secator is a job and workflow runner used for safety assessments. It helps dozens of well-known safety instruments and it’s designed to enhance productiveness for pentesters and safety researchers.
-
Curated checklist of instructions
-
Unified enter choices
-
Unified output schema
-
CLI and library utilization
-
Distributed choices with Celery
-
Complexity from easy duties to complicated workflows
Supported instruments
secator integrates the next instruments:
| Identify | Description | Class |
|---|---|---|
| httpx | Quick HTTP prober. | http |
| cariddi | Quick crawler and endpoint secrets and techniques / api keys / tokens matcher. | http/crawler |
| gau | Offline URL crawler (Alien Vault, The Wayback Machine, Frequent Crawl, URLScan). | http/crawler |
| gospider | Quick net spider written in Go. | http/crawler |
| katana | Subsequent-generation crawling and spidering framework. | http/crawler |
| dirsearch | Net path discovery. | http/fuzzer |
| feroxbuster | Easy, quick, recursive content material discovery software written in Rust. | http/fuzzer |
| ffuf | Quick net fuzzer written in Go. | http/fuzzer |
| h8mail | E mail OSINT and breach searching software. | osint |
| dnsx | Quick and multi-purpose DNS toolkit designed for operating DNS queries. | recon/dns |
| dnsxbrute | Quick and multi-purpose DNS toolkit designed for operating DNS queries (bruteforce mode). | recon/dns |
| subfinder | Quick subdomain finder. | recon/dns |
| fping | Discover alive hosts on native networks. | recon/ip |
| mapcidr | Develop CIDR ranges into IPs. | recon/ip |
| naabu | Quick port discovery software. | recon/port |
| maigret | Hunt for person accounts throughout many web sites. | recon/person |
| gf | A wrapper round grep to keep away from typing frequent patterns. | tagger |
| grype | A vulnerability scanner for container photos and filesystems. | vuln/code |
| dalfox | Highly effective XSS scanning software and parameter analyzer. | vuln/http |
| msfconsole | CLI to entry and work with the Metasploit Framework. | vuln/http |
| wpscan | WordPress Safety Scanner | vuln/multi |
| nmap | Vulnerability scanner utilizing NSE scripts. | vuln/multi |
| nuclei | Quick and customisable vulnerability scanner primarily based on easy YAML primarily based DSL. | vuln/multi |
| searchsploit | Exploit searcher. | exploit/search |
Be at liberty to request new instruments to be added by opening a difficulty, however please test that the software complies with our choice criterias earlier than doing so. If it does not however you continue to need to combine it into secator, you may plug it in (see the dev information).
Set up
Putting in secator
Pipx
pipx set up secator
Pip
pip set up secator
Bash
wget -O - https://uncooked.githubusercontent.com/freelabz/secator/important/scripts/set up.sh | sh
Docker
docker run -it --rm --net=host -v ~/.secator:/root/.secator freelabz/secator --help
The amount mount -v is critical to avoid wasting all secator stories to your host machine, and–net=host is advisable to grant full entry to the host community. You may alias this command to run it simpler:
alias secator="docker run -it --rm --net=host -v ~/.secator:/root/.secator freelabz/secator"
Now you may run secator like if it was put in on baremetal:
secator --help
Docker Compose
git clone https://github.com/freelabz/secator
cd secator
docker-compose up -d
docker-compose exec secator secator --help
Be aware: Should you selected the Bash, Docker or Docker Compose set up strategies, you may skip the subsequent sections and go straight to Utilization.
Putting in languages
secator makes use of exterior instruments, so that you may want to put in languages utilized by these instruments assuming they aren’t already put in in your system.
We offer utilities to put in required languages in case you do not handle them externally:
Go
secator set up langs go
Ruby
secator set up langs ruby
Putting in instruments
secator doesn’t set up any of the exterior instruments it helps by default.
We offer utilities to put in or replace every supported software which ought to work on all techniques supporting apt:
All instruments
secator set up instruments
Particular instruments
secator set up instruments
As an example, to put in `httpx`, use:
secator set up instruments httpx
Please be sure you are utilizing the newest obtainable variations for every software earlier than you run secator otherwise you may run into parsing / formatting points.
Putting in addons
secator comes put in with the minimal quantity of dependencies.
There are a number of addons obtainable for secator:
employee
Add assist for Celery employees (see [Distributed runs with Celery](https://docs.freelabz.com/in-depth/distributed-runs-with-celery)).
secator set up addons employee
Add assist for Google Drive exporter (`-o gdrive`).
secator set up addons google
mongodb
Add assist for MongoDB driver (`-driver mongodb`).
secator set up addons mongodb
redis
Add assist for Redis backend (Celery).
secator set up addons redis
dev
Add improvement instruments like `protection` and `flake8` required for operating checks.
secator set up addons dev
hint
Add tracing instruments like `memray` and `pyinstrument` required for tracing capabilities.
secator set up addons hint
construct
Add `hatch` for constructing and publishing the PyPI bundle.
secator set up addons construct
Set up CVEs
secator makes distant API calls to https://cve.circl.lu/ to get in-depth details about the CVEs it encounters. We offer a subcommand to obtain all identified CVEs regionally in order that future lookups are constituted of disk as a substitute:
secator set up cves
Checking set up well being
To determine which languages or instruments are put in in your system (together with their model):
secator well being
Utilization
secator --help
Utilization examples
Run a fuzzing job (ffuf):
secator x ffuf http://testphp.vulnweb.com/FUZZ
Run a url crawl workflow:
secator w url_crawl http://testphp.vulnweb.com
Run a number scan:
secator s host mydomain.com
and extra… to checklist all duties / workflows / scans that you should utilize:
secator x --help
secator w --help
secator s --help
Study extra
To go deeper with secator, try: * Our full documentation * Our getting began tutorial video * Our Medium submit * Observe us on social media: @freelabz on Twitter and @FreeLabz on YouTube