secator is a activity and workflow runner used for safety assessments. It helps dozens of well-known safety instruments and it’s designed to enhance productiveness for pentesters and safety researchers.
-
Curated listing of instructions
-
Unified enter choices
-
Unified output schema
-
CLI and library utilization
-
Distributed choices with Celery
-
Complexity from easy duties to complicated workflows
Supported instruments
secator integrates the next instruments:
| Identify | Description | Class |
|---|---|---|
| httpx | Quick HTTP prober. | http |
| cariddi | Quick crawler and endpoint secrets and techniques / api keys / tokens matcher. | http/crawler |
| gau | Offline URL crawler (Alien Vault, The Wayback Machine, Frequent Crawl, URLScan). | http/crawler |
| gospider | Quick net spider written in Go. | http/crawler |
| katana | Subsequent-generation crawling and spidering framework. | http/crawler |
| dirsearch | Net path discovery. | http/fuzzer |
| feroxbuster | Easy, quick, recursive content material discovery instrument written in Rust. | http/fuzzer |
| ffuf | Quick net fuzzer written in Go. | http/fuzzer |
| h8mail | Electronic mail OSINT and breach looking instrument. | osint |
| dnsx | Quick and multi-purpose DNS toolkit designed for operating DNS queries. | recon/dns |
| dnsxbrute | Quick and multi-purpose DNS toolkit designed for operating DNS queries (bruteforce mode). | recon/dns |
| subfinder | Quick subdomain finder. | recon/dns |
| fping | Discover alive hosts on native networks. | recon/ip |
| mapcidr | Broaden CIDR ranges into IPs. | recon/ip |
| naabu | Quick port discovery instrument. | recon/port |
| maigret | Hunt for person accounts throughout many web sites. | recon/person |
| gf | A wrapper round grep to keep away from typing widespread patterns. | tagger |
| grype | A vulnerability scanner for container photographs and filesystems. | vuln/code |
| dalfox | Highly effective XSS scanning instrument and parameter analyzer. | vuln/http |
| msfconsole | CLI to entry and work with the Metasploit Framework. | vuln/http |
| wpscan | WordPress Safety Scanner | vuln/multi |
| nmap | Vulnerability scanner utilizing NSE scripts. | vuln/multi |
| nuclei | Quick and customisable vulnerability scanner primarily based on easy YAML primarily based DSL. | vuln/multi |
| searchsploit | Exploit searcher. | exploit/search |
Be happy to request new instruments to be added by opening a difficulty, however please verify that the instrument complies with our choice criterias earlier than doing so. If it would not however you continue to need to combine it into secator, you may plug it in (see the dev information).
Set up
Putting in secator
Pipx
pipx set up secator
Pip
pip set up secator
Bash
wget -O - https://uncooked.githubusercontent.com/freelabz/secator/principal/scripts/set up.sh | sh
Docker
docker run -it --rm --net=host -v ~/.secator:/root/.secator freelabz/secator --help
The amount mount -v is critical to save lots of all secator reviews to your host machine, and–net=host is advisable to grant full entry to the host community. You’ll be able to alias this command to run it simpler:
alias secator="docker run -it --rm --net=host -v ~/.secator:/root/.secator freelabz/secator"
Now you may run secator like if it was put in on baremetal:
secator --help
Docker Compose
git clone https://github.com/freelabz/secator
cd secator
docker-compose up -d
docker-compose exec secator secator --help
Observe: In the event you selected the Bash, Docker or Docker Compose set up strategies, you may skip the subsequent sections and go straight to Utilization.
Putting in languages
secator makes use of exterior instruments, so that you may want to put in languages utilized by these instruments assuming they don’t seem to be already put in in your system.
We offer utilities to put in required languages should you do not handle them externally:
Go
secator set up langs go
Ruby
secator set up langs ruby
Putting in instruments
secator doesn’t set up any of the exterior instruments it helps by default.
We offer utilities to put in or replace every supported instrument which ought to work on all methods supporting apt:
All instruments
secator set up instruments
Particular instruments
secator set up instruments
As an illustration, to put in `httpx`, use:
secator set up instruments httpx
Please be sure to are utilizing the most recent obtainable variations for every instrument earlier than you run secator otherwise you may run into parsing / formatting points.
Putting in addons
secator comes put in with the minimal quantity of dependencies.
There are a number of addons obtainable for secator:
employee
Add help for Celery staff (see [Distributed runs with Celery](https://docs.freelabz.com/in-depth/distributed-runs-with-celery)).
secator set up addons employee
Add help for Google Drive exporter (`-o gdrive`).
secator set up addons google
mongodb
Add help for MongoDB driver (`-driver mongodb`).
secator set up addons mongodb
redis
Add help for Redis backend (Celery).
secator set up addons redis
dev
Add growth instruments like `protection` and `flake8` required for operating assessments.
secator set up addons dev
hint
Add tracing instruments like `memray` and `pyinstrument` required for tracing capabilities.
secator set up addons hint
construct
Add `hatch` for constructing and publishing the PyPI bundle.
secator set up addons construct
Set up CVEs
secator makes distant API calls to https://cve.circl.lu/ to get in-depth details about the CVEs it encounters. We offer a subcommand to obtain all recognized CVEs regionally in order that future lookups are produced from disk as a substitute:
secator set up cves
Checking set up well being
To determine which languages or instruments are put in in your system (together with their model):
secator well being
Utilization
secator --help
Utilization examples
Run a fuzzing activity (ffuf):
secator x ffuf http://testphp.vulnweb.com/FUZZ
Run a url crawl workflow:
secator w url_crawl http://testphp.vulnweb.com
Run a bunch scan:
secator s host mydomain.com
and extra… to listing all duties / workflows / scans that you need to use:
secator x --help
secator w --help
secator s --help
Study extra
To go deeper with secator, take a look at: * Our full documentation * Our getting began tutorial video * Our Medium submit * Observe us on social media: @freelabz on Twitter and @FreeLabz on YouTube
