freelabz · ocervell · May 25, 2025 · May 25, 2025
diff --git a/secator/output_types/error.py b/secator/output_types/error.py
@@ -22,7 +22,7 @@ class Error(OutputType):
 
 	def from_exception(e, **kwargs):
 		errtype = type(e).__name__
-		message = errtype
+		message = kwargs.pop('message', errtype)
 		if str(e):
 			message += f': {str(e)}'
 		traceback = traceback_as_string(e) if errtype not in ['KeyboardInterrupt', 'GreenletExit'] else ''

diff --git a/secator/tasks/grype.py b/secator/tasks/grype.py
@@ -15,7 +15,8 @@ class grype(VulnCode):
 	output_types = [Vulnerability]
 	tags = ['vuln', 'scan']
 	input_flag = ''
-	file_flag = OPT_NOT_SUPPORTED
+	input_chunk_size = 1
+	file_flag = None
 	json_flag = None
 	opt_prefix = '--'
 	opt_key_map = {

diff --git a/secator/tasks/nmap.py b/secator/tasks/nmap.py
@@ -27,7 +27,6 @@ class nmap(VulnMulti):
 	input_types = [HOST, IP]
 	output_types = [Port, Vulnerability, Exploit]
 	tags = ['port', 'scan']
-	input_flag = None
 	input_chunk_size = 1
 	file_flag = '-iL'
 	opt_prefix = '--'

diff --git a/secator/tasks/searchsploit.py b/secator/tasks/searchsploit.py
@@ -19,7 +19,7 @@ class searchsploit(Command):
 	input_types = [STRING]
 	output_types = [Exploit]
 	tags = ['exploit', 'recon']
-	input_flag = None
+	input_chunk_size = 1
 	json_flag = '--json'
 	version_flag = OPT_NOT_SUPPORTED
 	opts = {
@@ -51,7 +51,6 @@ class searchsploit(Command):
 	proxychains = False
 	proxy_socks5 = False
 	proxy_http = False
-	input_chunk_size = 1
 	profile = 'io'
 
 	@staticmethod

diff --git a/secator/tasks/trivy.py b/secator/tasks/trivy.py
@@ -17,7 +17,7 @@ class trivy(Vuln):
 	input_types = [PATH, URL, STRING]
 	output_types = [Tag, Vulnerability]
 	tags = ['vuln', 'scan']
-	input_flag = None
+	input_chunk_size = 1
 	json_flag = '-f json'
 	version_flag = '--version'
 	opts = {

diff --git a/secator/tasks/wpprobe.py b/secator/tasks/wpprobe.py
@@ -1,96 +1,103 @@
+import os
+import re
 import click
 import yaml
 
 from secator.decorators import task
 from secator.runners import Command
 from secator.definitions import OUTPUT_PATH, THREADS, URL
-from secator.output_types import Vulnerability, Tag, Info, Warning
+from secator.output_types import Vulnerability, Tag, Info, Warning, Error
 from secator.tasks._categories import OPTS
 
 
 @task()
 class wpprobe(Command):
-    """Fast wordpress plugin enumeration tool."""
-    cmd = 'wpprobe'
-    input_types = [URL]
-    output_types = [Vulnerability, Tag]
-    tags = ['vuln', 'scan', 'wordpress']
-    file_flag = '-f'
-    input_flag = '-u'
-    opt_prefix = '-'
-    opts = {
-        'mode': {'type': click.Choice(['scan', 'update', 'update-db']), 'default': 'scan', 'help': 'WPProbe mode', 'required': True, 'internal': True},  # noqa: E501
-        'output_path': {'type': str, 'default': None, 'help': 'Output JSON file path', 'internal': True, 'display': False},  # noqa: E501
-    }
-    meta_opts = {
-        THREADS: OPTS[THREADS]
-    }
-    opt_key_map = {
-        THREADS: 't'
-    }
-    install_version = 'v0.5.6'
-    install_cmd = 'go install github.com/Chocapikk/wpprobe@[install_version]'
-    install_github_handle = 'Chocapikk/wpprobe'
-    install_post = {
-        '*': 'wpprobe update && wpprobe update-db'
-    }
+	"""Fast wordpress plugin enumeration tool."""
+	cmd = 'wpprobe'
+	input_types = [URL]
+	output_types = [Vulnerability, Tag]
+	tags = ['vuln', 'scan', 'wordpress']
+	file_flag = '-f'
+	input_flag = '-u'
+	opt_prefix = '-'
+	opts = {
+		'mode': {'type': click.Choice(['scan', 'update', 'update-db']), 'default': 'scan', 'help': 'WPProbe mode', 'required': True, 'internal': True},  # noqa: E501
+		'output_path': {'type': str, 'default': None, 'help': 'Output JSON file path', 'internal': True, 'display': False},  # noqa: E501
+	}
+	meta_opts = {
+		THREADS: OPTS[THREADS]
+	}
+	opt_key_map = {
+		THREADS: 't'
+	}
+	install_version = 'v0.5.6'
+	install_cmd = 'go install github.com/Chocapikk/wpprobe@[install_version]'
+	install_github_handle = 'Chocapikk/wpprobe'
+	install_post = {
+		'*': 'wpprobe update && wpprobe update-db'
+	}
 
-    @staticmethod
-    def on_cmd(self):
-        mode = self.get_opt_value('mode')
-        if mode == 'update' or mode == 'update-db':
-            self.cmd = f'{wpprobe.cmd} {mode}'
-            return
-        self.cmd = self.cmd.replace(wpprobe.cmd, f'{wpprobe.cmd} {mode}')
-        output_path = self.get_opt_value(OUTPUT_PATH)
-        if not output_path:
-            output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
-        self.output_path = output_path
-        self.cmd += f' -o {self.output_path}'
+	@staticmethod
+	def on_cmd(self):
+		mode = self.get_opt_value('mode')
+		if mode == 'update' or mode == 'update-db':
+			self.cmd = f'{wpprobe.cmd} {mode}'
+			return
+		self.cmd = re.sub(wpprobe.cmd, f'{wpprobe.cmd} {mode}', self.cmd, 1)
+		output_path = self.get_opt_value(OUTPUT_PATH)
+		if not output_path:
+			output_path = f'{self.reports_folder}/.outputs/{self.unique_name}.json'
+		self.output_path = output_path
+		self.cmd += f' -o {self.output_path}'
 
-    @staticmethod
-    def on_cmd_done(self):
-        if not self.get_opt_value('mode') == 'scan':
-            return
-        yield Info(message=f'JSON results saved to {self.output_path}')
-        with open(self.output_path, 'r') as f:
-            results = yaml.safe_load(f.read())
-            if not results or 'url' not in results:
-                yield Warning(message='No results found !')
-                return
-            url = results['url']
-            for plugin_name, plugin_data in results['plugins'].items():
-                for plugin_data_version in plugin_data:
-                    plugin_version = plugin_data_version['version']
-                    yield Tag(
-                        name=f'Wordpress plugin - {plugin_name} {plugin_version}',
-                        match=url,
-                        extra_data={
-                            'name': plugin_name,
-                            'version': plugin_version
-                        }
-                    )
-                    severities = plugin_data_version.get('severities', {})
-                    for severity, severity_data in severities.items():
-                        if severity == 'None':
-                            severity = 'unknown'
-                        for item in severity_data:
-                            for vuln in item['vulnerabilities']:
-                                auth_type = item.get('auth_type')
-                                extra_data = {
-                                    'plugin_name': plugin_name,
-                                    'plugin_version': plugin_version,
-                                }
-                                if auth_type:
-                                    extra_data['auth_type'] = auth_type
-                                yield Vulnerability(
-                                    name=vuln['title'],
-                                    id=vuln['cve'],
-                                    severity=severity,
-                                    cvss_score=vuln['cvss_score'],
-                                    tags=[plugin_name],
-                                    reference=vuln['cve_link'],
-                                    extra_data=extra_data,
-                                    matched_at=url,
-                                    confidence='high'
-                                )
+	@staticmethod
+	def on_cmd_done(self):
+		if not self.get_opt_value('mode') == 'scan':
+			return
+
+		if not os.path.exists(self.output_path):
+			yield Error(message=f'Could not find JSON results in {self.output_path}')
+			return
+
+		yield Info(message=f'JSON results saved to {self.output_path}')
+		with open(self.output_path, 'r') as f:
+			results = yaml.safe_load(f.read())
+			if not results or 'url' not in results:
+				yield Warning(message='No results found !')
+				return
+			url = results['url']
+			for plugin_name, plugin_data in results['plugins'].items():
+				for plugin_data_version in plugin_data:
+					plugin_version = plugin_data_version['version']
+					yield Tag(
+						name=f'Wordpress plugin - {plugin_name} {plugin_version}',
+						match=url,
+						extra_data={
+							'name': plugin_name,
+							'version': plugin_version
+						}
+					)
+					severities = plugin_data_version.get('severities', {})
+					for severity, severity_data in severities.items():
+						if severity == 'None':
+							severity = 'unknown'
+						for item in severity_data:
+							for vuln in item['vulnerabilities']:
+								auth_type = item.get('auth_type')
+								extra_data = {
+									'plugin_name': plugin_name,
+									'plugin_version': plugin_version,
+								}
+								if auth_type:
+									extra_data['auth_type'] = auth_type
+								yield Vulnerability(
+									name=vuln['title'],
+									id=vuln['cve'],
+									severity=severity,
+									cvss_score=vuln['cvss_score'],
+									tags=[plugin_name],
+									reference=vuln['cve_link'],
+									extra_data=extra_data,
+									matched_at=url,
+									confidence='high'
+								)
diff --git a/secator/tasks/wpscan.py b/secator/tasks/wpscan.py
@@ -20,8 +20,8 @@ class wpscan(VulnHttp):
 	input_types = [URL]
 	output_types = [Vulnerability, Tag]
 	tags = ['vuln', 'scan', 'wordpress']
-	file_flag = None
 	input_flag = '--url'
+	input_chunk_size = 1
 	json_flag = '-f json'
 	opt_prefix = '--'
 	opts = {