exploitgraph 1.0.0__tar.gz

exploitgraph-1.0.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Prajwal Pawar
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

exploitgraph-1.0.0/PKG-INFO

@@ -0,0 +1,429 @@
+Metadata-Version: 2.4
+Name: exploitgraph
+Version: 1.0.0
+Summary: Automated attack path discovery and exploitation framework for cloud-native applications
+Author-email: Prajwal Pawar <prajwal@exploitgraph.io>
+License: MIT
+Project-URL: Homepage, https://github.com/prajwalpawar/ExploitGraph
+Project-URL: Repository, https://github.com/prajwalpawar/ExploitGraph
+Project-URL: Bug Tracker, https://github.com/prajwalpawar/ExploitGraph/issues
+Project-URL: Documentation, https://github.com/prajwalpawar/ExploitGraph/wiki
+Keywords: security,pentesting,cloud,aws,attack-path,exploitation
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Information Technology
+Classifier: Topic :: Security
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Environment :: Console
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Operating System :: MacOS
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: requests>=2.31.0
+Requires-Dist: colorama>=0.4.6
+Requires-Dist: networkx>=3.2.0
+Requires-Dist: jinja2>=3.1.2
+Requires-Dist: PyJWT>=2.8.0
+Requires-Dist: python-dotenv>=1.0.0
+Requires-Dist: tabulate>=0.9.0
+Requires-Dist: pyyaml>=6.0
+Provides-Extra: aws
+Requires-Dist: boto3>=1.34.0; extra == "aws"
+Requires-Dist: botocore>=1.34.0; extra == "aws"
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == "dev"
+Requires-Dist: black>=23.0; extra == "dev"
+Requires-Dist: flake8>=6.0; extra == "dev"
+Requires-Dist: mypy>=1.0; extra == "dev"
+Provides-Extra: all
+Requires-Dist: exploitgraph[aws,dev]; extra == "all"
+Dynamic: license-file
+
+# ExploitGraph
+
+<div align="center">
+
+```
+███████╗██╗  ██╗██████╗ ██╗      ██████╗ ██╗████████╗ ██████╗ ██████╗  █████╗ ██████╗ ██╗  ██╗
+██╔════╝╚██╗██╔╝██╔══██╗██║     ██╔═══██╗██║╚══██╔══╝██╔════╝ ██╔══██╗██╔══██╗██╔══██╗██║  ██║
+█████╗   ╚███╔╝ ██████╔╝██║     ██║   ██║██║   ██║   ██║  ███╗██████╔╝███████║██████╔╝███████║
+██╔══╝   ██╔██╗ ██╔═══╝ ██║     ██║   ██║██║   ██║   ██║   ██║██╔══██╗██╔══██║██╔═══╝ ██╔══██║
+███████╗██╔╝ ██╗██║     ███████╗╚██████╔╝██║   ██║   ╚██████╔╝██║  ██║██║  ██║██║     ██║  ██║
+╚══════╝╚═╝  ╚═╝╚═╝     ╚══════╝ ╚═════╝ ╚═╝   ╚═╝    ╚═════╝ ╚═╝  ╚═╝╚═╝  ╚═╝╚═╝     ╚═╝  ╚═╝
+```
+
+**Automated Attack Path Discovery & Exploitation Framework**
+
+[![Python](https://img.shields.io/badge/Python-3.9%2B-blue?logo=python)](https://python.org)
+[![License](https://img.shields.io/badge/License-MIT-green)](LICENSE)
+[![Platform](https://img.shields.io/badge/Platform-Linux%20%7C%20macOS-lightgrey)](https://github.com/prajwalpawar/ExploitGraph)
+[![Modules](https://img.shields.io/badge/Modules-8%2B-red)](modules/)
+[![AWS](https://img.shields.io/badge/AWS-Cloud%20Security-orange?logo=amazon-aws)](modules/cloud/)
+
+</div>
+
+---
+
+## What is ExploitGraph?
+
+ExploitGraph is a **modular, open-source attack path discovery framework** that automatically chains cloud misconfigurations, exposed secrets, and application vulnerabilities into a complete kill chain — starting from **zero prior knowledge**.
+
+Unlike tools that require credentials first (Pacu) or only audit configurations (Prowler/ScoutSuite), ExploitGraph **starts from nothing** and discovers everything it needs:
+
+```
+Cloud Misconfiguration → Data Exposure → Secret Leakage → API Abuse → Full Compromise
+```
+
+Every step is visualized as an interactive attack graph with MITRE ATT&CK mappings and AWS remediation commands.
+
+### How it differs from existing tools
+
+| Tool | Starting Point | Output | Attack Chain |
+|------|---------------|--------|--------------|
+| **Pacu** | Needs IAM credentials | Module results | No chaining |
+| **Prowler** | Needs AWS credentials | Audit findings | No chaining |
+| **ScoutSuite** | Needs AWS credentials | Config report | No chaining |
+| **TruffleHog** | Git repo / S3 bucket | Secret list | No chaining |
+| **ExploitGraph** | **Just a URL** | **Full kill chain + visual graph** | **Automated** |
+
+---
+
+## Features
+
+- **msfconsole-style interactive shell** with tab completion
+- **8+ modular attack modules** across discovery, cloud, secrets, exploitation, reporting
+- **Generic — works against any target** (not limited to fintech or specific apps)
+- **Wordlist-driven discovery** — no hardcoded paths
+- **20+ secret patterns** including AWS keys, JWT secrets, Stripe keys, GitHub tokens
+- **Optional boto3 AWS integration** — real S3 ACL checks, IAM enumeration, MFA detection
+- **JWT attack engine** — none-algorithm bypass, weak secret bruteforce
+- **Interactive D3.js attack graph** in HTML report
+- **CVSS scoring** per finding + session risk score (0-10)
+- **MITRE ATT&CK for Cloud** mapping
+- **Multi-session SQLite persistence** — resume scans across sessions
+- **Offensive and defensive modes**
+- **pip-installable** Python package
+
+---
+
+## Installation
+
+### Quick Start
+```bash
+git clone https://github.com/prajwalpawar/ExploitGraph.git
+cd ExploitGraph
+pip install -r requirements.txt
+python3 exploitgraph.py
+```
+
+### With AWS Support
+```bash
+pip install -r requirements.txt
+pip install boto3 botocore
+```
+
+### Requirements
+- Python 3.9+
+- Linux / macOS (Kali Linux recommended)
+- No AWS credentials required for HTTP-mode scanning
+
+---
+
+## Usage
+
+### Interactive Console
+```bash
+python3 exploitgraph.py
+```
+
+```
+exploitgraph> workspace new pentest http://target.com
+exploitgraph> run auto
+```
+
+### CLI Mode
+```bash
+# Full automated attack chain
+python3 exploitgraph.py -t http://target.com --auto
+
+# Single module
+python3 exploitgraph.py -t http://target.com -m cloud/s3_enum
+
+# Defensive audit mode (no exploitation)
+python3 exploitgraph.py -t http://target.com --mode defensive --auto
+
+# List all modules
+python3 exploitgraph.py --list-modules
+```
+
+### Console Commands
+```
+SESSION
+  workspace new <name> <url>    Create workspace
+  set TARGET http://target.com  Set target
+  set MODE offensive|defensive  Set mode
+
+MODULES
+  show modules                  List all modules by category
+  use discovery/http_enum       Select a module
+  options                       Show module options
+  set OPTION value              Configure option
+  run                           Execute module
+  run auto                      Full attack chain
+  back                          Deselect module
+
+INFORMATION
+  show findings                 Security findings
+  show secrets                  Extracted credentials
+  show attack-path              ASCII kill chain
+  show summary                  Risk score + stats
+  info <module>                 Module details
+  search <keyword>              Search modules
+
+OUTPUT
+  export html                   HTML report with D3.js graph
+  export json                   JSON for SIEM integration
+  export all                    All formats
+
+SESSION MANAGEMENT
+  sessions                      List sessions
+  sessions -i <id>              Switch session
+  sessions -k <id>              Kill session
+```
+
+---
+
+## Modules
+
+### Discovery
+| Module | Description | MITRE |
+|--------|-------------|-------|
+| `discovery/http_enum` | Wordlist-driven endpoint enumeration + tech fingerprinting | T1595.003 |
+
+### Cloud
+| Module | Description | MITRE |
+|--------|-------------|-------|
+| `cloud/s3_enum` | S3 bucket discovery, public ACL detection, file download + boto3 audit | T1530 |
+| `cloud/iam_enum` | IAM user/role enumeration, MFA checks, policy analysis (requires boto3) | T1580, T1078.004 |
+
+### Secrets
+| Module | Description | MITRE |
+|--------|-------------|-------|
+| `secrets/file_secrets` | 20+ pattern regex scanner + Shannon entropy detection | T1552.001 |
+
+### Exploitation
+| Module | Description | MITRE |
+|--------|-------------|-------|
+| `exploitation/api_exploit` | Generic credential testing, admin access, privilege escalation | T1078.004 |
+| `exploitation/jwt_attack` | None-algorithm bypass, weak secret bruteforce, algorithm confusion | T1078, T1550.001 |
+
+### Reporting
+| Module | Description |
+|--------|-------------|
+| `reporting/html_report` | Interactive HTML report with D3.js attack graph, CVSS scores, MITRE mapping |
+| `reporting/json_export` | Structured JSON for SIEM/ticketing integration |
+
+---
+
+## Secret Patterns (20+)
+
+ExploitGraph detects the following credential types:
+
+```
+AWS Access Key ID          AKIA[0-9A-Z]{16}
+AWS Secret Access Key      aws_secret_access_key = ...
+JWT Secret                 jwt_secret_key = ...
+Generic API Key            api_key = ...
+Stripe Live Key            sk_live_...
+GitHub Token               ghp_...
+Google API Key             AIza...
+SendGrid API Key           SG....
+Slack Token                xox[baprs]-...
+Database Password          db_password = ...
+Database URL               postgresql://user:pass@host
+Private Key                -----BEGIN RSA PRIVATE KEY-----
+Bearer Token               Authorization: Bearer ...
+Encryption Key             aes_key = [hex]
+Admin Credentials          admin password = ...
+Twilio SID                 AC[a-z0-9]{32}
+Webhook Secret             webhook_secret = ...
+High-Entropy Strings       Shannon entropy > 4.5
+```
+
+---
+
+## MITRE ATT&CK for Cloud Coverage
+
+| Technique | Name | Module |
+|-----------|------|--------|
+| T1595.003 | Wordlist Scanning | http_enum |
+| T1580 | Cloud Infrastructure Discovery | s3_enum, iam_enum |
+| T1530 | Data from Cloud Storage Object | s3_enum |
+| T1552.001 | Credentials in Files | file_secrets |
+| T1552.005 | Cloud Instance Metadata API | file_secrets |
+| T1078.004 | Valid Accounts: Cloud Accounts | api_exploit, iam_enum |
+| T1548 | Abuse Elevation Control Mechanism | api_exploit |
+| T1550.001 | Application Access Token | jwt_attack |
+
+---
+
+## Demo: Vulnerable Target (Viva/Lab Use)
+
+A deliberately vulnerable Flask fintech application is included for demonstration:
+
+```bash
+# Terminal 1 — Start target
+cd target && python3 app.py
+# Running at http://127.0.0.1:5000
+
+# Terminal 2 — Attack it
+python3 exploitgraph.py -t http://127.0.0.1:5000 --auto
+```
+
+The target simulates:
+- Public S3 bucket with backup archive
+- `.env` file with exposed AWS keys, API keys, JWT secrets
+- Weak admin credentials in deployment notes
+- Unauthenticated admin API endpoints
+- Debug endpoint leaking configuration
+
+> **The target app is for controlled lab environments only.**
+
+---
+
+## Writing Custom Modules
+
+Create a file in `modules/custom/my_module.py`:
+
+```python
+from modules.base import BaseModule, ModuleResult
+
+class MyModule(BaseModule):
+    NAME        = "my_module"
+    DESCRIPTION = "My custom scanner"
+    CATEGORY    = "discovery"
+    SEVERITY    = "HIGH"
+    MITRE       = ["T1595"]
+
+    OPTIONS = {
+        "TARGET": {"default": "", "required": True, "description": "Target URL"},
+    }
+
+    def run(self, session):
+        target = self.get_option("TARGET")
+        # ... your logic ...
+        session.add_finding(
+            module="my_module",
+            title="Finding Title",
+            severity="HIGH",
+            description="What was found",
+            evidence="Proof",
+            recommendation="How to fix",
+            cvss_score=7.5,
+        )
+        return ModuleResult(True, {"found": True})
+```
+
+ExploitGraph automatically discovers and loads it. No configuration needed.
+
+---
+
+## Report Output
+
+The HTML report includes:
+- Executive summary with severity breakdown
+- Interactive D3.js attack graph (drag, zoom, hover for details)
+- Expandable findings with CVSS scores
+- Evidence + proof-of-concept per finding
+- AWS CLI remediation commands
+- MITRE ATT&CK technique mapping
+- Full secrets table
+- Exploitation evidence log
+- Session risk score (0-10)
+
+---
+
+## AWS Integration
+
+With boto3 installed and credentials configured:
+
+```bash
+# Using AWS CLI profile
+exploitgraph> use cloud/s3_enum
+exploitgraph> set AWS_PROFILE my-profile
+exploitgraph> run
+
+# Using discovered credentials (auto-populated from file_secrets)
+exploitgraph> use cloud/iam_enum
+exploitgraph> run   # Picks up AWS keys found by file_secrets automatically
+```
+
+**All AWS operations are READ-ONLY** — no modifications to your AWS environment.
+
+---
+
+## Architecture
+
+```
+ExploitGraph/
+├── exploitgraph.py          Entry point (CLI + console launcher)
+├── core/
+│   ├── console.py           msfconsole-style interactive shell
+│   ├── module_loader.py     Dynamic plugin discovery & loading
+│   ├── session_manager.py   SQLite-backed multi-session tracking
+│   ├── attack_graph.py      networkx attack graph engine
+│   ├── risk_engine.py       CVSS-style risk scoring
+│   ├── logger.py            Structured colored logger
+│   └── config.py            YAML configuration loader
+├── modules/
+│   ├── base.py              BaseModule abstract class
+│   ├── discovery/           HTTP enumeration modules
+│   ├── cloud/               AWS/cloud security modules
+│   ├── secrets/             Credential extraction modules
+│   ├── exploitation/        Attack execution modules
+│   ├── reporting/           Report generation modules
+│   └── custom/              Drop your own modules here
+├── data/wordlists/          Attack wordlists
+├── sessions/                SQLite session database
+├── reports/                 Generated reports
+└── target/                  Demo vulnerable application
+```
+
+---
+
+## Legal Disclaimer
+
+ExploitGraph is developed for **authorized security testing and educational purposes only**.
+
+- Only use against systems you own or have explicit written permission to test
+- The demo target application is for isolated lab environments only
+- Unauthorized use against third-party systems is illegal
+
+The author assumes no liability for misuse of this tool.
+
+---
+
+## License
+
+MIT License — see [LICENSE](LICENSE)
+
+---
+
+## Author
+
+**Prajwal Pawar**
+B.Sc. Cyber Security — Final Year Project
+School of Computer Application
+
+---
+
+## Contributing
+
+Contributions welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+The easiest contribution: write a new module in `modules/custom/` following the `BaseModule` pattern and submit a PR.