PyPI - secator - Versions diffs - 0.10.1a12__py3-none-any.whl → 0.11.1__py3-none-any.whl - Mend

secator 0.10.1a12py3-none-any.whl → 0.11.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of secator might be problematic. Click here for more details.

Files changed (40) hide show

secator/celery.py +10 -5
secator/celery_signals.py +2 -11
secator/cli.py +153 -46
secator/config.py +2 -2
secator/configs/workflows/url_params_fuzz.yaml +23 -0
secator/configs/workflows/wordpress.yaml +4 -1
secator/decorators.py +10 -5
secator/definitions.py +3 -0
secator/installer.py +46 -32
secator/output_types/__init__.py +2 -1
secator/output_types/certificate.py +78 -0
secator/output_types/user_account.py +1 -1
secator/rich.py +1 -1
secator/runners/_base.py +14 -6
secator/runners/_helpers.py +4 -3
secator/runners/command.py +81 -21
secator/runners/scan.py +5 -3
secator/runners/workflow.py +22 -4
secator/tasks/_categories.py +12 -4
secator/tasks/arjun.py +82 -0
secator/tasks/ffuf.py +2 -1
secator/tasks/fping.py +1 -0
secator/tasks/gitleaks.py +76 -0
secator/tasks/grype.py +1 -1
secator/tasks/mapcidr.py +1 -1
secator/tasks/naabu.py +7 -1
secator/tasks/nmap.py +29 -29
secator/tasks/subfinder.py +1 -1
secator/tasks/testssl.py +274 -0
secator/tasks/trivy.py +95 -0
secator/tasks/wafw00f.py +83 -0
secator/tasks/wpprobe.py +94 -0
secator/template.py +49 -67
secator/utils.py +16 -7
secator/utils_test.py +26 -8
{secator-0.10.1a12.dist-info → secator-0.11.1.dist-info}/METADATA +1 -1
{secator-0.10.1a12.dist-info → secator-0.11.1.dist-info}/RECORD +40 -32
{secator-0.10.1a12.dist-info → secator-0.11.1.dist-info}/WHEEL +0 -0
{secator-0.10.1a12.dist-info → secator-0.11.1.dist-info}/entry_points.txt +0 -0
{secator-0.10.1a12.dist-info → secator-0.11.1.dist-info}/licenses/LICENSE +0 -0

secator/output_types/__init__.py CHANGED Viewed

@@ -26,6 +26,7 @@ from secator.output_types.url import Url
 from secator.output_types.user_account import UserAccount
 from secator.output_types.vulnerability import Vulnerability
 from secator.output_types.record import Record
+from secator.output_types.certificate import Certificate
 from secator.output_types.info import Info
 from secator.output_types.warning import Warning
 from secator.output_types.error import Error
@@ -39,6 +40,6 @@ STAT_TYPES = [
 	Stat
 ]
 FINDING_TYPES = [
-	Subdomain, Ip, Port, Url, Tag, Exploit, UserAccount, Vulnerability
+	Subdomain, Ip, Port, Url, Tag, Exploit, UserAccount, Vulnerability, Certificate
 ]
 OUTPUT_TYPES = FINDING_TYPES + EXECUTION_TYPES + STAT_TYPES

secator/output_types/certificate.py ADDED Viewed

@@ -0,0 +1,78 @@
+import time
+from datetime import datetime, timedelta
+from dataclasses import dataclass, field
+from secator.output_types import OutputType
+from secator.utils import rich_to_ansi
+from secator.definitions import CERTIFICATE_STATUS_UNKNOWN
+@dataclass
+class Certificate(OutputType):
+    host: str
+    fingerprint_sha256: str = field(default='')
+    ip: str = field(default='', compare=False)
+    raw_value: str = field(default='', compare=False)
+    subject_cn: str = field(default='', compare=False)
+    subject_an: list[str] = field(default_factory=list, compare=False)
+    not_before: datetime = field(default=None, compare=False)
+    not_after: datetime = field(default=None, compare=False)
+    issuer_dn: str = field(default='', compare=False)
+    issuer_cn: str = field(default='', compare=False)
+    issuer: str = field(default='', compare=False)
+    self_signed: bool = field(default=True, compare=False)
+    trusted: bool = field(default=False, compare=False)
+    status: str = field(default=CERTIFICATE_STATUS_UNKNOWN, compare=False)
+    keysize: int = field(default=None, compare=False)
+    serial_number: str = field(default='', compare=False)
+    ciphers: list[str] = field(default_factory=list, compare=False)
+    # parent_certificate: 'Certificate' = None  # noqa: F821
+    _source: str = field(default='', repr=True)
+    _type: str = field(default='certificate', repr=True)
+    _timestamp: int = field(default_factory=lambda: time.time(), compare=False)
+    _uuid: str = field(default='', repr=True, compare=False)
+    _context: dict = field(default_factory=dict, repr=True, compare=False)
+    _tagged: bool = field(default=False, repr=True, compare=False)
+    _duplicate: bool = field(default=False, repr=True, compare=False)
+    _related: list = field(default_factory=list, compare=False)
+    _table_fields = ['ip', 'host']
+    _sort_by = ('ip',)
+    def __str__(self) -> str:
+        return self.subject_cn
+    def is_expired(self) -> bool:
+        if self.not_after:
+            return self.not_after < datetime.now()
+        return True
+    def is_expired_soon(self, months: int = 1) -> bool:
+        if self.not_after:
+            return self.not_after < datetime.now() + timedelta(days=months * 30)
+        return True
+    @staticmethod
+    def format_date(date):
+        if date:
+            return date.strftime("%m/%d/%Y")
+        return '?'
+    def __repr__(self) -> str:
+        s = f'📜 [bold white]{self.host}[/]'
+        s += f' [cyan]{self.status}[/]'
+        s += rf' [white]\[fingerprint={self.fingerprint_sha256[:10]}][/]'
+        if self.subject_cn:
+            s += rf' [white]\[cn={self.subject_cn}][/]'
+        if self.subject_an:
+            s += rf' [white]\[an={", ".join(self.subject_an)}][/]'
+        if self.issuer:
+            s += rf' [white]\[issuer={self.issuer}][/]'
+        elif self.issuer_cn:
+            s += rf' [white]\[issuer_cn={self.issuer_cn}][/]'
+        expiry_date = Certificate.format_date(self.not_after)
+        if self.is_expired():
+            s += f' [red]expired since {expiry_date}[/red]'
+        elif self.is_expired_soon(months=2):
+            s += f' [yellow]expires <2 months[/yellow], [yellow]valid until {expiry_date}[/yellow]'
+        else:
+            s += f' [green]not expired[/green], [yellow]valid until {expiry_date}[/yellow]'
+        return rich_to_ansi(s)

secator/output_types/user_account.py CHANGED Viewed

@@ -37,5 +37,5 @@ class UserAccount(OutputType):
 		if self.url:
 			s += rf' \[[white]{_s(self.url)}[/]]'
 		if self.extra_data:
-			s += r' \[[bold yellow]' + _s(', '.join(f'{k}:{v}' for k, v in self.extra_data.items()) + '[/]]')
+			s += r' \[[bold yellow]' + _s(', '.join(f'{k}:{v}' for k, v in self.extra_data.items())) + '[/]]'
 		return rich_to_ansi(s)

secator/rich.py CHANGED Viewed

@@ -4,7 +4,7 @@ import yaml
 from rich.console import Console
 from rich.table import Table
-console = Console(stderr=True)
+console = Console(stderr=True, record=True)
 console_stdout = Console(record=True)
 # handler = RichHandler(rich_tracebacks=True)  # TODO: add logging handler

secator/runners/_base.py CHANGED Viewed

@@ -102,6 +102,7 @@ class Runner:
 		self.piped_input = self.run_opts.get('piped_input', False)
 		self.piped_output = self.run_opts.get('piped_output', False)
 		self.enable_duplicate_check = self.run_opts.get('enable_duplicate_check', True)
+		self.dry_run = self.run_opts.get('dry_run', False)
 		# Runner print opts
 		self.print_item = self.run_opts.get('print_item', False)
@@ -128,12 +129,8 @@ class Runner:
 		[self.add_result(result, print=False, output=False) for result in results]
 		# Determine inputs
-		inputs = [inputs] if not isinstance(inputs, list) else inputs
-		if not self.chunk and self.results:
-			inputs, run_opts, errors = run_extractors(self.results, run_opts, inputs)
-			for error in errors:
-				self.add_result(error, print=True)
-		self.inputs = list(set(inputs))
+		self.inputs = [inputs] if not isinstance(inputs, list) else inputs
+		self.filter_results(results)
 		# Debug
 		self.debug('Inputs', obj=self.inputs, sub='init')
@@ -310,6 +307,8 @@ class Runner:
 			self.mark_completed()
 		finally:
+			if self.dry_run:
+				return
 			if self.sync:
 				self.mark_completed()
 			if self.enable_reports:
@@ -328,6 +327,15 @@ class Runner:
 				self.add_result(error, print=True)
 				yield error
+	def filter_results(self, results):
+		"""Filter results based on the runner's config."""
+		if not self.chunk:
+			inputs, run_opts, errors = run_extractors(results, self.run_opts, self.inputs, self.dry_run)
+			for error in errors:
+				self.add_result(error, print=True)
+			self.inputs = list(set(inputs))
+			self.run_opts = run_opts
 	def add_result(self, item, print=False, output=True):
 		"""Add item to runner results.

secator/runners/_helpers.py CHANGED Viewed

@@ -4,13 +4,14 @@ from secator.output_types import Error
 from secator.utils import deduplicate, debug
-def run_extractors(results, opts, inputs=[]):
+def run_extractors(results, opts, inputs=[], dry_run=False):
 	"""Run extractors and merge extracted values with option dict.
 	Args:
 		results (list): List of results.
 		opts (dict): Options.
 		inputs (list): Original inputs.
+		dry_run (bool): Dry run.
 	Returns:
 		tuple: inputs, options, errors.
@@ -22,9 +23,9 @@ def run_extractors(results, opts, inputs=[]):
 		values, err = extract_from_results(results, val)
 		errors.extend(err)
 		if key == 'targets':
-			inputs = deduplicate(values)
+			inputs = ['<COMPUTED>'] if dry_run else deduplicate(values)
 		else:
-			opts[key] = deduplicate(values)
+			opts[key] = ['<COMPUTED>'] if dry_run else deduplicate(values)
 	return inputs, opts, errors

secator/runners/command.py CHANGED Viewed

@@ -71,6 +71,7 @@ class Command(Runner):
 	# Flag to take a file as input
 	file_flag = None
+	file_eof_newline = False
 	# Flag to enable output JSON
 	json_flag = None
@@ -164,6 +165,9 @@ class Command(Runner):
 		# Process
 		self.process = None
+		# Sudo
+		self.requires_sudo = False
 		# Proxy config (global)
 		self.proxy = self.run_opts.pop('proxy', False)
 		self.configure_proxy()
@@ -177,6 +181,10 @@ class Command(Runner):
 		# Run on_cmd hook
 		self.run_hooks('on_cmd')
+		# Add sudo to command if it is required
+		if self.requires_sudo:
+			self.cmd = f'sudo {self.cmd}'
 		# Build item loaders
 		instance_func = getattr(self, 'item_loader', None)
 		item_loaders = self.item_loaders.copy()
@@ -228,6 +236,22 @@ class Command(Runner):
 			dict(self.opts, **self.meta_opts),
 			opt_prefix=self.config.name)
+	@classmethod
+	def get_version_flag(cls):
+		if cls.version_flag == OPT_NOT_SUPPORTED:
+			return None
+		return cls.version_flag or f'{cls.opt_prefix}version'
+	@classmethod
+	def get_version_info(cls):
+		from secator.installer import get_version_info
+		return get_version_info(
+			cls.__name__,
+			cls.get_version_flag(),
+			cls.install_github_handle,
+			cls.install_cmd
+		)
 	@classmethod
 	def get_supported_opts(cls):
 		def convert(d):
@@ -346,6 +370,11 @@ class Command(Runner):
 			if self.has_children:
 				return
+			# Abort if dry run
+			if self.dry_run:
+				self.print_command()
+				return
 			# Print task description
 			self.print_description()
@@ -464,15 +493,12 @@ class Command(Runner):
 		if line is None:
 			return
+		# Yield line if no items were yielded
+		yield line
 		# Run item_loader to try parsing as dict
-		item_count = 0
 		for item in self.run_item_loaders(line):
 			yield item
-			item_count += 1
-		# Yield line if no items were yielded
-		if item_count == 0:
-			yield line
 		# Skip rest of iteration (no process mode)
 		if self.no_process:
@@ -499,6 +525,7 @@ class Command(Runner):
 				cmd_str += f' [dim gray11]({self.chunk}/{self.chunk_count})[/]'
 			self._print(cmd_str, color='bold cyan', rich=True)
 		self.debug('Command', obj={'cmd': self.cmd}, sub='init')
+		self.debug('Options', obj={'opts': self.cmd_options}, sub='init')
 	def handle_file_not_found(self, exc):
 		"""Handle case where binary is not found.
@@ -687,11 +714,17 @@ class Command(Runner):
 			opt_value_map (dict, str | Callable): A dict to map option values with their actual values.
 			opt_prefix (str, default: '-'): Option prefix.
 			command_name (str | None, default: None): Command name.
+		Returns:
+			dict: Processed options dict.
 		"""
-		opts_str = ''
+		opts_dict = {}
 		for opt_name, opt_conf in opts_conf.items():
 			debug('before get_opt_value', obj={'name': opt_name, 'conf': opt_conf}, obj_after=False, sub='command.options', verbose=True)  # noqa: E501
+			# Save original opt name
+			original_opt_name = opt_name
 			# Get opt value
 			default_val = opt_conf.get('default')
 			opt_val = Command._get_opt_value(
@@ -743,15 +776,10 @@ class Command(Runner):
 			# Append opt name + opt value to option string.
 			# Note: does not append opt value if value is True (flag)
-			opts_str += f' {opt_name}'
-			shlex_quote = opt_conf.get('shlex', True)
-			if opt_val is not True:
-				if shlex_quote:
-					opt_val = shlex.quote(str(opt_val))
-				opts_str += f' {opt_val}'
-			debug('final', obj={'name': opt_name, 'value': opt_val}, sub='command.options', obj_after=False, verbose=True)
+			opts_dict[original_opt_name] = {'name': opt_name, 'value': opt_val, 'conf': opt_conf}
+			debug('final', obj={'name': original_opt_name, 'value': opt_val}, sub='command.options', obj_after=False, verbose=True)  # noqa: E501
-		return opts_str.strip()
+		return opts_dict
 	@staticmethod
 	def _validate_chunked_input(self, inputs):
@@ -806,27 +834,57 @@ class Command(Runner):
 		if self.json_flag:
 			self.cmd += f' {self.json_flag}'
+		# Opts str
+		opts_str = ''
+		opts = {}
 		# Add options to cmd
-		opts_str = Command._process_opts(
+		opts_dict = Command._process_opts(
 			self.run_opts,
 			self.opts,
 			self.opt_key_map,
 			self.opt_value_map,
 			self.opt_prefix,
 			command_name=self.config.name)
-		if opts_str:
-			self.cmd += f' {opts_str}'
 		# Add meta options to cmd
-		meta_opts_str = Command._process_opts(
+		meta_opts_dict = Command._process_opts(
 			self.run_opts,
 			self.meta_opts,
 			self.opt_key_map,
 			self.opt_value_map,
 			self.opt_prefix,
 			command_name=self.config.name)
-		if meta_opts_str:
-			self.cmd += f' {meta_opts_str}'
+		if opts_dict:
+			opts.update(opts_dict)
+		if meta_opts_dict:
+			opts.update(meta_opts_dict)
+		if opts:
+			for opt_conf in opts.values():
+				conf = opt_conf['conf']
+				internal = conf.get('internal', False)
+				if internal:
+					continue
+				if conf.get('requires_sudo', False):
+					self.requires_sudo = True
+				opts_str += ' ' + Command._build_opt_str(opt_conf)
+		self.cmd_options = opts
+		self.cmd += opts_str
+	@staticmethod
+	def _build_opt_str(opt):
+		"""Build option string."""
+		conf = opt['conf']
+		opts_str = f'{opt["name"]}'
+		shlex_quote = conf.get('shlex', True)
+		value = opt['value']
+		if value is not True:
+			if shlex_quote:
+				value = shlex.quote(str(value))
+			opts_str += f' {value}'
+		return opts_str
 	def _build_cmd_input(self):
 		"""Many commands take as input a string or a list. This function facilitate this based on whether we pass a
@@ -859,6 +917,8 @@ class Command(Runner):
 			# Write the input to a file
 			with open(fpath, 'w') as f:
 				f.write('\n'.join(inputs))
+				if self.file_eof_newline:
+					f.write('\n')
 			if self.file_flag == OPT_PIPE_INPUT:
 				cmd = f'cat {fpath} | {cmd}'

secator/runners/scan.py CHANGED Viewed

@@ -34,8 +34,10 @@ class Scan(Runner):
 		for name, workflow_opts in self.config.workflows.items():
 			run_opts = self.run_opts.copy()
 			run_opts['no_poll'] = True
+			run_opts['caller'] = 'Scan'
 			opts = merge_opts(scan_opts, workflow_opts, run_opts)
-			config = TemplateLoader(name=f'workflows/{name}')
+			name = name.split('/')[0]
+			config = TemplateLoader(name=f'workflow/{name}')
 			workflow = Workflow(
 				config,
 				self.inputs,
@@ -44,13 +46,13 @@ class Scan(Runner):
 				hooks=self._hooks,
 				context=self.context.copy()
 			)
-			celery_workflow = workflow.build_celery_workflow()
+			celery_workflow = workflow.build_celery_workflow(chain_previous_results=True)
 			for task_id, task_info in workflow.celery_ids_map.items():
 				self.add_subtask(task_id, task_info['name'], task_info['descr'])
 			sigs.append(celery_workflow)
 		return chain(
-			mark_runner_started.si(self).set(queue='results'),
+			mark_runner_started.si([], self).set(queue='results'),
 			*sigs,
 			mark_runner_completed.s(self).set(queue='results'),
 		)

secator/runners/workflow.py CHANGED Viewed

@@ -20,9 +20,12 @@ class Workflow(Runner):
 		from secator.celery import run_workflow
 		return run_workflow.s(args=args, kwargs=kwargs)
-	def build_celery_workflow(self):
+	def build_celery_workflow(self, chain_previous_results=False):
 		"""Build Celery workflow for workflow execution.
+		Args:
+			chain_previous_results (bool): Chain previous results.
 		Returns:
 			celery.Signature: Celery task signature.
 		"""
@@ -49,21 +52,31 @@ class Workflow(Runner):
 		opts['skip_if_no_inputs'] = True
 		opts['caller'] = 'Workflow'
+		forwarded_opts = {}
+		if chain_previous_results:
+			forwarded_opts = {k: v for k, v in self.run_opts.items() if k.endswith('_')}
 		# Build task signatures
 		sigs = self.get_tasks(
 			self.config.tasks.toDict(),
 			self.inputs,
 			self.config.options,
-			opts)
+			opts,
+			forwarded_opts=forwarded_opts
+		)
+		start_sig = mark_runner_started.si([], self, enable_hooks=True).set(queue='results')
+		if chain_previous_results:
+			start_sig = mark_runner_started.s(self, enable_hooks=True).set(queue='results')
 		# Build workflow chain with lifecycle management
 		return chain(
-			mark_runner_started.si(self, enable_hooks=True).set(queue='results'),
+			start_sig,
 			*sigs,
 			mark_runner_completed.s(self, enable_hooks=True).set(queue='results'),
 		)
-	def get_tasks(self, config, inputs, workflow_opts, run_opts):
+	def get_tasks(self, config, inputs, workflow_opts, run_opts, forwarded_opts={}):
 		"""Get tasks recursively as Celery chains / chords.
 		Args:
@@ -71,6 +84,7 @@ class Workflow(Runner):
 			inputs (list): Inputs.
 			workflow_opts (dict): Workflow options.
 			run_opts (dict): Run options.
+			forwarded_opts (dict): Opts forwarded from parent runner (e.g: scan).
 			sync (bool): Synchronous mode (chain of tasks, no chords).
 		Returns:
@@ -78,6 +92,7 @@ class Workflow(Runner):
 		"""
 		from celery import chain, group
 		sigs = []
+		ix = 0
 		for task_name, task_opts in config.items():
 			# Task opts can be None
 			task_opts = task_opts or {}
@@ -105,6 +120,8 @@ class Workflow(Runner):
 				# Merge task options (order of priority with overrides)
 				opts = merge_opts(workflow_opts, task_opts, run_opts)
+				if ix == 0 and forwarded_opts:
+					opts.update(forwarded_opts)
 				opts['name'] = task_name
 				# Create task signature
@@ -113,5 +130,6 @@ class Workflow(Runner):
 				sig = task.s(inputs, **opts).set(queue=task.profile, task_id=task_id)
 				self.add_subtask(task_id, task_name, task_opts.get('description', ''))
 				self.output_types.extend(task.output_types)
+				ix += 1
 			sigs.append(sig)
 		return sigs

secator/tasks/_categories.py CHANGED Viewed

@@ -18,9 +18,14 @@ from secator.config import CONFIG
 from secator.runners import Command
 from secator.utils import debug, process_wordlist
+USER_AGENTS = {
+	'chrome_134.0_win10': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36',  # noqa: E501
+	'chrome_134.0_macos': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36',  # noqa: E501
+}
 OPTS = {
-	HEADER: {'type': str, 'help': 'Custom header to add to each request in the form "KEY1:VALUE1; KEY2:VALUE2"'},
+	HEADER: {'type': str, 'help': 'Custom header to add to each request in the form "KEY1:VALUE1; KEY2:VALUE2"', 'default': 'User-Agent: ' + USER_AGENTS['chrome_134.0_win10']},  # noqa: E501
 	DELAY: {'type': float, 'short': 'd', 'help': 'Delay to add between each requests'},
 	DEPTH: {'type': int, 'help': 'Scan depth', 'default': 2},
 	FILTER_CODES: {'type': str, 'short': 'fc', 'help': 'Filter out responses with HTTP codes'},
@@ -388,11 +393,11 @@ class Vuln(Command):
 	@cache
 	@staticmethod
-	def lookup_ghsa(ghsa_id):
+	def lookup_cve_from_ghsa(ghsa_id):
 		"""Search for a GHSA on Github and and return associated CVE vulnerability data.
 		Args:
-			ghsa (str): CVE ID in the form GHSA-*
+			ghsa (str): GHSA ID in the form GHSA-*
 		Returns:
 			dict: vulnerability data.
@@ -405,7 +410,10 @@ class Vuln(Command):
 			return None
 		soup = BeautifulSoup(resp.text, 'lxml')
 		sidebar_items = soup.find_all('div', {'class': 'discussion-sidebar-item'})
-		cve_id = sidebar_items[2].find('div').text.strip()
+		cve_id = sidebar_items[3].find('div').text.strip()
+		if not cve_id.startswith('CVE'):
+			debug(f'{ghsa_id}: No CVE_ID extracted from https://github.com/advisories/{ghsa_id}', sub='cve')
+			return None
 		vuln = Vuln.lookup_cve(cve_id)
 		if vuln:
 			vuln[TAGS].append('ghsa')

secator/tasks/arjun.py ADDED Viewed

@@ -0,0 +1,82 @@
+import os
+import yaml
+from secator.decorators import task
+from secator.definitions import (OUTPUT_PATH, RATE_LIMIT, THREADS, DELAY, TIMEOUT, METHOD, WORDLIST, HEADER, URL)
+from secator.output_types import Info, Url, Warning, Error
+from secator.runners import Command
+from secator.tasks._categories import OPTS
+from secator.utils import process_wordlist
+@task()
+class arjun(Command):
+	"""HTTP Parameter Discovery Suite."""
+	cmd = 'arjun'
+	input_flag = '-u'
+	input_type = URL
+	version_flag = ' '
+	opts = {
+		'chunk_size': {'type': int, 'help': 'Control query/chunk size'},
+		'stable': {'is_flag': True, 'default': False, 'help': 'Use stable mode'},
+		'include': {'type': str, 'help': 'Include persistent data (e.g: "api_key=xxxxx" or {"api_key": "xxxx"})'},
+		'passive': {'is_flag': True, 'default': False, 'help': 'Passive mode'},
+		'casing': {'type': str, 'help': 'Casing style for params e.g. like_this, likeThis, LIKE_THIS, like_this'},  # noqa: E501
+		WORDLIST: {'type': str, 'short': 'w', 'default': None, 'process': process_wordlist, 'help': 'Wordlist to use (default: arjun wordlist)'},  # noqa: E501
+	}
+	meta_opts = {
+		THREADS: OPTS[THREADS],
+		DELAY: OPTS[DELAY],
+		TIMEOUT: OPTS[TIMEOUT],
+		RATE_LIMIT: OPTS[RATE_LIMIT],
+		METHOD: OPTS[METHOD],
+		HEADER: OPTS[HEADER],
+	}
+	opt_key_map = {
+		THREADS: 't',
+		DELAY: 'd',
+		TIMEOUT: 'T',
+		RATE_LIMIT: '--rate-limit',
+		METHOD: 'm',
+		WORDLIST: 'w',
+		HEADER: '--headers',
+		'chunk_size': 'c',
+		'stable': '--stable',
+		'passive': '--passive',
+		'casing': '--casing',
+	}
+	output_types = [Url]
+	install_cmd = 'pipx install arjun && pipx upgrade arjun'
+	install_github_handle = 's0md3v/Arjun'
+	@staticmethod
+	def on_line(self, line):
+		if 'Processing chunks' in line:
+			return ''
+		return line
+	@staticmethod
+	def on_cmd(self):
+		self.output_path = self.get_opt_value(OUTPUT_PATH)
+		if not self.output_path:
+			self.output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
+		self.cmd += f' -oJ {self.output_path}'
+	@staticmethod
+	def on_cmd_done(self):
+		if not os.path.exists(self.output_path):
+			yield Error(message=f'Could not find JSON results in {self.output_path}')
+			return
+		yield Info(message=f'JSON results saved to {self.output_path}')
+		with open(self.output_path, 'r') as f:
+			results = yaml.safe_load(f.read())
+			if not results:
+				yield Warning(message='No results found !')
+				return
+		for url, values in results.items():
+			for param in values['params']:
+				yield Url(
+					url=url + '?' + param + '=' + 'FUZZ',
+					headers=values['headers'],
+					method=values['method'],
+				)

secator/tasks/ffuf.py CHANGED Viewed

@@ -18,7 +18,7 @@ FFUF_PROGRESS_REGEX = r':: Progress: \[(?P<count>\d+)/(?P<total>\d+)\] :: Job \[
 @task()
 class ffuf(HttpFuzzer):
 	"""Fast web fuzzer written in Go."""
-	cmd = 'ffuf -noninteractive -recursion'
+	cmd = 'ffuf -noninteractive'
 	input_flag = '-u'
 	input_chunk_size = 1
 	file_flag = None
@@ -30,6 +30,7 @@ class ffuf(HttpFuzzer):
 	]
 	opts = {
 		AUTO_CALIBRATION: {'is_flag': True, 'short': 'ac', 'help': 'Auto-calibration'},
+		'recursion': {'is_flag': True, 'default': True, 'short': 'recursion', 'help': 'Recursion'},
 	}
 	opt_key_map = {
 		HEADER: 'H',

secator/tasks/fping.py CHANGED Viewed

@@ -29,6 +29,7 @@ class fping(ReconIp):
 	input_type = IP
 	output_types = [Ip]
 	install_pre = {'*': ['fping']}
+	ignore_return_code = True
 	@staticmethod
 	def item_loader(self, line):

secator 0.10.1a12__py3-none-any.whl → 0.11.1__py3-none-any.whl

Potentially problematic release.

secator 0.10.1a12py3-none-any.whl → 0.11.1py3-none-any.whl