secator 0.22.0__py3-none-any.whl

secator/configs/workflows/url_crawl.yaml

@@ -0,0 +1,98 @@
+type: workflow
+name: url_crawl
+alias: urlcrawl
+description: URL crawl (fast)
+long_description: |
+  Rapidly crawls and discovers URLs from a target website using multiple crawling engines.
+  Supports both passive sources (collecting from external databases) and active crawlers
+  (spidering the website directly). Identifies interesting patterns, endpoints, and parameters.
+  Can optionally hunt for secrets in HTTP responses and probe URLs for additional information.
+tags: [http, crawl]
+input_types:
+  - url
+
+options:
+  passive:
+    is_flag: True
+    help: Passive only (no requests to targets)
+    default: False
+    short: passive
+
+  active:
+    is_flag: True
+    help: Active only (no passive sources)
+    default: False
+    short: active
+
+  crawlers:
+    type: list
+    help: "Crawlers to use (comma-separated) (passive: xurlfind3r, urlfinder, gau; active: katana, gospider, cariddi)"
+    default: ['xurlfind3r', 'katana']
+    internal: True
+
+  hunt_secrets:
+    is_flag: True
+    help: Hunt secrets in HTTP responses (trufflehog)
+    default: False
+    short: hs
+
+default_options:
+  match_codes: 200,204,301,302,307,401,403,405,500
+
+tasks:
+  _group/crawl:
+    xurlfind3r:
+      description: Crawl URLs from passive sources
+      if: "'xurlfind3r' in opts.crawlers and not opts.active"
+
+    urlfinder:
+      description: Crawl URLs from passive sources
+      if: "'urlfinder' in opts.crawlers and not opts.active"
+
+    gau:
+      description: Crawl URLs from passive sources
+      if: "'gau' in opts.crawlers and not opts.active"
+
+    katana:
+      description: Crawl URLs
+      if: "'katana' in opts.crawlers and not opts.passive"
+
+    gospider:
+      description: Crawl URLs
+      if: "'gospider' in opts.crawlers and not opts.passive"
+
+    cariddi:
+      description: Hunt URLs patterns
+      info: True
+      secrets: True
+      errors: True
+      juicy_extensions: 1
+      juicy_endpoints: True
+      if: "'cariddi' in opts.crawlers and not opts.passive"
+
+  httpx:
+    description: Run HTTP probes on passive URLs
+    tech_detect: True
+    filter_codes: 404
+    targets_:
+    - target.name
+    - type: url
+      field: url
+      condition: item.status_code == 0
+    if: not opts.passive
+
+  _group/data_hunt:
+    trufflehog:
+      description: Find secrets in HTTP responses
+      targets_:
+      - type: url
+        field: stored_response_path
+        condition: item.stored_response_path != ''
+      if: opts.hunt_secrets and not opts.passive
+    maigret:
+      description: Hunt email addresses found
+      targets_:
+      - type: tag
+        field: value
+        condition: item.name == 'email_address'
+      if: opts.hunt_secrets and not opts.passive

secator/configs/workflows/url_dirsearch.yaml

@@ -0,0 +1,62 @@
+type: workflow
+name: url_dirsearch
+alias: dirfind
+description: URL directory search
+long_description: |
+  Searches for hidden directories and files on web servers using content discovery techniques.
+  Probes URLs for directory listings, optionally bruteforces directories and crawls discovered
+  directory contents. Can hunt for sensitive files and secrets in HTTP responses.
+  Helpful for finding hidden admin panels, backup files, and exposed directories.
+tags: [http, dir]
+input_types:
+  - url
+
+options:
+  hunt_secrets:
+    is_flag: True
+    help: Hunt secrets in HTTP responses (trufflehog)
+    default: False
+    short: hs
+
+  hunt_files:
+    is_flag: True
+    help: Hunt files in HTTP directories
+    default: False
+    short: cf
+
+  hunt_dirs:
+    is_flag: True
+    help: Hunt HTTP directories (ffuf)
+    default: False
+    short: fd
+
+tasks:
+  httpx:
+    description: Run HTTP probes on URLs
+    tech_detect: True
+
+  ffuf:
+    description: Search for HTTP directories
+    auto_calibration: True
+    wordlist: directory_list_small
+    match_regex: '<title>Index of'
+    targets_:
+      - type: target
+        field: '{name}/FUZZ'
+    if: opts.hunt_dirs
+
+  katana:
+    description: Crawl files from HTTP directories
+    targets_:
+      - type: url
+        field: url
+        condition: item.is_directory
+    if: opts.hunt_files
+
+  trufflehog:
+    description: Find secrets in HTTP responses
+    targets_:
+      - type: url
+        field: stored_response_path
+        condition: item.stored_response_path != ''
+    if: opts.hunt_files

secator/configs/workflows/url_fuzz.yaml

@@ -0,0 +1,68 @@
+type: workflow
+name: url_fuzz
+alias: urlfuzz
+description: URL fuzz (slow)
+long_description: |
+  Performs comprehensive fuzzing of URLs to discover hidden content and directories.
+  Uses multiple fuzzing engines (dirsearch, feroxbuster, ffuf) with intelligent calibration
+  to filter false positives. Probes discovered URLs, captures screenshots when configured,
+  and optionally hunts for secrets in HTTP responses. Thorough but time-intensive.
+tags: [http, fuzz]
+input_types:
+  - url
+
+default_options:
+  auto_calibration: true
+  follow_redirect: true
+
+options:
+  fuzzers:
+    type: list
+    required: True
+    help: "Fuzzers to use (comma-separated) (dirsearch, feroxbuster, ffuf)"
+    default: ['ffuf']
+
+  hunt_secrets:
+    is_flag: True
+    help: Hunt secrets in HTTP responses (trufflehog)
+    default: False
+    short: hs
+
+tasks:
+  httpx/1:
+    description: Run HTTP probes on URLs
+    tech_detect: True
+
+  _group/fuzz:
+    dirsearch:
+      description: Fuzz URLs
+      if: "'dirsearch' in opts.fuzzers"
+
+    feroxbuster:
+      description: Fuzz URLs
+      if: "'feroxbuster' in opts.fuzzers"
+
+    ffuf:
+      description: Fuzz URLs
+      if: "'ffuf' in opts.fuzzers"
+      targets_:
+        - type: target
+          field: '{name}/FUZZ'
+
+  httpx/2:
+    description: Run HTTP probes on crawled URLs
+    tech_detect: True
+    screenshot: True
+    targets_:
+      type: url
+      field: url
+      condition: opts.screenshot or opts.headless
+    # enrich: true  # TODO: add enrich capabilities
+
+  trufflehog:
+    description: Find secrets in HTTP responses
+    targets_:
+      - type: url
+        field: stored_response_path
+        condition: item.stored_response_path != ''
+    if: opts.hunt_secrets

secator/configs/workflows/url_params_fuzz.yaml

@@ -0,0 +1,66 @@
+type: workflow
+name: url_params_fuzz
+alias: url_params_fuzz
+description: Extract parameters from an URL and fuzz them
+long_description: |
+  Identifies and tests URL parameters for vulnerabilities through intelligent fuzzing.
+  Extracts parameters from URLs using multiple techniques, then fuzzes them with various payloads
+  to discover potential security issues. Probes fuzzed URLs to verify results and optionally
+  hunts for secrets in responses. Effective for finding hidden parameters and testing input validation.
+tags: [http, fuzz]
+input_types:
+  - url
+
+options:
+  hunt_secrets:
+    is_flag: True
+    help: Hunt secrets in HTTP responses (trufflehog)
+    default: False
+    short: hs
+
+tasks:
+  httpx/1:
+    description: Probe URLs
+    follow_redirect: True
+
+  _group/extract_params:
+    arjun:
+      description: Extract parameters from URLs
+      wordlist: http_params
+      targets_:
+      - type: url
+        field: '{url}/'
+        condition: "'?' not in url.url"
+
+    x8:
+      description: Bruteforce URL params
+      wordlist: http_params
+      targets_:
+      - type: url
+        field: '{url}/'
+        condition: "'?' not in url.url"
+
+  ffuf:
+    description: Fuzz URL params
+    wordlist: https://raw.githubusercontent.com/trickest/wordlists/refs/heads/main/cloud/levels/level1.txt
+    auto_calibration: true
+    follow_redirect: true
+    targets_:
+      - type: tag
+        field: '{match}?{value}=FUZZ'
+        condition: item._source.startswith('arjun') or item._source.startswith('x8')
+
+  httpx:
+    description: Probe fuzzed URLs
+    targets_:
+      - type: url
+        field: url
+        condition: item._source.startswith('ffuf')
+
+  trufflehog:
+    description: Find secrets in HTTP responses
+    targets_:
+      - type: url
+        field: stored_response_path
+        condition: item.stored_response_path != ''
+    if: opts.hunt_secrets

secator/configs/workflows/url_secrets_hunt.yaml

@@ -0,0 +1,23 @@
+type: workflow
+name: url_secrets_hunt
+alias: ush
+description: Hunt secrets in URLs
+long_description: |
+  Searches for exposed secrets, credentials, and sensitive information in web content.
+  Probes URLs and analyzes HTTP responses for API keys, passwords, tokens, private keys,
+  and other confidential data. Uses TruffleHog to detect various secret patterns.
+  Critical for identifying accidental credential exposure and sensitive data leaks.
+input_types:
+- url
+
+tasks:
+  httpx:
+    description: Run HTTP probes on URLs
+    tech_detect: True
+
+  trufflehog:
+    description: Find secrets in HTTP responses
+    targets_:
+    - type: url
+      field: stored_response_path
+      condition: item.stored_response_path != ''

secator/configs/workflows/url_vuln.yaml

@@ -0,0 +1,91 @@
+type: workflow
+name: url_vuln
+alias: url_vuln
+description: URL vulnerability scan (gf, dalfox)
+long_description: |
+  Scans URLs for common web vulnerabilities using pattern matching and automated testing tools.
+  Identifies potential XSS, LFI, SSRF, RCE, IDOR, and other vulnerability indicators in URL parameters.
+  Tests discovered vulnerable patterns with specialized tools like Dalfox for XSS exploitation.
+  Optionally runs comprehensive nuclei scans for additional HTTP vulnerability detection.
+tags: [http, vulnerability]
+input_types:
+  - url
+
+options:
+  passive:
+    is_flag: True
+    help: Passive only (no requests to targets)
+    default: False
+    short: ps
+
+  nuclei:
+    is_flag: True
+    default: False
+    help: Run nuclei on tagged URLs (slow)
+
+tasks:
+  _group/pattern_analysis:
+    gf/xss:
+      description: Hunt XSS params
+      pattern: xss
+
+    gf/lfi:
+      description: Hunt LFI params
+      pattern: lfi
+
+    gf/ssrf:
+      description: Hunt SSRF params
+      pattern: ssrf
+
+    gf/rce:
+      description: Hunt RCE params
+      pattern: rce
+
+    gf/interestingparams:
+      description: Hunt interest params
+      pattern: interestingparams
+
+    gf/idor:
+      description: Hunt Idor params
+      pattern: idor
+
+    gf/debug_logic:
+      description: Hunt debug params
+      pattern: debug_logic
+
+  _group/vuln_scan:
+    dalfox:
+      description: Attack XSS vulnerabilities
+      targets_:
+        - type: tag
+          field: match
+          condition: item._source.startswith("gf")
+      if: not opts.passive
+
+    nuclei:
+      description: Search for HTTP vulns
+      exclude_tags: [network, ssl, file, dns, osint, token-spray, headers]
+      targets_:
+        - type: target
+          field: name
+        - type: tag
+          field: match
+          condition: item._source.startswith("gf")
+      if: opts.nuclei and not opts.passive
+  # TODO: Add support for SQLMap
+  # sqlmap:
+  #   description: Attack SQLI vulnerabilities
+  #   targets_:
+  #     - type: tag
+  #       field: match
+  #       condition: item.name in ['sqli']
+
+  # TODO: Make this work, need transform functions to replace a parameter fetched dynamically by the keyword 'FUZZ'
+  # ffuf:
+  #   description: Attack LFI vulnerabilities
+  #   targets_:
+  #     - type: tag
+  #       field: match
+  #       transform:
+  #         qsreplace: FUZZ
+  #       condition: item.name in ['lfi']

secator/configs/workflows/user_hunt.yaml

@@ -0,0 +1,29 @@
+type: workflow
+name: user_hunt
+alias: userhunt
+description: User account search
+long_description: |
+  Searches for user accounts and associated information across various online platforms and services.
+  Takes usernames, email addresses, or other identifiers and queries multiple sources to find
+  associated accounts, password leaks, and online profiles. Useful for OSINT investigations,
+  credential stuffing prevention checks, and understanding a user's digital footprint.
+tags: [user_account]
+input_types:
+  - slug
+  - string
+  - email
+
+tasks:
+  _group/hunt_users:
+    maigret:
+      description: Hunt user accounts
+      targets_:
+        - type: target
+          field: name
+          condition: target.type != 'email'
+    h8mail:
+      description: Find password leaks
+      targets_:
+        - type: target
+          field: name
+          condition: target.type == 'email'

secator/configs/workflows/wordpress.yaml

@@ -0,0 +1,38 @@
+type: workflow
+name: wordpress
+alias: wordpress
+description: Wordpress vulnerability scan
+long_description: |
+  Specialized security assessment for WordPress websites and installations.
+  Identifies WordPress version, installed themes and plugins, known vulnerabilities,
+  misconfigurations, and weak configurations. Uses multiple WordPress-specific tools
+  to provide comprehensive coverage. Critical for WordPress site security audits.
+tags: [http, wordpress, vulnerability]
+input_types:
+  - url
+  - ip
+  - host
+  - host:port
+
+tasks:
+  httpx:
+    description: URL probe
+    tech_detect: True
+    follow_redirect: True
+
+  _group/hunt_wordpress:
+    wpscan:
+      description: WPScan
+      targets_:
+      - url.url
+
+    wpprobe:
+      description: WPProbe
+      targets_:
+      - url.url
+
+    nuclei:
+      description: Nuclei Wordpress scan
+      tags: [wordpress]
+      targets_:
+      - url.url