secator 0.6.0__py3-none-any.whl → 0.8.0__py3-none-any.whl

secator/installer.py

@@ -1,71 +1,182 @@
-
-import requests
+import distro
+import getpass
 import os
 import platform
+import re
 import shutil
 import tarfile
 import zipfile
 import io
 
+from dataclasses import dataclass
+from datetime import datetime
+from enum import Enum
+
+import json
+import requests
+
 from rich.table import Table
 
+from secator.config import CONFIG
+from secator.definitions import OPT_NOT_SUPPORTED
+from secator.output_types import Info, Warning, Error
 from secator.rich import console
 from secator.runners import Command
-from secator.config import CONFIG
+
+
+class InstallerStatus(Enum):
+	SUCCESS = 'SUCCESS'
+	INSTALL_FAILED = 'INSTALL_FAILED'
+	INSTALL_NOT_SUPPORTED = 'INSTALL_NOT_SUPPORTED'
+	INSTALL_SKIPPED_OK = 'INSTALL_SKIPPED_OK'
+	GITHUB_LATEST_RELEASE_NOT_FOUND = 'GITHUB_LATEST_RELEASE_NOT_FOUND'
+	GITHUB_RELEASE_NOT_FOUND = 'RELEASE_NOT_FOUND'
+	GITHUB_RELEASE_FAILED_DOWNLOAD = 'GITHUB_RELEASE_FAILED_DOWNLOAD'
+	GITHUB_BINARY_NOT_FOUND_IN_ARCHIVE = 'GITHUB_BINARY_NOT_FOUND_IN_ARCHIVE'
+	UNKNOWN_DISTRIBUTION = 'UNKNOWN_DISTRIBUTION'
+	UNKNOWN = 'UNKNOWN'
+
+	def is_ok(self):
+		return self.value in ['SUCCESS', 'INSTALL_SKIPPED_OK']
+
+
+@dataclass
+class Distribution:
+	pm_install_command: str
+	pm_name: str
+	name: str
 
 
 class ToolInstaller:
+	status = InstallerStatus
 
 	@classmethod
 	def install(cls, tool_cls):
-		"""Install a tool.
+		name = tool_cls.__name__
+		console.print(Info(message=f'Installing {name}'))
+		status = InstallerStatus.UNKNOWN
+
+		# Fail if not supported
+		if not any(_ for _ in [
+			tool_cls.install_pre,
+			tool_cls.install_github_handle,
+			tool_cls.install_cmd,
+			tool_cls.install_post]):
+			return InstallerStatus.INSTALL_NOT_SUPPORTED
+
+		# Install pre-required packages
+		if tool_cls.install_pre:
+			status = PackageInstaller.install(tool_cls.install_pre)
+			if not status.is_ok():
+				cls.print_status(status, name)
+				return status
+
+		# Install binaries from GH
+		gh_status = InstallerStatus.UNKNOWN
+		if tool_cls.install_github_handle and not CONFIG.security.force_source_install:
+			gh_status = GithubInstaller.install(tool_cls.install_github_handle)
+			status = gh_status
+
+		# Install from source
+		if tool_cls.install_cmd and not gh_status.is_ok():
+			status = SourceInstaller.install(tool_cls.install_cmd)
+			if not status.is_ok():
+				cls.print_status(status, name)
+				return status
+
+		# Install post commands
+		if tool_cls.install_post:
+			post_status = SourceInstaller.install(tool_cls.install_post)
+			if not post_status.is_ok():
+				cls.print_status(post_status, name)
+				return post_status
+
+		cls.print_status(status, name)
+		return status
 
-		Args:
-			cls: ToolInstaller class.
-			tool_cls: Tool class (derived from secator.runners.Command).
+	@classmethod
+	def print_status(cls, status, name):
+		if status.is_ok():
+			console.print(Info(message=f'{name} installed successfully!'))
+		elif status == InstallerStatus.INSTALL_NOT_SUPPORTED:
+			console.print(Error(message=f'{name} install is not supported yet. Please install manually'))
+		else:
+			console.print(Error(message=f'Failed to install {name}: {status}'))
 
-		Returns:
-			bool: True if install is successful, False otherwise.
-		"""
-		console.print(f'[bold gold3]:wrench: Installing {tool_cls.__name__}')
-		success = False
 
-		if not tool_cls.install_github_handle and not tool_cls.install_cmd:
-			console.print(
-				f'[bold red]{tool_cls.__name__} install is not supported yet. Please install it manually.[/]')
-			return False
+class PackageInstaller:
+	"""Install system packages."""
 
-		if tool_cls.install_github_handle:
-			success = GithubInstaller.install(tool_cls.install_github_handle)
+	@classmethod
+	def install(cls, config):
+		"""Install packages using the correct package manager based on the distribution.
 
-		if tool_cls.install_cmd and not success:
-			success = SourceInstaller.install(tool_cls.install_cmd)
+		Args:
+			config (dict): A dict of package managers as keys and a list of package names as values.
 
-		if success:
-			console.print(
-				f'[bold green]:tada: {tool_cls.__name__} installed successfully[/] !')
-		else:
-			console.print(
-				f'[bold red]:exclamation_mark: Failed to install {tool_cls.__name__}.[/]')
-		return success
+		Returns:
+			InstallerStatus: installer status.
+		"""
+		# Init status
+		distribution = get_distro_config()
+		if distribution.pm_install_command == 'unknown':
+			return InstallerStatus.UNKNOWN_DISTRIBUTION
+
+		console.print(
+			Info(message=f'Detected distribution "{distribution.name}", using package manager "{distribution.pm_name}"'))
+
+		# Construct package list
+		pkg_list = []
+		for managers, packages in config.items():
+			if distribution.pm_name in managers.split("|") or managers == '*':
+				pkg_list.extend(packages)
+				break
+
+		# Installer cmd
+		cmd = distribution.pm_install_command
+		if getpass.getuser() != 'root':
+			cmd = f'sudo {cmd}'
+
+		if pkg_list:
+			for pkg in pkg_list:
+				if ':' in pkg:
+					pdistro, pkg = pkg.split(':')
+					if pdistro != distribution.name:
+						continue
+				console.print(Info(message=f'Installing package {pkg}'))
+				status = SourceInstaller.install(f'{cmd} {pkg}')
+				if not status.is_ok():
+					return status
+		return InstallerStatus.SUCCESS
 
 
 class SourceInstaller:
 	"""Install a tool from source."""
 
 	@classmethod
-	def install(cls, install_cmd):
+	def install(cls, config):
 		"""Install from source.
 
 		Args:
 			cls: ToolInstaller class.
-			install_cmd (str): Install command.
+			config (dict): A dict of distros as keys and a command as value.
 
 		Returns:
-			bool: True if install is successful, False otherwise.
+			Status: install status.
 		"""
-		ret = Command.execute(install_cmd, cls_attributes={'shell': True})
-		return ret.return_code == 0
+		install_cmd = None
+		if isinstance(config, str):
+			install_cmd = config
+		else:
+			distribution = get_distro_config()
+			for distros, command in config.items():
+				if distribution.name in distros.split("|") or distros == '*':
+					install_cmd = command
+					break
+		if not install_cmd:
+			return InstallerStatus.INSTALL_SKIPPED_OK
+		ret = Command.execute(install_cmd, cls_attributes={'shell': True}, quiet=False)
+		return InstallerStatus.SUCCESS if ret.return_code == 0 else InstallerStatus.INSTALL_FAILED
 
 
 class GithubInstaller:
@@ -79,24 +190,23 @@ class GithubInstaller:
 			github_handle (str): A GitHub handle {user}/{repo}
 
 		Returns:
-			bool: True if install is successful, False otherwise.
+			InstallerStatus: status.
 		"""
 		_, repo = tuple(github_handle.split('/'))
 		latest_release = cls.get_latest_release(github_handle)
 		if not latest_release:
-			return False
+			return InstallerStatus.GITHUB_LATEST_RELEASE_NOT_FOUND
 
 		# Find the right asset to download
 		os_identifiers, arch_identifiers = cls._get_platform_identifier()
 		download_url = cls._find_matching_asset(latest_release['assets'], os_identifiers, arch_identifiers)
 		if not download_url:
-			console.print('[dim red]Could not find a GitHub release matching distribution.[/]')
-			return False
+			console.print(Error(message='Could not find a GitHub release matching distribution.'))
+			return InstallerStatus.GITHUB_RELEASE_NOT_FOUND
 
 		# Download and unpack asset
-		console.print(f'Found release URL: {download_url}')
-		cls._download_and_unpack(download_url, CONFIG.dirs.bin, repo)
-		return True
+		console.print(Info(message=f'Found release URL: {download_url}'))
+		return cls._download_and_unpack(download_url, CONFIG.dirs.bin, repo)
 
 	@classmethod
 	def get_latest_release(cls, github_handle):
@@ -121,7 +231,7 @@ class GithubInstaller:
 			latest_release = response.json()
 			return latest_release
 		except requests.RequestException as e:
-			console.print(f'Failed to fetch latest release for {github_handle}: {str(e)}')
+			console.print(Warning(message=f'Failed to fetch latest release for {github_handle}: {str(e)}'))
 			return None
 
 	@classmethod
@@ -181,13 +291,25 @@ class GithubInstaller:
 
 	@classmethod
 	def _download_and_unpack(cls, url, destination, repo_name):
-		"""Download and unpack a release asset."""
-		console.print(f'Downloading and unpacking to {destination}...')
+		"""Download and unpack a release asset.
+
+		Args:
+			cls (Runner): Task class.
+			url (str): GitHub release URL.
+			destination (str): Local destination.
+			repo_name (str): GitHub repository name.
+
+		Returns:
+			InstallerStatus: install status.
+		"""
+		console.print(Info(message=f'Downloading and unpacking to {destination}...'))
 		response = requests.get(url, timeout=5)
-		response.raise_for_status()
+		if not response.status_code == 200:
+			return InstallerStatus.GITHUB_RELEASE_FAILED_DOWNLOAD
 
 		# Create a temporary directory to extract the archive
-		temp_dir = os.path.join("/tmp", repo_name)
+		date_str = datetime.now().strftime("%Y%m%d_%H%M%S")
+		temp_dir = os.path.join("/tmp", f'{repo_name}_{date_str}')
 		os.makedirs(temp_dir, exist_ok=True)
 
 		if url.endswith('.zip'):
@@ -202,8 +324,10 @@ class GithubInstaller:
 		if binary_path:
 			os.chmod(binary_path, 0o755)  # Make it executable
 			shutil.move(binary_path, os.path.join(destination, repo_name))  # Move the binary
+			return InstallerStatus.SUCCESS
 		else:
-			console.print('[bold red]Binary matching the repository name was not found in the archive.[/]')
+			console.print(Error(message='Binary matching the repository name was not found in the archive.'))
+			return InstallerStatus.GITHUB_BINARY_NOT_FOUND_IN_ARCHIVE
 
 	@classmethod
 	def _find_binary_in_directory(cls, directory, binary_name):
@@ -235,31 +359,46 @@ def get_version(version_cmd):
 		version_cmd (str): Command to get the version.
 
 	Returns:
-		str: Version string.
+		tuple[str]: Version string, return code.
 	"""
 	from secator.runners import Command
 	import re
 	regex = r'[0-9]+\.[0-9]+\.?[0-9]*\.?[a-zA-Z]*'
 	ret = Command.execute(version_cmd, quiet=True, print_errors=False)
+	return_code = ret.return_code
+	if not return_code == 0:
+		return '', ret.return_code
 	match = re.findall(regex, ret.output)
 	if not match:
-		return ''
-	return match[0]
+		return '', return_code
+	return match[0], return_code
+
+
+def parse_version(ver):
+	from packaging import version as _version
+	try:
+		return _version.parse(ver)
+	except _version.InvalidVersion:
+		version_regex = re.compile(r'(\d+\.\d+(?:\.\d+)?)')
+		match = version_regex.search(ver)
+		if match:
+			return _version.parse(match.group(1))
+		return None
 
 
-def get_version_info(name, version_flag=None, github_handle=None, version=None):
+def get_version_info(name, version_flag=None, install_github_handle=None, install_cmd=None, version=None):
 	"""Get version info for a command.
 
 	Args:
 		name (str): Command name.
 		version_flag (str): Version flag.
-		github_handle (str): Github handle.
+		install_github_handle (str): Github handle.
+		install_cmd (str): Install command.
 		version (str): Existing version.
 
 	Return:
 		dict: Version info.
 	"""
-	from packaging import version as _version
 	from secator.installer import GithubInstaller
 	info = {
 		'name': name,
@@ -274,22 +413,50 @@ def get_version_info(name, version_flag=None, github_handle=None, version=None):
 	location = which(name).output
 	info['location'] = location
 
+	# Get latest version
+	latest_version = None
+	if not CONFIG.offline_mode:
+		if install_github_handle:
+			latest_version = GithubInstaller.get_latest_version(install_github_handle)
+			info['latest_version'] = latest_version
+		elif install_cmd and install_cmd.startswith('pip'):
+			req = requests.get(f'https://pypi.python.org/pypi/{name}/json')
+			version = parse_version('0')
+			if req.status_code == requests.codes.ok:
+				j = json.loads(req.text.encode(req.encoding))
+				releases = j.get('releases', [])
+				for release in releases:
+					ver = parse_version(release)
+					if ver and not ver.is_prerelease:
+						version = max(version, ver)
+						latest_version = str(version)
+						info['latest_version'] = latest_version
+		elif install_cmd and install_cmd.startswith('sudo apt install'):
+			ret = Command.execute(f'apt-cache madison {name}', quiet=True)
+			if ret.return_code == 0:
+				output = ret.output.split(' | ')
+				if len(output) > 1:
+					ver = parse_version(output[1].strip())
+					if ver:
+						latest_version = str(ver)
+						info['latest_version'] = latest_version
+
 	# Get current version
+	version_ret = 1
+	version_flag = None if version_flag == OPT_NOT_SUPPORTED else version_flag
 	if version_flag:
 		version_cmd = f'{name} {version_flag}'
-		version = get_version(version_cmd)
+		version, version_ret = get_version(version_cmd)
 		info['version'] = version
-
-	# Get latest version
-	latest_version = None
-	if not CONFIG.offline_mode:
-		latest_version = GithubInstaller.get_latest_version(github_handle)
-		info['latest_version'] = latest_version
+		if version_ret != 0:  # version command error
+			info['installed'] = False
+			info['status'] = 'missing'
+			return info
 
 	if location:
 		info['installed'] = True
 		if version and latest_version:
-			if _version.parse(version) < _version.parse(latest_version):
+			if parse_version(version) < parse_version(latest_version):
 				info['status'] = 'outdated'
 			else:
 				info['status'] = 'latest'
@@ -298,18 +465,66 @@ def get_version_info(name, version_flag=None, github_handle=None, version=None):
 		elif not latest_version:
 			info['status'] = 'latest unknown'
 			if CONFIG.offline_mode:
-				info['status'] += ' [dim orange1]\[offline][/]'
+				info['status'] += r' [dim orange1]\[offline][/]'
 	else:
 		info['status'] = 'missing'
 
 	return info
 
 
+def get_distro_config():
+	"""Detects the system's package manager based on the OS distribution and return the default installation command."""
+
+	# If explicitely set by the user, use that one
+	package_manager_variable = os.environ.get('SECATOR_PACKAGE_MANAGER')
+	if package_manager_variable:
+		return package_manager_variable
+	cmd = "unknown"
+	system = platform.system()
+	distrib = system
+
+	if system == "Linux":
+		distrib = distro.id()
+
+		if distrib in ["ubuntu", "debian", "linuxmint", "popos", "kali"]:
+			cmd = "apt install -y"
+		elif distrib in ["arch", "manjaro", "endeavouros"]:
+			cmd = "pacman -S --noconfirm"
+		elif distrib in ["alpine"]:
+			cmd = "apk add"
+		elif distrib in ["fedora"]:
+			cmd = "dnf install -y"
+		elif distrib in ["centos", "rhel", "rocky", "alma"]:
+			cmd = "yum -y"
+		elif distrib in ["opensuse", "sles"]:
+			cmd = "zypper -n"
+
+	elif system == "Darwin":  # macOS
+		cmd = "brew install"
+
+	elif system == "Windows":
+		if shutil.which("winget"):
+			cmd = "winget install --disable-interactivity"
+		elif shutil.which("choco"):
+			cmd = "choco install"
+		else:
+			cmd = "scoop"  # Alternative package manager for Windows
+
+	manager = cmd.split(' ')[0]
+	config = Distribution(
+		pm_install_command=cmd,
+		pm_name=manager,
+		name=distrib
+	)
+	return config
+
+
 def fmt_health_table_row(version_info, category=None):
 	name = version_info['name']
 	version = version_info['version']
 	status = version_info['status']
 	installed = version_info['installed']
+	latest_version = version_info['latest_version']
 	name_str = f'[magenta]{name:<13}[/]'
 
 	# Format version row
@@ -319,6 +534,8 @@ def fmt_health_table_row(version_info, category=None):
 		_version += ' [bold green](latest)[/]'
 	elif status == 'outdated':
 		_version += ' [bold red](outdated)[/]'
+		if latest_version:
+			_version += f' [dim](<{latest_version})'
 	elif status == 'missing':
 		_version = '[bold red]missing[/]'
 	elif status == 'ok':

secator/output_types/__init__.py

@@ -1,15 +1,20 @@
 __all__ = [
-    'OutputType',
-    'Ip',
-    'Port',
-    'Record',
-    'Subdomain',
-    'Url',
-    'UserAccount',
-    'Vulnerability'
+	'Error',
+	'OutputType',
+	'Info',
+	'Ip',
+	'Port',
+	'Progress',
+	'Record',
+	'Stat',
+	'Subdomain',
+	'Url',
+	'UserAccount',
+	'Vulnerability',
+	'Warning',
 ]
-from secator.output_types._base import OutputType  # noqa: F401
-from secator.output_types.progress import Progress  # noqa: F401
+from secator.output_types._base import OutputType
+from secator.output_types.progress import Progress
 from secator.output_types.ip import Ip
 from secator.output_types.exploit import Exploit
 from secator.output_types.port import Port
@@ -20,5 +25,18 @@ from secator.output_types.url import Url
 from secator.output_types.user_account import UserAccount
 from secator.output_types.vulnerability import Vulnerability
 from secator.output_types.record import Record
+from secator.output_types.info import Info
+from secator.output_types.warning import Warning
+from secator.output_types.error import Error
+from secator.output_types.stat import Stat
 
-OUTPUT_TYPES = [Target, Progress, Subdomain, Ip, Port, Url, Tag, Exploit, UserAccount, Vulnerability, Record]
+EXECUTION_TYPES = [
+	Target, Progress, Info, Warning, Error
+]
+STAT_TYPES = [
+	Stat
+]
+FINDING_TYPES = [
+	Subdomain, Ip, Port, Url, Tag, Exploit, UserAccount, Vulnerability
+]
+OUTPUT_TYPES = FINDING_TYPES + EXECUTION_TYPES + STAT_TYPES

secator/output_types/_base.py

@@ -1,6 +1,8 @@
 import logging
 import re
 from dataclasses import _MISSING_TYPE, dataclass, fields
+from secator.definitions import DEBUG
+from secator.rich import console
 
 logger = logging.getLogger(__name__)
 
@@ -66,7 +68,15 @@ class OutputType:
 			if key in output_map:
 				mapped_key = output_map[key]
 				if callable(mapped_key):
-					mapped_val = mapped_key(item)
+					try:
+						mapped_val = mapped_key(item)
+					except Exception as e:
+						mapped_val = None
+						if DEBUG > 1:
+							console.print_exception(show_locals=True)
+						raise TypeError(
+							f'Fail to transform value for "{key}" using output_map function. Exception: '
+							f'{type(e).__name__}: {str(e)}')
 				else:
 					mapped_val = item.get(mapped_key)
 				new_item[key] = mapped_val

secator/output_types/error.py

@@ -0,0 +1,36 @@
+from dataclasses import dataclass, field
+import time
+from secator.output_types import OutputType
+from secator.utils import rich_to_ansi, traceback_as_string, rich_escape as _s
+
+
+@dataclass
+class Error(OutputType):
+	message: str
+	traceback: str = field(default='', compare=False)
+	_source: str = field(default='', repr=True)
+	_type: str = field(default='error', repr=True)
+	_timestamp: int = field(default_factory=lambda: time.time(), compare=False)
+	_uuid: str = field(default='', repr=True, compare=False)
+	_context: dict = field(default_factory=dict, repr=True, compare=False)
+	_duplicate: bool = field(default=False, repr=True, compare=False)
+	_related: list = field(default_factory=list, compare=False)
+
+	_table_fields = ['message', 'traceback']
+	_sort_by = ('_timestamp',)
+
+	def from_exception(e, **kwargs):
+		message = type(e).__name__
+		if str(e):
+			message += f': {str(e)}'
+		return Error(message=message, traceback=traceback_as_string(e), **kwargs)
+
+	def __str__(self):
+		return self.message
+
+	def __repr__(self):
+		s = rf"\[[bold red]ERR[/]] {_s(self.message)}"
+		if self.traceback:
+			traceback_pretty = '   ' + self.traceback.replace('\n', '\n   ')
+			s += f'\n[dim]{_s(traceback_pretty)}[/]'
+		return rich_to_ansi(s)

secator/output_types/exploit.py

@@ -1,23 +1,25 @@
 import time
 from dataclasses import dataclass, field
 from secator.output_types import OutputType
-from secator.utils import rich_to_ansi
+from secator.utils import rich_to_ansi, rich_escape as _s
 from secator.definitions import MATCHED_AT, NAME, ID, EXTRA_DATA, REFERENCE
 
 
 @dataclass
 class Exploit(OutputType):
 	name: str
-	id: str
 	provider: str
+	id: str
 	matched_at: str = ''
 	ip: str = ''
+	confidence: str = 'low'
+	cvss_score: float = 0
 	reference: str = ''
 	cves: list = field(default_factory=list, compare=False)
 	tags: list = field(default_factory=list, compare=False)
 	extra_data: dict = field(default_factory=dict, compare=False)
 	_source: str = field(default='', repr=True)
-	_type: str = field(default='vulnerability', repr=True)
+	_type: str = field(default='exploit', repr=True)
 	_timestamp: int = field(default_factory=lambda: time.time(), compare=False)
 	_uuid: str = field(default='', repr=True, compare=False)
 	_context: dict = field(default_factory=dict, repr=True, compare=False)
@@ -38,16 +40,18 @@ class Exploit(OutputType):
 		return self.name
 
 	def __repr__(self):
-		s = f'[bold red]⍼[/]  \[[bold red]{self.name}'
+		s = rf'[bold red]⍼[/]  \[[bold red]{self.name}'
 		if self.reference:
-			s += f' [link={self.reference}]🡕[/link]'
+			s += f' [link={_s(self.reference)}]🡕[/link]'
 		s += '[/]]'
 		if self.matched_at:
-			s += f' {self.matched_at}'
+			s += f' {_s(self.matched_at)}'
 		if self.tags:
 			tags_str = ', '.join(self.tags)
-			s += f' \[[cyan]{tags_str}[/]]'
+			s += rf' \[[cyan]{tags_str}[/]]'
 		if self.extra_data:
 			data = ', '.join([f'{k}:{v}' for k, v in self.extra_data.items()])
-			s += f' \[[yellow]{str(data)}[/]]'
+			s += rf' \[[yellow]{_s(str(data))}[/]]'
+		if self.confidence == 'low':
+			s = f'[dim]{s}[/]'
 		return rich_to_ansi(s)

secator/output_types/info.py

@@ -0,0 +1,24 @@
+from dataclasses import dataclass, field
+import time
+from secator.output_types import OutputType
+from secator.utils import rich_to_ansi, rich_escape as _s
+
+
+@dataclass
+class Info(OutputType):
+	message: str
+	task_id: str = field(default='', compare=False)
+	_source: str = field(default='', repr=True)
+	_type: str = field(default='info', repr=True)
+	_timestamp: int = field(default_factory=lambda: time.time(), compare=False)
+	_uuid: str = field(default='', repr=True, compare=False)
+	_context: dict = field(default_factory=dict, repr=True, compare=False)
+	_duplicate: bool = field(default=False, repr=True, compare=False)
+	_related: list = field(default_factory=list, compare=False)
+
+	_table_fields = ['message', 'task_id']
+	_sort_by = ('_timestamp',)
+
+	def __repr__(self):
+		s = rf"\[[blue]INF[/]] {_s(self.message)}"
+		return rich_to_ansi(s)