secator 0.15.0__tar.gz → 0.16.0__tar.gz

secator-0.16.0/.coderabbit.yaml

@@ -0,0 +1,148 @@
+language: en-US
+tone_instructions: ''
+early_access: false
+enable_free_tier: true
+reviews:
+  profile: chill
+  request_changes_workflow: false
+  high_level_summary: true
+  high_level_summary_placeholder: '@coderabbitai summary'
+  high_level_summary_in_walkthrough: false
+  auto_title_placeholder: '@coderabbitai'
+  auto_title_instructions: ''
+  review_status: true
+  commit_status: true
+  fail_commit_status: false
+  collapse_walkthrough: false
+  changed_files_summary: true
+  sequence_diagrams: true
+  assess_linked_issues: true
+  related_issues: true
+  related_prs: true
+  suggested_labels: true
+  auto_apply_labels: false
+  suggested_reviewers: true
+  auto_assign_reviewers: false
+  poem: true
+  labeling_instructions: []
+  path_filters: []
+  path_instructions: []
+  abort_on_close: true
+  disable_cache: false
+  auto_review:
+    enabled: true
+    auto_incremental_review: false
+    ignore_title_keywords: []
+    labels: []
+    drafts: false
+    base_branches: []
+  finishing_touches:
+    docstrings:
+      enabled: true
+    unit_tests:
+      enabled: true
+  tools:
+    ast-grep:
+      rule_dirs: []
+      util_dirs: []
+      essential_rules: true
+      packages: []
+    shellcheck:
+      enabled: true
+    ruff:
+      enabled: true
+    markdownlint:
+      enabled: true
+    github-checks:
+      enabled: true
+      timeout_ms: 90000
+    languagetool:
+      enabled: true
+      enabled_rules: []
+      disabled_rules: []
+      enabled_categories: []
+      disabled_categories: []
+      enabled_only: false
+      level: default
+    biome:
+      enabled: true
+    hadolint:
+      enabled: true
+    swiftlint:
+      enabled: true
+    phpstan:
+      enabled: true
+      level: default
+    golangci-lint:
+      enabled: true
+    yamllint:
+      enabled: true
+    gitleaks:
+      enabled: true
+    checkov:
+      enabled: true
+    detekt:
+      enabled: true
+    eslint:
+      enabled: true
+    rubocop:
+      enabled: true
+    buf:
+      enabled: true
+    regal:
+      enabled: true
+    actionlint:
+      enabled: true
+    pmd:
+      enabled: true
+    cppcheck:
+      enabled: true
+    semgrep:
+      enabled: true
+    circleci:
+      enabled: true
+    clippy:
+      enabled: true
+    sqlfluff:
+      enabled: true
+    prismaLint:
+      enabled: true
+    pylint:
+      enabled: false
+    oxc:
+      enabled: true
+    shopifyThemeCheck:
+      enabled: true
+    luacheck:
+      enabled: true
+    brakeman:
+      enabled: true
+chat:
+  auto_reply: true
+  integrations:
+    jira:
+      usage: auto
+    linear:
+      usage: auto
+knowledge_base:
+  opt_out: false
+  web_search:
+    enabled: true
+  learnings:
+    scope: auto
+  issues:
+    scope: auto
+  jira:
+    usage: auto
+    project_keys: []
+  linear:
+    usage: auto
+    team_keys: []
+  pull_requests:
+    scope: auto
+code_generation:
+  docstrings:
+    language: en-US
+    path_instructions: []
+  unit_tests:
+    path_instructions: []

{secator-0.15.0 → secator-0.16.0}/.docker/Dockerfile.alpine

@@ -1,4 +1,4 @@
-FROM alpine:latest AS builder
+FROM alpine:3.21 AS builder
 
 ENV PATH="${PATH}:/root/.local/bin"
 RUN apk add --no-cache \
@@ -19,7 +19,7 @@ RUN pipx install --pip-args="--no-cache-dir" . && \
 	secator install addons redis && \
 	secator install addons dev
 
-FROM python:3.12-alpine
+FROM python:3.12-alpine3.21
 ARG flavor=full
 ARG build_from_source=false
 ENV TERM="xterm-256color"

{secator-0.15.0 → secator-0.16.0}/CHANGELOG.md

@@ -1,5 +1,56 @@
 # Changelog
 
+## [0.16.0](https://github.com/freelabz/secator/compare/v0.15.1...v0.16.0) (2025-06-05)
+
+
+### Features
+
+* **`dnsx`:** merge `dnsxbrute` into `dnsx` ([#571](https://github.com/freelabz/secator/issues/571)) ([d30a497](https://github.com/freelabz/secator/commit/d30a4974cafba8c5a88afbe41b46f230e0667624))
+* add task revoke state and perf improvements ([#678](https://github.com/freelabz/secator/issues/678)) ([2a3bf08](https://github.com/freelabz/secator/commit/2a3bf089a643f889417da447047a6d45818dbb24))
+* allow returning errors in hooks ([#632](https://github.com/freelabz/secator/issues/632)) ([39a56bd](https://github.com/freelabz/secator/commit/39a56bdb3d7e3cc91db28f227ee3c8d517319ba2))
+* improve bbot output types ([#627](https://github.com/freelabz/secator/issues/627)) ([3b0aa5d](https://github.com/freelabz/secator/commit/3b0aa5de419cdabb4e450373d98942b32f52565d))
+* improve runner logic, workflow building, results filtering logic; and add config defaults for profiles & drivers ([#673](https://github.com/freelabz/secator/issues/673)) ([df94657](https://github.com/freelabz/secator/commit/df94657836baf380b0a00bb02467a04bbbb6ea39))
+* improve template loading flow ([#667](https://github.com/freelabz/secator/issues/667)) ([f223120](https://github.com/freelabz/secator/commit/f2231200917a2eff1fb35f782739a4ae52b2382b))
+* memory optimizations ([#681](https://github.com/freelabz/secator/issues/681)) ([d633133](https://github.com/freelabz/secator/commit/d633133263f0b1bcab54a2a0278b46fa37c5c5ab))
+* **misc:** condition-based runs, chunked_by opts, dynamic task profiles, cli improvements ([#659](https://github.com/freelabz/secator/issues/659)) ([e8225cd](https://github.com/freelabz/secator/commit/e8225cd1b434569ecdb6b99f48821bc7c581896e))
+* **runner:** add input validation to all tasks and workflows ([#663](https://github.com/freelabz/secator/issues/663)) ([8392551](https://github.com/freelabz/secator/commit/839255108d5a688cad96940bc44f86ff5ae66ba3))
+* **runner:** improve option handling ([#670](https://github.com/freelabz/secator/issues/670)) ([59b1c68](https://github.com/freelabz/secator/commit/59b1c68abe90a738dff04ee7a1ef68078ff7fa21))
+* **scans:** improve scans ([#660](https://github.com/freelabz/secator/issues/660)) ([bdd38ec](https://github.com/freelabz/secator/commit/bdd38ecbf1f1479dee5f1f39583047f8a6abccd8))
+* use os system for CLI and better labs ([#649](https://github.com/freelabz/secator/issues/649)) ([8b49912](https://github.com/freelabz/secator/commit/8b499121e4c646943cb8d692e80e99c85b396d5a))
+* **workflow:** improve subdomain_recon workflow ([#657](https://github.com/freelabz/secator/issues/657)) ([bc65092](https://github.com/freelabz/secator/commit/bc6509270031d422ceb0007be415d9cb8066534c))
+
+
+### Bug Fixes
+
+* allow dry-run mode to work without targets ([#624](https://github.com/freelabz/secator/issues/624)) ([cccffb9](https://github.com/freelabz/secator/commit/cccffb93ba4537887bed656319d47351ba5f8618))
+* check task is registered before running test ([1f5cd83](https://github.com/freelabz/secator/commit/1f5cd831c81f8773d619c9f5b4e137f7247ce3e0))
+* formatting for dynamic opts ([#628](https://github.com/freelabz/secator/issues/628)) ([dcbbfe9](https://github.com/freelabz/secator/commit/dcbbfe9d7f0acf95c8a5a0ccf787d5c9abcfbcef))
+* header options conversion ([#633](https://github.com/freelabz/secator/issues/633)) ([6ae8423](https://github.com/freelabz/secator/commit/6ae8423a75e2cab31ebc90b6b0fdaba44eba430f))
+* header parsing ([#629](https://github.com/freelabz/secator/issues/629)) ([db2f028](https://github.com/freelabz/secator/commit/db2f028a40fed0188855299f413b9e12f3dae8cf))
+* improve mongodb duplicate checker ([#626](https://github.com/freelabz/secator/issues/626)) ([bf277a9](https://github.com/freelabz/secator/commit/bf277a9d91da263e9ef6fdcd6cb6f15499bfb79d))
+* **installer:** compound distro.like() on distribs like popos ([#653](https://github.com/freelabz/secator/issues/653)) ([3687e1d](https://github.com/freelabz/secator/commit/3687e1d54ab5065286952b71c624b2eda276ed50))
+* **installer:** ignore dev/post release from PyPI ([#634](https://github.com/freelabz/secator/issues/634)) ([614c3e2](https://github.com/freelabz/secator/commit/614c3e2c20566c7a608816ad504128a10b1923d1))
+* **installer:** secator update with correct package version ([#648](https://github.com/freelabz/secator/issues/648)) ([a9cf189](https://github.com/freelabz/secator/commit/a9cf1899cade5d34f25c002eac9feeabbdc6353e))
+* lab --wait not in gitlab runner ([070ae84](https://github.com/freelabz/secator/commit/070ae84d4be8b5cfa4e4336a0d089ab12629ba3c))
+* logic to test all tasks ([3bd7503](https://github.com/freelabz/secator/commit/3bd7503c100aa4584bd3289a1bab013439e7810a))
+* os.system return code ([02aed75](https://github.com/freelabz/secator/commit/02aed757a9a8764c22e28c133c19e5de66b188fb))
+* progress type fields ([#652](https://github.com/freelabz/secator/issues/652)) ([f146914](https://github.com/freelabz/secator/commit/f146914f3d947a536ada03201e8f3fdf08615a54))
+* remove duplicates from txt exporter ([#630](https://github.com/freelabz/secator/issues/630)) ([88ba5c5](https://github.com/freelabz/secator/commit/88ba5c5c339f91da32b72f17bed54a65988b2d8b))
+* remove fping -r flag by default, show alive hosts better ([#665](https://github.com/freelabz/secator/issues/665)) ([5c945fd](https://github.com/freelabz/secator/commit/5c945fdcf1ad7422698fe5519bc5abddcc0473ca))
+* remove no-recreate flag in labs as not supported by github runner ([bd997a8](https://github.com/freelabz/secator/commit/bd997a8f8c1607f49418db98ef733caefad6b0b7))
+* short opt incorrectly named ([#631](https://github.com/freelabz/secator/issues/631)) ([0c73c60](https://github.com/freelabz/secator/commit/0c73c60380616dfab268d2541f83bf9cf4518098))
+* tasks with no file flag need input_chunk_size=1 ([#668](https://github.com/freelabz/secator/issues/668)) ([a088c94](https://github.com/freelabz/secator/commit/a088c949219718757fd1611acf8ddb8167b0deb8))
+* tools in readme, arjun chunk and ffuf header  ([#679](https://github.com/freelabz/secator/issues/679)) ([654ff30](https://github.com/freelabz/secator/commit/654ff30ca2ffc1caae7e797df922b86cd83a98ad))
+* tools table generator update ([9420f14](https://github.com/freelabz/secator/commit/9420f1426d722079d9058c7b37e4118119dc9542))
+* update ci workflow ([f4c2b13](https://github.com/freelabz/secator/commit/f4c2b1300fc7d4417704eee7e9917bf184039feb))
+* update generate table workflow ([ff62702](https://github.com/freelabz/secator/commit/ff627029120a146e55e5dbc6b95d1d9adf9cb8fa))
+* vulnerability output reference when unset ([#625](https://github.com/freelabz/secator/issues/625)) ([a656fbf](https://github.com/freelabz/secator/commit/a656fbfd306b334fdca72cdc04321cd2e8c749bb))
+
+
+### Documentation
+
+* generate tools table md ([#610](https://github.com/freelabz/secator/issues/610)) ([d60f11e](https://github.com/freelabz/secator/commit/d60f11ea72999b163e55634c8bdabaf134e3b368))
+
 ## [0.15.0](https://github.com/freelabz/secator/compare/v0.14.0...v0.15.0) (2025-05-04)
 
 

{secator-0.15.0 → secator-0.16.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: secator
-Version: 0.15.0
+Version: 0.16.0
 Summary: The pentester's swiss knife.
 Project-URL: Homepage, https://github.com/freelabz/secator
 Project-URL: Issues, https://github.com/freelabz/secator/issues
@@ -21,6 +21,7 @@ Classifier: Programming Language :: Python :: 3.11
 Requires-Python: >=3.8
 Requires-Dist: beautifulsoup4<=5
 Requires-Dist: celery<6
+Requires-Dist: click<8.2.0
 Requires-Dist: cpe<2
 Requires-Dist: distro<2
 Requires-Dist: dotmap<2
@@ -121,41 +122,41 @@ and it is designed to improve productivity for pentesters and security researche
 
 `secator` integrates the following tools:
 
-| Name                                                          | Description                                                                    | Category        |
-|---------------------------------------------------------------|--------------------------------------------------------------------------------|-----------------|
-| [arjun](https://github.com/s0md3v/Arjun)                      | HTTP Parameter Discovery Suite.                                                |                 |
-| [gitleaks](https://github.com/gitleaks/gitleaks)              | Tool for detecting secrets like passwords, API keys, tokens, etc.              |                 |
-| [testssl](https://github.com/testssl/testssl.sh)              | SSL/TLS security scanner, including ciphers, protocols and cryptographic flaws.|                 |
-| [wafw00f](https://github.com/EnableSecurity/wafw00f)          | Web Application Firewall Fingerprinting tool.                                  |                 |
-| [wpprobe](https://github.com/Chocapikk/wpprobe)               | Fast wordpress plugin enumeration tool.                                        |                 |
-| [httpx](https://github.com/projectdiscovery/httpx)            | Fast HTTP prober.                                                              | `http`          |
-| [cariddi](https://github.com/edoardottt/cariddi)              | Fast crawler and endpoint secrets / api keys / tokens matcher.                 | `http/crawler`  |
-| [gau](https://github.com/lc/gau)                              | Offline URL crawler (Alien Vault, The Wayback Machine, Common Crawl, URLScan). | `http/crawler`  |
-| [gospider](https://github.com/jaeles-project/gospider)        | Fast web spider written in Go.                                                 | `http/crawler`  |
-| [katana](https://github.com/projectdiscovery/katana)          | Next-generation crawling and spidering framework.                              | `http/crawler`  |
-| [dirsearch](https://github.com/maurosoria/dirsearch)          | Web path discovery.                                                            | `http/fuzzer`   |
-| [feroxbuster](https://github.com/epi052/feroxbuster)          | Simple, fast, recursive content discovery tool written in Rust.                | `http/fuzzer`   |
-| [ffuf](https://github.com/ffuf/ffuf)                          | Fast web fuzzer written in Go.                                                 | `http/fuzzer`   |
-| [h8mail](https://github.com/khast3x/h8mail)                   | Email OSINT and breach hunting tool.                                           | `osint`         |
-| [dnsx](https://github.com/projectdiscovery/dnsx)              | Fast and multi-purpose DNS toolkit.                                            | `recon/dns`     |
-| [dnsxbrute](https://github.com/projectdiscovery/dnsx)         | Fast and multi-purpose DNS toolkit (bruteforce mode).                          | `recon/dns`     |
-| [subfinder](https://github.com/projectdiscovery/subfinder)    | Fast subdomain finder.                                                         | `recon/dns`     |
-| [fping](https://fping.org/)                                   | Find alive hosts on local networks.                                            | `recon/ip`      |
-| [mapcidr](https://github.com/projectdiscovery/mapcidr)        | Expand CIDR ranges into IPs.                                                   | `recon/ip`      |
-| [naabu](https://github.com/projectdiscovery/naabu)            | Fast port discovery tool.                                                      | `recon/port`    |
-| [maigret](https://github.com/soxoj/maigret)                   | Hunt for user accounts across many websites.                                   | `recon/user`    |
-| [gf](https://github.com/tomnomnom/gf)                         | A wrapper around grep to avoid typing common patterns.                         | `tagger`        |
-| [trivy](https://github.com/aquasecurity/trivy)                | Comprehensive and versatile security scanner.                                  | `vuln`          |
-| [grype](https://github.com/anchore/grype)                     | A vulnerability scanner for container images and filesystems.                  | `vuln/code`     |
-| [dalfox](https://github.com/hahwul/dalfox)                    | Powerful XSS scanning tool and parameter analyzer.                             | `vuln/http`     |
-| [msfconsole](https://docs.rapid7.com/metasploit/msf-overview) | CLI to access and work with the Metasploit Framework.                          | `vuln/http`     |
-| [wpscan](https://github.com/wpscanteam/wpscan)                | WordPress Security Scanner                                                     | `vuln/multi`    |
-| [nmap](https://github.com/nmap/nmap)                          | Vulnerability scanner using NSE scripts.                                       | `vuln/multi`    |
-| [nuclei](https://github.com/projectdiscovery/nuclei)          | Fast and customisable vulnerability scanner based on simple YAML based DSL.    | `vuln/multi`    |
-| [bbot](https://github.com/blacklanternsecurity/bbot)          | Multipurpose scanner.                                                          | `multi`         |
-| [searchsploit](https://gitlab.com/exploit-database/exploitdb) | Exploit searcher based on ExploitDB.                                           | `exploit/search`|
-| [bup](https://github.com/laluka/bypass-url-parser)            | 40X bypasser.                                                                  | `http`          |
-
+<!-- START_TOOLS_TABLE -->
+| Name                                                            | Description                                                                      | Category          |
+|-----------------------------------------------------------------|----------------------------------------------------------------------------------|-------------------|
+| [arjun](https://github.com/s0md3v/Arjun)                                                           | HTTP Parameter Discovery Suite.                                                  | `url/fuzz/params` |
+| [bbot](https://github.com/blacklanternsecurity/bbot)                                                            | Multipurpose scanner.                                                            | `vuln/scan`       |
+| [bup](https://github.com/laluka/bypass-url-parser)                                                             | 40X bypasser.                                                                    | `url/bypass`      |
+| [cariddi](https://github.com/edoardottt/cariddi)                                                         | Crawl endpoints, secrets, api keys, extensions, tokens...                        | `url/crawl`       |
+| [dalfox](https://github.com/hahwul/dalfox)                                                          | Powerful open source XSS scanning tool.                                          | `url/fuzz`        |
+| [dirsearch](https://github.com/maurosoria/dirsearch)                                                       | Advanced web path brute-forcer.                                                  | `url/fuzz`        |
+| [dnsx](https://github.com/projectdiscovery/dnsx)                                                            | dnsx is a fast and multi-purpose DNS toolkit designed for running various retryabledns library. | `dns/fuzz`        |
+| [feroxbuster](https://github.com/epi052/feroxbuster)                                                     | Simple, fast, recursive content discovery tool written in Rust                   | `url/fuzz`        |
+| [ffuf](https://github.com/ffuf/ffuf)                                                            | Fast web fuzzer written in Go.                                                   | `url/fuzz`        |
+| [fping](https://github.com/schweikert/fping)                                                           | Send ICMP echo probes to network hosts, similar to ping, but much better.        | `ip/recon`        |
+| [gau](https://github.com/lc/gau)                                                             | Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, Common Crawl, and URLScan. | `pattern/scan`    |
+| [gf](https://github.com/tomnomnom/gf)                                                              | Wrapper around grep, to help you grep for things.                                | `pattern/scan`    |
+| [gitleaks](https://github.com/gitleaks/gitleaks)                                                        | Tool for detecting secrets like passwords, API keys, and tokens in git repos, files, and stdin. | `secret/scan`     |
+| [gospider](https://github.com/jaeles-project/gospider)                                                        | Fast web spider written in Go.                                                   | `url/crawl`       |
+| [grype](https://github.com/anchore/grype)                                                           | Vulnerability scanner for container images and filesystems.                      | `vuln/scan`       |
+| [h8mail](https://github.com/khast3x/h8mail)                                                          | Email information and password lookup tool.                                      | `user/recon/email` |
+| [httpx](https://github.com/projectdiscovery/httpx)                                                           | Fast and multi-purpose HTTP toolkit.                                             | `url/probe`       |
+| [katana](https://github.com/projectdiscovery/katana)                                                          | Next-generation crawling and spidering framework.                                | `url/crawl`       |
+| [maigret](https://github.com/soxoj/maigret)                                                         | Collect a dossier on a person by username.                                       | `user/recon/username` |
+| [mapcidr](https://github.com/projectdiscovery/mapcidr)                                                         | Utility program to perform multiple operations for a given subnet/cidr ranges.   | `ip/recon`        |
+| [msfconsole](https://docs.rapid7.com/metasploit/msf-overview/)                                                      | CLI to access and work with the Metasploit Framework.                            | `exploit/attack`  |
+| [naabu](https://github.com/projectdiscovery/naabu)                                                           | Port scanning tool written in Go.                                                | `port/scan`       |
+| [nmap](https://github.com/nmap/nmap)                                                            | Network Mapper is a free and open source utility for network discovery and security auditing. | `port/scan`       |
+| [nuclei](https://github.com/projectdiscovery/nuclei)                                                          | Fast and customisable vulnerability scanner based on simple YAML based DSL.      | `vuln/scan`       |
+| [searchsploit](https://gitlab.com/exploit-database/exploitdb)                                                    | Exploit searcher based on ExploitDB.                                             | `exploit/recon`   |
+| [subfinder](https://github.com/projectdiscovery/subfinder)                                                       | Fast passive subdomain enumeration tool.                                         | `dns/recon`       |
+| [testssl](https://github.com/testssl/testssl.sh)                                                         | SSL/TLS security scanner, including ciphers, protocols and cryptographic flaws.  | `dns/recon/tls`   |
+| [trivy](https://github.com/aquasecurity/trivy)                                                           | Comprehensive and versatile security scanner.                                    | `vuln/scan`       |
+| [wafw00f](https://github.com/EnableSecurity/wafw00f)                                                         | Web Application Firewall Fingerprinting tool.                                    | `waf/scan`        |
+| [wpprobe](https://github.com/Chocapikk/wpprobe)                                                         | Fast wordpress plugin enumeration tool.                                          | `vuln/scan/wordpress` |
+| [wpscan](https://github.com/wpscanteam/wpscan)                                                          | Wordpress security scanner.                                                      | `vuln/scan/wordpress` |
+<!-- END_TOOLS_TABLE -->
 
 Feel free to request new tools to be added by opening an issue, but please 
 check that the tool complies with our selection criterias before doing so. If it doesn't but you still want to integrate it into `secator`, you can plug it in (see the [dev guide](https://docs.freelabz.com/for-developers/writing-custom-tasks)).

{secator-0.15.0 → secator-0.16.0}/README.md

@@ -51,41 +51,41 @@ and it is designed to improve productivity for pentesters and security researche
 
 `secator` integrates the following tools:
 
-| Name                                                          | Description                                                                    | Category        |
-|---------------------------------------------------------------|--------------------------------------------------------------------------------|-----------------|
-| [arjun](https://github.com/s0md3v/Arjun)                      | HTTP Parameter Discovery Suite.                                                |                 |
-| [gitleaks](https://github.com/gitleaks/gitleaks)              | Tool for detecting secrets like passwords, API keys, tokens, etc.              |                 |
-| [testssl](https://github.com/testssl/testssl.sh)              | SSL/TLS security scanner, including ciphers, protocols and cryptographic flaws.|                 |
-| [wafw00f](https://github.com/EnableSecurity/wafw00f)          | Web Application Firewall Fingerprinting tool.                                  |                 |
-| [wpprobe](https://github.com/Chocapikk/wpprobe)               | Fast wordpress plugin enumeration tool.                                        |                 |
-| [httpx](https://github.com/projectdiscovery/httpx)            | Fast HTTP prober.                                                              | `http`          |
-| [cariddi](https://github.com/edoardottt/cariddi)              | Fast crawler and endpoint secrets / api keys / tokens matcher.                 | `http/crawler`  |
-| [gau](https://github.com/lc/gau)                              | Offline URL crawler (Alien Vault, The Wayback Machine, Common Crawl, URLScan). | `http/crawler`  |
-| [gospider](https://github.com/jaeles-project/gospider)        | Fast web spider written in Go.                                                 | `http/crawler`  |
-| [katana](https://github.com/projectdiscovery/katana)          | Next-generation crawling and spidering framework.                              | `http/crawler`  |
-| [dirsearch](https://github.com/maurosoria/dirsearch)          | Web path discovery.                                                            | `http/fuzzer`   |
-| [feroxbuster](https://github.com/epi052/feroxbuster)          | Simple, fast, recursive content discovery tool written in Rust.                | `http/fuzzer`   |
-| [ffuf](https://github.com/ffuf/ffuf)                          | Fast web fuzzer written in Go.                                                 | `http/fuzzer`   |
-| [h8mail](https://github.com/khast3x/h8mail)                   | Email OSINT and breach hunting tool.                                           | `osint`         |
-| [dnsx](https://github.com/projectdiscovery/dnsx)              | Fast and multi-purpose DNS toolkit.                                            | `recon/dns`     |
-| [dnsxbrute](https://github.com/projectdiscovery/dnsx)         | Fast and multi-purpose DNS toolkit (bruteforce mode).                          | `recon/dns`     |
-| [subfinder](https://github.com/projectdiscovery/subfinder)    | Fast subdomain finder.                                                         | `recon/dns`     |
-| [fping](https://fping.org/)                                   | Find alive hosts on local networks.                                            | `recon/ip`      |
-| [mapcidr](https://github.com/projectdiscovery/mapcidr)        | Expand CIDR ranges into IPs.                                                   | `recon/ip`      |
-| [naabu](https://github.com/projectdiscovery/naabu)            | Fast port discovery tool.                                                      | `recon/port`    |
-| [maigret](https://github.com/soxoj/maigret)                   | Hunt for user accounts across many websites.                                   | `recon/user`    |
-| [gf](https://github.com/tomnomnom/gf)                         | A wrapper around grep to avoid typing common patterns.                         | `tagger`        |
-| [trivy](https://github.com/aquasecurity/trivy)                | Comprehensive and versatile security scanner.                                  | `vuln`          |
-| [grype](https://github.com/anchore/grype)                     | A vulnerability scanner for container images and filesystems.                  | `vuln/code`     |
-| [dalfox](https://github.com/hahwul/dalfox)                    | Powerful XSS scanning tool and parameter analyzer.                             | `vuln/http`     |
-| [msfconsole](https://docs.rapid7.com/metasploit/msf-overview) | CLI to access and work with the Metasploit Framework.                          | `vuln/http`     |
-| [wpscan](https://github.com/wpscanteam/wpscan)                | WordPress Security Scanner                                                     | `vuln/multi`    |
-| [nmap](https://github.com/nmap/nmap)                          | Vulnerability scanner using NSE scripts.                                       | `vuln/multi`    |
-| [nuclei](https://github.com/projectdiscovery/nuclei)          | Fast and customisable vulnerability scanner based on simple YAML based DSL.    | `vuln/multi`    |
-| [bbot](https://github.com/blacklanternsecurity/bbot)          | Multipurpose scanner.                                                          | `multi`         |
-| [searchsploit](https://gitlab.com/exploit-database/exploitdb) | Exploit searcher based on ExploitDB.                                           | `exploit/search`|
-| [bup](https://github.com/laluka/bypass-url-parser)            | 40X bypasser.                                                                  | `http`          |
-
+<!-- START_TOOLS_TABLE -->
+| Name                                                            | Description                                                                      | Category          |
+|-----------------------------------------------------------------|----------------------------------------------------------------------------------|-------------------|
+| [arjun](https://github.com/s0md3v/Arjun)                                                           | HTTP Parameter Discovery Suite.                                                  | `url/fuzz/params` |
+| [bbot](https://github.com/blacklanternsecurity/bbot)                                                            | Multipurpose scanner.                                                            | `vuln/scan`       |
+| [bup](https://github.com/laluka/bypass-url-parser)                                                             | 40X bypasser.                                                                    | `url/bypass`      |
+| [cariddi](https://github.com/edoardottt/cariddi)                                                         | Crawl endpoints, secrets, api keys, extensions, tokens...                        | `url/crawl`       |
+| [dalfox](https://github.com/hahwul/dalfox)                                                          | Powerful open source XSS scanning tool.                                          | `url/fuzz`        |
+| [dirsearch](https://github.com/maurosoria/dirsearch)                                                       | Advanced web path brute-forcer.                                                  | `url/fuzz`        |
+| [dnsx](https://github.com/projectdiscovery/dnsx)                                                            | dnsx is a fast and multi-purpose DNS toolkit designed for running various retryabledns library. | `dns/fuzz`        |
+| [feroxbuster](https://github.com/epi052/feroxbuster)                                                     | Simple, fast, recursive content discovery tool written in Rust                   | `url/fuzz`        |
+| [ffuf](https://github.com/ffuf/ffuf)                                                            | Fast web fuzzer written in Go.                                                   | `url/fuzz`        |
+| [fping](https://github.com/schweikert/fping)                                                           | Send ICMP echo probes to network hosts, similar to ping, but much better.        | `ip/recon`        |
+| [gau](https://github.com/lc/gau)                                                             | Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, Common Crawl, and URLScan. | `pattern/scan`    |
+| [gf](https://github.com/tomnomnom/gf)                                                              | Wrapper around grep, to help you grep for things.                                | `pattern/scan`    |
+| [gitleaks](https://github.com/gitleaks/gitleaks)                                                        | Tool for detecting secrets like passwords, API keys, and tokens in git repos, files, and stdin. | `secret/scan`     |
+| [gospider](https://github.com/jaeles-project/gospider)                                                        | Fast web spider written in Go.                                                   | `url/crawl`       |
+| [grype](https://github.com/anchore/grype)                                                           | Vulnerability scanner for container images and filesystems.                      | `vuln/scan`       |
+| [h8mail](https://github.com/khast3x/h8mail)                                                          | Email information and password lookup tool.                                      | `user/recon/email` |
+| [httpx](https://github.com/projectdiscovery/httpx)                                                           | Fast and multi-purpose HTTP toolkit.                                             | `url/probe`       |
+| [katana](https://github.com/projectdiscovery/katana)                                                          | Next-generation crawling and spidering framework.                                | `url/crawl`       |
+| [maigret](https://github.com/soxoj/maigret)                                                         | Collect a dossier on a person by username.                                       | `user/recon/username` |
+| [mapcidr](https://github.com/projectdiscovery/mapcidr)                                                         | Utility program to perform multiple operations for a given subnet/cidr ranges.   | `ip/recon`        |
+| [msfconsole](https://docs.rapid7.com/metasploit/msf-overview/)                                                      | CLI to access and work with the Metasploit Framework.                            | `exploit/attack`  |
+| [naabu](https://github.com/projectdiscovery/naabu)                                                           | Port scanning tool written in Go.                                                | `port/scan`       |
+| [nmap](https://github.com/nmap/nmap)                                                            | Network Mapper is a free and open source utility for network discovery and security auditing. | `port/scan`       |
+| [nuclei](https://github.com/projectdiscovery/nuclei)                                                          | Fast and customisable vulnerability scanner based on simple YAML based DSL.      | `vuln/scan`       |
+| [searchsploit](https://gitlab.com/exploit-database/exploitdb)                                                    | Exploit searcher based on ExploitDB.                                             | `exploit/recon`   |
+| [subfinder](https://github.com/projectdiscovery/subfinder)                                                       | Fast passive subdomain enumeration tool.                                         | `dns/recon`       |
+| [testssl](https://github.com/testssl/testssl.sh)                                                         | SSL/TLS security scanner, including ciphers, protocols and cryptographic flaws.  | `dns/recon/tls`   |
+| [trivy](https://github.com/aquasecurity/trivy)                                                           | Comprehensive and versatile security scanner.                                    | `vuln/scan`       |
+| [wafw00f](https://github.com/EnableSecurity/wafw00f)                                                         | Web Application Firewall Fingerprinting tool.                                    | `waf/scan`        |
+| [wpprobe](https://github.com/Chocapikk/wpprobe)                                                         | Fast wordpress plugin enumeration tool.                                          | `vuln/scan/wordpress` |
+| [wpscan](https://github.com/wpscanteam/wpscan)                                                          | Wordpress security scanner.                                                      | `vuln/scan/wordpress` |
+<!-- END_TOOLS_TABLE -->
 
 Feel free to request new tools to be added by opening an issue, but please 
 check that the tool complies with our selection criterias before doing so. If it doesn't but you still want to integrate it into `secator`, you can plug it in (see the [dev guide](https://docs.freelabz.com/for-developers/writing-custom-tasks)).

{secator-0.15.0 → secator-0.16.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = 'hatchling.build'
 
 [project]
 name = 'secator'
-version = "0.15.0"
+version = "0.16.0"
 authors = [{ name = 'FreeLabz', email = 'sales@freelabz.com' }]
 readme = 'README.md'
 description = "The pentester's swiss knife."
@@ -48,6 +48,7 @@ dependencies = [
   'requests < 3',
   'rich < 14',
   'rich-click < 1.7',
+  'click < 8.2.0', 
   'psutil < 7',
   'retry < 1',
   'tldextract < 6',

secator-0.16.0/scripts/generate_tools_md_table.py

@@ -0,0 +1,131 @@
+from secator.loader import discover_tasks
+
+import re
+from pathlib import Path
+
+
+TABLE_START_MARKER = "<!-- START_TOOLS_TABLE -->"
+TABLE_END_MARKER = "<!-- END_TOOLS_TABLE -->"
+README_FILENAME = "README.md"
+
+
+def get_tools_data():
+    data = []
+    hardcoded_urls = {
+        'bbot': 'https://github.com/blacklanternsecurity/bbot',
+        'bup': 'https://github.com/laluka/bypass-url-parser',
+        'dirsearch': 'https://github.com/maurosoria/dirsearch',
+        'gf': 'https://github.com/tomnomnom/gf',
+        'testssl': 'https://github.com/testssl/testssl.sh',
+        'wpscan': 'https://github.com/wpscanteam/wpscan',
+        'nmap': 'https://github.com/nmap/nmap',
+        'maigret': 'https://github.com/soxoj/maigret',
+        'h8mail': 'https://github.com/khast3x/h8mail',
+        'fping': 'https://github.com/schweikert/fping',
+        'msfconsole': 'https://docs.rapid7.com/metasploit/msf-overview/',
+        'searchsploit': 'https://gitlab.com/exploit-database/exploitdb'
+    }
+    for task in discover_tasks():
+        url = task.install_github_handle
+        if url:
+            url = f'https://github.com/{url}'
+        else:
+            url = hardcoded_urls.get(task.__name__)
+        data.append({
+            'name': task.__name__,
+            'url': url,
+            'description': task.__doc__ or '',
+            'category': '/'.join(task.tags)
+        })
+    return data
+
+def generate_tools_table_markdown(tools_data):
+    """
+    Generates the Markdown table string from the tools data.
+    Uses the formatting style found in the original README.
+    """
+    if not tools_data:
+        return ""
+
+    # Define fixed widths based roughly on the original table for nice formatting in raw markdown
+    # Note: This is for raw readability; Markdown renderers don't strictly need it.
+    # Adjust these widths if your content significantly changes length.
+    name_col_width = 63 # Adjusted for link markup
+    desc_col_width = 80
+    cat_col_width = 17
+
+    header = f"| {'Name'.ljust(name_col_width)} | {'Description'.ljust(desc_col_width)} | {'Category'.ljust(cat_col_width)} |"
+    separator = f"|{'-' * (name_col_width + 2)}|{'-' * (desc_col_width + 2)}|{'-' * (cat_col_width + 2)}|"
+
+    table_lines = [header, separator]
+
+    for tool in tools_data:
+        name = tool.get('name', 'N/A')
+        url = tool.get('url', '#') # Default to '#' if URL is missing
+        description = tool.get('description', '')
+        category = tool.get('category', '')
+
+        # Format columns
+        name_md = f"[{name}]({url})"
+        # Pad based on the *visible* length of the markdown link for alignment
+        # This is an approximation, perfect alignment is tricky with variable link lengths
+        name_padded = name_md.ljust(name_col_width + len(name_md) - len(name))
+
+        desc_padded = description.ljust(desc_col_width)
+
+        cat_md = f"`{category}`" if category else ''
+        cat_padded = cat_md.ljust(cat_col_width)
+
+        table_lines.append(f"| {name_padded} | {desc_padded} | {cat_padded} |")
+
+    return "\n".join(table_lines)
+
+
+def update_readme_table(readme_path, new_table_content):
+    """
+    Reads the README, replaces the content between the markers
+    with the new table content, and writes it back.
+    """
+    try:
+        with readme_path.open('r', encoding='utf-8') as f:
+            content = f.read()
+    except FileNotFoundError:
+        print(f"Error: README file not found at '{readme_path}'")
+        return False
+    except Exception as e:
+        print(f"Error reading README file: {e}")
+        return False
+
+    # Use regex to find the content between markers, including the markers themselves
+    # re.DOTALL makes '.' match newlines
+    pattern = re.compile(f"({re.escape(TABLE_START_MARKER)}).*?({re.escape(TABLE_END_MARKER)})", re.DOTALL)
+
+    # Construct the replacement string, keeping the markers but replacing the middle
+    replacement_string = f"{TABLE_START_MARKER}\n{new_table_content}\n{TABLE_END_MARKER}"
+
+    # Replace the old table section with the new one
+    new_content, num_replacements = pattern.subn(replacement_string, content)
+
+    if num_replacements == 0:
+        print(f"Error: Could not find table markers '{TABLE_START_MARKER}' and/or '{TABLE_END_MARKER}' in '{readme_path}'.")
+        print("Please ensure the markers exist exactly as defined and surround the table.")
+        return False
+    elif num_replacements > 1:
+        print(f"Warning: Found multiple instances of table markers in '{readme_path}'. Replacing only the first instance.")
+        # pattern.sub replaces only the first instance by default if global flag isn't used,
+        # but subn counts all potential matches. Behavior might be unexpected with multiple matches.
+        # Consider stopping if > 1 found for safety.
+
+    try:
+        with readme_path.open('w', encoding='utf-8') as f:
+            f.write(new_content)
+        print(f"Successfully updated the supported tools table in '{readme_path}'")
+        return True
+    except Exception as e:
+        print(f"Error writing updated content to README file: {e}")
+        return False
+
+data = get_tools_data()
+md_table = generate_tools_table_markdown(data)
+path = Path(__file__).parent.parent / 'README.md'
+update_readme_table(path, md_table)