secator 0.10.1a12__py3-none-any.whl → 0.11.0__py3-none-any.whl

secator/output_types/certificate.py

@@ -0,0 +1,78 @@
+import time
+from datetime import datetime, timedelta
+from dataclasses import dataclass, field
+from secator.output_types import OutputType
+from secator.utils import rich_to_ansi
+from secator.definitions import CERTIFICATE_STATUS_UNKNOWN
+
+
+@dataclass
+class Certificate(OutputType):
+    host: str
+    fingerprint_sha256: str = field(default='')
+    ip: str = field(default='', compare=False)
+    raw_value: str = field(default='', compare=False)
+    subject_cn: str = field(default='', compare=False)
+    subject_an: list[str] = field(default_factory=list, compare=False)
+    not_before: datetime = field(default=None, compare=False)
+    not_after: datetime = field(default=None, compare=False)
+    issuer_dn: str = field(default='', compare=False)
+    issuer_cn: str = field(default='', compare=False)
+    issuer: str = field(default='', compare=False)
+    self_signed: bool = field(default=True, compare=False)
+    trusted: bool = field(default=False, compare=False)
+    status: str = field(default=CERTIFICATE_STATUS_UNKNOWN, compare=False)
+    keysize: int = field(default=None, compare=False)
+    serial_number: str = field(default='', compare=False)
+    ciphers: list[str] = field(default_factory=list, compare=False)
+    # parent_certificate: 'Certificate' = None  # noqa: F821
+    _source: str = field(default='', repr=True)
+    _type: str = field(default='certificate', repr=True)
+    _timestamp: int = field(default_factory=lambda: time.time(), compare=False)
+    _uuid: str = field(default='', repr=True, compare=False)
+    _context: dict = field(default_factory=dict, repr=True, compare=False)
+    _tagged: bool = field(default=False, repr=True, compare=False)
+    _duplicate: bool = field(default=False, repr=True, compare=False)
+    _related: list = field(default_factory=list, compare=False)
+    _table_fields = ['ip', 'host']
+    _sort_by = ('ip',)
+
+    def __str__(self) -> str:
+        return self.subject_cn
+
+    def is_expired(self) -> bool:
+        if self.not_after:
+            return self.not_after < datetime.now()
+        return True
+
+    def is_expired_soon(self, months: int = 1) -> bool:
+        if self.not_after:
+            return self.not_after < datetime.now() + timedelta(days=months * 30)
+        return True
+
+    @staticmethod
+    def format_date(date):
+        if date:
+            return date.strftime("%m/%d/%Y")
+        return '?'
+
+    def __repr__(self) -> str:
+        s = f'📜 [bold white]{self.host}[/]'
+        s += f' [cyan]{self.status}[/]'
+        s += rf' [white]\[fingerprint={self.fingerprint_sha256[:10]}][/]'
+        if self.subject_cn:
+            s += rf' [white]\[cn={self.subject_cn}][/]'
+        if self.subject_an:
+            s += rf' [white]\[an={", ".join(self.subject_an)}][/]'
+        if self.issuer:
+            s += rf' [white]\[issuer={self.issuer}][/]'
+        elif self.issuer_cn:
+            s += rf' [white]\[issuer_cn={self.issuer_cn}][/]'
+        expiry_date = Certificate.format_date(self.not_after)
+        if self.is_expired():
+            s += f' [red]expired since {expiry_date}[/red]'
+        elif self.is_expired_soon(months=2):
+            s += f' [yellow]expires <2 months[/yellow], [yellow]valid until {expiry_date}[/yellow]'
+        else:
+            s += f' [green]not expired[/green], [yellow]valid until {expiry_date}[/yellow]'
+        return rich_to_ansi(s)

secator/output_types/user_account.py

@@ -37,5 +37,5 @@ class UserAccount(OutputType):
 		if self.url:
 			s += rf' \[[white]{_s(self.url)}[/]]'
 		if self.extra_data:
-			s += r' \[[bold yellow]' + _s(', '.join(f'{k}:{v}' for k, v in self.extra_data.items()) + '[/]]')
+			s += r' \[[bold yellow]' + _s(', '.join(f'{k}:{v}' for k, v in self.extra_data.items())) + '[/]]'
 		return rich_to_ansi(s)

secator/rich.py

@@ -4,7 +4,7 @@ import yaml
 from rich.console import Console
 from rich.table import Table
 
-console = Console(stderr=True)
+console = Console(stderr=True, record=True)
 console_stdout = Console(record=True)
 # handler = RichHandler(rich_tracebacks=True)  # TODO: add logging handler
 

secator/runners/_base.py

@@ -102,6 +102,7 @@ class Runner:
 		self.piped_input = self.run_opts.get('piped_input', False)
 		self.piped_output = self.run_opts.get('piped_output', False)
 		self.enable_duplicate_check = self.run_opts.get('enable_duplicate_check', True)
+		self.dry_run = self.run_opts.get('dry_run', False)
 
 		# Runner print opts
 		self.print_item = self.run_opts.get('print_item', False)
@@ -128,12 +129,8 @@ class Runner:
 		[self.add_result(result, print=False, output=False) for result in results]
 
 		# Determine inputs
-		inputs = [inputs] if not isinstance(inputs, list) else inputs
-		if not self.chunk and self.results:
-			inputs, run_opts, errors = run_extractors(self.results, run_opts, inputs)
-			for error in errors:
-				self.add_result(error, print=True)
-		self.inputs = list(set(inputs))
+		self.inputs = [inputs] if not isinstance(inputs, list) else inputs
+		self.filter_results(results)
 
 		# Debug
 		self.debug('Inputs', obj=self.inputs, sub='init')
@@ -310,6 +307,8 @@ class Runner:
 			self.mark_completed()
 
 		finally:
+			if self.dry_run:
+				return
 			if self.sync:
 				self.mark_completed()
 			if self.enable_reports:
@@ -328,6 +327,15 @@ class Runner:
 				self.add_result(error, print=True)
 				yield error
 
+	def filter_results(self, results):
+		"""Filter results based on the runner's config."""
+		if not self.chunk:
+			inputs, run_opts, errors = run_extractors(results, self.run_opts, self.inputs, self.dry_run)
+			for error in errors:
+				self.add_result(error, print=True)
+			self.inputs = list(set(inputs))
+			self.run_opts = run_opts
+
 	def add_result(self, item, print=False, output=True):
 		"""Add item to runner results.
 

secator/runners/_helpers.py

@@ -4,13 +4,14 @@ from secator.output_types import Error
 from secator.utils import deduplicate, debug
 
 
-def run_extractors(results, opts, inputs=[]):
+def run_extractors(results, opts, inputs=[], dry_run=False):
 	"""Run extractors and merge extracted values with option dict.
 
 	Args:
 		results (list): List of results.
 		opts (dict): Options.
 		inputs (list): Original inputs.
+		dry_run (bool): Dry run.
 
 	Returns:
 		tuple: inputs, options, errors.
@@ -22,9 +23,9 @@ def run_extractors(results, opts, inputs=[]):
 		values, err = extract_from_results(results, val)
 		errors.extend(err)
 		if key == 'targets':
-			inputs = deduplicate(values)
+			inputs = ['<COMPUTED>'] if dry_run else deduplicate(values)
 		else:
-			opts[key] = deduplicate(values)
+			opts[key] = ['<COMPUTED>'] if dry_run else deduplicate(values)
 	return inputs, opts, errors
 
 

secator/runners/command.py

@@ -71,6 +71,7 @@ class Command(Runner):
 
 	# Flag to take a file as input
 	file_flag = None
+	file_eof_newline = False
 
 	# Flag to enable output JSON
 	json_flag = None
@@ -164,6 +165,9 @@ class Command(Runner):
 		# Process
 		self.process = None
 
+		# Sudo
+		self.requires_sudo = False
+
 		# Proxy config (global)
 		self.proxy = self.run_opts.pop('proxy', False)
 		self.configure_proxy()
@@ -177,6 +181,10 @@ class Command(Runner):
 		# Run on_cmd hook
 		self.run_hooks('on_cmd')
 
+		# Add sudo to command if it is required
+		if self.requires_sudo:
+			self.cmd = f'sudo {self.cmd}'
+
 		# Build item loaders
 		instance_func = getattr(self, 'item_loader', None)
 		item_loaders = self.item_loaders.copy()
@@ -228,6 +236,22 @@ class Command(Runner):
 			dict(self.opts, **self.meta_opts),
 			opt_prefix=self.config.name)
 
+	@classmethod
+	def get_version_flag(cls):
+		if cls.version_flag == OPT_NOT_SUPPORTED:
+			return None
+		return cls.version_flag or f'{cls.opt_prefix}version'
+
+	@classmethod
+	def get_version_info(cls):
+		from secator.installer import get_version_info
+		return get_version_info(
+			cls.__name__,
+			cls.get_version_flag(),
+			cls.install_github_handle,
+			cls.install_cmd
+		)
+
 	@classmethod
 	def get_supported_opts(cls):
 		def convert(d):
@@ -346,6 +370,11 @@ class Command(Runner):
 			if self.has_children:
 				return
 
+			# Abort if dry run
+			if self.dry_run:
+				self.print_command()
+				return
+
 			# Print task description
 			self.print_description()
 
@@ -464,15 +493,12 @@ class Command(Runner):
 		if line is None:
 			return
 
+		# Yield line if no items were yielded
+		yield line
+
 		# Run item_loader to try parsing as dict
-		item_count = 0
 		for item in self.run_item_loaders(line):
 			yield item
-			item_count += 1
-
-		# Yield line if no items were yielded
-		if item_count == 0:
-			yield line
 
 		# Skip rest of iteration (no process mode)
 		if self.no_process:
@@ -499,6 +525,7 @@ class Command(Runner):
 				cmd_str += f' [dim gray11]({self.chunk}/{self.chunk_count})[/]'
 			self._print(cmd_str, color='bold cyan', rich=True)
 		self.debug('Command', obj={'cmd': self.cmd}, sub='init')
+		self.debug('Options', obj={'opts': self.cmd_options}, sub='init')
 
 	def handle_file_not_found(self, exc):
 		"""Handle case where binary is not found.
@@ -687,11 +714,17 @@ class Command(Runner):
 			opt_value_map (dict, str | Callable): A dict to map option values with their actual values.
 			opt_prefix (str, default: '-'): Option prefix.
 			command_name (str | None, default: None): Command name.
+
+		Returns:
+			dict: Processed options dict.
 		"""
-		opts_str = ''
+		opts_dict = {}
 		for opt_name, opt_conf in opts_conf.items():
 			debug('before get_opt_value', obj={'name': opt_name, 'conf': opt_conf}, obj_after=False, sub='command.options', verbose=True)  # noqa: E501
 
+			# Save original opt name
+			original_opt_name = opt_name
+
 			# Get opt value
 			default_val = opt_conf.get('default')
 			opt_val = Command._get_opt_value(
@@ -743,15 +776,10 @@ class Command(Runner):
 
 			# Append opt name + opt value to option string.
 			# Note: does not append opt value if value is True (flag)
-			opts_str += f' {opt_name}'
-			shlex_quote = opt_conf.get('shlex', True)
-			if opt_val is not True:
-				if shlex_quote:
-					opt_val = shlex.quote(str(opt_val))
-				opts_str += f' {opt_val}'
-			debug('final', obj={'name': opt_name, 'value': opt_val}, sub='command.options', obj_after=False, verbose=True)
+			opts_dict[original_opt_name] = {'name': opt_name, 'value': opt_val, 'conf': opt_conf}
+			debug('final', obj={'name': original_opt_name, 'value': opt_val}, sub='command.options', obj_after=False, verbose=True)  # noqa: E501
 
-		return opts_str.strip()
+		return opts_dict
 
 	@staticmethod
 	def _validate_chunked_input(self, inputs):
@@ -806,27 +834,57 @@ class Command(Runner):
 		if self.json_flag:
 			self.cmd += f' {self.json_flag}'
 
+		# Opts str
+		opts_str = ''
+		opts = {}
+
 		# Add options to cmd
-		opts_str = Command._process_opts(
+		opts_dict = Command._process_opts(
 			self.run_opts,
 			self.opts,
 			self.opt_key_map,
 			self.opt_value_map,
 			self.opt_prefix,
 			command_name=self.config.name)
-		if opts_str:
-			self.cmd += f' {opts_str}'
 
 		# Add meta options to cmd
-		meta_opts_str = Command._process_opts(
+		meta_opts_dict = Command._process_opts(
 			self.run_opts,
 			self.meta_opts,
 			self.opt_key_map,
 			self.opt_value_map,
 			self.opt_prefix,
 			command_name=self.config.name)
-		if meta_opts_str:
-			self.cmd += f' {meta_opts_str}'
+
+		if opts_dict:
+			opts.update(opts_dict)
+		if meta_opts_dict:
+			opts.update(meta_opts_dict)
+
+		if opts:
+			for opt_conf in opts.values():
+				conf = opt_conf['conf']
+				internal = conf.get('internal', False)
+				if internal:
+					continue
+				if conf.get('requires_sudo', False):
+					self.requires_sudo = True
+				opts_str += ' ' + Command._build_opt_str(opt_conf)
+		self.cmd_options = opts
+		self.cmd += opts_str
+
+	@staticmethod
+	def _build_opt_str(opt):
+		"""Build option string."""
+		conf = opt['conf']
+		opts_str = f'{opt["name"]}'
+		shlex_quote = conf.get('shlex', True)
+		value = opt['value']
+		if value is not True:
+			if shlex_quote:
+				value = shlex.quote(str(value))
+			opts_str += f' {value}'
+		return opts_str
 
 	def _build_cmd_input(self):
 		"""Many commands take as input a string or a list. This function facilitate this based on whether we pass a
@@ -859,6 +917,8 @@ class Command(Runner):
 			# Write the input to a file
 			with open(fpath, 'w') as f:
 				f.write('\n'.join(inputs))
+				if self.file_eof_newline:
+					f.write('\n')
 
 			if self.file_flag == OPT_PIPE_INPUT:
 				cmd = f'cat {fpath} | {cmd}'

secator/runners/scan.py

@@ -34,8 +34,10 @@ class Scan(Runner):
 		for name, workflow_opts in self.config.workflows.items():
 			run_opts = self.run_opts.copy()
 			run_opts['no_poll'] = True
+			run_opts['caller'] = 'Scan'
 			opts = merge_opts(scan_opts, workflow_opts, run_opts)
-			config = TemplateLoader(name=f'workflows/{name}')
+			name = name.split('/')[0]
+			config = TemplateLoader(name=f'workflow/{name}')
 			workflow = Workflow(
 				config,
 				self.inputs,
@@ -44,13 +46,13 @@ class Scan(Runner):
 				hooks=self._hooks,
 				context=self.context.copy()
 			)
-			celery_workflow = workflow.build_celery_workflow()
+			celery_workflow = workflow.build_celery_workflow(chain_previous_results=True)
 			for task_id, task_info in workflow.celery_ids_map.items():
 				self.add_subtask(task_id, task_info['name'], task_info['descr'])
 			sigs.append(celery_workflow)
 
 		return chain(
-			mark_runner_started.si(self).set(queue='results'),
+			mark_runner_started.si([], self).set(queue='results'),
 			*sigs,
 			mark_runner_completed.s(self).set(queue='results'),
 		)

secator/runners/workflow.py

@@ -20,9 +20,12 @@ class Workflow(Runner):
 		from secator.celery import run_workflow
 		return run_workflow.s(args=args, kwargs=kwargs)
 
-	def build_celery_workflow(self):
+	def build_celery_workflow(self, chain_previous_results=False):
 		"""Build Celery workflow for workflow execution.
 
+		Args:
+			chain_previous_results (bool): Chain previous results.
+
 		Returns:
 			celery.Signature: Celery task signature.
 		"""
@@ -49,21 +52,31 @@ class Workflow(Runner):
 		opts['skip_if_no_inputs'] = True
 		opts['caller'] = 'Workflow'
 
+		forwarded_opts = {}
+		if chain_previous_results:
+			forwarded_opts = {k: v for k, v in self.run_opts.items() if k.endswith('_')}
+
 		# Build task signatures
 		sigs = self.get_tasks(
 			self.config.tasks.toDict(),
 			self.inputs,
 			self.config.options,
-			opts)
+			opts,
+			forwarded_opts=forwarded_opts
+		)
+
+		start_sig = mark_runner_started.si([], self, enable_hooks=True).set(queue='results')
+		if chain_previous_results:
+			start_sig = mark_runner_started.s(self, enable_hooks=True).set(queue='results')
 
 		# Build workflow chain with lifecycle management
 		return chain(
-			mark_runner_started.si(self, enable_hooks=True).set(queue='results'),
+			start_sig,
 			*sigs,
 			mark_runner_completed.s(self, enable_hooks=True).set(queue='results'),
 		)
 
-	def get_tasks(self, config, inputs, workflow_opts, run_opts):
+	def get_tasks(self, config, inputs, workflow_opts, run_opts, forwarded_opts={}):
 		"""Get tasks recursively as Celery chains / chords.
 
 		Args:
@@ -71,6 +84,7 @@ class Workflow(Runner):
 			inputs (list): Inputs.
 			workflow_opts (dict): Workflow options.
 			run_opts (dict): Run options.
+			forwarded_opts (dict): Opts forwarded from parent runner (e.g: scan).
 			sync (bool): Synchronous mode (chain of tasks, no chords).
 
 		Returns:
@@ -78,6 +92,7 @@ class Workflow(Runner):
 		"""
 		from celery import chain, group
 		sigs = []
+		ix = 0
 		for task_name, task_opts in config.items():
 			# Task opts can be None
 			task_opts = task_opts or {}
@@ -105,6 +120,8 @@ class Workflow(Runner):
 
 				# Merge task options (order of priority with overrides)
 				opts = merge_opts(workflow_opts, task_opts, run_opts)
+				if ix == 0 and forwarded_opts:
+					opts.update(forwarded_opts)
 				opts['name'] = task_name
 
 				# Create task signature
@@ -113,5 +130,6 @@ class Workflow(Runner):
 				sig = task.s(inputs, **opts).set(queue=task.profile, task_id=task_id)
 				self.add_subtask(task_id, task_name, task_opts.get('description', ''))
 				self.output_types.extend(task.output_types)
+				ix += 1
 			sigs.append(sig)
 		return sigs

secator/tasks/_categories.py

@@ -18,9 +18,14 @@ from secator.config import CONFIG
 from secator.runners import Command
 from secator.utils import debug, process_wordlist
 
+USER_AGENTS = {
+	'chrome_134.0_win10': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36',  # noqa: E501
+	'chrome_134.0_macos': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36',  # noqa: E501
+}
+
 
 OPTS = {
-	HEADER: {'type': str, 'help': 'Custom header to add to each request in the form "KEY1:VALUE1; KEY2:VALUE2"'},
+	HEADER: {'type': str, 'help': 'Custom header to add to each request in the form "KEY1:VALUE1; KEY2:VALUE2"', 'default': 'User-Agent: ' + USER_AGENTS['chrome_134.0_win10']},  # noqa: E501
 	DELAY: {'type': float, 'short': 'd', 'help': 'Delay to add between each requests'},
 	DEPTH: {'type': int, 'help': 'Scan depth', 'default': 2},
 	FILTER_CODES: {'type': str, 'short': 'fc', 'help': 'Filter out responses with HTTP codes'},

secator/tasks/arjun.py

@@ -0,0 +1,82 @@
+import os
+import yaml
+
+from secator.decorators import task
+from secator.definitions import (OUTPUT_PATH, RATE_LIMIT, THREADS, DELAY, TIMEOUT, METHOD, WORDLIST, HEADER, URL)
+from secator.output_types import Info, Url, Warning, Error
+from secator.runners import Command
+from secator.tasks._categories import OPTS
+from secator.utils import process_wordlist
+
+
+@task()
+class arjun(Command):
+	"""HTTP Parameter Discovery Suite."""
+	cmd = 'arjun'
+	input_flag = '-u'
+	input_type = URL
+	version_flag = ' '
+	opts = {
+		'chunk_size': {'type': int, 'help': 'Control query/chunk size'},
+		'stable': {'is_flag': True, 'default': False, 'help': 'Use stable mode'},
+		'include': {'type': str, 'help': 'Include persistent data (e.g: "api_key=xxxxx" or {"api_key": "xxxx"})'},
+		'passive': {'is_flag': True, 'default': False, 'help': 'Passive mode'},
+		'casing': {'type': str, 'help': 'Casing style for params e.g. like_this, likeThis, LIKE_THIS, like_this'},  # noqa: E501
+		WORDLIST: {'type': str, 'short': 'w', 'default': None, 'process': process_wordlist, 'help': 'Wordlist to use (default: arjun wordlist)'},  # noqa: E501
+	}
+	meta_opts = {
+		THREADS: OPTS[THREADS],
+		DELAY: OPTS[DELAY],
+		TIMEOUT: OPTS[TIMEOUT],
+		RATE_LIMIT: OPTS[RATE_LIMIT],
+		METHOD: OPTS[METHOD],
+		HEADER: OPTS[HEADER],
+	}
+	opt_key_map = {
+		THREADS: 't',
+		DELAY: 'd',
+		TIMEOUT: 'T',
+		RATE_LIMIT: '--rate-limit',
+		METHOD: 'm',
+		WORDLIST: 'w',
+		HEADER: '--headers',
+		'chunk_size': 'c',
+		'stable': '--stable',
+		'passive': '--passive',
+		'casing': '--casing',
+	}
+	output_types = [Url]
+	install_cmd = 'pipx install arjun && pipx upgrade arjun'
+	install_github_handle = 's0md3v/Arjun'
+
+	@staticmethod
+	def on_line(self, line):
+		if 'Processing chunks' in line:
+			return ''
+		return line
+
+	@staticmethod
+	def on_cmd(self):
+		self.output_path = self.get_opt_value(OUTPUT_PATH)
+		if not self.output_path:
+			self.output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
+		self.cmd += f' -oJ {self.output_path}'
+
+	@staticmethod
+	def on_cmd_done(self):
+		if not os.path.exists(self.output_path):
+			yield Error(message=f'Could not find JSON results in {self.output_path}')
+			return
+		yield Info(message=f'JSON results saved to {self.output_path}')
+		with open(self.output_path, 'r') as f:
+			results = yaml.safe_load(f.read())
+			if not results:
+				yield Warning(message='No results found !')
+				return
+		for url, values in results.items():
+			for param in values['params']:
+				yield Url(
+					url=url + '?' + param + '=' + 'FUZZ',
+					headers=values['headers'],
+					method=values['method'],
+				)

secator/tasks/ffuf.py

@@ -18,7 +18,7 @@ FFUF_PROGRESS_REGEX = r':: Progress: \[(?P<count>\d+)/(?P<total>\d+)\] :: Job \[
 @task()
 class ffuf(HttpFuzzer):
 	"""Fast web fuzzer written in Go."""
-	cmd = 'ffuf -noninteractive -recursion'
+	cmd = 'ffuf -noninteractive'
 	input_flag = '-u'
 	input_chunk_size = 1
 	file_flag = None
@@ -30,6 +30,7 @@ class ffuf(HttpFuzzer):
 	]
 	opts = {
 		AUTO_CALIBRATION: {'is_flag': True, 'short': 'ac', 'help': 'Auto-calibration'},
+		'recursion': {'is_flag': True, 'default': True, 'short': 'recursion', 'help': 'Recursion'},
 	}
 	opt_key_map = {
 		HEADER: 'H',

secator/tasks/gitleaks.py

@@ -0,0 +1,76 @@
+import click
+import os
+import yaml
+
+from secator.config import CONFIG
+from secator.decorators import task
+from secator.runners import Command
+from secator.definitions import (OUTPUT_PATH)
+from secator.utils import caml_to_snake
+from secator.output_types import Tag, Info, Error
+
+
+@task()
+class gitleaks(Command):
+	"""Tool for detecting secrets like passwords, API keys, and tokens in git repos, files, and stdin."""
+	cmd = 'gitleaks'
+	input_flag = None
+	json_flag = '-f json'
+	opt_prefix = '--'
+	opts = {
+		'ignore_path': {'type': str, 'help': 'Path to .gitleaksignore file or folder containing one'},
+		'mode': {'type': click.Choice(['git', 'dir']), 'default': 'dir', 'help': 'Gitleaks mode', 'internal': True, 'display': True},  # noqa: E501
+		'config': {'type': str, 'short': 'config', 'help': 'Gitleaks config file path'}
+	}
+	opt_key_map = {
+		"ignore_path": "gitleaks-ignore-path"
+	}
+	input_type = "folder"
+	output_types = [Tag]
+	output_map = {
+		Tag: {
+			'name': 'RuleID',
+			'match': lambda x: f'{x["File"]}:{x["StartLine"]}:{x["StartColumn"]}',
+			'extra_data': lambda x: {caml_to_snake(k): v for k, v in x.items() if k not in ['RuleID', 'File']}
+		}
+	}
+	install_pre = {'*': ['git', 'make']}
+	install_cmd = (
+		f'git clone https://github.com/gitleaks/gitleaks.git {CONFIG.dirs.share}/gitleaks || true &&'
+		f'cd {CONFIG.dirs.share}/gitleaks && make build &&'
+		f'mv {CONFIG.dirs.share}/gitleaks/gitleaks {CONFIG.dirs.bin}'
+	)
+	install_github_handle = 'gitleaks/gitleaks'
+
+	@staticmethod
+	def on_cmd(self):
+		# replace fake -mode opt by subcommand
+		mode = self.get_opt_value('mode')
+		self.cmd = self.cmd.replace(f'{gitleaks.cmd} ', f'{gitleaks.cmd} {mode} ')
+
+		# add output path
+		output_path = self.get_opt_value(OUTPUT_PATH)
+		if not output_path:
+			output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
+		self.output_path = output_path
+		self.cmd += f' -r {self.output_path}'
+		self.cmd += ' --exit-code 0'
+
+	@staticmethod
+	def on_cmd_done(self):
+		if not os.path.exists(self.output_path):
+			yield Error(message=f'Could not find JSON results in {self.output_path}')
+			return
+
+		yield Info(message=f'JSON results saved to {self.output_path}')
+		with open(self.output_path, 'r') as f:
+			results = yaml.safe_load(f.read())
+		for result in results:
+			yield Tag(
+				name=result['RuleID'],
+				match='{File}:{StartLine}:{StartColumn}'.format(**result),
+				extra_data={
+					caml_to_snake(k): v for k, v in result.items()
+					if k not in ['RuleID', 'File']
+				}
+			)

secator/tasks/mapcidr.py

@@ -10,7 +10,7 @@ from secator.tasks._categories import ReconIp
 @task()
 class mapcidr(ReconIp):
 	"""Utility program to perform multiple operations for a given subnet/cidr ranges."""
-	cmd = 'mapcidr -silent'
+	cmd = 'mapcidr'
 	input_flag = '-cidr'
 	file_flag = '-cl'
 	install_pre = {