fix: download default wordlists if missing

freelabz · Apr 10, 2024 · 832f17d · 832f17d
1 parent 9bb0be5
commit 832f17d
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 15 deletions.
diff --git a/secator/definitions.py b/secator/definitions.py
@@ -99,8 +99,10 @@ def get_latest_version():
 DEFAULT_SKIP_CVE_SEARCH = bool(int(os.environ.get('DEFAULT_SKIP_CVE_SEARCH', 0)))
 
 # Default wordlists
-DEFAULT_HTTP_WORDLIST = os.environ.get('DEFAULT_HTTP_WORDLIST', f'{WORDLISTS_FOLDER}/Fuzzing/fuzz-Bo0oM.txt')
-DEFAULT_DNS_WORDLIST = os.environ.get('DEFAULT_DNS_WORDLIST', f'{WORDLISTS_FOLDER}/Discovery/DNS/combined_subdomains.txt')  # noqa:E501
+DEFAULT_HTTP_WORDLIST = os.environ.get('DEFAULT_HTTP_WORDLIST', f'{WORDLISTS_FOLDER}/fuzz-Bo0oM.txt')
+DEFAULT_HTTP_WORDLIST_URL = 'https://raw.githubusercontent.com/Bo0oM/fuzz.txt/master/fuzz.txt'
+DEFAULT_DNS_WORDLIST = os.environ.get('DEFAULT_DNS_WORDLIST', f'{WORDLISTS_FOLDER}/combined_subdomains.txt')
+DEFAULT_DNS_WORDLIST_URL = 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/combined_subdomains.txt'  # noqa: E501
 
 # Constants
 OPT_NOT_SUPPORTED = -1

diff --git a/secator/runners/_base.py b/secator/runners/_base.py
@@ -162,7 +162,7 @@ def __init__(self, config, targets, results=[], run_opts={}, hooks={}, context={
 			instance_func = getattr(self, key, None)
 			if instance_func:
 				name = f'{self.__class__.__name__}.{key}'
-				fun = f'{instance_func.__module__}.{instance_func.__name__}'
+				fun = self.get_func_path(instance_func)
 				debug('', obj={name + ' [dim yellow]->[/] ' + fun: 'registered'}, sub='hooks', level=3)
 				self.hooks[key].append(instance_func)
 
@@ -171,7 +171,7 @@ def __init__(self, config, targets, results=[], run_opts={}, hooks={}, context={
 			user_hooks.extend(hooks.get(key, []))
 			for hook in user_hooks:
 				name = f'{self.__class__.__name__}.{key}'
-				fun = f'{hook.__module__}.{hook.__name__}'
+				fun = self.get_func_path(hook)
 				debug('', obj={name + ' [dim yellow]->[/] ' + fun: 'registered (user)'}, sub='hooks', level=3)
 			self.hooks[key].extend(user_hooks)
 
@@ -871,3 +871,8 @@ def get_repr(self, item=None):
 		elif isinstance(item, OutputType):
 			item = repr(item)
 		return item
+
+	@classmethod
+	def get_func_path(cls, fun):
+		"""Print symbolic path of class method."""
+		return f'{fun.__module__}.{fun.__class__.__name__}.{fun.__name__}'
diff --git a/secator/tasks/_categories.py b/secator/tasks/_categories.py
@@ -6,17 +6,13 @@
 from bs4 import BeautifulSoup
 from cpe import CPE
 
-from secator.definitions import (CIDR_RANGE, CONFIDENCE, CVSS_SCORE,
-							   DEFAULT_HTTP_WORDLIST, DEFAULT_SKIP_CVE_SEARCH, DELAY, DEPTH, DESCRIPTION,
-							   FILTER_CODES, FILTER_REGEX, FILTER_SIZE,
-							   FILTER_WORDS, FOLLOW_REDIRECT, HEADER, HOST, ID,
-							   MATCH_CODES, MATCH_REGEX, MATCH_SIZE,
-							   MATCH_WORDS, METHOD, NAME, PATH, PROVIDER,
-							   PROXY, RATE_LIMIT, REFERENCES, RETRIES,
-							   SEVERITY, TAGS, DATA_FOLDER, THREADS, TIMEOUT,
-							   URL, USER_AGENT, USERNAME, WORDLIST)
-from secator.output_types import (Ip, Port, Subdomain, Tag, Url, UserAccount,
-								Vulnerability)
+from secator.definitions import (CIDR_RANGE, CONFIDENCE, CVSS_SCORE, DATA_FOLDER, DEFAULT_DNS_WORDLIST,
+								 DEFAULT_DNS_WORDLIST_URL, DEFAULT_HTTP_WORDLIST, DEFAULT_HTTP_WORDLIST_URL,
+								 DEFAULT_SKIP_CVE_SEARCH, DELAY, DEPTH, DESCRIPTION, FILTER_CODES, FILTER_REGEX,
+								 FILTER_SIZE, FILTER_WORDS, FOLLOW_REDIRECT, HEADER, HOST, ID, MATCH_CODES, MATCH_REGEX,
+								 MATCH_SIZE, MATCH_WORDS, METHOD, NAME, PATH, PROVIDER, PROXY, RATE_LIMIT, REFERENCES,
+								 RETRIES, SEVERITY, TAGS, THREADS, TIMEOUT, URL, USER_AGENT, USERNAME, WORDLIST)
+from secator.output_types import Ip, Port, Subdomain, Tag, Url, UserAccount, Vulnerability
 from secator.rich import console
 from secator.runners import Command
 
@@ -86,6 +82,11 @@ class HttpFuzzer(Command):
 	input_type = URL
 	output_types = [Url]
 
+	@staticmethod
+	def before_init(self):
+		if not os.path.exists(DEFAULT_HTTP_WORDLIST):
+			self.execute(f'wget -O {DEFAULT_HTTP_WORDLIST} {DEFAULT_HTTP_WORDLIST_URL}', quiet=True)
+
 
 #----------------#
 # Recon category #
@@ -100,6 +101,11 @@ class ReconDns(Recon):
 	input_type = HOST
 	output_types = [Subdomain]
 
+	@staticmethod
+	def before_init(self):
+		if not os.path.exists(DEFAULT_DNS_WORDLIST):
+			self.execute(f'wget -O {DEFAULT_DNS_WORDLIST} {DEFAULT_DNS_WORDLIST_URL}', quiet=True)  # noqa: E501
+
 
 class ReconUser(Recon):
 	input_type = USERNAME