secator 0.3.6__py3-none-any.whl → 0.4.1__py3-none-any.whl

secator/celery.py

@@ -9,12 +9,7 @@ from celery.result import AsyncResult, allow_join_result
 # from pyinstrument import Profiler  # TODO: make pyinstrument optional
 from rich.logging import RichHandler
 
-from secator.definitions import (CELERY_BROKER_CONNECTION_TIMEOUT,
-								 CELERY_BROKER_POOL_LIMIT, CELERY_BROKER_URL,
-								 CELERY_BROKER_VISIBILITY_TIMEOUT,
-								 CELERY_DATA_FOLDER,
-								 CELERY_OVERRIDE_DEFAULT_LOGGING,
-								 CELERY_RESULT_BACKEND, DEBUG)
+from secator.config import CONFIG
 from secator.rich import console
 from secator.runners import Scan, Task, Workflow
 from secator.runners._helpers import run_extractors
@@ -33,7 +28,7 @@ logging.basicConfig(
 	handlers=[rich_handler],
 	force=True)
 logging.getLogger('kombu').setLevel(logging.ERROR)
-logging.getLogger('celery').setLevel(logging.INFO if DEBUG > 6 else logging.WARNING)
+logging.getLogger('celery').setLevel(logging.INFO if CONFIG.debug.level > 6 else logging.WARNING)
 
 logger = logging.getLogger(__name__)
 
@@ -49,19 +44,19 @@ app.conf.update({
 	'worker_max_tasks_per_child': 10,
 
 	# Broker config
-	'broker_url': CELERY_BROKER_URL,
+	'broker_url': CONFIG.celery.broker_url,
 	'broker_transport_options': {
-		'data_folder_in': CELERY_DATA_FOLDER,
-		'data_folder_out': CELERY_DATA_FOLDER,
-		'control_folder': CELERY_DATA_FOLDER,
-		'visibility_timeout': CELERY_BROKER_VISIBILITY_TIMEOUT,
+		'data_folder_in': CONFIG.dirs.celery_data,
+		'data_folder_out': CONFIG.dirs.celery_data,
+		'control_folder': CONFIG.dirs.celery_data,
+		'visibility_timeout': CONFIG.celery.broker_visibility_timeout,
 	},
 	'broker_connection_retry_on_startup': True,
-	'broker_pool_limit': CELERY_BROKER_POOL_LIMIT,
-	'broker_connection_timeout': CELERY_BROKER_CONNECTION_TIMEOUT,
+	'broker_pool_limit': CONFIG.celery.broker_pool_limit,
+	'broker_connection_timeout': CONFIG.celery.broker_connection_timeout,
 
 	# Backend config
-	'result_backend': CELERY_RESULT_BACKEND,
+	'result_backend': CONFIG.celery.result_backend,
 	'result_extended': True,
 	'result_backend_thread_safe': True,
 	# 'result_backend_transport_options': {'master_name': 'mymaster'}, # for Redis HA backend
@@ -90,7 +85,7 @@ app.autodiscover_tasks(['secator.hooks.mongodb'], related_name=None)
 
 def maybe_override_logging():
 	def decorator(func):
-		if CELERY_OVERRIDE_DEFAULT_LOGGING:
+		if CONFIG.celery.override_default_logging:
 			return signals.setup_logging.connect(func)
 		else:
 			return func
@@ -151,7 +146,7 @@ def break_task(task_cls, task_opts, targets, results=[], chunk_size=1):
 
 @app.task(bind=True)
 def run_task(self, args=[], kwargs={}):
-	if DEBUG > 1:
+	if CONFIG.debug.level > 1:
 		logger.info(f'Received task with args {args} and kwargs {kwargs}')
 	if 'context' not in kwargs:
 		kwargs['context'] = {}
@@ -162,7 +157,7 @@ def run_task(self, args=[], kwargs={}):
 
 @app.task(bind=True)
 def run_workflow(self, args=[], kwargs={}):
-	if DEBUG > 1:
+	if CONFIG.debug.level > 1:
 		logger.info(f'Received workflow with args {args} and kwargs {kwargs}')
 	if 'context' not in kwargs:
 		kwargs['context'] = {}
@@ -173,7 +168,7 @@ def run_workflow(self, args=[], kwargs={}):
 
 @app.task(bind=True)
 def run_scan(self, args=[], kwargs={}):
-	if DEBUG > 1:
+	if CONFIG.debug.level > 1:
 		logger.info(f'Received scan with args {args} and kwargs {kwargs}')
 	if 'context' not in kwargs:
 		kwargs['context'] = {}

secator/cli.py

@@ -1,8 +1,11 @@
 import json
 import os
 import re
+import shutil
 import sys
 
+from pathlib import Path
+
 import rich_click as click
 from dotmap import DotMap
 from fp.fp import FreeProxy
@@ -11,21 +14,20 @@ from rich.live import Live
 from rich.markdown import Markdown
 from rich.rule import Rule
 
-from secator.config import ConfigLoader
+from secator.config import CONFIG, ROOT_FOLDER, Config, default_config, config_path
+from secator.template import TemplateLoader
 from secator.decorators import OrderedGroup, register_runner
-from secator.definitions import (ADDONS_ENABLED, ASCII, CVES_FOLDER, DATA_FOLDER, DEV_PACKAGE, OPT_NOT_SUPPORTED,
-								 PAYLOADS_FOLDER, REVSHELLS_FOLDER, ROOT_FOLDER, VERSION)
-from secator.installer import ToolInstaller, get_version_info, get_health_table, fmt_health_table_row
+from secator.definitions import ADDONS_ENABLED, ASCII, DEV_PACKAGE, OPT_NOT_SUPPORTED, VERSION
+from secator.installer import ToolInstaller, fmt_health_table_row, get_health_table, get_version_info
 from secator.rich import console
 from secator.runners import Command
 from secator.serializers.dataclass import loads_dataclass
-from secator.utils import (debug, detect_host, discover_tasks, find_list_item, flatten,
-						   print_results_table, print_version)
+from secator.utils import debug, detect_host, discover_tasks, flatten, print_results_table, print_version
 
 click.rich_click.USE_RICH_MARKUP = True
 
 ALL_TASKS = discover_tasks()
-ALL_CONFIGS = ConfigLoader.load_all()
+ALL_CONFIGS = TemplateLoader.load_all()
 ALL_WORKFLOWS = ALL_CONFIGS.workflow
 ALL_SCANS = ALL_CONFIGS.scan
 
@@ -107,8 +109,14 @@ for config in sorted(ALL_SCANS, key=lambda x: x['name']):
 def worker(hostname, concurrency, reload, queue, pool, check, dev, stop, show):
 	"""Run a worker."""
 	if not ADDONS_ENABLED['worker']:
-		console.print('[bold red]Missing worker addon: please run `secator install addons worker`[/].')
+		console.print('[bold red]Missing worker addon: please run [bold green4]secator install addons worker[/][/].')
 		sys.exit(1)
+	broker_protocol = CONFIG.celery.broker_url.split('://')[0]
+	backend_protocol = CONFIG.celery.result_backend.split('://')[0]
+	if CONFIG.celery.broker_url:
+		if (broker_protocol == 'redis' or backend_protocol == 'redis') and not ADDONS_ENABLED['redis']:
+			console.print('[bold red]Missing `redis` addon: please run [bold green4]secator install addons redis[/][/].')
+			sys.exit(1)
 	from secator.celery import app, is_celery_worker_alive
 	debug('conf', obj=dict(app.conf), obj_breaklines=True, sub='celery.app.conf', level=4)
 	debug('registered tasks', obj=list(app.tasks.keys()), obj_breaklines=True, sub='celery.tasks', level=4)
@@ -155,6 +163,9 @@ def util():
 @click.option('--number', '-n', type=int, default=1, help='Number of proxies')
 def proxy(timeout, number):
 	"""Get random proxies from FreeProxy."""
+	if CONFIG.offline_mode:
+		console.print('[bold red]Cannot run this command in offline mode.[/]')
+		return
 	proxy = FreeProxy(timeout=timeout, rand=True, anonym=True)
 	for _ in range(number):
 		url = proxy.get()
@@ -177,12 +188,17 @@ def revshell(name, host, port, interface, listen, force):
 				f'Interface "{interface}" could not be found. Run "ifconfig" to see the list of available interfaces.',
 				style='bold red')
 			return
+		else:
+			console.print(f'[bold green]Detected host IP: [bold orange1]{host}[/].[/]')
 
 	# Download reverse shells JSON from repo
-	revshells_json = f'{REVSHELLS_FOLDER}/revshells.json'
+	revshells_json = f'{CONFIG.dirs.revshells}/revshells.json'
 	if not os.path.exists(revshells_json) or force:
+		if CONFIG.offline_mode:
+			console.print('[bold red]Cannot run this command in offline mode.[/]')
+			return
 		ret = Command.execute(
-			f'wget https://raw.githubusercontent.com/freelabz/secator/main/scripts/revshells.json && mv revshells.json {REVSHELLS_FOLDER}',  # noqa: E501
+			f'wget https://raw.githubusercontent.com/freelabz/secator/main/scripts/revshells.json && mv revshells.json {CONFIG.dirs.revshells}',  # noqa: E501
 			cls_attributes={'shell': True}
 		)
 		if not ret.return_code == 0:
@@ -241,42 +257,12 @@ def revshell(name, host, port, interface, listen, force):
 
 
 @util.command()
-@click.option('--directory', '-d', type=str, default=PAYLOADS_FOLDER, show_default=True, help='HTTP server directory')
+@click.option('--directory', '-d', type=str, default=CONFIG.dirs.payloads, help='HTTP server directory')
 @click.option('--host', '-h', type=str, default=None, help='HTTP host')
 @click.option('--port', '-p', type=int, default=9001, help='HTTP server port')
 @click.option('--interface', '-i', type=str, default=None, help='Interface to use to auto-detect host IP')
 def serve(directory, host, port, interface):
 	"""Run HTTP server to serve payloads."""
-	LSE_URL = 'https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh'
-	LINPEAS_URL = 'https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh'
-	SUDOKILLER_URL = 'https://raw.githubusercontent.com/TH3xACE/SUDO_KILLER/V3/SUDO_KILLERv3.sh'
-	PAYLOADS = [
-		{
-			'fname': 'lse.sh',
-			'description': 'Linux Smart Enumeration',
-			'command': f'wget {LSE_URL} -O lse.sh && chmod 700 lse.sh'
-		},
-		{
-			'fname': 'linpeas.sh',
-			'description': 'Linux Privilege Escalation Awesome Script',
-			'command': f'wget {LINPEAS_URL} -O linpeas.sh && chmod 700 linpeas.sh'
-		},
-		{
-			'fname': 'sudo_killer.sh',
-			'description': 'SUDO_KILLER',
-			'command': f'wget {SUDOKILLER_URL} -O sudo_killer.sh && chmod 700 sudo_killer.sh'
-		}
-	]
-	for ix, payload in enumerate(PAYLOADS):
-		descr = payload.get('description', '')
-		fname = payload['fname']
-		if not os.path.exists(f'{directory}/{fname}'):
-			with console.status(f'[bold yellow][{ix}/{len(PAYLOADS)}] Downloading {fname} [dim]({descr})[/] ...[/]'):
-				cmd = payload['command']
-				console.print(f'[bold magenta]{fname} [dim]({descr})[/] ...[/]', )
-				Command.execute(cmd, cls_attributes={'shell': True}, cwd=directory)
-		console.print()
-
 	console.print(Rule())
 	console.print(f'Available payloads in {directory}: ', style='bold yellow')
 	for fname in os.listdir(directory):
@@ -287,9 +273,7 @@ def serve(directory, host, port, interface):
 					f'Interface "{interface}" could not be found. Run "ifconfig" to see the list of interfaces.',
 					style='bold red')
 				return
-		payload = find_list_item(PAYLOADS, fname, key='fname', default={})
-		fdescr = payload.get('description', 'No description')
-		console.print(f'{fname} [dim]({fdescr})[/]', style='bold magenta')
+		console.print(f'{fname} [dim][/]', style='bold magenta')
 		console.print(f'wget http://{host}:{port}/{fname}', style='dim italic')
 		console.print('')
 	console.print(Rule())
@@ -396,7 +380,7 @@ def build():
 def build_pypi():
 	"""Build secator PyPI package."""
 	if not ADDONS_ENABLED['build']:
-		console.print('[bold red]Missing build addon: please run `secator install addons build`')
+		console.print('[bold red]Missing build addon: please run [bold green4]secator install addons build[/][/]')
 		sys.exit(1)
 	with console.status('[bold gold3]Building PyPI package...[/]'):
 		ret = Command.execute(f'{sys.executable} -m hatch build', name='hatch build', cwd=ROOT_FOLDER)
@@ -432,7 +416,7 @@ def publish():
 def publish_pypi():
 	"""Publish secator PyPI package."""
 	if not ADDONS_ENABLED['build']:
-		console.print('[bold red]Missing build addon: please run `secator install addons build`')
+		console.print('[bold red]Missing build addon: please run [bold green4]secator install addons build[/][/]')
 		sys.exit(1)
 	os.environ['HATCH_INDEX_USER'] = '__token__'
 	hatch_token = os.environ.get('HATCH_INDEX_AUTH')
@@ -461,6 +445,84 @@ def publish_docker(tag, latest):
 		sys.exit(ret.return_code)
 
 
+#--------#
+# CONFIG #
+#--------#
+
+@cli.group(aliases=['c'])
+def config():
+	"""View or edit config."""
+	pass
+
+
+@config.command('get')
+@click.option('--full', is_flag=True, help='Show full config (with defaults)')
+@click.argument('key', required=False)
+def config_get(full, key=None):
+	"""Get config value."""
+	if key is None:
+		partial = not full and CONFIG != default_config
+		CONFIG.print(partial=partial)
+		return
+	CONFIG.get(key)
+
+
+@config.command('set')
+@click.argument('key')
+@click.argument('value')
+def config_set(key, value):
+	"""Set config value."""
+	CONFIG.set(key, value)
+	config = CONFIG.validate()
+	if config:
+		CONFIG.get(key)
+		saved = CONFIG.save()
+		if not saved:
+			return
+		console.print(f'[bold green]:tada: Saved config to [/]{CONFIG._path}')
+	else:
+		console.print('[bold red]:x: Invalid config, not saving it.')
+
+
+@config.command('edit')
+@click.option('--resume', is_flag=True)
+def config_edit(resume):
+	"""Edit config."""
+	tmp_config = CONFIG.dirs.data / 'config.yml.patch'
+	if not tmp_config.exists() or not resume:
+		shutil.copyfile(config_path, tmp_config)
+	click.edit(filename=tmp_config)
+	config = Config.parse(path=tmp_config)
+	if config:
+		config.save(config_path)
+		console.print(f'\n[bold green]:tada: Saved config to [/]{config_path}.')
+		tmp_config.unlink()
+	else:
+		console.print('\n[bold green]Hint:[/] Run "secator config edit --resume" to edit your patch and fix issues.')
+
+
+@config.command('default')
+@click.option('--save', type=str, help='Save default config to file.')
+def config_default(save):
+	"""Get default config."""
+	default_config.print(partial=False)
+	if save:
+		default_config.save(target_path=Path(save), partial=False)
+		console.print(f'\n[bold green]:tada: Saved default config to [/]{save}.')
+
+
+# TODO: implement reset method
+# @_config.command('reset')
+# @click.argument('key')
+# def config_reset(key):
+# 	"""Reset config value to default."""
+# 	success = CONFIG.set(key, None)
+# 	if success:
+# 		CONFIG.print()
+# 		CONFIG.save()
+# 		console.print(f'\n[bold green]:tada: Saved config to [/]{CONFIG._path}')
+
+
 #--------#
 # REPORT #
 #--------#
@@ -530,6 +592,24 @@ def health(json, debug):
 		table.add_row(*row)
 	status['secator'] = info
 
+	# Check addons
+	console.print('\n:wrench: [bold gold3]Checking installed addons ...[/]')
+	table = get_health_table()
+	with Live(table, console=console):
+		for addon in ['worker', 'google', 'mongodb', 'redis', 'dev', 'trace', 'build']:
+			addon_var = ADDONS_ENABLED[addon]
+			info = {
+				'name': addon,
+				'version': None,
+				'status': 'ok' if addon_var else 'missing',
+				'latest_version': None,
+				'installed': addon_var,
+				'location': None
+			}
+			row = fmt_health_table_row(info, 'addons')
+			table.add_row(*row)
+			status['addons'][addon] = info
+
 	# Check languages
 	console.print('\n:wrench: [bold gold3]Checking installed languages ...[/]')
 	version_cmds = {'go': 'version', 'python3': '--version', 'ruby': '--version'}
@@ -554,24 +634,6 @@ def health(json, debug):
 			table.add_row(*row)
 			status['tools'][tool.__name__] = info
 
-	# # Check addons
-	console.print('\n:wrench: [bold gold3]Checking installed addons ...[/]')
-	table = get_health_table()
-	with Live(table, console=console):
-		for addon in ['worker', 'google', 'mongodb', 'redis', 'dev', 'trace', 'build']:
-			addon_var = ADDONS_ENABLED[addon]
-			info = {
-				'name': addon,
-				'version': None,
-				'status': 'ok' if addon_var else 'missing',
-				'latest_version': None,
-				'installed': addon_var,
-				'location': None
-			}
-			row = fmt_health_table_row(info, 'addons')
-			table.add_row(*row)
-			status['addons'][addon] = info
-
 	# Print JSON health
 	if json:
 		import json as _json
@@ -583,6 +645,9 @@ def health(json, debug):
 
 
 def run_install(cmd, title, next_steps=None):
+	if CONFIG.offline_mode:
+		console.print('[bold red]Cannot run this command in offline mode.[/]')
+		return
 	with console.status(f'[bold yellow] Installing {title}...'):
 		ret = Command.execute(cmd, cls_attributes={'shell': True}, print_cmd=True, print_line=True)
 		if ret.return_code != 0:
@@ -615,9 +680,9 @@ def install_worker():
 		cmd=f'{sys.executable} -m pip install secator[worker]',
 		title='worker addon',
 		next_steps=[
-			'Run "secator worker" to run a Celery worker using the file system as a backend and broker.',
-			'Run "secator x httpx testphp.vulnweb.com" to admire your task running in a worker.',
-			'[dim]\[optional][/dim] Run "secator install addons redis" to install the Redis addon.'
+			'Run [bold green4]secator worker[/] to run a Celery worker using the file system as a backend and broker.',
+			'Run [bold green4]secator x httpx testphp.vulnweb.com[/] to admire your task running in a worker.',
+			'[dim]\[optional][/dim] Run [bold green4]secator install addons redis[/] to setup Redis backend / broker.'
 		]
 	)
 
@@ -629,8 +694,9 @@ def install_google():
 		cmd=f'{sys.executable} -m pip install secator[google]',
 		title='google addon',
 		next_steps=[
-			'Set the "GOOGLE_CREDENTIALS_PATH" and "GOOGLE_DRIVE_PARENT_FOLDER_ID" environment variables.',
-			'Run "secator x httpx testphp.vulnweb.com -o gdrive" to admire your results flowing to Google Drive.'
+			'Run [bold green4]secator config set addons.google.credentials_path <VALUE>[/].',
+			'Run [bold green4]secator config set addons.google.drive_parent_folder_id <VALUE>[/].',
+			'Run [bold green4]secator x httpx testphp.vulnweb.com -o gdrive[/] to send reports to Google Drive.'
 		]
 	)
 
@@ -642,9 +708,9 @@ def install_mongodb():
 		cmd=f'{sys.executable} -m pip install secator[mongodb]',
 		title='mongodb addon',
 		next_steps=[
-			'[dim]\[optional][/] Run "docker run --name mongo -p 27017:27017 -d mongo:latest" to run a local MongoDB instance.',
-			'Set the "MONGODB_URL=mongodb://<url>" environment variable pointing to your MongoDB instance.',
-			'Run "secator x httpx testphp.vulnweb.com -driver mongodb" to save results to MongoDB.'
+			'[dim]\[optional][/] Run [bold green4]docker run --name mongo -p 27017:27017 -d mongo:latest[/] to run a local MongoDB instance.',  # noqa: E501
+			'Run [bold green4]secator config set addons.mongodb.url mongodb://<URL>[/].',
+			'Run [bold green4]secator x httpx testphp.vulnweb.com -driver mongodb[/] to save results to MongoDB.'
 		]
 	)
 
@@ -656,11 +722,11 @@ def install_redis():
 		cmd=f'{sys.executable} -m pip install secator[redis]',
 		title='redis addon',
 		next_steps=[
-			'[dim]\[optional][/] Run "docker run --name redis -p 6379:6379 -d redis" to run a local Redis instance.',
-			'Set the "CELERY_BROKER_URL=redis://<url>" environment variable pointing to your Redis instance.',
-			'Set the "CELERY_RESULT_BACKEND=redis://<url>" environment variable pointing to your Redis instance.',
-			'Run "secator worker" to run a worker.',
-			'Run "secator x httpx testphp.vulnweb.com" to run a test task.'
+			'[dim]\[optional][/] Run [bold green4]docker run --name redis -p 6379:6379 -d redis[/] to run a local Redis instance.',  # noqa: E501
+			'Run [bold green4]secator config set celery.broker_url redis://<URL>[/]',
+			'Run [bold green4]secator config set celery.result_backend redis://<URL>[/]',
+			'Run [bold green4]secator worker[/] to run a worker.',
+			'Run [bold green4]secator x httpx testphp.vulnweb.com[/] to run a test task.'
 		]
 	)
 
@@ -672,9 +738,9 @@ def install_dev():
 		cmd=f'{sys.executable} -m pip install secator[dev]',
 		title='dev addon',
 		next_steps=[
-			'Run "secator test lint" to run lint tests.',
-			'Run "secator test unit" to run unit tests.',
-			'Run "secator test integration" to run integration tests.',
+			'Run [bold green4]secator test lint[/] to run lint tests.',
+			'Run [bold green4]secator test unit[/] to run unit tests.',
+			'Run [bold green4]secator test integration[/] to run integration tests.',
 		]
 	)
 
@@ -686,9 +752,6 @@ def install_trace():
 		cmd=f'{sys.executable} -m pip install secator[trace]',
 		title='dev addon',
 		next_steps=[
-			'Run "secator test lint" to run lint tests.',
-			'Run "secator test unit" to run unit tests.',
-			'Run "secator test integration" to run integration tests.',
 		]
 	)
 
@@ -700,9 +763,10 @@ def install_build():
 		cmd=f'{sys.executable} -m pip install secator[build]',
 		title='build addon',
 		next_steps=[
-			'Run "secator test lint" to run lint tests.',
-			'Run "secator test unit" to run unit tests.',
-			'Run "secator test integration" to run integration tests.',
+			'Run [bold green4]secator u build pypi[/] to build the PyPI package.',
+			'Run [bold green4]secator u publish pypi[/] to publish the PyPI package.',
+			'Run [bold green4]secator u build docker[/] to build the Docker image.',
+			'Run [bold green4]secator u publish docker[/] to publish the Docker image.',
 		]
 	)
 
@@ -738,6 +802,9 @@ def install_ruby():
 @click.argument('cmds', required=False)
 def install_tools(cmds):
 	"""Install supported tools."""
+	if CONFIG.offline_mode:
+		console.print('[bold red]Cannot run this command in offline mode.[/]')
+		return
 	if cmds is not None:
 		cmds = cmds.split(',')
 		tools = [cls for cls in ALL_TASKS if cls.__name__ in cmds]
@@ -754,18 +821,21 @@ def install_tools(cmds):
 @click.option('--force', is_flag=True)
 def install_cves(force):
 	"""Install CVEs (enables passive vulnerability search)."""
-	cve_json_path = f'{CVES_FOLDER}/circl-cve-search-expanded.json'
+	if CONFIG.offline_mode:
+		console.print('[bold red]Cannot run this command in offline mode.[/]')
+		return
+	cve_json_path = f'{CONFIG.dirs.cves}/circl-cve-search-expanded.json'
 	if not os.path.exists(cve_json_path) or force:
 		with console.status('[bold yellow]Downloading zipped CVEs from cve.circl.lu ...[/]'):
-			Command.execute('wget https://cve.circl.lu/static/circl-cve-search-expanded.json.gz', cwd=CVES_FOLDER)
+			Command.execute('wget https://cve.circl.lu/static/circl-cve-search-expanded.json.gz', cwd=CONFIG.dirs.cves)
 		with console.status('[bold yellow]Unzipping CVEs ...[/]'):
-			Command.execute(f'gunzip {CVES_FOLDER}/circl-cve-search-expanded.json.gz', cwd=CVES_FOLDER)
-	with console.status(f'[bold yellow]Installing CVEs to {CVES_FOLDER} ...[/]'):
+			Command.execute(f'gunzip {CONFIG.dirs.cves}/circl-cve-search-expanded.json.gz', cwd=CONFIG.dirs.cves)
+	with console.status(f'[bold yellow]Installing CVEs to {CONFIG.dirs.cves} ...[/]'):
 		with open(cve_json_path, 'r') as f:
 			for line in f:
 				data = json.loads(line)
 				cve_id = data['id']
-				cve_path = f'{CVES_FOLDER}/{cve_id}.json'
+				cve_path = f'{CONFIG.dirs.cves}/{cve_id}.json'
 				with open(cve_path, 'w') as f:
 					f.write(line)
 				console.print(f'CVE saved to {cve_path}')
@@ -779,6 +849,9 @@ def install_cves(force):
 @cli.command('update')
 def update():
 	"""[dim]Update to latest version.[/]"""
+	if CONFIG.offline_mode:
+		console.print('[bold red]Cannot run this command in offline mode.[/]')
+		return
 	info = get_version_info('secator', github_handle='freelabz/secator', version=VERSION)
 	latest_version = info['latest_version']
 	if info['status'] == 'latest':
@@ -806,7 +879,7 @@ def alias():
 @click.pass_context
 def enable_aliases(ctx):
 	"""Enable aliases."""
-	fpath = f'{DATA_FOLDER}/.aliases'
+	fpath = f'{CONFIG.dirs.data}/.aliases'
 	aliases = ctx.invoke(list_aliases, silent=True)
 	aliases_str = '\n'.join(aliases)
 	with open(fpath, 'w') as f:
@@ -828,7 +901,7 @@ echo "source {fpath} >> ~/.bashrc" # or add this line to your ~/.bashrc to load
 @click.pass_context
 def disable_aliases(ctx):
 	"""Disable aliases."""
-	fpath = f'{DATA_FOLDER}/.unalias'
+	fpath = f'{CONFIG.dirs.data}/.unalias'
 	aliases = ctx.invoke(list_aliases, silent=True)
 	aliases_str = ''
 	for alias in aliases:
@@ -894,7 +967,7 @@ def test():
 		console.print('[bold red]You MUST use a development version of secator to run tests.[/]')
 		sys.exit(1)
 	if not ADDONS_ENABLED['dev']:
-		console.print('[bold red]Missing dev addon: please run `secator install addons dev`')
+		console.print('[bold red]Missing dev addon: please run [bold green4]secator install addons dev[/][/]')
 		sys.exit(1)
 	pass
 
@@ -930,9 +1003,9 @@ def unit(tasks, workflows, scans, test, debug=False):
 	os.environ['TEST_TASKS'] = tasks or ''
 	os.environ['TEST_WORKFLOWS'] = workflows or ''
 	os.environ['TEST_SCANS'] = scans or ''
-	os.environ['DEBUG'] = str(debug)
-	os.environ['DEFAULT_STORE_HTTP_RESPONSES'] = '0'
-	os.environ['DEFAULT_SKIP_CVE_SEARCH'] = '1'
+	os.environ['SECATOR_DEBUG_LEVEL'] = str(debug)
+	os.environ['SECATOR_HTTP_STORE_RESPONSES'] = '0'
+	os.environ['SECATOR_RUNNERS_SKIP_CVE_SEARCH'] = '1'
 
 	cmd = f'{sys.executable} -m coverage run --omit="*test*" -m unittest'
 	if test:
@@ -955,8 +1028,17 @@ def integration(tasks, workflows, scans, test, debug):
 	os.environ['TEST_TASKS'] = tasks or ''
 	os.environ['TEST_WORKFLOWS'] = workflows or ''
 	os.environ['TEST_SCANS'] = scans or ''
-	os.environ['DEBUG'] = str(debug)
-	os.environ['DEFAULT_SKIP_CVE_SEARCH'] = '1'
+	os.environ['SECATOR_DEBUG_LEVEL'] = str(debug)
+	os.environ['SECATOR_RUNNERS_SKIP_CVE_SEARCH'] = '1'
+	os.environ['SECATOR_DIRS_DATA'] = '/tmp/data'
+	os.environ['SECATOR_DIRS_REPORTS'] = '/tmp/data/reports'
+	os.environ['SECATOR_DIRS_CELERY'] = '/tmp/celery'
+	os.environ['SECATOR_DIRS_CELERY_DATA'] = '/tmp/celery/data'
+	os.environ['SECATOR_DIRS_CELERY_RESULTS'] = '/tmp/celery/results'
+	import shutil
+	for path in ['/tmp/data', '/tmp/celery', '/tmp/celery/data', '/tmp/celery/results']:
+		shutil.rmtree(path, ignore_errors=True)
+
 	cmd = f'{sys.executable} -m unittest'
 	if test:
 		if not test.startswith('tests.integration'):