secator 0.10.1a12__py3-none-any.whl → 0.15.1__py3-none-any.whl

secator/tasks/trivy.py

@@ -0,0 +1,98 @@
+import click
+import os
+import yaml
+
+from secator.config import CONFIG
+from secator.decorators import task
+from secator.definitions import (THREADS, OUTPUT_PATH, OPT_NOT_SUPPORTED, HEADER, DELAY, FOLLOW_REDIRECT,
+								DOCKER_IMAGE, PATH, GIT_REPOSITORY, PROXY, RATE_LIMIT, RETRIES, TIMEOUT,
+								USER_AGENT)
+from secator.tasks._categories import Vuln
+from secator.output_types import Vulnerability, Tag, Info, Error
+
+
+@task()
+class trivy(Vuln):
+	"""Comprehensive and versatile security scanner."""
+	cmd = 'trivy'
+	tags = ['vuln', 'scan']
+	input_flag = None
+	input_types = [DOCKER_IMAGE, PATH, GIT_REPOSITORY]
+	json_flag = '-f json'
+	opts = {
+		"mode": {"type": click.Choice(['image', 'fs', 'repo']), 'default': 'image', 'help': 'Trivy mode', 'required': True}  # noqa: E501
+	}
+	opt_key_map = {
+		THREADS: OPT_NOT_SUPPORTED,
+		HEADER: OPT_NOT_SUPPORTED,
+		DELAY: OPT_NOT_SUPPORTED,
+		FOLLOW_REDIRECT: OPT_NOT_SUPPORTED,
+		PROXY: OPT_NOT_SUPPORTED,
+		RATE_LIMIT: OPT_NOT_SUPPORTED,
+		RETRIES: OPT_NOT_SUPPORTED,
+		TIMEOUT: OPT_NOT_SUPPORTED,
+		USER_AGENT: OPT_NOT_SUPPORTED
+	}
+	output_types = [Tag, Vulnerability]
+	install_version = 'v0.61.1'
+	install_cmd = (
+		'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh |'
+		f'sudo sh -s -- -b {CONFIG.dirs.bin} [install_version]'
+	)
+	install_github_handle = 'aquasecurity/trivy'
+
+	@staticmethod
+	def on_cmd(self):
+		mode = self.get_opt_value('mode')
+		output_path = self.get_opt_value(OUTPUT_PATH)
+		if not output_path:
+			output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
+		self.output_path = output_path
+		self.cmd = self.cmd.replace(f' -mode {mode}', '').replace('trivy', f'trivy {mode}')
+		self.cmd += f' -o {self.output_path}'
+
+	@staticmethod
+	def on_cmd_done(self):
+		if not os.path.exists(self.output_path):
+			yield Error(message=f'Could not find JSON results in {self.output_path}')
+			return
+
+		yield Info(message=f'JSON results saved to {self.output_path}')
+		with open(self.output_path, 'r') as f:
+			results = yaml.safe_load(f.read()).get('Results', [])
+		for item in results:
+			for vuln in item.get('Vulnerabilities', []):
+				vuln_id = vuln['VulnerabilityID']
+				extra_data = {}
+				if 'PkgName' in vuln:
+					extra_data['product'] = vuln['PkgName']
+				if 'InstalledVersion' in vuln:
+					extra_data['version'] = vuln['InstalledVersion']
+				cvss = vuln.get('CVSS', {})
+				cvss_score = -1
+				for _, cvss_data in cvss.items():
+					cvss_score = cvss_data.get('V3Score', -1) or cvss_data.get('V2Score', -1)
+				data = {
+					'name': vuln_id,
+					'id': vuln_id,
+					'provider': vuln.get('DataSource', {}).get('ID', ''),
+					'description': vuln.get('Description'),
+					'matched_at': self.inputs[0],
+					'confidence': 'high',
+					'severity': vuln['Severity'].lower(),
+					'cvss_score': cvss_score,
+					'reference': vuln.get('PrimaryURL', ''),
+					'references': vuln.get('References', []),
+					'extra_data': extra_data
+				}
+				if vuln_id.startswith('CVE'):
+					remote_data = Vuln.lookup_cve(vuln_id)
+					if remote_data:
+						data.update(remote_data)
+				yield Vulnerability(**data)
+			for secret in item.get('Secrets', []):
+				yield Tag(
+					name=secret['RuleID'],
+					match=secret['Match'],
+					extra_data={k: v for k, v in secret.items() if k not in ['RuleID', 'Match']}
+				)

secator/tasks/wafw00f.py

@@ -0,0 +1,85 @@
+import os
+import yaml
+
+from secator.decorators import task
+from secator.runners import Command
+from secator.definitions import (OUTPUT_PATH, HEADER, PROXY, URL, TIMEOUT)
+from secator.output_types import Tag, Info, Error
+from secator.tasks._categories import OPTS
+
+
+@task()
+class wafw00f(Command):
+	"""Web Application Firewall Fingerprinting tool."""
+	cmd = 'wafw00f'
+	tags = ['waf', 'scan']
+	input_types = [URL]
+	input_flag = None
+	file_flag = '-i'
+	json_flag = '-f json'
+	encoding = 'ansi'
+	opt_prefix = '--'
+	meta_opts = {
+		PROXY: OPTS[PROXY],
+		HEADER: OPTS[HEADER],
+		TIMEOUT: OPTS[TIMEOUT]
+	}
+	opts = {
+		'list': {'is_flag': True, 'default': False, 'help': 'List all WAFs that WAFW00F is able to detect'},
+		'waf_type': {'type': str, 'short': 'wt', 'help': 'Test for one specific WAF'},
+		'find_all': {'is_flag': True, 'short': 'ta', 'default': False, 'help': 'Find all WAFs which match the signatures, do not stop testing on the first one'},  # noqa: E501
+		'no_follow_redirects': {'is_flag': True, 'short': 'nfr', 'default': False, 'help': 'Do not follow redirections given by 3xx responses'},  # noqa: E501
+	}
+	opt_key_map = {
+		HEADER: 'headers',
+		PROXY: 'proxy',
+		'waf_type': 'test',
+		'find_all': 'findall',
+		'no_follow_redirects': 'noredirect',
+	}
+	output_types = [Tag]
+	install_version = 'v2.3.1'
+	install_cmd = 'pipx install git+https://github.com/EnableSecurity/wafw00f.git@[install_version] --force'
+	install_github_handle = 'EnableSecurity/wafw00f'
+	proxy_http = True
+
+	@staticmethod
+	def on_cmd(self):
+		self.output_path = self.get_opt_value(OUTPUT_PATH)
+		if not self.output_path:
+			self.output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
+		self.cmd += f' -o {self.output_path}'
+
+		self.headers = self.get_opt_value(HEADER)
+		if self.headers:
+			header_file = f'{self.reports_folder}/.inputs/headers.txt'
+			with open(header_file, 'w') as f:
+				for header in self.headers.split(';;'):
+					f.write(f'{header}\n')
+			self.cmd = self.cmd.replace(self.headers, header_file)
+
+	@staticmethod
+	def on_cmd_done(self):
+		# Skip parsing if list mode
+		list_mode = self.get_opt_value('list')
+		if list_mode:
+			return
+
+		if not os.path.exists(self.output_path):
+			yield Error(message=f'Could not find JSON results in {self.output_path}')
+			return
+
+		yield Info(message=f'JSON results saved to {self.output_path}')
+		with open(self.output_path, 'r') as f:
+			results = yaml.safe_load(f.read())
+
+		if len(results) > 0 and results[0]['detected']:
+			waf_name = results[0]['firewall']
+			url = results[0]['url']
+			match = results[0]['trigger_url']
+			manufacter = results[0]['manufacturer']
+			yield Tag(
+				name=waf_name + ' WAF',
+				match=url,
+				extra_data={'waf_name': waf_name, 'manufacter': manufacter, 'trigger_url': match}
+			)

secator/tasks/wpprobe.py

@@ -0,0 +1,96 @@
+import click
+import yaml
+
+from secator.decorators import task
+from secator.runners import Command
+from secator.definitions import OUTPUT_PATH, THREADS, URL
+from secator.output_types import Vulnerability, Tag, Info, Warning
+from secator.tasks._categories import OPTS
+
+
+@task()
+class wpprobe(Command):
+    """Fast wordpress plugin enumeration tool."""
+    cmd = 'wpprobe'
+    tags = ['vuln', 'scan', 'wordpress']
+    file_flag = '-f'
+    input_flag = '-u'
+    input_types = [URL]
+    opt_prefix = '-'
+    opts = {
+        'mode': {'type': click.Choice(['scan', 'update', 'update-db']), 'default': 'scan', 'help': 'WPProbe mode', 'required': True, 'internal': True},  # noqa: E501
+        'output_path': {'type': str, 'default': None, 'help': 'Output JSON file path', 'internal': True, 'display': False},  # noqa: E501
+    }
+    meta_opts = {
+        THREADS: OPTS[THREADS]
+    }
+    opt_key_map = {
+        THREADS: 't'
+    }
+    output_types = [Vulnerability, Tag]
+    install_version = 'v0.5.6'
+    install_cmd = 'go install github.com/Chocapikk/wpprobe@[install_version]'
+    install_github_handle = 'Chocapikk/wpprobe'
+    install_post = {
+        '*': 'wpprobe update && wpprobe update-db'
+    }
+
+    @staticmethod
+    def on_cmd(self):
+        mode = self.get_opt_value('mode')
+        if mode == 'update' or mode == 'update-db':
+            self.cmd = f'{wpprobe.cmd} {mode}'
+            return
+        self.cmd = self.cmd.replace(wpprobe.cmd, f'{wpprobe.cmd} {mode}')
+        output_path = self.get_opt_value(OUTPUT_PATH)
+        if not output_path:
+            output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
+        self.output_path = output_path
+        self.cmd += f' -o {self.output_path}'
+
+    @staticmethod
+    def on_cmd_done(self):
+        if not self.get_opt_value('mode') == 'scan':
+            return
+        yield Info(message=f'JSON results saved to {self.output_path}')
+        with open(self.output_path, 'r') as f:
+            results = yaml.safe_load(f.read())
+            if not results or 'url' not in results:
+                yield Warning(message='No results found !')
+                return
+            url = results['url']
+            for plugin_name, plugin_data in results['plugins'].items():
+                for plugin_data_version in plugin_data:
+                    plugin_version = plugin_data_version['version']
+                    yield Tag(
+                        name=f'Wordpress plugin - {plugin_name} {plugin_version}',
+                        match=url,
+                        extra_data={
+                            'name': plugin_name,
+                            'version': plugin_version
+                        }
+                    )
+                    severities = plugin_data_version.get('severities', {})
+                    for severity, severity_data in severities.items():
+                        if severity == 'None':
+                            severity = 'unknown'
+                        for item in severity_data:
+                            for vuln in item['vulnerabilities']:
+                                auth_type = item.get('auth_type')
+                                extra_data = {
+                                    'plugin_name': plugin_name,
+                                    'plugin_version': plugin_version,
+                                }
+                                if auth_type:
+                                    extra_data['auth_type'] = auth_type
+                                yield Vulnerability(
+                                    name=vuln['title'],
+                                    id=vuln['cve'],
+                                    severity=severity,
+                                    cvss_score=vuln['cvss_score'],
+                                    tags=[plugin_name],
+                                    reference=vuln['cve_link'],
+                                    extra_data=extra_data,
+                                    matched_at=url,
+                                    confidence='high'
+                                )

secator/tasks/wpscan.py

@@ -16,10 +16,11 @@ from secator.tasks._categories import VulnHttp
 @task()
 class wpscan(VulnHttp):
 	"""Wordpress security scanner."""
-	cmd = 'wpscan --random-user-agent --force --verbose --disable-tls-checks --ignore-main-redirect'
+	cmd = 'wpscan --force --verbose'
+	tags = ['vuln', 'scan', 'wordpress']
 	file_flag = None
 	input_flag = '--url'
-	input_type = URL
+	input_types = [URL]
 	json_flag = '-f json'
 	opt_prefix = '--'
 	opts = {
@@ -30,7 +31,9 @@ class wpscan(VulnHttp):
 		'passwords': {'type': str, 'help': 'List of passwords to use during the password attack.'},
 		'usernames': {'type': str, 'help': 'List of usernames to use during the password attack.'},
 		'login_uri': {'type': str, 'short': 'lu', 'help': 'URI of the login page if different from /wp-login.php'},
-		'detection_mode': {'type': str, 'short': 'dm', 'help': 'Detection mode between mixed, passive, and aggressive'}
+		'detection_mode': {'type': str, 'short': 'dm', 'help': 'Detection mode between mixed, passive, and aggressive'},
+		'random_user_agent': {'is_flag': True, 'short': 'rua', 'help': 'Random user agent'},
+		'disable_tls_checks': {'is_flag': True, 'short': 'dtc', 'help': 'Disable TLS checks'}
 	}
 	opt_key_map = {
 		HEADER: OPT_NOT_SUPPORTED,
@@ -72,7 +75,8 @@ class wpscan(VulnHttp):
 		'pacman': ['make', 'ruby-erb'],
 		'*': ['make']
 	}
-	install_cmd = f'gem install wpscan --user-install -n {CONFIG.dirs.bin}'
+	install_version = '3.8.28'
+	install_cmd = f'gem install wpscan -v [install_version] --user-install -n {CONFIG.dirs.bin}'
 	install_post = {
 		'kali': (
 			f'gem uninstall nokogiri --user-install -n {CONFIG.dirs.bin} --force --executables && '

secator/template.py

@@ -8,85 +8,45 @@ from dotmap import DotMap
 
 from secator.config import CONFIG, CONFIGS_FOLDER
 from secator.rich import console
-from secator.utils import convert_functions_to_strings
+from secator.utils import convert_functions_to_strings, debug
+from secator.output_types import Error
 
-
-TEMPLATES_DIR_KEYS = ['workflow', 'scan', 'profile']
-
-
-def load_template(name):
-	"""Load a config by name.
-
-	Args:
-		name: Name of the config, for instances profiles/aggressive or workflows/domain_scan.
-
-	Returns:
-		dict: Loaded config.
-	"""
-	path = CONFIGS_FOLDER / f'{name}.yaml'
-	if not path.exists():
-		console.log(f'Config "{name}" could not be loaded.')
-		return
-	with path.open('r') as f:
-		return yaml.load(f.read(), Loader=yaml.Loader)
-
-
-def find_templates():
-	results = {'scan': [], 'workflow': [], 'profile': []}
-	dirs_type = [CONFIGS_FOLDER]
-	if CONFIG.dirs.templates:
-		dirs_type.append(CONFIG.dirs.templates)
-	paths = []
-	for dir in dirs_type:
-		dir_paths = [
-			Path(path)
-			for path in glob.glob(str(dir).rstrip('/') + '/**/*.y*ml', recursive=True)
-		]
-		paths.extend(dir_paths)
-	for path in paths:
-		with path.open('r') as f:
-			try:
-				config = yaml.load(f.read(), yaml.Loader)
-				type = config.get('type')
-				if type:
-					results[type].append(path)
-			except yaml.YAMLError as exc:
-				console.log(f'Unable to load config at {path}')
-				console.log(str(exc))
-	return results
+TEMPLATES = []
 
 
 class TemplateLoader(DotMap):
 
 	def __init__(self, input={}, name=None, **kwargs):
 		if name:
-			name = name.replace('-', '_')  # so that workflows have a nice '-' in CLI
-			config = self._load_from_name(name)
-		elif isinstance(input, str) or isinstance(input, Path):
-			config = self._load_from_file(input)
-		else:
+			if '/' not in name:
+				console.print(Error(message=f'Cannot load {name}: you should specify a type for the template when loading by name (e.g. workflow/<workflow_name>)'))  # noqa: E501
+				return
+			_type, name = name.split('/')
+			config = next((p for p in TEMPLATES if p['type'] == _type and p['name'] == name in str(p)), None)
+			if not config:
+				console.print(Error(message=f'Template {name} not found in loaded templates'))
+				config = {}
+		elif isinstance(input, dict):
 			config = input
-		super().__init__(config)
+		elif isinstance(input, Path) or Path(input).exists():
+			config = self._load_from_path(input)
+			config['_path'] = str(input)
+		elif isinstance(input, str):
+			config = self._load(input)
+		super().__init__(config, **kwargs)
 
-	def _load_from_file(self, path):
-		if isinstance(path, str):
-			path = Path(path)
+	def add_to_templates(self):
+		TEMPLATES.append(self)
+
+	def _load_from_path(self, path):
 		if not path.exists():
-			console.log(f'Config path {path} does not exists', style='bold red')
+			console.print(Error(message=f'Config path {path} does not exists'))
 			return
 		with path.open('r') as f:
-			return yaml.load(f.read(), Loader=yaml.Loader)
-
-	def _load_from_name(self, name):
-		return load_template(name)
+			return self._load(f.read())
 
-	@classmethod
-	def load_all(cls):
-		configs = find_templates()
-		return TemplateLoader({
-			key: [TemplateLoader(path) for path in configs[key]]
-			for key in TEMPLATES_DIR_KEYS
-		})
+	def _load(self, input):
+		return yaml.load(input, Loader=yaml.Loader)
 
 	@property
 	def supported_opts(self):
@@ -98,6 +58,17 @@ class TemplateLoader(DotMap):
 		"""Property to access tasks easily."""
 		return self._extract_tasks()
 
+	def print(self):
+		"""Print config as highlighted yaml."""
+		config = self.toDict()
+		_path = config.pop('_path', None)
+		if _path:
+			console.print(f'[italic green]{_path}[/]\n')
+		yaml_str = yaml.dump(config, indent=4, sort_keys=False)
+		from rich.syntax import Syntax
+		yaml_highlight = Syntax(yaml_str, 'yaml', line_numbers=True)
+		console.print(yaml_highlight)
+
 	def _collect_supported_opts(self):
 		"""Collect supported options from the tasks extracted from the config."""
 		tasks = self._extract_tasks()
@@ -141,7 +112,7 @@ class TemplateLoader(DotMap):
 			# For each workflow in the scan, load it and incorporate it with a unique prefix
 			for wf_name, _ in self.workflows.items():
 				name = wf_name.split('/')[0]
-				config = TemplateLoader(name=f'workflows/{name}')
+				config = TemplateLoader(name=f'workflow/{name}')
 				wf_tasks = config.flat_tasks
 				# Prefix tasks from this workflow with its name to prevent collision
 				for task_key, task_val in wf_tasks.items():
@@ -153,3 +124,26 @@ class TemplateLoader(DotMap):
 			parse_config(self.tasks)
 
 		return dict(tasks)
+
+
+def find_templates():
+	results = []
+	dirs = [CONFIGS_FOLDER]
+	if CONFIG.dirs.templates:
+		dirs.append(CONFIG.dirs.templates)
+	paths = []
+	for dir in dirs:
+		config_paths = [
+			Path(path)
+			for path in glob.glob(str(dir).rstrip('/') + '/**/*.y*ml', recursive=True)
+		]
+		debug(f'Found {len(config_paths)} templates in {dir}', sub='template')
+		paths.extend(config_paths)
+	for path in paths:
+		config = TemplateLoader(input=path)
+		debug(f'Loaded template from {path}', sub='template')
+		results.append(config)
+	return results
+
+
+TEMPLATES = find_templates()

secator/utils.py

@@ -164,7 +164,8 @@ def discover_internal_tasks():
 	# Sort task_classes by category
 	task_classes = sorted(
 		task_classes,
-		key=lambda x: (get_command_category(x), x.__name__))
+		# key=lambda x: (get_command_category(x), x.__name__)
+		key=lambda x: x.__name__)
 
 	return task_classes
 
@@ -262,9 +263,9 @@ def get_command_category(command):
 	Returns:
 		str: Command category.
 	"""
-	base_cls = command.__bases__[0].__name__.replace('Command', '').replace('Runner', 'misc')
-	category = re.sub(r'(?<!^)(?=[A-Z])', '/', base_cls).lower()
-	return category
+	if not command.tags:
+		return 'misc'
+	return '/'.join(command.tags)
 
 
 def merge_opts(*options):
@@ -309,6 +310,8 @@ def pluralize(word):
 	"""
 	if word.endswith('y'):
 		return word.rstrip('y') + 'ies'
+	elif word.endswith('s'):
+		return word + 'es'
 	return f'{word}s'
 
 
@@ -373,11 +376,15 @@ def rich_to_ansi(text):
 	Returns:
 		str: Converted text (ANSI).
 	"""
-	from rich.console import Console
-	tmp_console = Console(file=None, highlight=False)
-	with tmp_console.capture() as capture:
-		tmp_console.print(text, end='', soft_wrap=True)
-	return capture.get()
+	try:
+		from rich.console import Console
+		tmp_console = Console(file=None, highlight=False)
+		with tmp_console.capture() as capture:
+			tmp_console.print(text, end='', soft_wrap=True)
+		return capture.get()
+	except Exception:
+		console.print(f'[bold red]Could not convert rich text to ansi: {text}[/]', highlight=False, markup=False)
+		return text
 
 
 def rich_escape(obj):
@@ -414,15 +421,16 @@ def format_object(obj, obj_breaklines=False):
 
 def debug(msg, sub='', id='', obj=None, lazy=None, obj_after=True, obj_breaklines=False, verbose=False):
 	"""Print debug log if DEBUG >= level."""
-	if not DEBUG_COMPONENT or DEBUG_COMPONENT == [""]:
-		return
-
-	if sub:
-		if verbose and sub not in DEBUG_COMPONENT:
-			sub = f'debug.{sub}'
-		if not any(sub.startswith(s) for s in DEBUG_COMPONENT):
+	if not DEBUG_COMPONENT == ['all']:
+		if not DEBUG_COMPONENT or DEBUG_COMPONENT == [""]:
 			return
 
+		if sub:
+			if verbose and sub not in DEBUG_COMPONENT:
+				sub = f'debug.{sub}'
+			if not any(sub.startswith(s) for s in DEBUG_COMPONENT):
+				return
+
 	if lazy:
 		msg = lazy(msg)
 
@@ -459,6 +467,10 @@ def escape_mongodb_url(url):
 	return url
 
 
+def caml_to_snake(s):
+	return re.sub(r'(?<!^)(?=[A-Z])', '_', s).lower()
+
+
 def print_version():
 	"""Print secator version information."""
 	from secator.installer import get_version_info
@@ -773,8 +785,9 @@ def process_wordlist(val):
 		val = default_wordlist
 	template_wordlist = getattr(CONFIG.wordlists.templates, val)
 	if template_wordlist:
-		return template_wordlist
-	elif Path(val).exists():
+		val = template_wordlist
+
+	if Path(val).exists():
 		return val
 	else:
 		return download_file(