secator 0.7.0__py3-none-any.whl → 0.8.0__py3-none-any.whl

secator/tasks/dnsxbrute.py

@@ -4,6 +4,7 @@ from secator.config import CONFIG
 from secator.output_types import Subdomain
 from secator.serializers import JSONSerializer
 from secator.tasks._categories import ReconDns
+from secator.utils import process_wordlist
 
 
 @task()
@@ -19,7 +20,7 @@ class dnsxbrute(ReconDns):
         THREADS: 'threads',
     }
     opts = {
-        WORDLIST: {'type': str, 'short': 'w', 'default': CONFIG.wordlists.defaults.dns, 'help': 'Wordlist'},
+        WORDLIST: {'type': str, 'short': 'w', 'default': CONFIG.wordlists.defaults.dns, 'process': process_wordlist, 'help': 'Wordlist to use'},  # noqa: E501
         'trace': {'is_flag': True, 'default': False, 'help': 'Perform dns tracing'},
     }
     item_loaders = [JSONSerializer()]

secator/tasks/feroxbuster.py

@@ -1,3 +1,4 @@
+from secator.config import CONFIG
 from secator.decorators import task
 from secator.definitions import (CONTENT_TYPE, DELAY, DEPTH, FILTER_CODES,
 							   FILTER_REGEX, FILTER_SIZE, FILTER_WORDS,
@@ -59,9 +60,7 @@ class feroxbuster(HttpFuzzer):
 		}
 	}
 	install_cmd = (
-		'sudo apt install -y unzip curl && '
-		'curl -sL https://raw.githubusercontent.com/epi052/feroxbuster/master/install-nix.sh | '
-		'bash && sudo mv feroxbuster /usr/local/bin'
+		f'cd /tmp && curl -sL https://raw.githubusercontent.com/epi052/feroxbuster/master/install-nix.sh | bash -s {CONFIG.dirs.bin}'  # noqa: E501
 	)
 	install_github_handle = 'epi052/feroxbuster'
 	proxychains = False

secator/tasks/fping.py

@@ -29,7 +29,7 @@ class fping(ReconIp):
 	}
 	input_type = IP
 	output_types = [Ip]
-	install_cmd = 'sudo apt install -y fping'
+	install_pre = {'*': ['fping']}
 
 	@staticmethod
 	def item_loader(self, line):

secator/tasks/grype.py

@@ -1,4 +1,4 @@
-
+from secator.config import CONFIG
 from secator.decorators import task
 from secator.definitions import (DELAY, FOLLOW_REDIRECT, HEADER,
 							   OPT_NOT_SUPPORTED, PROXY, RATE_LIMIT, RETRIES,
@@ -28,7 +28,7 @@ class grype(VulnCode):
 	}
 	output_types = [Vulnerability]
 	install_cmd = (
-		'curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin'
+		f'curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b {CONFIG.dirs.bin}'
 	)
 	install_github_handle = 'anchore/grype'
 
@@ -63,7 +63,6 @@ class grype(VulnCode):
 		if vuln_id.startswith('GHSA'):
 			data['provider'] = 'github.com'
 			data['references'] = [f'https://github.com/advisories/{vuln_id}']
-			data['tags'].extend(['cve', 'ghsa'])
 			vuln = VulnCode.lookup_ghsa(vuln_id)
 			if vuln:
 				data.update(vuln)
@@ -72,7 +71,6 @@ class grype(VulnCode):
 		elif vuln_id.startswith('CVE'):
 			vuln = VulnCode.lookup_cve(vuln_id)
 			if vuln:
-				vuln['tags'].append('cve')
 				data.update(vuln)
 				data['severity'] = data['severity'] or severity.lower()
 		data['extra_data'] = extra_data

secator/tasks/h8mail.py

@@ -21,7 +21,7 @@ class h8mail(OSInt):
 		'config': {'type': str, 'help': 'Configuration file for API keys'},
 		'local_breach': {'type': str, 'short': 'lb', 'help': 'Local breach file'}
 	}
-	install_cmd = 'pipx install h8mail'
+	install_cmd = 'pipx install h8mail && pipx upgrade h8mail'
 
 	@staticmethod
 	def on_start(self):

secator/tasks/katana.py

@@ -74,7 +74,7 @@ class katana(HttpCrawler):
 			# TAGS: lambda x: x['response'].get('server')
 		}
 	}
-	install_cmd = 'sudo apt install build-essential && go install -v github.com/projectdiscovery/katana/cmd/katana@latest'
+	install_cmd = 'go install -v github.com/projectdiscovery/katana/cmd/katana@latest'
 	install_github_handle = 'projectdiscovery/katana'
 	proxychains = False
 	proxy_socks5 = True

secator/tasks/maigret.py

@@ -41,7 +41,7 @@ class maigret(ReconUser):
 			EXTRA_DATA: lambda x: x['status'].get('ids', {})
 		}
 	}
-	install_cmd = 'pipx install git+https://github.com/soxoj/maigret@6be2f409e58056b1ca8571a8151e53bef107dedc'
+	install_cmd = 'pipx install git+https://github.com/soxoj/maigret'
 	socks5_proxy = True
 	profile = 'io'
 

secator/tasks/msfconsole.py

@@ -4,6 +4,7 @@ import logging
 
 from rich.panel import Panel
 
+from secator.config import CONFIG
 from secator.decorators import task
 from secator.definitions import (DELAY, FOLLOW_REDIRECT, HEADER, HOST, OPT_NOT_SUPPORTED, PROXY, RATE_LIMIT, RETRIES,
 								 THREADS, TIMEOUT, USER_AGENT)
@@ -42,7 +43,21 @@ class msfconsole(VulnMulti):
 	}
 	encoding = 'ansi'
 	ignore_return_code = True
-	# install_cmd = 'wget -O - https://raw.githubusercontent.com/freelabz/secator/main/scripts/msfinstall.sh | sh'
+	install_pre = {
+		'apt|apk': ['libpq-dev', 'libpcap-dev', 'libffi-dev'],
+		'pacman': ['ruby-erb', 'postgresql-libs'],
+		'yum|zypper': ['postgresql-devel'],
+	}
+	install_cmd = (
+		f'git clone https://github.com/rapid7/metasploit-framework.git {CONFIG.dirs.share}/metasploit-framework || true && '
+		f'cd {CONFIG.dirs.share}/metasploit-framework && '
+		f'gem install bundler --user-install -n {CONFIG.dirs.bin} && '
+		f'gem install xmlrpc --user-install -n {CONFIG.dirs.bin} && '
+		f'bundle config set --local path "{CONFIG.dirs.share}" && '
+		'bundle update --bundler && '
+		'bundle install && '
+		f'ln -sf $HOME/.local/share/metasploit-framework/msfconsole {CONFIG.dirs.bin}/msfconsole'
+	)
 
 	@staticmethod
 	def on_init(self):
@@ -83,14 +98,14 @@ class msfconsole(VulnMulti):
 				f.write(content)
 
 			script_name = script_path.split('/')[-1]
-			self._print(Panel(content, title=f'[bold magenta]{script_name}', expand=False))
+			self._print(Panel(content, title=f'[bold magenta]{script_name}', expand=False), rich=True)
 
 			# Override original command with new resource script
 			self.run_opts['msfconsole.resource'] = out_path
 
 		# Nothing passed, error out
 		else:
-			raise ValueError('At least one of "inline_script" or "resource_script" must be passed.')
+			raise ValueError('At least one of "execute_command" or "resource" must be passed.')
 
 
 # TODO: This is better as it goes through an RPC API to communicate with

secator/tasks/naabu.py

@@ -47,9 +47,23 @@ class naabu(ReconPort):
 		}
 	}
 	output_types = [Port]
-	install_cmd = 'sudo apt install -y build-essential libpcap-dev && go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest'  # noqa: E501
+	install_cmd = 'go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest'
 	install_github_handle = 'projectdiscovery/naabu'
+	install_pre = {'apt|apk': ['libpcap-dev'], 'pacman|brew': ['libpcap']}
+	install_post = {'arch|alpine': 'sudo ln -s /usr/lib/libpcap.so /usr/lib/libpcap.so.0.8'}
 	proxychains = False
 	proxy_socks5 = True
 	proxy_http = False
 	profile = 'io'
+
+	@staticmethod
+	def before_init(self):
+		for ix, input in enumerate(self.inputs):
+			if input == 'localhost':
+				self.inputs[ix] = '127.0.0.1'
+
+	@staticmethod
+	def on_item(self, item):
+		if item.host == '127.0.0.1':
+			item.host = 'localhost'
+		return item

secator/tasks/nmap.py

@@ -63,8 +63,12 @@ class nmap(VulnMulti):
 	opt_value_map = {
 		PORTS: lambda x: ','.join([str(p) for p in x]) if isinstance(x, list) else x
 	}
+	install_pre = {
+		'apt|pacman|brew': ['nmap'],
+		'apk': ['nmap', 'nmap-scripts'],
+	}
 	install_cmd = (
-		'sudo apt install -y nmap && sudo git clone https://github.com/scipag/vulscan /opt/scipag_vulscan || true && '
+		'sudo git clone https://github.com/scipag/vulscan /opt/scipag_vulscan || true && '
 		'sudo ln -s /opt/scipag_vulscan /usr/share/nmap/scripts/vulscan || true'
 	)
 	proxychains = True
@@ -116,6 +120,7 @@ class nmap(VulnMulti):
 class nmapData(dict):
 
 	def __iter__(self):
+		datas = []
 		for host in self._get_hosts():
 			hostname = self._get_hostname(host)
 			ip = self._get_ip(host)
@@ -177,16 +182,19 @@ class nmapData(dict):
 					if not func:
 						debug(f'Script output parser for "{script_id}" is not supported YET.', sub='cve')
 						continue
-					for vuln in func(output, cpes=cpes):
-						vuln.update(metadata)
+					for data in func(output, cpes=cpes):
+						data.update(metadata)
 						confidence = 'low'
-						if 'cpe-match' in vuln[TAGS]:
+						if 'cpe-match' in data[TAGS]:
 							confidence = 'high' if version_exact else 'medium'
-						vuln[CONFIDENCE] = confidence
-						if (CONFIG.runners.skip_cve_low_confidence and vuln[CONFIDENCE] == 'low'):
-							debug(f'{vuln[ID]}: ignored (low confidence).', sub='cve')
+						data[CONFIDENCE] = confidence
+						if (CONFIG.runners.skip_cve_low_confidence and data[CONFIDENCE] == 'low'):
+							debug(f'{data[ID]}: ignored (low confidence).', sub='cve')
+							continue
+						if data in datas:
 							continue
-						yield vuln
+						yield data
+						datas.append(data)
 
 	#---------------------#
 	# XML FILE EXTRACTORS #
@@ -261,7 +269,7 @@ class nmapData(dict):
 			extra_data['version_exact'] = version_exact
 
 		# Grap service name
-		product = extra_data.get('name', None) or extra_data.get('product', None)
+		product = extra_data.get('product', None) or extra_data.get('name', None)
 		if product:
 			service_name = product
 			if version:
@@ -339,12 +347,12 @@ class nmapData(dict):
 				TAGS: [vuln_id, provider_name]
 			}
 			if provider_name == 'MITRE CVE':
-				data = VulnMulti.lookup_cve(vuln['id'], cpes=cpes)
+				data = VulnMulti.lookup_cve(vuln['id'], *cpes)
 				if data:
 					vuln.update(data)
 				yield vuln
 			else:
-				debug(f'Vulscan provider {provider_name} is not supported YET.', sub='cve')
+				debug(f'Vulscan provider {provider_name} is not supported YET.', sub='cve.provider', verbose=True)
 				continue
 
 	def _parse_vulners_output(self, out, **kwargs):
@@ -358,30 +366,35 @@ class nmapData(dict):
 				cpes.append(line.rstrip(':'))
 				continue
 			elems = tuple(line.split('\t'))
-			vuln = {}
 
 			if len(elems) == 4:  # exploit
 				# TODO: Implement exploit processing
 				exploit_id, cvss_score, reference_url, _ = elems
 				name = exploit_id
 				# edb_id = name.split(':')[-1] if 'EDB-ID' in name else None
-				vuln = {
+				exploit = {
 					ID: exploit_id,
 					NAME: name,
 					PROVIDER: provider_name,
 					REFERENCE: reference_url,
+					TAGS: [exploit_id, provider_name],
+					CVSS_SCORE: cvss_score,
+					CONFIDENCE: 'low',
 					'_type': 'exploit',
-					TAGS: [exploit_id, provider_name]
-					# CVSS_SCORE: cvss_score,
-					# CONFIDENCE: 'low'
 				}
 				# TODO: lookup exploit in ExploitDB to find related CVEs
 				# if edb_id:
 				# 	print(edb_id)
-				# 	vuln_data = VulnMulti.lookup_exploitdb(edb_id)
-				yield vuln
+				# 	exploit_data = VulnMulti.lookup_exploitdb(edb_id)
+				vuln = VulnMulti.lookup_cve_from_vulners_exploit(exploit_id, *cpes)
+				if vuln:
+					yield vuln
+					exploit[TAGS].extend(vuln[TAGS])
+					exploit[CONFIDENCE] = vuln[CONFIDENCE]
+				yield exploit
 
 			elif len(elems) == 3:  # vuln
+				vuln = {}
 				vuln_id, vuln_cvss, reference_url = tuple(line.split('\t'))
 				vuln_cvss = float(vuln_cvss)
 				vuln_id = vuln_id.split(':')[-1]
@@ -397,8 +410,7 @@ class nmapData(dict):
 					CONFIDENCE: 'low'
 				}
 				if vuln_type == 'CVE' or vuln_type == 'PRION:CVE':
-					vuln[TAGS].append('cve')
-					data = VulnMulti.lookup_cve(vuln_id, cpes=cpes)
+					data = VulnMulti.lookup_cve(vuln_id, *cpes)
 					if data:
 						vuln.update(data)
 					yield vuln

secator/tasks/nuclei.py

@@ -74,8 +74,11 @@ class nuclei(VulnMulti):
 		}
 	}
 	ignore_return_code = True
-	install_cmd = 'go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest && nuclei update-templates'
+	install_cmd = 'go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest'
 	install_github_handle = 'projectdiscovery/nuclei'
+	install_post = {
+		'*': 'nuclei -ut'
+	}
 	proxychains = False
 	proxy_socks5 = True  # kind of, leaks data when running network / dns templates
 	proxy_http = True  # same

secator/tasks/searchsploit.py

@@ -1,5 +1,6 @@
 import re
 
+from secator.config import CONFIG
 from secator.decorators import task
 from secator.definitions import (CVES, EXTRA_DATA, ID, MATCHED_AT, NAME,
 								 PROVIDER, REFERENCE, TAGS, OPT_NOT_SUPPORTED)
@@ -13,7 +14,7 @@ SEARCHSPLOIT_TITLE_REGEX = re.compile(r'^((?:[a-zA-Z\-_!\.()]+\d?\s?)+)\.?\s*(.*
 
 @task()
 class searchsploit(Command):
-	"""Exploit-DB command line search tool."""
+	"""Exploit searcher based on ExploitDB."""
 	cmd = 'searchsploit'
 	input_flag = None
 	json_flag = '--json'
@@ -37,7 +38,13 @@ class searchsploit(Command):
 			}
 		}
 	}
-	install_cmd = 'sudo git clone https://gitlab.com/exploit-database/exploitdb.git /opt/exploitdb || true && sudo ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit'  # noqa: E501
+	install_pre = {
+		'apk': ['ncurses']
+	}
+	install_cmd = (
+		f'git clone https://gitlab.com/exploit-database/exploitdb.git {CONFIG.dirs.share}/exploitdb || true && '
+		f'ln -sf $HOME/.local/share/exploitdb/searchsploit {CONFIG.dirs.bin}/searchsploit'
+	)
 	proxychains = False
 	proxy_socks5 = False
 	proxy_http = False

secator/tasks/wpscan.py

@@ -1,6 +1,7 @@
 import json
 import os
 
+from secator.config import CONFIG
 from secator.decorators import task
 from secator.definitions import (CONFIDENCE, CVSS_SCORE, DELAY, DESCRIPTION,
 							   EXTRA_DATA, FOLLOW_REDIRECT, HEADER, ID,
@@ -66,7 +67,17 @@ class wpscan(VulnHttp):
 		},
 	}
 	output_types = [Vulnerability, Tag]
-	install_cmd = 'sudo apt install -y build-essential ruby-dev rubygems && sudo gem install wpscan'
+	install_pre = {
+		'apt': ['kali:libcurl4t64', 'libffi-dev'],
+		'pacman': ['ruby-erb'],
+	}
+	install_cmd = f'gem install wpscan --user-install -n {CONFIG.dirs.bin}'
+	install_post = {
+		'kali': (
+			f'gem uninstall nokogiri --user-install -n {CONFIG.dirs.bin} --force --executables && '
+			f'gem install nokogiri --user-install -n {CONFIG.dirs.bin} --platform=ruby'
+		)
+	}
 	proxychains = False
 	proxy_http = True
 	proxy_socks5 = False

secator/template.py

@@ -120,7 +120,7 @@ class TemplateLoader(DotMap):
 
 		def parse_config(config, prefix=''):
 			for key, value in config.items():
-				if key == '_group':
+				if key.startswith('_group'):
 					parse_config(value, prefix)
 				elif value:
 					task_name = f'{prefix}/{key}' if prefix else key