secator 0.1.0__py2.py3-none-any.whl

secator/tasks/searchsploit.py

@@ -0,0 +1,53 @@
+from secator.decorators import task
+from secator.definitions import (CVES, EXTRA_DATA, ID, MATCHED_AT, NAME,
+								 PROVIDER, REFERENCE, TAGS, OPT_NOT_SUPPORTED)
+from secator.output_types import Exploit
+from secator.runners import Command
+
+
+@task()
+class searchsploit(Command):
+	"""Exploit-DB command line search tool."""
+	cmd = 'searchsploit'
+	input_flag = None
+	json_flag = '--json'
+	version_flag = OPT_NOT_SUPPORTED
+	opts = {
+		'strict': {'short': 's', 'is_flag': True, 'default': False, 'help': 'Strict match'}
+	}
+	opt_key_map = {}
+	output_types = [Exploit]
+	output_map = {
+		Exploit: {
+			NAME: lambda x: '-'.join(x['Title'].split('-')[1:]).strip(),
+			PROVIDER: lambda x: 'EDB',
+			ID: 'EDB-ID',
+			CVES: lambda x: [c for c in x['Codes'].split(';') if c.startswith('CVE-')],
+			REFERENCE: lambda x: f'https://exploit-db.com/exploits/{x["EDB-ID"]}',
+			EXTRA_DATA: lambda x: {'verified': x['Verified']}
+		}
+	}
+	install_cmd = 'sudo git clone https://gitlab.com/exploit-database/exploitdb.git /opt/exploitdb || true && sudo ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit'  # noqa: E501
+	proxychains = False
+	proxy_socks5 = False
+	proxy_http = False
+	input_chunk_size = 1
+	profile = 'io'
+
+	@staticmethod
+	def before_init(self):
+		_in = self.input
+		self.matched_at = None
+		if '~' in _in:
+			split = _in.split('~')
+			self.matched_at = split[0]
+			self.input = split[1]
+		if isinstance(self.input, str):
+			self.input = self.input.replace('httpd', '').replace('/', ' ')
+
+	@staticmethod
+	def on_item_pre_convert(self, item):
+		if self.matched_at:
+			item[MATCHED_AT] = self.matched_at
+		item[TAGS] = [self.input.replace('\'', '')]
+		return item

secator/tasks/subfinder.py

@@ -0,0 +1,40 @@
+from secator.decorators import task
+from secator.definitions import (DELAY, DOMAIN, OPT_NOT_SUPPORTED, PROXY,
+							   RATE_LIMIT, RETRIES, THREADS, TIMEOUT)
+from secator.output_types import Subdomain
+from secator.tasks._categories import ReconDns
+
+
+@task()
+class subfinder(ReconDns):
+	"""Fast passive subdomain enumeration tool."""
+	cmd = 'subfinder -silent -cs'
+	file_flag = '-dL'
+	input_flag = '-d'
+	json_flag = '-json'
+	opt_key_map = {
+		DELAY: OPT_NOT_SUPPORTED,
+		PROXY: 'proxy',
+		RATE_LIMIT: 'rate-limit',
+		RETRIES: OPT_NOT_SUPPORTED,
+		TIMEOUT: 'timeout',
+		THREADS: 't'
+	}
+	opt_value_map = {
+		PROXY: lambda x: x.replace('http://', '').replace('https://', '') if x else None
+	}
+	output_map = {
+		Subdomain: {
+			DOMAIN: 'input',
+		}
+	}
+	output_types = [Subdomain]
+	install_cmd = 'go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest'
+	proxychains = False
+	proxy_http = True
+	proxy_socks5 = False
+	profile = 'io'
+
+	@staticmethod
+	def validate_item(self, item):
+		return item['input'] != 'localhost'

secator/tasks/wpscan.py

@@ -0,0 +1,177 @@
+import json
+import os
+
+from secator.decorators import task
+from secator.definitions import (CONFIDENCE, CVSS_SCORE, DELAY, DESCRIPTION,
+							   EXTRA_DATA, FOLLOW_REDIRECT, HEADER, ID,
+							   MATCHED_AT, NAME, OPT_NOT_SUPPORTED, OUTPUT_PATH, PROVIDER,
+							   PROXY, RATE_LIMIT, REFERENCES, RETRIES,
+							   SEVERITY, TAGS, THREADS, TIMEOUT,
+							   URL, USER_AGENT)
+from secator.output_types import Tag, Vulnerability
+from secator.tasks._categories import VulnHttp
+
+
+@task()
+class wpscan(VulnHttp):
+	"""Wordpress security scanner."""
+	cmd = 'wpscan --random-user-agent --force --verbose'
+	file_flag = None
+	input_flag = '--url'
+	input_type = URL
+	json_flag = '-f json'
+	opt_prefix = '--'
+	opts = {
+		'cookie_string': {'type': str, 'short': 'cookie', 'help': 'Cookie string, format: cookie1=value1;...'},
+		'api_token': {'type': str, 'short': 'token', 'help': 'WPScan API Token to display vulnerability data'},
+		'wp_content_dir': {'type': str, 'short': 'wcd', 'help': 'wp-content directory if custom or not detected'},
+		'wp_plugins_dir': {'type': str, 'short': 'wpd', 'help': 'wp-plugins directory if custom or not detected'},
+		'passwords': {'type': str, 'help': 'List of passwords to use during the password attack.'},
+		'usernames': {'type': str, 'help': 'List of usernames to use during the password attack.'},
+		'login_uri': {'type': str, 'short': 'lu', 'help': 'URI of the login page if different from /wp-login.php'},
+		'detection_mode': {'type': str, 'short': 'dm', 'help': 'Detection mode between mixed, passive, and aggressive'}
+	}
+	opt_key_map = {
+		HEADER: OPT_NOT_SUPPORTED,
+		DELAY: 'throttle',
+		FOLLOW_REDIRECT: OPT_NOT_SUPPORTED,
+		PROXY: 'proxy',
+		RATE_LIMIT: OPT_NOT_SUPPORTED,
+		RETRIES: OPT_NOT_SUPPORTED,
+		TIMEOUT: 'request-timeout',
+		THREADS: 'max-threads',
+		USER_AGENT: 'user-agent',
+	}
+	opt_value_map = {
+		DELAY: lambda x: x * 1000
+	}
+	output_map = {
+		Vulnerability: {
+			ID: lambda x: '',
+			NAME: lambda x: x['to_s'].split(':')[0],
+			DESCRIPTION: lambda x: '',
+			SEVERITY: lambda x: 'info',
+			CONFIDENCE: lambda x: 'high' if x.get('confidence', 0) == 100 else 'low',
+			CVSS_SCORE: lambda x: 0,
+			MATCHED_AT: lambda x: x['url'],
+			TAGS: lambda x: [x['type']],
+			REFERENCES: lambda x: x.get('references', {}).get('url', []),
+			EXTRA_DATA: lambda x: {
+				'data': x.get('interesting_entries', []),
+				'found_by': x.get('found_by', ''),
+				'confirmed_by': x.get('confirmed_by', {}),
+				'metasploit': x.get('references', {}).get('metasploit', [])
+			},
+			PROVIDER: 'wpscan',
+		},
+	}
+	output_types = [Vulnerability, Tag]
+	install_cmd = 'sudo gem install wpscan'
+	proxychains = False
+	proxy_http = True
+	proxy_socks5 = False
+	ignore_return_code = True
+	profile = 'io'
+
+	def yielder(self):
+		prev = self.print_item_count
+		self.print_item_count = False
+		yield from super().yielder()
+		if self.return_code != 0:
+			return
+		self.results = []
+		if not self.output_json:
+			return
+
+		note = f'wpscan JSON results saved to {self.output_path}'
+		if self.print_line:
+			self._print(note)
+
+		if os.path.exists(self.output_path):
+			with open(self.output_path, 'r') as f:
+				data = json.load(f)
+
+			if self.orig:
+				yield data
+				return
+
+			# Get URL
+			target = data.get('target_url', self.targets)
+
+			# Wordpress version
+			version = data.get('version', {})
+			if version:
+				wp_version = version['number']
+				wp_version_status = version['status']
+				if wp_version_status == 'outdated':
+					vuln = version
+					vuln.update({
+						'url': target,
+						'to_s': 'Wordpress outdated version',
+						'type': wp_version,
+						'references': {},
+					})
+					yield vuln
+
+			# Main theme
+			main_theme = data.get('main_theme', {})
+			if main_theme:
+				version = main_theme.get('version', {})
+				slug = main_theme['slug']
+				location = main_theme['location']
+				if version:
+					number = version['number']
+					latest_version = main_theme.get('latest_version')
+					yield Tag(
+						name=f'Wordpress theme - {slug} {number}',
+						match=target,
+						extra_data={
+							'url': location,
+							'latest_version': latest_version
+						}
+					)
+					if (latest_version and number < latest_version):
+						yield Vulnerability(
+							matched_at=target,
+							name=f'Wordpress theme - {slug} {number} outdated',
+							severity='info'
+						)
+
+			# Interesting findings
+			interesting_findings = data.get('interesting_findings', [])
+			for item in interesting_findings:
+				yield item
+
+			# Plugins
+			plugins = data.get('plugins', {})
+			for _, data in plugins.items():
+				version = data.get('version', {})
+				slug = data['slug']
+				location = data['location']
+				if version:
+					number = version['number']
+					latest_version = data.get('latest_version')
+					yield Tag(
+						name=f'Wordpress plugin - {slug} {number}',
+						match=target,
+						extra_data={
+							'url': location,
+							'latest_version': latest_version
+						}
+					)
+					if (latest_version and number < latest_version):
+						yield Vulnerability(
+							matched_at=target,
+							name=f'Wordpress plugin - {slug} {number} outdated',
+							severity='info'
+						)
+
+		self.print_item_count = prev
+
+	@staticmethod
+	def on_init(self):
+		output_path = self.get_opt_value(OUTPUT_PATH)
+		if not output_path:
+			output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
+		self.output_path = output_path
+		self.cmd += f' -o {self.output_path}'

secator/utils.py

@@ -0,0 +1,404 @@
+import importlib
+import inspect
+import itertools
+import logging
+import operator
+import os
+import re
+import select
+import sys
+import warnings
+from datetime import datetime
+from importlib import import_module
+from inspect import isclass
+from pathlib import Path
+from pkgutil import iter_modules
+from urllib.parse import urlparse, quote
+
+import ifaddr
+import yaml
+from rich.markdown import Markdown
+
+from secator.definitions import DEBUG, DEBUG_COMPONENT, DEFAULT_STDIN_TIMEOUT
+from secator.rich import console
+
+logger = logging.getLogger(__name__)
+
+_tasks = []
+
+
+class TaskError(ValueError):
+	pass
+
+
+def setup_logging(level):
+	"""Setup logging.
+
+	Args:
+		level: logging level.
+
+	Returns:
+		logging.Logger: logger.
+	"""
+	logger = logging.getLogger('secator')
+	logger.setLevel(level)
+	ch = logging.StreamHandler()
+	ch.setLevel(level)
+	formatter = logging.Formatter('%(message)s')
+	ch.setFormatter(formatter)
+	logger.addHandler(ch)
+	return logger
+
+
+def expand_input(input):
+	"""Expand user-provided input on the CLI:
+	- If input is a path, read the file and return the lines.
+	- If it's a comma-separated list, return the list.
+	- Otherwise, return the original input.
+
+	Args:
+		input (str): Input.
+
+	Returns:
+		str: Input.
+	"""
+	if input is None:  # read from stdin
+		console.print('Waiting for input on stdin ...', style='bold yellow')
+		rlist, _, _ = select.select([sys.stdin], [], [], DEFAULT_STDIN_TIMEOUT)
+		if rlist:
+			data = sys.stdin.read().splitlines()
+		else:
+			console.print(
+				'No input passed on stdin. Showing help page.',
+				style='bold red')
+			return None
+		return data
+	elif os.path.exists(input):
+		if os.path.isfile(input):
+			with open(input, 'r') as f:
+				data = f.read().splitlines()
+			return data
+		return input
+	elif isinstance(input, str):
+		input = input.split(',')
+
+	# If the list is only one item, return it instead of the list
+	# Usefull for commands that can take only one input at a time.
+	if isinstance(input, list) and len(input) == 1:
+		return input[0]
+
+	return input
+
+
+def sanitize_url(http_url):
+	"""Removes HTTP(s) ports 80 and 443 from HTTP(s) URL because it's ugly.
+
+	Args:
+		http_url (str): Input HTTP URL.
+
+	Returns:
+		str: Stripped HTTP URL.
+	"""
+	url = urlparse(http_url)
+	if url.netloc.endswith(':80'):
+		url = url._replace(netloc=url.netloc.replace(':80', ''))
+	elif url.netloc.endswith(':443'):
+		url = url._replace(netloc=url.netloc.replace(':443', ''))
+	return url.geturl().rstrip('/')
+
+
+def deduplicate(array, attr=None):
+	"""Deduplicate list of OutputType items.
+
+	Args:
+		array (list): Input list.
+
+	Returns:
+		list: Deduplicated list.
+	"""
+	from secator.output_types import OUTPUT_TYPES
+	if attr and len(array) > 0 and isinstance(array[0], tuple(OUTPUT_TYPES)):
+		memo = set()
+		res = []
+		for sub in array:
+			if attr in sub.keys() and getattr(sub, attr) not in memo:
+				res.append(sub)
+				memo.add(getattr(sub, attr))
+		return sorted(res, key=operator.attrgetter(attr))
+	return sorted(list(dict.fromkeys(array)))
+
+
+def discover_internal_tasks():
+	"""Find internal secator tasks."""
+	from secator.runners import Runner
+	package_dir = Path(__file__).resolve().parent / 'tasks'
+	task_classes = []
+	for (_, module_name, _) in iter_modules([str(package_dir)]):
+		if module_name.startswith('_'):
+			continue
+		try:
+			module = import_module(f'secator.tasks.{module_name}')
+		except ImportError as e:
+			console.print(f'[bold red]Could not import secator.tasks.{module_name}:[/]')
+			console.print(f'\t[bold red]{type(e).__name__}[/]: {str(e)}')
+			continue
+		for attribute_name in dir(module):
+			attribute = getattr(module, attribute_name)
+			if isclass(attribute):
+				bases = inspect.getmro(attribute)
+				if Runner in bases and hasattr(attribute, '__task__'):
+					task_classes.append(attribute)
+
+	# Sort task_classes by category
+	task_classes = sorted(
+		task_classes,
+		key=lambda x: (get_command_category(x), x.__name__))
+
+	return task_classes
+
+
+def discover_external_tasks():
+	"""Find external secator tasks."""
+	if not os.path.exists('config.secator'):
+		return []
+	with open('config.secator', 'r') as f:
+		classes = f.read().splitlines()
+	output = []
+	for cls_path in classes:
+		cls = import_dynamic(cls_path, cls_root='Command')
+		if not cls:
+			continue
+		# logger.warning(f'Added external tool {cls_path}')
+		output.append(cls)
+	return output
+
+
+def discover_tasks():
+	"""Find all secator tasks (internal + external)."""
+	global _tasks
+	if not _tasks:
+		_tasks = discover_internal_tasks() + discover_external_tasks()
+	return _tasks
+
+
+def import_dynamic(cls_path, cls_root='Command'):
+	"""Import class dynamically from class path.
+
+	Args:
+		cls_path (str): Class path.
+		cls_root (str): Root parent class.
+
+	Returns:
+		cls: Class object.
+	"""
+	try:
+		package, name = cls_path.rsplit(".", maxsplit=1)
+		cls = getattr(importlib.import_module(package), name)
+		root_cls = inspect.getmro(cls)[-2]
+		if root_cls.__name__ == cls_root:
+			return cls
+		return None
+	except Exception:
+		warnings.warn(f'"{package}.{name}" not found.')
+		return None
+
+
+def get_command_cls(cls_name):
+	"""Get secator command by class name.
+
+	Args:
+		cls_name (str): Class name to load.
+
+	Returns:
+		cls: Class.
+	"""
+	tasks_classes = discover_tasks()
+	for task_cls in tasks_classes:
+		if task_cls.__name__ == cls_name:
+			return task_cls
+	return None
+
+
+def get_command_category(command):
+	"""Get the category of a command.
+
+	Args:
+		command (class): Command class.
+
+	Returns:
+		str: Command category.
+	"""
+	base_cls = command.__bases__[0].__name__.replace('Command', '').replace('Runner', 'misc')
+	category = re.sub(r'(?<!^)(?=[A-Z])', '/', base_cls).lower()
+	return category
+
+
+def merge_opts(*options):
+	"""Merge multiple options dict into a final one, overriding by order.
+
+	Args:
+		list: List of options dict.
+
+	Returns:
+		dict: Options.
+	"""
+	all_opts = {}
+	for opts in options:
+		if opts:
+			opts_noemtpy = {k: v for k, v in opts.items() if v is not None}
+			all_opts.update(opts_noemtpy)
+	return all_opts
+
+
+def flatten(array: list):
+	"""Flatten list if it contains multiple sublists.
+
+	Args:
+		l (list): Input list.
+
+	Returns:
+		list: Output list.
+	"""
+	if isinstance(array, list) and len(array) > 0 and isinstance(array[0], list):
+		return list(itertools.chain(*array))
+	return array
+
+
+def pluralize(word):
+	"""Pluralize a word.
+
+	Args:
+		word (string): Word.
+
+	Returns:
+		string: Plural word.
+	"""
+	if word.endswith('y'):
+		return word.rstrip('y') + 'ies'
+	else:
+		return f'{word}s'
+
+
+def load_fixture(name, fixtures_dir, ext=None, only_path=False):
+	fixture_path = f'{fixtures_dir}/{name}'
+	exts = ['.json', '.txt', '.xml', '.rc']
+	if ext:
+		exts = [ext]
+	for ext in exts:
+		path = f'{fixture_path}{ext}'
+		if os.path.exists(path):
+			if only_path:
+				return path
+			with open(path) as f:
+				content = f.read()
+			if path.endswith(('.json', '.yaml')):
+				return yaml.load(content, Loader=yaml.Loader)
+			else:
+				return content
+
+
+def get_file_timestamp():
+	return datetime.now().strftime("%Y_%m_%d-%I_%M_%S_%f_%p")
+
+
+def detect_host(interface=None):
+	adapters = ifaddr.get_adapters()
+	for adapter in adapters:
+		iface = adapter.name
+		if (interface and iface != interface) or iface == 'lo':
+			continue
+		return adapter.ips[0].ip
+	return None
+
+
+def find_list_item(array, val, key='id', default=None):
+	return next((item for item in array if item[key] == val), default)
+
+
+def print_results_table(results, title=None, exclude_fields=[], log=False):
+	from secator.output_types import OUTPUT_TYPES
+	from secator.rich import build_table
+	_print = console.log if log else console.print
+	_print()
+	if title:
+		title = ' '.join(title.capitalize().split('_')) + ' results'
+		h1 = Markdown(f'# {title}')
+		_print(h1, style='bold magenta', width=50)
+		_print()
+	tables = []
+	for output_type in OUTPUT_TYPES:
+		if output_type.__name__ == 'Progress':
+			continue
+		items = [
+			item for item in results if item._type == output_type.get_name() and not item._duplicate
+		]
+		if items:
+			_table = build_table(
+				items,
+				output_fields=output_type._table_fields,
+				exclude_fields=exclude_fields,
+				sort_by=output_type._sort_by)
+			tables.append(_table)
+			title = pluralize(items[0]._type).upper()
+			_print(f':wrench: {title}', style='bold gold3', justify='left')
+			_print(_table)
+			_print()
+	return tables
+
+
+def rich_to_ansi(text):
+	"""Convert text formatted with rich markup to standard string."""
+	from rich.console import Console
+	tmp_console = Console(file=None, highlight=False, color_system='truecolor')
+	with tmp_console.capture() as capture:
+		tmp_console.print(text, end='', soft_wrap=True)
+	return capture.get()
+
+
+def debug(msg, sub='', id='', obj=None, obj_after=True, obj_breaklines=False, level=1):
+	"""Print debug log if DEBUG >= level."""
+	debug_comp_empty = DEBUG_COMPONENT == [""] or not DEBUG_COMPONENT
+	if not debug_comp_empty and not any(sub.startswith(s) for s in DEBUG_COMPONENT):
+		return
+	elif debug_comp_empty and not DEBUG >= level:
+		return
+	s = ''
+	if sub:
+		s += f'[dim yellow4]{sub:13s}[/] '
+	obj_str = ''
+	if obj:
+		sep = ', '
+		if obj_breaklines:
+			obj_str += '\n '
+			sep = '\n '
+		if isinstance(obj, dict):
+			obj_str += sep.join(f'[dim blue]{k}[/] [dim yellow]->[/] [dim green]{v}[/]' for k, v in obj.items() if v is not None)
+		elif isinstance(obj, list):
+			obj_str += sep.join(obj)
+	if obj_str and not obj_after:
+		s = f'{s} {obj_str} '
+	s += f'[dim yellow]{msg}[/] '
+	if obj_str and obj_after:
+		s = f'{s}: {obj_str}'
+	if id:
+		s += f' [italic dim white]\[{id}][/] '
+	s = rich_to_ansi(f'[dim red]\[debug] {s}[/]')
+	print(s)
+
+
+def escape_mongodb_url(url):
+	"""Escape username / password from MongoDB URL if any.
+
+	Args:
+		url (str): Full MongoDB URL string.
+
+	Returns:
+		str: Escaped MongoDB URL string.
+	"""
+	match = re.search('mongodb://(?P<userpass>.*)@(?P<url>.*)', url)
+	if match:
+		url = match.group('url')
+		user, password = tuple(match.group('userpass').split(':'))
+		user, password = quote(user), quote(password)
+		return f'mongodb://{user}:{password}@{url}'
+	return url