CLI Usage
... or how you can use secator as your pentesting swiss-knife.
secator
is first and foremost a command-line interface (CLI). This page describes how to use it in-depth.
Usage
secator --help # General help
secator x # List available tasks
secator w # List available workflows
secator s # List available scans
secator u # List available utilities
Running tasks
You can run any of the supported tasks out-of-the box using the secator x
(execute) subcommand:
Find subdomains of a domain using offline sources with subfinder
:
secator x subfinder wikipedia.org
Running workflows
A workflow is a set of pre-defined tasks.
You can run some pre-written workflows using the secator w
(workflow) subcommand:
To perform a basic host recon (open ports, network + HTTP vulnerabilities):
secator w host_recon 192.168.1.18
Running scans
A scan is a set of workflows that run one after the other.
You can run some pre-written scans using the secator s
subcommand:
secator s domain example.com
Running utils
secator
provides a number of utilities that can be useful when doing pentesting.
Proxy
You can get a random proxy:
secator u proxy # print a random proxy
secator u proxy -n 5 --timeout 1 # print 5 proxies with 1s max timeout
Reverse shells
You can spawn reverse shells in any language, and optional netcat listener:
secator u revshell # list all reverse shells
secator u revshell bash # show a Bash reverse shell
secator u revshell javascript -h <LHOST> -p <LPORT> # show a Javascript reverse shell to connect to LHOST / LPORT
secator u revshell javascript -h <LHOST> -p <LPORT> -l # ... also spawn a netcat listener
Serve
You can run an HTTP server to serve payloads:
secator u serve
Recording
You can record pentesting sessions as a GIF:
secator u record -i <RECORD_NAME> # record an interactive session
secator u record --script test.sh <RECORD_NAME> # put your commands in a script and record the execution
Configuring secator
To configure secator
, use the following commands:
secator c get # get current user config
secator c get --full # get full config (with defaults)
secator c get wordlists.defaults.http # get default wordlist path
secator c set wordlists.defaults.http rockyou.txt # set default wordlist
secator c edit # edit user config yaml
secator c default # get default config
To see the full available configuration options, get the default configuration using secator c default
.
Running a worker [optional]
You can enable enable distributed runs by starting secator
workers. All tasks / workflows / scans will be sent to the workers for execution.
You can run a worker using the file system as a broker and result backend:
secator install addons worker
secator worker
Last updated
Was this helpful?