secator 0.10.1a12__py3-none-any.whl → 0.15.1__py3-none-any.whl

secator/installer.py

@@ -11,6 +11,7 @@ import io
 from dataclasses import dataclass
 from datetime import datetime
 from enum import Enum
+from pathlib import Path
 
 import json
 import requests
@@ -30,8 +31,10 @@ class InstallerStatus(Enum):
 	INSTALL_FAILED = 'INSTALL_FAILED'
 	INSTALL_NOT_SUPPORTED = 'INSTALL_NOT_SUPPORTED'
 	INSTALL_SKIPPED_OK = 'INSTALL_SKIPPED_OK'
+	INSTALL_VERSION_NOT_SPECIFIED = 'INSTALL_VERSION_NOT_SPECIFIED'
 	GITHUB_LATEST_RELEASE_NOT_FOUND = 'GITHUB_LATEST_RELEASE_NOT_FOUND'
 	GITHUB_RELEASE_NOT_FOUND = 'RELEASE_NOT_FOUND'
+	GITHUB_RELEASE_UNMATCHED_DISTRIBUTION = 'RELEASE_UNMATCHED_DISTRIBUTION'
 	GITHUB_RELEASE_FAILED_DOWNLOAD = 'GITHUB_RELEASE_FAILED_DOWNLOAD'
 	GITHUB_BINARY_NOT_FOUND_IN_ARCHIVE = 'GITHUB_BINARY_NOT_FOUND_IN_ARCHIVE'
 	UNKNOWN_DISTRIBUTION = 'UNKNOWN_DISTRIBUTION'
@@ -44,6 +47,7 @@ class InstallerStatus(Enum):
 @dataclass
 class Distribution:
 	name: str
+	system: str
 	pm_name: str
 	pm_installer: str
 	pm_finalizer: str
@@ -82,12 +86,12 @@ class ToolInstaller:
 		# Install binaries from GH
 		gh_status = InstallerStatus.UNKNOWN
 		if tool_cls.install_github_handle and not CONFIG.security.force_source_install:
-			gh_status = GithubInstaller.install(tool_cls.install_github_handle)
+			gh_status = GithubInstaller.install(tool_cls.install_github_handle, version=tool_cls.install_version or 'latest')
 			status = gh_status
 
 		# Install from source
 		if tool_cls.install_cmd and not gh_status.is_ok():
-			status = SourceInstaller.install(tool_cls.install_cmd)
+			status = SourceInstaller.install(tool_cls.install_cmd, tool_cls.install_version)
 			if not status.is_ok():
 				cls.print_status(status, name)
 				return status
@@ -166,12 +170,14 @@ class SourceInstaller:
 	"""Install a tool from source."""
 
 	@classmethod
-	def install(cls, config, install_prereqs=True):
+	def install(cls, config, version=None, install_prereqs=True):
 		"""Install from source.
 
 		Args:
 			cls: ToolInstaller class.
 			config (dict): A dict of distros as keys and a command as value.
+			version (str, optional): Version to install.
+			install_prereqs (bool, optional): Install pre-requisites.
 
 		Returns:
 			Status: install status.
@@ -181,6 +187,8 @@ class SourceInstaller:
 			install_cmd = config
 		else:
 			distribution = get_distro_config()
+			if not distribution.pm_installer:
+				return InstallerStatus.UNKNOWN_DISTRIBUTION
 			for distros, command in config.items():
 				if distribution.name in distros.split("|") or distros == '*':
 					install_cmd = command
@@ -203,6 +211,11 @@ class SourceInstaller:
 				if not status.is_ok():
 					return status
 
+		# Handle version
+		if '[install_version]' in install_cmd:
+			version = version or 'latest'
+			install_cmd = install_cmd.replace('[install_version]', version)
+
 		# Run command
 		ret = Command.execute(install_cmd, cls_attributes={'shell': True}, quiet=False)
 		return InstallerStatus.SUCCESS if ret.return_code == 0 else InstallerStatus.INSTALL_FAILED
@@ -212,7 +225,7 @@ class GithubInstaller:
 	"""Install a tool from GitHub releases."""
 
 	@classmethod
-	def install(cls, github_handle):
+	def install(cls, github_handle, version='latest'):
 		"""Find and install a release from a GitHub handle {user}/{repo}.
 
 		Args:
@@ -222,35 +235,38 @@ class GithubInstaller:
 			InstallerStatus: status.
 		"""
 		_, repo = tuple(github_handle.split('/'))
-		latest_release = cls.get_latest_release(github_handle)
-		if not latest_release:
-			return InstallerStatus.GITHUB_LATEST_RELEASE_NOT_FOUND
+		release = cls.get_release(github_handle, version=version)
+		if not release:
+			return InstallerStatus.GITHUB_RELEASE_NOT_FOUND
 
 		# Find the right asset to download
-		os_identifiers, arch_identifiers = cls._get_platform_identifier()
-		download_url = cls._find_matching_asset(latest_release['assets'], os_identifiers, arch_identifiers)
+		system, arch, os_identifiers, arch_identifiers = cls._get_platform_identifier()
+		download_url = cls._find_matching_asset(release['assets'], os_identifiers, arch_identifiers)
 		if not download_url:
-			console.print(Error(message='Could not find a GitHub release matching distribution.'))
-			return InstallerStatus.GITHUB_RELEASE_NOT_FOUND
+			console.print(Error(message=f'Could not find a GitHub release matching distribution (system: {system}, arch: {arch}).'))  # noqa: E501
+			return InstallerStatus.GITHUB_RELEASE_UNMATCHED_DISTRIBUTION
 
 		# Download and unpack asset
 		console.print(Info(message=f'Found release URL: {download_url}'))
 		return cls._download_and_unpack(download_url, CONFIG.dirs.bin, repo)
 
 	@classmethod
-	def get_latest_release(cls, github_handle):
-		"""Get latest release from GitHub.
+	def get_release(cls, github_handle, version='latest'):
+		"""Get release from GitHub.
 
 		Args:
 			github_handle (str): A GitHub handle {user}/{repo}.
 
 		Returns:
-			dict: Latest release JSON from GitHub releases.
+			dict: Release JSON from GitHub releases.
 		"""
 		if not github_handle:
 			return False
 		owner, repo = tuple(github_handle.split('/'))
-		url = f"https://api.github.com/repos/{owner}/{repo}/releases/latest"
+		if version == 'latest':
+			url = f"https://api.github.com/repos/{owner}/{repo}/releases/latest"
+		else:
+			url = f"https://api.github.com/repos/{owner}/{repo}/releases/tags/{version}"
 		headers = {}
 		if CONFIG.cli.github_token:
 			headers['Authorization'] = f'Bearer {CONFIG.cli.github_token}'
@@ -261,11 +277,13 @@ class GithubInstaller:
 			return latest_release
 		except requests.RequestException as e:
 			console.print(Warning(message=f'Failed to fetch latest release for {github_handle}: {str(e)}'))
+			if 'rate limit exceeded' in str(e):
+				console.print(Warning(message='Consider setting env variable SECATOR_CLI_GITHUB_TOKEN or use secator config set cli.github_token $TOKEN.'))  # noqa: E501
 			return None
 
 	@classmethod
 	def get_latest_version(cls, github_handle):
-		latest_release = cls.get_latest_release(github_handle)
+		latest_release = cls.get_release(github_handle, version='latest')
 		if not latest_release:
 			return None
 		return latest_release['tag_name'].lstrip('v')
@@ -285,16 +303,16 @@ class GithubInstaller:
 
 		# Enhanced architecture mapping to avoid conflicts
 		arch_mapping = {
-			'x86_64': ['amd64', 'x86_64'],
-			'amd64': ['amd64', 'x86_64'],
+			'x86_64': ['amd64', 'x86_64', '64bit', 'x64'],
+			'amd64': ['amd64', 'x86_64', '64bit', 'x64'],
 			'aarch64': ['arm64', 'aarch64'],
 			'armv7l': ['armv7', 'arm'],
-			'386': ['386', 'x86', 'i386'],
+			'386': ['386', 'x86', 'i386', '32bit', 'x32'],
 		}
 
 		os_identifiers = os_mapping.get(system, [])
 		arch_identifiers = arch_mapping.get(arch, [])
-		return os_identifiers, arch_identifiers
+		return system, arch, os_identifiers, arch_identifiers
 
 	@classmethod
 	def _find_matching_asset(cls, assets, os_identifiers, arch_identifiers):
@@ -348,6 +366,9 @@ class GithubInstaller:
 		elif url.endswith('.tar.gz'):
 			with tarfile.open(fileobj=io.BytesIO(response.content), mode='r:gz') as tar:
 				tar.extractall(path=temp_dir)
+		else:
+			with Path(f'{temp_dir}/{repo_name}').open('wb') as f:
+				f.write(response.content)
 
 		# For archives, find and move the binary that matches the repo name
 		binary_path = cls._find_binary_in_directory(temp_dir, repo_name)
@@ -397,13 +418,11 @@ def get_version(version_cmd):
 	import re
 	regex = r'[0-9]+\.[0-9]+\.?[0-9]*\.?[a-zA-Z]*'
 	ret = Command.execute(version_cmd, quiet=True, print_errors=False)
-	return_code = ret.return_code
-	if not return_code == 0:
-		return '', ret.return_code
 	match = re.findall(regex, ret.output)
 	if not match:
-		return '', return_code
-	return match[0], return_code
+		console.print(Warning(message=f'Failed to find version in version command output. Command: {version_cmd}; Output: {ret.output}; Return code: {ret.return_code}'))  # noqa: E501
+		return None
+	return match[0]
 
 
 def parse_version(ver):
@@ -436,14 +455,22 @@ def get_version_info(name, version_flag=None, install_github_handle=None, instal
 		'name': name,
 		'installed': False,
 		'version': version,
+		'version_cmd': None,
 		'latest_version': None,
 		'location': None,
-		'status': ''
+		'status': '',
+		'outdated': False,
+		'errors': []
 	}
 
 	# Get binary path
 	location = which(name).output
+	if not location or not Path(location).exists():
+		info['installed'] = False
+		info['status'] = 'missing'
+		return info
 	info['location'] = location
+	info['installed'] = True
 
 	# Get latest version
 	latest_version = None
@@ -472,34 +499,36 @@ def get_version_info(name, version_flag=None, install_github_handle=None, instal
 					if ver:
 						latest_version = str(ver)
 						info['latest_version'] = latest_version
+			else:
+				error = f'Failed to get latest version for {name}. Command: apt-cache madison {name}'
+				info['errors'].append(error)
+				console.print(Warning(message=error))
 
 	# Get current version
-	version_ret = 1
 	version_flag = None if version_flag == OPT_NOT_SUPPORTED else version_flag
 	if version_flag:
 		version_cmd = f'{name} {version_flag}'
-		version, version_ret = get_version(version_cmd)
+		info['version_cmd'] = version_cmd
+		version = get_version(version_cmd)
 		info['version'] = version
-		if version_ret != 0:  # version command error
-			info['installed'] = False
-			info['status'] = 'missing'
+		if not version:
+			info['errors'].append(f'Error fetching version for command. Version command: {version_cmd}')
+			info['status'] = 'version fetch error'
 			return info
 
-	if location:
-		info['installed'] = True
-		if version and latest_version:
-			if parse_version(version) < parse_version(latest_version):
-				info['status'] = 'outdated'
-			else:
-				info['status'] = 'latest'
-		elif not version:
-			info['status'] = 'current unknown'
-		elif not latest_version:
-			info['status'] = 'latest unknown'
-			if CONFIG.offline_mode:
-				info['status'] += r' [dim orange1]\[offline][/]'
-	else:
-		info['status'] = 'missing'
+	# Check if up-to-date
+	if version and latest_version:
+		if parse_version(version) < parse_version(latest_version):
+			info['status'] = 'outdated'
+			info['outdated'] = True
+		else:
+			info['status'] = 'latest'
+	elif not version:
+		info['status'] = 'current unknown'
+	elif not latest_version:
+		info['status'] = 'latest unknown'
+		if CONFIG.offline_mode:
+			info['status'] += r' [dim orange1]\[offline][/]'
 
 	return info
 
@@ -517,7 +546,7 @@ def get_distro_config():
 	distrib = system
 
 	if system == "Linux":
-		distrib = distro.id()
+		distrib = distro.like() or distro.id()
 
 		if distrib in ["ubuntu", "debian", "linuxmint", "popos", "kali"]:
 			installer = "apt install -y --no-install-recommends"
@@ -547,12 +576,16 @@ def get_distro_config():
 		else:
 			installer = "scoop"  # Alternative package manager for Windows
 
-	manager = installer.split(' ')[0]
+	if not installer:
+		console.print(Error(message=f'Could not find installer for your distribution (system: {system}, distrib: {distrib})'))  # noqa: E501
+
+	manager = installer.split(' ')[0] if installer else ''
 	config = Distribution(
 		pm_installer=installer,
 		pm_finalizer=finalizer,
 		pm_name=manager,
-		name=distrib
+		name=distrib,
+		system=system
 	)
 	return config
 
@@ -578,6 +611,8 @@ def fmt_health_table_row(version_info, category=None):
 		_version = '[bold red]missing[/]'
 	elif status == 'ok':
 		_version = '[bold green]ok        [/]'
+	elif status == 'version fetch error':
+		_version = '[bold orange1]unknown[/]    [dim](current unknown)[/]'
 	elif status:
 		if not version and installed:
 			_version = '[bold green]ok        [/]'

secator/output_types/__init__.py

@@ -26,6 +26,7 @@ from secator.output_types.url import Url
 from secator.output_types.user_account import UserAccount
 from secator.output_types.vulnerability import Vulnerability
 from secator.output_types.record import Record
+from secator.output_types.certificate import Certificate
 from secator.output_types.info import Info
 from secator.output_types.warning import Warning
 from secator.output_types.error import Error
@@ -39,6 +40,6 @@ STAT_TYPES = [
 	Stat
 ]
 FINDING_TYPES = [
-	Subdomain, Ip, Port, Url, Tag, Exploit, UserAccount, Vulnerability
+	Subdomain, Ip, Port, Url, Tag, Exploit, UserAccount, Vulnerability, Certificate
 ]
 OUTPUT_TYPES = FINDING_TYPES + EXECUTION_TYPES + STAT_TYPES

secator/output_types/certificate.py

@@ -0,0 +1,78 @@
+import time
+from datetime import datetime, timedelta
+from dataclasses import dataclass, field
+from secator.output_types import OutputType
+from secator.utils import rich_to_ansi
+from secator.definitions import CERTIFICATE_STATUS_UNKNOWN
+
+
+@dataclass
+class Certificate(OutputType):
+    host: str
+    fingerprint_sha256: str = field(default='')
+    ip: str = field(default='', compare=False)
+    raw_value: str = field(default='', compare=False)
+    subject_cn: str = field(default='', compare=False)
+    subject_an: list[str] = field(default_factory=list, compare=False)
+    not_before: datetime = field(default=None, compare=False)
+    not_after: datetime = field(default=None, compare=False)
+    issuer_dn: str = field(default='', compare=False)
+    issuer_cn: str = field(default='', compare=False)
+    issuer: str = field(default='', compare=False)
+    self_signed: bool = field(default=True, compare=False)
+    trusted: bool = field(default=False, compare=False)
+    status: str = field(default=CERTIFICATE_STATUS_UNKNOWN, compare=False)
+    keysize: int = field(default=None, compare=False)
+    serial_number: str = field(default='', compare=False)
+    ciphers: list[str] = field(default_factory=list, compare=False)
+    # parent_certificate: 'Certificate' = None  # noqa: F821
+    _source: str = field(default='', repr=True)
+    _type: str = field(default='certificate', repr=True)
+    _timestamp: int = field(default_factory=lambda: time.time(), compare=False)
+    _uuid: str = field(default='', repr=True, compare=False)
+    _context: dict = field(default_factory=dict, repr=True, compare=False)
+    _tagged: bool = field(default=False, repr=True, compare=False)
+    _duplicate: bool = field(default=False, repr=True, compare=False)
+    _related: list = field(default_factory=list, compare=False)
+    _table_fields = ['ip', 'host']
+    _sort_by = ('ip',)
+
+    def __str__(self) -> str:
+        return self.subject_cn
+
+    def is_expired(self) -> bool:
+        if self.not_after:
+            return self.not_after < datetime.now()
+        return True
+
+    def is_expired_soon(self, months: int = 1) -> bool:
+        if self.not_after:
+            return self.not_after < datetime.now() + timedelta(days=months * 30)
+        return True
+
+    @staticmethod
+    def format_date(date):
+        if date:
+            return date.strftime("%m/%d/%Y")
+        return '?'
+
+    def __repr__(self) -> str:
+        s = f'📜 [bold white]{self.host}[/]'
+        s += f' [cyan]{self.status}[/]'
+        s += rf' [white]\[fingerprint={self.fingerprint_sha256[:10]}][/]'
+        if self.subject_cn:
+            s += rf' [white]\[cn={self.subject_cn}][/]'
+        if self.subject_an:
+            s += rf' [white]\[an={", ".join(self.subject_an)}][/]'
+        if self.issuer:
+            s += rf' [white]\[issuer={self.issuer}][/]'
+        elif self.issuer_cn:
+            s += rf' [white]\[issuer_cn={self.issuer_cn}][/]'
+        expiry_date = Certificate.format_date(self.not_after)
+        if self.is_expired():
+            s += f' [red]expired since {expiry_date}[/red]'
+        elif self.is_expired_soon(months=2):
+            s += f' [yellow]expires <2 months[/yellow], [yellow]valid until {expiry_date}[/yellow]'
+        else:
+            s += f' [green]not expired[/green], [yellow]valid until {expiry_date}[/yellow]'
+        return rich_to_ansi(s)

secator/output_types/stat.py

@@ -25,6 +25,9 @@ class Stat(OutputType):
 	_table_fields = ['name', 'pid', 'cpu', 'memory']
 	_sort_by = ('name', 'pid')
 
+	def __str__(self) -> str:
+		return f'{self.name} [pid={self.pid}] [cpu={self.cpu:.2f}%] [memory={self.memory:.2f}%]'
+
 	def __repr__(self) -> str:
 		s = rf'[dim yellow3]📊 {self.name} \[pid={self.pid}] \[cpu={self.cpu:.2f}%] \[memory={self.memory:.2f}%]'
 		if self.net_conns:

secator/output_types/user_account.py

@@ -37,5 +37,5 @@ class UserAccount(OutputType):
 		if self.url:
 			s += rf' \[[white]{_s(self.url)}[/]]'
 		if self.extra_data:
-			s += r' \[[bold yellow]' + _s(', '.join(f'{k}:{v}' for k, v in self.extra_data.items()) + '[/]]')
+			s += r' \[[bold yellow]' + _s(', '.join(f'{k}:{v}' for k, v in self.extra_data.items())) + '[/]]'
 		return rich_to_ansi(s)

secator/report.py

@@ -55,7 +55,7 @@ class Report:
 					f'{str(e)}[/]\n[dim]{traceback_as_string(e)}[/]',
 				)
 
-	def build(self, extractors=[], dedupe=False):
+	def build(self, extractors=[], dedupe=CONFIG.runners.remove_duplicates):
 		# Trim options
 		from secator.decorators import DEFAULT_CLI_OPTIONS
 		opts = merge_opts(self.runner.config.options, self.runner.run_opts)
@@ -97,7 +97,7 @@ class Report:
 			if items:
 				if sort_by and all(sort_by):
 					items = sorted(items, key=operator.attrgetter(*sort_by))
-				if dedupe and CONFIG.runners.remove_duplicates:
+				if dedupe:
 					items = remove_duplicates(items)
 					# items = [item for item in items if not item._duplicate and item not in dedupe_from]
 				for extractor in extractors:

secator/rich.py

@@ -4,7 +4,7 @@ import yaml
 from rich.console import Console
 from rich.table import Table
 
-console = Console(stderr=True)
+console = Console(stderr=True, record=True)
 console_stdout = Console(record=True)
 # handler = RichHandler(rich_tracebacks=True)  # TODO: add logging handler
 

secator/runners/_base.py

@@ -11,7 +11,7 @@ import humanize
 from secator.definitions import ADDONS_ENABLED
 from secator.celery_utils import CeleryData
 from secator.config import CONFIG
-from secator.output_types import FINDING_TYPES, OutputType, Progress, Info, Warning, Error, Target, State
+from secator.output_types import FINDING_TYPES, OUTPUT_TYPES, OutputType, Progress, Info, Warning, Error, Target, State
 from secator.report import Report
 from secator.rich import console, console_stdout
 from secator.runners._helpers import (get_task_folder_id, run_extractors)
@@ -53,7 +53,7 @@ class Runner:
 	"""
 
 	# Input field (mostly for tests and CLI)
-	input_type = None
+	input_types = []
 
 	# Output types
 	output_types = []
@@ -102,6 +102,7 @@ class Runner:
 		self.piped_input = self.run_opts.get('piped_input', False)
 		self.piped_output = self.run_opts.get('piped_output', False)
 		self.enable_duplicate_check = self.run_opts.get('enable_duplicate_check', True)
+		self.dry_run = self.run_opts.get('dry_run', False)
 
 		# Runner print opts
 		self.print_item = self.run_opts.get('print_item', False)
@@ -128,18 +129,19 @@ class Runner:
 		[self.add_result(result, print=False, output=False) for result in results]
 
 		# Determine inputs
-		inputs = [inputs] if not isinstance(inputs, list) else inputs
-		if not self.chunk and self.results:
-			inputs, run_opts, errors = run_extractors(self.results, run_opts, inputs)
-			for error in errors:
-				self.add_result(error, print=True)
-		self.inputs = list(set(inputs))
+		self.inputs = [inputs] if not isinstance(inputs, list) else inputs
+		targets = [Target(name=target) for target in self.inputs]
+		self.filter_results(results + targets)
 
 		# Debug
 		self.debug('Inputs', obj=self.inputs, sub='init')
 		self.debug('Run opts', obj={k: v for k, v in self.run_opts.items() if v is not None}, sub='init')
 		self.debug('Print opts', obj={k: v for k, v in self.print_opts.items() if v is not None}, sub='init')
 
+		# Load profiles
+		profiles_str = run_opts.get('profiles', [])
+		self.load_profiles(profiles_str)
+
 		# Determine exporters
 		exporters_str = self.run_opts.get('output') or self.default_exporters
 		self.exporters = self.resolve_exporters(exporters_str)
@@ -310,6 +312,8 @@ class Runner:
 			self.mark_completed()
 
 		finally:
+			if self.dry_run:
+				return
 			if self.sync:
 				self.mark_completed()
 			if self.enable_reports:
@@ -328,6 +332,15 @@ class Runner:
 				self.add_result(error, print=True)
 				yield error
 
+	def filter_results(self, results):
+		"""Filter results based on the runner's config."""
+		if not self.chunk:
+			inputs, run_opts, errors = run_extractors(results, self.run_opts, self.inputs, self.dry_run)
+			for error in errors:
+				self.add_result(error, print=True)
+			self.inputs = list(set(inputs))
+			self.run_opts = run_opts
+
 	def add_result(self, item, print=False, output=True):
 		"""Add item to runner results.
 
@@ -818,7 +831,7 @@ class Runner:
 			if isinstance(data, (OutputType, dict)):
 				if getattr(data, 'toDict', None):
 					data = data.toDict()
-				data = json.dumps(data)
+				data = json.dumps(data, default=str)
 			print(data, file=out)
 
 	def _get_findings_count(self):
@@ -911,8 +924,8 @@ class Runner:
 		elif isinstance(item, Info) and item.task_id and item.task_id not in self.celery_ids:
 			self.celery_ids.append(item.task_id)
 
-		# If finding, run on_item hooks
-		elif isinstance(item, tuple(FINDING_TYPES)):
+		# If output type, run on_item hooks
+		elif isinstance(item, tuple(OUTPUT_TYPES)):
 			item = self.run_hooks('on_item', item)
 			if not item:
 				return
@@ -944,6 +957,32 @@ class Runner:
 		]
 		return [cls for cls in classes if cls]
 
+	def load_profiles(self, profiles):
+		"""Load profiles and update run options.
+
+		Args:
+			profiles (list[str]): List of profile names to resolve.
+
+		Returns:
+			list: List of profiles.
+		"""
+		from secator.cli import ALL_PROFILES
+		if isinstance(profiles, str):
+			profiles = profiles.split(',')
+		templates = []
+		for pname in profiles:
+			matches = [p for p in ALL_PROFILES if p.name == pname]
+			if not matches:
+				self._print(Warning(message=f'Profile "{pname}" was not found'), rich=True)
+			else:
+				templates.append(matches[0])
+		opts = {}
+		for profile in templates:
+			self._print(Info(message=f'Loaded profile {profile.name} ({profile.description})'), rich=True)
+			opts.update(profile.opts)
+		opts = {k: v for k, v in opts.items() if k not in self.run_opts}
+		self.run_opts.update(opts)
+
 	@classmethod
 	def get_func_path(cls, func):
 		"""Get the full symbolic path of a function or method, including staticmethods, using function and method

secator/runners/_helpers.py

@@ -4,27 +4,39 @@ from secator.output_types import Error
 from secator.utils import deduplicate, debug
 
 
-def run_extractors(results, opts, inputs=[]):
+def run_extractors(results, opts, inputs=[], dry_run=False):
 	"""Run extractors and merge extracted values with option dict.
 
 	Args:
 		results (list): List of results.
 		opts (dict): Options.
 		inputs (list): Original inputs.
+		dry_run (bool): Dry run.
 
 	Returns:
 		tuple: inputs, options, errors.
 	"""
 	extractors = {k: v for k, v in opts.items() if k.endswith('_')}
 	errors = []
+	computed_inputs = []
+	computed_opts = {}
 	for key, val in extractors.items():
 		key = key.rstrip('_')
 		values, err = extract_from_results(results, val)
 		errors.extend(err)
 		if key == 'targets':
-			inputs = deduplicate(values)
+			targets = ['<COMPUTED>'] if dry_run else deduplicate(values)
+			computed_inputs.extend(targets)
 		else:
-			opts[key] = deduplicate(values)
+			computed_opt = ['<COMPUTED>'] if dry_run else deduplicate(values)
+			if computed_opt:
+				computed_opts[key] = computed_opt
+				opts[key] = computed_opts[key]
+	if computed_inputs:
+		debug('computed_inputs', obj=computed_inputs, sub='extractors')
+		inputs = computed_inputs
+	if computed_opts:
+		debug('computed_opts', obj=computed_opts, sub='extractors')
 	return inputs, opts, errors