man-spider 1.1.2__py3-none-any.whl → 2.0.0__py3-none-any.whl

man_spider/lib/util.py

@@ -1,12 +1,66 @@
 import os
-import magic
+import re
 import string
 import random
 import logging
 import ipaddress
 from pathlib import Path
+from dataclasses import dataclass
+from charset_normalizer import from_bytes
 
-log = logging.getLogger('manspider.util')
+log = logging.getLogger("manspider.util")
+
+
+@dataclass
+class Target:
+    """Represents a target host with optional port."""
+
+    host: str
+    port: int = 445
+
+    def __str__(self):
+        if self.port == 445:
+            return self.host
+        return f"{self.host}:{self.port}"
+
+    def __hash__(self):
+        return hash((self.host, self.port))
+
+    def __eq__(self, other):
+        if isinstance(other, Target):
+            return self.host == other.host and self.port == other.port
+        return False
+
+
+def parse_host_port(s):
+    """
+    Parse a host:port string. Returns (host, port) tuple.
+    Port defaults to 445 if not specified.
+    Handles IPv6 addresses in brackets: [::1]:445
+    """
+    # IPv6 with port: [::1]:445
+    ipv6_match = re.match(r"^\[([^\]]+)\]:(\d+)$", s)
+    if ipv6_match:
+        return ipv6_match.group(1), int(ipv6_match.group(2))
+
+    # IPv6 without port: [::1] or ::1
+    if s.startswith("[") and s.endswith("]"):
+        return s[1:-1], 445
+    if ":" in s and s.count(":") > 1:
+        # Plain IPv6 address (multiple colons, no port)
+        return s, 445
+
+    # IPv4/hostname with port: 192.168.1.1:445 or host.com:445
+    if ":" in s:
+        host, port_str = s.rsplit(":", 1)
+        try:
+            return host, int(port_str)
+        except ValueError:
+            # Not a valid port, treat whole thing as host
+            return s, 445
+
+    # No port specified
+    return s, 445
 
 
 def str_to_list(s):
@@ -26,46 +80,51 @@ def str_to_list(s):
 
 
 def make_targets(s):
-    '''
+    """
     Accepts filename, CIDR, IP, hostname, file, or folder
-    Returns list of targets as IPs, hostnames, or Path() objects
-    '''
+    Supports host:port syntax (e.g., 192.168.1.1:4455)
+    Returns list of targets as Target objects or Path() objects
+    """
 
     targets = set()
 
     p = Path(s)
-    if s.lower() == 'loot':
-        targets.add(Path.home() / '.manspider' / 'loot')
+    if s.lower() == "loot":
+        targets.add(Path.home() / ".manspider" / "loot")
 
     elif p.is_dir():
         targets.add(p)
 
     else:
         for i in str_to_list(s):
+            # Parse host:port if present
+            host, port = parse_host_port(i)
             try:
-                for ip in ipaddress.ip_network(i, strict=False):
-                    targets.add(str(ip))
+                # Try to expand as CIDR network
+                for ip in ipaddress.ip_network(host, strict=False):
+                    targets.add(Target(str(ip), port))
             except ValueError:
-                targets.add(i)
+                # Not a CIDR, treat as hostname
+                targets.add(Target(host, port))
 
     return list(targets)
 
 
 def human_to_int(h):
-    '''
+    """
     converts human-readable number to integer
     e.g. 1K --> 1000
-    '''
+    """
 
     if type(h) == int:
         return h
 
-    units = {'': 1, 'K': 1024, 'M': 1024**2, 'G': 1024**3, 'T': 1024**4}
+    units = {"": 1, "K": 1024, "M": 1024**2, "G": 1024**3, "T": 1024**4}
 
     try:
         h = h.upper().strip()
-        i = float(''.join(c for c in h if c in string.digits + '.'))
-        unit = ''.join([c for c in h if c in units.keys()])
+        i = float("".join(c for c in h if c in string.digits + "."))
+        unit = "".join([c for c in h if c in units.keys()])
     except (ValueError, KeyError):
         raise ValueError(f'Invalid filesize "{h}"')
 
@@ -73,45 +132,52 @@ def human_to_int(h):
 
 
 def bytes_to_human(_bytes):
-    '''
+    """
     converts bytes to human-readable filesize
     e.g. 1024 --> 1KB
-    '''
+    """
 
-    sizes = ['B', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB']
+    sizes = ["B", "KB", "MB", "GB", "TB", "PB", "EB", "ZB"]
     units = {}
     count = 0
     for size in sizes:
         units[size] = pow(1024, count)
-        count +=1
+        count += 1
 
     for size in sizes:
         if abs(_bytes) < 1024.0:
             if size == sizes[0]:
                 _bytes = str(int(_bytes))
             else:
-                _bytes = '{:.2f}'.format(_bytes)
-            return '{}{}'.format(_bytes, size)
+                _bytes = "{:.2f}".format(_bytes)
+            return "{}{}".format(_bytes, size)
         _bytes /= 1024
 
     raise ValueError
 
 
 def better_decode(b):
+    """
+    Decode bytes to string using charset-normalizer for encoding detection.
+    """
+    result = from_bytes(b)
+    best = result.best()
 
-    # detect encoding with libmagic
-    m = magic.Magic(mime_encoding=True)
-    encoding = m.from_buffer(b)
+    if best is not None:
+        return str(best)
 
+    # Fallback if no encoding detected
     try:
-        return b.decode(encoding)
+        return b.decode('utf-8', errors='ignore')
     except Exception:
         return str(b)[2:-1]
 
 
 def random_string(length):
 
-    return ''.join(random.choice(string.ascii_lowercase + string.ascii_uppercase + string.digits) for i in range(length))
+    return "".join(
+        random.choice(string.ascii_lowercase + string.ascii_uppercase + string.digits) for i in range(length)
+    )
 
 
 def list_files(path):
@@ -130,13 +196,13 @@ def list_files(path):
 
 
 def rmdir(directory):
-    '''
+    """
     Recursively remove directory
-    '''
+    """
     directory = Path(directory)
     for item in directory.iterdir():
         if item.is_dir():
             rmdir(item)
         else:
             item.unlink()
-    directory.rmdir()
+    directory.rmdir()

man_spider/manspider.py

@@ -7,54 +7,56 @@ import argparse
 import traceback
 from time import sleep
 import multiprocessing
+from datetime import datetime
 
 from man_spider.lib import *
 
 
 # set up logging
-log = logging.getLogger('manspider')
+log = logging.getLogger("manspider")
 log.setLevel(logging.INFO)
 
 
 def go(options):
 
-    log.info('MANSPIDER command executed: ' + ' '.join(sys.argv))
+    log.info("MANSPIDER command executed: " + " ".join(sys.argv))
 
     try:
-
         # warn if --or-logic is enabled
         if options.or_logic and options.content and not all([type(t) == pathlib.PosixPath for t in options.targets]):
-            log.warning('WARNING: "--or-logic" causes files to be content-searched even if filename/extension filters do not match!!')
+            log.warning(
+                'WARNING: "--or-logic" causes files to be content-searched even if filename/extension filters do not match!!'
+            )
             sleep(2)
 
         # exit if no filters were specified
         if not (options.filenames or options.extensions or options.exclude_extensions or options.content):
-            log.error('Please specify at least one of --filenames, --content, --extensions, or --exclude-extensions')
+            log.error("Please specify at least one of --filenames, --content, --extensions, or --exclude-extensions")
             return
 
         # exit if --maxdepth is invalid
         if options.maxdepth <= 0:
-            log.error('--maxdepth must be greater than zero')
+            log.error("--maxdepth must be greater than zero")
             return
 
-        log.info(f'Skipping files larger than {bytes_to_human(options.max_filesize)}')
-        log.info(f'Using {options.threads:,} threads')
+        log.info(f"Skipping files larger than {bytes_to_human(options.max_filesize)}")
+        log.info(f"Using {options.threads:,} threads")
 
         manspider = MANSPIDER(options)
         manspider.start()
 
     except KeyboardInterrupt:
-        log.critical('Interrupted')
+        log.critical("Interrupted")
 
     except Exception as e:
         if log.level <= logging.DEBUG:
             log.critical(traceback.format_exc())
         else:
-            log.critical(f'Critical error (-v to debug): {e}')
+            log.critical(f"Critical error (-v to debug): {e}")
 
     finally:
         # make sure temp files are cleaned up before exiting
-        #rmdir(manspider.tmp_dir)
+        # rmdir(manspider.tmp_dir)
         pass
 
 
@@ -62,7 +64,7 @@ def main():
 
     interrupted = False
 
-    examples = '''
+    examples = """
 
     # EXAMPLES
 
@@ -77,39 +79,132 @@ def main():
 
     Example 4: Search for finance-related files
     $ manspider share.evilcorp.local --dirnames bank financ payable payment reconcil remit voucher vendor eft swift -f '[0-9]{5,}' -d evilcorp -u bob -p Passw0rd
-    '''
-
-    parser = argparse.ArgumentParser(description='Scan for juicy data on SMB shares. Matching files and logs are stored in $HOME/.manspider. All filters are case-insensitive.')
-    parser.add_argument('targets', nargs='+',   type=make_targets,          help='IPs, Hostnames, CIDR ranges, or files containing targets to spider (NOTE: local searching also supported, specify directory name or keyword "loot" to search downloaded files)')
-    parser.add_argument('-u', '--username',     default='',                 help='username for authentication')
-    parser.add_argument('-p', '--password',     default='',                 help='password for authentication')
-    parser.add_argument('-d', '--domain',       default='',                 help='domain for authentication')
-    parser.add_argument('-l','--loot-dir',      default='',                 help='loot directory (default ~/.manspider/)')
-    parser.add_argument('-m', '--maxdepth',     type=int,   default=10,     help='maximum depth to spider (default: 10)')
-    parser.add_argument('-H', '--hash',         default='',                 help='NTLM hash for authentication')
-    parser.add_argument('-k', '--kerberos',     action='store_true',       help='Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME) based on target parameters')
-    parser.add_argument('-aesKey', '--aes-key', action='store', metavar='HEX', help='AES key to use for Kerberos Authentication (128 or 256 bits)')
-    parser.add_argument('-dc-ip', '--dc-ip',    action='store', metavar='IP', help='IP Address of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter')
-    parser.add_argument('-t', '--threads',      type=int,   default=5,      help='concurrent threads (default: 5)')
-    parser.add_argument('-f', '--filenames', nargs='+', default=[],         help=f'filter filenames using regex (space-separated)', metavar='REGEX')
-    parser.add_argument('-e', '--extensions',nargs='+', default=[],         help='only show filenames with these extensions (space-separated, e.g. `docx xlsx` for only word & excel docs)', metavar='EXT')
-    parser.add_argument('--exclude-extensions',nargs='+', default=[],       help='ignore files with these extensions', metavar='EXT')
-    parser.add_argument('-c', '--content',   nargs='+', default=[],         help='search for file content using regex (multiple supported)', metavar='REGEX')
-    parser.add_argument('--sharenames',      nargs='+', default=[],         help='only search shares with these names (multiple supported)', metavar='SHARE')
-    parser.add_argument('--exclude-sharenames', nargs='*', default=['IPC$', 'C$', 'ADMIN$', 'PRINT$'],help='don\'t search shares with these names (multiple supported)', metavar='SHARE')
-    parser.add_argument('--dirnames',      nargs='+', default=[],           help='only search directories containing these strings (multiple supported)', metavar='DIR')
-    parser.add_argument('--exclude-dirnames', nargs='+', default=[],        help='don\'t search directories containing these strings (multiple supported)', metavar='DIR')
-    parser.add_argument('-q', '--quiet',   action='store_true',             help='don\'t display matching file content')
-    parser.add_argument('-n', '--no-download',   action='store_true',       help='don\'t download matching files')
-    parser.add_argument('-mfail', '--max-failed-logons', type=int,          help='limit failed logons', metavar='INT')
-    parser.add_argument('-o', '--or-logic', action='store_true',            help=f'use OR logic instead of AND (files are downloaded if filename OR extension OR content match)')
-    parser.add_argument('-s', '--max-filesize', type=human_to_int, default=human_to_int('10M'), help=f'don\'t retrieve files over this size, e.g. "500K" or ".5M" (default: 10M)', metavar='SIZE')
-    parser.add_argument('-v', '--verbose', action='store_true',             help='show debugging messages')
-    
+    """
+
+    parser = argparse.ArgumentParser(
+        description="Scan for juicy data on SMB shares. Matching files and logs are stored in $HOME/.manspider. All filters are case-insensitive."
+    )
+    parser.add_argument(
+        "targets",
+        nargs="+",
+        type=make_targets,
+        help='IPs, Hostnames, CIDR ranges, or files containing targets to spider (NOTE: local searching also supported, specify directory name or keyword "loot" to search downloaded files)',
+    )
+    parser.add_argument("-u", "--username", default="", help="username for authentication")
+    parser.add_argument("-p", "--password", default="", help="password for authentication")
+    parser.add_argument("-d", "--domain", default="", help="domain for authentication")
+    parser.add_argument("-l", "--loot-dir", default="", help="loot directory (default ~/.manspider/)")
+    parser.add_argument("-m", "--maxdepth", type=int, default=10, help="maximum depth to spider (default: 10)")
+    parser.add_argument("-H", "--hash", default="", help="NTLM hash for authentication")
+    parser.add_argument(
+        "-k",
+        "--kerberos",
+        action="store_true",
+        help="Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME) based on target parameters",
+    )
+    parser.add_argument(
+        "-aesKey",
+        "--aes-key",
+        action="store",
+        metavar="HEX",
+        help="AES key to use for Kerberos Authentication (128 or 256 bits)",
+    )
+    parser.add_argument(
+        "-dc-ip",
+        "--dc-ip",
+        action="store",
+        metavar="IP",
+        help="IP Address of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter",
+    )
+    parser.add_argument("-t", "--threads", type=int, default=5, help="concurrent threads (default: 5)")
+    parser.add_argument(
+        "-f",
+        "--filenames",
+        nargs="+",
+        default=[],
+        help="filter filenames using regex (space-separated)",
+        metavar="REGEX",
+    )
+    parser.add_argument(
+        "-e",
+        "--extensions",
+        nargs="+",
+        default=[],
+        help="only show filenames with these extensions (space-separated, e.g. `docx xlsx` for only word & excel docs)",
+        metavar="EXT",
+    )
+    parser.add_argument(
+        "--exclude-extensions", nargs="+", default=[], help="ignore files with these extensions", metavar="EXT"
+    )
+    parser.add_argument(
+        "-c",
+        "--content",
+        nargs="+",
+        default=[],
+        help="search for file content using regex (multiple supported)",
+        metavar="REGEX",
+    )
+    parser.add_argument(
+        "--sharenames",
+        nargs="+",
+        default=[],
+        help="only search shares with these names (multiple supported)",
+        metavar="SHARE",
+    )
+    parser.add_argument(
+        "--exclude-sharenames",
+        nargs="*",
+        default=["IPC$", "C$", "ADMIN$", "PRINT$"],
+        help="don't search shares with these names (multiple supported)",
+        metavar="SHARE",
+    )
+    parser.add_argument(
+        "--dirnames",
+        nargs="+",
+        default=[],
+        help="only search directories containing these strings (multiple supported)",
+        metavar="DIR",
+    )
+    parser.add_argument(
+        "--exclude-dirnames",
+        nargs="+",
+        default=[],
+        help="don't search directories containing these strings (multiple supported)",
+        metavar="DIR",
+    )
+    parser.add_argument("-q", "--quiet", action="store_true", help="don't display matching file content")
+    parser.add_argument("-n", "--no-download", action="store_true", help="don't download matching files")
+    parser.add_argument("-mfail", "--max-failed-logons", type=int, help="limit failed logons", metavar="INT")
+    parser.add_argument(
+        "-o",
+        "--or-logic",
+        action="store_true",
+        help="use OR logic instead of AND (files are downloaded if filename OR extension OR content match)",
+    )
+    parser.add_argument(
+        "-s",
+        "--max-filesize",
+        type=human_to_int,
+        default=human_to_int("10M"),
+        help='don\'t retrieve files over this size, e.g. "500K" or ".5M" (default: 10M)',
+        metavar="SIZE",
+    )
+    parser.add_argument("-v", "--verbose", action="store_true", help="show debugging messages")
+    parser.add_argument(
+        "--modified-after",
+        type=str,
+        metavar="DATE",
+        help="only show files modified after this date (format: YYYY-MM-DD)",
+    )
+    parser.add_argument(
+        "--modified-before",
+        type=str,
+        metavar="DATE",
+        help="only show files modified before this date (format: YYYY-MM-DD)",
+    )
 
     syntax_error = False
     try:
-
         if len(sys.argv) == 1:
             parser.print_help()
             sys.exit(1)
@@ -117,22 +212,41 @@ def main():
         options = parser.parse_args()
 
         if options.verbose:
-            log.setLevel('DEBUG')
+            log.setLevel("DEBUG")
 
-        if options.kerberos and not "KRB5CCNAME" in os.environ:
+        if options.kerberos and "KRB5CCNAME" not in os.environ:
             log.error("KRB5CCNAME is not set in the environment")
             sys.exit(1)
 
+        # Parse date filters
+        if options.modified_after:
+            try:
+                options.modified_after = datetime.strptime(options.modified_after, "%Y-%m-%d")
+            except ValueError:
+                log.error("Invalid date format for --modified-after. Use YYYY-MM-DD")
+                sys.exit(1)
+        else:
+            options.modified_after = None
+
+        if options.modified_before:
+            try:
+                options.modified_before = datetime.strptime(options.modified_before, "%Y-%m-%d")
+            except ValueError:
+                log.error("Invalid date format for --modified-before. Use YYYY-MM-DD")
+                sys.exit(1)
+        else:
+            options.modified_before = None
+
         # make sure extension formats are valid
         for i, extension in enumerate(options.extensions):
-            if extension and not extension.startswith('.'):
-                extension = f'.{extension}'
+            if extension and not extension.startswith("."):
+                extension = f".{extension}"
             options.extensions[i] = extension.lower()
 
         # make sure extension blacklist is valid
         for i, extension in enumerate(options.exclude_extensions):
-            if not extension.startswith('.'):
-                extension = f'.{extension}'
+            if not extension.startswith("."):
+                extension = f".{extension}"
             options.exclude_extensions[i] = extension.lower()
 
         # lowercase share names
@@ -155,11 +269,11 @@ def main():
     except argparse.ArgumentError as e:
         syntax_error = True
         log.error(e)
-        log.error('Check your syntax')
+        log.error("Check your syntax")
         sys.exit(2)
 
     except KeyboardInterrupt:
-        log.critical('Interrupted')
+        log.critical("Interrupted")
         sys.exit(1)
 
     # pretty format all errors if we're not debugging
@@ -167,10 +281,10 @@ def main():
         if log.level <= logging.DEBUG:
             log.critical(traceback.format_exc())
         else:
-            log.critical(f'Critical error (-v to debug): {e}')
+            log.critical(f"Critical error (-v to debug): {e}")
 
     finally:
-        if '-h' in sys.argv or '--help' in sys.argv or len(sys.argv) == 1 or syntax_error:
+        if "-h" in sys.argv or "--help" in sys.argv or len(sys.argv) == 1 or syntax_error:
             print(examples)
         sleep(1)
         try:
@@ -185,5 +299,5 @@ def main():
             pass
 
 
-if __name__ == '__main__':
-    main()
+if __name__ == "__main__":
+    main()