secator 0.16.2__py3-none-any.whl → 0.16.4__py3-none-any.whl

secator/celery.py

@@ -100,6 +100,8 @@ def update_state(celery_task, task, force=False):
 	"""Update task state to add metadata information."""
 	if not IN_CELERY_WORKER_PROCESS:
 		return
+	if task.no_live_updates:
+		return
 	if not force and not should_update(CONFIG.runners.backend_update_frequency, task.last_updated_celery):
 		return
 	task.last_updated_celery = time()
@@ -212,19 +214,42 @@ def run_command(self, results, name, targets, opts={}):
 		update_state(self, task)
 	update_state(self, task, force=True)
 
+	if CONFIG.addons.mongodb.enabled:
+		return [r._uuid for r in task.results]
 	return task.results
 
 
 @app.task
 def forward_results(results):
+	"""Forward results to the next task (bridge task).
+
+	Args:
+		results (list): Results to forward.
+
+	Returns:
+		list: List of uuids.
+	"""
 	if isinstance(results, list):
 		for ix, item in enumerate(results):
 			if isinstance(item, dict) and 'results' in item:
 				results[ix] = item['results']
 	elif 'results' in results:
 		results = results['results']
+
+	if IN_CELERY_WORKER_PROCESS:
+		console.print(Info(message=f'Deduplicating {len(results)} results'))
+
 	results = flatten(results)
-	results = deduplicate(results, attr='_uuid')
+	if CONFIG.addons.mongodb.enabled:
+		uuids = [r._uuid for r in results if hasattr(r, '_uuid')]
+		uuids.extend([r for r in results if isinstance(r, str)])
+		results = list(set(uuids))
+	else:
+		results = deduplicate(results, attr='_uuid')
+
+	if IN_CELERY_WORKER_PROCESS:
+		console.print(Info(message=f'Forwarded {len(results)} flattened and deduplicated results'))
+
 	return results
 
 
@@ -240,10 +265,17 @@ def mark_runner_started(results, runner, enable_hooks=True):
 	Returns:
 		list: Runner results
 	"""
+	if IN_CELERY_WORKER_PROCESS:
+		console.print(Info(message=f'Runner {runner.unique_name} has started, running mark_started'))
 	debug(f'Runner {runner.unique_name} has started, running mark_started', sub='celery')
 	if results:
-		runner.results = forward_results(results)
+		results = forward_results(results)
 	runner.enable_hooks = enable_hooks
+	if CONFIG.addons.mongodb.enabled:
+		from secator.hooks.mongodb import get_results
+		results = get_results(results)
+	for item in results:
+		runner.add_result(item, print=False)
 	runner.mark_started()
 	return runner.results
 
@@ -260,9 +292,14 @@ def mark_runner_completed(results, runner, enable_hooks=True):
 	Returns:
 		list: Final results
 	"""
+	if IN_CELERY_WORKER_PROCESS:
+		console.print(Info(message=f'Runner {runner.unique_name} has finished, running mark_completed'))
 	debug(f'Runner {runner.unique_name} has finished, running mark_completed', sub='celery')
 	results = forward_results(results)
 	runner.enable_hooks = enable_hooks
+	if CONFIG.addons.mongodb.enabled:
+		from secator.hooks.mongodb import get_results
+		results = get_results(results)
 	for item in results:
 		runner.add_result(item, print=False)
 	runner.mark_completed()

secator/configs/workflows/url_crawl.yaml

@@ -9,7 +9,7 @@ input_types:
 options:
   crawlers:
     type: list
-    help: Crawlers to use (katana, gospider)
+    help: Crawlers to use
     default: ['gau', 'katana']
     internal: True
 
@@ -36,17 +36,14 @@ tasks:
       description: Crawl URLs
       if: "'gospider' in opts.crawlers"
 
-  cariddi:
-    description: Hunt URLs patterns
-    info: True
-    secrets: True
-    errors: True
-    juicy_extensions: 1
-    juicy_endpoints: True
-    targets_:
-    - target.name
-    - url.url
-    if: opts.hunt_patterns
+    cariddi:
+      description: Hunt URLs patterns
+      info: True
+      secrets: True
+      errors: True
+      juicy_extensions: 1
+      juicy_endpoints: True
+      if: opts.hunt_patterns
 
   httpx:
     description: Run HTTP probes on crawled URLs

secator/hooks/gcs.py

@@ -11,7 +11,7 @@ from secator.utils import debug
 
 GCS_BUCKET_NAME = CONFIG.addons.gcs.bucket_name
 ITEMS_TO_SEND = {
-	'url': ['screenshot_path']
+	'url': ['screenshot_path', 'stored_response_path']
 }
 
 

secator/hooks/mongodb.py

@@ -6,7 +6,7 @@ from bson.objectid import ObjectId
 from celery import shared_task
 
 from secator.config import CONFIG
-from secator.output_types import FINDING_TYPES
+from secator.output_types import OUTPUT_TYPES
 from secator.runners import Scan, Task, Workflow
 from secator.utils import debug, escape_mongodb_url
 
@@ -46,6 +46,28 @@ def get_runner_dbg(runner):
 	}
 
 
+def get_results(uuids):
+	"""Get results from MongoDB based on a list of uuids.
+
+	Args:
+		uuids (list[str | Output]): List of uuids, but can also be a mix of uuids and output types.
+
+	Returns:
+		Generator of findings.
+	"""
+	client = get_mongodb_client()
+	db = client.main
+	del_uuids = []
+	for r in uuids:
+		if isinstance(r, tuple(OUTPUT_TYPES)):
+			yield r
+			del_uuids.append(r)
+	uuids = [ObjectId(u) for u in uuids if u not in del_uuids and ObjectId.is_valid(u)]
+	for r in db.findings.find({'_id': {'$in': uuids}}):
+		finding = load_finding(r)
+		yield finding
+
+
 def update_runner(self):
 	client = get_mongodb_client()
 	db = client.main
@@ -78,7 +100,7 @@ def update_runner(self):
 
 
 def update_finding(self, item):
-	if type(item) not in FINDING_TYPES:
+	if type(item) not in OUTPUT_TYPES:
 		return item
 	start_time = time.time()
 	client = get_mongodb_client()
@@ -120,7 +142,7 @@ def find_duplicates(self):
 def load_finding(obj):
 	finding_type = obj['_type']
 	klass = None
-	for otype in FINDING_TYPES:
+	for otype in OUTPUT_TYPES:
 		if finding_type == otype.get_name():
 			klass = otype
 			item = klass.load(obj)

secator/runners/_base.py

@@ -117,6 +117,7 @@ class Runner:
 
 		# Runner process options
 		self.no_poll = self.run_opts.get('no_poll', False)
+		self.no_live_updates = self.run_opts.get('no_live_updates', False)
 		self.no_process = not self.run_opts.get('process', True)
 		self.piped_input = self.run_opts.get('piped_input', False)
 		self.piped_output = self.run_opts.get('piped_output', False)
@@ -177,6 +178,10 @@ class Runner:
 
 		# Add prior results to runner results
 		self.debug(f'adding {len(results)} prior results to runner', sub='init')
+		if CONFIG.addons.mongodb.enabled:
+			self.debug('adding prior results from MongoDB', sub='init')
+			from secator.hooks.mongodb import get_results
+			results = get_results(results)
 		for result in results:
 			self.add_result(result, print=False, output=False, hooks=False, queue=not self.has_parent)
 
@@ -188,8 +193,8 @@ class Runner:
 		for target in targets:
 			self.add_result(target, print=False, output=False)
 
-		# Run extractors on results and targets
-		self._run_extractors(results + targets)
+		# Run extractors on results
+		self._run_extractors()
 		self.debug(f'inputs ({len(self.inputs)})', obj=self.inputs, sub='init')
 		self.debug(f'run opts ({len(self.resolved_opts)})', obj=self.resolved_opts, sub='init')
 		self.debug(f'print opts ({len(self.resolved_print_opts)})', obj=self.resolved_print_opts, sub='init')
@@ -429,12 +434,12 @@ class Runner:
 			if error:
 				self.add_result(error)
 
-	def _run_extractors(self, results):
+	def _run_extractors(self):
 		"""Run extractors on results and targets."""
 		self.debug('running extractors', sub='init')
 		ctx = {'opts': DotMap(self.run_opts), 'targets': self.inputs, 'ancestor_id': self.ancestor_id}
 		inputs, run_opts, errors = run_extractors(
-			results,
+			self.results,
 			self.run_opts,
 			self.inputs,
 			ctx=ctx,

secator/tasks/bup.py

@@ -20,6 +20,7 @@ class bup(Http):
 	output_types = [Url, Progress]
 	tags = ['url', 'bypass']
 	input_flag = '-u'
+	file_flag = '-R'
 	json_flag = '--jsonl'
 	opt_prefix = '--'
 	opts = {

secator/tasks/dalfox.py

@@ -25,9 +25,10 @@ class dalfox(VulnHttp):
 	output_types = [Vulnerability, Url]
 	tags = ['url', 'fuzz']
 	input_flag = 'url'
+	input_chunk_size = 20
 	file_flag = 'file'
 	# input_chunk_size = 1
-	json_flag = '--format json'
+	json_flag = '--format jsonl'
 	version_flag = 'version'
 	opt_prefix = '--'
 	opt_key_map = {
@@ -65,11 +66,6 @@ class dalfox(VulnHttp):
 	proxy_http = True
 	profile = 'cpu'
 
-	@staticmethod
-	def on_line(self, line):
-		line = line.rstrip(',')
-		return line
-
 	@staticmethod
 	def on_json_loaded(self, item):
 		if item.get('type', '') == 'V':

{secator-0.16.2.dist-info → secator-0.16.4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: secator
-Version: 0.16.2
+Version: 0.16.4
 Summary: The pentester's swiss knife.
 Project-URL: Homepage, https://github.com/freelabz/secator
 Project-URL: Issues, https://github.com/freelabz/secator/issues

{secator-0.16.2.dist-info → secator-0.16.4.dist-info}/RECORD

@@ -1,6 +1,6 @@
 secator/.gitignore,sha256=da8MUc3hdb6Mo0WjZu2upn5uZMbXcBGvhdhTQ1L89HI,3093
 secator/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-secator/celery.py,sha256=9sdgWHg1AgIu_RrqWffjBLSVFL0cbS71n4pjhmnFYiM,10037
+secator/celery.py,sha256=st9wpAwilYk5BCO18wscGt0vqQdCIP4Pynw_9RcvWec,11246
 secator/celery_signals.py,sha256=R4ZNBPKSxUvesGCvZ7MXoRkWNOTMS5hraZzjLh5sQ0o,4191
 secator/celery_utils.py,sha256=vhL5ZxXDn3ODvyVxMijKyUTJ1dOisMDjF_PhFUyOVSA,9451
 secator/cli.py,sha256=lzgttr8-Hib1X6bGi8PCOfX90incum7ZFR5x46cDZ34,60887
@@ -41,7 +41,7 @@ secator/configs/workflows/code_scan.yaml,sha256=7mJi7Z42tr6vGG2j2Xy-nl5arITk9Nyr
 secator/configs/workflows/host_recon.yaml,sha256=HKDAkBZXT3m5SzKovs8dJdJEn5uFHCVZq-0fFovZRKg,1571
 secator/configs/workflows/subdomain_recon.yaml,sha256=VOYcjYjHRRebe1TAYphh-zpSq8W5_q-6DDeMja2dlek,1896
 secator/configs/workflows/url_bypass.yaml,sha256=_uBzDhevJ2DOD9UkE25n7ZrmnjjfdU3lV3mnUudgdU0,180
-secator/configs/workflows/url_crawl.yaml,sha256=JqpTNw11NLsLCcHFHllTYSqQ9ingO1uwDoZ7c3YqxJI,1121
+secator/configs/workflows/url_crawl.yaml,sha256=AFvYBXYZzZhFte40pjNG04hl9MDW9KXCMx9vPSkWUKs,1072
 secator/configs/workflows/url_dirsearch.yaml,sha256=_4TdMSVLt2lIbx8ucn0R04tkMUqhG2i-m3JxCofx4mo,670
 secator/configs/workflows/url_fuzz.yaml,sha256=a-ZvZrcPBaeVhRrxox8fq25SKMJflyAkKWLqJeC3xD4,911
 secator/configs/workflows/url_params_fuzz.yaml,sha256=ufGbW4GUtEZee0M1WPVo0w6ZCEH6xmuDO6VCjPaw8AQ,796
@@ -57,8 +57,8 @@ secator/exporters/json.py,sha256=1ZtDf8RksPO_V0zIvnwDUxMUb630DCElAMM8_RQvyAo,474
 secator/exporters/table.py,sha256=zYNmwNGEyB6dTJ1ATVkrv-AOuPjrW6tvk1_4naLQo8Q,1114
 secator/exporters/txt.py,sha256=t_FykaJOxs4UUlqiH4k6HCccEqYqc8e3iNZndL_CKPg,739
 secator/hooks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-secator/hooks/gcs.py,sha256=MIhntyWYz9BZdTXhWl5JznaczSq1_7fl3TVqPufuTSo,1490
-secator/hooks/mongodb.py,sha256=5Rbmjd6JuLNH_1GgkumMX1TeuMuU88gzYxoDMkHh1OY,7638
+secator/hooks/gcs.py,sha256=CNQmDWbwnIA1mDhzwO75P8907lAFd5-vA2sJVMbhAiY,1514
+secator/hooks/mongodb.py,sha256=fCm_E1hxgSl9C6l4eGW8J-Jjstvbfy9daITWYcmNTe8,8198
 secator/output_types/__init__.py,sha256=CJcYy2_Ek-opKiBz4wFlDHQBTm3t0JVwZ4w_2Jxoeuw,1291
 secator/output_types/_base.py,sha256=9iBqPdtlfJBldBiuC729KamHHGbKhwo69P-2UNwz-3Q,2874
 secator/output_types/certificate.py,sha256=IXW3GN0JRmuDgoedr8NV8ccuRQOuoInNZWnAKL8zeqY,3040
@@ -79,7 +79,7 @@ secator/output_types/user_account.py,sha256=EvF3Ebg9eXS_-iDguU1dSHZ9wAsJimEJznDv
 secator/output_types/vulnerability.py,sha256=eWJDFCYf3sP5-hPKQT-4Kd5id9bJzTW2u-O_d_4P6EA,2849
 secator/output_types/warning.py,sha256=iy949Aj5OXJLWif7HFB5EvjcYrgKHAzIP9ffyLTV7LA,830
 secator/runners/__init__.py,sha256=EBbOk37vkBy9p8Hhrbi-2VtM_rTwQ3b-0ggTyiD22cE,290
-secator/runners/_base.py,sha256=ohSQE42HK4hZqKq1OBWW7C6Ygz0IiZRmiJITZOXB1sM,40445
+secator/runners/_base.py,sha256=IkAQfPzz_kou5Pa82y-2Wmtp_lIudKMc9ix8_NP4370,40663
 secator/runners/_helpers.py,sha256=TeebZnpo4cp-9tpgPlDoFm_gmr00_CERAC1aOYhTzA4,6281
 secator/runners/celery.py,sha256=bqvDTTdoHiGRCt0FRvlgFHQ_nsjKMP5P0PzGbwfCj_0,425
 secator/runners/command.py,sha256=5fmwmqkUkomceLUSp2rtJvn_ydE2gI95rqS4WKWciYI,30200
@@ -95,9 +95,9 @@ secator/tasks/__init__.py,sha256=Op0O0Aa8c124AfDG-cEB9VLRsXZ1wXTpVrT3g-wxMNg,184
 secator/tasks/_categories.py,sha256=yns_5PBKStp6TJEeaYB6yFUjkFMmLh7LEuxcNcADNro,14962
 secator/tasks/arjun.py,sha256=WdRZtTCd2Ejbv5HlLS_FoWVKgGpMsR6RCDekV2kR788,3061
 secator/tasks/bbot.py,sha256=moIkwd52jCKaeg1v6Nv4Gfmd4GPObo9c9nwOzQvf-2M,9236
-secator/tasks/bup.py,sha256=bl5NzoPr_YLy9Ei7JU9CM0-bW9iZsuFe3Ft8KJjN9ws,3849
+secator/tasks/bup.py,sha256=9IXsCqMdhOeZcCsQB2L4IJ3Kzm2oQKDE7mflGljm0lM,3867
 secator/tasks/cariddi.py,sha256=iT-2Aryw2PPrzPedc-N_E--DxKFz_gSrcJj4z5PGQf8,4142
-secator/tasks/dalfox.py,sha256=v-TI5B-PCZRe6dU9caQfGJPyAPSbRRCohdIlIFvNAq8,2551
+secator/tasks/dalfox.py,sha256=DWz0VWBH5SU_AyHU36YC88vAEyJ1hXkKKKNXgQvwlrU,2493
 secator/tasks/dirsearch.py,sha256=_6xPZYpNsbwR4d9NFQw3NXxQKn5zyfO1lyrWzl5p7NY,2469
 secator/tasks/dnsx.py,sha256=2qNC-wSjS33geuHMOwuBapLwKEvWTlDgnmvM67ZSJVA,4220
 secator/tasks/feroxbuster.py,sha256=dz_DGw_CbVGw9AeFjtrAEQwoxDgKzYC-KT9VLwE5UlE,3022
@@ -125,8 +125,8 @@ secator/tasks/wafw00f.py,sha256=9CnV9F7ZrykO27F3PAb5HtwULDMYEKGSTbz-jh0kc2g,3189
 secator/tasks/wpprobe.py,sha256=1QPJ-7JvhL7LFvjUTAmqpH2Krp-Qmi079lonso16YPQ,3229
 secator/tasks/wpscan.py,sha256=dBkbG9EODHDUBAA8uNVULX4SdVgTCAi_F1T1oCfRbsI,5852
 secator/workflows/__init__.py,sha256=XOviyjSylZ4cuVmmQ76yuqZRdmvOEghqAnuw_4cLmfk,702
-secator-0.16.2.dist-info/METADATA,sha256=a4iplxAqNbPumdRuvA6D1AZFKsUQOQfVqwVnmdC80Wo,17253
-secator-0.16.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-secator-0.16.2.dist-info/entry_points.txt,sha256=lPgsqqUXWgiuGSfKy-se5gHdQlAXIwS_A46NYq7Acic,44
-secator-0.16.2.dist-info/licenses/LICENSE,sha256=19W5Jsy4WTctNkqmZIqLRV1gTDOp01S3LDj9iSgWaJ0,2867
-secator-0.16.2.dist-info/RECORD,,
+secator-0.16.4.dist-info/METADATA,sha256=E_R6VdalGxZysqe043SuT0M_897S8cT5kXhmwOSWLpY,17253
+secator-0.16.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+secator-0.16.4.dist-info/entry_points.txt,sha256=lPgsqqUXWgiuGSfKy-se5gHdQlAXIwS_A46NYq7Acic,44
+secator-0.16.4.dist-info/licenses/LICENSE,sha256=19W5Jsy4WTctNkqmZIqLRV1gTDOp01S3LDj9iSgWaJ0,2867
+secator-0.16.4.dist-info/RECORD,,