secator 0.15.0__py3-none-any.whl → 0.16.0__py3-none-any.whl

secator/tasks/wpprobe.py

@@ -1,96 +1,103 @@
+import os
+import re
 import click
 import yaml
 
 from secator.decorators import task
 from secator.runners import Command
 from secator.definitions import OUTPUT_PATH, THREADS, URL
-from secator.output_types import Vulnerability, Tag, Info, Warning
+from secator.output_types import Vulnerability, Tag, Info, Warning, Error
 from secator.tasks._categories import OPTS
 
 
 @task()
 class wpprobe(Command):
-    """Fast wordpress plugin enumeration tool."""
-    cmd = 'wpprobe'
-    tags = ['vuln', 'scan', 'wordpress']
-    file_flag = '-f'
-    input_flag = '-u'
-    input_types = [URL]
-    opt_prefix = '-'
-    opts = {
-        'mode': {'type': click.Choice(['scan', 'update', 'update-db']), 'default': 'scan', 'help': 'WPProbe mode', 'required': True, 'internal': True},  # noqa: E501
-        'output_path': {'type': str, 'default': None, 'help': 'Output JSON file path', 'internal': True, 'display': False},  # noqa: E501
-    }
-    meta_opts = {
-        THREADS: OPTS[THREADS]
-    }
-    opt_key_map = {
-        THREADS: 't'
-    }
-    output_types = [Vulnerability, Tag]
-    install_version = 'v0.5.6'
-    install_cmd = 'go install github.com/Chocapikk/wpprobe@[install_version]'
-    install_github_handle = 'Chocapikk/wpprobe'
-    install_post = {
-        '*': 'wpprobe update && wpprobe update-db'
-    }
+	"""Fast wordpress plugin enumeration tool."""
+	cmd = 'wpprobe'
+	input_types = [URL]
+	output_types = [Vulnerability, Tag]
+	tags = ['vuln', 'scan', 'wordpress']
+	file_flag = '-f'
+	input_flag = '-u'
+	opt_prefix = '-'
+	opts = {
+		'mode': {'type': click.Choice(['scan', 'update', 'update-db']), 'default': 'scan', 'help': 'WPProbe mode', 'required': True, 'internal': True},  # noqa: E501
+		'output_path': {'type': str, 'default': None, 'help': 'Output JSON file path', 'internal': True, 'display': False},  # noqa: E501
+	}
+	meta_opts = {
+		THREADS: OPTS[THREADS]
+	}
+	opt_key_map = {
+		THREADS: 't'
+	}
+	install_version = 'v0.5.6'
+	install_cmd = 'go install github.com/Chocapikk/wpprobe@[install_version]'
+	install_github_handle = 'Chocapikk/wpprobe'
+	install_post = {
+		'*': 'wpprobe update && wpprobe update-db'
+	}
 
-    @staticmethod
-    def on_cmd(self):
-        mode = self.get_opt_value('mode')
-        if mode == 'update' or mode == 'update-db':
-            self.cmd = f'{wpprobe.cmd} {mode}'
-            return
-        self.cmd = self.cmd.replace(wpprobe.cmd, f'{wpprobe.cmd} {mode}')
-        output_path = self.get_opt_value(OUTPUT_PATH)
-        if not output_path:
-            output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
-        self.output_path = output_path
-        self.cmd += f' -o {self.output_path}'
+	@staticmethod
+	def on_cmd(self):
+		mode = self.get_opt_value('mode')
+		if mode == 'update' or mode == 'update-db':
+			self.cmd = f'{wpprobe.cmd} {mode}'
+			return
+		self.cmd = re.sub(wpprobe.cmd, f'{wpprobe.cmd} {mode}', self.cmd, 1)
+		output_path = self.get_opt_value(OUTPUT_PATH)
+		if not output_path:
+			output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
+		self.output_path = output_path
+		self.cmd += f' -o {self.output_path}'
 
-    @staticmethod
-    def on_cmd_done(self):
-        if not self.get_opt_value('mode') == 'scan':
-            return
-        yield Info(message=f'JSON results saved to {self.output_path}')
-        with open(self.output_path, 'r') as f:
-            results = yaml.safe_load(f.read())
-            if not results or 'url' not in results:
-                yield Warning(message='No results found !')
-                return
-            url = results['url']
-            for plugin_name, plugin_data in results['plugins'].items():
-                for plugin_data_version in plugin_data:
-                    plugin_version = plugin_data_version['version']
-                    yield Tag(
-                        name=f'Wordpress plugin - {plugin_name} {plugin_version}',
-                        match=url,
-                        extra_data={
-                            'name': plugin_name,
-                            'version': plugin_version
-                        }
-                    )
-                    severities = plugin_data_version.get('severities', {})
-                    for severity, severity_data in severities.items():
-                        if severity == 'None':
-                            severity = 'unknown'
-                        for item in severity_data:
-                            for vuln in item['vulnerabilities']:
-                                auth_type = item.get('auth_type')
-                                extra_data = {
-                                    'plugin_name': plugin_name,
-                                    'plugin_version': plugin_version,
-                                }
-                                if auth_type:
-                                    extra_data['auth_type'] = auth_type
-                                yield Vulnerability(
-                                    name=vuln['title'],
-                                    id=vuln['cve'],
-                                    severity=severity,
-                                    cvss_score=vuln['cvss_score'],
-                                    tags=[plugin_name],
-                                    reference=vuln['cve_link'],
-                                    extra_data=extra_data,
-                                    matched_at=url,
-                                    confidence='high'
-                                )
+	@staticmethod
+	def on_cmd_done(self):
+		if not self.get_opt_value('mode') == 'scan':
+			return
+
+		if not os.path.exists(self.output_path):
+			yield Error(message=f'Could not find JSON results in {self.output_path}')
+			return
+
+		yield Info(message=f'JSON results saved to {self.output_path}')
+		with open(self.output_path, 'r') as f:
+			results = yaml.safe_load(f.read())
+			if not results or 'url' not in results:
+				yield Warning(message='No results found !')
+				return
+			url = results['url']
+			for plugin_name, plugin_data in results['plugins'].items():
+				for plugin_data_version in plugin_data:
+					plugin_version = plugin_data_version['version']
+					yield Tag(
+						name=f'Wordpress plugin - {plugin_name} {plugin_version}',
+						match=url,
+						extra_data={
+							'name': plugin_name,
+							'version': plugin_version
+						}
+					)
+					severities = plugin_data_version.get('severities', {})
+					for severity, severity_data in severities.items():
+						if severity == 'None':
+							severity = 'unknown'
+						for item in severity_data:
+							for vuln in item['vulnerabilities']:
+								auth_type = item.get('auth_type')
+								extra_data = {
+									'plugin_name': plugin_name,
+									'plugin_version': plugin_version,
+								}
+								if auth_type:
+									extra_data['auth_type'] = auth_type
+								yield Vulnerability(
+									name=vuln['title'],
+									id=vuln['cve'],
+									severity=severity,
+									cvss_score=vuln['cvss_score'],
+									tags=[plugin_name],
+									reference=vuln['cve_link'],
+									extra_data=extra_data,
+									matched_at=url,
+									confidence='high'
+								)

secator/tasks/wpscan.py

@@ -17,10 +17,11 @@ from secator.tasks._categories import VulnHttp
 class wpscan(VulnHttp):
 	"""Wordpress security scanner."""
 	cmd = 'wpscan --force --verbose'
+	input_types = [URL]
+	output_types = [Vulnerability, Tag]
 	tags = ['vuln', 'scan', 'wordpress']
-	file_flag = None
 	input_flag = '--url'
-	input_types = [URL]
+	input_chunk_size = 1
 	json_flag = '-f json'
 	opt_prefix = '--'
 	opts = {
@@ -69,14 +70,14 @@ class wpscan(VulnHttp):
 			PROVIDER: 'wpscan',
 		},
 	}
-	output_types = [Vulnerability, Tag]
 	install_pre = {
 		'apt': ['make', 'kali:libcurl4t64', 'libffi-dev'],
 		'pacman': ['make', 'ruby-erb'],
 		'*': ['make']
 	}
-	install_version = '3.8.28'
-	install_cmd = f'gem install wpscan -v [install_version] --user-install -n {CONFIG.dirs.bin}'
+	install_github_handle = 'wpscanteam/wpscan'
+	install_version = 'v3.8.28'
+	install_cmd = f'gem install wpscan -v [install_version_strip] --user-install -n {CONFIG.dirs.bin}'
 	install_post = {
 		'kali': (
 			f'gem uninstall nokogiri --user-install -n {CONFIG.dirs.bin} --force --executables && '

secator/template.py

@@ -1,30 +1,28 @@
-import glob
+import yaml
 
 from collections import OrderedDict
-from pathlib import Path
-
-import yaml
 from dotmap import DotMap
+from pathlib import Path
 
-from secator.config import CONFIG, CONFIGS_FOLDER
-from secator.rich import console
-from secator.utils import convert_functions_to_strings, debug
 from secator.output_types import Error
-
-TEMPLATES = []
+from secator.rich import console
 
 
 class TemplateLoader(DotMap):
 
 	def __init__(self, input={}, name=None, **kwargs):
 		if name:
-			if '/' not in name:
+			split = name.split('/')
+			if len(split) != 2:
 				console.print(Error(message=f'Cannot load {name}: you should specify a type for the template when loading by name (e.g. workflow/<workflow_name>)'))  # noqa: E501
 				return
-			_type, name = name.split('/')
-			config = next((p for p in TEMPLATES if p['type'] == _type and p['name'] == name in str(p)), None)
+			_type, _name = tuple(split)
+			if _type.endswith('s'):
+				_type = _type[:-1]
+			from secator.loader import find_templates
+			config = next((p for p in find_templates() if p['type'] == _type and p['name'] == _name), None)
 			if not config:
-				console.print(Error(message=f'Template {name} not found in loaded templates'))
+				console.print(Error(message=f'Template {_type}/{_name} not found in loaded templates'))
 				config = {}
 		elif isinstance(input, dict):
 			config = input
@@ -35,9 +33,6 @@ class TemplateLoader(DotMap):
 			config = self._load(input)
 		super().__init__(config, **kwargs)
 
-	def add_to_templates(self):
-		TEMPLATES.append(self)
-
 	def _load_from_path(self, path):
 		if not path.exists():
 			console.print(Error(message=f'Config path {path} does not exists'))
@@ -48,16 +43,6 @@ class TemplateLoader(DotMap):
 	def _load(self, input):
 		return yaml.load(input, Loader=yaml.Loader)
 
-	@property
-	def supported_opts(self):
-		"""Property to access supported options easily."""
-		return self._collect_supported_opts()
-
-	@property
-	def flat_tasks(self):
-		"""Property to access tasks easily."""
-		return self._extract_tasks()
-
 	def print(self):
 		"""Print config as highlighted yaml."""
 		config = self.toDict()
@@ -69,81 +54,210 @@ class TemplateLoader(DotMap):
 		yaml_highlight = Syntax(yaml_str, 'yaml', line_numbers=True)
 		console.print(yaml_highlight)
 
-	def _collect_supported_opts(self):
-		"""Collect supported options from the tasks extracted from the config."""
-		tasks = self._extract_tasks()
-		opts = {}
-		for _, task_info in tasks.items():
-			task_class = task_info['class']
-			if task_class:
-				task_opts = task_class.get_supported_opts()
-				for name, conf in task_opts.items():
-					if name not in opts or not opts[name].get('supported', False):
-						opts[name] = convert_functions_to_strings(conf)
-		return opts
-
-	def _extract_tasks(self):
-		"""Extract tasks from any workflow or scan config.
-
-		Returns:
-			dict: A dict of task full name to task configuration containing the keyts keys ['name', 'class', 'opts']).
-		"""
-		from secator.runners import Task
-		tasks = OrderedDict()
-
-		def parse_config(config, prefix=''):
-			for key, value in config.items():
-				if key.startswith('_group'):
-					parse_config(value, prefix)
-				elif value:
-					task_name = f'{prefix}/{key}' if prefix else key
-					name = key.split('/')[0]
-					if task_name not in tasks:
-						tasks[task_name] = {'name': name, 'class': Task.get_task_class(name), 'opts': {}}
-					tasks[task_name]['opts'] = value.toDict()
-
-		if not self.type:
-			return tasks
-
-		elif self.type == 'task':
-			tasks[self.name] = {'name': self.name, 'class': Task.get_task_class(self.name)}
-
-		elif self.type == 'scan':
-			# For each workflow in the scan, load it and incorporate it with a unique prefix
-			for wf_name, _ in self.workflows.items():
-				name = wf_name.split('/')[0]
-				config = TemplateLoader(name=f'workflow/{name}')
-				wf_tasks = config.flat_tasks
-				# Prefix tasks from this workflow with its name to prevent collision
-				for task_key, task_val in wf_tasks.items():
-					unique_task_key = f"{wf_name}/{task_key}"  # Append workflow name to task key
-					tasks[unique_task_key] = task_val
-
-		elif self.type == 'workflow':
-			# Normal parsing of a workflow
-			parse_config(self.tasks)
-
-		return dict(tasks)
-
-
-def find_templates():
-	results = []
-	dirs = [CONFIGS_FOLDER]
-	if CONFIG.dirs.templates:
-		dirs.append(CONFIG.dirs.templates)
-	paths = []
-	for dir in dirs:
-		config_paths = [
-			Path(path)
-			for path in glob.glob(str(dir).rstrip('/') + '/**/*.y*ml', recursive=True)
-		]
-		debug(f'Found {len(config_paths)} templates in {dir}', sub='template')
-		paths.extend(config_paths)
-	for path in paths:
-		config = TemplateLoader(input=path)
-		debug(f'Loaded template from {path}', sub='template')
-		results.append(config)
-	return results
-
-
-TEMPLATES = find_templates()
+
+def get_short_id(id_str, config_name):
+	"""Remove config name prefix from ID string if present.
+
+	Args:
+		id_str: The ID string to process
+		config_name: The config name prefix to remove
+
+	Returns:
+		str: ID string with prefix removed, or original string if no prefix found
+	"""
+	if id_str.startswith(config_name):
+		return id_str.replace(config_name + '.', '')
+	return id_str
+
+
+def get_config_options(config, exec_opts=None, output_opts=None, type_mapping=None):
+	"""Extract and normalize command-line options from configuration.
+
+	Args:
+		config: Configuration object (task, workflow, or scan)
+		exec_opts: Execution options dictionary (optional)
+		output_opts: Output options dictionary (optional)
+		type_mapping: Type mapping for option types (optional)
+
+	Returns:
+		OrderedDict: Normalized options with metadata
+	"""
+	from secator.tree import build_runner_tree, walk_runner_tree, get_flat_node_list
+	from secator.utils import debug
+	from secator.runners.task import Task
+
+	# Task config created on-the-fly
+	if config.type == 'task':
+		config = TemplateLoader({
+			'name': config.name,
+			'type': 'workflow',
+			'tasks': {config.name: {}}
+		})
+
+	# Get main info
+	tree = build_runner_tree(config)
+	nodes = get_flat_node_list(tree)
+	exec_opts = exec_opts or {}
+	output_opts = output_opts or {}
+	type_mapping = type_mapping or {}
+	all_opts = OrderedDict({})
+
+	# Log current config and tree
+	debug(f'[magenta]{config.name}[/]', sub=f'cli.{config.name}')
+	debug(f'{tree.render_tree()}', sub=f'cli.{config.name}')
+
+	# Process global execution options
+	for opt in exec_opts:
+		opt_conf = exec_opts[opt].copy()
+		opt_conf['prefix'] = 'Execution'
+		all_opts[opt] = opt_conf
+
+	# Process global output options
+	for opt in output_opts:
+		opt_conf = output_opts[opt].copy()
+		opt_conf['prefix'] = 'Output'
+		all_opts[opt] = opt_conf
+
+	# Process config options
+	# a.k.a:
+	# - default YAML config options, defined in default_options: key in the runner YAML config
+	# - new options defined in options: key in the runner YAML config
+	config_opts_defaults = config.default_options.toDict()
+	config_opts = config.options.toDict()
+	for k, v in config_opts.items():
+		all_opts[k] = v
+		all_opts[k]['prefix'] = f'{config.type}'
+
+	def find_same_opts(node, nodes, opt_name, check_class_opts=False):
+		"""Find options with the same name that are defined in other nodes of the same type."""
+		same_opts = []
+		for _ in nodes:
+			if _.id == node.id or _.type != node.type:
+				continue
+			node_task = None
+			if check_class_opts:
+				node_task = Task.get_task_class(_.name)
+				if opt_name not in node_task.opts:
+					continue
+				opts_value = node_task.opts[opt_name]
+			else:
+				if opt_name not in _.opts:
+					continue
+				opts_value = _.opts[opt_name]
+			name_str = 'nodes' if not check_class_opts else 'tasks'
+			debug(f'[bold]{config.name}[/] -> [bold blue]{node.id}[/] -> [bold green]{opt_name}[/] found in other {name_str} [bold blue]{_.id}[/]', sub=f'cli.{config.name}.same', verbose=True)  # noqa: E501
+			same_opts.append({
+				'id': _.id,
+				'task_name': node_task.__name__ if node_task else None,
+				'name': _.name,
+				'value': opts_value,
+			})
+		if same_opts:
+			other_tasks = ", ".join([f'[bold yellow]{_["id"]}[/]' for _ in same_opts])
+			debug(f'[bold]{config.name}[/] -> [bold blue]{node.id}[/] -> [bold green]{opt_name}[/] found in {len(same_opts)} other {name_str}: {other_tasks}', sub=f'cli.{config.name}.same', verbose=True)  # noqa: E501
+		return same_opts
+
+	def process_node(node):
+		debug(f'[bold]{config.name}[/] -> [bold blue]{node.id}[/] ({node.type})', sub=f'cli.{config.name}')
+
+		if node.type not in ['task', 'workflow']:
+			return
+
+		# Process workflow options
+		# a.k.a the new options defined in options: key in the workflow YAML config;
+		if node.type == 'workflow':
+			for k, v in node.opts.items():
+				same_opts = find_same_opts(node, nodes, k)
+				conf = v.copy()
+				opt_name = k
+				conf['prefix'] = f'{node.type.capitalize()} {node.name}'
+				if len(same_opts) > 0:  # opt name conflict, change opt name
+					opt_name = f'{node.name}.{k}'
+					debug(f'[bold]{config.name}[/] -> [bold blue]{node.id}[/] -> [bold green]{k}[/] renamed to [bold green]{opt_name}[/] [dim red](duplicated)[/]', sub=f'cli.{config.name}')  # noqa: E501
+				all_opts[opt_name] = conf
+			return
+
+		# Process task options
+		# a.k.a task options defined in their respective task classes
+		cls = Task.get_task_class(node.name)
+		task_opts = cls.opts.copy()
+		task_opts_meta = cls.meta_opts.copy()
+		task_opts_all = {**task_opts, **task_opts_meta}
+		node_opts = node.opts or {}
+		ancestor_opts_defaults = node.ancestor.default_opts or {}
+		node_id_str = get_short_id(node.id, config.name)
+
+		for k, v in task_opts_all.items():
+			conf = v.copy()
+			conf['prefix'] = f'Task {node.name}'
+			default_from_config = node_opts.get(k) or ancestor_opts_defaults.get(k) or config_opts_defaults.get(k)
+			opt_name = k
+			same_opts = find_same_opts(node, nodes, k)
+
+			# Found a default in YAML config, either in task options, or workflow options, or config options
+			if default_from_config:
+				conf['required'] = False
+				conf['default'] = default_from_config
+				conf['default_from'] = node_id_str
+				if node_opts.get(k):
+					conf['default_from'] = node_id_str
+					conf['prefix'] = 'Config'
+				elif ancestor_opts_defaults.get(k):
+					conf['default_from'] = get_short_id(node.ancestor.id, config.name)
+					conf['prefix'] = f'{node.ancestor.type.capitalize()} {node.ancestor.name}'
+				elif config_opts_defaults.get(k):
+					conf['default_from'] = config.name
+					conf['prefix'] = 'Config'
+				mapped_value = cls.opt_value_map.get(opt_name)
+				if mapped_value:
+					if callable(mapped_value):
+						default_from_config = mapped_value(default_from_config)
+					else:
+						default_from_config = mapped_value
+				conf['default'] = default_from_config
+				if len(same_opts) > 0:  # change opt name to avoid conflict
+					conf['prefix'] = 'Config'
+					opt_name = f'{conf["default_from"]}.{k}'
+					debug(f'[bold]{config.name}[/] -> [bold blue]{node.id}[/] -> [bold green]{k}[/] renamed to [bold green]{opt_name}[/] [dim red](default set in config)[/]', sub=f'cli.{config.name}')  # noqa: E501
+
+			# Standard meta options like rate_limit, delay, proxy, etc...
+			elif k in task_opts_meta:
+				conf['prefix'] = 'Meta'
+				debug(f'[bold]{config.name}[/] -> [bold blue]{node.id}[/] -> [bold green]{k}[/] changed prefix to [bold cyan]Meta[/]', sub=f'cli.{config.name}')  # noqa: E501
+
+			# Task-specific options
+			elif k in task_opts:
+				same_opts = find_same_opts(node, nodes, k, check_class_opts=True)
+				if len(same_opts) > 0:
+					applies_to = set([node.name] + [_['name'] for _ in same_opts])
+					conf['applies_to'] = applies_to
+					conf['prefix'] = 'Shared task'
+					debug(f'[bold]{config.name}[/] -> [bold blue]{node.id}[/] -> [bold green]{k}[/] changed prefix to [bold cyan]Common[/] [dim red](duplicated {len(same_opts)} times)[/]', sub=f'cli.{config.name}')  # noqa: E501
+			else:
+				raise ValueError(f'Unknown option {k} for task {node.id}')
+			all_opts[opt_name] = conf
+
+	walk_runner_tree(tree, process_node)
+
+	# Normalize all options
+	debug('[bold yellow3]All opts processed. Showing defaults:[/]', sub=f'cli.{config.name}')
+	normalized_opts = OrderedDict({})
+	for k, v in all_opts.items():
+		v['reverse'] = False
+		v['show_default'] = True
+		default_from = v.get('default_from')
+		default = v.get('default', False)
+		if isinstance(default, bool) and default is True:
+			v['reverse'] = True
+		if type_mapping and 'type' in v:
+			v['type'] = type_mapping.get(v['type'], str)
+		short = v.get('short')
+		k = k.replace('.', '-').replace('_', '-').replace('/', '-')
+		from_str = default_from.replace('.', '-').replace('_', '-').replace('/', '-') if default_from else None
+		if not default_from or from_str not in k:
+			v['short'] = short if short else None
+		else:
+			v['short'] = f'{from_str}-{short}' if short else None
+		debug(f'\t[bold]{k}[/] -> [bold green]{v.get("default", "N/A")}[/] [dim red](default from {v.get("default_from", "N/A")})[/]', sub=f'cli.{config.name}')  # noqa: E501
+		normalized_opts[k] = v
+	return normalized_opts

secator/thread.py

@@ -4,21 +4,21 @@ from secator.output_types import Error
 
 
 class Thread(threading.Thread):
-    """A thread that returns errors in their join() method as secator.output_types.Error."""
+	"""A thread that returns errors in their join() method as secator.output_types.Error."""
 
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.error = None
+	def __init__(self, *args, **kwargs):
+		super().__init__(*args, **kwargs)
+		self.error = None
 
-    def run(self):
-        try:
-            if hasattr(self, '_target'):
-                self._target(*self._args, **self._kwargs)
-        except Exception as e:
-            self.error = Error.from_exception(e)
+	def run(self):
+		try:
+			if hasattr(self, '_target'):
+				self._target(*self._args, **self._kwargs)
+		except Exception as e:
+			self.error = Error.from_exception(e)
 
-    def join(self, *args, **kwargs):
-        super().join(*args, **kwargs)
-        if self.error:
-            return self.error
-        return None
+	def join(self, *args, **kwargs):
+		super().join(*args, **kwargs)
+		if self.error:
+			return self.error
+		return None