Secator docs
  • GETTING STARTED
    • Introduction
    • Installation
    • CLI Usage
    • Library usage
    • Configuration
    • Examples
      • 5 minutes secator session
  • RUNNER OPTIONS
    • Global options
    • Meta options
    • Input formats
    • Output options
  • IN-DEPTH
    • Philosophy & design
    • Distributed runs with Celery
    • Concepts
      • Output types
      • Proxies
      • Exporters
      • Runners
      • Drivers
      • Profiles
    • Deployment
  • For developers
    • Development setup
    • Writing tasks
      • Integrating an external command
        • Parsing JSON lines
        • Parsing raw standard output
        • Parsing output files
        • Example: integrating ls
        • Example: cat hunters
      • Integrate custom Python code [WIP]
      • Advanced options
    • Writing workflows
    • Writing scans [WIP]
Powered by GitBook
On this page
  • Usage
  • Running tasks
  • Running workflows
  • Running scans
  • Running utils
  • Proxy
  • Reverse shells
  • Serve
  • Recording
  • Configuring secator
  • Running a worker [optional]

Was this helpful?

  1. GETTING STARTED

CLI Usage

... or how you can use secator as your pentesting swiss-knife.

secator is first and foremost a command-line interface (CLI). This page describes how to use it in-depth.


Usage

secator --help # General help
secator x      # List available tasks
secator w      # List available workflows
secator s      # List available scans
secator u      # List available utilities

Running tasks

You can run any of the supported tasks out-of-the box using the secator x (execute) subcommand:

Find subdomains of a domain using offline sources with subfinder:

secator x subfinder wikipedia.org

Find information about an URL with httpx:

secator x httpx wikipedia.org

Fuzz URLs with ffuf with max 100 requests / second and matching select HTTP codes:

secator x ffuf http://testphp.vulnweb.com/FUZZ -rl 100 -mc 200,201,300,500

Find open ports and associated vulnerabilities with nmap using proxychains as a proxy:

secator x nmap myhost.com -p 443,80,8080,8081,21 -proxy proxychains

Find user accounts with maigret:

secator x maigret elonmusk

Use secator x <NAME> --help to list options for a specific task.


Running workflows

A workflow is a set of pre-defined tasks.

You can run some pre-written workflows using the secator w (workflow) subcommand:

To perform a basic host recon (open ports, network + HTTP vulnerabilities):

secator w host_recon 192.168.1.18

To perform a basic subdomain discovery (subdomain + root URLs):

secator w subdomain_recon mydomain.com

To perform URL crawling:

secator w url_crawl https://mydomain.com/start/crawling/from/here/

To perform URL fuzzing:

secator w url_fuzz https://mydomain.com/start/fuzzing/from/here/

To perform code vulnerability scan:

secator w code_scan /path/to/code/repo

To find user accounts for a username:

secator w user_hunt elonmusk

Use secator w <NAME> --help to list options for a specific workflow.


Running scans

A scan is a set of workflows that run one after the other.

You can run some pre-written scans using the secator s subcommand:

secator s domain example.com
secator s subdomain sub.example.com
secator s network 192.168.1.0/24
secator s url http://testphp.vulnweb.com

Use secator s <NAME> --help to list a options for a specific scan.


Running utils

secator provides a number of utilities that can be useful when doing pentesting.

Proxy

You can get a random proxy:

secator u proxy                  # print a random proxy
secator u proxy -n 5 --timeout 1 # print 5 proxies with 1s max timeout

Reverse shells

You can spawn reverse shells in any language, and optional netcat listener:

secator u revshell                                     # list all reverse shells
secator u revshell bash                                # show a Bash reverse shell
secator u revshell javascript -h <LHOST> -p <LPORT>    # show a Javascript reverse shell to connect to LHOST / LPORT
secator u revshell javascript -h <LHOST> -p <LPORT> -l # ... also spawn a netcat listener

Serve

You can run an HTTP server to serve payloads:

secator u serve

Recording

You can record pentesting sessions as a GIF:

secator u record -i <RECORD_NAME>                # record an interactive session
secator u record --script test.sh <RECORD_NAME>  # put your commands in a script and record the execution

Configuring secator

To configure secator, use the following commands:

secator c get                                     # get current user config
secator c get --full                              # get full config (with defaults)
secator c get wordlists.defaults.http             # get default wordlist path
secator c set wordlists.defaults.http rockyou.txt # set default wordlist 
secator c edit                                    # edit user config yaml
secator c default                                 # get default config

To see the full available configuration options, get the default configuration using secator c default.


Running a worker [optional]

You can enable enable distributed runs by starting secator workers. All tasks / workflows / scans will be sent to the workers for execution.

You can run a worker using the file system as a broker and result backend:

secator install addons worker
secator worker

Learn more about Distributed runs with Celery


PreviousInstallationNextLibrary usage

Last updated 8 months ago

Was this helpful?