FOCUS MODE
EXTRACT IOC
MINDMAP
Cyber Security News

[Cyware] Secator: Open-source pentesting Swiss army knife – Help Net Security

Cyware

Summary: This content discusses Secator, an open-source task and workflow runner designed for security assessments, which aims to improve the efficiency of pen testers and security researchers by facilitating the use of various security tools.

Threat Actor: N/A
Victim: N/A

Key Point :

  • Secator is an open-source task and workflow runner tailored for security assessments.
  • It provides a curated list of commands, unified input options, and a unified output schema.
  • Secator can be used through CLI or library usage, and it supports distributed options with Celery.
  • The tool offers complexity ranging from simple tasks to complex workflows, and it is highly customizable.
  • Secator supports various security tools such as httpx, cariddi, gau, gospider, katana, dirsearch, feroxbuster, ffuf, h8mail, dnsx, dnsxbrute, and subfinder.

Secator is an open-source task and workflow runner tailored for security assessments. It facilitates the use of numerous security tools and aims to enhance the efficiency of pen testers and security researchers.

Secator

Secator features

  • Curated list of commands
  • Unified input options
  • Unified output schema
  • CLI and library usage
  • Distributed options with Celery
  • Complexity from simple tasks to complex workflows
  • Customizable

Supported tools

  • httpx – Fast HTTP prober.
  • cariddi – Fast crawler and endpoint secrets / API keys/tokens matcher.
  • gau – Offline URL crawler.
  • gospider – Fast web spider written in Go.
  • katana – Next-generation crawling and spidering framework.
  • dirsearch – Web path discovery.
  • feroxbuster – Simple, fast, recursive content discovery tool written in Rust.
  • ffuf – Fast web fuzzer written in Go.
  • h8mail – Email OSINT and breach hunting tool.
  • dnsx – Multi-purpose DNS toolkit designed for running DNS queries.
  • dnsxbrute – DNS toolkit (bruteforce mode).
  • subfinder – Fast subdomain finder.
  • fping – Find alive hosts on local networks.
  • mapcidr – Expand CIDR ranges into IPs.
  • naabu – Fast port discovery tool.
  • maigret – Hunt for user accounts across many websites.
  • gf – A wrapper around grep to avoid typing common patterns.
  • grype – A vulnerability scanner for container images and filesystems.
  • dalfox – XSS scanning tool and parameter analyzer.
  • msfconsole – CLI to access and work with Metasploit.
  • wpscan – WordPress Security Scanner.
  • nmap – Vulnerability scanner using NSE scripts.
  • nuclei – Customizable vulnerability scanner.
  • searchsploit – Exploit searcher.

Secator does not install any of the external tools it supports by default. You can use a subcommand to install or update each supported tool, which should function on all systems that support apt.

Download

Secator is available for free on GitHub.

Must read:


Source: https://www.helpnetsecurity.com/2024/07/03/secator-open-source-pentesting-swiss-army-knife

“An interesting youtube video that may be related to the article above”

Views: 0

Tags: XSS, DISCOVERY, TOOL, HUNTING, EMAIL, EXPLOIT, VULNERABILITY, HUNT
en en