secator 0.17.0__py3-none-any.whl → 0.18.0__py3-none-any.whl

secator/config.py

@@ -145,7 +145,7 @@ class Wordlists(StrictModel):
 	templates: Dict[str, str] = {
 		'bo0m_fuzz': 'https://raw.githubusercontent.com/Bo0oM/fuzz.txt/master/fuzz.txt',
 		'combined_subdomains': 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/combined_subdomains.txt',  # noqa: E501
-		'directory_list_small': 'https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Discovery/Web-Content/directory-list-2.3-small.txt',  # noqa: E501
+		'directory_list_small': 'https://gist.githubusercontent.com/sl4v/c087e36164e74233514b/raw/c51a811c70bbdd87f4725521420cc30e7232b36d/directory-list-2.3-small.txt',  # noqa: E501
 	}
 	lists: Dict[str, List[str]] = {}
 

secator/configs/workflows/user_hunt.yaml

@@ -6,7 +6,19 @@ tags: [user_account]
 input_types:
   - slug
   - string
+  - email
 
 tasks:
-  maigret:
-    description: Hunt user accounts
+  _group/hunt_users:
+    maigret:
+      description: Hunt user accounts
+      targets_:
+        - type: target
+          field: name
+          condition: target.type != 'email'
+    h8mail:
+      description: Find password leaks
+      targets_:
+        - type: target
+          field: name
+          condition: target.type == 'email'

secator/configs/workflows/wordpress.yaml

@@ -5,15 +5,28 @@ description: Wordpress vulnerability scan
 tags: [http, wordpress, vulnerability]
 input_types:
   - url
+  - ip
+  - host
+  - host:port
 
 tasks:
+  httpx:
+    description: URL probe
+    tech_detect: True
+
   _group/hunt_wordpress:
     nuclei:
       description: Nuclei Wordpress scan
       tags: [wordpress]
+      targets_:
+      - url.url
 
     wpscan:
       description: WPScan
+      targets_:
+      - url.url
 
     wpprobe:
       description: WPProbe
+      targets_:
+      - url.url

secator/runners/_base.py

@@ -179,14 +179,14 @@ class Runner:
 		# Add prior results to runner results
 		self.debug(f'adding {len(results)} prior results to runner', sub='init')
 		if CONFIG.addons.mongodb.enabled:
-			self.debug('adding prior results from MongoDB', sub='init')
+			self.debug(f'loading {len(results)} results from MongoDB', sub='init')
 			from secator.hooks.mongodb import get_results
 			results = get_results(results)
 		for result in results:
 			self.add_result(result, print=False, output=False, hooks=False, queue=not self.has_parent)
 
 		# Determine inputs
-		self.debug(f'resolving inputs with dynamic opts ({len(self.dynamic_opts)})', obj=self.dynamic_opts, sub='init')
+		self.debug(f'resolving inputs with {len(self.dynamic_opts)} dynamic opts', obj=self.dynamic_opts, sub='init')
 		self.inputs = [inputs] if not isinstance(inputs, list) else inputs
 		self.inputs = list(set(self.inputs))
 		targets = [Target(name=target) for target in self.inputs]
@@ -463,12 +463,11 @@ class Runner:
 		if item._uuid and item._uuid in self.uuids:
 			return
 
-		# Keep existing ancestor id in context
-		ancestor_id = item._context.get('ancestor_id', None)
-
-		# Set context
-		item._context.update(self.context)
-		item._context['ancestor_id'] = ancestor_id or self.ancestor_id
+		# Update context with runner info
+		ctx = item._context.copy()
+		item._context = self.context.copy()
+		item._context.update(ctx)
+		item._context['ancestor_id'] = ctx.get('ancestor_id') or self.ancestor_id
 
 		# Set uuid
 		if not item._uuid:
@@ -756,6 +755,7 @@ class Runner:
 			'last_updated_db': self.last_updated_db,
 			'context': self.context,
 			'errors': [e.toDict() for e in self.errors],
+			'warnings': [w.toDict() for w in self.warnings],
 		})
 		return data
 

secator/runners/command.py

@@ -419,10 +419,13 @@ class Command(Runner):
 			self.print_command()
 
 			# Check for sudo requirements and prepare the password if needed
-			sudo_password, error = self._prompt_sudo(self.cmd)
-			if error:
-				yield Error(message=error)
-				return
+			sudo_required = re.search(r'\bsudo\b', self.cmd)
+			sudo_password = None
+			if sudo_required:
+				sudo_password, error = self._prompt_sudo(self.cmd)
+				if error:
+					yield Error(message=error)
+					return
 
 			# Prepare cmds
 			command = self.cmd if self.shell else shlex.split(self.cmd)
@@ -450,7 +453,7 @@ class Command(Runner):
 				stdout=subprocess.PIPE,
 				stderr=subprocess.STDOUT,
 				universal_newlines=True,
-				preexec_fn=os.setsid,
+				preexec_fn=os.setsid if not sudo_required else None,
 				shell=self.shell,
 				env=env,
 				cwd=self.cwd)
@@ -688,7 +691,7 @@ class Command(Runner):
 				['sudo', '-S', '-p', '', 'true'],
 				input=sudo_password + "\n",
 				text=True,
-				capture_output=True
+				capture_output=True,
 			)
 			if result.returncode == 0:
 				return sudo_password, None  # Password is correct

secator/tasks/bup.py

@@ -20,7 +20,7 @@ class bup(Http):
 	output_types = [Url, Progress]
 	tags = ['url', 'bypass']
 	input_flag = '-u'
-	file_flag = '-R'
+	file_flag = '-u'
 	json_flag = '--jsonl'
 	opt_prefix = '--'
 	opts = {

secator/tasks/fping.py

@@ -17,7 +17,10 @@ class fping(ReconIp):
 	file_flag = '-f'
 	input_flag = None
 	opts = {
-		'reverse_dns': {'is_flag': True, 'default': False, 'short': 'r', 'help': 'Reverse DNS lookup (slower)'}
+		'count': {'type': int, 'default': None, 'help': 'Number of request packets to send to each target'},
+		'show_name': {'is_flag': True, 'default': False, 'help': 'Show network addresses as well as hostnames'},
+		'use_dns': {'is_flag': True, 'default': False, 'help': 'Use DNS to lookup address of return packet (same as -n but will force reverse-DNS lookup for hostnames)'},  # noqa: E501
+		'summary': {'is_flag': True, 'default': False, 'help': 'Print cumulative statistics upon exit'},
 	}
 	opt_prefix = '--'
 	opt_key_map = {
@@ -27,11 +30,14 @@ class fping(ReconIp):
 		RETRIES: 'retry',
 		TIMEOUT: 'timeout',
 		THREADS: OPT_NOT_SUPPORTED,
-		'reverse_dns': 'r'
+		'count': '-c',
+		'show_name': '-n',
+		'use_dns': '-d',
+		'summary': '-s',
 	}
 	opt_value_map = {
-		DELAY: lambda x: x * 1000,  # convert s to ms
-		TIMEOUT: lambda x: x * 1000  # convert s to ms
+		DELAY: lambda x: int(x) * 1000,  # convert s to ms
+		TIMEOUT: lambda x: int(x) * 1000  # convert s to ms
 	}
 	install_github_handle = 'schweikert/fping'
 	install_version = 'v5.1'
@@ -41,9 +47,20 @@ class fping(ReconIp):
 	@staticmethod
 	def item_loader(self, line):
 		if '(' in line:
-			host, ip = tuple(t.strip() for t in line.rstrip(')').split('('))
-			if (validators.ipv4(host) or validators.ipv6(host)):
-				host = ''
+
+			line_part = line.split(' : ')[0] if ' : ' in line else line    # Removing the stat parts that appears when using -c
+
+			start_paren = line_part.find('(')
+			end_paren = line_part.find(')', start_paren)
+
+			if start_paren != -1 and end_paren != -1:
+				host = line_part[:start_paren].strip()
+				ip = line_part[start_paren+1:end_paren].strip()
+
+				if (validators.ipv4(host) or validators.ipv6(host)):
+					host = ''
+			else:
+				return
 		else:
 			ip = line.strip()
 			host = ''

secator/tasks/maigret.py

@@ -42,8 +42,13 @@ class maigret(ReconUser):
 			EXTRA_DATA: lambda x: x['status'].get('ids', {})
 		}
 	}
-	install_version = '0.5.0a'
-	install_cmd = 'pipx install git+https://github.com/soxoj/maigret --force'
+	install_version = '0.5.0'
+	# install_pre = {
+	# 	'apt': ['libcairo2-dev'],
+	# 	'yum|zypper': ['cairo-devel'],
+	# 	'*': ['cairo']
+	# }
+	install_cmd = 'pipx install maigret==[install_version] --force'
 	socks5_proxy = True
 	profile = 'io'
 

secator/tasks/wpscan.py

@@ -11,6 +11,7 @@ from secator.definitions import (CONFIDENCE, CVSS_SCORE, DELAY, DESCRIPTION,
 							   URL, USER_AGENT)
 from secator.output_types import Tag, Vulnerability, Info, Error
 from secator.tasks._categories import VulnHttp
+from secator.installer import parse_version
 
 
 @task()
@@ -110,6 +111,12 @@ class wpscan(VulnHttp):
 		# Get URL
 		target = data.get('target_url', self.inputs[0])
 
+		# Get errors
+		scan_aborted = data.get('scan_aborted', False)
+		if scan_aborted:
+			yield Error(message=scan_aborted, traceback='\n'.join(data.get('trace', [])))
+			return
+
 		# Wordpress version
 		version = data.get('version', {})
 		if version:
@@ -133,7 +140,7 @@ class wpscan(VulnHttp):
 			location = main_theme['location']
 			if version:
 				number = version['number']
-				latest_version = main_theme.get('latest_version')
+				latest_version = main_theme.get('latest_version') or 'unknown'
 				yield Tag(
 					name=f'Wordpress theme - {slug} {number}',
 					match=target,
@@ -142,10 +149,12 @@ class wpscan(VulnHttp):
 						'latest_version': latest_version
 					}
 				)
-				if (latest_version and number < latest_version):
+				outdated = latest_version and parse_version(number) < parse_version(latest_version)
+				if outdated:
 					yield Vulnerability(
 						matched_at=target,
 						name=f'Wordpress theme - {slug} {number} outdated',
+						description=f'The wordpress theme {slug} is outdated, consider updating to the latest version {latest_version}',
 						confidence='high',
 						severity='info'
 					)
@@ -163,7 +172,7 @@ class wpscan(VulnHttp):
 			location = data['location']
 			if version:
 				number = version['number']
-				latest_version = data.get('latest_version')
+				latest_version = data.get('latest_version') or 'unknown'
 				yield Tag(
 					name=f'Wordpress plugin - {slug} {number}',
 					match=target,
@@ -172,10 +181,12 @@ class wpscan(VulnHttp):
 						'latest_version': latest_version
 					}
 				)
-				if (latest_version and number < latest_version):
+				outdated = latest_version and parse_version(number) < parse_version(latest_version)
+				if outdated:
 					yield Vulnerability(
 						matched_at=target,
 						name=f'Wordpress plugin - {slug} {number} outdated',
+						description=f'The wordpress plugin {slug} is outdated, consider updating to the latest version {latest_version}.',
 						confidence='high',
 						severity='info'
 					)

{secator-0.17.0.dist-info → secator-0.18.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: secator
-Version: 0.17.0
+Version: 0.18.0
 Summary: The pentester's swiss knife.
 Project-URL: Homepage, https://github.com/freelabz/secator
 Project-URL: Issues, https://github.com/freelabz/secator/issues

{secator-0.17.0.dist-info → secator-0.18.0.dist-info}/RECORD

@@ -6,7 +6,7 @@ secator/celery_utils.py,sha256=vhL5ZxXDn3ODvyVxMijKyUTJ1dOisMDjF_PhFUyOVSA,9451
 secator/cli.py,sha256=zmaMa-RhN3ENAPcfltTwUEE3Dobg9kKeVGTxsMN1v1g,61267
 secator/cli_helper.py,sha256=EJFl80fd1HcgMYbmiddMZssCD32YDiFLnr-UbLp61aQ,13720
 secator/click.py,sha256=pg7XPI7-wAhhEhd4aeAC8vHSqKi-H0zeFRlh0T-ayYg,2662
-secator/config.py,sha256=6CjGLMNNFWg1PAvW16v8SGceyngFs2SCEKjJhV2NtOU,20805
+secator/config.py,sha256=9YO8HB4qrpYkvxob-CSRVY67py-rQZA1VB8BM4hc4Xc,20813
 secator/cve.py,sha256=j47VOGyZjOvCY_xwVYS9fiXQPKHL5bPRtCnVAmbQthE,21356
 secator/decorators.py,sha256=uygU8MguxEO0BKXRvF4Nn2QEDnjqdIer8ReBj_j9ALg,88
 secator/definitions.py,sha256=sJaR9e_4aEgAo7cVzYQcD2lotXQPN_3lze_qWhKvo1M,3275
@@ -46,8 +46,8 @@ secator/configs/workflows/url_dirsearch.yaml,sha256=_4TdMSVLt2lIbx8ucn0R04tkMUqh
 secator/configs/workflows/url_fuzz.yaml,sha256=a-ZvZrcPBaeVhRrxox8fq25SKMJflyAkKWLqJeC3xD4,911
 secator/configs/workflows/url_params_fuzz.yaml,sha256=ufGbW4GUtEZee0M1WPVo0w6ZCEH6xmuDO6VCjPaw8AQ,796
 secator/configs/workflows/url_vuln.yaml,sha256=35uY0SpQGgaPulkBkQUcy0AdVwjslEJfVGhM9DQAXkk,1817
-secator/configs/workflows/user_hunt.yaml,sha256=WX3bpsPWexLXs5bF-OkniPwm8T6fXws7f284Zrybi8I,189
-secator/configs/workflows/wordpress.yaml,sha256=n-I1uNZEPS6oVmF7Rn996K85csSenTtoVycJt0PWnzk,340
+secator/configs/workflows/user_hunt.yaml,sha256=6XyiG-MnAdYmQsLe6qSqvT_8zFVisZAp-zJAu9ASv1U,485
+secator/configs/workflows/wordpress.yaml,sha256=1Lv23G3jcnkbfHzTMBEcyWG2baQ0Pdo3-pYXiwl82nY,525
 secator/exporters/__init__.py,sha256=PnT9Ra4ArHt9VQTK5Cpc4CPY89XRwLLUGtZ8nUcknm0,415
 secator/exporters/_base.py,sha256=wM1UT1PsSP1gX4gylvpQjBeAsk59F2Q2eFrt7AFU7jM,68
 secator/exporters/console.py,sha256=vbmSln4UrIpzjCQCs6JdZ2VRxjX8qQ1gznCPx89xbX0,263
@@ -79,10 +79,10 @@ secator/output_types/user_account.py,sha256=IqPg0nfKzSsxA5DerLA3PEWIN9HscV_D7PRK
 secator/output_types/vulnerability.py,sha256=cuS5r_BKFuO-DQlrSEiN7elmunwlu2sdC4Rt9WDa10g,2864
 secator/output_types/warning.py,sha256=iy949Aj5OXJLWif7HFB5EvjcYrgKHAzIP9ffyLTV7LA,830
 secator/runners/__init__.py,sha256=EBbOk37vkBy9p8Hhrbi-2VtM_rTwQ3b-0ggTyiD22cE,290
-secator/runners/_base.py,sha256=IkAQfPzz_kou5Pa82y-2Wmtp_lIudKMc9ix8_NP4370,40663
+secator/runners/_base.py,sha256=sJswPMqbmwBTOo_d_KM2dw2dSr1-2X8-mwvwRepa6zg,40716
 secator/runners/_helpers.py,sha256=TeebZnpo4cp-9tpgPlDoFm_gmr00_CERAC1aOYhTzA4,6281
 secator/runners/celery.py,sha256=bqvDTTdoHiGRCt0FRvlgFHQ_nsjKMP5P0PzGbwfCj_0,425
-secator/runners/command.py,sha256=A--1cFpzHAxvzO0xvpMSyY0Tb0OZxkJc8HsJaTNsfB0,31096
+secator/runners/command.py,sha256=cSyp-LqGRhQzxfC4cCK1zsYFPd-y8AQiF1a5YJFHgYo,31229
 secator/runners/scan.py,sha256=axT_OmGhixogCPMUS1OUeMLnFtk8PxY7zL9NYCugFVU,2578
 secator/runners/task.py,sha256=PrkVns8UAGht2JbCmCUWycA6B39Z5oeMmAMq69KtXKI,2199
 secator/runners/workflow.py,sha256=YnpTSdmp54d55vORe4khWLSx2J7gtDFNryKfZXYAWnY,6076
@@ -95,14 +95,14 @@ secator/tasks/__init__.py,sha256=Op0O0Aa8c124AfDG-cEB9VLRsXZ1wXTpVrT3g-wxMNg,184
 secator/tasks/_categories.py,sha256=ZmUNzeFIZ9-_er9sLJw66PTYIL5nO799JQU3EoW-6nE,15394
 secator/tasks/arjun.py,sha256=WdRZtTCd2Ejbv5HlLS_FoWVKgGpMsR6RCDekV2kR788,3061
 secator/tasks/bbot.py,sha256=moIkwd52jCKaeg1v6Nv4Gfmd4GPObo9c9nwOzQvf-2M,9236
-secator/tasks/bup.py,sha256=9IXsCqMdhOeZcCsQB2L4IJ3Kzm2oQKDE7mflGljm0lM,3867
+secator/tasks/bup.py,sha256=DXfOvtGJMe17RN9t764X0eZ__lKKz7evlI4Bl91IKGA,3867
 secator/tasks/cariddi.py,sha256=pc1z6FWFV4dauSJxWL9BKD-MXjCo14sgcNtAkGuKy5I,5194
 secator/tasks/dalfox.py,sha256=dllEP9A8-7YaX12fGRmLMltfNjm_9Us6wYoS86C_VO0,2507
 secator/tasks/dirsearch.py,sha256=-oa2P2Pq8LjF61PguUEtjgr9rgvVpGLzRZRDXIJMswY,2453
 secator/tasks/dnsx.py,sha256=2qNC-wSjS33geuHMOwuBapLwKEvWTlDgnmvM67ZSJVA,4220
 secator/tasks/feroxbuster.py,sha256=H7_WT8B0cPIBeq7FOownpQlrZ468R07zRLqrDLNCkg8,3006
 secator/tasks/ffuf.py,sha256=L2Rb34YIH30CFJacvaY8QVF1gDah9E0nNCdgAHWL9jo,4103
-secator/tasks/fping.py,sha256=uTOq24DcNQpNgpXQlFV4xxBdn8P9gJWM5mmhkobqW-Y,1575
+secator/tasks/fping.py,sha256=8OMb5UxjLErkRW5G_kie9cS0mVtIKCKi1o8asZ_UUjs,2324
 secator/tasks/gau.py,sha256=SJaza2yQoMeJeE6TOCRrRv0udbwRIoiXX4gRE64GXoU,1804
 secator/tasks/gf.py,sha256=svNRzaBr_DYW3QGFoPmUBWZh0Xm07XDS2bbNH-tfcA4,1028
 secator/tasks/gitleaks.py,sha256=cajL0NDm7dRFpcq4fJOCSkQMpquUiOy9HODq93h36Xg,2638
@@ -111,7 +111,7 @@ secator/tasks/grype.py,sha256=OasQs5WQwgt--o6M2_uh3RYZZaA3-difweCS46Uc5-w,2573
 secator/tasks/h8mail.py,sha256=XsDnL8LPk_jIHfJhqeYMj2423epk0NADorjd_JhBa9o,2033
 secator/tasks/httpx.py,sha256=0Umt2ouL36TELxmoaZ4dKSGXgipN3ve__IQFgUKrWZQ,6498
 secator/tasks/katana.py,sha256=10Sml1d0bO_UDwT1y_4TDQ_a0ihWKAW6L6-n8M9ArUw,6220
-secator/tasks/maigret.py,sha256=jjuyR8lAZYUybmN8SwEj3hrRB25p9xm4X_361auZK_Q,2173
+secator/tasks/maigret.py,sha256=4QSAn3ccHTvM5DMe6IlMQLi3-AV81X_XSEcrdxkbXc0,2270
 secator/tasks/mapcidr.py,sha256=tMTHQspHSs92F4R-9HVYjFBpiu9ZhxoJSNvpd8KwKKc,1057
 secator/tasks/msfconsole.py,sha256=3VjAEpwEAFDcGxyYMhKyDLHRObXELYFx_H306fzmtMw,6566
 secator/tasks/naabu.py,sha256=Z8kYvAMeeSLrhnojLRx8GzxvwhFhDCfDj9a7r9Wbr1A,2407
@@ -123,10 +123,10 @@ secator/tasks/testssl.py,sha256=rrpKerOYcNA4NJr9RQ_uAtAbl3W50FRp3bPo3yD8EEg,8787
 secator/tasks/trivy.py,sha256=loIVQeHlYzz-_mVI6-HrL1O3H-22LA0vl4J9Ja_fy2I,3307
 secator/tasks/wafw00f.py,sha256=9CnV9F7ZrykO27F3PAb5HtwULDMYEKGSTbz-jh0kc2g,3189
 secator/tasks/wpprobe.py,sha256=1QPJ-7JvhL7LFvjUTAmqpH2Krp-Qmi079lonso16YPQ,3229
-secator/tasks/wpscan.py,sha256=dBkbG9EODHDUBAA8uNVULX4SdVgTCAi_F1T1oCfRbsI,5852
+secator/tasks/wpscan.py,sha256=vRhtNfU6nSlKIZ8_kWFyDjrUnjSmkfGeTMkKYwN0CXU,6441
 secator/workflows/__init__.py,sha256=XOviyjSylZ4cuVmmQ76yuqZRdmvOEghqAnuw_4cLmfk,702
-secator-0.17.0.dist-info/METADATA,sha256=FPBlaaLaBXMP4i2-bz5q39-Z2i_LVn3ezeu-xNuC0Ro,17253
-secator-0.17.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-secator-0.17.0.dist-info/entry_points.txt,sha256=lPgsqqUXWgiuGSfKy-se5gHdQlAXIwS_A46NYq7Acic,44
-secator-0.17.0.dist-info/licenses/LICENSE,sha256=19W5Jsy4WTctNkqmZIqLRV1gTDOp01S3LDj9iSgWaJ0,2867
-secator-0.17.0.dist-info/RECORD,,
+secator-0.18.0.dist-info/METADATA,sha256=q5_y81JOJ3bps7hr_9xlC47nJTE6CFfIVmNxVFqUy1g,17253
+secator-0.18.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+secator-0.18.0.dist-info/entry_points.txt,sha256=lPgsqqUXWgiuGSfKy-se5gHdQlAXIwS_A46NYq7Acic,44
+secator-0.18.0.dist-info/licenses/LICENSE,sha256=19W5Jsy4WTctNkqmZIqLRV1gTDOp01S3LDj9iSgWaJ0,2867
+secator-0.18.0.dist-info/RECORD,,