secator 0.5.0

The pentester's swiss knife.

The pentester's swiss knife.

Features • Supported commands • Installation • Usage • Documentation

secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers.

Features

• Curated list of commands

• Unified input options

• Unified output schema

• CLI and library usage

• Distributed options with Celery

• Complexity from simple tasks to complex workflows

• Customizable

Supported tools

secator integrates the following tools:

Name	Description	Category
httpx	Fast HTTP prober.	http
cariddi	Fast crawler and endpoint secrets / api keys / tokens matcher.	http/crawler
gau	Offline URL crawler (Alien Vault, The Wayback Machine, Common Crawl, URLScan).	http/crawler
gospider	Fast web spider written in Go.	http/crawler
katana	Next-generation crawling and spidering framework.	http/crawler
dirsearch	Web path discovery.	http/fuzzer
feroxbuster	Simple, fast, recursive content discovery tool written in Rust.	http/fuzzer
ffuf	Fast web fuzzer written in Go.	http/fuzzer
h8mail	Email OSINT and breach hunting tool.	osint
dnsx	Fast and multi-purpose DNS toolkit designed for running DNS queries.	recon/dns
dnsxbrute	Fast and multi-purpose DNS toolkit designed for running DNS queries (bruteforce mode).	recon/dns
subfinder	Fast subdomain finder.	recon/dns
fping	Find alive hosts on local networks.	recon/ip
mapcidr	Expand CIDR ranges into IPs.	recon/ip
naabu	Fast port discovery tool.	recon/port
maigret	Hunt for user accounts across many websites.	recon/user
gf	A wrapper around grep to avoid typing common patterns.	tagger
grype	A vulnerability scanner for container images and filesystems.	vuln/code
dalfox	Powerful XSS scanning tool and parameter analyzer.	vuln/http
msfconsole	CLI to access and work with the Metasploit Framework.	vuln/http
wpscan	WordPress Security Scanner	vuln/multi
nmap	Vulnerability scanner using NSE scripts.	vuln/multi
nuclei	Fast and customisable vulnerability scanner based on simple YAML based DSL.	vuln/multi
searchsploit	Exploit searcher.	exploit/search

Feel free to request new tools to be added by opening an issue, but please check that the tool complies with our selection criterias before doing so. If it doesn't but you still want to integrate it into secator, you can plug it in (see the dev guide).

Installation

Installing secator

Pipx

pipx install secator

Pip

pip install secator

Bash

wget -O - https://raw.githubusercontent.com/freelabz/secator/main/scripts/install.sh | sh

Docker

docker run -it --rm --net=host -v ~/.secator:/root/.secator freelabz/secator --help

The volume mount -v is necessary to save all secator reports to your host machine, and--net=host is recommended to grant full access to the host network.

You can alias this command to run it easier:

alias secator="docker run -it --rm --net=host -v ~/.secator:/root/.secator freelabz/secator"

Now you can run secator like if it was installed on baremetal:

secator --help

Docker Compose

git clone https://github.com/freelabz/secator
cd secator
docker-compose up -d
docker-compose exec secator secator --help

Note: If you chose the Bash, Docker or Docker Compose installation methods, you can skip the next sections and go straight to Usage.

Installing languages

secator uses external tools, so you might need to install languages used by those tools assuming they are not already installed on your system.

We provide utilities to install required languages if you don't manage them externally:

Go

secator install langs go

Ruby

secator install langs ruby

Installing tools

secator does not install any of the external tools it supports by default.

We provide utilities to install or update each supported tool which should work on all systems supporting apt:

All tools

secator install tools

Specific tools

secator install tools <TOOL_NAME>

For instance, to install httpx, use:

secator install tools httpx

Please make sure you are using the latest available versions for each tool before you run secator or you might run into parsing / formatting issues.

Installing addons

secator comes installed with the minimum amount of dependencies.

There are several addons available for secator:

worker

Add support for Celery workers (see Distributed runs with Celery).

secator install addons worker

google

Add support for Google Drive exporter (-o gdrive).

secator install addons google

mongodb

Add support for MongoDB driver (-driver mongodb).

secator install addons mongodb

redis

Add support for Redis backend (Celery).

secator install addons redis

dev

Add development tools like coverage and flake8 required for running tests.

secator install addons dev

trace

Add tracing tools like memray and pyinstrument required for tracing functions.

secator install addons trace

build

Add hatch for building and publishing the PyPI package.

secator install addons build

Install CVEs

secator makes remote API calls to https://cve.circl.lu/ to get in-depth information about the CVEs it encounters. We provide a subcommand to download all known CVEs locally so that future lookups are made from disk instead:

secator install cves

Checking installation health

To figure out which languages or tools are installed on your system (along with their version):

secator health

Usage

secator --help

Usage examples

Run a fuzzing task (ffuf):

secator x ffuf http://testphp.vulnweb.com/FUZZ

Run a url crawl workflow:

secator w url_crawl http://testphp.vulnweb.com

Run a host scan:

secator s host mydomain.com

and more... to list all tasks / workflows / scans that you can use:

secator x --help
secator w --help
secator s --help

Learn more

To go deeper with secator, check out:

• Our complete documentation
• Our getting started tutorial video
• Our Medium post
• Follow us on social media: @freelabz on Twitter and @FreeLabz on YouTube

Stats