secator 0.11.0__tar.gz → 0.11.1__tar.gz

{secator-0.11.0 → secator-0.11.1}/CHANGELOG.md

@@ -1,5 +1,14 @@
 # Changelog
 
+## [0.11.1](https://github.com/freelabz/secator/compare/v0.11.0...v0.11.1) (2025-04-23)
+
+
+### Bug Fixes
+
+* fping ret code ([#593](https://github.com/freelabz/secator/issues/593)) ([f2d0982](https://github.com/freelabz/secator/commit/f2d0982ea665a08d24afd3f80c8f976811daa397))
+* ghsa lookups, startup file downloads ([#592](https://github.com/freelabz/secator/issues/592)) ([021bf11](https://github.com/freelabz/secator/commit/021bf11b6cd7d9ecb5dd95b45d6411d1feeeb86c))
+* wordlist dynamic download ([#595](https://github.com/freelabz/secator/issues/595)) ([9a859ae](https://github.com/freelabz/secator/commit/9a859ae8f391bb73263b356ef166f5685683c30f))
+
 ## [0.11.0](https://github.com/freelabz/secator/compare/v0.10.0...v0.11.0) (2025-04-22)
 
 

{secator-0.11.0 → secator-0.11.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: secator
-Version: 0.11.0
+Version: 0.11.1
 Summary: The pentester's swiss knife.
 Project-URL: Homepage, https://github.com/freelabz/secator
 Project-URL: Issues, https://github.com/freelabz/secator/issues

{secator-0.11.0 → secator-0.11.1}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = 'hatchling.build'
 
 [project]
 name = 'secator'
-version = "0.11.0"
+version = "0.11.1"
 authors = [{ name = 'FreeLabz', email = 'sales@freelabz.com' }]
 readme = 'README.md'
 description = "The pentester's swiss knife."

{secator-0.11.0 → secator-0.11.1}/secator/config.py

@@ -623,8 +623,8 @@ for name, dir in CONFIG.dirs.items():
 		console.print('[bold green]ok.[/]')
 
 # Download wordlists and payloads
-download_files(CONFIG.wordlists.templates, CONFIG.dirs.wordlists, CONFIG.offline_mode, 'wordlist')
-download_files(CONFIG.payloads.templates, CONFIG.dirs.payloads, CONFIG.offline_mode, 'payload')
+# download_files(CONFIG.wordlists.templates, CONFIG.dirs.wordlists, CONFIG.offline_mode, 'wordlist')
+# download_files(CONFIG.payloads.templates, CONFIG.dirs.payloads, CONFIG.offline_mode, 'payload')
 
 # Print config
 if CONFIG.debug.component == 'config':

{secator-0.11.0 → secator-0.11.1}/secator/tasks/_categories.py

@@ -393,11 +393,11 @@ class Vuln(Command):
 
 	@cache
 	@staticmethod
-	def lookup_ghsa(ghsa_id):
+	def lookup_cve_from_ghsa(ghsa_id):
 		"""Search for a GHSA on Github and and return associated CVE vulnerability data.
 
 		Args:
-			ghsa (str): CVE ID in the form GHSA-*
+			ghsa (str): GHSA ID in the form GHSA-*
 
 		Returns:
 			dict: vulnerability data.
@@ -410,7 +410,10 @@ class Vuln(Command):
 			return None
 		soup = BeautifulSoup(resp.text, 'lxml')
 		sidebar_items = soup.find_all('div', {'class': 'discussion-sidebar-item'})
-		cve_id = sidebar_items[2].find('div').text.strip()
+		cve_id = sidebar_items[3].find('div').text.strip()
+		if not cve_id.startswith('CVE'):
+			debug(f'{ghsa_id}: No CVE_ID extracted from https://github.com/advisories/{ghsa_id}', sub='cve')
+			return None
 		vuln = Vuln.lookup_cve(cve_id)
 		if vuln:
 			vuln[TAGS].append('ghsa')

{secator-0.11.0 → secator-0.11.1}/secator/tasks/fping.py

@@ -29,6 +29,7 @@ class fping(ReconIp):
 	input_type = IP
 	output_types = [Ip]
 	install_pre = {'*': ['fping']}
+	ignore_return_code = True
 
 	@staticmethod
 	def item_loader(self, line):

{secator-0.11.0 → secator-0.11.1}/secator/tasks/grype.py

@@ -66,7 +66,7 @@ class grype(VulnCode):
 		if vuln_id.startswith('GHSA'):
 			data['provider'] = 'github.com'
 			data['references'] = [f'https://github.com/advisories/{vuln_id}']
-			vuln = VulnCode.lookup_ghsa(vuln_id)
+			vuln = VulnCode.lookup_cve_from_ghsa(vuln_id)
 			if vuln:
 				data.update(vuln)
 				data['severity'] = data['severity'] or severity.lower()

{secator-0.11.0 → secator-0.11.1}/secator/utils.py

@@ -781,8 +781,9 @@ def process_wordlist(val):
 		val = default_wordlist
 	template_wordlist = getattr(CONFIG.wordlists.templates, val)
 	if template_wordlist:
-		return template_wordlist
-	elif Path(val).exists():
+		val = template_wordlist
+
+	if Path(val).exists():
 		return val
 	else:
 		return download_file(

{secator-0.11.0 → secator-0.11.1}/tests/integration/test_helpers.py

@@ -1,9 +1,11 @@
 import json
+import os
 import unittest
 
 from pathlib import Path
+from unittest import mock
 
-from secator.utils_test import load_fixture, FIXTURES_DIR
+from secator.utils_test import load_fixture, FIXTURES_DIR, clear_modules
 from secator.tasks._categories import Vuln
 from secator.config import CONFIG
 
@@ -17,3 +19,15 @@ class TestHelpers(unittest.TestCase):
 			Path(cve_path).unlink()  # make sure we don't use cache data
 		actual = json.dumps(Vuln.lookup_cve_from_cve_circle('CVE-2023-5568'), sort_keys=True)
 		self.assertEqual(actual, fixture)
+
+	def test_lookup_cve_from_ghsa_no_cve_id(self):
+		actual = Vuln.lookup_cve_from_ghsa('GHSA-ggpf-24jw-3fcw')
+		self.assertIsNone(actual)
+
+	@mock.patch.dict(os.environ, {'SECATOR_RUNNERS_SKIP_CVE_SEARCH': '0'})
+	def test_lookup_cve_from_ghsa(self):
+		clear_modules()
+		from secator.tasks._categories import Vuln
+		actual = Vuln.lookup_cve_from_ghsa('GHSA-w596-4wvx-j9j6')
+		self.assertIsNotNone(actual)
+		self.assertEqual(actual['id'], 'CVE-2022-42969')