Security tools command runner
Project description
secator
Security swiss-knife to speed up vulnerability assessments.
Features • Supported commands • Installation • Usage • Documentation
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools
and it is designed to improve productivity for pentesters and security researchers.
Features
-
Curated list of commands
-
Unified input options
-
Unified output schema
-
CLI and library usage
-
Distributed options with Celery
-
Complexity from simple tasks to complex workflows
-
Customizable
Supported commands
secator integrates the following commands:
| Name | Description | Category |
|---|---|---|
| httpx | Fast HTTP prober. | http |
| cariddi | Fast crawler and endpoint secrets / api keys / tokens matcher. | http/crawler |
| gau | Offline URL crawler (Alien Vault, The Wayback Machine, Common Crawl, URLScan). | http/crawler |
| gospider | Fast web spider written in Go. | http/crawler |
| katana | Next-generation crawling and spidering framework. | http/crawler |
| dirsearch | Web path discovery. | http/fuzzer |
| feroxbuster | Simple, fast, recursive content discovery tool written in Rust. | http/fuzzer |
| ffuf | Fast web fuzzer written in Go. | http/fuzzer |
| h8mail | Email OSINT and breach hunting tool. | osint |
| dnsx | Fast and multi-purpose DNS toolkit designed for running DNS queries. | recon/dns |
| dnsxbrute | Fast and multi-purpose DNS toolkit designed for running DNS queries (bruteforce mode). | recon/dns |
| subfinder | Fast subdomain finder. | recon/dns |
| fping | Find alive hosts on local networks. | recon/ip |
| mapcidr | Expand CIDR ranges into IPs. | recon/ip |
| naabu | Fast port discovery tool. | recon/port |
| maigret | Hunt for user accounts across many websites. | recon/user |
| gf | A wrapper around grep to avoid typing common patterns. | tagger |
| grype | A vulnerability scanner for container images and filesystems. | vuln/code |
| dalfox | Powerful XSS scanning tool and parameter analyzer. | vuln/http |
| msfconsole | CLI to access and work with the Metasploit Framework. | vuln/http |
| wpscan | WordPress Security Scanner | vuln/multi |
| nmap | Vulnerability scanner using NSE scripts. | vuln/multi |
| nuclei | Fast and customisable vulnerability scanner based on simple YAML based DSL. | vuln/multi |
| searchsploit | Exploit searcher. | exploit/search |
Feel free to request new commands to be added by opening an issue, but please
check that the command complies with our selection criterias before doing so. If it doesn't but you still want to integrate it into secator, you can plug it in (see the dev guide).
Install Secator
Secator requires python >= 3.8 to install successfully. Run the following command to install the latest version:
pip3 install git+https://github.com/freelabz/secator.git
Bash one-liner
git clone https://github.com/freelabz/secator && sh ./scripts/install.sh
Docker
docker build -t secator
Development build
git clone https://github.com/freelabz/secator
cd secator
python3 -m virtualenv -p python3 ~/.virtualenvs/secator
source ~/.virtualenvs/secator/bin/activate
pip3 install -e .
Install specific tasks
secator u install <TASK_NAME>
Usage
secator --help
Running secator
Run a fuzzing task (ffuf):
secator x ffuf http://testphp.vulnweb.com/FUZZ
Run a port scan:
secator w port_scan mydomain.com
Run a full host scan:
secator s host mydomain.com
For more, read the complete documentation.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
