PyPI - souleyez - Versions diffs - 2.16.0__py3-none-any.whl → 2.22.0__py3-none-any.whl - Mend

souleyez 2.16.0py3-none-any.whl → 2.22.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

souleyez/__init__.py +1 -1
souleyez/core/tool_chaining.py +99 -7
souleyez/docs/README.md +2 -2
souleyez/engine/background.py +9 -1
souleyez/engine/result_handler.py +40 -0
souleyez/integrations/siem/splunk.py +58 -11
souleyez/main.py +1 -1
souleyez/parsers/nmap_parser.py +97 -1
souleyez/parsers/smbmap_parser.py +30 -2
souleyez/parsers/sqlmap_parser.py +54 -17
souleyez/plugins/gobuster.py +96 -3
souleyez/plugins/msf_exploit.py +6 -3
souleyez/ui/interactive.py +31 -13
souleyez/ui/setup_wizard.py +331 -53
souleyez/utils/tool_checker.py +30 -8
{souleyez-2.16.0.dist-info → souleyez-2.22.0.dist-info}/METADATA +3 -3
{souleyez-2.16.0.dist-info → souleyez-2.22.0.dist-info}/RECORD +21 -21
{souleyez-2.16.0.dist-info → souleyez-2.22.0.dist-info}/WHEEL +0 -0
{souleyez-2.16.0.dist-info → souleyez-2.22.0.dist-info}/entry_points.txt +0 -0
{souleyez-2.16.0.dist-info → souleyez-2.22.0.dist-info}/licenses/LICENSE +0 -0
{souleyez-2.16.0.dist-info → souleyez-2.22.0.dist-info}/top_level.txt +0 -0

souleyez/parsers/sqlmap_parser.py CHANGED Viewed

@@ -80,10 +80,15 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
     current_method = 'GET'
     current_post_data = None
+    # Track POST form URLs separately to prevent GET URL testing from overwriting them
+    # This fixes bug where chain rules get wrong URL when SQLMap tests multiple URLs
+    last_post_form_url = None
+    last_post_form_data = None
     for i, line in enumerate(lines):
         line = line.strip()
-        # Extract URL being tested
+        # Extract URL being tested (GET requests typically)
         if 'testing URL' in line:
             url_match = re.search(r"testing URL '([^']+)'", line)
             if url_match:
@@ -100,6 +105,9 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
                 current_url = url_match.group(2)
                 if current_url not in result['urls_tested']:
                     result['urls_tested'].append(current_url)
+                # Save POST form URL separately for later use
+                if current_method == 'POST':
+                    last_post_form_url = current_url
         # Extract POST data (appears after "POST http://..." line)
         # Format: "POST data: username=&password=&submit=Login"
@@ -107,6 +115,8 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
             post_data_match = re.search(r'^POST data:\s*(.+)$', line)
             if post_data_match:
                 current_post_data = post_data_match.group(1).strip()
+                # Associate POST data with the POST form URL
+                last_post_form_data = current_post_data
         # Handle resumed injection points from stored session
         # Pattern: "sqlmap resumed the following injection point(s) from stored session:"
@@ -129,15 +139,23 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
                     else:
                         method = current_method  # Use current context
+                    # For POST parameters, use the saved POST form URL instead of current_url
+                    if method == 'POST' and last_post_form_url:
+                        effective_url = last_post_form_url
+                        effective_post_data = last_post_form_data or current_post_data
+                    else:
+                        effective_url = current_url or target
+                        effective_post_data = current_post_data if method == 'POST' else None
                     # Mark as confirmed injection
                     result['sql_injection_confirmed'] = True
                     result['injectable_parameter'] = param
-                    result['injectable_url'] = current_url or target
+                    result['injectable_url'] = effective_url
                     result['injectable_method'] = method
                     # Add vulnerability entry
                     result['vulnerabilities'].append({
-                        'url': current_url or target,
+                        'url': effective_url,
                         'parameter': param,
                         'vuln_type': 'sqli',
                         'injectable': True,
@@ -147,10 +165,10 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
                     # Collect injection point
                     injection_point = {
-                        'url': current_url or target,
+                        'url': effective_url,
                         'parameter': param,
                         'method': method,
-                        'post_data': current_post_data if method == 'POST' else None,
+                        'post_data': effective_post_data,
                         'techniques': []
                     }
                     if not any(
@@ -318,8 +336,17 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
                     )
                     if not already_added:
+                        # For POST parameters, use the saved POST form URL instead of current_url
+                        # This prevents bug where GET URL testing overwrites the correct POST form URL
+                        if param_method == 'POST' and last_post_form_url:
+                            effective_url = last_post_form_url
+                            effective_post_data = last_post_form_data or current_post_data
+                        else:
+                            effective_url = current_url or target
+                            effective_post_data = current_post_data if param_method == 'POST' else None
                         result['vulnerabilities'].append({
-                            'url': current_url or target,
+                            'url': effective_url,
                             'parameter': param,
                             'vuln_type': 'sqli',
                             'injectable': True,
@@ -332,17 +359,17 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
                         # Set confirmation flags
                         result['sql_injection_confirmed'] = True
                         result['injectable_parameter'] = param
-                        result['injectable_url'] = current_url or target
+                        result['injectable_url'] = effective_url
                         result['injectable_method'] = param_method  # GET, POST, etc.
-                        if param_method == 'POST' and current_post_data:
-                            result['injectable_post_data'] = current_post_data
+                        if param_method == 'POST' and effective_post_data:
+                            result['injectable_post_data'] = effective_post_data
                         # Collect ALL injection points for fallback
                         injection_point = {
-                            'url': current_url or target,
+                            'url': effective_url,
                             'parameter': param,
                             'method': param_method,
-                            'post_data': current_post_data if param_method == 'POST' else None,
+                            'post_data': effective_post_data,
                             'techniques': techniques
                         }
                         # Avoid duplicates
@@ -364,8 +391,18 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
             if param_match:
                 method = param_match.group(1) or current_method
                 param = param_match.group(2)
+                # For POST parameters, use the saved POST form URL instead of current_url
+                # This prevents bug where GET URL testing overwrites the correct POST form URL
+                if method == 'POST' and last_post_form_url:
+                    effective_url = last_post_form_url
+                    effective_post_data = last_post_form_data or current_post_data
+                else:
+                    effective_url = current_url or target
+                    effective_post_data = current_post_data if method == 'POST' else None
                 result['vulnerabilities'].append({
-                    'url': current_url or target,
+                    'url': effective_url,
                     'parameter': param,
                     'vuln_type': 'sqli',
                     'injectable': True,
@@ -376,17 +413,17 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
                 # Set confirmation flags
                 result['sql_injection_confirmed'] = True
                 result['injectable_parameter'] = param
-                result['injectable_url'] = current_url or target
+                result['injectable_url'] = effective_url
                 result['injectable_method'] = method
-                if method == 'POST' and current_post_data:
-                    result['injectable_post_data'] = current_post_data
+                if method == 'POST' and effective_post_data:
+                    result['injectable_post_data'] = effective_post_data
                 # Collect ALL injection points for fallback
                 injection_point = {
-                    'url': current_url or target,
+                    'url': effective_url,
                     'parameter': param,
                     'method': method,
-                    'post_data': current_post_data if method == 'POST' else None,
+                    'post_data': effective_post_data,
                     'techniques': []  # Technique details not available at this detection point
                 }
                 # Avoid duplicates

souleyez/plugins/gobuster.py CHANGED Viewed

@@ -154,6 +154,83 @@ class GobusterPlugin(PluginBase):
     category = "scanning"
     HELP = HELP
+    # Minimum required version (v3.x uses subcommands like 'dir', 'dns', 'vhost')
+    MIN_VERSION = "3.0.0"
+    def _check_version(self) -> tuple:
+        """
+        Check gobuster version meets minimum requirements.
+        Returns:
+            (meets_requirement: bool, version: str, error_msg: str or None)
+        """
+        try:
+            # Use -v flag (not 'version' subcommand) - works on v3.x
+            result = subprocess.run(
+                ["gobuster", "-v"],
+                capture_output=True,
+                text=True,
+                timeout=10
+            )
+            output = result.stdout + result.stderr
+            # Parse version from output like "gobuster version 3.8.2"
+            version_match = re.search(r'version\s+(\d+\.\d+\.\d+)', output, re.IGNORECASE)
+            if version_match:
+                version = version_match.group(1)
+                major = int(version.split('.')[0])
+                if major >= 3:
+                    return (True, version, None)
+                else:
+                    return (False, version, self._upgrade_message(version))
+            # Also try --version flag as fallback
+            result2 = subprocess.run(
+                ["gobuster", "--version"],
+                capture_output=True,
+                text=True,
+                timeout=10
+            )
+            output2 = result2.stdout + result2.stderr
+            version_match2 = re.search(r'version\s+(\d+\.\d+\.\d+)', output2, re.IGNORECASE)
+            if version_match2:
+                version = version_match2.group(1)
+                major = int(version.split('.')[0])
+                if major >= 3:
+                    return (True, version, None)
+                else:
+                    return (False, version, self._upgrade_message(version))
+            # If neither flag shows version info, check if v2.x by looking for subcommand error
+            # v2.x will show "Usage: gobuster [OPTIONS] ..." without subcommands
+            if "dir" not in output.lower() and "dns" not in output.lower():
+                return (False, "2.x", self._upgrade_message("2.x"))
+            # If we see dir/dns subcommands mentioned, assume v3.x
+            return (True, "3.x", None)
+        except FileNotFoundError:
+            return (False, None, "ERROR: gobuster not found. Install with: sudo apt install gobuster")
+        except subprocess.TimeoutExpired:
+            return (True, "unknown", None)  # Assume it works
+        except Exception as e:
+            return (True, "unknown", None)  # Assume it works
+    def _upgrade_message(self, current_version: str) -> str:
+        """Generate upgrade instructions for old gobuster versions."""
+        return (
+            f"ERROR: gobuster {current_version} is too old. Version 3.0.0+ required.\n\n"
+            f"Gobuster v2.x doesn't support the 'dir/dns/vhost' subcommands used by SoulEyez.\n\n"
+            f"UPGRADE OPTIONS:\n"
+            f"  Option 1 - Install from Go (recommended, gets latest):\n"
+            f"    go install github.com/OJ/gobuster/v3@latest\n\n"
+            f"  Option 2 - Download binary from GitHub:\n"
+            f"    https://github.com/OJ/gobuster/releases\n\n"
+            f"  Option 3 - On Kali Linux:\n"
+            f"    sudo apt update && sudo apt install gobuster\n\n"
+            f"After upgrading, verify with: gobuster version\n"
+        )
     def _preflight_check(self, base_url: str, timeout: float = 5.0, log_path: str = None) -> Dict[str, Optional[str]]:
         """
         Probe target with random UUID path to detect false positive responses.
@@ -225,7 +302,15 @@ class GobusterPlugin(PluginBase):
     def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
         """Build gobuster command for background execution with PID tracking."""
         args = args or []
+        # Check gobuster version meets requirements (v3.x+ required for subcommands)
+        meets_req, version, error_msg = self._check_version()
+        if not meets_req:
+            if log_path:
+                with open(log_path, 'w') as f:
+                    f.write(error_msg)
+            return None
         # Detect the mode from args
         mode = None
         if 'dir' in args:
@@ -323,9 +408,17 @@ class GobusterPlugin(PluginBase):
     def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
         """Execute gobuster scan and write output to log_path."""
         args = args or []
+        # Check gobuster version meets requirements (v3.x+ required for subcommands)
+        meets_req, version, error_msg = self._check_version()
+        if not meets_req:
+            if log_path:
+                with open(log_path, 'w') as f:
+                    f.write(error_msg)
+            return 1
         # Detect the mode from args
         mode = None
         if 'dir' in args:

souleyez/plugins/msf_exploit.py CHANGED Viewed

@@ -295,13 +295,16 @@ class MsfExploitPlugin(PluginBase):
                     with open(log_path, 'a') as f:
                         f.write(f"[!] Poll error: {e}\n")
-        # Timeout - no session opened
+        # Timeout - no session opened (not an error, just means target likely not vulnerable)
         if log_path:
             with open(log_path, 'a') as f:
-                f.write(f"\n[-] No session opened after {max_poll}s\n")
+                f.write(f"\n[*] No session opened after {max_poll}s\n")
+                f.write(f"[*] Target may not be vulnerable or exploit conditions not met\n")
+                f.write(f"[*] Try re-running the exploit if needed\n")
                 f.write(f"Completed: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n")
-        return {'success': False, 'error': f'No session after {max_poll}s'}
+        # Return success=False but no 'error' key - this is a "no results" case, not an error
+        return {'success': False, 'no_session': True, 'reason': f'No session after {max_poll}s'}
     def _get_local_ip(self, target: str) -> str:
         """Get local IP that can reach the target."""

souleyez/ui/interactive.py CHANGED Viewed

@@ -9694,9 +9694,19 @@ def _view_all_job_alerts(item: dict):
                 return f"{icon} {severity[:6].upper()}"
         elif key == 'rule_id':
             if is_wazuh_style:
-                return str(alert.get('rule', {}).get('id', 'N/A'))
+                # Wazuh: show first rule group (more descriptive) or rule ID
+                rule_data = alert.get('rule', {})
+                groups = rule_data.get('groups', [])
+                if groups:
+                    # Get most specific group (often last is most specific)
+                    return str(groups[-1])[:12]
+                return str(rule_data.get('id', 'N/A'))[:12]
             else:
-                return str(alert.get('rule_id', alert.get('id', 'N/A')))[:15]
+                # Splunk: show MITRE tactic if available, else sourcetype
+                mitre_tactics = alert.get('mitre_tactics', [])
+                if mitre_tactics:
+                    return str(mitre_tactics[0])[:12]
+                return str(alert.get('rule_id', 'N/A'))[:12]
         elif key == 'agent_name':
             if is_wazuh_style:
                 return alert.get('agent', {}).get('name', 'N/A')
@@ -9704,9 +9714,17 @@ def _view_all_job_alerts(item: dict):
                 return str(alert.get('source_ip', alert.get('host', 'N/A')))[:15]
         elif key == 'description':
             if is_wazuh_style:
-                return alert.get('rule', {}).get('description', 'No description')[:45]
+                # Wazuh: use rule description, or rule groups if more descriptive
+                rule_data = alert.get('rule', {})
+                desc = rule_data.get('description', '')
+                if not desc:
+                    groups = rule_data.get('groups', [])
+                    if groups:
+                        desc = ', '.join(groups[:2])
+                return str(desc)[:45] if desc else 'No description'
             else:
-                desc = alert.get('rule_name', alert.get('description', 'No description'))
+                # Splunk: prefer actual description (log content) over rule_name
+                desc = alert.get('description', '') or alert.get('rule_name', '')
                 return str(desc)[:45] if desc else 'No description'
         elif key == 'timestamp':
             ts = alert.get('timestamp', 'N/A')
@@ -9718,9 +9736,9 @@ def _view_all_job_alerts(item: dict):
     columns = [
         {'name': '#', 'width': 5, 'key': '_idx'},
         {'name': 'Level', 'width': 10, 'key': 'level_display'},
-        {'name': 'Rule', 'width': 8, 'key': 'rule_id'},
+        {'name': 'Type', 'width': 14, 'key': 'rule_id'},
         {'name': 'Agent', 'width': 15, 'key': 'agent_name'},
-        {'name': 'Description', 'width': 45, 'key': 'description'},
+        {'name': 'Description', 'width': 42, 'key': 'description'},
         {'name': 'Time', 'width': 20, 'key': 'timestamp'},
     ]
@@ -31347,13 +31365,13 @@ def run_interactive_menu():
     click.echo("└" + "─" * (width - 2) + "┘")
     click.echo("\n")
-    # ASCII Art Banner - SOULEYEZ
-    click.echo(click.style("   ███████╗ ██████╗ ██╗   ██╗██╗     ███████╗██╗   ██╗███████╗███████╗", fg='bright_cyan', bold=True))
-    click.echo(click.style("   ██╔════╝██╔═══██╗██║   ██║██║     ██╔════╝╚██╗ ██╔╝██╔════╝╚══███╔╝", fg='bright_cyan', bold=True))
-    click.echo(click.style("   ███████╗██║   ██║██║   ██║██║     █████╗   ╚████╔╝ █████╗    ███╔╝ ", fg='bright_cyan', bold=True))
-    click.echo(click.style("   ╚════██║██║   ██║██║   ██║██║     ██╔══╝    ╚██╔╝  ██╔══╝   ███╔╝  ", fg='bright_cyan', bold=True))
-    click.echo(click.style("   ███████║╚██████╔╝╚██████╔╝███████╗███████╗   ██║   ███████╗███████╗", fg='bright_cyan', bold=True))
-    click.echo(click.style("   ╚══════╝ ╚═════╝  ╚═════╝ ╚══════╝╚══════╝   ╚═╝   ╚══════╝╚══════╝", fg='bright_cyan', bold=True))
+    # ASCII Art Banner - SOULEYEZ with all-seeing eye on the right
+    click.echo(click.style("   ███████╗ ██████╗ ██╗   ██╗██╗     ███████╗██╗   ██╗███████╗███████╗", fg='bright_cyan', bold=True) + click.style("        ▄██▄", fg='bright_blue', bold=True))
+    click.echo(click.style("   ██╔════╝██╔═══██╗██║   ██║██║     ██╔════╝╚██╗ ██╔╝██╔════╝╚══███╔╝", fg='bright_cyan', bold=True) + click.style("      ▄█▀  ▀█▄", fg='bright_blue', bold=True))
+    click.echo(click.style("   ███████╗██║   ██║██║   ██║██║     █████╗   ╚████╔╝ █████╗    ███╔╝ ", fg='bright_cyan', bold=True) + click.style("     █   ◉   █", fg='bright_blue', bold=True))
+    click.echo(click.style("   ╚════██║██║   ██║██║   ██║██║     ██╔══╝    ╚██╔╝  ██╔══╝   ███╔╝  ", fg='bright_cyan', bold=True) + click.style("     █  ═══  █", fg='bright_blue', bold=True))
+    click.echo(click.style("   ███████║╚██████╔╝╚██████╔╝███████╗███████╗   ██║   ███████╗███████╗", fg='bright_cyan', bold=True) + click.style("      ▀█▄  ▄█▀", fg='bright_blue', bold=True))
+    click.echo(click.style("   ╚══════╝ ╚═════╝  ╚═════╝ ╚══════╝╚══════╝   ╚═╝   ╚══════╝╚══════╝", fg='bright_cyan', bold=True) + click.style("        ▀██▀", fg='bright_blue', bold=True))
     click.echo()
     # Tagline and description

souleyez 2.16.0__py3-none-any.whl → 2.22.0__py3-none-any.whl

souleyez 2.16.0py3-none-any.whl → 2.22.0py3-none-any.whl