secator 0.3.5__py3-none-any.whl → 0.4.0__py3-none-any.whl

secator/runners/scan.py

@@ -1,7 +1,7 @@
 import logging
 
-from secator.config import ConfigLoader
-from secator.exporters import CsvExporter, JsonExporter
+from secator.template import TemplateLoader
+from secator.config import CONFIG
 from secator.runners._base import Runner
 from secator.runners._helpers import run_extractors
 from secator.runners.workflow import Workflow
@@ -13,10 +13,7 @@ logger = logging.getLogger(__name__)
 
 class Scan(Runner):
 
-	default_exporters = [
-		JsonExporter,
-		CsvExporter
-	]
+	default_exporters = CONFIG.scans.exporters
 
 	@classmethod
 	def delay(cls, *args, **kwargs):
@@ -44,7 +41,6 @@ class Scan(Runner):
 
 			# Workflow opts
 			run_opts = self.run_opts.copy()
-			run_opts['reports_folder'] = self.reports_folder
 			fmt_opts = {
 				'json': run_opts.get('json', False),
 				'print_item': False,
@@ -56,7 +52,7 @@ class Scan(Runner):
 
 			# Run workflow
 			workflow = Workflow(
-				ConfigLoader(name=f'workflows/{name}'),
+				TemplateLoader(name=f'workflows/{name}'),
 				targets,
 				results=[],
 				run_opts=run_opts,

secator/runners/task.py

@@ -1,11 +1,12 @@
 from secator.definitions import DEBUG
 from secator.output_types import Target
+from secator.config import CONFIG
 from secator.runners import Runner
 from secator.utils import discover_tasks
 
 
 class Task(Runner):
-	default_exporters = []
+	default_exporters = CONFIG.tasks.exporters
 	enable_hooks = False
 
 	def delay(cls, *args, **kwargs):
@@ -52,7 +53,6 @@ class Task(Runner):
 		hooks = {task_cls: self.hooks}
 		run_opts['hooks'] = hooks
 		run_opts['context'] = self.context
-		run_opts['reports_folder'] = self.reports_folder
 
 		# Run task
 		if self.sync:

secator/runners/workflow.py

@@ -1,6 +1,6 @@
 from secator.definitions import DEBUG
-from secator.exporters import CsvExporter, JsonExporter
 from secator.output_types import Target
+from secator.config import CONFIG
 from secator.runners._base import Runner
 from secator.runners.task import Task
 from secator.utils import merge_opts
@@ -8,10 +8,7 @@ from secator.utils import merge_opts
 
 class Workflow(Runner):
 
-	default_exporters = [
-		JsonExporter,
-		CsvExporter
-	]
+	default_exporters = CONFIG.workflows.exporters
 
 	@classmethod
 	def delay(cls, *args, **kwargs):
@@ -47,7 +44,6 @@ class Workflow(Runner):
 
 		# Construct run opts
 		task_run_opts['hooks'] = self._hooks.get(Task, {})
-		task_run_opts['reports_folder'] = self.reports_folder
 		task_run_opts.update(task_fmt_opts)
 
 		# Build Celery workflow
@@ -85,7 +81,7 @@ class Workflow(Runner):
 		"""Get tasks recursively as Celery chains / chords.
 
 		Args:
-			obj (secator.config.ConfigLoader): Config.
+			obj (secator.config.TemplateLoader): Config.
 			targets (list): List of targets.
 			workflow_opts (dict): Workflow options.
 			run_opts (dict): Run options.

secator/tasks/_categories.py

@@ -1,21 +1,20 @@
 import json
-import logging
 import os
 
 import requests
 from bs4 import BeautifulSoup
 from cpe import CPE
 
-from secator.definitions import (CIDR_RANGE, CONFIDENCE, CVSS_SCORE, DATA_FOLDER, DEFAULT_HTTP_WORDLIST,
-								 DEFAULT_SKIP_CVE_SEARCH, DELAY, DEPTH, DESCRIPTION, FILTER_CODES, FILTER_REGEX,
-								 FILTER_SIZE, FILTER_WORDS, FOLLOW_REDIRECT, HEADER, HOST, ID, MATCH_CODES, MATCH_REGEX,
-								 MATCH_SIZE, MATCH_WORDS, METHOD, NAME, PATH, PROVIDER, PROXY, RATE_LIMIT, REFERENCES,
-								 RETRIES, SEVERITY, TAGS, THREADS, TIMEOUT, URL, USER_AGENT, USERNAME, WORDLIST)
+from secator.definitions import (CIDR_RANGE, CVSS_SCORE, DELAY, DEPTH, DESCRIPTION, FILTER_CODES,
+								 FILTER_REGEX, FILTER_SIZE, FILTER_WORDS, FOLLOW_REDIRECT, HEADER, HOST, ID,
+								 MATCH_CODES, MATCH_REGEX, MATCH_SIZE, MATCH_WORDS, METHOD, NAME, PATH, PROVIDER, PROXY,
+								 RATE_LIMIT, REFERENCES, RETRIES, SEVERITY, TAGS, THREADS, TIMEOUT, URL, USER_AGENT,
+								 USERNAME, WORDLIST)
 from secator.output_types import Ip, Port, Subdomain, Tag, Url, UserAccount, Vulnerability
-from secator.rich import console
+from secator.config import CONFIG
 from secator.runners import Command
+from secator.utils import debug
 
-logger = logging.getLogger(__name__)
 
 OPTS = {
 	HEADER: {'type': str, 'help': 'Custom header to add to each request in the form "KEY1:VALUE1; KEY2:VALUE2"'},
@@ -37,7 +36,7 @@ OPTS = {
 	THREADS: {'type': int, 'help': 'Number of threads to run', 'default': 50},
 	TIMEOUT: {'type': int, 'help': 'Request timeout'},
 	USER_AGENT: {'type': str, 'short': 'ua', 'help': 'User agent, e.g "Mozilla Firefox 1.0"'},
-	WORDLIST: {'type': str, 'short': 'w', 'default': DEFAULT_HTTP_WORDLIST, 'help': 'Wordlist to use'}
+	WORDLIST: {'type': str, 'short': 'w', 'default': CONFIG.wordlists.defaults.http, 'help': 'Wordlist to use'}
 }
 
 OPTS_HTTP = [
@@ -121,7 +120,7 @@ class Vuln(Command):
 
 	@staticmethod
 	def lookup_local_cve(cve_id):
-		cve_path = f'{DATA_FOLDER}/cves/{cve_id}.json'
+		cve_path = f'{CONFIG.dirs.data}/cves/{cve_id}.json'
 		if os.path.exists(cve_path):
 			with open(cve_path, 'r') as f:
 				return json.load(f)
@@ -131,13 +130,54 @@ class Vuln(Command):
 	# def lookup_exploitdb(exploit_id):
 	# 	print('looking up exploit')
 	# 	try:
-	# 		cve_info = requests.get(f'https://exploit-db.com/exploits/{exploit_id}', timeout=5).content
-	# 		print(cve_info)
-	# 	except Exception:
+	# 		resp = requests.get(f'https://exploit-db.com/exploits/{exploit_id}', timeout=5)
+	#		resp.raise_for_status()
+	#		content = resp.content
+	# 	except requests.RequestException as e:
+	#		debug(f'Failed remote query for {exploit_id} ({str(e)}).', sub='cve')
 	# 		logger.error(f'Could not fetch exploit info for exploit {exploit_id}. Skipping.')
 	# 		return None
 	# 	return cve_info
 
+	@staticmethod
+	def create_cpe_string(product_name, version):
+		"""
+		Generate a CPE string for a given product and version.
+
+		Args:
+			product_name (str): The name of the product.
+			version (str): The version of the product.
+
+		Returns:
+			str: A CPE string formatted according to the CPE 2.3 specification.
+		"""
+		cpe_version = "2.3"  # CPE Specification version
+		part = "a"           # 'a' for application
+		vendor = product_name.lower()  # Vendor name, using product name
+		product = product_name.lower()  # Product name
+		version = version  # Product version
+		cpe_string = f"cpe:{cpe_version}:{part}:{vendor}:{product}:{version}:*:*:*:*:*:*:*"
+		return cpe_string
+
+	@staticmethod
+	def match_cpes(fs1, fs2):
+		"""Check if two CPEs match. Partial matches consisting of <vendor>:<product>:<version> are considered a match.
+
+		Args:
+			fs1 (str): Format string 1.
+			fs2 (str): Format string 2.
+
+		Returns:
+			bool: True if the two CPEs match, False otherwise.
+		"""
+		if fs1 == fs2:
+			return True
+		split_fs1 = fs1.split(':')
+		split_fs2 = fs2.split(':')
+		tup1 = split_fs1[3], split_fs1[4], split_fs1[5]
+		tup2 = split_fs2[3], split_fs2[4], split_fs2[5]
+		return tup1 == tup2
+
 	@staticmethod
 	def lookup_cve(cve_id, cpes=[]):
 		"""Search for a CVE in local db or using cve.circl.lu and return vulnerability data.
@@ -150,18 +190,21 @@ class Vuln(Command):
 			dict: vulnerability data.
 		"""
 		cve_info = Vuln.lookup_local_cve(cve_id)
+
+		# Online CVE lookup
 		if not cve_info:
-			if DEFAULT_SKIP_CVE_SEARCH:
-				logger.debug(f'{cve_id} not found locally, and DEFAULT_SKIP_CVE_SEARCH is set: ignoring online search.')
+			if CONFIG.runners.skip_cve_search:
+				debug(f'Skip remote query for {cve_id} since config.runners.skip_cve_search is set.', sub='cve')
+				return None
+			if CONFIG.offline_mode:
+				debug(f'Skip remote query for {cve_id} since config.offline_mode is set.', sub='cve')
 				return None
-			# logger.debug(f'{cve_id} not found locally. Use `secator install cves` to install CVEs locally.')
 			try:
-				cve_info = requests.get(f'https://cve.circl.lu/api/cve/{cve_id}', timeout=5).json()
-				if not cve_info:
-					console.print(f'Could not fetch CVE info for cve {cve_id}. Skipping.', highlight=False)
-					return None
-			except Exception:
-				console.print(f'Could not fetch CVE info for cve {cve_id}. Skipping.', highlight=False)
+				resp = requests.get(f'https://cve.circl.lu/api/cve/{cve_id}', timeout=5)
+				resp.raise_for_status()
+				cve_info = resp.json()
+			except requests.RequestException as e:
+				debug(f'Failed remote query for {cve_id} ({str(e)}).', sub='cve')
 				return None
 
 		# Match the CPE string against the affected products CPE FS strings from the CVE data if a CPE was passed.
@@ -177,14 +220,15 @@ class Vuln(Command):
 				cpe_fs = cpe_obj.as_fs()
 				# cpe_version = cpe_obj.get_version()[0]
 				vulnerable_fs = cve_info['vulnerable_product']
-				# logger.debug(f'Matching CPE {cpe} against {len(vulnerable_fs)} vulnerable products for {cve_id}')
 				for fs in vulnerable_fs:
-					if fs == cpe_fs:
-						# logger.debug(f'Found matching CPE FS {cpe_fs} ! The CPE is vulnerable to CVE {cve_id}')
+					# debug(f'{cve_id}: Testing {cpe_fs} against {fs}', sub='cve')  # for hardcore debugging
+					if Vuln.match_cpes(cpe_fs, fs):
+						debug(f'{cve_id}: CPE match found for {cpe}.', sub='cve')
 						cpe_match = True
 						tags.append('cpe-match')
-			if not cpe_match:
-				return None
+						break
+				if not cpe_match:
+					debug(f'{cve_id}: no CPE match found for {cpe}.', sub='cve')
 
 		# Parse CVE id and CVSS
 		name = id = cve_info['id']
@@ -223,17 +267,9 @@ class Vuln(Command):
 		# Set vulnerability severity based on CVSS score
 		severity = None
 		if cvss:
-			if cvss < 4:
-				severity = 'low'
-			elif cvss < 7:
-				severity = 'medium'
-			elif cvss < 9:
-				severity = 'high'
-			else:
-				severity = 'critical'
+			severity = Vuln.cvss_to_severity(cvss)
 
 		# Set confidence
-		confidence = 'low' if not cpe_match else 'high'
 		vuln = {
 			ID: id,
 			NAME: name,
@@ -243,7 +279,6 @@ class Vuln(Command):
 			TAGS: tags,
 			REFERENCES: [f'https://cve.circl.lu/cve/{id}'] + references,
 			DESCRIPTION: description,
-			CONFIDENCE: confidence
 		}
 		return vuln
 
@@ -257,17 +292,33 @@ class Vuln(Command):
 		Returns:
 			dict: vulnerability data.
 		"""
-		reference = f'https://github.com/advisories/{ghsa_id}'
-		response = requests.get(reference)
-		soup = BeautifulSoup(response.text, 'lxml')
+		try:
+			resp = requests.get(f'https://github.com/advisories/{ghsa_id}', timeout=5)
+			resp.raise_for_status()
+		except requests.RequestException as e:
+			debug(f'Failed remote query for {ghsa_id} ({str(e)}).', sub='cve')
+			return None
+		soup = BeautifulSoup(resp.text, 'lxml')
 		sidebar_items = soup.find_all('div', {'class': 'discussion-sidebar-item'})
 		cve_id = sidebar_items[2].find('div').text.strip()
-		data = Vuln.lookup_cve(cve_id)
-		if data:
-			data[TAGS].append('ghsa')
-			return data
+		vuln = Vuln.lookup_cve(cve_id)
+		if vuln:
+			vuln[TAGS].append('ghsa')
+			return vuln
 		return None
 
+	@staticmethod
+	def cvss_to_severity(cvss):
+		if cvss < 4:
+			severity = 'low'
+		elif cvss < 7:
+			severity = 'medium'
+		elif cvss < 9:
+			severity = 'high'
+		else:
+			severity = 'critical'
+		return severity
+
 
 class VulnHttp(Vuln):
 	input_type = HOST

secator/tasks/dnsxbrute.py

@@ -1,5 +1,6 @@
 from secator.decorators import task
-from secator.definitions import (DEFAULT_DNS_WORDLIST, DOMAIN, HOST, RATE_LIMIT, RETRIES, THREADS, WORDLIST, EXTRA_DATA)
+from secator.definitions import (DOMAIN, HOST, RATE_LIMIT, RETRIES, THREADS, WORDLIST, EXTRA_DATA)
+from secator.config import CONFIG
 from secator.output_types import Subdomain
 from secator.tasks._categories import ReconDns
 
@@ -17,7 +18,7 @@ class dnsxbrute(ReconDns):
         THREADS: 'threads',
     }
     opts = {
-        WORDLIST: {'type': str, 'short': 'w', 'default': DEFAULT_DNS_WORDLIST, 'help': 'Wordlist'},
+        WORDLIST: {'type': str, 'short': 'w', 'default': CONFIG.wordlists.defaults.dns, 'help': 'Wordlist'},
         'trace': {'is_flag': True, 'default': False, 'help': 'Perform dns tracing'},
     }
     output_map = {

secator/tasks/ffuf.py

@@ -7,7 +7,7 @@ from secator.definitions import (AUTO_CALIBRATION, CONTENT_LENGTH,
 								 MATCH_WORDS, METHOD, OPT_NOT_SUPPORTED,
 								 PERCENT, PROXY, RATE_LIMIT, RETRIES,
 								 STATUS_CODE, THREADS, TIME, TIMEOUT,
-								 USER_AGENT, WORDLIST, WORDLISTS_FOLDER)
+								 USER_AGENT, WORDLIST)
 from secator.output_types import Progress, Url
 from secator.serializers import JSONSerializer, RegexSerializer
 from secator.tasks._categories import HttpFuzzer
@@ -70,7 +70,7 @@ class ffuf(HttpFuzzer):
 		},
 	}
 	encoding = 'ansi'
-	install_cmd = f'go install -v github.com/ffuf/ffuf@latest && sudo git clone https://github.com/danielmiessler/SecLists {WORDLISTS_FOLDER}/seclists || true'  # noqa: E501
+	install_cmd = 'go install -v github.com/ffuf/ffuf@latest'
 	install_github_handle = 'ffuf/ffuf'
 	proxychains = False
 	proxy_socks5 = True

secator/tasks/httpx.py

@@ -1,14 +1,14 @@
 import os
 
 from secator.decorators import task
-from secator.definitions import (DEFAULT_HTTPX_FLAGS,
-								 DEFAULT_STORE_HTTP_RESPONSES, DELAY, DEPTH,
+from secator.definitions import (DEFAULT_HTTPX_FLAGS, DELAY, DEPTH,
 								 FILTER_CODES, FILTER_REGEX, FILTER_SIZE,
 								 FILTER_WORDS, FOLLOW_REDIRECT, HEADER,
 								 MATCH_CODES, MATCH_REGEX, MATCH_SIZE,
 								 MATCH_WORDS, METHOD, OPT_NOT_SUPPORTED, PROXY,
 								 RATE_LIMIT, RETRIES, THREADS,
 								 TIMEOUT, URL, USER_AGENT)
+from secator.config import CONFIG
 from secator.tasks._categories import Http
 from secator.utils import sanitize_url
 
@@ -71,7 +71,7 @@ class httpx(Http):
 		debug_resp = self.get_opt_value('debug_resp')
 		if debug_resp:
 			self.cmd = self.cmd.replace('-silent', '')
-		if DEFAULT_STORE_HTTP_RESPONSES:
+		if CONFIG.http.store_responses:
 			self.output_response_path = f'{self.reports_folder}/response'
 			self.output_screenshot_path = f'{self.reports_folder}/screenshot'
 			os.makedirs(self.output_response_path, exist_ok=True)
@@ -98,7 +98,7 @@ class httpx(Http):
 
 	@staticmethod
 	def on_end(self):
-		if DEFAULT_STORE_HTTP_RESPONSES:
+		if CONFIG.http.store_responses:
 			if os.path.exists(self.output_response_path + '/index.txt'):
 				os.remove(self.output_response_path + '/index.txt')
 			if os.path.exists(self.output_screenshot_path + '/index.txt'):

secator/tasks/katana.py

@@ -4,7 +4,7 @@ from urllib.parse import urlparse
 
 from secator.decorators import task
 from secator.definitions import (CONTENT_TYPE, DEFAULT_KATANA_FLAGS,
-								 DEFAULT_STORE_HTTP_RESPONSES, DELAY, DEPTH,
+								 DELAY, DEPTH,
 								 FILTER_CODES, FILTER_REGEX, FILTER_SIZE,
 								 FILTER_WORDS, FOLLOW_REDIRECT, HEADER, HOST,
 								 MATCH_CODES, MATCH_REGEX, MATCH_SIZE,
@@ -12,6 +12,7 @@ from secator.definitions import (CONTENT_TYPE, DEFAULT_KATANA_FLAGS,
 								 RATE_LIMIT, RETRIES, STATUS_CODE,
 								 STORED_RESPONSE_PATH, TECH,
 								 THREADS, TIME, TIMEOUT, URL, USER_AGENT, WEBSERVER, CONTENT_LENGTH)
+from secator.config import CONFIG
 from secator.output_types import Url, Tag
 from secator.tasks._categories import HttpCrawler
 
@@ -106,14 +107,14 @@ class katana(HttpCrawler):
 		debug_resp = self.get_opt_value('debug_resp')
 		if debug_resp:
 			self.cmd = self.cmd.replace('-silent', '')
-		if DEFAULT_STORE_HTTP_RESPONSES:
+		if CONFIG.http.store_responses:
 			self.cmd += f' -sr -srd {self.reports_folder}'
 
 	@staticmethod
 	def on_item(self, item):
 		if not isinstance(item, Url):
 			return item
-		if DEFAULT_STORE_HTTP_RESPONSES and os.path.exists(item.stored_response_path):
+		if CONFIG.http.store_responses and os.path.exists(item.stored_response_path):
 			with open(item.stored_response_path, 'r', encoding='latin-1') as fin:
 				data = fin.read().splitlines(True)
 				first_line = data[0]
@@ -125,5 +126,5 @@ class katana(HttpCrawler):
 
 	@staticmethod
 	def on_end(self):
-		if DEFAULT_STORE_HTTP_RESPONSES and os.path.exists(self.reports_folder + '/index.txt'):
+		if CONFIG.http.store_responses and os.path.exists(self.reports_folder + '/index.txt'):
 			os.remove(self.reports_folder + '/index.txt')

secator/tasks/msfconsole.py

@@ -5,9 +5,8 @@ import logging
 from rich.panel import Panel
 
 from secator.decorators import task
-from secator.definitions import (DELAY, FOLLOW_REDIRECT, HEADER, HOST,
-							   OPT_NOT_SUPPORTED, PROXY, RATE_LIMIT, RETRIES,
-							   DATA_FOLDER, THREADS, TIMEOUT, USER_AGENT)
+from secator.definitions import (DELAY, FOLLOW_REDIRECT, HEADER, HOST, OPT_NOT_SUPPORTED, PROXY, RATE_LIMIT, RETRIES,
+								 THREADS, TIMEOUT, USER_AGENT)
 from secator.tasks._categories import VulnMulti
 from secator.utils import get_file_timestamp
 
@@ -84,7 +83,7 @@ class msfconsole(VulnMulti):
 
 			# Make a copy and replace vars inside by env vars passed on the CLI
 			timestr = get_file_timestamp()
-			out_path = f'{DATA_FOLDER}/msfconsole_{timestr}.rc'
+			out_path = f'{self.reports_folder}/.inputs/msfconsole_{timestr}.rc'
 			logger.debug(
 				f'Writing formatted resource script to new temp file {out_path}'
 			)