(cmd)
 
 
 @utils.command()
@@ -675,10 +700,10 @@ def revshells(name, host, port, interface, listen):
 @click.option('--port', '-p', type=int, default=9001, help='HTTP server port')
 @click.option('--interface', '-i', type=str, default=None, help='Interface to use to auto-detect host IP')
 def serve(directory, host, port, interface):
-	"""Serve payloads in HTTP server."""
+	"""Run HTTP server to serve payloads."""
 	LSE_URL = 'https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh'
 	LINPEAS_URL = 'https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh'
-	SUDOKILLER_URL = 'https://raw.githubusercontent.com/TH3xACE/SUDO_KILLER/master/SUDO_KILLERv2.4.2.sh'
+	SUDOKILLER_URL = 'https://raw.githubusercontent.com/TH3xACE/SUDO_KILLER/V3/SUDO_KILLERv3.sh'
 	PAYLOADS = [
 		{
 			'fname': 'lse.sh',
@@ -703,20 +728,11 @@ def serve(directory, host, port, interface):
 			with console.status(f'[bold yellow][{ix}/{len(PAYLOADS)}] Downloading {fname} [dim]({descr})[/] ...[/]'):
 				cmd = payload['command']
 				console.print(f'[bold magenta]{fname} [dim]({descr})[/] ...[/]', )
-				opts = DEFAULT_CMD_OPTS.copy()
-				opts['no_capture'] = False
-				Command.run_command(
-					cmd,
-					cls_attributes={'shell': True},
-					cwd=directory,
-					**opts
-				)
+				Command.execute(cmd, cls_attributes={'shell': True}, cwd=directory)
 		console.print()
 
 	console.print(Rule())
 	console.print(f'Available payloads in {directory}: ', style='bold yellow')
-	opts = DEFAULT_CMD_OPTS.copy()
-	opts['print_cmd'] = False
 	for fname in os.listdir(directory):
 		if not host:
 			host = detect_host(interface)
@@ -731,12 +747,8 @@ def serve(directory, host, port, interface):
 		console.print(f'wget http://{host}:{port}/{fname}', style='dim italic')
 		console.print('')
 	console.print(Rule())
-	console.print('Starting HTTP server ...', style='bold yellow')
-	Command.run_command(
-		f'{sys.executable} -m http.server {port}',
-		cwd=directory,
-		**DEFAULT_CMD_OPTS
-	)
+	console.print(f'Started HTTP server on port {port}, waiting for incoming connections ...', style='bold yellow')
+	Command.execute(f'{sys.executable} -m http.server {port}', cwd=directory)
 
 
 @utils.command()
@@ -772,18 +784,15 @@ def record(record_name, script, interactive, width, height, output_dir):
 			console.print(f'Removed existing {output_cast_path}', style='bold green')
 
 		with console.status('[bold gold3]Recording with asciinema ...[/]'):
-			Command.run_command(
+			Command.execute(
 				f'asciinema-automation -aa "-c /bin/sh" {script} {output_cast_path} --timeout 200',
 				cls_attributes=attrs,
 				raw=True,
-				**DEFAULT_CMD_OPTS,
 			)
 			console.print(f'Generated {output_cast_path}', style='bold green')
 	elif interactive:
 		os.environ.update(attrs['env'])
-		Command.run_command(
-			f'asciinema rec -c /bin/bash --stdin --overwrite {output_cast_path}',
-		)
+		Command.execute(f'asciinema rec -c /bin/bash --stdin --overwrite {output_cast_path}')
 
 	# Resize cast file
 	if os.path.exists(output_cast_path):
@@ -810,11 +819,10 @@ def record(record_name, script, interactive, width, height, output_dir):
 
 		# Edit cast file to reduce long timeouts
 		with console.status('[bold gold3] Editing cast file to reduce long commands ...'):
-			Command.run_command(
+			Command.execute(
 				f'asciinema-edit quantize --range 1 {output_cast_path} --out {output_cast_path}.tmp',
 				cls_attributes=attrs,
 				raw=True,
-				**DEFAULT_CMD_OPTS,
 			)
 			if os.path.exists(f'{output_cast_path}.tmp'):
 				os.replace(f'{output_cast_path}.tmp', output_cast_path)
@@ -822,14 +830,78 @@ def record(record_name, script, interactive, width, height, output_dir):
 
 	# Convert to GIF
 	with console.status(f'[bold gold3]Converting to {output_gif_path} ...[/]'):
-		Command.run_command(
+		Command.execute(
 			f'agg {output_cast_path} {output_gif_path}',
 			cls_attributes=attrs,
-			**DEFAULT_CMD_OPTS,
 		)
 		console.print(f'Generated {output_gif_path}', style='bold green')
 
 
+@utils.group('build')
+def build():
+	"""Build secator."""
+	pass
+
+
+@build.command('pypi')
+def build_pypi():
+	"""Build secator PyPI package."""
+	if not DEV_PACKAGE:
+		console.print('[bold red]You MUST use a development version of secator to make builds.[/]')
+		sys.exit(1)
+	if not BUILD_ADDON_ENABLED:
+		console.print('[bold red]Missing build addon: please run `secator install addons build`')
+		sys.exit(1)
+	with console.status('[bold gold3]Building PyPI package...[/]'):
+		ret = Command.execute(f'{sys.executable} -m hatch build', name='hatch build', cwd=ROOT_FOLDER)
+		sys.exit(ret.return_code)
+
+
+@build.command('docker')
+@click.option('--dev', '-dev', is_flag=True, default=False, help='Build dev version')
+def build_docker(dev):
+	"""Build secator Docker image."""
+	version = 'dev' if dev else VERSION
+	with console.status('[bold gold3]Building Docker image...[/]'):
+		ret = Command.execute(f'docker build -t freelabz/secator:{version} .', name='docker build', cwd=ROOT_FOLDER)
+		sys.exit(ret.return_code)
+
+
+@utils.group('publish')
+def publish():
+	"""Publish secator."""
+	pass
+
+
+@publish.command('pypi')
+def publish_pypi():
+	"""Publish secator PyPI package."""
+	if not DEV_PACKAGE:
+		console.print('[bold red]You MUST use a development version of secator to make builds.[/]')
+		sys.exit(1)
+	if not BUILD_ADDON_ENABLED:
+		console.print('[bold red]Missing build addon: please run `secator install addons build`')
+		sys.exit(1)
+	os.environ['HATCH_INDEX_USER'] = '__token__'
+	hatch_token = os.environ.get('HATCH_INDEX_AUTH')
+	if not hatch_token:
+		console.print('[bold red]Missing PyPI auth token (HATCH_INDEX_AUTH env variable).')
+		sys.exit(1)
+	with console.status('[bold gold3]Publishing PyPI package...[/]'):
+		ret = Command.execute(f'{sys.executable} -m hatch publish', name='hatch publish', cwd=ROOT_FOLDER)
+		sys.exit(ret.return_code)
+
+
+@publish.command('docker')
+@click.option('--dev', '-dev', is_flag=True, default=False, help='Build dev version')
+def publish_docker(dev):
+	"""Publish secator Docker image."""
+	version = 'dev' if dev else VERSION
+	with console.status('[bold gold3]Publishing PyPI package...[/]'):
+		ret = Command.execute(f'docker push freelabz/secator:{version}', name='docker push', cwd=ROOT_FOLDER)
+		sys.exit(ret.return_code)
+
+
 #------#
 # TEST #
 #------#
@@ -854,12 +926,7 @@ def run_test(cmd, name):
 		cmd: Command to run.
 		name: Name of the test.
 	"""
-	result = Command.run_command(
-		cmd,
-		name=name + ' tests',
-		cwd=ROOT_FOLDER,
-		**DEFAULT_CMD_OPTS
-	)
+	result = Command.execute(cmd, name=name + ' tests', cwd=ROOT_FOLDER)
 	if result.return_code == 0:
 		console.print(f':tada: {name.capitalize()} tests passed !', style='bold green')
 	sys.exit(result.return_code)

secator/definitions.py

@@ -10,13 +10,13 @@ load_dotenv(find_dotenv(usecwd=True), override=False)
 # Globals
 VERSION = get_distribution('secator').version
 ASCII = f"""
-                         __            
+			 __            
    ________  _________ _/ /_____  _____
   / ___/ _ \/ ___/ __ `/ __/ __ \/ ___/
  (__  /  __/ /__/ /_/ / /_/ /_/ / /    
 /____/\___/\___/\__,_/\__/\____/_/     v{VERSION}
 
-                    freelabz.com
+			freelabz.com
 """  # noqa: W605,W291
 
 # Secator folders
@@ -157,27 +157,55 @@ WORDS = 'words'
 
 # Check worker addon
 try:
-    import eventlet  # noqa: F401
-    WORKER_ADDON_ENABLED = 1
+	import eventlet  # noqa: F401
+	WORKER_ADDON_ENABLED = 1
 except ModuleNotFoundError:
-    WORKER_ADDON_ENABLED = 0
+	WORKER_ADDON_ENABLED = 0
+
+# Check google addon
+try:
+	import gspread  # noqa: F401
+	GOOGLE_ADDON_ENABLED = 1
+except ModuleNotFoundError:
+	GOOGLE_ADDON_ENABLED = 0
 
 # Check mongodb addon
 try:
-    import pymongo  # noqa: F401
-    MONGODB_ADDON_ENABLED = 1
+	import pymongo  # noqa: F401
+	MONGODB_ADDON_ENABLED = 1
+except ModuleNotFoundError:
+	MONGODB_ADDON_ENABLED = 0
+
+# Check redis addon
+try:
+	import redis  # noqa: F401
+	REDIS_ADDON_ENABLED = 1
 except ModuleNotFoundError:
-    MONGODB_ADDON_ENABLED = 0
+	REDIS_ADDON_ENABLED = 0
 
 # Check dev addon
 try:
-    import flake8  # noqa: F401
-    DEV_ADDON_ENABLED = 1
+	import flake8  # noqa: F401
+	DEV_ADDON_ENABLED = 1
+except ModuleNotFoundError:
+	DEV_ADDON_ENABLED = 0
+
+# Check build addon
+try:
+	import hatch  # noqa: F401
+	BUILD_ADDON_ENABLED = 1
+except ModuleNotFoundError:
+	BUILD_ADDON_ENABLED = 0
+
+# Check trace addon
+try:
+	import memray  # noqa: F401
+	TRACE_ADDON_ENABLED = 1
 except ModuleNotFoundError:
-    DEV_ADDON_ENABLED = 0
+	TRACE_ADDON_ENABLED = 0
 
 # Check dev package
 if not os.path.exists(TESTS_FOLDER):
-    DEV_PACKAGE = 0
+	DEV_PACKAGE = 0
 else:
-    DEV_PACKAGE = 1
+	DEV_PACKAGE = 1

secator/runners/command.py

@@ -134,6 +134,9 @@ class Command(Runner):
 		# No capturing of stdout / stderr.
 		self.no_capture = self.run_opts.get('no_capture', False)
 
+		# No processing of output lines.
+		self.no_process = self.run_opts.get('no_process', False)
+
 		# Proxy config (global)
 		self.proxy = self.run_opts.pop('proxy', False)
 		self.configure_proxy()
@@ -155,7 +158,7 @@ class Command(Runner):
 		if self.print_cmd and not self.has_children:
 			if self.sync and self.description:
 				self._print(f'\n:wrench: {self.description} ...', color='bold gold3', rich=True)
-			self._print(self.cmd, color='bold cyan', rich=True)
+			self._print(self.cmd.replace('[', '\\['), color='bold cyan', rich=True)
 
 		# Print built input
 		if self.print_input_file and self.input_path:
@@ -256,13 +259,7 @@ class Command(Runner):
 		if not cls.install_cmd:
 			console.print(f'{cls.__name__} install is not supported yet. Please install it manually.', style='bold red')
 			return
-		ret = cls.run_command(
-			cls.install_cmd,
-			name=cls.__name__,
-			print_cmd=True,
-			print_line=True,
-			cls_attributes={'shell': True}
-		)
+		ret = cls.execute(cls.install_cmd, name=cls.__name__, cls_attributes={'shell': True})
 		if ret.return_code != 0:
 			console.print(f':exclamation_mark: Failed to install {cls.__name__}.', style='bold red')
 		else:
@@ -270,16 +267,30 @@ class Command(Runner):
 		return ret
 
 	@classmethod
-	def run_command(cls, cmd, name=None, cls_attributes={}, **kwargs):
-		"""Run adhoc command. Can be used without defining an inherited class to run a command, while still enjoying
-		all the good stuff in this class.
+	def execute(cls, cmd, name=None, cls_attributes={}, **kwargs):
+		"""Execute an ad-hoc command.
+
+		Can be used without defining an inherited class to run a command, while still enjoying all the good stuff in
+		this class.
+
+		Args:
+			cls (object): Class.
+			cmd (str): Command.
+			name (str): Printed name.
+			cls_attributes (dict): Class attributes.
+			kwargs (dict): Options.
+
+		Returns:
+			secator.runners.Command: instance of the Command.
 		"""
 		name = name or cmd.split(' ')[0]
+		kwargs['no_process'] = True
+		kwargs['print_cmd'] = not kwargs.get('quiet', False)
+		kwargs['print_item'] = not kwargs.get('quiet', False)
+		kwargs['print_line'] = not kwargs.get('quiet', False)
 		cmd_instance = type(name, (Command,), {'cmd': cmd})(**kwargs)
 		for k, v in cls_attributes.items():
 			setattr(cmd_instance, k, v)
-		cmd_instance.print_line = not kwargs.get('quiet', False)
-		cmd_instance.print_item = not kwargs.get('quiet', False)
 		cmd_instance.run()
 		return cmd_instance
 
@@ -400,6 +411,9 @@ class Command(Runner):
 
 				# Strip line endings
 				line = line.rstrip()
+				if self.no_process:
+					yield line
+					continue
 
 				# Some commands output ANSI text, so we need to remove those ANSI chars
 				if self.encoding == 'ansi':

secator/tasks/ffuf.py

@@ -7,7 +7,7 @@ from secator.definitions import (AUTO_CALIBRATION, CONTENT_LENGTH,
 								 MATCH_WORDS, METHOD, OPT_NOT_SUPPORTED,
 								 PERCENT, PROXY, RATE_LIMIT, RETRIES,
 								 STATUS_CODE, THREADS, TIME, TIMEOUT,
-								 USER_AGENT, WORDLIST)
+								 USER_AGENT, WORDLIST, WORDLISTS_FOLDER)
 from secator.output_types import Progress, Url
 from secator.serializers import JSONSerializer, RegexSerializer
 from secator.tasks._categories import HttpFuzzer
@@ -70,10 +70,7 @@ class ffuf(HttpFuzzer):
 		},
 	}
 	encoding = 'ansi'
-	install_cmd = (
-		'go install -v github.com/ffuf/ffuf@latest && '
-		'sudo git clone https://github.com/danielmiessler/SecLists /usr/share/seclists || true'
-	)
+	install_cmd = f'go install -v github.com/ffuf/ffuf@latest && sudo git clone https://github.com/danielmiessler/SecLists {WORDLISTS_FOLDER}/seclists || true'  # noqa: E501
 	proxychains = False
 	proxy_socks5 = True
 	proxy_http = True

secator/tasks/katana.py

@@ -70,7 +70,7 @@ class katana(HttpCrawler):
 		}
 	}
 	item_loaders = []
-	install_cmd = 'go install -v github.com/projectdiscovery/katana/cmd/katana@latest'
+	install_cmd = 'sudo apt install build-essential && go install -v github.com/projectdiscovery/katana/cmd/katana@latest'
 	proxychains = False
 	proxy_socks5 = True
 	proxy_http = True

secator/tasks/msfconsole.py

@@ -135,7 +135,7 @@ class msfconsole(VulnMulti):
 #         self.client = MsfRpcClient(pw, ssl=True, **run_opts)
 #
 #     # def start_msgrpc(self):
-#     #     code, out = run_command(f'msfrpcd -P {self.password}')
+#     #     code, out = Command.execute(f'msfrpcd -P {self.password}')
 #     #     logger.info(out)
 #
 #     def get_lhost(self):

secator/tasks/naabu.py

@@ -45,7 +45,7 @@ class naabu(ReconPort):
 		}
 	}
 	output_types = [Port]
-	install_cmd = 'sudo apt install -y libpcap-dev && go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest'
+	install_cmd = 'sudo apt install -y build-essential libpcap-dev && go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest'  # noqa: E501
 	proxychains = False
 	proxy_socks5 = True
 	proxy_http = False

secator/tasks/wpscan.py

@@ -66,7 +66,7 @@ class wpscan(VulnHttp):
 		},
 	}
 	output_types = [Vulnerability, Tag]
-	install_cmd = 'sudo gem install wpscan'
+	install_cmd = 'sudo apt install build-essential && sudo gem install wpscan'
 	proxychains = False
 	proxy_http = True
 	proxy_socks5 = False

{secator-0.1.0.dist-info → secator-0.2.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: secator
-Version: 0.1.0
+Version: 0.2.0
 Summary: The pentester's swiss knife.
 Project-URL: Homepage, https://github.com/freelabz/secator
 Project-URL: Issues, https://github.com/freelabz/secator/issues
@@ -34,6 +34,8 @@ Requires-Dist: rich-click<1.7
 Requires-Dist: rich<14
 Requires-Dist: validators<1
 Requires-Dist: xmltodict<1
+Provides-Extra: build
+Requires-Dist: hatch<2; extra == 'build'
 Provides-Extra: dev
 Requires-Dist: asciinema-automation<1; extra == 'dev'
 Requires-Dist: coverage<8; extra == 'dev'
@@ -319,6 +321,26 @@ secator install addons trace
 
 </details>
 
+<details>
+	<summary>build</summary>
+
+Add `hatch` for building and publishing the PyPI package.
+
+```sh
+secator install addons build
+```
+
+</details>
+
+
+### Install CVEs
+
+`secator` makes remote API calls to https://cve.circl.lu/ to get in-depth information about the CVEs it encounters.
+We provide a subcommand to download all known CVEs locally so that future lookups are made from disk instead:
+```sh
+secator install cves
+```
+
 ### Checking installation health
 
 To figure out which languages or tools are installed on your system (along with their version):

{secator-0.1.0.dist-info → secator-0.2.0.dist-info}/RECORD

@@ -1,10 +1,10 @@
 secator/.gitignore,sha256=da8MUc3hdb6Mo0WjZu2upn5uZMbXcBGvhdhTQ1L89HI,3093
 secator/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 secator/celery.py,sha256=zXjg7EKneWjErBTNrJCHOXCJzs-P5jBi5gYqrSqjW4k,12227
-secator/cli.py,sha256=x06YzjuNTvpOQACjKIpTRo3DSHm2CONiXXB74OTPOJY,28170
+secator/cli.py,sha256=T-Sv82THpBjzHu5xOfMLNCL7AyGMYgzqp3K1Ot9fb0w,31798
 secator/config.py,sha256=iOeRzq7u1rvR1-Oq5v9wGxQYB613X0xKGLIcrfhEGc4,3693
 secator/decorators.py,sha256=IRH4CSesOJXKrzpSJ8xM2ZMUAFTk3GcqRI0SYIpIpag,10492
-secator/definitions.py,sha256=EBI_HCf7E8O2UroXicOXrzcOt-Tp25-xiVQJVAW1duw,6044
+secator/definitions.py,sha256=hORMT71MLn8buGdSj7PC23sDQTgAuBachPo8OVqlU5Q,6507
 secator/report.py,sha256=g0stVCcx9klbUS01uKvWcxNE9MJfNFMexYA2SoDIWJU,2596
 secator/rich.py,sha256=7-uKJrQWiCKM0gPNIr_cr1c9KrcJSVd2ht-DgLXhBro,3392
 secator/utils.py,sha256=oJEEls4Z8SfTxiG6keCfqLMMWA97ftS5aiABhBPRduU,9964
@@ -58,7 +58,7 @@ secator/output_types/vulnerability.py,sha256=p0DTbr5w7Vv5D3dgbdnvsG5qXzqVVk4YPOP
 secator/runners/__init__.py,sha256=EBbOk37vkBy9p8Hhrbi-2VtM_rTwQ3b-0ggTyiD22cE,290
 secator/runners/_base.py,sha256=Or9bDSsxcwYTUeW6G7-Pmag82_yGUtREuzSZWj9IgHY,27268
 secator/runners/_helpers.py,sha256=7UUboSsr4b6srIOOHtSSYhJ9Jxq_qaMVbbF2gVEBnR4,3703
-secator/runners/command.py,sha256=NDLcwbOcOu1JpKQbrRAK91phIj-JiTrdbcgXyBjokdA,18982
+secator/runners/command.py,sha256=eKrQY34m-EpEDqo9Rqr_9k2dp1xIg7JVjVt34c55aKs,19402
 secator/runners/scan.py,sha256=FjmlL_zkraqhS3rBwy5jHnGsKt2n7Hb2gi4qhgeGenw,1727
 secator/runners/task.py,sha256=JS8JPCW6v3_f_jbFV1-robR53epPPDj0PdxqAtXKmEs,2775
 secator/runners/workflow.py,sha256=Mz8Q4OT48B-o-iQHgZ84WpZfwaECQOp8KRdIirg3He0,3766
@@ -74,7 +74,7 @@ secator/tasks/dirsearch.py,sha256=2hJeJZJwaAl3-UAjBwlmjW1w9bxjVWxxwfcaTTxqClc,23
 secator/tasks/dnsx.py,sha256=6v2ttbycLLt6p-1B05P5662QNdFgS-ozrKjzN3w8hSk,1722
 secator/tasks/dnsxbrute.py,sha256=_wjanOvxKsxZzuSPGiBOsd7TRrbshQgyEEZUCP0tVN4,1172
 secator/tasks/feroxbuster.py,sha256=400i6Egj9jn_Ap_zRfca2RG8c1P30CZBAYLC8UzyW-g,2965
-secator/tasks/ffuf.py,sha256=y6vDlxs5fN7rPQjS71wlu4FBwijjTIVbsbRwh3ldOnY,2492
+secator/tasks/ffuf.py,sha256=1qICKOdvcFfiqtPS2dk6TfIIpc77STjnAvZADksKKZY,2521
 secator/tasks/fping.py,sha256=P2EAPUGgwEC4Geh2zUbBPKF9bdqrlrdDg-R_TYLTFng,1127
 secator/tasks/gau.py,sha256=YB89dsUVwLaRplIpEiiUA7mwTM7s3vyH4Cs6ZjzcAnY,1357
 secator/tasks/gf.py,sha256=WlhoEyL6xE79w6nE5XNSXHs-jVeO10njqJxBF8w20sA,945
@@ -82,18 +82,18 @@ secator/tasks/gospider.py,sha256=-zIttWmabtt5qWkxCFSeCKmC2swUhv038j3rbFReXSE,212
 secator/tasks/grype.py,sha256=Q8VJbLt6YLYUqlsbR1OxzGDAqEVaDS_nNQ0klOm53O0,2372
 secator/tasks/h8mail.py,sha256=hZBpfV6M1mbpD_PbDHxLI5HMvqAvTeY_W0lbkq3Hugo,2037
 secator/tasks/httpx.py,sha256=MMjg705z49YooEqglZ4J1UqAKQffDPWMV6kv3fjWZS0,3929
-secator/tasks/katana.py,sha256=Vr9YUcooVyIpkaGeC-O4meSqQHnebNze7jy662llR_E,4283
+secator/tasks/katana.py,sha256=zOoPjJLTRdBqvTLJ4fU_VWstqpRUc7YTFoLuDz3qJ3I,4319
 secator/tasks/maigret.py,sha256=PZDTICJ4LZF3joKe-dXu2alffakD_1sxBuNEUBtJDm4,2098
 secator/tasks/mapcidr.py,sha256=O6zssQMMrg3JGXIhldgOD28WNATAb_wfj0svHr0DRxg,928
-secator/tasks/msfconsole.py,sha256=pCHY9UMU2VXYNza06Nxw7lZpDUMk5nMU-C3P7Z4Nz04,6069
-secator/tasks/naabu.py,sha256=FgrlIuTX-p4FqXNzck2XGXRjFjPH97w04y5M2JkYo_0,1514
+secator/tasks/msfconsole.py,sha256=VlhEzsdYMHb6eJy4HBRdXMtRKhdzf5KtQGh7qZqO9Rs,6073
+secator/tasks/naabu.py,sha256=6XfERGS5ywDBMho9Bp7v7W_Ke2BQSFqJuawEOuMWwEk,1544
 secator/tasks/nmap.py,sha256=LS5FBo-vFxbHVK4DxF5x-O2cAvAK3zL1pROT1GddX9E,9459
 secator/tasks/nuclei.py,sha256=iOBKsEY9kkytp_cenYx6061kcEUCjqyT_c3PwoYkHPY,3292
 secator/tasks/searchsploit.py,sha256=RD2uv3GFI3Eb-DiTzJp59jyXnvAZRACq-WjDI1NgFM0,1664
 secator/tasks/subfinder.py,sha256=_T7erWmfriqLeN5kquO3-L9DlR0mEjYPPC7NMzwTqwg,1033
-secator/tasks/wpscan.py,sha256=9SVUM5Bwsm52GvanJPygzKPkOp10b-x7_vGtTV9ZqH4,5377
-secator-0.1.0.dist-info/METADATA,sha256=5qae-jdIDw61K0YpOUFQZYpnlqcDCDpx8OL_a7b7S7o,13065
-secator-0.1.0.dist-info/WHEEL,sha256=wpsUbWzR9la66_V7_eWTdyvs6WD26tazKT2BBEAC-EM,105
-secator-0.1.0.dist-info/entry_points.txt,sha256=lPgsqqUXWgiuGSfKy-se5gHdQlAXIwS_A46NYq7Acic,44
-secator-0.1.0.dist-info/licenses/LICENSE,sha256=19W5Jsy4WTctNkqmZIqLRV1gTDOp01S3LDj9iSgWaJ0,2867
-secator-0.1.0.dist-info/RECORD,,
+secator/tasks/wpscan.py,sha256=OgFCWEPOjOVdFreBXZDLBRc-PrFmTUv97UaXmaAS9yc,5413
+secator-0.2.0.dist-info/METADATA,sha256=m1I9y0Z8qy8ySO5_WHvtQWApNsFgf_tMG5TvpKRd8ds,13553
+secator-0.2.0.dist-info/WHEEL,sha256=wpsUbWzR9la66_V7_eWTdyvs6WD26tazKT2BBEAC-EM,105
+secator-0.2.0.dist-info/entry_points.txt,sha256=lPgsqqUXWgiuGSfKy-se5gHdQlAXIwS_A46NYq7Acic,44
+secator-0.2.0.dist-info/licenses/LICENSE,sha256=19W5Jsy4WTctNkqmZIqLRV1gTDOp01S3LDj9iSgWaJ0,2867
+secator-0.2.0.dist-info/RECORD,,