secator 0.15.1__py3-none-any.whl → 0.16.0__py3-none-any.whl

secator/tasks/ffuf.py

@@ -1,6 +1,6 @@
 from secator.decorators import task
 from secator.definitions import (AUTO_CALIBRATION, CONTENT_LENGTH,
-								 CONTENT_TYPE, DELAY, DEPTH, EXTRA_DATA,
+								 CONTENT_TYPE, DATA, DELAY, DEPTH, EXTRA_DATA,
 								 FILTER_CODES, FILTER_REGEX, FILTER_SIZE,
 								 FILTER_WORDS, FOLLOW_REDIRECT, HEADER,
 								 MATCH_CODES, MATCH_REGEX, MATCH_SIZE,
@@ -8,10 +8,11 @@ from secator.definitions import (AUTO_CALIBRATION, CONTENT_LENGTH,
 								 PERCENT, PROXY, RATE_LIMIT, RETRIES,
 								 STATUS_CODE, THREADS, TIME, TIMEOUT,
 								 USER_AGENT, WORDLIST, URL)
-from secator.output_types import Progress, Url
+from secator.output_types import Progress, Url, Info, Warning
 from secator.serializers import JSONSerializer, RegexSerializer
 from secator.tasks._categories import HttpFuzzer
 
+
 FFUF_PROGRESS_REGEX = r':: Progress: \[(?P<count>\d+)/(?P<total>\d+)\] :: Job \[\d/\d\] :: (?P<rps>\d+) req/sec :: Duration: \[(?P<duration>[\d:]+)\] :: Errors: (?P<errors>\d+) ::'  # noqa: E501
 
 
@@ -19,8 +20,9 @@ FFUF_PROGRESS_REGEX = r':: Progress: \[(?P<count>\d+)/(?P<total>\d+)\] :: Job \[
 class ffuf(HttpFuzzer):
 	"""Fast web fuzzer written in Go."""
 	cmd = 'ffuf -noninteractive'
-	tags = ['url', 'fuzz']
 	input_types = [URL]
+	output_types = [Url, Progress]
+	tags = ['url', 'fuzz']
 	input_flag = '-u'
 	input_chunk_size = 1
 	file_flag = None
@@ -32,10 +34,13 @@ class ffuf(HttpFuzzer):
 	]
 	opts = {
 		AUTO_CALIBRATION: {'is_flag': True, 'short': 'ac', 'help': 'Auto-calibration'},
-		'recursion': {'is_flag': True, 'default': True, 'short': 'recursion', 'help': 'Recursion'},
+		'recursion': {'is_flag': True, 'default': False, 'short': 'recursion', 'help': 'Recursion'},
+		'stop_on_error': {'is_flag': True, 'default': False, 'short': 'soe', 'help': 'Stop on error'},
+		'fuzz_host_header': {'is_flag': True, 'default': False, 'internal': True, 'short': 'fhh', 'help': 'Fuzz host header'},
 	}
 	opt_key_map = {
 		HEADER: 'H',
+		DATA: 'd',
 		DELAY: 'p',
 		DEPTH: 'recursion-depth',
 		FILTER_CODES: 'fc',
@@ -58,8 +63,8 @@ class ffuf(HttpFuzzer):
 		# ffuf opts
 		WORDLIST: 'w',
 		AUTO_CALIBRATION: 'ac',
+		'stop_on_error': 'sa',
 	}
-	output_types = [Url, Progress]
 	output_map = {
 		Url: {
 			STATUS_CODE: 'status',
@@ -69,7 +74,7 @@ class ffuf(HttpFuzzer):
 		},
 		Progress: {
 			PERCENT: lambda x: int(int(x['count']) * 100 / int(x['total'])),
-			EXTRA_DATA: lambda x: {k: v for k, v in x.items() if k not in ['count', 'total', 'errors']}
+			EXTRA_DATA: lambda x: x
 		},
 	}
 	encoding = 'ansi'
@@ -81,8 +86,39 @@ class ffuf(HttpFuzzer):
 	proxy_http = True
 	profile = 'io'
 
+	@staticmethod
+	def before_init(self):
+		# Add /FUZZ to URL if recursion is enabled
+		if self.get_opt_value('recursion') and not len(self.inputs) > 1 and not self.inputs[0].endswith('FUZZ'):
+			self._print(Info(message='Adding /FUZZ to URL as it is needed when recursion is enabled'), rich=True)
+			self.inputs[0] = self.inputs[0].rstrip('/') + '/FUZZ'
+
+	@staticmethod
+	def on_cmd_opts(self, opts):
+		# Fuzz host header
+		if self.get_opt_value('fuzz_host_header') and len(self.inputs) > 0:
+			host = self.inputs[0].split('://')[1].split('/')[0]
+			opts['header']['value']['Host'] = f'FUZZ.{host}'
+		self.headers = opts['header']['value'].copy()
+
+		# Check FUZZ keyword
+		data = self.get_opt_value('data') or ''
+		fuzz_in_headers = any('FUZZ' in v for v in self.headers.values())
+		if len(self.inputs) > 0 and 'FUZZ' not in self.inputs[0] and not fuzz_in_headers and 'FUZZ' not in data:
+			self.add_result(Warning(message='Keyword FUZZ is not present in the URL, header or body'))
+		return opts
+
+	@staticmethod
+	def on_item_pre_convert(self, item):
+		if 'host' in item:
+			self.current_host = item['host']
+		return item
+
 	@staticmethod
 	def on_item(self, item):
 		if isinstance(item, Url):
 			item.method = self.get_opt_value(METHOD) or 'GET'
+			item.request_headers = self.headers.copy()
+			if 'FUZZ' in self.headers.get('Host', ''):
+				item.request_headers['Host'] = self.current_host
 		return item

secator/tasks/fping.py

@@ -1,7 +1,7 @@
 import validators
 
 from secator.decorators import task
-from secator.definitions import (DELAY, IP, OPT_NOT_SUPPORTED, PROXY, RATE_LIMIT,
+from secator.definitions import (DELAY, IP, HOST, OPT_NOT_SUPPORTED, PROXY, RATE_LIMIT,
 							   RETRIES, THREADS, TIMEOUT)
 from secator.output_types import Ip
 from secator.tasks._categories import ReconIp
@@ -10,11 +10,15 @@ from secator.tasks._categories import ReconIp
 @task()
 class fping(ReconIp):
 	"""Send ICMP echo probes to network hosts, similar to ping, but much better."""
-	cmd = 'fping -a'
+	cmd = 'fping -a -A'
+	input_types = [IP, HOST]
+	output_types = [Ip]
 	tags = ['ip', 'recon']
 	file_flag = '-f'
 	input_flag = None
-	input_types = [IP]
+	opts = {
+		'reverse_dns': {'is_flag': True, 'default': False, 'short': 'r', 'help': 'Reverse DNS lookup (slower)'}
+	}
 	opt_prefix = '--'
 	opt_key_map = {
 		DELAY: 'period',
@@ -22,22 +26,30 @@ class fping(ReconIp):
 		RATE_LIMIT: OPT_NOT_SUPPORTED,
 		RETRIES: 'retry',
 		TIMEOUT: 'timeout',
-		THREADS: OPT_NOT_SUPPORTED
+		THREADS: OPT_NOT_SUPPORTED,
+		'reverse_dns': 'r'
 	}
 	opt_value_map = {
 		DELAY: lambda x: x * 1000,  # convert s to ms
 		TIMEOUT: lambda x: x * 1000  # convert s to ms
 	}
-	input_types = [IP]
-	output_types = [Ip]
+	install_github_handle = 'schweikert/fping'
+	install_version = 'v5.1'
 	install_pre = {'*': ['fping']}
 	ignore_return_code = True
 
 	@staticmethod
 	def item_loader(self, line):
-		if not (validators.ipv4(line) or validators.ipv6(line)):
+		if '(' in line:
+			host, ip = tuple(t.strip() for t in line.rstrip(')').split('('))
+			if (validators.ipv4(host) or validators.ipv6(host)):
+				host = ''
+		else:
+			ip = line.strip()
+			host = ''
+		if not (validators.ipv4(ip) or validators.ipv6(ip)):
 			return
-		yield {'ip': line, 'alive': True}
+		yield {'ip': ip, 'alive': True, 'host': host}
 
 	@staticmethod
 	def on_line(self, line):

secator/tasks/gau.py

@@ -5,6 +5,7 @@ from secator.definitions import (DELAY, DEPTH, FILTER_CODES, FILTER_REGEX,
 							   MATCH_WORDS, METHOD, OPT_NOT_SUPPORTED,
 							   OPT_PIPE_INPUT, PROXY, RATE_LIMIT, RETRIES,
 							   THREADS, TIMEOUT, USER_AGENT, URL)
+from secator.output_types.url import Url
 from secator.serializers import JSONSerializer
 from secator.tasks._categories import HttpCrawler
 
@@ -13,8 +14,9 @@ from secator.tasks._categories import HttpCrawler
 class gau(HttpCrawler):
 	"""Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, Common Crawl, and URLScan."""
 	cmd = 'gau'
-	tags = ['pattern', 'scan']
 	input_types = [URL]
+	output_types = [Url]
+	tags = ['pattern', 'scan']
 	file_flag = OPT_PIPE_INPUT
 	json_flag = '--json'
 	opt_prefix = '--'

secator/tasks/gf.py

@@ -1,5 +1,5 @@
 from secator.decorators import task
-from secator.definitions import OPT_PIPE_INPUT, OPT_NOT_SUPPORTED, URL
+from secator.definitions import OPT_PIPE_INPUT, OPT_NOT_SUPPORTED
 from secator.output_types import Tag
 from secator.tasks._categories import Tagger
 
@@ -8,6 +8,8 @@ from secator.tasks._categories import Tagger
 class gf(Tagger):
 	"""Wrapper around grep, to help you grep for things."""
 	cmd = 'gf'
+	input_types = None  # anything
+	output_types = [Tag]
 	tags = ['pattern', 'scan']
 	file_flag = OPT_PIPE_INPUT
 	input_flag = OPT_PIPE_INPUT
@@ -18,12 +20,10 @@ class gf(Tagger):
 	opt_key_map = {
 		'pattern': ''
 	}
-	input_types = [URL]
 	install_cmd = (
 		'go install -v github.com/tomnomnom/gf@latest && '
 		'git clone https://github.com/1ndianl33t/Gf-Patterns $HOME/.gf || true'
 	)
-	output_types = [Tag]
 
 	@staticmethod
 	def item_loader(self, line):

secator/tasks/gitleaks.py

@@ -5,7 +5,7 @@ import yaml
 from secator.config import CONFIG
 from secator.decorators import task
 from secator.runners import Command
-from secator.definitions import (OUTPUT_PATH, PATH, GIT_REPOSITORY)
+from secator.definitions import (OUTPUT_PATH, PATH)
 from secator.utils import caml_to_snake
 from secator.output_types import Tag, Info, Error
 
@@ -15,7 +15,7 @@ class gitleaks(Command):
 	"""Tool for detecting secrets like passwords, API keys, and tokens in git repos, files, and stdin."""
 	cmd = 'gitleaks'
 	tags = ['secret', 'scan']
-	input_types = [PATH, GIT_REPOSITORY]
+	input_types = [PATH]
 	input_flag = None
 	json_flag = '-f json'
 	opt_prefix = '--'

secator/tasks/gospider.py

@@ -16,10 +16,11 @@ from secator.tasks._categories import HttpCrawler
 class gospider(HttpCrawler):
 	"""Fast web spider written in Go."""
 	cmd = 'gospider'
+	input_types = [URL]
+	output_types = [Url]
 	tags = ['url', 'crawl']
 	file_flag = '-S'
 	input_flag = '-s'
-	input_types = [URL]
 	json_flag = '--json'
 	opt_prefix = '--'
 	opt_key_map = {
@@ -76,3 +77,8 @@ class gospider(HttpCrawler):
 		except ValueError:  # gospider returns invalid URLs for output sometimes
 			return False
 		return True
+
+	@staticmethod
+	def on_json_loaded(self, item):
+		item['request_headers'] = self.get_opt_value('header', preprocess=True)
+		yield item

secator/tasks/grype.py

@@ -2,7 +2,7 @@ from secator.config import CONFIG
 from secator.decorators import task
 from secator.definitions import (DELAY, FOLLOW_REDIRECT, HEADER,
 							   OPT_NOT_SUPPORTED, PROXY, RATE_LIMIT, RETRIES,
-							   THREADS, TIMEOUT, USER_AGENT, PATH, DOCKER_IMAGE)
+							   THREADS, TIMEOUT, USER_AGENT, PATH, STRING, URL)
 from secator.output_types import Vulnerability
 from secator.tasks._categories import VulnCode
 
@@ -11,10 +11,12 @@ from secator.tasks._categories import VulnCode
 class grype(VulnCode):
 	"""Vulnerability scanner for container images and filesystems."""
 	cmd = 'grype --quiet'
+	input_types = [PATH, URL, STRING]
+	output_types = [Vulnerability]
 	tags = ['vuln', 'scan']
-	input_types = [PATH, DOCKER_IMAGE]
 	input_flag = ''
-	file_flag = OPT_NOT_SUPPORTED
+	input_chunk_size = 1
+	file_flag = None
 	json_flag = None
 	opt_prefix = '--'
 	opt_key_map = {
@@ -28,7 +30,6 @@ class grype(VulnCode):
 		TIMEOUT: OPT_NOT_SUPPORTED,
 		USER_AGENT: OPT_NOT_SUPPORTED
 	}
-	output_types = [Vulnerability]
 	install_pre = {
 		'*': ['curl']
 	}

secator/tasks/h8mail.py

@@ -11,10 +11,11 @@ from secator.output_types import UserAccount, Info, Error
 class h8mail(OSInt):
 	"""Email information and password lookup tool."""
 	cmd = 'h8mail'
+	input_types = [EMAIL]
+	output_types = [UserAccount]
 	tags = ['user', 'recon', 'email']
 	json_flag = '--json '
 	input_flag = '--targets'
-	input_types = [EMAIL]
 	file_flag = '-domain'
 	version_flag = '--help'
 	opt_prefix = '--'

secator/tasks/httpx.py

@@ -3,7 +3,7 @@ import os
 from secator.decorators import task
 from secator.definitions import (DELAY, DEPTH, FILTER_CODES, FILTER_REGEX, FILTER_SIZE, FILTER_WORDS, FOLLOW_REDIRECT,
 								 HEADER, MATCH_CODES, MATCH_REGEX, MATCH_SIZE, MATCH_WORDS, METHOD, OPT_NOT_SUPPORTED,
-								 PROXY, RATE_LIMIT, RETRIES, THREADS, TIMEOUT, URL, USER_AGENT, HOST, IP)
+								 PROXY, RATE_LIMIT, RETRIES, THREADS, TIMEOUT, URL, USER_AGENT, HOST, IP, HOST_PORT)
 from secator.config import CONFIG
 from secator.output_types import Url, Subdomain
 from secator.serializers import JSONSerializer
@@ -14,11 +14,12 @@ from secator.utils import (sanitize_url, extract_domain_info, extract_subdomains
 @task()
 class httpx(Http):
 	"""Fast and multi-purpose HTTP toolkit."""
-	cmd = 'httpx'
+	cmd = 'httpx -irh'
+	input_types = [HOST, HOST_PORT, IP, URL]
+	output_types = [Url, Subdomain]
 	tags = ['url', 'probe']
 	file_flag = '-l'
 	input_flag = '-u'
-	input_types = [HOST, IP, URL]
 	json_flag = '-json'
 	opts = {
 		# 'silent': {'is_flag': True, 'default': False, 'help': 'Silent mode'},
@@ -66,7 +67,6 @@ class httpx(Http):
 		DELAY: lambda x: str(x) + 's' if x else None,
 	}
 	item_loaders = [JSONSerializer()]
-	output_types = [Url, Subdomain]
 	install_pre = {
 		'apk': ['chromium']
 	}
@@ -77,6 +77,17 @@ class httpx(Http):
 	proxy_socks5 = True
 	proxy_http = True
 	profile = 'io'
+	profile = lambda opts: httpx.dynamic_profile(opts)  # noqa: E731
+
+	@staticmethod
+	def dynamic_profile(opts):
+		screenshot = httpx._get_opt_value(
+			opts,
+			'screenshot',
+			opts_conf=dict(httpx.opts, **httpx.meta_opts),
+			opt_aliases=opts.get('aliases', [])
+		)
+		return 'cpu' if screenshot is True else 'io'
 
 	@staticmethod
 	def on_init(self):
@@ -109,7 +120,7 @@ class httpx(Http):
 
 	@staticmethod
 	def on_end(self):
-		store_responses = self.get_opt_value('store_responses')
+		store_responses = self.get_opt_value('store_responses') or CONFIG.http.store_responses
 		response_dir = f'{self.reports_folder}/.outputs'
 		if store_responses:
 			index_rpath = f'{response_dir}/response/index.txt'
@@ -133,6 +144,8 @@ class httpx(Http):
 			elif k == URL:
 				item[k] = sanitize_url(v)
 		item[URL] = item.get('final_url') or item[URL]
+		item['request_headers'] = self.get_opt_value('header', preprocess=True)
+		item['response_headers'] = item.get('header', {})
 		return item
 
 	def _create_subdomain_from_tls_cert(self, domain, url):

secator/tasks/katana.py

@@ -17,10 +17,11 @@ from secator.tasks._categories import HttpCrawler
 class katana(HttpCrawler):
 	"""Next-generation crawling and spidering framework."""
 	cmd = 'katana'
+	input_types = [URL]
+	output_types = [Url]
 	tags = ['url', 'crawl']
 	file_flag = '-list'
 	input_flag = '-u'
-	input_types = [URL]
 	json_flag = '-jsonl'
 	opts = {
 		'headless': {'is_flag': True, 'short': 'hl', 'help': 'Headless mode'},
@@ -73,7 +74,8 @@ class katana(HttpCrawler):
 			CONTENT_LENGTH: lambda x: x['response'].get('headers', {}).get('content_length', 0),
 			WEBSERVER: lambda x: x['response'].get('headers', {}).get('server', ''),
 			TECH: lambda x: x['response'].get('technologies', []),
-			STORED_RESPONSE_PATH: lambda x: x['response'].get('stored_response_path', '')
+			STORED_RESPONSE_PATH: lambda x: x['response'].get('stored_response_path', ''),
+			'response_headers': lambda x: x['response'].get('headers', {}),
 			# TAGS: lambda x: x['response'].get('server')
 		}
 	}
@@ -86,39 +88,57 @@ class katana(HttpCrawler):
 	proxychains = False
 	proxy_socks5 = True
 	proxy_http = True
-	profile = 'io'
+	profile = lambda opts: katana.dynamic_profile(opts)  # noqa: E731
+
+	@staticmethod
+	def dynamic_profile(opts):
+		headless = katana._get_opt_value(
+			opts,
+			'headless',
+			opts_conf=dict(katana.opts, **katana.meta_opts),
+			opt_aliases=opts.get('aliases', [])
+		)
+		return 'cpu' if headless is True else 'io'
+
+	@staticmethod
+	def on_init(self):
+		form_fill = self.get_opt_value('form_fill')
+		form_extraction = self.get_opt_value('form_extraction')
+		store_responses = self.get_opt_value('store_responses')
+		if form_fill or form_extraction or store_responses:
+			self.cmd += f' -srd {self.reports_folder}/.outputs'
 
 	@staticmethod
 	def on_json_loaded(self, item):
 		# form detection
-		forms = item.get('response', {}).get('forms', [])
+		response = item.get('response', {})
+		forms = response.get('forms', [])
 		if forms:
 			for form in forms:
 				method = form['method']
-				yield Url(form['action'], host=urlparse(item['request']['endpoint']).netloc, method=method)
+				yield Url(
+					form['action'],
+					host=urlparse(item['request']['endpoint']).netloc,
+					method=method,
+					stored_response_path=response["stored_response_path"],
+					request_headers=self.get_opt_value('header', preprocess=True)
+				)
 				yield Tag(
 					name='form',
 					match=form['action'],
+					stored_response_path=response["stored_response_path"],
 					extra_data={
 						'method': form['method'],
 						'enctype': form.get('enctype', ''),
 						'parameters': ','.join(form.get('parameters', []))
 					}
 				)
+		item['request_headers'] = self.get_opt_value('header', preprocess=True)
 		yield item
 
-	@staticmethod
-	def on_init(self):
-		debug_resp = self.get_opt_value('debug_resp')
-		if debug_resp:
-			self.cmd = self.cmd.replace('-silent', '')
-		store_responses = self.get_opt_value('store_responses')
-		if store_responses:
-			self.cmd += f' -srd {self.reports_folder}/.outputs'
-
 	@staticmethod
 	def on_item(self, item):
-		if not isinstance(item, Url):
+		if not isinstance(item, (Url, Tag)):
 			return item
 		store_responses = self.get_opt_value('store_responses')
 		if store_responses and os.path.exists(item.stored_response_path):

secator/tasks/maigret.py

@@ -6,7 +6,7 @@ import re
 from secator.decorators import task
 from secator.definitions import (DELAY, EXTRA_DATA, OPT_NOT_SUPPORTED, OUTPUT_PATH, PROXY,
 								 RATE_LIMIT, RETRIES, SITE_NAME, THREADS,
-								 TIMEOUT, URL, USERNAME)
+								 TIMEOUT, URL, STRING)
 from secator.output_types import UserAccount, Info, Error
 from secator.tasks._categories import ReconUser
 
@@ -17,10 +17,11 @@ logger = logging.getLogger(__name__)
 class maigret(ReconUser):
 	"""Collect a dossier on a person by username."""
 	cmd = 'maigret'
+	input_types = [STRING]
+	output_types = [UserAccount]
 	tags = ['user', 'recon', 'username']
 	file_flag = None
 	input_flag = None
-	input_types = [USERNAME]
 	json_flag = '--json ndjson'
 	opt_prefix = '--'
 	opts = {
@@ -34,8 +35,6 @@ class maigret(ReconUser):
 		TIMEOUT: 'timeout',
 		THREADS: OPT_NOT_SUPPORTED
 	}
-	input_types = [USERNAME]
-	output_types = [UserAccount]
 	output_map = {
 		UserAccount: {
 			SITE_NAME: 'sitename',
@@ -43,6 +42,7 @@ class maigret(ReconUser):
 			EXTRA_DATA: lambda x: x['status'].get('ids', {})
 		}
 	}
+	install_version = '0.5.0a'
 	install_cmd = 'pipx install git+https://github.com/soxoj/maigret --force'
 	socks5_proxy = True
 	profile = 'io'

secator/tasks/mapcidr.py

@@ -1,7 +1,7 @@
 import validators
 
 from secator.decorators import task
-from secator.definitions import (CIDR_RANGE, OPT_NOT_SUPPORTED, PROXY,
+from secator.definitions import (CIDR_RANGE, IP, OPT_NOT_SUPPORTED, PROXY,
 							   RATE_LIMIT, RETRIES, THREADS, TIMEOUT)
 from secator.output_types import Ip
 from secator.tasks._categories import ReconIp
@@ -11,6 +11,8 @@ from secator.tasks._categories import ReconIp
 class mapcidr(ReconIp):
 	"""Utility program to perform multiple operations for a given subnet/cidr ranges."""
 	cmd = 'mapcidr'
+	input_types = [CIDR_RANGE, IP]
+	output_types = [Ip]
 	tags = ['ip', 'recon']
 	input_flag = '-cidr'
 	file_flag = '-cl'
@@ -20,8 +22,6 @@ class mapcidr(ReconIp):
 	install_version = 'v1.1.34'
 	install_cmd = 'go install -v github.com/projectdiscovery/mapcidr/cmd/mapcidr@[install_version]'
 	install_github_handle = 'projectdiscovery/mapcidr'
-	input_types = [CIDR_RANGE]
-	output_types = [Ip]
 	opt_key_map = {
 		THREADS: OPT_NOT_SUPPORTED,
 		PROXY: OPT_NOT_SUPPORTED,

secator/tasks/msfconsole.py

@@ -6,8 +6,8 @@ from rich.panel import Panel
 
 from secator.config import CONFIG
 from secator.decorators import task
-from secator.definitions import (DELAY, FOLLOW_REDIRECT, HEADER, HOST, IP, OPT_NOT_SUPPORTED, PROXY, RATE_LIMIT,
-								 RETRIES, THREADS, TIMEOUT, USER_AGENT, URL)
+from secator.definitions import (DELAY, FOLLOW_REDIRECT, HEADER, HOST, OPT_NOT_SUPPORTED, PROXY, RATE_LIMIT,
+								 RETRIES, THREADS, TIMEOUT, USER_AGENT)
 from secator.tasks._categories import VulnMulti
 from secator.utils import get_file_timestamp
 
@@ -18,11 +18,11 @@ logger = logging.getLogger(__name__)
 class msfconsole(VulnMulti):
 	"""CLI to access and work with the Metasploit Framework."""
 	cmd = 'msfconsole --quiet'
+	input_types = [HOST]
+	output_types = []
 	tags = ['exploit', 'attack']
 	version_flag = OPT_NOT_SUPPORTED
-	input_types = [HOST, IP, URL]
 	input_chunk_size = 1
-	output_types = []
 	opt_prefix = '--'
 	opts = {
 		'resource': {'type': str, 'help': 'Metasploit resource script.', 'short': 'r'},

secator/tasks/naabu.py

@@ -11,9 +11,10 @@ from secator.tasks._categories import ReconPort
 class naabu(ReconPort):
 	"""Port scanning tool written in Go."""
 	cmd = 'naabu'
+	input_types = [HOST, IP]
+	output_types = [Port]
 	tags = ['port', 'scan']
 	input_flag = '-host'
-	input_types = [HOST, IP]
 	file_flag = '-list'
 	json_flag = '-json'
 	opts = {
@@ -49,7 +50,6 @@ class naabu(ReconPort):
 			STATE: lambda x: 'open'
 		}
 	}
-	output_types = [Port]
 	install_version = 'v2.3.3'
 	install_cmd = 'go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@[install_version]'
 	install_github_handle = 'projectdiscovery/naabu'

secator/tasks/nmap.py

@@ -10,9 +10,8 @@ from secator.definitions import (CONFIDENCE, CVSS_SCORE, DELAY,
 								 DESCRIPTION, EXTRA_DATA, FOLLOW_REDIRECT,
 								 HEADER, HOST, ID, IP, PROTOCOL, MATCHED_AT, NAME,
 								 OPT_NOT_SUPPORTED, OUTPUT_PATH, PORT, PORTS, PROVIDER,
-								 PROXY, RATE_LIMIT, REFERENCE, REFERENCES,
-								 RETRIES, SCRIPT, SERVICE_NAME, SEVERITY, STATE, TAGS,
-								 THREADS, TIMEOUT, TOP_PORTS, USER_AGENT)
+								 PROXY, RATE_LIMIT, REFERENCE, REFERENCES, RETRIES, SCRIPT, SERVICE_NAME,
+								 SEVERITY, STATE, TAGS, THREADS, TIMEOUT, TOP_PORTS, USER_AGENT)
 from secator.output_types import Exploit, Port, Vulnerability, Info, Error
 from secator.tasks._categories import VulnMulti
 from secator.utils import debug, traceback_as_string
@@ -24,13 +23,12 @@ logger = logging.getLogger(__name__)
 class nmap(VulnMulti):
 	"""Network Mapper is a free and open source utility for network discovery and security auditing."""
 	cmd = 'nmap'
-	tags = ['port', 'scan']
-	input_flag = None
 	input_types = [HOST, IP]
+	output_types = [Port, Vulnerability, Exploit]
+	tags = ['port', 'scan']
 	input_chunk_size = 1
 	file_flag = '-iL'
 	opt_prefix = '--'
-	output_types = [Port, Vulnerability, Exploit]
 	opts = {
 		# Port specification and scan order
 		PORTS: {'type': str, 'short': 'p', 'help': 'Ports to scan (- to scan all)'},
@@ -248,7 +246,7 @@ class nmapData(dict):
 						EXTRA_DATA: extra_data,
 					}
 					if not func:
-						debug(f'Script output parser for "{script_id}" is not supported YET.', sub='cve')
+						debug(f'Script output parser for "{script_id}" is not supported YET.', sub='cve.nmap')
 						continue
 					for data in func(output, cpes=cpes):
 						data.update(metadata)
@@ -257,7 +255,7 @@ class nmapData(dict):
 							confidence = 'high' if version_exact else 'medium'
 						data[CONFIDENCE] = confidence
 						if (CONFIG.runners.skip_cve_low_confidence and data[CONFIDENCE] == 'low'):
-							debug(f'{data[ID]}: ignored (low confidence).', sub='cve')
+							debug(f'{data[ID]}: ignored (low confidence).', sub='cve.nmap')
 							continue
 						if data in datas:
 							continue
@@ -349,7 +347,7 @@ class nmapData(dict):
 		if not isinstance(cpes, list):
 			cpes = [cpes]
 			extra_data['cpe'] = cpes
-		debug(f'Found CPEs: {",".join(cpes)}', sub='cve')
+		debug(f'Found CPEs: {",".join(cpes)}', sub='cve.nmap')
 
 		# Grab confidence
 		conf = int(extra_data.get('conf', 0))
@@ -368,7 +366,7 @@ class nmapData(dict):
 			cpe = VulnMulti.create_cpe_string(product, version_cpe)
 			if cpe not in cpes:
 				cpes.append(cpe)
-				debug(f'Added new CPE from identified product and version: {cpe}', sub='cve')
+				debug(f'Added new CPE from identified product and version: {cpe}', sub='cve.nmap')
 
 		return extra_data
 
@@ -412,7 +410,7 @@ class nmapData(dict):
 				NAME: vuln_id,
 				DESCRIPTION: vuln_title,
 				PROVIDER: provider_name,
-				TAGS: [vuln_id, provider_name]
+				TAGS: [provider_name]
 			}
 			if provider_name == 'MITRE CVE':
 				data = VulnMulti.lookup_cve(vuln['id'], *cpes)
@@ -436,7 +434,6 @@ class nmapData(dict):
 			elems = tuple(line.split('\t'))
 
 			if len(elems) == 4:  # exploit
-				# TODO: Implement exploit processing
 				exploit_id, cvss_score, reference_url, _ = elems
 				name = exploit_id
 				# edb_id = name.split(':')[-1] if 'EDB-ID' in name else None
@@ -460,6 +457,7 @@ class nmapData(dict):
 					exploit[TAGS].extend(vuln[TAGS])
 					exploit[CONFIDENCE] = vuln[CONFIDENCE]
 				yield exploit
+				continue
 
 			elif len(elems) == 3:  # vuln
 				vuln = {}
@@ -483,6 +481,6 @@ class nmapData(dict):
 						vuln.update(data)
 					yield vuln
 				else:
-					debug(f'Vulners parser for "{vuln_type}" is not implemented YET.', sub='cve')
+					debug(f'Vulners parser for "{vuln_type}" is not implemented YET.', sub='cve.nmap')
 			else:
-				debug(f'Unrecognized vulners output: {elems}', sub='cve')
+				debug(f'Unrecognized vulners output: {elems}', sub='cve.nmap')