<h1 align="center"> <img src="https://github.com/freelabz/secator/assets/9629314/ee203af4-e853-439a-af01-edeabfc4bf07/" width="400"> </h1> <h4 align="center">The pentester's swiss knife.</h4> <p align="center"> <!-- <a href="https://goreportcard.com/report/github.com/freelabz/secator"><img src="https://goreportcard.com/badge/github.com/freelabz/secator"></a> --> <img src="https://img.shields.io/badge/python-3.6-blue.svg"> <a href="https://github.com/freelabz/secator/releases"><img src="https://img.shields.io/github/release/freelabz/secator"></a> <a href="https://github.com/freelabz/secator/blob/main/LICENSE"><img src="https://img.shields.io/badge/License-BSL%201.1-brightgreen.svg"></a> <a href="https://pypi.org/project/secator/"><img src="https://img.shields.io/pypi/dm/secator"></a> <a href="https://twitter.com/freelabz"><img src="https://img.shields.io/twitter/follow/freelabz.svg?logo=twitter"></a> <a href="https://youtube.com/@FreeLabz"><img src="https://img.shields.io/youtube/channel/subscribers/UCu-F6SpU0h2NP18zBBP04cw?style=social&label=Subscribe%20%40FreeLabz"></a> <a href="https://discord.gg/nyHjC2aTrq"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord"></a> </p> <p align="center"> <a href="#features">Features</a> • <a href="#supported-commands">Supported commands</a> • <a href="#install-secator">Installation</a> • <a href="#usage">Usage</a> • <a href="https://docs.freelabz.com">Documentation</a> • <a href="https://discord.gg/nyHjC2aTrq">Join us on Discord !</a> </p>

secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers.

Features

• Curated list of commands

• Unified input options

• Unified output schema

• CLI and library usage

• Distributed options with Celery

• Complexity from simple tasks to complex workflows

• Customizable

Supported tools

secator integrates the following tools:

<!-- START_TOOLS_TABLE -->

| Name | Description | Category | |-----------------------------------------------------------------|----------------------------------------------------------------------------------|-------------------| | arjun | HTTP Parameter Discovery Suite. | url/fuzz/params | | arp | Display the system ARP cache. | ip/recon | | arpscan | Scan a CIDR range for alive hosts using ARP. | ip/recon | | bbot | Multipurpose scanner. | vuln/scan | | bup | 40X bypasser. | url/bypass | | cariddi | Crawl endpoints, secrets, api keys, extensions, tokens... | url/crawl | | dalfox | Powerful open source XSS scanning tool. | url/fuzz | | dirsearch | Advanced web path brute-forcer. | url/fuzz | | dnsx | dnsx is a fast and multi-purpose DNS toolkit designed for running various retryabledns library. | dns/fuzz | | feroxbuster | Simple, fast, recursive content discovery tool written in Rust | url/fuzz | | ffuf | Fast web fuzzer written in Go. | url/fuzz | | fping | Send ICMP echo probes to network hosts, similar to ping, but much better. | ip/recon | | gau | Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, Common Crawl, and URLScan. | pattern/scan | | getasn | Get ASN information from IP address. | ip/probe | | gf | Wrapper around grep, to help you grep for things. | pattern/scan | | gitleaks | Tool for detecting secrets like passwords, API keys, and tokens in git repos, files, and stdin. | secret/scan | | gospider | Fast web spider written in Go. | url/crawl | | grype | Vulnerability scanner for container images and filesystems. | vuln/scan | | h8mail | Email information and password lookup tool. | user/recon/email | | httpx | Fast and multi-purpose HTTP toolkit. | url/probe | | jswhois | WHOIS in JSON format | domain/info | | katana | Next-generation crawling and spidering framework. | url/crawl | | maigret | Collect a dossier on a person by username. | user/recon/username | | mapcidr | Utility program to perform multiple operations for a given subnet/cidr ranges. | ip/recon | | msfconsole | CLI to access and work with the Metasploit Framework. | exploit/attack | | naabu | Port scanning tool written in Go. | port/scan | | nmap | Network Mapper is a free and open source utility for network discovery and security auditing. | port/scan | | nuclei | Fast and customisable vulnerability scanner based on simple YAML based DSL. | vuln/scan | | search_vulns | Search for known vulnerabilities in software by product name or CPE. | vuln/recon | | searchsploit | Exploit searcher based on ExploitDB. | exploit/recon | | sshaudit | SSH server & client security auditing (banner, key exchange, encryption, mac, compression, etc). | ssh/audit/security | | subfinder | Fast passive subdomain enumeration tool. | dns/recon | | testssl | SSL/TLS security scanner, including ciphers, protocols and cryptographic flaws. | dns/recon/tls | | trivy | Comprehensive and versatile security scanner. | vuln/scan | | trufflehog | Tool for finding secrets in git repositories and filesystems using TruffleHog. | secret/scan | | urlfinder