Secator: Open-source pentesting Swiss army knife

Secator is an open-source task and workflow runner tailored for security assessments. It facilitates the use of numerous security tools and aims to enhance the efficiency of pen testers and security researchers.


Secator features

  • Curated list of commands
  • Unified input options
  • Unified output schema
  • CLI and library usage
  • Distributed options with Celery
  • Complexity from simple tasks to complex workflows
  • Customizable

Supported tools

  • httpx – Fast HTTP prober.
  • cariddi – Fast crawler and endpoint secrets / API keys/tokens matcher.
  • gau – Offline URL crawler.
  • gospider – Fast web spider written in Go.
  • katana – Next-generation crawling and spidering framework.
  • dirsearch – Web path discovery.
  • feroxbuster – Simple, fast, recursive content discovery tool written in Rust.
  • ffuf – Fast web fuzzer written in Go.
  • h8mail – Email OSINT and breach hunting tool.
  • dnsx – Multi-purpose DNS toolkit designed for running DNS queries.
  • dnsxbrute – DNS toolkit (bruteforce mode).
  • subfinder – Fast subdomain finder.
  • fping – Find alive hosts on local networks.
  • mapcidr – Expand CIDR ranges into IPs.
  • naabu – Fast port discovery tool.
  • maigret – Hunt for user accounts across many websites.
  • gf – A wrapper around grep to avoid typing common patterns.
  • grype – A vulnerability scanner for container images and filesystems.
  • dalfox – XSS scanning tool and parameter analyzer.
  • msfconsole – CLI to access and work with Metasploit.
  • wpscan – WordPress Security Scanner.
  • nmap – Vulnerability scanner using NSE scripts.
  • nuclei – Customizable vulnerability scanner.
  • searchsploit – Exploit searcher.

Secator does not install any of the external tools it supports by default. You can use a subcommand to install or update each supported tool, which should function on all systems that support apt.


Secator is available for free on GitHub.

Must read:


Don't miss