secator 0.15.1__py3-none-any.whl → 0.16.0__py3-none-any.whl

secator/output_types/target.py

@@ -2,12 +2,13 @@ import time
 from dataclasses import dataclass, field
 
 from secator.output_types import OutputType
-from secator.utils import rich_to_ansi, rich_escape as _s
+from secator.utils import autodetect_type, rich_to_ansi, rich_escape as _s
 
 
 @dataclass
 class Target(OutputType):
 	name: str
+	type: str = ''
 	_source: str = field(default='', repr=True)
 	_type: str = field(default='target', repr=True)
 	_timestamp: int = field(default_factory=lambda: time.time(), compare=False)
@@ -19,12 +20,19 @@ class Target(OutputType):
 
 	_table_fields = [
 		'name',
+		'type',
 	]
-	_sort_by = ('name',)
+	_sort_by = ('type', 'name')
+
+	def __post_init__(self):
+		if not self.type:
+			self.type = autodetect_type(self.name)
 
 	def __str__(self):
 		return self.name
 
 	def __repr__(self):
 		s = f'🎯 {_s(self.name)}'
+		if self.type:
+			s += f' ({self.type})'
 		return rich_to_ansi(s)

secator/output_types/url.py

@@ -2,9 +2,9 @@ import time
 from dataclasses import dataclass, field
 
 from secator.definitions import (CONTENT_LENGTH, CONTENT_TYPE, STATUS_CODE,
-								 TECH, TIME, TITLE, URL, WEBSERVER)
+								 TECH, TITLE, URL, WEBSERVER, METHOD)
 from secator.output_types import OutputType
-from secator.utils import rich_to_ansi, trim_string, rich_escape as _s
+from secator.utils import rich_to_ansi, trim_string, format_object, rich_escape as _s
 from secator.config import CONFIG
 
 
@@ -24,7 +24,9 @@ class Url(OutputType):
 	lines: int = field(default=0, compare=False)
 	screenshot_path: str = field(default='', compare=False)
 	stored_response_path: str = field(default='', compare=False)
-	headers: dict = field(default_factory=dict, repr=True, compare=False)
+	response_headers: dict = field(default_factory=dict, repr=True, compare=False)
+	request_headers: dict = field(default_factory=dict, repr=True, compare=False)
+	extra_data: dict = field(default_factory=dict, compare=False)
 	_source: str = field(default='', repr=True, compare=False)
 	_type: str = field(default='url', repr=True)
 	_timestamp: int = field(default_factory=lambda: time.time(), compare=False)
@@ -36,13 +38,15 @@ class Url(OutputType):
 
 	_table_fields = [
 		URL,
+		METHOD,
 		STATUS_CODE,
 		TITLE,
 		WEBSERVER,
 		TECH,
 		CONTENT_TYPE,
 		CONTENT_LENGTH,
-		TIME
+		'stored_response_path',
+		'screenshot_path',
 	]
 	_sort_by = (URL,)
 
@@ -59,15 +63,17 @@ class Url(OutputType):
 		s = f'🔗 [white]{_s(self.url)}'
 		if self.method and self.method != 'GET':
 			s += rf' \[[turquoise4]{self.method}[/]]'
+		if self.request_headers:
+			s += rf'{format_object(self.request_headers, "gold3", skip_keys=["user_agent"])}'
 		if self.status_code and self.status_code != 0:
 			if self.status_code < 400:
 				s += rf' \[[green]{self.status_code}[/]]'
 			else:
 				s += rf' \[[red]{self.status_code}[/]]'
 		if self.title:
-			s += rf' \[[green]{trim_string(self.title)}[/]]'
+			s += rf' \[[spring_green3]{trim_string(self.title)}[/]]'
 		if self.webserver:
-			s += rf' \[[magenta]{_s(self.webserver)}[/]]'
+			s += rf' \[[bold magenta]{_s(self.webserver)}[/]]'
 		if self.tech:
 			techs_str = ', '.join([f'[magenta]{_s(tech)}[/]' for tech in self.tech])
 			s += f' [{techs_str}]'
@@ -77,6 +83,12 @@ class Url(OutputType):
 			cl = str(self.content_length)
 			cl += '[bold red]+[/]' if self.content_length == CONFIG.http.response_max_size_bytes else ''
 			s += rf' \[[magenta]{cl}[/]]'
+		if self.response_headers and CONFIG.cli.show_http_response_headers:
+			s += rf'{format_object(self.response_headers, "magenta", skip_keys=CONFIG.cli.exclude_http_response_headers)}'  # noqa: E501
+		if self.extra_data:
+			s += format_object(self.extra_data, 'yellow')
 		if self.screenshot_path:
-			s += rf' \[[magenta]{_s(self.screenshot_path)}[/]]'
+			s += rf' [link=file://{self.screenshot_path}]:camera:[/]'
+		if self.stored_response_path:
+			s += rf' [link=file://{self.stored_response_path}]:pencil:[/]'
 		return rich_to_ansi(s)

secator/output_types/vulnerability.py

@@ -5,7 +5,7 @@ from typing import List
 from secator.definitions import (CONFIDENCE, CVSS_SCORE, EXTRA_DATA, ID,
 								 MATCHED_AT, NAME, REFERENCE, SEVERITY, TAGS)
 from secator.output_types import OutputType
-from secator.utils import rich_to_ansi, rich_escape as _s
+from secator.utils import rich_to_ansi, rich_escape as _s, format_object
 
 
 @dataclass
@@ -66,11 +66,11 @@ class Vulnerability(OutputType):
 
 	def __repr__(self):
 		data = self.extra_data
+
+		# TODO: review this
 		if 'data' in data and isinstance(data['data'], list):
-			data = ','.join(data['data'])
-		elif isinstance(data, dict):
-			data = ', '.join([f'{k}:{v}' for k, v in data.items()])
-		data = _s(data)
+			data = data['data']
+
 		tags = self.tags
 		colors = {
 			'critical': 'bold red',
@@ -81,12 +81,16 @@ class Vulnerability(OutputType):
 			'unknown': 'dim magenta'
 		}
 		c = colors.get(self.severity, 'dim magenta')
-		s = rf'🚨 \[[green]{_s(self.name)} [link={_s(self.reference)}]🡕[/link][/]] \[[{c}]{self.severity}[/]] {_s(self.matched_at)}'  # noqa: E501
+		name = self.name
+		if self.reference:
+			name += rf' [link={_s(self.reference)}]🡕[/link]'
+		s = rf'🚨 \[[green]{name}[/]]'
+		s += rf' \[[{c}]{self.severity}[/]] {_s(self.matched_at)}'  # noqa: E501
 		if tags:
 			tags_str = ','.join(tags)
 			s += rf' \[[cyan]{_s(tags_str)}[/]]'
 		if data:
-			s += rf' \[[yellow]{str(data)}[/]]'
+			s += format_object(data, 'yellow')
 		if self.confidence == 'low':
 			s = f'[dim]{s}[/]'
 		return rich_to_ansi(s)

secator/output_types/warning.py

@@ -1,7 +1,7 @@
 from dataclasses import dataclass, field
 import time
 from secator.output_types import OutputType
-from secator.utils import rich_to_ansi, rich_escape as _s
+from secator.utils import rich_to_ansi
 
 
 @dataclass
@@ -20,5 +20,5 @@ class Warning(OutputType):
 	_sort_by = ('_timestamp',)
 
 	def __repr__(self):
-		s = rf"\[[yellow]WRN[/]] {_s(self.message)}"
+		s = rf"\[[yellow]WRN[/]] {self.message}"
 		return rich_to_ansi(s)

secator/report.py

@@ -2,7 +2,7 @@ import operator
 
 from secator.config import CONFIG
 from secator.output_types import FINDING_TYPES, OutputType
-from secator.utils import merge_opts, get_file_timestamp, traceback_as_string
+from secator.utils import get_file_timestamp, traceback_as_string
 from secator.rich import console
 from secator.runners._helpers import extract_from_results
 
@@ -56,14 +56,7 @@ class Report:
 				)
 
 	def build(self, extractors=[], dedupe=CONFIG.runners.remove_duplicates):
-		# Trim options
-		from secator.decorators import DEFAULT_CLI_OPTIONS
-		opts = merge_opts(self.runner.config.options, self.runner.run_opts)
-		opts = {
-			k: v for k, v in opts.items()
-			if k not in DEFAULT_CLI_OPTIONS and k not in self.runner.print_opts
-			and v is not None
-		}
+		# Prepare report structure
 		runner_fields = {
 			'name',
 			'status',
@@ -75,8 +68,6 @@ class Report:
 			'run_opts',
 			'results_count'
 		}
-
-		# Prepare report structure
 		data = {
 			'info': {k: v for k, v in self.runner.toDict().items() if k in runner_fields},
 			'results': {}
@@ -96,12 +87,33 @@ class Report:
 			]
 			if items:
 				if sort_by and all(sort_by):
-					items = sorted(items, key=operator.attrgetter(*sort_by))
+					try:
+						items = sorted(items, key=operator.attrgetter(*sort_by))
+					except TypeError as e:
+						console.print(f'[bold red]Could not sort {output_name} by {sort_by}: {str(e)}[/]')
+						console.print(f'[dim]{traceback_as_string(e)}[/]')
 				if dedupe:
 					items = remove_duplicates(items)
-					# items = [item for item in items if not item._duplicate and item not in dedupe_from]
-				for extractor in extractors:
-					items = extract_from_results(items, extractors=[extractor])
+				if extractors:
+					all_res = []
+					extractors_type = [extractor for extractor in extractors if extractor.get('type') == output_name]
+					for extractor in extractors_type:
+						op = extractor.get('op', 'or')
+						res, errors = extract_from_results(items, extractors=[extractor])
+						# console.print(f'{extractor} --> {len(res)} results')
+						if not res:
+							continue
+						if errors:
+							data['info']['errors'] = errors
+						if res:
+							if op == 'or':
+								all_res = all_res + res
+							else:
+								if not all_res:
+									all_res = res
+								else:
+									all_res = [item for item in res if item in all_res]
+					items = remove_duplicates(all_res) if dedupe else all_res
 				data['results'][output_name] = items
 
 		# Save data

secator/rich.py

@@ -1,4 +1,5 @@
 import operator
+from pathlib import Path
 
 import yaml
 from rich.console import Console
@@ -37,14 +38,18 @@ def status_to_color(value):
 
 
 FORMATTERS = {
-	'confidence': criticity_to_color,
+	'confidence': lambda x: f'[dim]{x.upper()}[/]',
 	'severity': criticity_to_color,
 	'cvss_score': lambda score: '' if score == -1 else f'[bold cyan]{score}[/]',
 	'port': lambda port: f'[bold cyan]{port}[/]',
-	'url': lambda host: f'[bold underline blue]{host}[/]',
+	'url': lambda host: f'[bold underline blue link={host}]{host}[/]',
+	'stored_response_path': lambda path: f'[link=file://{path}]:pencil:[/]' if path and Path(path).exists() else '',
+	'screenshot_path': lambda path: f'[link=file://{path}]:camera:[/]' if path and Path(path).exists() else '',
 	'ip': lambda ip: f'[bold yellow]{ip}[/]',
 	'status_code': status_to_color,
-	'reference': lambda reference: f'[link={reference}]🡕[/]',
+	'reference': lambda reference: f'[link={reference}]{reference}[/]' if reference else '',
+	'matched_at': lambda matched_at: f'[link={matched_at}]{matched_at}[/]' if matched_at and matched_at.startswith('http') else '',  # noqa: E501
+	'match': lambda match: f'[link={match}]{match}[/]' if match else '',
 	'_source': lambda source: f'[bold gold3]{source}[/]'
 }
 
@@ -89,13 +94,16 @@ def build_table(items, output_fields=[], exclude_fields=[], sort_by=None):
 			key_str = key
 			if not key.startswith('_'):
 				key_str = ' '.join(key.split('_')).title()
-			no_wrap = key in ['url', 'reference', 'references', 'matched_at']
-			overflow = None if no_wrap else 'fold'
-			table.add_column(
-				key_str,
-				overflow=overflow,
-				min_width=10,
-				no_wrap=no_wrap)
+			# TODO: remove this as it's not needed anymore
+			# no_wrap = key in ['url', 'reference', 'references', 'matched_at']
+			# overflow = None if no_wrap else 'fold'
+			# print('key: ', key_str, 'overflow: ', overflow, 'no_wrap: ', no_wrap)
+			# table.add_column(
+			# 	key_str,
+			# 	overflow=overflow,
+			# 	min_width=10,
+			# 	no_wrap=no_wrap)
+			table.add_column(key_str)
 
 	if not keys:
 		table.add_column(