{"id":13455918,"url":"https://github.com/freelabz/secator","last_synced_at":"2026-06-06T15:01:00.713Z","repository":{"id":211080226,"uuid":"606381231","full_name":"freelabz/secator","owner":"freelabz","description":"secator - the pentester's swiss knife","archived":false,"fork":false,"pushed_at":"2026-06-02T07:38:00.000Z","size":60276,"stargazers_count":1292,"open_issues_count":233,"forks_count":131,"subscribers_count":13,"default_branch":"main","last_synced_at":"2026-06-02T09:11:28.970Z","etag":null,"topics":["automation","cybersecurity","hacking","osint","pentesting","reconnaissance","secator","security","security-audit","security-tools","vulnerability","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"https://docs.freelabz.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/freelabz.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-02-25T10:14:26.000Z","updated_at":"2026-06-02T07:38:05.000Z","dependencies_parsed_at":"2024-11-06T19:19:40.412Z","dependency_job_id":"2b8cc6f0-62f2-4bf5-9458-e76a93c9791b","html_url":"https://github.com/freelabz/secator","commit_stats":null,"previous_names":["freelabz/secator"],"tags_count":87,"template":false,"template_full_name":null,"purl":"pkg:github/freelabz/secator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freelabz%2Fsecator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freelabz%2Fsecator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freelabz%2Fsecator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freelabz%2Fsecator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/freelabz","download_url":"https://codeload.github.com/freelabz/secator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freelabz%2Fsecator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33986901,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-06T02:00:07.033Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","cybersecurity","hacking","osint","pentesting","reconnaissance","secator","security","security-audit","security-tools","vulnerability","vulnerability-scanners"],"created_at":"2024-07-31T08:01:13.472Z","updated_at":"2026-06-06T15:01:00.706Z","avatar_url":"https://github.com/freelabz.png","language":"Python","funding_links":[],"categories":["Python","automation"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\n \u003cimg src=\"https://github.com/freelabz/secator/assets/9629314/ee203af4-e853-439a-af01-edeabfc4bf07/\" width=\"400\"\u003e\n\u003c/h1\u003e\n\n\u003ch4 align=\"center\"\u003eThe pentester's swiss knife.\u003c/h4\u003e\n\n\u003cp align=\"center\"\u003e\n\u003c!-- \u003ca href=\"https://goreportcard.com/report/github.com/freelabz/secator\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/freelabz/secator\"\u003e\u003c/a\u003e --\u003e\n\u003cimg src=\"https://img.shields.io/badge/python-3.6-blue.svg\"\u003e\n\u003ca href=\"https://github.com/freelabz/secator/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/release/freelabz/secator\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/freelabz/secator/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-BSL%201.1-brightgreen.svg\"\u003e\u003c/a\u003e\n\u003ca href=\"https://pypi.org/project/secator/\"\u003e\u003cimg src=\"https://img.shields.io/pypi/dm/secator\"\u003e\u003c/a\u003e\n\u003ca href=\"https://twitter.com/freelabz\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/freelabz.svg?logo=twitter\"\u003e\u003c/a\u003e\n\u003ca href=\"https://youtube.com/@FreeLabz\"\u003e\u003cimg src=\"https://img.shields.io/youtube/channel/subscribers/UCu-F6SpU0h2NP18zBBP04cw?style=social\u0026label=Subscribe%20%40FreeLabz\"\u003e\u003c/a\u003e\n\u003ca href=\"https://discord.gg/nyHjC2aTrq\"\u003e\u003cimg src=\"https://img.shields.io/discord/695645237418131507.svg?logo=discord\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"#features\"\u003eFeatures\u003c/a\u003e •\n \u003ca href=\"#supported-commands\"\u003eSupported commands\u003c/a\u003e •\n \u003ca href=\"#install-secator\"\u003eInstallation\u003c/a\u003e •\n \u003ca href=\"#usage\"\u003eUsage\u003c/a\u003e •\n \u003ca href=\"https://docs.freelabz.com\"\u003eDocumentation\u003c/a\u003e •\n \u003ca href=\"https://discord.gg/nyHjC2aTrq\"\u003eJoin us on Discord !\u003c/a\u003e\n\u003c/p\u003e\n\n`secator` is a task and workflow runner used for security assessments. It supports dozens of well-known security tools\nand it is designed to improve productivity for pentesters and security researchers.\n\n# Features\n\n![](images/demo.gif)\n\n* **Curated list of commands**\n\n* **Unified input options**\n\n* **Unified output schema**\n\n* **CLI and library usage**\n\n* **Distributed options with Celery**\n\n* **Complexity from simple tasks to complex workflows**\n\n* **Customizable**\n\n\n## Supported tools\n\n`secator` integrates the following tools:\n\n\u003c!-- START_TOOLS_TABLE --\u003e\n| Name | Description | Category |\n|-----------------------------------------------------------------|----------------------------------------------------------------------------------|-------------------|\n| [arjun](https://github.com/s0md3v/Arjun) | HTTP Parameter Discovery Suite. | `url/fuzz/params` |\n| arp | Display the system ARP cache. | `ip/recon` |\n| [arpscan](https://github.com/royhills/arp-scan) | Scan a CIDR range for alive hosts using ARP. | `ip/recon` |\n| [bbot](https://github.com/blacklanternsecurity/bbot) | Multipurpose scanner. | `vuln/scan` |\n| [bup](https://github.com/laluka/bypass-url-parser) | 40X bypasser. | `url/bypass` |\n| [cariddi](https://github.com/edoardottt/cariddi) | Crawl endpoints, secrets, api keys, extensions, tokens... | `url/crawl` |\n| [dalfox](https://github.com/hahwul/dalfox) | Powerful open source XSS scanning tool. | `url/fuzz` |\n| [dirsearch](https://github.com/maurosoria/dirsearch) | Advanced web path brute-forcer. | `url/fuzz` |\n| [dnsx](https://github.com/projectdiscovery/dnsx) | dnsx is a fast and multi-purpose DNS toolkit designed for running various retryabledns library. | `dns/fuzz` |\n| [feroxbuster](https://github.com/epi052/feroxbuster) | Simple, fast, recursive content discovery tool written in Rust | `url/fuzz` |\n| [ffuf](https://github.com/ffuf/ffuf) | Fast web fuzzer written in Go. | `url/fuzz` |\n| [fping](https://github.com/schweikert/fping) | Send ICMP echo probes to network hosts, similar to ping, but much better. | `ip/recon` |\n| [gau](https://github.com/lc/gau) | Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, Common Crawl, and URLScan. | `pattern/scan` |\n| [getasn](https://github.com/Vulnpire/getasn) | Get ASN information from IP address. | `ip/probe` |\n| [gf](https://github.com/tomnomnom/gf) | Wrapper around grep, to help you grep for things. | `pattern/scan` |\n| [gitleaks](https://github.com/gitleaks/gitleaks) | Tool for detecting secrets like passwords, API keys, and tokens in git repos, files, and stdin. | `secret/scan` |\n| [gospider](https://github.com/jaeles-project/gospider) | Fast web spider written in Go. | `url/crawl` |\n| [grype](https://github.com/anchore/grype) | Vulnerability scanner for container images and filesystems. | `vuln/scan` |\n| [h8mail](https://github.com/khast3x/h8mail) | Email information and password lookup tool. | `user/recon/email` |\n| [httpx](https://github.com/projectdiscovery/httpx) | Fast and multi-purpose HTTP toolkit. | `url/probe` |\n| [jswhois](https://github.com/jschauma/jswhois) | WHOIS in JSON format | `domain/info` |\n| [katana](https://github.com/projectdiscovery/katana) | Next-generation crawling and spidering framework. | `url/crawl` |\n| [maigret](https://github.com/soxoj/maigret) | Collect a dossier on a person by username. | `user/recon/username` |\n| [mapcidr](https://github.com/projectdiscovery/mapcidr) | Utility program to perform multiple operations for a given subnet/cidr ranges. | `ip/recon` |\n| [msfconsole](https://docs.rapid7.com/metasploit/msf-overview/) | CLI to access and work with the Metasploit Framework. | `exploit/attack` |\n| [naabu](https://github.com/projectdiscovery/naabu) | Port scanning tool written in Go. | `port/scan` |\n| [nmap](https://github.com/nmap/nmap) | Network Mapper is a free and open source utility for network discovery and security auditing. | `port/scan` |\n| [nuclei](https://github.com/projectdiscovery/nuclei) | Fast and customisable vulnerability scanner based on simple YAML based DSL. | `vuln/scan` |\n| [search_vulns](https://github.com/ra1nb0rn/search_vulns) | Search for known vulnerabilities in software by product name or CPE. | `vuln/recon` |\n| [searchsploit](https://gitlab.com/exploit-database/exploitdb) | Exploit searcher based on ExploitDB. | `exploit/recon` |\n| [sshaudit](https://github.com/jtesta/ssh-audit) | SSH server \u0026 client security auditing (banner, key exchange, encryption, mac, compression, etc). | `ssh/audit/security` |\n| [subfinder](https://github.com/projectdiscovery/subfinder) | Fast passive subdomain enumeration tool. | `dns/recon` |\n| [testssl](https://github.com/testssl/testssl.sh) | SSL/TLS security scanner, including ciphers, protocols and cryptographic flaws. | `dns/recon/tls` |\n| [trivy](https://github.com/aquasecurity/trivy) | Comprehensive and versatile security scanner. | `vuln/scan` |\n| [trufflehog](https://github.com/trufflesecurity/trufflehog) | Tool for finding secrets in git repositories and filesystems using TruffleHog. | `secret/scan` |\n| [urlfinder](https://github.com/projectdiscovery/urlfinder) | Find URLs in text. | `pattern/scan` |\n| [wafw00f](https://github.com/EnableSecurity/wafw00f) | Web Application Firewall Fingerprinting tool. | `waf/scan` |\n| [whois](https://github.com/mboot-github/WhoisDomain) | The whois tool retrieves registration information about domain names and IP addresses. | |\n| [wpprobe](https://github.com/Chocapikk/wpprobe) | Fast wordpress plugin enumeration tool. | `vuln/scan/wordpress` |\n| [wpscan](https://github.com/wpscanteam/wpscan) | Wordpress security scanner. | `vuln/scan/wordpress` |\n| [x8](https://github.com/Sh1Yo/x8) | Hidden parameters discovery suite written in Rust. | `url/fuzz/params` |\n| [xurlfind3r](https://github.com/hueristiq/xurlfind3r) | Discover URLs for a given domain in a simple, passive and efficient way | `url/recon` |\n\u003c!-- END_TOOLS_TABLE --\u003e\n\nFeel free to request new tools to be added by opening an issue, but please \ncheck that the tool complies with our selection criterias before doing so. If it doesn't but you still want to integrate it into `secator`, you can plug it in (see the [dev guide](https://docs.freelabz.com/for-developers/writing-custom-tasks)).\n\n## Installing secator\n\n\u003cdetails\u003e\n \u003csummary\u003eBash\u003c/summary\u003e\n\n```sh\nbash -c \"$(curl -fsSL https://raw.githubusercontent.com/freelabz/secator/main/scripts/install_universal.sh)\"\n```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003ePipx\u003c/summary\u003e\n\n```sh\npipx install secator\n```\n***Note:** Make sure to have [pipx](https://pipx.pypa.io/stable/installation/) installed.*\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003ePip\u003c/summary\u003e\n\n```sh\npip install secator\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eDocker\u003c/summary\u003e\n\n```sh\ndocker run -it --rm --net=host -v ~/.secator:/root/.secator freelabz/secator --help\n```\n\nThe volume mount -v is necessary to save all secator reports to your host machine, and--net=host is recommended to grant full access to the host network.\n\nYou can alias this command to run it easier:\n```sh\nalias secator=\"docker run -it --rm --net=host -v ~/.secator:/root/.secator freelabz/secator\"\n```\n\nNow you can run secator like if it was installed on baremetal:\n```\nsecator --help\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eDocker Compose\u003c/summary\u003e\n\n```sh\ngit clone https://github.com/freelabz/secator\ncd secator\ndocker-compose up -d\ndocker-compose exec secator-client secator --help\n```\n\n\u003c/details\u003e\n\n***Note:*** If you chose the Docker or Docker Compose installation methods, you can skip the next sections and go straight to [Usage](#usage).\n\n\n## Usage\n```sh\nsecator --help\n```\n![](images/help.png)\n\n\n### Usage examples\n\nTo get a complete cheatsheet of what you can do with `secator`, please read the output of:\n```sh\nsecator cheatsheet\n```\n\nRun a fuzzing task (`ffuf`):\n\n```sh\nsecator x ffuf http://testphp.vulnweb.com/FUZZ\n```\n\nRun a url crawl workflow:\n\n```sh\nsecator w url_crawl http://testphp.vulnweb.com\n```\n\nRun a host scan:\n\n```sh\nsecator s host mydomain.com\n```\n\nTo list all tasks / workflows / scans that you can use:\n```sh\nsecator x --help\nsecator w --help\nsecator s --help\n```\n\nTo figure out which languages or tools are installed on your system (along with their version):\n```sh\nsecator health\n```\n\n### Shell completion\n\n`secator` supports shell completion for bash, zsh, and fish. This provides auto-completion for:\n- Task names (e.g., `nmap`, `httpx`, `nuclei`)\n- Workflow names (e.g., `url_crawl`, `subdomain_recon`)\n- Scan names (e.g., `host`, `domain`, `network`)\n- CLI options like `--profiles`, `--workspace`, `--driver`, `--output`\n\nTo install shell completion:\n\n**Bash:**\n```sh\nsecator util completion --shell bash --install\nsource ~/.bashrc\n```\n\n**Zsh:**\n```sh\nsecator util completion --shell zsh --install\nsource ~/.zshrc\n```\n\n**Fish:**\n```sh\nsecator util completion --shell fish --install\n```\n\nAfter installation, you can use tab completion:\n```sh\nsecator task n\u003cTAB\u003e # completes to nmap, naabu, nuclei, etc.\nsecator w url_\u003cTAB\u003e # completes to url_crawl, url_fuzz, url_dirsearch, etc.\nsecator x nmap --profiles ag\u003cTAB\u003e # completes to aggressive\n```\n\n## Installing tools\n\n`secator` auto-installs tools when you first use them.\nYou can prevent this behavior by setting `security.autoinstall_commands` to `false` using either `secator config set security.autoinstall_commands false` or `SECATOR_SECURITY_AUTOINSTALL_COMMANDS=0`.\n\nTo install all tools, you can still run:\n```sh\nsecator install tools\n```\n\n## Installing addons\nAddons are available for `secator`, please check [our docs](https://docs.freelabz.com/getting-started/installation#installing-addons-optional) for details.\n\nFor instance, using the `mongodb` addon allows you to send runner results to MongoDB.\n\n## Learn more\n\nTo go deeper with `secator`, check out:\n* Our complete [documentation](https://docs.freelabz.com)\n* Our getting started [tutorial video](https://youtu.be/-JmUTNWQDTQ?si=qpAClDWMXo2zwUK7)\n* Our [Medium post](https://medium.com/p/09333f3d3682)\n* Follow us on social media: [@freelabz](https://twitter.com/freelabz) on Twitter and [@FreeLabz](https://youtube.com/@FreeLabz) on YouTube\n\n## Stats\n\n\u003ca href=\"https://star-history.com/#freelabz/secator\u0026Date\"\u003e\n \u003cpicture\u003e\n \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://api.star-history.com/svg?repos=freelabz/secator\u0026type=Date\u0026theme=dark\" /\u003e\n \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://api.star-history.com/svg?repos=freelabz/secator\u0026type=Date\" /\u003e\n \u003cimg alt=\"Star History Chart\" src=\"https://api.star-history.com/svg?repos=freelabz/secator\u0026type=Date\" /\u003e\n \u003c/picture\u003e\n\u003c/a\u003e\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffreelabz%2Fsecator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffreelabz%2Fsecator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffreelabz%2Fsecator/lists"}