secator 0.5.2__py3-none-any.whl → 0.7.0__py3-none-any.whl

secator/tasks/msfconsole.py

@@ -21,7 +21,6 @@ class msfconsole(VulnMulti):
 	input_type = HOST
 	input_chunk_size = 1
 	output_types = []
-	output_return_type = str
 	opt_prefix = '--'
 	opts = {
 		'resource': {'type': str, 'help': 'Metasploit resource script.', 'short': 'r'},
@@ -40,19 +39,11 @@ class msfconsole(VulnMulti):
 		THREADS: OPT_NOT_SUPPORTED,
 		TIMEOUT: OPT_NOT_SUPPORTED,
 		USER_AGENT: OPT_NOT_SUPPORTED,
-		THREADS: OPT_NOT_SUPPORTED,
 	}
 	encoding = 'ansi'
 	ignore_return_code = True
 	# install_cmd = 'wget -O - https://raw.githubusercontent.com/freelabz/secator/main/scripts/msfinstall.sh | sh'
 
-	@staticmethod
-	def validate_input(self, input):
-		"""No list input supported for this command. Pass a single input instead."""
-		if isinstance(input, list):
-			return False
-		return True
-
 	@staticmethod
 	def on_init(self):
 		command = self.get_opt_value('execute_command')
@@ -61,14 +52,14 @@ class msfconsole(VulnMulti):
 		env_vars = {}
 		if environment:
 			env_vars = dict(map(lambda x: x.split('='), environment.strip().split(',')))
-		env_vars['RHOST'] = self.input
-		env_vars['RHOSTS'] = self.input
+		env_vars['RHOST'] = self.inputs[0]
+		env_vars['RHOSTS'] = self.inputs[0]
 
 		# Passing msfconsole command directly, simply add RHOST / RHOSTS from host input and run then exit
 		if command:
 			self.run_opts['msfconsole.execute_command'] = (
-				f'setg RHOST {self.input}; '
-				f'setg RHOSTS {self.input}; '
+				f'setg RHOST {self.inputs[0]}; '
+				f'setg RHOSTS {self.inputs[0]}; '
 				f'{command.format(**env_vars)}; '
 				f'exit;'
 			)
@@ -101,9 +92,6 @@ class msfconsole(VulnMulti):
 		else:
 			raise ValueError('At least one of "inline_script" or "resource_script" must be passed.')
 
-		# Clear host input
-		self.input = ''
-
 
 # TODO: This is better as it goes through an RPC API to communicate with
 # metasploit rpc server, but it does not give any output.

secator/tasks/naabu.py

@@ -3,6 +3,7 @@ from secator.definitions import (DELAY, HOST, OPT_NOT_SUPPORTED, PORT, PORTS,
 								 PROXY, RATE_LIMIT, RETRIES, STATE, THREADS,
 								 TIMEOUT, TOP_PORTS)
 from secator.output_types import Port
+from secator.serializers import JSONSerializer
 from secator.tasks._categories import ReconPort
 
 
@@ -16,7 +17,7 @@ class naabu(ReconPort):
 	opts = {
 		PORTS: {'type': str, 'short': 'p', 'help': 'Ports'},
 		TOP_PORTS: {'type': str, 'short': 'tp', 'help': 'Top ports'},
-		'scan_type': {'type': str, 'help': 'Scan type (SYN (s)/CONNECT(c))'},
+		'scan_type': {'type': str, 'short': 'st', 'help': 'Scan type (SYN (s)/CONNECT(c))'},
 		# 'health_check': {'is_flag': True, 'short': 'hc', 'help': 'Health check'}
 	}
 	opt_key_map = {
@@ -37,6 +38,7 @@ class naabu(ReconPort):
 		RETRIES: lambda x: 1 if x == 0 else x,
 		PROXY: lambda x: x.replace('socks5://', '')
 	}
+	item_loaders = [JSONSerializer()]
 	output_map = {
 		Port: {
 			PORT: lambda x: x['port'],

secator/tasks/nmap.py

@@ -8,15 +8,14 @@ from secator.config import CONFIG
 from secator.decorators import task
 from secator.definitions import (CONFIDENCE, CVSS_SCORE, DELAY,
 								 DESCRIPTION, EXTRA_DATA, FOLLOW_REDIRECT,
-								 HEADER, HOST, ID, IP, MATCHED_AT, NAME,
+								 HEADER, HOST, ID, IP, PROTOCOL, MATCHED_AT, NAME,
 								 OPT_NOT_SUPPORTED, OUTPUT_PATH, PORT, PORTS, PROVIDER,
 								 PROXY, RATE_LIMIT, REFERENCE, REFERENCES,
 								 RETRIES, SCRIPT, SERVICE_NAME, SEVERITY, STATE, TAGS,
 								 THREADS, TIMEOUT, TOP_PORTS, USER_AGENT)
-from secator.output_types import Exploit, Port, Vulnerability
-from secator.rich import console
+from secator.output_types import Exploit, Port, Vulnerability, Info, Error
 from secator.tasks._categories import VulnMulti
-from secator.utils import debug
+from secator.utils import debug, traceback_as_string
 
 logger = logging.getLogger(__name__)
 
@@ -24,7 +23,7 @@ logger = logging.getLogger(__name__)
 @task()
 class nmap(VulnMulti):
 	"""Network Mapper is a free and open source utility for network discovery and security auditing."""
-	cmd = 'nmap -sT -sV -Pn'
+	cmd = 'nmap'
 	input_flag = None
 	input_chunk_size = 1
 	file_flag = '-iL'
@@ -34,8 +33,11 @@ class nmap(VulnMulti):
 		PORTS: {'type': str, 'short': 'p', 'help': 'Ports to scan'},
 		TOP_PORTS: {'type': int, 'short': 'tp', 'help': 'Top ports to scan [full, 100, 1000]'},
 		SCRIPT: {'type': str, 'default': 'vulners', 'help': 'NSE scripts'},
-		# 'tcp_connect': {'type': bool, 'short': 'sT', 'default': False, 'help': 'TCP Connect scan'},
+		'skip_host_discovery': {'is_flag': True, 'short': 'Pn', 'default': False, 'help': 'Skip host discovery (no ping)'},
+		'version_detection': {'is_flag': True, 'short': 'sV', 'default': False, 'help': 'Version detection'},
 		'tcp_syn_stealth': {'is_flag': True, 'short': 'sS', 'default': False, 'help': 'TCP SYN Stealth'},
+		'tcp_connect': {'is_flag': True, 'short': 'sT', 'default': False, 'help': 'TCP Connect scan'},
+		'udp_scan': {'is_flag': True, 'short': 'sU', 'default': False, 'help': 'UDP scan'},
 		'output_path': {'type': str, 'short': 'oX', 'default': None, 'help': 'Output XML file path'},
 	}
 	opt_key_map = {
@@ -51,8 +53,12 @@ class nmap(VulnMulti):
 
 		# Nmap opts
 		PORTS: '-p',
+		'skip_host_discovery': '-Pn',
+		'version_detection': '-sV',
+		'tcp_connect': '-sT',
+		'tcp_syn_stealth': '-sS',
+		'udp_scan': '-sU',
 		'output_path': '-oX',
-		'tcp_syn_stealth': '-sS'
 	}
 	opt_value_map = {
 		PORTS: lambda x: ','.join([str(p) for p in x]) if isinstance(x, list) else x
@@ -75,21 +81,23 @@ class nmap(VulnMulti):
 		self.output_path = output_path
 		self.cmd += f' -oX {self.output_path}'
 		tcp_syn_stealth = self.get_opt_value('tcp_syn_stealth')
-		if tcp_syn_stealth:
+		tcp_connect = self.get_opt_value('tcp_connect')
+		udp_scan = self.get_opt_value('udp_scan')
+		if tcp_syn_stealth or udp_scan:
 			self.cmd = f'sudo {self.cmd}'
-			self.cmd = self.cmd.replace('-sT', '')
+		if tcp_connect and tcp_syn_stealth:
+			self._print(
+				'Options -sT (SYN stealth scan) and -sS (CONNECT scan) are conflicting. Keeping only -sT.',
+				'bold gold3')
+			self.cmd = self.cmd.replace('-sT ', '')
 
-	def yielder(self):
-		yield from super().yielder()
-		if self.return_code != 0:
+	@staticmethod
+	def on_cmd_done(self):
+		if not os.path.exists(self.output_path):
+			yield Error(message=f'Could not find XML results in {self.output_path}')
 			return
-		self.results = []
-		note = f'nmap XML results saved to {self.output_path}'
-		if self.print_line:
-			self._print(note)
-		if os.path.exists(self.output_path):
-			nmap_data = self.xml_to_json()
-			yield from nmap_data
+		yield Info(message=f'XML results saved to {self.output_path}')
+		yield from self.xml_to_json()
 
 	def xml_to_json(self):
 		results = []
@@ -97,12 +105,12 @@ class nmap(VulnMulti):
 			content = f.read()
 			try:
 				results = xmltodict.parse(content)  # parse XML to dict
-			except Exception as e:
-				logger.exception(e)
-				logger.error(
-					f'Cannot parse nmap XML output {self.output_path} to valid JSON.')
-		results['_host'] = self.input
-		return nmapData(results)
+			except Exception as exc:
+				yield Error(
+					message=f'Cannot parse XML output {self.output_path} to valid JSON.',
+					traceback=traceback_as_string(exc)
+				)
+		yield from nmapData(results)
 
 
 class nmapData(dict):
@@ -123,14 +131,9 @@ class nmapData(dict):
 
 				# Get extra data
 				extra_data = self._get_extra_data(port)
-				service_name = extra_data['service_name']
+				service_name = extra_data.get('service_name', '')
 				version_exact = extra_data.get('version_exact', False)
 				conf = extra_data.get('confidence')
-				if not version_exact:
-					console.print(
-						f'[bold orange1]nmap could not identify an exact version for {service_name} '
-						f'(detection confidence is {conf}): do not blindy trust the results ![/]'
-					)
 
 				# Grab CPEs
 				cpes = extra_data.get('cpe', [])
@@ -138,6 +141,9 @@ class nmapData(dict):
 				# Get script output
 				scripts = self._get_scripts(port)
 
+				# Get port protocol
+				protocol = port['@protocol'].lower()
+
 				# Yield port data
 				port = {
 					PORT: port_number,
@@ -145,7 +151,9 @@ class nmapData(dict):
 					STATE: state,
 					SERVICE_NAME: service_name,
 					IP: ip,
-					EXTRA_DATA: extra_data
+					PROTOCOL: protocol,
+					EXTRA_DATA: extra_data,
+					CONFIDENCE: conf
 				}
 				yield port
 
@@ -197,7 +205,6 @@ class nmapData(dict):
 
 	def _get_hostname(self, host_cfg):
 		hostnames = host_cfg.get('hostnames', {})
-		hostname = self['_host']
 		if hostnames:
 			hostnames = hostnames.get('hostname', [])
 			if isinstance(hostnames, dict):
@@ -205,11 +212,19 @@ class nmapData(dict):
 			if hostnames:
 				hostname = hostnames[0]['@name']
 		else:
-			hostname = host_cfg.get('address', {}).get('@addr', None)
+			hostname = self._get_address(host_cfg).get('@addr', None)
 		return hostname
 
+	def _get_address(self, host_cfg):
+		if isinstance(host_cfg.get('address', {}), list):
+			addresses = host_cfg.get('address', {})
+			for address in addresses:
+				if address.get('@addrtype') == "ipv4":
+					return address
+		return host_cfg.get('address', {})
+
 	def _get_ip(self, host_cfg):
-		return host_cfg.get('address', {}).get('@addr', None)
+		return self._get_address(host_cfg).get('@addr', None)
 
 	def _get_extra_data(self, port_cfg):
 		extra_data = {

secator/tasks/nuclei.py

@@ -4,15 +4,16 @@ from secator.definitions import (CONFIDENCE, CVSS_SCORE, DELAY, DESCRIPTION,
 								 MATCHED_AT, NAME, OPT_NOT_SUPPORTED, PERCENT,
 								 PROVIDER, PROXY, RATE_LIMIT, REFERENCES,
 								 RETRIES, SEVERITY, TAGS, THREADS, TIMEOUT,
-								 USER_AGENT, DEFAULT_NUCLEI_FLAGS)
+								 USER_AGENT)
 from secator.output_types import Progress, Vulnerability
+from secator.serializers import JSONSerializer
 from secator.tasks._categories import VulnMulti
 
 
 @task()
 class nuclei(VulnMulti):
 	"""Fast and customisable vulnerability scanner based on simple YAML based DSL."""
-	cmd = f'nuclei {DEFAULT_NUCLEI_FLAGS}'
+	cmd = 'nuclei'
 	file_flag = '-l'
 	input_flag = '-u'
 	json_flag = '-jsonl'
@@ -23,6 +24,11 @@ class nuclei(VulnMulti):
 		'exclude_severity': {'type': str, 'short': 'es', 'help': 'Exclude severity'},
 		'template_id': {'type': str, 'short': 'tid', 'help': 'Template id'},
 		'debug': {'type': str, 'help': 'Debug mode'},
+		'stats': {'is_flag': True, 'short': 'stats', 'default': True, 'help': 'Display statistics about the running scan'},
+		'stats_json': {'is_flag': True, 'short': 'sj', 'default': True, 'help': 'Display statistics in JSONL(ines) format'},
+		'stats_interval': {'type': str, 'short': 'si', 'default': 20, 'help': 'Number of seconds to wait between showing a statistics update'},  # noqa: E501
+		'hang_monitor': {'is_flag': True, 'short': 'hm', 'default': True, 'help': 'Enable nuclei hang monitoring'},
+		'omit_raw': {'is_flag': True, 'short': 'or', 'default': True, 'help': 'Omit requests/response pairs in the JSON, JSONL, and Markdown outputs (for findings only)'}  # noqa: E501
 	}
 	opt_key_map = {
 		HEADER: 'header',
@@ -45,6 +51,7 @@ class nuclei(VulnMulti):
 		'templates': lambda x: ','.join(x) if isinstance(x, list) else x,
 		'exclude_tags': lambda x: ','.join(x) if isinstance(x, list) else x,
 	}
+	item_loaders = [JSONSerializer()]
 	output_types = [Vulnerability, Progress]
 	output_map = {
 		Vulnerability: {

secator/tasks/searchsploit.py

@@ -5,6 +5,7 @@ from secator.definitions import (CVES, EXTRA_DATA, ID, MATCHED_AT, NAME,
 								 PROVIDER, REFERENCE, TAGS, OPT_NOT_SUPPORTED)
 from secator.output_types import Exploit
 from secator.runners import Command
+from secator.serializers import JSONSerializer
 
 
 SEARCHSPLOIT_TITLE_REGEX = re.compile(r'^((?:[a-zA-Z\-_!\.()]+\d?\s?)+)\.?\s*(.*)$')
@@ -21,6 +22,7 @@ class searchsploit(Command):
 		'strict': {'short': 's', 'is_flag': True, 'default': False, 'help': 'Strict match'}
 	}
 	opt_key_map = {}
+	item_loaders = [JSONSerializer()]
 	output_types = [Exploit]
 	output_map = {
 		Exploit: {
@@ -56,14 +58,15 @@ class searchsploit(Command):
 
 	@staticmethod
 	def before_init(self):
-		_in = self.input
+		if len(self.inputs) == 0:
+			return
+		_in = self.inputs[0]
 		self.matched_at = None
 		if '~' in _in:
 			split = _in.split('~')
 			self.matched_at = split[0]
-			self.input = split[1]
-		if isinstance(self.input, str):
-			self.input = self.input.replace('httpd', '').replace('/', ' ')
+			self.inputs[0] = split[1]
+		self.inputs[0] = self.inputs[0].replace('httpd', '').replace('/', ' ')
 
 	@staticmethod
 	def on_item_pre_convert(self, item):
@@ -80,12 +83,17 @@ class searchsploit(Command):
 			group = match.groups()
 			product = '-'.join(group[0].strip().split(' '))
 			if len(group[1]) > 1:
-				versions, title = tuple(group[1].split(' - '))
-				item.name = title
-				product_info = [f'{product.lower()} {v.strip()}' for v in versions.split('/')]
-				item.tags = product_info + item.tags
+				try:
+					versions, title = tuple(group[1].split(' - '))
+					item.name = title
+					product_info = [f'{product.lower()} {v.strip()}' for v in versions.split('/')]
+					item.tags = product_info + item.tags
+				except ValueError:
+					item.name = item.name.split(' - ')[-1]
+					item.tags = [product.lower()]
+					pass
 			# else:
 			# 	self._print(f'[bold red]{item.name} ({item.reference}) did not quite match SEARCHSPLOIT_TITLE_REGEX. Please report this issue.[/]')  # noqa: E501
-		input_tag = '-'.join(self.input.replace('\'', '').split(' '))
+		input_tag = '-'.join(self.inputs[0].replace('\'', '').split(' '))
 		item.tags = [input_tag] + item.tags
 		return item

secator/tasks/subfinder.py

@@ -2,6 +2,7 @@ from secator.decorators import task
 from secator.definitions import (DELAY, DOMAIN, OPT_NOT_SUPPORTED, PROXY,
 							   RATE_LIMIT, RETRIES, THREADS, TIMEOUT)
 from secator.output_types import Subdomain
+from secator.serializers import JSONSerializer
 from secator.tasks._categories import ReconDns
 
 
@@ -23,6 +24,7 @@ class subfinder(ReconDns):
 	opt_value_map = {
 		PROXY: lambda x: x.replace('http://', '').replace('https://', '') if x else None
 	}
+	item_loaders = [JSONSerializer()]
 	output_map = {
 		Subdomain: {
 			DOMAIN: 'input',
@@ -38,4 +40,6 @@ class subfinder(ReconDns):
 
 	@staticmethod
 	def validate_item(self, item):
-		return item['input'] != 'localhost'
+		if isinstance(item, dict):
+			return item['input'] != 'localhost'
+		return True

secator/tasks/wpscan.py

@@ -8,7 +8,7 @@ from secator.definitions import (CONFIDENCE, CVSS_SCORE, DELAY, DESCRIPTION,
 							   PROXY, RATE_LIMIT, REFERENCES, RETRIES,
 							   SEVERITY, TAGS, THREADS, TIMEOUT,
 							   URL, USER_AGENT)
-from secator.output_types import Tag, Vulnerability
+from secator.output_types import Tag, Vulnerability, Info, Error
 from secator.tasks._categories import VulnHttp
 
 
@@ -73,105 +73,91 @@ class wpscan(VulnHttp):
 	ignore_return_code = True
 	profile = 'io'
 
-	def yielder(self):
-		prev = self.print_item_count
-		self.print_item_count = False
-		yield from super().yielder()
-		if self.return_code != 0:
-			return
-		self.results = []
-		if not self.output_json:
-			return
+	@staticmethod
+	def on_init(self):
+		output_path = self.get_opt_value(OUTPUT_PATH)
+		if not output_path:
+			output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
+		self.output_path = output_path
+		self.cmd += f' -o {self.output_path}'
 
-		note = f'wpscan JSON results saved to {self.output_path}'
-		if self.print_line:
-			self._print(note)
+	@staticmethod
+	def on_cmd_done(self):
+		if not os.path.exists(self.output_path):
+			yield Error(message=f'Could not find JSON results in {self.output_path}')
+			return
 
-		if os.path.exists(self.output_path):
-			with open(self.output_path, 'r') as f:
-				data = json.load(f)
+		yield Info(message=f'JSON results saved to {self.output_path}')
+		with open(self.output_path, 'r') as f:
+			data = json.load(f)
 
-			if self.orig:
-				yield data
-				return
+		# Get URL
+		target = data.get('target_url', self.inputs[0])
 
-			# Get URL
-			target = data.get('target_url', self.targets)
+		# Wordpress version
+		version = data.get('version', {})
+		if version:
+			wp_version = version['number']
+			wp_version_status = version['status']
+			if wp_version_status == 'outdated':
+				vuln = version
+				vuln.update({
+					'url': target,
+					'to_s': 'Wordpress outdated version',
+					'type': wp_version,
+					'references': {},
+				})
+				yield vuln
 
-			# Wordpress version
-			version = data.get('version', {})
+		# Main theme
+		main_theme = data.get('main_theme', {})
+		if main_theme:
+			version = main_theme.get('version', {})
+			slug = main_theme['slug']
+			location = main_theme['location']
 			if version:
-				wp_version = version['number']
-				wp_version_status = version['status']
-				if wp_version_status == 'outdated':
-					vuln = version
-					vuln.update({
-						'url': target,
-						'to_s': 'Wordpress outdated version',
-						'type': wp_version,
-						'references': {},
-					})
-					yield vuln
-
-			# Main theme
-			main_theme = data.get('main_theme', {})
-			if main_theme:
-				version = main_theme.get('version', {})
-				slug = main_theme['slug']
-				location = main_theme['location']
-				if version:
-					number = version['number']
-					latest_version = main_theme.get('latest_version')
-					yield Tag(
-						name=f'Wordpress theme - {slug} {number}',
-						match=target,
-						extra_data={
-							'url': location,
-							'latest_version': latest_version
-						}
+				number = version['number']
+				latest_version = main_theme.get('latest_version')
+				yield Tag(
+					name=f'Wordpress theme - {slug} {number}',
+					match=target,
+					extra_data={
+						'url': location,
+						'latest_version': latest_version
+					}
+				)
+				if (latest_version and number < latest_version):
+					yield Vulnerability(
+						matched_at=target,
+						name=f'Wordpress theme - {slug} {number} outdated',
+						severity='info'
 					)
-					if (latest_version and number < latest_version):
-						yield Vulnerability(
-							matched_at=target,
-							name=f'Wordpress theme - {slug} {number} outdated',
-							severity='info'
-						)
 
-			# Interesting findings
-			interesting_findings = data.get('interesting_findings', [])
-			for item in interesting_findings:
-				yield item
+		# Interesting findings
+		interesting_findings = data.get('interesting_findings', [])
+		for item in interesting_findings:
+			yield item
 
-			# Plugins
-			plugins = data.get('plugins', {})
-			for _, data in plugins.items():
-				version = data.get('version', {})
-				slug = data['slug']
-				location = data['location']
-				if version:
-					number = version['number']
-					latest_version = data.get('latest_version')
-					yield Tag(
-						name=f'Wordpress plugin - {slug} {number}',
-						match=target,
-						extra_data={
-							'url': location,
-							'latest_version': latest_version
-						}
+		# Plugins
+		plugins = data.get('plugins', {})
+		for _, data in plugins.items():
+			version = data.get('version', {})
+			slug = data['slug']
+			location = data['location']
+			if version:
+				number = version['number']
+				latest_version = data.get('latest_version')
+				yield Tag(
+					name=f'Wordpress plugin - {slug} {number}',
+					match=target,
+					extra_data={
+						'url': location,
+						'latest_version': latest_version
+					}
+				)
+				if (latest_version and number < latest_version):
+					yield Vulnerability(
+						matched_at=target,
+						name=f'Wordpress plugin - {slug} {number} outdated',
+						severity='info'
 					)
-					if (latest_version and number < latest_version):
-						yield Vulnerability(
-							matched_at=target,
-							name=f'Wordpress plugin - {slug} {number} outdated',
-							severity='info'
-						)
-
-		self.print_item_count = prev
-
-	@staticmethod
-	def on_init(self):
-		output_path = self.get_opt_value(OUTPUT_PATH)
-		if not output_path:
-			output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
-		self.output_path = output_path
-		self.cmd += f' -o {self.output_path}'