secator 0.10.1a12__py3-none-any.whl → 0.15.1__py3-none-any.whl

secator/configs/profiles/insane.yaml

@@ -0,0 +1,8 @@
+type: profile
+name: insane
+description: "Local LAN scanning or stress scanning"
+opts:
+    rate_limit: 100000
+    delay: 0
+    timeout: 1
+    retries: 0

secator/configs/profiles/paranoid.yaml

@@ -0,0 +1,8 @@
+type: profile
+name: paranoid
+description: "Maximum stealth"
+opts:
+    rate_limit: 5
+    delay: 5
+    timeout: 15
+    retries: 5

secator/configs/profiles/polite.yaml

@@ -0,0 +1,8 @@
+type: profile
+name: polite
+description: "Avoid overloading network"
+opts:
+    rate_limit: 100
+    delay: 0
+    timeout: 10
+    retries: 5

secator/configs/profiles/sneaky.yaml

@@ -0,0 +1,8 @@
+type: profile
+name: sneaky
+description: "IDS/IPS evasion, sensitive networks"
+opts:
+    rate_limit: 10
+    delay: 2
+    timeout: 15
+    retries: 5

secator/configs/profiles/tor.yaml

@@ -0,0 +1,5 @@
+type: profile
+name: tor
+description: "Anonymous scan using Tor network"
+opts:
+  proxy: tor

secator/configs/workflows/host_recon.yaml

@@ -7,10 +7,19 @@ input_types:
   - host
   - cidr_range
 tasks:
+  naabu:
+    description: Find open ports
+    ports: "-"  # scan all ports
   nmap:
     description: Search for vulnerabilities on open ports
-    skip_host_discovery: True
-    ports: "-"  # scan all ports
+    version_detection: True
+    script: vulners
+    targets_:
+    - port.host
+    - target.name
+    ports_:
+    - port.port
+    ports: "-"  # default if no port found by naabu
   _group/1:
     httpx:
       description: Probe HTTP services on open ports

secator/configs/workflows/url_dirsearch.yaml

@@ -14,6 +14,11 @@ tasks:
         field: '{name}/FUZZ'
   cariddi:
     description: Crawl HTTP directories for content
+    info: True
+    secrets: True
+    errors: True
+    juicy_extensions: 1
+    juicy_endpoints: True
     targets_:
       - target.name
       - url.url

secator/configs/workflows/url_params_fuzz.yaml

@@ -0,0 +1,25 @@
+type: workflow
+name: url_params_fuzz
+alias: url_params_fuzz
+description: Extract parameters from an URL and fuzz them
+tags: [http, fuzz]
+input_types:
+  - url
+tasks:
+  arjun:
+    description: Extract parameters from URLs
+  ffuf:
+    description: Fuzz URL params
+    wordlist: https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Discovery/Web-Content/burp-parameter-names.txt
+    auto_calibration: true
+    follow_redirect: true
+    targets_:
+      - type: url
+        field: url
+        condition: item._source.startswith('arjun')
+  httpx:
+    description: Probe fuzzed URLs
+    targets_:
+      - type: url
+        field: url
+        condition: item._source.startswith('ffuf')

secator/configs/workflows/wordpress.yaml

@@ -11,4 +11,7 @@ tasks:
       description: Nuclei Wordpress scan
       tags: wordpress
     wpscan:
-      description: WPScan
+      description: WPScan
+    wpprobe:
+      description: WPProbe
+      tags: wordpress

secator/decorators.py

@@ -13,22 +13,24 @@ from secator.utils import (deduplicate, expand_input, get_command_category)
 
 RUNNER_OPTS = {
 	'output': {'type': str, 'default': None, 'help': 'Output options (-o table,json,csv,gdrive)', 'short': 'o'},
+	'profiles': {'type': str, 'default': 'default', 'help': 'Profiles', 'short': 'pf'},
 	'workspace': {'type': str, 'default': 'default', 'help': 'Workspace', 'short': 'ws'},
 	'print_json': {'is_flag': True, 'short': 'json', 'default': False, 'help': 'Print items as JSON lines'},
 	'print_raw': {'is_flag': True, 'short': 'raw', 'default': False, 'help': 'Print items in raw format'},
 	'print_stat': {'is_flag': True, 'short': 'stat', 'default': False, 'help': 'Print runtime statistics'},
 	'print_format': {'default': '', 'short': 'fmt', 'help': 'Output formatting string'},
 	'enable_profiler': {'is_flag': True, 'short': 'prof', 'default': False, 'help': 'Enable runner profiling'},
-	'show': {'is_flag': True, 'default': False, 'help': 'Show command that will be run (tasks only)'},
-	'no_process': {'is_flag': True, 'default': False, 'help': 'Disable secator processing'},
+	'no_process': {'is_flag': True, 'short': 'nps', 'default': False, 'help': 'Disable secator processing'},
 	# 'filter': {'default': '', 'short': 'f', 'help': 'Results filter', 'short': 'of'}, # TODO add this
-	'quiet': {'is_flag': True, 'default': False, 'help': 'Enable quiet mode'},
+	'quiet': {'is_flag': True, 'short': 'q', 'default': not CONFIG.runners.show_command_output, 'opposite': 'verbose', 'help': 'Enable quiet mode'},  # noqa: E501
+	'dry_run': {'is_flag': True, 'short': 'dr', 'default': False, 'help': 'Enable dry run'},
+	'show': {'is_flag': True, 'short': 'yml', 'default': False, 'help': 'Show runner yaml'},
 }
 
 RUNNER_GLOBAL_OPTS = {
 	'sync': {'is_flag': True, 'help': 'Run tasks synchronously (automatic if no worker is alive)'},
 	'worker': {'is_flag': True, 'default': False, 'help': 'Run tasks in worker'},
-	'no_poll': {'is_flag': True, 'default': False, 'help': 'Do not live poll for tasks results when running in worker'},
+	'no_poll': {'is_flag': True, 'short': 'np', 'default': False, 'help': 'Do not live poll for tasks results when running in worker'},  # noqa: E501
 	'proxy': {'type': str, 'help': 'HTTP proxy'},
 	'driver': {'type': str, 'help': 'Export real-time results. E.g: "mongodb"'}
 	# 'debug': {'type': int, 'default': 0, 'help': 'Debug mode'},
@@ -162,35 +164,39 @@ def get_command_options(config):
 			elif opt in RUNNER_GLOBAL_OPTS:
 				prefix = 'Execution'
 
+			# Get opt value from YAML config
+			opt_conf_value = task_config_opts.get(opt)
+
 			# Get opt conf
 			conf = opt_conf.copy()
+			opt_is_flag = conf.get('is_flag', False)
+			opt_default = conf.get('default', False if opt_is_flag else None)
+			opt_is_required = conf.get('required', False)
 			conf['show_default'] = True
 			conf['prefix'] = prefix
-			opt_default = conf.get('default', None)
-			opt_is_flag = conf.get('is_flag', False)
-			opt_value_in_config = task_config_opts.get(opt)
+			conf['default'] = opt_default
+			conf['reverse'] = False
 
-			# Check if opt already defined in config
-			if opt_value_in_config:
-				if conf.get('required', False):
+			# Change CLI opt defaults if opt was overriden in YAML config
+			if opt_conf_value:
+				if opt_is_required:
 					debug('OPT (skipped: opt is required and defined in config)', obj={'opt': opt}, sub=f'cli.{config.name}', verbose=True)  # noqa: E501
 					continue
 				mapped_value = cls.opt_value_map.get(opt)
 				if callable(mapped_value):
-					opt_value_in_config = mapped_value(opt_value_in_config)
+					opt_conf_value = mapped_value(opt_conf_value)
 				elif mapped_value:
-					opt_value_in_config = mapped_value
-				if opt_value_in_config != opt_default:
+					opt_conf_value = mapped_value
+
+				# Handle option defaults
+				if opt_conf_value != opt_default:
 					if opt in opt_cache:
 						continue
 					if opt_is_flag:
-						conf['reverse'] = True
-						conf['default'] = not conf['default']
-					# print(f'{opt}: change default to {opt_value_in_config}')
-					conf['default'] = opt_value_in_config
+						conf['default'] = opt_default = opt_conf_value
 
-			# If opt is a flag but the default is True, add opposite flag
-			if opt_is_flag and opt_default is True:
+			# Add reverse flag
+			if opt_default is True:
 				conf['reverse'] = True
 
 			# Check if opt already processed before
@@ -204,7 +210,7 @@ def get_command_options(config):
 			all_opts[opt] = conf
 
 			# Debug
-			debug_conf = OrderedDict({'opt': opt, 'config_val': opt_value_in_config or 'N/A', **conf.copy()})
+			debug_conf = OrderedDict({'opt': opt, 'config_val': opt_conf_value or 'N/A', **conf.copy()})
 			debug('OPT', obj=debug_conf, sub=f'cli.{config.name}', verbose=True)
 
 	return all_opts
@@ -224,18 +230,28 @@ def decorate_command_options(opts):
 		for opt_name, opt_conf in reversed_opts.items():
 			conf = opt_conf.copy()
 			short_opt = conf.pop('short', None)
-			conf.pop('internal', None)
+			internal = conf.pop('internal', False)
+			display = conf.pop('display', True)
+			if internal and not display:
+				continue
 			conf.pop('prefix', None)
 			conf.pop('shlex', None)
 			conf.pop('meta', None)
 			conf.pop('supported', None)
 			conf.pop('process', None)
+			conf.pop('requires_sudo', None)
 			reverse = conf.pop('reverse', False)
+			opposite = conf.pop('opposite', None)
 			long = f'--{opt_name}'
 			short = f'-{short_opt}' if short_opt else f'-{opt_name}'
 			if reverse:
-				long += f'/--no-{opt_name}'
-				short += f'/-n{short_opt}' if short else f'/-n{opt_name}'
+				if opposite:
+					long += f'/--{opposite}'
+					short += f'/-{opposite[0]}'
+					conf['help'] = conf['help'].replace(opt_name, f'{opt_name} / {opposite}')
+				else:
+					long += f'/--no-{opt_name}'
+					short += f'/-n{short_opt}' if short else f'/-n{opt_name}'
 			f = click.option(long, short, **conf)(f)
 		return f
 	return decorator
@@ -255,7 +271,6 @@ def generate_cli_subcommand(cli_endpoint, func, **opts):
 def register_runner(cli_endpoint, config):
 	name = config.name
 	input_required = True
-	input_type = 'targets'
 	command_opts = {
 		'no_args_is_help': True,
 		'context_settings': {
@@ -266,37 +281,44 @@ def register_runner(cli_endpoint, config):
 
 	if cli_endpoint.name == 'scan':
 		runner_cls = Scan
+		input_required = False  # allow targets from stdin
 		short_help = config.description or ''
 		short_help += f' [dim]alias: {config.alias}' if config.alias else ''
 		command_opts.update({
 			'name': name,
-			'short_help': short_help
+			'short_help': short_help,
+			'no_args_is_help': False
 		})
+		input_types = config.input_types
 
 	elif cli_endpoint.name == 'workflow':
 		runner_cls = Workflow
+		input_required = False  # allow targets from stdin
 		short_help = config.description or ''
 		short_help = f'{short_help:<55} [dim](alias)[/][bold cyan] {config.alias}' if config.alias else ''
 		command_opts.update({
 			'name': name,
-			'short_help': short_help
+			'short_help': short_help,
+			'no_args_is_help': False
 		})
+		input_types = config.input_types
 
 	elif cli_endpoint.name == 'task':
 		runner_cls = Task
 		input_required = False  # allow targets from stdin
 		task_cls = Task.get_task_class(config.name)
 		task_category = get_command_category(task_cls)
-		input_type = task_cls.input_type or 'targets'
-		short_help = f'[magenta]{task_category:<15}[/]{task_cls.__doc__}'
+		short_help = f'[magenta]{task_category:<25}[/] {task_cls.__doc__}'
 		command_opts.update({
 			'name': name,
 			'short_help': short_help,
 			'no_args_is_help': False
 		})
+		input_types = task_cls.input_types
 
 	else:
 		raise ValueError(f"Unrecognized runner endpoint name {cli_endpoint.name}")
+	input_types_str = '|'.join(input_types) if input_types else 'targets'
 	options = get_command_options(config)
 
 	# TODO: maybe allow this in the future
@@ -308,7 +330,7 @@ def register_runner(cli_endpoint, config):
 	# 		for i in range(0, len(ctx.args), 2)
 	# 	}
 
-	@click.argument(input_type, required=input_required)
+	@click.argument(input_types_str, required=input_required)
 	@decorate_command_options(options)
 	@click.pass_context
 	def func(ctx, **opts):
@@ -316,9 +338,16 @@ def register_runner(cli_endpoint, config):
 		worker = opts.pop('worker')
 		ws = opts.pop('workspace')
 		driver = opts.pop('driver', '')
+		quiet = opts['quiet']
+		dry_run = opts['dry_run']
 		show = opts['show']
 		context = {'workspace_name': ws}
 
+		# Show runner yaml
+		if show:
+			config.print()
+			sys.exit(0)
+
 		# Remove options whose values are default values
 		for k, v in options.items():
 			opt_name = k.replace('-', '_')
@@ -330,7 +359,7 @@ def register_runner(cli_endpoint, config):
 		# opts.update(unknown_opts)
 
 		# Expand input
-		inputs = opts.pop(input_type)
+		inputs = opts.pop(input_types_str)
 		inputs = expand_input(inputs, ctx)
 
 		# Build hooks from driver name
@@ -359,7 +388,7 @@ def register_runner(cli_endpoint, config):
 		hooks = deep_merge_dicts(*hooks)
 
 		# Enable sync or not
-		if sync or show:
+		if sync or dry_run:
 			sync = True
 		else:
 			from secator.celery import is_celery_worker_alive
@@ -389,6 +418,7 @@ def register_runner(cli_endpoint, config):
 			'piped_output': ctx.obj['piped_output'],
 			'caller': 'cli',
 			'sync': sync,
+			'quiet': quiet
 		})
 
 		# Start runner
@@ -396,10 +426,10 @@ def register_runner(cli_endpoint, config):
 		runner.run()
 
 	generate_cli_subcommand(cli_endpoint, func, **command_opts)
-	generate_rich_click_opt_groups(cli_endpoint, name, input_type, options)
+	generate_rich_click_opt_groups(cli_endpoint, name, input_types, options)
 
 
-def generate_rich_click_opt_groups(cli_endpoint, name, input_type, options):
+def generate_rich_click_opt_groups(cli_endpoint, name, input_types, options):
 	sortorder = {
 		'Execution': 0,
 		'Output': 1,
@@ -410,7 +440,7 @@ def generate_rich_click_opt_groups(cli_endpoint, name, input_type, options):
 	opt_group = [
 		{
 			'name': 'Targets',
-			'options': [input_type],
+			'options': input_types,
 		},
 	]
 	for prefix in prefixes:

secator/definitions.py

@@ -23,10 +23,6 @@ ASCII = rf"""
 DEBUG = CONFIG.debug.level
 DEBUG_COMPONENT = CONFIG.debug.component.split(',')
 
-# Default tasks settings
-DEFAULT_NUCLEI_FLAGS = os.environ.get('DEFAULT_NUCLEI_FLAGS', '-stats -sj -si 20 -hm -or')
-DEFAULT_FEROXBUSTER_FLAGS = os.environ.get('DEFAULT_FEROXBUSTER_FLAGS', '--auto-bail --no-state')
-
 # Constants
 OPT_NOT_SUPPORTED = -1
 OPT_PIPE_INPUT = -1
@@ -44,6 +40,9 @@ AUTO_CALIBRATION = 'auto_calibration'
 CONTENT_TYPE = 'content_type'
 CONTENT_LENGTH = 'content_length'
 CIDR_RANGE = 'cidr_range'
+DOCKER_IMAGE = 'docker_image'
+FILENAME = 'filename'
+GIT_REPOSITORY = 'git_repository'
 CPES = 'cpes'
 CVES = 'cves'
 DELAY = 'delay'
@@ -66,6 +65,7 @@ MATCH_CODES = 'match_codes'
 MATCH_REGEX = 'match_regex'
 MATCH_SIZE = 'match_size'
 MATCH_WORDS = 'match_words'
+ORG_NAME = 'org_name'
 OUTPUT_PATH = 'output_path'
 PATH = 'path'
 PERCENT = 'percent'
@@ -104,9 +104,13 @@ REFERENCE = 'reference'
 REFERENCES = 'references'
 SEVERITY = 'severity'
 TAGS = 'tags'
+TECHNOLOGY = 'technology'
 WEBSERVER = 'webserver'
 WORDLIST = 'wordlist'
 WORDS = 'words'
+CERTIFICATE_STATUS_UNKNOWN = 'Unknown'
+CERTIFICATE_STATUS_TRUSTED = 'Trusted'
+CERTIFICATE_STATUS_REVOKED = 'Revoked'
 
 
 def is_importable(module_to_import):