secator 0.10.1a12__py3-none-any.whl → 0.15.1__py3-none-any.whl

secator/tasks/naabu.py

@@ -1,5 +1,5 @@
 from secator.decorators import task
-from secator.definitions import (DELAY, HOST, OPT_NOT_SUPPORTED, PORT, PORTS,
+from secator.definitions import (DELAY, HOST, IP, OPT_NOT_SUPPORTED, PORT, PORTS,
 								 PROXY, RATE_LIMIT, RETRIES, STATE, THREADS,
 								 TIMEOUT, TOP_PORTS)
 from secator.output_types import Port
@@ -10,14 +10,17 @@ from secator.tasks._categories import ReconPort
 @task()
 class naabu(ReconPort):
 	"""Port scanning tool written in Go."""
-	cmd = 'naabu -Pn -silent'
+	cmd = 'naabu'
+	tags = ['port', 'scan']
 	input_flag = '-host'
+	input_types = [HOST, IP]
 	file_flag = '-list'
 	json_flag = '-json'
 	opts = {
 		PORTS: {'type': str, 'short': 'p', 'help': 'Ports'},
 		TOP_PORTS: {'type': str, 'short': 'tp', 'help': 'Top ports'},
 		'scan_type': {'type': str, 'short': 'st', 'help': 'Scan type (SYN (s)/CONNECT(c))'},
+		'skip_host_discovery': {'is_flag': True, 'short': 'Pn', 'default': False, 'help': 'Skip host discovery'},
 		# 'health_check': {'is_flag': True, 'short': 'hc', 'help': 'Health check'}
 	}
 	opt_key_map = {
@@ -47,7 +50,8 @@ class naabu(ReconPort):
 		}
 	}
 	output_types = [Port]
-	install_cmd = 'go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@v2.3.3'
+	install_version = 'v2.3.3'
+	install_cmd = 'go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@[install_version]'
 	install_github_handle = 'projectdiscovery/naabu'
 	install_pre = {'apt': ['libpcap-dev'], 'apk': ['libpcap-dev', 'libc6-compat'], 'pacman|brew': ['libpcap']}
 	install_post = {'arch|alpine': 'sudo ln -sf /usr/lib/libpcap.so /usr/lib/libpcap.so.0.8'}
@@ -62,8 +66,15 @@ class naabu(ReconPort):
 			if input == 'localhost':
 				self.inputs[ix] = '127.0.0.1'
 
+	@staticmethod
+	def on_cmd(self):
+		scan_type = self.get_opt_value('scan_type')
+		if scan_type == 's':
+			self.requires_sudo = True
+
 	@staticmethod
 	def on_item(self, item):
-		if item.host == '127.0.0.1':
-			item.host = 'localhost'
+		if isinstance(item, Port):
+			if item.host == '127.0.0.1':
+				item.host = 'localhost'
 		return item

secator/tasks/nmap.py

@@ -24,7 +24,9 @@ logger = logging.getLogger(__name__)
 class nmap(VulnMulti):
 	"""Network Mapper is a free and open source utility for network discovery and security auditing."""
 	cmd = 'nmap'
+	tags = ['port', 'scan']
 	input_flag = None
+	input_types = [HOST, IP]
 	input_chunk_size = 1
 	file_flag = '-iL'
 	opt_prefix = '--'
@@ -36,7 +38,7 @@ class nmap(VulnMulti):
 
 		# Script scanning
 		SCRIPT: {'type': str, 'default': None, 'help': 'NSE scripts'},
-		'script_args': {'type': str, 'default': None, 'help': 'NSE script arguments (n1=v1,n2=v2,...)'},
+		'script_args': {'type': str, 'short': 'sargs', 'default': None, 'help': 'NSE script arguments (n1=v1,n2=v2,...)'},
 
 		# Host discovery
 		'skip_host_discovery': {'is_flag': True, 'short': 'Pn', 'default': False, 'help': 'Skip host discovery (no ping)'},
@@ -44,42 +46,45 @@ class nmap(VulnMulti):
 		# Service and version detection
 		'version_detection': {'is_flag': True, 'short': 'sV', 'default': False, 'help': 'Enable version detection (slow)'},
 		'detect_all': {'is_flag': True, 'short': 'A', 'default': False, 'help': 'Enable OS detection, version detection, script scanning, and traceroute on open ports'},  # noqa: E501
-		'detect_os': {'is_flag': True, 'short': 'O', 'default': False, 'help': 'Enable OS detection'},
+		'detect_os': {'is_flag': True, 'short': 'O', 'default': False, 'help': 'Enable OS detection', 'requires_sudo': True},
 
 		# Scan techniques
-		'tcp_syn_stealth': {'is_flag': True, 'short': 'sS', 'default': False, 'help': 'TCP SYN Stealth'},
+		'tcp_syn_stealth': {'is_flag': True, 'short': 'sS', 'default': False, 'help': 'TCP SYN Stealth', 'requires_sudo': True},  # noqa: E501
 		'tcp_connect': {'is_flag': True, 'short': 'sT', 'default': False, 'help': 'TCP Connect scan'},
-		'udp_scan': {'is_flag': True, 'short': 'sU', 'default': False, 'help': 'UDP scan'},
-		'tcp_null_scan': {'is_flag': True, 'short': 'sN', 'default': False, 'help': 'TCP Null scan'},
-		'tcp_fin_scan': {'is_flag': True, 'short': 'sF', 'default': False, 'help': 'TCP FIN scan'},
-		'tcp_xmas_scan': {'is_flag': True, 'short': 'sX', 'default': False, 'help': 'TCP Xmas scan'},
-		'tcp_ack_scan': {'is_flag': True, 'short': 'sA', 'default': False, 'help': 'TCP ACK scan'},
-		'tcp_window_scan': {'is_flag': True, 'short': 'sW', 'default': False, 'help': 'TCP Window scan'},
-		'tcp_maimon_scan': {'is_flag': True, 'short': 'sM', 'default': False, 'help': 'TCP Maimon scan'},
-		'sctp_init_scan': {'is_flag': True, 'short': 'sY', 'default': False, 'help': 'SCTP Init scan'},
-		'sctp_cookie_echo_scan': {'is_flag': True, 'short': 'sZ', 'default': False, 'help': 'SCTP Cookie Echo scan'},
+		'udp_scan': {'is_flag': True, 'short': 'sU', 'default': False, 'help': 'UDP scan', 'requires_sudo': True},
+		'tcp_null_scan': {'is_flag': True, 'short': 'sN', 'default': False, 'help': 'TCP Null scan', 'requires_sudo': True},
+		'tcp_fin_scan': {'is_flag': True, 'short': 'sF', 'default': False, 'help': 'TCP FIN scan', 'requires_sudo': True},
+		'tcp_xmas_scan': {'is_flag': True, 'short': 'sX', 'default': False, 'help': 'TCP Xmas scan', 'requires_sudo': True},
+		'tcp_ack_scan': {'is_flag': True, 'short': 'sA', 'default': False, 'help': 'TCP ACK scan', 'requires_sudo': True},
+		'tcp_window_scan': {'is_flag': True, 'short': 'sW', 'default': False, 'help': 'TCP Window scan', 'requires_sudo': True},  # noqa: E501
+		'tcp_maimon_scan': {'is_flag': True, 'short': 'sM', 'default': False, 'help': 'TCP Maimon scan', 'requires_sudo': True},  # noqa: E501
+		'sctp_init_scan': {'is_flag': True, 'short': 'sY', 'default': False, 'help': 'SCTP Init scan', 'requires_sudo': True},
+		'sctp_cookie_echo_scan': {'is_flag': True, 'short': 'sZ', 'default': False, 'help': 'SCTP Cookie Echo scan', 'requires_sudo': True},  # noqa: E501
 		'ping_scan': {'is_flag': True, 'short': 'sn', 'default': False, 'help': 'Ping scan (disable port scan)'},
-		'ip_protocol_scan': {'type': str, 'short': 'sO', 'default': None, 'help': 'IP protocol scan'},
+		'ip_protocol_scan': {'type': str, 'short': 'sO', 'default': None, 'help': 'IP protocol scan', 'requires_sudo': True},
 		'script_scan': {'is_flag': True, 'short': 'sC', 'default': False, 'help': 'Enable default scanning'},
-		'zombie_host': {'type': str, 'short': 'sI', 'default': None, 'help': 'Use a zombie host for idle scan'},
+		'zombie_host': {'type': str, 'short': 'sI', 'default': None, 'help': 'Use a zombie host for idle scan', 'requires_sudo': True},  # noqa: E501
 		'ftp_relay_host': {'type': str, 'short': 'sB', 'default': None, 'help': 'FTP bounce scan relay host'},
 
 		# Firewall / IDS evasion and spoofing
 		'spoof_source_port': {'type': int, 'short': 'g', 'default': None, 'help': 'Send packets from a specific port'},
 		'spoof_source_ip': {'type': str, 'short': 'S', 'default': None, 'help': 'Spoof source IP address'},
 		'spoof_source_mac': {'type': str, 'short': 'spoofmac', 'default': None, 'help': 'Spoof MAC address'},
-		'fragment': {'is_flag': True, 'short': 'fragment', 'default': False, 'help': 'Fragment packets'},
-		'mtu': {'type': int, 'short': 'mtu', 'default': None, 'help': 'Fragment packets with given MTU'},
-		'ttl': {'type': int, 'short': 'ttl', 'default': None, 'help': 'Set TTL'},
-		'badsum': {'is_flag': True, 'short': 'badsum', 'default': False, 'help': 'Create a bad checksum in the TCP header'},
+		'fragment': {'is_flag': True, 'short': 'fragment', 'default': False, 'help': 'Fragment packets', 'requires_sudo': True},  # noqa: E501
+		'mtu': {'type': int, 'short': 'mtu', 'default': None, 'help': 'Fragment packets with given MTU', 'requires_sudo': True},  # noqa: E501
+		'ttl': {'type': int, 'short': 'ttl', 'default': None, 'help': 'Set TTL', 'requires_sudo': True},
+		'badsum': {'is_flag': True, 'short': 'badsum', 'default': False, 'help': 'Create a bad checksum in the TCP header', 'requires_sudo': True},  # noqa: E501
 		'ipv6': {'is_flag': True, 'short': 'ipv6', 'default': False, 'help': 'Enable IPv6 scanning'},
 
 		# Host discovery
-		'traceroute': {'is_flag': True, 'short': 'traceroute', 'default': False, 'help': 'Traceroute'},
-		'disable_arp_ping': {'is_flag': True, 'short': 'disable-arp-ping', 'default': False, 'help': 'Disable ARP ping'},
+		'traceroute': {'is_flag': True, 'short': 'traceroute', 'default': False, 'help': 'Traceroute', 'requires_sudo': True},
+		'disable_arp_ping': {'is_flag': True, 'short': 'dap', 'default': False, 'help': 'Disable ARP ping'},
 
 		# Misc
-		'output_path': {'type': str, 'short': 'oX', 'default': None, 'help': 'Output XML file path'},
+		'output_path': {'type': str, 'short': 'oX', 'default': None, 'help': 'Output XML file path', 'internal': True, 'display': False},  # noqa: E501
+		'debug': {'is_flag': True, 'short': 'd', 'default': False, 'help': 'Enable debug mode'},
+		'verbose': {'is_flag': True, 'short': 'v', 'default': False, 'help': 'Enable verbose mode'},
+		'timing': {'type': int, 'short': 'T', 'default': None, 'help': 'Timing template (0: paranoid, 1: sneaky, 2: polite, 3: normal, 4: aggressive, 5: insane)'},  # noqa: E501
 	}
 	opt_key_map = {
 		HEADER: OPT_NOT_SUPPORTED,
@@ -117,7 +122,7 @@ class nmap(VulnMulti):
 		'spoof_source_port': '-g',
 		'spoof_source_ip': '-S',
 		'spoof_source_mac': '--spoof-mac',
-		'fragmentation': '-f',
+		'fragment': '-f',
 		'mtu': '--mtu',
 		'ttl': '--ttl',
 		'badsum': '--badsum',
@@ -144,20 +149,17 @@ class nmap(VulnMulti):
 	profile = 'io'
 
 	@staticmethod
-	def on_init(self):
+	def on_cmd(self):
 		output_path = self.get_opt_value(OUTPUT_PATH)
 		if not output_path:
 			output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.xml'
 		self.output_path = output_path
 		self.cmd += f' -oX {self.output_path}'
-		tcp_syn_stealth = self.get_opt_value('tcp_syn_stealth')
-		tcp_connect = self.get_opt_value('tcp_connect')
-		udp_scan = self.get_opt_value('udp_scan')
-		if tcp_syn_stealth or udp_scan:
-			self.cmd = f'sudo {self.cmd}'
+		tcp_syn_stealth = self.cmd_options.get('tcp_syn_stealth')
+		tcp_connect = self.cmd_options.get('tcp_connect')
 		if tcp_connect and tcp_syn_stealth:
 			self._print(
-				'Options -sT (SYN stealth scan) and -sS (CONNECT scan) are conflicting. Keeping only -sT.',
+				'Options -sT (SYN stealth scan) and -sS (CONNECT scan) are conflicting. Keeping only -sS.',
 				'bold gold3')
 			self.cmd = self.cmd.replace('-sT ', '')
 

secator/tasks/nuclei.py

@@ -4,7 +4,7 @@ from secator.definitions import (CONFIDENCE, CVSS_SCORE, DELAY, DESCRIPTION,
 								 MATCHED_AT, NAME, OPT_NOT_SUPPORTED, PERCENT,
 								 PROVIDER, PROXY, RATE_LIMIT, REFERENCES,
 								 RETRIES, SEVERITY, TAGS, THREADS, TIMEOUT,
-								 USER_AGENT)
+								 USER_AGENT, HOST, URL)
 from secator.output_types import Progress, Vulnerability
 from secator.serializers import JSONSerializer
 from secator.tasks._categories import VulnMulti
@@ -14,21 +14,28 @@ from secator.tasks._categories import VulnMulti
 class nuclei(VulnMulti):
 	"""Fast and customisable vulnerability scanner based on simple YAML based DSL."""
 	cmd = 'nuclei'
+	tags = ['vuln', 'scan']
+	input_types = [HOST, IP, URL]
 	file_flag = '-l'
 	input_flag = '-u'
 	json_flag = '-jsonl'
 	opts = {
-		'templates': {'type': str, 'short': 't', 'help': 'Templates'},
-		'tags': {'type': str, 'help': 'Tags'},
-		'exclude_tags': {'type': str, 'short': 'etags', 'help': 'Exclude tags'},
-		'exclude_severity': {'type': str, 'short': 'es', 'help': 'Exclude severity'},
-		'template_id': {'type': str, 'short': 'tid', 'help': 'Template id'},
+		'bulk_size': {'type': int, 'short': 'bs', 'help': 'Maximum number of hosts to be analyzed in parallel per template'},  # noqa: E501
 		'debug': {'type': str, 'help': 'Debug mode'},
+		'exclude_severity': {'type': str, 'short': 'es', 'help': 'Exclude severity'},
+		'exclude_tags': {'type': str, 'short': 'etags', 'help': 'Exclude tags'},
+		'input_mode': {'type': str, 'short': 'im', 'help': 'Mode of input file (list, burp, jsonl, yaml, openapi, swagger)'},
+		'hang_monitor': {'is_flag': True, 'short': 'hm', 'default': True, 'help': 'Enable nuclei hang monitoring'},
+		'headless_bulk_size': {'type': int, 'short': 'hbs', 'help': 'Maximum number of headless hosts to be analzyed in parallel per template'},  # noqa: E501
+		'new_templates': {'type': str, 'short': 'nt', 'help': 'Run only new templates added in latest nuclei-templates release'},  # noqa: E501
+		'automatic_scan': {'is_flag': True, 'short': 'as', 'help': 'Automatic web scan using wappalyzer technology detection to tags mapping'},  # noqa: E501
+		'omit_raw': {'is_flag': True, 'short': 'or', 'default': True, 'help': 'Omit requests/response pairs in the JSON, JSONL, and Markdown outputs (for findings only)'},  # noqa: E501
 		'stats': {'is_flag': True, 'short': 'stats', 'default': True, 'help': 'Display statistics about the running scan'},
 		'stats_json': {'is_flag': True, 'short': 'sj', 'default': True, 'help': 'Display statistics in JSONL(ines) format'},
-		'stats_interval': {'type': str, 'short': 'si', 'default': 20, 'help': 'Number of seconds to wait between showing a statistics update'},  # noqa: E501
-		'hang_monitor': {'is_flag': True, 'short': 'hm', 'default': True, 'help': 'Enable nuclei hang monitoring'},
-		'omit_raw': {'is_flag': True, 'short': 'or', 'default': True, 'help': 'Omit requests/response pairs in the JSON, JSONL, and Markdown outputs (for findings only)'}  # noqa: E501
+		'stats_interval': {'type': str, 'short': 'si', 'help': 'Number of seconds to wait between showing a statistics update'},  # noqa: E501
+		'tags': {'type': str, 'help': 'Tags'},
+		'templates': {'type': str, 'short': 't', 'help': 'Templates'},
+		'template_id': {'type': str, 'short': 'tid', 'help': 'Template id'},
 	}
 	opt_key_map = {
 		HEADER: 'header',
@@ -76,7 +83,8 @@ class nuclei(VulnMulti):
 	install_pre = {
 		'*': ['git']
 	}
-	install_cmd = 'go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest'
+	install_version = 'v3.4.2'
+	install_cmd = 'go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@[install_version]'
 	install_github_handle = 'projectdiscovery/nuclei'
 	install_post = {
 		'*': 'nuclei -ut'

secator/tasks/searchsploit.py

@@ -3,7 +3,7 @@ import re
 from secator.config import CONFIG
 from secator.decorators import task
 from secator.definitions import (CVES, EXTRA_DATA, ID, MATCHED_AT, NAME,
-								 PROVIDER, REFERENCE, TAGS, OPT_NOT_SUPPORTED)
+								 PROVIDER, REFERENCE, TAGS, TECHNOLOGY, OPT_NOT_SUPPORTED)
 from secator.output_types import Exploit
 from secator.runners import Command
 from secator.serializers import JSONSerializer
@@ -16,7 +16,9 @@ SEARCHSPLOIT_TITLE_REGEX = re.compile(r'^((?:[a-zA-Z\-_!\.()]+\d?\s?)+)\.?\s*(.*
 class searchsploit(Command):
 	"""Exploit searcher based on ExploitDB."""
 	cmd = 'searchsploit'
+	tags = ['exploit', 'recon']
 	input_flag = None
+	input_types = [TECHNOLOGY]
 	json_flag = '--json'
 	version_flag = OPT_NOT_SUPPORTED
 	opts = {
@@ -41,9 +43,10 @@ class searchsploit(Command):
 	install_pre = {
 		'apk': ['ncurses']
 	}
+	install_version = '2025-04-23'
 	install_cmd = (
-		f'git clone  --depth 1 --single-branch https://gitlab.com/exploit-database/exploitdb.git {CONFIG.dirs.share}/exploitdb || true && '  # noqa: E501
-		f'ln -sf $HOME/.local/share/exploitdb/searchsploit {CONFIG.dirs.bin}/searchsploit'
+		f'git clone  --depth 1 --single-branch -b [install_version] https://gitlab.com/exploit-database/exploitdb.git {CONFIG.dirs.share}/exploitdb_[install_version] || true && '  # noqa: E501
+		f'ln -sf $HOME/.local/share/exploitdb_[install_version]/searchsploit {CONFIG.dirs.bin}/searchsploit'
 	)
 	proxychains = False
 	proxy_socks5 = False
@@ -83,6 +86,8 @@ class searchsploit(Command):
 
 	@staticmethod
 	def on_item(self, item):
+		if not isinstance(item, Exploit):
+			return item
 		match = SEARCHSPLOIT_TITLE_REGEX.match(item.name)
 		# if not match:
 		# 	self._print(f'[bold red]{item.name} ({item.reference}) did not match SEARCHSPLOIT_TITLE_REGEX. Please report this issue.[/]')  # noqa: E501

secator/tasks/subfinder.py

@@ -1,5 +1,5 @@
 from secator.decorators import task
-from secator.definitions import (DELAY, DOMAIN, OPT_NOT_SUPPORTED, PROXY,
+from secator.definitions import (DELAY, DOMAIN, HOST, OPT_NOT_SUPPORTED, PROXY,
 							   RATE_LIMIT, RETRIES, THREADS, TIMEOUT)
 from secator.output_types import Subdomain
 from secator.serializers import JSONSerializer
@@ -9,7 +9,9 @@ from secator.tasks._categories import ReconDns
 @task()
 class subfinder(ReconDns):
 	"""Fast passive subdomain enumeration tool."""
-	cmd = 'subfinder -silent -cs'
+	cmd = 'subfinder -cs'
+	tags = ['dns', 'recon']
+	input_types = [HOST]
 	file_flag = '-dL'
 	input_flag = '-d'
 	json_flag = '-json'
@@ -31,7 +33,8 @@ class subfinder(ReconDns):
 		}
 	}
 	output_types = [Subdomain]
-	install_cmd = 'go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest'
+	install_version = 'v2.7.0'
+	install_cmd = 'go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@[install_version]'
 	install_github_handle = 'projectdiscovery/subfinder'
 	proxychains = False
 	proxy_http = True

secator/tasks/testssl.py

@@ -0,0 +1,276 @@
+import json
+import os
+from datetime import datetime
+
+from secator.config import CONFIG
+from secator.decorators import task
+from secator.output_types import Vulnerability, Certificate, Error, Info, Ip, Tag
+from secator.definitions import (PROXY, HOST, USER_AGENT, HEADER, OUTPUT_PATH,
+                                CERTIFICATE_STATUS_UNKNOWN, CERTIFICATE_STATUS_TRUSTED, CERTIFICATE_STATUS_REVOKED,
+                                TIMEOUT)
+from secator.tasks._categories import Command, OPTS
+
+
+@task()
+class testssl(Command):
+    """SSL/TLS security scanner, including ciphers, protocols and cryptographic flaws."""
+    cmd = 'testssl.sh'
+    tags = ['dns', 'recon', 'tls']
+    input_types = [HOST]
+    input_flag = None
+    file_flag = '-iL'
+    file_eof_newline = True
+    version_flag = ''
+    opt_prefix = '--'
+    opts = {
+        'verbose': {'is_flag': True, 'default': False, 'internal': True, 'display': True, 'help': 'Record all SSL/TLS info, not only critical info'},  # noqa: E501
+        'parallel': {'is_flag': True, 'default': False, 'help': 'Test multiple hosts in parallel'},
+        'warnings': {'type': str, 'default': None, 'help': 'Set to "batch" to stop on errors, and "off" to skip errors and continue'},  # noqa: E501
+        'ids_friendly': {'is_flag': True, 'default': False, 'help': 'Avoid IDS blocking by skipping a few vulnerability checks'},  # noqa: E501
+        'hints': {'is_flag': True, 'default': False, 'help': 'Additional hints to findings'},
+        'server_defaults': {'is_flag': True, 'default': False, 'help': 'Displays the server default picks and certificate info'},  # noqa: E501
+    }
+    meta_opts = {
+        PROXY: OPTS[PROXY],
+        USER_AGENT: OPTS[USER_AGENT],
+        HEADER: OPTS[HEADER],
+        TIMEOUT: OPTS[TIMEOUT],
+    }
+    opt_key_map = {
+        PROXY: 'proxy',
+        USER_AGENT: 'user-agent',
+        HEADER: 'reqheader',
+        TIMEOUT: 'connect-timeout',
+        'ipv6': '-6',
+    }
+    output_types = [Certificate, Vulnerability, Ip, Tag]
+    proxy_http = True
+    proxychains = False
+    proxy_socks5 = False
+    profile = 'io'
+    install_pre = {
+        'apk': ['hexdump', 'coreutils', 'procps'],
+        'pacman': ['util-linux'],
+        '*': ['bsdmainutils']
+    }
+    install_version = 'v3.2.0'
+    install_cmd = (
+        f'git clone --depth 1 --single-branch -b [install_version] https://github.com/drwetter/testssl.sh.git {CONFIG.dirs.share}/testssl.sh_[install_version] || true && '  # noqa: E501
+        f'ln -sf {CONFIG.dirs.share}/testssl.sh_[install_version]/testssl.sh {CONFIG.dirs.bin}'
+    )
+
+    @staticmethod
+    def on_cmd(self):
+        output_path = self.get_opt_value(OUTPUT_PATH)
+        if not output_path:
+            output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
+        self.output_path = output_path
+        self.cmd += f' --jsonfile {self.output_path}'
+
+        # Hack because target needs to be the last argument in testssl.sh
+        if len(self.inputs) == 1:
+            target = self.inputs[0]
+            self.cmd = self.cmd.replace(f' {target}', '')
+            self.cmd += f' {target}'
+
+    @staticmethod
+    def on_cmd_done(self):
+        if not os.path.exists(self.output_path):
+            yield Error(message=f'Could not find JSON results in {self.output_path}')
+            return
+        yield Info(message=f'JSON results saved to {self.output_path}')
+
+        verbose = self.get_opt_value('verbose')
+        with open(self.output_path, 'r') as f:
+            data = json.load(f)
+            bad_cyphers = {}
+            retrieved_certificates = {}
+            ignored_item_ids = ["scanTime", "overall_grade", "DNS_CAArecord"]
+            ip_addresses = []
+            host_to_ips = {}
+
+            for item in data:
+                host, ip = tuple(item['ip'].split('/'))
+                id = item['id']
+                # port = item['port']
+                finding = item['finding']
+                severity = item['severity'].lower()
+                cwe = item.get('cwe')
+                vuln_tags = ['ssl', 'tls']
+                if cwe:
+                    vuln_tags.append(cwe)
+
+                # Skip ignored items
+                if id.startswith(tuple(ignored_item_ids)):
+                    continue
+
+                # Add IP to address pool
+                host_to_ips.setdefault(host, []).append(ip)
+                if ip not in ip_addresses:
+                    ip_addresses.append(ip)
+                    yield Ip(
+                        host=host,
+                        ip=ip,
+                        alive=True
+                    )
+
+                # Process errors
+                if id.startswith("scanProblem"):
+                    yield Error(message=finding)
+
+                # Process bad ciphers
+                elif id.startswith('cipher-'):
+                    splited_item = item["finding"].split(" ")
+                    concerned_protocol = splited_item[0]
+                    bad_cypher = splited_item[-1]
+                    bad_cyphers.setdefault(ip, {}).setdefault(concerned_protocol, []).append(bad_cypher)  # noqa: E501
+
+                # Process certificates
+                elif id.startswith('cert_') or id.startswith('cert '):
+                    retrieved_certificates.setdefault(ip, []).append(item)
+
+                # Process intermediate certificates
+                elif id.startswith('intermediate_cert_'):
+                    # TODO: implement this
+                    pass
+
+                # If info or ok, create a tag only if 'verbose' option is set
+                elif severity in ['info', 'ok']:
+                    if not verbose:
+                        continue
+                    yield Tag(
+                        name=f'SSL/TLS [{id}]',
+                        match=host,
+                        extra_data={
+                            'type': id,
+                            'finding': finding,
+                        }
+                    )
+
+                # Create vulnerability
+                else:
+                    if id in ['TLS1', 'TLS1_1']:
+                        human_name = f'SSL/TLS deprecated protocol offered: {id}'
+                    else:
+                        human_name = f'SSL/TLS {id}: {finding}'
+                    yield Vulnerability(
+                        name=human_name,
+                        matched_at=host,
+                        ip=ip,
+                        tags=vuln_tags,
+                        severity=severity,
+                        confidence='high',
+                        extra_data={
+                            'id': id,
+                            'finding': finding
+                        }
+                    )
+
+            # Creating vulnerability for the deprecated ciphers
+            for ip, protocols in bad_cyphers.items():
+                for protocol, cyphers in protocols.items():
+                    yield Vulnerability(
+                        name=f'SSL/TLS vulnerability ciphers for {protocol} deprecated',
+                        matched_at=ip,
+                        ip=ip,
+                        confidence='high',
+                        severity='low',
+                        extra_data={
+                            'cyphers': cyphers
+                        }
+                    )
+
+            # Creating certificates for each founded target
+            host_to_ips = {k: set(v) for k, v in host_to_ips.items()}
+            for ip, certs in retrieved_certificates.items():
+                host = [k for k, v in host_to_ips.items() if ip in v][0]
+                cert_data = {
+                    'host': host,
+                    'ip': ip,
+                    'fingerprint_sha256': None,
+                    'subject_cn': None,
+                    'subject_an': None,
+                    'not_before': None,
+                    'not_after': None,
+                    'issuer_cn': None,
+                    'self_signed': None,
+                    'trusted': None,
+                    'status': None,
+                    'keysize': None,
+                    'serial_number': None,
+                }
+                for cert in certs:
+                    host = [k for k, v in host_to_ips.items() if ip in v][0]
+                    id = cert['id']
+                    finding = cert['finding']
+
+                    if id.startswith('cert_crlDistributionPoints') and finding != '--':
+                        # TODO not implemented, need to find a certificate that is revoked by CRL
+                        cert_data['status'] = CERTIFICATE_STATUS_UNKNOWN
+
+                    if id.startswith('cert_ocspRevoked'):
+                        if finding.startswith('not revoked'):
+                            cert_data['status'] = CERTIFICATE_STATUS_TRUSTED
+                        else:
+                            cert_data['status'] = CERTIFICATE_STATUS_REVOKED
+
+                    if id.startswith('cert_fingerprintSHA256'):
+                        cert_data['fingerprint_sha256'] = finding
+
+                    if id.startswith('cert_commonName'):
+                        cert_data['subject_cn'] = finding
+
+                    if id.startswith('cert_subjectAltName'):
+                        cert_data['subject_an'] = finding.split(" ")
+
+                    if id.startswith('cert_notBefore'):
+                        cert_data['not_before'] = datetime.strptime(finding, "%Y-%m-%d %H:%M")
+
+                    if id.startswith('cert_notAfter'):
+                        cert_data['not_after'] = datetime.strptime(finding, "%Y-%m-%d %H:%M")
+
+                    if id.startswith('cert_caIssuers'):
+                        cert_data['issuer_cn'] = finding
+
+                    if id.startswith('cert_chain_of_trust'):
+                        cert_data['self_signed'] = 'self signed' in finding
+
+                    if id.startswith('cert_chain_of_trust'):
+                        cert_data['trusted'] = finding.startswith('passed')
+
+                    if id.startswith('cert_keySize'):
+                        cert_data['keysize'] = int(finding.split(" ")[1])
+
+                    if id.startswith('cert_serialNumber'):
+                        cert_data['serial_number'] = finding
+
+                    if id.startswith('cert ') and finding.startswith('-----BEGIN CERTIFICATE-----'):
+                        cert_data['raw_value'] = finding
+
+                # For the following attributes commented, it's because at the time of writting it
+                # I did not found the value inside the result of testssl
+                cert = Certificate(
+                    **cert_data
+                    # issuer_dn='',
+                    # issuer='',
+                    # TODO: delete the ciphers attribute from certificate outputType
+                    # ciphers=None,
+                    # TODO: need to find a way to retrieve the parent certificate,
+                    # parent_certificate=None,
+                )
+                yield cert
+                if cert.is_expired():
+                    yield Vulnerability(
+                        name='SSL certificate expired',
+                        provider='testssl',
+                        description='The SSL certificate is expired. This can easily lead to domain takeovers',
+                        matched_at=host,
+                        ip=ip,
+                        tags=['ssl', 'tls'],
+                        severity='medium',
+                        confidence='high',
+                        extra_data={
+                            'id': id,
+                            'expiration_date': Certificate.format_date(cert.not_after)
+                        }
+                    )