CLI Usage

... or how you can use secator as your pentesting swiss-knife.

secator is first and foremost a command-line interface (CLI). This page describes how to use it in-depth.

Usage

secator --help # General help
secator x      # List available tasks
secator w      # List available workflows
secator s      # List available scans
secator u      # List available utilities

Running tasks

You can run any of the supported tasks out-of-the box using the secator x (execute) subcommand:

Find subdomains of a domain using offline sources with subfinder:

secator x subfinder wikipedia.org

Find information about an URL with httpx:

secator x httpx wikipedia.org

Fuzz URLs with ffuf with max 100 requests / second and matching select HTTP codes:

secator x ffuf http://testphp.vulnweb.com/FUZZ -rl 100 -mc 200,201,300,500

Find open ports and associated vulnerabilities with nmap using proxychains as a proxy:

secator x nmap myhost.com -p 443,80,8080,8081,21 -proxy proxychains

Find user accounts with maigret:

secator x maigret elonmusk

Use secator x <NAME> --help to list options for a specific task.

Running workflows

A workflow is a set of pre-defined tasks.

You can run some pre-written workflows using the secator w (workflow) subcommand:

To perform a basic host recon (open ports, network + HTTP vulnerabilities):

secator w host_recon 192.168.1.18

To perform a basic subdomain discovery (subdomain + root URLs):

secator w subdomain_recon mydomain.com

To perform URL crawling:

secator w url_crawl https://mydomain.com/start/crawling/from/here/

To perform URL fuzzing:

secator w url_fuzz https://mydomain.com/start/fuzzing/from/here/

To perform code vulnerability scan:

secator w code_scan /path/to/code/repo

To find user accounts for a username:

secator w user_hunt elonmusk

Use secator w <NAME> --help to list options for a specific workflow.

Running scans

A scan is a set of workflows that run one after the other.

You can run some pre-written scans using the secator s subcommand:

secator s domain example.com

secator s subdomain sub.example.com

secator s network 192.168.1.0/24

secator s url http://testphp.vulnweb.com

Use secator s <NAME> --help to list a options for a specific scan.

Running utils

secator provides a number of utilities that can be useful when doing pentesting.

Proxy

You can get a random proxy:

secator u proxy                  # print a random proxy
secator u proxy -n 5 --timeout 1 # print 5 proxies with 1s max timeout

Reverse shells

You can spawn reverse shells in any language, and optional netcat listener:

secator u revshell                                     # list all reverse shells
secator u revshell bash                                # show a Bash reverse shell
secator u revshell javascript -h <LHOST> -p <LPORT>    # show a Javascript reverse shell to connect to LHOST / LPORT
secator u revshell javascript -h <LHOST> -p <LPORT> -l # ... also spawn a netcat listener

Serve

You can run an HTTP server to serve payloads:

secator u serve

Recording

You can record pentesting sessions as a GIF:

secator u record -i <RECORD_NAME>                # record an interactive session
secator u record --script test.sh <RECORD_NAME>  # put your commands in a script and record the execution

Configuring secator

To configure secator, use the following commands:

secator c get                                     # get current user config
secator c get --full                              # get full config (with defaults)
secator c get wordlists.defaults.http             # get default wordlist path
secator c set wordlists.defaults.http rockyou.txt # set default wordlist 
secator c edit                                    # edit user config yaml
secator c default                                 # get default config

To see the full available configuration options, get the default configuration using secator c default.

Running a worker [optional]

You can enable enable distributed runs by starting secator workers. All tasks / workflows / scans will be sent to the workers for execution.

You can run a worker using the file system as a broker and result backend:

secator install addons worker
secator worker

Learn more about Distributed runs with Celery

PreviousInstallation NextLibrary usage

Last updated 4 months ago