souleyez 2.16.0__py3-none-any.whl → 2.26.0__py3-none-any.whl

souleyez/parsers/dnsrecon_parser.py

@@ -56,47 +56,62 @@ def parse_dnsrecon_output(output: str, target: str = "") -> Dict[str, Any]:
         if not line_stripped or line_stripped.startswith('[-]'):
             continue
 
-        # Parse lines starting with [*] - these contain DNS records
-        # Format: [*] 	 A cybersoulsecurity.com 198.185.159.144
-        # Format: [*] 	 NS ns04.squarespacedns.com 45.54.22.193
-        # Format: [*] 	 MX alt1.aspmx.l.google.com 192.178.164.26
-        # Format: [*] 	 SOA dns1.p01.nsone.net 198.51.44.1
+        # Parse DNS records from dnsrecon output
+        # Old format: [*]   A cybersoulsecurity.com 198.185.159.144
+        # New format: 2026-01-08T13:50:16.302153-1000 INFO      SOA dns1.p01.nsone.net 198.51.44.1
+        # New format: 2026-01-08T13:50:17.112742-1000 INFO      NS dns4.p01.nsone.net 198.51.45.65
+
+        record_type = None
+        hostname = None
+        ip = None
 
         if line_stripped.startswith('[*]'):
+            # Old format: [*] <type> <hostname> <ip>
             parts = line_stripped.split()
-            if len(parts) >= 4:  # [*] <type> <hostname> <ip>
+            if len(parts) >= 4:
                 record_type = parts[1]
                 hostname = parts[2].lower()
                 ip = parts[3] if len(parts) > 3 else ''
-
-                # Validate IP (both IPv4 and basic IPv6)
-                is_ipv4 = re.match(r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$', ip)
-                # is_ipv6 = ':' in ip  # not used currently
-
-                if record_type == 'A' and is_ipv4:
-                    if hostname not in seen_hosts:
-                        seen_hosts.add(hostname)
-                        result['hosts'].append({
-                            'hostname': hostname,
-                            'ip': ip,
-                            'type': 'A'
-                        })
-                        if hostname != target and hostname not in seen_subdomains:
-                            seen_subdomains.add(hostname)
-                            result['subdomains'].append(hostname)
-
-                elif record_type == 'NS':
-                    if hostname not in result['nameservers']:
-                        result['nameservers'].append(hostname)
-
-                elif record_type == 'MX':
-                    if hostname not in result['mail_servers']:
-                        result['mail_servers'].append(hostname)
-
-                elif record_type == 'SOA':
-                    # SOA records can also be nameservers
-                    if hostname not in result['nameservers']:
-                        result['nameservers'].append(hostname)
+        elif ' INFO ' in line_stripped:
+            # New format: TIMESTAMP INFO <type> <hostname> <ip>
+            # Split on INFO and parse the rest
+            info_idx = line_stripped.find(' INFO ')
+            if info_idx != -1:
+                record_part = line_stripped[info_idx + 6:].strip()
+                parts = record_part.split()
+                if len(parts) >= 3:
+                    record_type = parts[0]
+                    hostname = parts[1].lower()
+                    ip = parts[2] if len(parts) > 2 else ''
+
+        if record_type and hostname:
+            # Validate IP (both IPv4 and basic IPv6)
+            is_ipv4 = re.match(r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$', ip) if ip else False
+
+            if record_type == 'A' and is_ipv4:
+                if hostname not in seen_hosts:
+                    seen_hosts.add(hostname)
+                    result['hosts'].append({
+                        'hostname': hostname,
+                        'ip': ip,
+                        'type': 'A'
+                    })
+                    if hostname != target and hostname not in seen_subdomains:
+                        seen_subdomains.add(hostname)
+                        result['subdomains'].append(hostname)
+
+            elif record_type == 'NS':
+                if hostname not in result['nameservers']:
+                    result['nameservers'].append(hostname)
+
+            elif record_type == 'MX':
+                if hostname not in result['mail_servers']:
+                    result['mail_servers'].append(hostname)
+
+            elif record_type == 'SOA':
+                # SOA records can also be nameservers
+                if hostname not in result['nameservers']:
+                    result['nameservers'].append(hostname)
 
         # Parse subdomain brute force results: [*] Subdomain: api.example.com IP: 1.2.3.4
         subdomain_match = re.search(r'Subdomain:\s+(\S+)\s+IP:\s+(\d+\.\d+\.\d+\.\d+)', line_stripped)

souleyez/parsers/enum4linux_parser.py

@@ -51,16 +51,38 @@ def parse_enum4linux_output(output: str, target: str = "") -> Dict[str, Any]:
 
 def _is_enum4linux_ng_output(output: str) -> bool:
     """Detect if output is from enum4linux-ng (YAML-style format)."""
-    # enum4linux-ng indicators - look for its specific patterns
+    # Primary indicator - explicit version string (most reliable)
+    if re.search(r'ENUM4LINUX\s*-\s*next\s*generation', output, re.IGNORECASE):
+        return True
+    if re.search(r'enum4linux-ng', output, re.IGNORECASE):
+        return True
+
+    # Secondary indicators - look for YAML-style patterns unique to ng
     ng_indicators = [
-        re.search(r'ENUM4LINUX - next generation', output),
-        re.search(r'After merging user results', output),
-        re.search(r'After merging share results', output),
-        re.search(r'^\s+username:\s+', output, re.MULTILINE),
-        re.search(r"^'\d+':\s*$", output, re.MULTILINE),  # RID entries like '1000':
+        re.search(r'After merging (user|share|group) results', output, re.IGNORECASE),
+        re.search(r'^\s{2,}username:\s+', output, re.MULTILINE),  # Indented YAML-style
+        re.search(r"^'?\d+'?:\s*$", output, re.MULTILINE),  # RID entries: '1000': or 1000:
+        re.search(r'^\s{2,}(groupname|name|type|comment):\s+', output, re.MULTILINE),
+        re.search(r'Trying to get SID from lsaquery', output, re.IGNORECASE),
+    ]
+
+    # Classic enum4linux indicators (to confirm it's NOT ng)
+    classic_indicators = [
+        re.search(r'enum4linux v\d', output, re.IGNORECASE),
+        re.search(r'Starting enum4linux v', output, re.IGNORECASE),
+        re.search(r'Sharename\s+Type\s+Comment', output),  # Table header
+        re.search(r'\|\s+Users on', output),
     ]
-    # If we find at least 2 indicators, it's probably enum4linux-ng
-    return sum(1 for ind in ng_indicators if ind) >= 2
+
+    ng_count = sum(1 for ind in ng_indicators if ind)
+    classic_count = sum(1 for ind in classic_indicators if ind)
+
+    # If we have classic indicators and no/few ng indicators, it's classic
+    if classic_count >= 2 and ng_count < 2:
+        return False
+
+    # If we find at least 2 ng indicators, it's probably enum4linux-ng
+    return ng_count >= 2
 
 
 def _parse_enum4linux_ng_output(output: str, target: str = "") -> Dict[str, Any]:
@@ -297,21 +319,41 @@ def _parse_enum4linux_classic_output(output: str, target: str = "") -> Dict[str,
 
         # Parse user lines from RID cycling output (Local User or Domain User)
         elif current_section == 'users' and line and not line.startswith('='):
-            # Format: "S-1-5-21-...-RID DOMAIN\username (Local User)"
-            user_match = re.match(r'S-1-5-21-[0-9-]+ \S+\\(\S+) \((Local User|Domain User)\)', line)
+            # Format variations:
+            # "S-1-5-21-...-RID DOMAIN\username (Local User)"
+            # "S-1-5-21-...-RID DOMAIN\\username (Local User)"
+            # "username (Local User)" - simplified format
+            # "[+] DOMAIN\username" - alternate prefix
+
+            # Try full SID format first (flexible escaping)
+            user_match = re.search(r'S-1-5-21-[\d-]+\s+\S+[\\]+(\S+)\s+\((Local|Domain)\s*User\)', line, re.IGNORECASE)
             if user_match:
                 username = user_match.group(1)
-                if username not in result['users']:
+                if username and username not in result['users']:
                     result['users'].append(username)
-
-        # Also parse group lines from RID cycling (Domain Group)
+            else:
+                # Try simpler DOMAIN\username format
+                user_match = re.search(r'[\[\+\]\s]*\S+[\\]+(\S+)\s+\((Local|Domain)\s*User\)', line, re.IGNORECASE)
+                if user_match:
+                    username = user_match.group(1)
+                    if username and username not in result['users']:
+                        result['users'].append(username)
+
+        # Also parse group lines from RID cycling (Domain Group, Local Group)
         elif current_section == 'groups' and line and not line.startswith('='):
-            # Format: "S-1-5-21-...-RID DOMAIN\groupname (Domain Group)"
-            group_match = re.match(r'S-1-5-21-[0-9-]+ \S+\\(\S+) \(Domain Group\)', line)
+            # Format variations similar to users
+            group_match = re.search(r'S-1-5-21-[\d-]+\s+\S+[\\]+(\S+)\s+\((Domain|Local)\s*Group\)', line, re.IGNORECASE)
             if group_match:
                 groupname = group_match.group(1)
-                if groupname not in result['groups']:
+                if groupname and groupname not in result['groups']:
                     result['groups'].append(groupname)
+            else:
+                # Try simpler format
+                group_match = re.search(r'[\[\+\]\s]*\S+[\\]+(\S+)\s+\((Domain|Local)\s*Group\)', line, re.IGNORECASE)
+                if group_match:
+                    groupname = group_match.group(1)
+                    if groupname and groupname not in result['groups']:
+                        result['groups'].append(groupname)
 
     return result
 
@@ -322,23 +364,61 @@ def _parse_share_line(line: str) -> Dict[str, Any]:
 
     Example: "print$          Disk      Printer Drivers"
     Example: "tmp             Disk      oh noes!"
+    Example: "IPC$    IPC       IPC Service (Samba)"
     """
-    # Split on multiple whitespace
-    parts = re.split(r'\s{2,}', line.strip())
+    line = line.strip()
+    if not line:
+        return None
 
+    # Try multiple parsing strategies for different formats
+
+    # Strategy 1: Split on 2+ whitespace (most common)
+    parts = re.split(r'\s{2,}', line)
+    if len(parts) >= 2:
+        share_name = parts[0].strip()
+        share_type = parts[1].strip()
+        comment = parts[2].strip() if len(parts) > 2 else ''
+
+        # Validate share type is a known type
+        if share_type.upper() in ['DISK', 'IPC', 'PRINT', 'PRINTER', 'COMM', 'DEVICE']:
+            return {
+                'name': share_name,
+                'type': share_type,
+                'comment': comment,
+                'mapping': None,
+                'listing': None,
+                'writing': None
+            }
+
+    # Strategy 2: Tab-separated
+    parts = line.split('\t')
     if len(parts) >= 2:
         share_name = parts[0].strip()
         share_type = parts[1].strip()
         comment = parts[2].strip() if len(parts) > 2 else ''
 
+        if share_type.upper() in ['DISK', 'IPC', 'PRINT', 'PRINTER', 'COMM', 'DEVICE']:
+            return {
+                'name': share_name,
+                'type': share_type,
+                'comment': comment,
+                'mapping': None,
+                'listing': None,
+                'writing': None
+            }
+
+    # Strategy 3: Regex for flexible whitespace (single space minimum)
+    match = re.match(r'^(\S+)\s+(Disk|IPC|Print|Printer|Comm|Device)\s*(.*)?$', line, re.IGNORECASE)
+    if match:
         return {
-            'name': share_name,
-            'type': share_type,
-            'comment': comment,
+            'name': match.group(1),
+            'type': match.group(2),
+            'comment': match.group(3).strip() if match.group(3) else '',
             'mapping': None,
             'listing': None,
             'writing': None
         }
+
     return None
 
 

souleyez/parsers/http_fingerprint_parser.py

@@ -0,0 +1,319 @@
+#!/usr/bin/env python3
+"""
+souleyez.parsers.http_fingerprint_parser
+
+Parses HTTP fingerprint output to extract WAF, CDN, managed hosting,
+and technology information.
+"""
+import json
+import re
+from typing import Dict, Any, List, Optional
+
+
+def parse_http_fingerprint_output(output: str, target: str = "") -> Dict[str, Any]:
+    """
+    Parse HTTP fingerprint output and extract detection results.
+
+    Args:
+        output: Raw output from http_fingerprint plugin
+        target: Target URL from job
+
+    Returns:
+        Dict with structure:
+        {
+            'target': str,
+            'status_code': int,
+            'server': str,
+            'server_version': str,
+            'waf': [str],
+            'cdn': [str],
+            'managed_hosting': str or None,
+            'technologies': [str],
+            'tls': {'version': str, 'cipher': str, 'bits': int},
+            'headers': {str: str},
+            'redirect_url': str or None,
+            'error': str or None,
+        }
+    """
+    result = {
+        'target': target,
+        'status_code': None,
+        'server': None,
+        'server_version': None,
+        'waf': [],
+        'cdn': [],
+        'managed_hosting': None,
+        'technologies': [],
+        'tls': None,
+        'headers': {},
+        'redirect_url': None,
+        'error': None,
+    }
+
+    # Try to extract JSON result first (most reliable)
+    json_match = re.search(r'=== JSON_RESULT ===\n(.+?)\n=== END_JSON_RESULT ===', output, re.DOTALL)
+    if json_match:
+        try:
+            json_result = json.loads(json_match.group(1))
+            result.update(json_result)
+            result['target'] = target or result.get('target', '')
+            return result
+        except json.JSONDecodeError:
+            pass
+
+    # Fall back to parsing text output
+    lines = output.split('\n')
+
+    for line in lines:
+        line = line.strip()
+
+        # Parse HTTP status
+        if line.startswith('HTTP Status:'):
+            match = re.search(r'HTTP Status:\s+(\d+)', line)
+            if match:
+                result['status_code'] = int(match.group(1))
+
+        # Parse server
+        elif line.startswith('Server:'):
+            result['server'] = line.replace('Server:', '').strip()
+
+        # Parse redirect
+        elif line.startswith('Redirected to:'):
+            result['redirect_url'] = line.replace('Redirected to:', '').strip()
+
+        # Parse TLS
+        elif line.startswith('TLS:'):
+            match = re.search(r'TLS:\s+(\S+)\s+\((.+?)\)', line)
+            if match:
+                result['tls'] = {
+                    'version': match.group(1),
+                    'cipher': match.group(2),
+                }
+
+        # Parse managed hosting
+        elif line.startswith('MANAGED HOSTING DETECTED:'):
+            result['managed_hosting'] = line.replace('MANAGED HOSTING DETECTED:', '').strip()
+
+        # Parse WAF (multi-line section)
+        elif line.startswith('WAF/Protection Detected:'):
+            continue  # Header line, actual entries follow
+
+        # Parse CDN (multi-line section)
+        elif line.startswith('CDN Detected:'):
+            continue  # Header line, actual entries follow
+
+        # Parse technologies (multi-line section)
+        elif line.startswith('Technologies:'):
+            continue  # Header line, actual entries follow
+
+        # Parse list items (WAF, CDN, Technologies)
+        elif line.startswith('- '):
+            item = line[2:].strip()
+            # Determine which list this belongs to based on context
+            # This is a simple heuristic - JSON parsing is more reliable
+            if any(waf_keyword in item.lower() for waf_keyword in ['waf', 'cloudflare', 'akamai', 'imperva', 'sucuri', 'f5']):
+                if item not in result['waf']:
+                    result['waf'].append(item)
+            elif any(cdn_keyword in item.lower() for cdn_keyword in ['cdn', 'cloudfront', 'fastly', 'varnish', 'edge']):
+                if item not in result['cdn']:
+                    result['cdn'].append(item)
+            else:
+                if item not in result['technologies']:
+                    result['technologies'].append(item)
+
+        # Parse error
+        elif line.startswith('ERROR:'):
+            result['error'] = line.replace('ERROR:', '').strip()
+
+    return result
+
+
+def is_managed_hosting(parsed_data: Dict[str, Any]) -> bool:
+    """
+    Check if target is a managed hosting platform.
+
+    Args:
+        parsed_data: Output from parse_http_fingerprint_output()
+
+    Returns:
+        True if managed hosting platform detected
+    """
+    return parsed_data.get('managed_hosting') is not None
+
+
+def get_managed_hosting_platform(parsed_data: Dict[str, Any]) -> Optional[str]:
+    """
+    Get the name of the managed hosting platform.
+
+    Args:
+        parsed_data: Output from parse_http_fingerprint_output()
+
+    Returns:
+        Platform name or None
+    """
+    return parsed_data.get('managed_hosting')
+
+
+def has_waf(parsed_data: Dict[str, Any]) -> bool:
+    """
+    Check if WAF is detected.
+
+    Args:
+        parsed_data: Output from parse_http_fingerprint_output()
+
+    Returns:
+        True if WAF detected
+    """
+    return len(parsed_data.get('waf', [])) > 0
+
+
+def get_wafs(parsed_data: Dict[str, Any]) -> List[str]:
+    """
+    Get list of detected WAFs.
+
+    Args:
+        parsed_data: Output from parse_http_fingerprint_output()
+
+    Returns:
+        List of WAF names
+    """
+    return parsed_data.get('waf', [])
+
+
+def has_cdn(parsed_data: Dict[str, Any]) -> bool:
+    """
+    Check if CDN is detected.
+
+    Args:
+        parsed_data: Output from parse_http_fingerprint_output()
+
+    Returns:
+        True if CDN detected
+    """
+    return len(parsed_data.get('cdn', [])) > 0
+
+
+def get_cdns(parsed_data: Dict[str, Any]) -> List[str]:
+    """
+    Get list of detected CDNs.
+
+    Args:
+        parsed_data: Output from parse_http_fingerprint_output()
+
+    Returns:
+        List of CDN names
+    """
+    return parsed_data.get('cdn', [])
+
+
+def build_fingerprint_context(parsed_data: Dict[str, Any]) -> Dict[str, Any]:
+    """
+    Build context dict for use in tool chaining.
+
+    This is used to pass fingerprint data to downstream tools
+    so they can make smarter decisions.
+
+    Args:
+        parsed_data: Output from parse_http_fingerprint_output()
+
+    Returns:
+        Context dict for tool chaining
+    """
+    return {
+        'http_fingerprint': {
+            'managed_hosting': parsed_data.get('managed_hosting'),
+            'waf': parsed_data.get('waf', []),
+            'cdn': parsed_data.get('cdn', []),
+            'server': parsed_data.get('server'),
+            'technologies': parsed_data.get('technologies', []),
+            'status_code': parsed_data.get('status_code'),
+        }
+    }
+
+
+def get_tool_recommendations(parsed_data: Dict[str, Any]) -> Dict[str, Any]:
+    """
+    Get recommendations for tool configuration based on fingerprint.
+
+    Args:
+        parsed_data: Output from parse_http_fingerprint_output()
+
+    Returns:
+        Dict with tool-specific recommendations
+    """
+    recommendations = {
+        'nikto': {
+            'skip_cgi': False,
+            'extra_args': [],
+            'reason': None,
+        },
+        'nuclei': {
+            'extra_args': [],
+            'skip_tags': [],
+            'reason': None,
+        },
+        'sqlmap': {
+            'tamper_scripts': [],
+            'extra_args': [],
+            'reason': None,
+        },
+        'general': {
+            'notes': [],
+        }
+    }
+
+    # Managed hosting recommendations
+    if parsed_data.get('managed_hosting'):
+        platform = parsed_data['managed_hosting']
+        recommendations['nikto']['skip_cgi'] = True
+        recommendations['nikto']['extra_args'] = ['-C', 'none', '-Tuning', 'x6']
+        recommendations['nikto']['reason'] = f"Managed hosting ({platform}) - CGI enumeration skipped"
+
+        recommendations['general']['notes'].append(
+            f"Target is hosted on {platform} - limited vulnerability surface expected"
+        )
+
+    # WAF recommendations
+    wafs = parsed_data.get('waf', [])
+    if wafs:
+        waf_list = ', '.join(wafs)
+        recommendations['general']['notes'].append(f"WAF detected: {waf_list}")
+
+        # SQLMap tamper scripts for common WAFs
+        for waf in wafs:
+            waf_lower = waf.lower()
+            if 'cloudflare' in waf_lower:
+                recommendations['sqlmap']['tamper_scripts'].extend(['between', 'randomcase', 'space2comment'])
+            elif 'akamai' in waf_lower:
+                recommendations['sqlmap']['tamper_scripts'].extend(['charencode', 'space2plus'])
+            elif 'imperva' in waf_lower or 'incapsula' in waf_lower:
+                recommendations['sqlmap']['tamper_scripts'].extend(['randomcase', 'between'])
+
+        if recommendations['sqlmap']['tamper_scripts']:
+            # Dedupe
+            recommendations['sqlmap']['tamper_scripts'] = list(set(recommendations['sqlmap']['tamper_scripts']))
+            recommendations['sqlmap']['reason'] = f"WAF bypass tamper scripts for {waf_list}"
+
+    # CDN recommendations
+    cdns = parsed_data.get('cdn', [])
+    if cdns:
+        cdn_list = ', '.join(cdns)
+        recommendations['general']['notes'].append(
+            f"CDN detected: {cdn_list} - responses may be cached, hitting edge not origin"
+        )
+
+    return recommendations
+
+
+# Export the main functions
+__all__ = [
+    'parse_http_fingerprint_output',
+    'is_managed_hosting',
+    'get_managed_hosting_platform',
+    'has_waf',
+    'get_wafs',
+    'has_cdn',
+    'get_cdns',
+    'build_fingerprint_context',
+    'get_tool_recommendations',
+]

souleyez/parsers/hydra_parser.py

@@ -85,13 +85,24 @@ def parse_hydra_output(output: str, target: str = "") -> Dict[str, Any]:
                 'password': attempt_match.group(3)
             }
 
-        # Parse successful login lines
-        # Format: [PORT][SERVICE] host: HOST   login: USER   password: PASS
+        # Parse successful login lines with multiple format support
+        # Format 1: [PORT][SERVICE] host: HOST   login: USER   password: PASS
+        # Format 2: [PORT][SERVICE] host: HOST  login: USER  password: PASS (single space)
+        # Format 3: [SERVICE][PORT] host: HOST login: USER password: PASS (swapped)
+        # Format 4: [PORT][SERVICE] HOST login: USER password: PASS (no "host:")
+
+        login_match = None
+        port = None
+        service = None
+        host = None
+        username = None
+        password = None
+
+        # Try standard format: [PORT][SERVICE] host: HOST login: USER password: PASS
         login_match = re.search(
-            r'\[(\d+)\]\[([\w-]+)\]\s+host:\s+(\S+)\s+login:\s+(\S+)\s+password:\s+(.+)',
-            line_stripped
+            r'\[(\d+)\]\[([\w-]+)\]\s+host:\s*(\S+)\s+login:\s*(\S+)\s+password:\s*(.+)',
+            line_stripped, re.IGNORECASE
         )
-
         if login_match:
             port = int(login_match.group(1))
             service = login_match.group(2).lower()
@@ -99,6 +110,46 @@ def parse_hydra_output(output: str, target: str = "") -> Dict[str, Any]:
             username = login_match.group(4)
             password = login_match.group(5).strip()
 
+        # Try swapped format: [SERVICE][PORT]
+        if not login_match:
+            login_match = re.search(
+                r'\[([\w-]+)\]\[(\d+)\]\s+host:\s*(\S+)\s+login:\s*(\S+)\s+password:\s*(.+)',
+                line_stripped, re.IGNORECASE
+            )
+            if login_match:
+                service = login_match.group(1).lower()
+                port = int(login_match.group(2))
+                host = login_match.group(3)
+                username = login_match.group(4)
+                password = login_match.group(5).strip()
+
+        # Try format without "host:" label
+        if not login_match:
+            login_match = re.search(
+                r'\[(\d+)\]\[([\w-]+)\]\s+(\d+\.\d+\.\d+\.\d+|\S+)\s+login:\s*(\S+)\s+password:\s*(.+)',
+                line_stripped, re.IGNORECASE
+            )
+            if login_match:
+                port = int(login_match.group(1))
+                service = login_match.group(2).lower()
+                host = login_match.group(3)
+                username = login_match.group(4)
+                password = login_match.group(5).strip()
+
+        # Try flexible format with any whitespace between fields
+        if not login_match:
+            login_match = re.search(
+                r'\[(\d+)\]\[([\w-]+)\].*?(?:host:?\s*)?(\d+\.\d+\.\d+\.\d+|\S+\.\S+).*?login:?\s*(\S+).*?password:?\s*(.+)',
+                line_stripped, re.IGNORECASE
+            )
+            if login_match:
+                port = int(login_match.group(1))
+                service = login_match.group(2).lower()
+                host = login_match.group(3)
+                username = login_match.group(4)
+                password = login_match.group(5).strip()
+
+        if login_match and port and service and username:
             # Store service info if not already set
             if not result['service']:
                 result['service'] = service