secator 0.15.1__py3-none-any.whl → 0.16.0__py3-none-any.whl

secator/tasks/trivy.py

@@ -5,8 +5,7 @@ import yaml
 from secator.config import CONFIG
 from secator.decorators import task
 from secator.definitions import (THREADS, OUTPUT_PATH, OPT_NOT_SUPPORTED, HEADER, DELAY, FOLLOW_REDIRECT,
-								DOCKER_IMAGE, PATH, GIT_REPOSITORY, PROXY, RATE_LIMIT, RETRIES, TIMEOUT,
-								USER_AGENT)
+								PATH, PROXY, RATE_LIMIT, RETRIES, TIMEOUT, USER_AGENT, STRING, URL)
 from secator.tasks._categories import Vuln
 from secator.output_types import Vulnerability, Tag, Info, Error
 
@@ -15,10 +14,12 @@ from secator.output_types import Vulnerability, Tag, Info, Error
 class trivy(Vuln):
 	"""Comprehensive and versatile security scanner."""
 	cmd = 'trivy'
+	input_types = [PATH, URL, STRING]
+	output_types = [Tag, Vulnerability]
 	tags = ['vuln', 'scan']
-	input_flag = None
-	input_types = [DOCKER_IMAGE, PATH, GIT_REPOSITORY]
+	input_chunk_size = 1
 	json_flag = '-f json'
+	version_flag = '--version'
 	opts = {
 		"mode": {"type": click.Choice(['image', 'fs', 'repo']), 'default': 'image', 'help': 'Trivy mode', 'required': True}  # noqa: E501
 	}
@@ -33,7 +34,6 @@ class trivy(Vuln):
 		TIMEOUT: OPT_NOT_SUPPORTED,
 		USER_AGENT: OPT_NOT_SUPPORTED
 	}
-	output_types = [Tag, Vulnerability]
 	install_version = 'v0.61.1'
 	install_cmd = (
 		'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh |'

secator/tasks/wafw00f.py

@@ -1,4 +1,5 @@
 import os
+import tempfile
 import yaml
 
 from secator.decorators import task
@@ -12,8 +13,9 @@ from secator.tasks._categories import OPTS
 class wafw00f(Command):
 	"""Web Application Firewall Fingerprinting tool."""
 	cmd = 'wafw00f'
-	tags = ['waf', 'scan']
 	input_types = [URL]
+	output_types = [Tag]
+	tags = ['waf', 'scan']
 	input_flag = None
 	file_flag = '-i'
 	json_flag = '-f json'
@@ -30,6 +32,9 @@ class wafw00f(Command):
 		'find_all': {'is_flag': True, 'short': 'ta', 'default': False, 'help': 'Find all WAFs which match the signatures, do not stop testing on the first one'},  # noqa: E501
 		'no_follow_redirects': {'is_flag': True, 'short': 'nfr', 'default': False, 'help': 'Do not follow redirections given by 3xx responses'},  # noqa: E501
 	}
+	opt_value_map = {
+		HEADER: lambda x: wafw00f.headers_to_file(x)
+	}
 	opt_key_map = {
 		HEADER: 'headers',
 		PROXY: 'proxy',
@@ -37,7 +42,6 @@ class wafw00f(Command):
 		'find_all': 'findall',
 		'no_follow_redirects': 'noredirect',
 	}
-	output_types = [Tag]
 	install_version = 'v2.3.1'
 	install_cmd = 'pipx install git+https://github.com/EnableSecurity/wafw00f.git@[install_version] --force'
 	install_github_handle = 'EnableSecurity/wafw00f'
@@ -81,5 +85,19 @@ class wafw00f(Command):
 			yield Tag(
 				name=waf_name + ' WAF',
 				match=url,
-				extra_data={'waf_name': waf_name, 'manufacter': manufacter, 'trigger_url': match}
+				extra_data={
+					'waf_name': waf_name,
+					'manufacter': manufacter,
+					'trigger_url': match,
+					'headers': self.get_opt_value('header', preprocess=True)
+				}
 			)
+
+	@staticmethod
+	def headers_to_file(headers):
+		temp_dir = tempfile.gettempdir()
+		header_file = f'{temp_dir}/headers.txt'
+		with open(header_file, 'w') as f:
+			for header in headers.split(';;'):
+				f.write(f'{header}\n')
+		return header_file

secator/tasks/wpprobe.py

@@ -1,96 +1,103 @@
+import os
+import re
 import click
 import yaml
 
 from secator.decorators import task
 from secator.runners import Command
 from secator.definitions import OUTPUT_PATH, THREADS, URL
-from secator.output_types import Vulnerability, Tag, Info, Warning
+from secator.output_types import Vulnerability, Tag, Info, Warning, Error
 from secator.tasks._categories import OPTS
 
 
 @task()
 class wpprobe(Command):
-    """Fast wordpress plugin enumeration tool."""
-    cmd = 'wpprobe'
-    tags = ['vuln', 'scan', 'wordpress']
-    file_flag = '-f'
-    input_flag = '-u'
-    input_types = [URL]
-    opt_prefix = '-'
-    opts = {
-        'mode': {'type': click.Choice(['scan', 'update', 'update-db']), 'default': 'scan', 'help': 'WPProbe mode', 'required': True, 'internal': True},  # noqa: E501
-        'output_path': {'type': str, 'default': None, 'help': 'Output JSON file path', 'internal': True, 'display': False},  # noqa: E501
-    }
-    meta_opts = {
-        THREADS: OPTS[THREADS]
-    }
-    opt_key_map = {
-        THREADS: 't'
-    }
-    output_types = [Vulnerability, Tag]
-    install_version = 'v0.5.6'
-    install_cmd = 'go install github.com/Chocapikk/wpprobe@[install_version]'
-    install_github_handle = 'Chocapikk/wpprobe'
-    install_post = {
-        '*': 'wpprobe update && wpprobe update-db'
-    }
+	"""Fast wordpress plugin enumeration tool."""
+	cmd = 'wpprobe'
+	input_types = [URL]
+	output_types = [Vulnerability, Tag]
+	tags = ['vuln', 'scan', 'wordpress']
+	file_flag = '-f'
+	input_flag = '-u'
+	opt_prefix = '-'
+	opts = {
+		'mode': {'type': click.Choice(['scan', 'update', 'update-db']), 'default': 'scan', 'help': 'WPProbe mode', 'required': True, 'internal': True},  # noqa: E501
+		'output_path': {'type': str, 'default': None, 'help': 'Output JSON file path', 'internal': True, 'display': False},  # noqa: E501
+	}
+	meta_opts = {
+		THREADS: OPTS[THREADS]
+	}
+	opt_key_map = {
+		THREADS: 't'
+	}
+	install_version = 'v0.5.6'
+	install_cmd = 'go install github.com/Chocapikk/wpprobe@[install_version]'
+	install_github_handle = 'Chocapikk/wpprobe'
+	install_post = {
+		'*': 'wpprobe update && wpprobe update-db'
+	}
 
-    @staticmethod
-    def on_cmd(self):
-        mode = self.get_opt_value('mode')
-        if mode == 'update' or mode == 'update-db':
-            self.cmd = f'{wpprobe.cmd} {mode}'
-            return
-        self.cmd = self.cmd.replace(wpprobe.cmd, f'{wpprobe.cmd} {mode}')
-        output_path = self.get_opt_value(OUTPUT_PATH)
-        if not output_path:
-            output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
-        self.output_path = output_path
-        self.cmd += f' -o {self.output_path}'
+	@staticmethod
+	def on_cmd(self):
+		mode = self.get_opt_value('mode')
+		if mode == 'update' or mode == 'update-db':
+			self.cmd = f'{wpprobe.cmd} {mode}'
+			return
+		self.cmd = re.sub(wpprobe.cmd, f'{wpprobe.cmd} {mode}', self.cmd, 1)
+		output_path = self.get_opt_value(OUTPUT_PATH)
+		if not output_path:
+			output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
+		self.output_path = output_path
+		self.cmd += f' -o {self.output_path}'
 
-    @staticmethod
-    def on_cmd_done(self):
-        if not self.get_opt_value('mode') == 'scan':
-            return
-        yield Info(message=f'JSON results saved to {self.output_path}')
-        with open(self.output_path, 'r') as f:
-            results = yaml.safe_load(f.read())
-            if not results or 'url' not in results:
-                yield Warning(message='No results found !')
-                return
-            url = results['url']
-            for plugin_name, plugin_data in results['plugins'].items():
-                for plugin_data_version in plugin_data:
-                    plugin_version = plugin_data_version['version']
-                    yield Tag(
-                        name=f'Wordpress plugin - {plugin_name} {plugin_version}',
-                        match=url,
-                        extra_data={
-                            'name': plugin_name,
-                            'version': plugin_version
-                        }
-                    )
-                    severities = plugin_data_version.get('severities', {})
-                    for severity, severity_data in severities.items():
-                        if severity == 'None':
-                            severity = 'unknown'
-                        for item in severity_data:
-                            for vuln in item['vulnerabilities']:
-                                auth_type = item.get('auth_type')
-                                extra_data = {
-                                    'plugin_name': plugin_name,
-                                    'plugin_version': plugin_version,
-                                }
-                                if auth_type:
-                                    extra_data['auth_type'] = auth_type
-                                yield Vulnerability(
-                                    name=vuln['title'],
-                                    id=vuln['cve'],
-                                    severity=severity,
-                                    cvss_score=vuln['cvss_score'],
-                                    tags=[plugin_name],
-                                    reference=vuln['cve_link'],
-                                    extra_data=extra_data,
-                                    matched_at=url,
-                                    confidence='high'
-                                )
+	@staticmethod
+	def on_cmd_done(self):
+		if not self.get_opt_value('mode') == 'scan':
+			return
+
+		if not os.path.exists(self.output_path):
+			yield Error(message=f'Could not find JSON results in {self.output_path}')
+			return
+
+		yield Info(message=f'JSON results saved to {self.output_path}')
+		with open(self.output_path, 'r') as f:
+			results = yaml.safe_load(f.read())
+			if not results or 'url' not in results:
+				yield Warning(message='No results found !')
+				return
+			url = results['url']
+			for plugin_name, plugin_data in results['plugins'].items():
+				for plugin_data_version in plugin_data:
+					plugin_version = plugin_data_version['version']
+					yield Tag(
+						name=f'Wordpress plugin - {plugin_name} {plugin_version}',
+						match=url,
+						extra_data={
+							'name': plugin_name,
+							'version': plugin_version
+						}
+					)
+					severities = plugin_data_version.get('severities', {})
+					for severity, severity_data in severities.items():
+						if severity == 'None':
+							severity = 'unknown'
+						for item in severity_data:
+							for vuln in item['vulnerabilities']:
+								auth_type = item.get('auth_type')
+								extra_data = {
+									'plugin_name': plugin_name,
+									'plugin_version': plugin_version,
+								}
+								if auth_type:
+									extra_data['auth_type'] = auth_type
+								yield Vulnerability(
+									name=vuln['title'],
+									id=vuln['cve'],
+									severity=severity,
+									cvss_score=vuln['cvss_score'],
+									tags=[plugin_name],
+									reference=vuln['cve_link'],
+									extra_data=extra_data,
+									matched_at=url,
+									confidence='high'
+								)

secator/tasks/wpscan.py

@@ -17,10 +17,11 @@ from secator.tasks._categories import VulnHttp
 class wpscan(VulnHttp):
 	"""Wordpress security scanner."""
 	cmd = 'wpscan --force --verbose'
+	input_types = [URL]
+	output_types = [Vulnerability, Tag]
 	tags = ['vuln', 'scan', 'wordpress']
-	file_flag = None
 	input_flag = '--url'
-	input_types = [URL]
+	input_chunk_size = 1
 	json_flag = '-f json'
 	opt_prefix = '--'
 	opts = {
@@ -69,14 +70,14 @@ class wpscan(VulnHttp):
 			PROVIDER: 'wpscan',
 		},
 	}
-	output_types = [Vulnerability, Tag]
 	install_pre = {
 		'apt': ['make', 'kali:libcurl4t64', 'libffi-dev'],
 		'pacman': ['make', 'ruby-erb'],
 		'*': ['make']
 	}
-	install_version = '3.8.28'
-	install_cmd = f'gem install wpscan -v [install_version] --user-install -n {CONFIG.dirs.bin}'
+	install_github_handle = 'wpscanteam/wpscan'
+	install_version = 'v3.8.28'
+	install_cmd = f'gem install wpscan -v [install_version_strip] --user-install -n {CONFIG.dirs.bin}'
 	install_post = {
 		'kali': (
 			f'gem uninstall nokogiri --user-install -n {CONFIG.dirs.bin} --force --executables && '