Meta options

... or options that are mutualized among task categories for efficiency, speed, and user-friendliness.

Meta options apply to tasks, workflows, or scans. When passed to workflows or scans, they will be passed to each task contained in the runner.

Some tasks, workflows, or scans do not support some of the options mentioned below. Runsecator x/w/s <name> --help to get the complete list of supported options.

Execution Options

Threads (`-threads`)

Number of threads to use. Applies to all tasks supporting threads (or concurrency).

Example: set 50 threads

secator w host_recon mydomain.com -threads 50

Requests Options

The following options will apply to tasks making network requests (if they implement it), no matter the protocol used (HTTP, TCP, UDP, DNS, FTP, ...).

Proxy (`-proxy`)

Proxy (HTTP, Socks5, ...) to use when communicating with the targets.

Example: set proxies in config and -proxy to auto

secator config set http.http_proxy http://localhost:8080
secator config set http.socks5_proxy socks5://localhost:9050
secator w host_recon mydomain.com -proxy auto  # auto choose the right proxy

Learn more about Proxies.

Rate limit (`-rl`)

Rate limit is an upper limit on the number of requests per second.

Example: set a rate limit of 50 requests/second

secator w host_recon mydomain.com -rl 50

Timeout (`-timeout`)

Timeout is the time to wait (in seconds) before giving up on the request.

Example: set a request timeout of 10 seconds

secator w host_recon mydomain.com -timeout 10

Retries (`-retries`)

Number of retries for failed requests.

Example: set 5 retries for all requests

secator w host_recon mydomain.com -retries 5

Delay (`-d`)

Delay to add between each request (in seconds).

Example: add a 0.5 second delay between requests

secator w host_recon mydomain.com -d 0.5

HTTP Options

The following options will apply to tasks making HTTP requests (if they implement it).

Header (`-H`)

Custom header to add to each request in the form "KEY1:VALUE1;; KEY2:VALUE2".

Example: set an Authorization and an Accept header

secator x cariddi mydomain.com -H "Authorization: Basic <TOKEN>;; Accept: application/json"

Method (`-X`)

HTTP method to use for request GET, POST, PUT, DELETE, etc...

Example: use POST method for fuzzing

secator x ffuf mydomain.com -X POST

Data (`-data`)

Data to send in the request body.

Example: send JSON data in POST request

secator x ffuf mydomain.com/api -X POST -data '{"key":"value"}'

User-agent (`-ua`)

Custom user-agent to use for request.

Example: use secator as a user agent value

secator x dalfox mydomain.com -ua secator

Match regex (`-mr)`

Keep responses which body content match the input.

Example: keep responses which match the regexMySQLError.*

secator x ffuf mydomain.com -mr MySQLError.*

Match size (`-ms`)

Keep responses which body size (in bytes) match the input.

Example: keep responses with 1025 bytes

secator x katana mydomain.com -ms 1026  # bytes

Match-words (`-mw)`

Keep responses which body word count match the input.

Example: keep responses with 10 words

secator x katana mydomain.com -mw 10

Match code (`-mc`)

Keep responses which HTTP status codes match the input.

Example: keep responses matching HTTP statuses 200,400,501

secator x katana mydomain.com -mc 200,400,501

Filter regex (`-fr`)

Filter out responses which body content match the input.

Example: filter out responses containing the string LoginPage

secator x ffuf mydomain.com -fr LoginPage.*

Filter codes (`-fc`)

Filter out responses which HTTP status codes match the input.

Example: filter out responses matching HTTP status 500

secator x ffuf mydomain.com -fc 500

Filter size (`-fs)`

Filter out responses which body size (in bytes) match the input.

Example: filter out responses with 1025 bytes

secator x ffuf mydomain.com -fs 1025

Filter words (`-fw`)

Filter out responses which body word count match the input.

Example: filter out responses with 10 words

secator x ffuf mydomain.com -fw 10

Follow redirect (`-frd`)

Follow all http redirects.

Example: follow HTTP redirects

secator x katana mydomain.com -frd

Depth (`-depth`)

Scan depth for crawling tasks.

Example: set crawl depth to 3

secator x gospider mydomain.com -depth 3

Replay proxy (`-P`)

Proxy to use for replay requests (useful for fuzzing tasks).

Example: use a proxy for replay requests

secator x ffuf mydomain.com/FUZZ -P http://localhost:8080

Wordlist (`-w`)

Custom wordlist to use.

Example: use fuzz-Bo0oM wordlist

secator x ffuf mydomain.com/FFUF/ -w /usr/share/seclists/Fuzzing/fuzz-Bo0oM.txt

Port Scanning Options

The following options apply to port scanning tasks (e.g., naabu, nmap).

Ports (`-p`)

Only scan specific ports. Accepts a comma-separated list of ports, or - for all ports.

Example: scan ports 80, 443, and 8080

secator x naabu mydomain.com -p 80,443,8080

Top ports (`-tp`)

Scan the N most common ports.

secator x naabu mydomain.com -tp 100

PreviousGlobal options NextInput formats

Last updated 1 month ago

hashtagExecution Options

hashtagThreads (-threads)

hashtagRequests Options

hashtagProxy (-proxy)

hashtagRate limit (-rl)

hashtagTimeout (-timeout)

hashtagRetries (-retries)

hashtagDelay (-d)

hashtagHTTP Options

hashtagHeader (-H)

hashtagMethod (-X)

hashtagData (-data)

hashtagUser-agent (-ua)

hashtagMatch regex (-mr)

hashtagMatch size (-ms)

hashtagMatch-words (-mw)

hashtagMatch code (-mc)

hashtagFilter regex (-fr)

hashtagFilter codes (-fc)

hashtagFilter size (-fs)

hashtagFilter words (-fw)

hashtagFollow redirect (-frd)

hashtagDepth (-depth)

hashtagReplay proxy (-P)

hashtagWordlist (-w)

hashtagPort Scanning Options

hashtagPorts (-p)

hashtagTop ports (-tp)

Execution Options

Threads (`-threads`)

Requests Options

Proxy (`-proxy`)

Rate limit (`-rl`)

Timeout (`-timeout`)

Retries (`-retries`)

Delay (`-d`)

HTTP Options

Header (`-H`)

Method (`-X`)

Data (`-data`)

User-agent (`-ua`)

Match regex (`-mr)`

Match size (`-ms`)

Match-words (`-mw)`

Match code (`-mc`)

Filter regex (`-fr`)

Filter codes (`-fc`)

Filter size (`-fs)`

Filter words (`-fw`)

Follow redirect (`-frd`)

Depth (`-depth`)

Replay proxy (`-P`)

Wordlist (`-w`)

Port Scanning Options

Ports (`-p`)

Top ports (`-tp`)