Profiles

... or how to manage different runner option sets effectively.

secator profiles are a way to mutualize sets of options to be quickly re-used in tasks, workflows, and scans. Profiles allow you to apply predefined option configurations with a single flag, making it easy to switch between different scanning strategies.

Using profiles

You can use profiles with any task, workflow, or scan by using the -pf or --profiles flag:

secator x httpx example.com -pf aggressive,full

You can combine multiple profiles by separating them with commas. Options from profiles are merged, with later profiles taking precedence over earlier ones.

Listing available profiles

To see all available profiles and their options:

secator p list

Built-in profiles

secator comes with several built-in profiles organized by category:

Speed profiles

These profiles control the aggressiveness and speed of scans by adjusting rate limits, delays, timeouts, and retries.

Aggressive (`aggressive`)

Optimized for internal networks or time-sensitive scans with no rate limiting.

rate_limit: 10000
delay: 0
timeout: 1
retries: 1

Use case: Fast scanning on trusted internal networks where you need results quickly.

Insane (`insane`)

Maximum speed for local LAN scanning or stress testing.

rate_limit: 100000
delay: 0
timeout: 1
retries: 0

Use case: Local network scanning or stress testing where network impact is not a concern.

Paranoid (`paranoid`)

Maximum stealth with very conservative settings.

rate_limit: 5
delay: 5
timeout: 15
retries: 5

Use case: Scanning sensitive networks where stealth is critical and you can afford to wait.

Polite (`polite`)

Balanced settings to avoid overloading the network.

rate_limit: 100
delay: 0
timeout: 10
retries: 5

Use case: General-purpose scanning where you want to be respectful of network resources.

Evasion profiles

These profiles help evade detection systems and maintain anonymity.

Sneaky (`sneaky`)

IDS/IPS evasion for sensitive networks using packet fragmentation.

fragment: true
nmap_light_fragment: true

Use case: Scanning networks with active IDS/IPS systems that you want to evade.

Stealth (`stealth`)

Stealth scan using TCP SYN scanning.

tcp_syn_stealth: true
nmap_light_tcp_syn_stealth: true
scan_type: s

Use case: Port scanning where you want to minimize detection by using stealth techniques.

Tor (`tor`)

Anonymous scanning using the Tor network.

proxy: auto

Use case: Scanning where you need anonymity and want to route traffic through Tor.

Make sure you have Tor configured and running, and set up your proxy settings in the config (see Proxies).

General profiles

These profiles control the overall scanning approach and feature activation.

Active (`active`)

Active scanning only - no passive sources are used. This profile enforces active-only mode.

active: true
domain_recon_active: true
subdomain_recon_active: true
host_recon_active: true
url_crawl_active: true
url_vuln_active: true

Use case: When you want to ensure all scanning is done actively (making requests to targets) and avoid passive data sources.

Passive (`passive`)

Passive scanning only - no requests are made to targets. This profile enforces passive-only mode.

passive: true
domain_recon_passive: true
subdomain_recon_passive: true
host_recon_passive: true
url_crawl_passive: true
url_vuln_passive: true

Use case: When you want to gather information without making any requests to the target (e.g., using only OSINT sources).

Full (`full`)

Activates all optional features for comprehensive scanning.

# Task options
headless: true
system_chrome: true
no_sandbox: true
screenshot: true
juicy_extensions: 3
server_defaults: false

# Workflow options
ports: "-"
nuclei: true
brute_dns: true
brute_http: true
hunt_secrets: true
test_ssl: true

# Scan options
host_recon_nuclei: true
host_recon_nmap_ports: "-"
domain_recon_testssl_server_defaults: null
subdomain_recon_hunt_secrets: true
subdomain_recon_test_ssl: true
subdomain_recon_testssl_server_defaults: null
url_crawl_hunt_secrets: true
url_vuln_nuclei: true
url_crawl_cariddi_juicy_extensions: 3

Use case: Comprehensive security assessments where you want to enable all available features including headless browsing, screenshots, vulnerability scanning, secret hunting, and SSL testing.

Network profiles

These profiles configure network-specific scanning options.

All Ports (`all_ports`)

Scans all ports instead of just common ones.

ports: "-"
host_recon_nmap_ports: "-"

Use case: When you need a complete port scan of all 65535 ports (warning: this can be very slow).

HTTP Headless (`http_headless`)

Enables headless browser mode for HTTP tasks.

headless: true
system_chrome: true
no_sandbox: true

Use case: When you need to render JavaScript or interact with modern web applications that require a browser.

HTTP Record (`http_record`)

Records HTTP requests/responses and takes screenshots.

screenshot: true
store_responses: true
system_chrome: true
no_sandbox: true

Use case: When you need to capture full HTTP interactions and visual evidence of web pages.

Profile enforcement

Some profiles have the enforce: true setting, which means they override any conflicting options you might pass directly. Profiles with enforcement are:

active
passive
full
all_ports

When using enforced profiles, the profile options take precedence over command-line options.

Combining profiles

You can combine multiple profiles to create a custom configuration:

# Combine speed and evasion profiles
secator w host_recon example.com -pf aggressive,stealth

# Combine feature activation with speed
secator s host example.com -pf full,polite

# Combine network and evasion
secator x naabu example.com -pf all_ports,tor

When combining profiles, options are merged with later profiles taking precedence over earlier ones.

Setting default profiles

You can set default profiles in your configuration that will be applied automatically:

secator config set profiles.defaults aggressive,polite

Default profiles are automatically applied to all runs unless you explicitly override them with the -pf flag.

Creating custom profiles

To create your own profile, create a YAML file in ~/.secator/templates/profiles/:

type: profile
name: my_custom_profile
category: general
description: "My custom profile description"
opts:
    rate_limit: 500
    delay: 0.5
    timeout: 5
    retries: 3

After creating the profile file, it will be automatically available for use with the -pf flag.

PreviousDrivers NextDeployment

Last updated 4 months ago

hashtagUsing profiles

hashtagListing available profiles

hashtagBuilt-in profiles

hashtagSpeed profiles

hashtagAggressive (aggressive)

hashtagInsane (insane)

hashtagParanoid (paranoid)

hashtagPolite (polite)

hashtagEvasion profiles

hashtagSneaky (sneaky)

hashtagStealth (stealth)

hashtagTor (tor)

hashtagGeneral profiles

hashtagActive (active)

hashtagPassive (passive)

hashtagFull (full)

hashtagNetwork profiles

hashtagAll Ports (all_ports)

hashtagHTTP Headless (http_headless)

hashtagHTTP Record (http_record)

hashtagProfile enforcement

hashtagCombining profiles

hashtagSetting default profiles

hashtagCreating custom profiles