souleyez 2.16.0__py3-none-any.whl → 2.26.0__py3-none-any.whl

souleyez/parsers/impacket_parser.py

@@ -30,35 +30,80 @@ def parse_secretsdump(log_path: str, target: str) -> Dict[str, Any]:
         with open(log_path, 'r', encoding='utf-8') as f:
             content = f.read()
             
-        # Parse NTLM hashes (format: username:RID:LM:NT:::)
-        hash_pattern = r'([^:\s]+):(\d+):([0-9a-fA-F]{32}):([0-9a-fA-F]{32}):::'
-        for match in re.finditer(hash_pattern, content):
-            username, rid, lm_hash, nt_hash = match.groups()
-            
-            # Skip empty hashes
-            if nt_hash.lower() == '31d6cfe0d16ae931b73c59d7e0c089c0':
-                continue
-                
-            hashes.append({
-                'username': username,
-                'rid': rid,
-                'lm_hash': lm_hash,
-                'nt_hash': nt_hash,
-                'hash_type': 'NTLM'
-            })
-            
-        # Parse plaintext passwords (format: DOMAIN\username:password)
-        plaintext_pattern = r'([^\\:\s]+)\\([^:\s]+):(.+?)(?:\n|$)'
-        for match in re.finditer(plaintext_pattern, content):
-            domain, username, password = match.groups()
-            
-            if password and not password.startswith('(null)'):
-                credentials.append({
-                    'domain': domain,
+        # Parse NTLM hashes with multiple format support
+        # Format 1: username:RID:LM:NT::: (standard secretsdump)
+        # Format 2: username:RID:LM:NT:: (without trailing colon)
+        # Format 3: DOMAIN\username:RID:LM:NT::: (with domain prefix)
+        # Format 4: username:$NT$hash (simplified format)
+
+        # Standard format with 32-char hashes and trailing colons
+        hash_patterns = [
+            r'([^:\s\\]+):(\d+):([0-9a-fA-F]{32}):([0-9a-fA-F]{32}):::?',  # Standard
+            r'([^:\s]+)\\([^:\s]+):(\d+):([0-9a-fA-F]{32}):([0-9a-fA-F]{32}):::?',  # Domain\user
+        ]
+
+        for pattern in hash_patterns:
+            for match in re.finditer(pattern, content):
+                groups = match.groups()
+                if len(groups) == 4:
+                    username, rid, lm_hash, nt_hash = groups
+                elif len(groups) == 5:
+                    # Domain\username format
+                    domain, username, rid, lm_hash, nt_hash = groups
+                    username = f"{domain}\\{username}"
+                else:
+                    continue
+
+                # Skip empty hashes (blank password indicator)
+                if nt_hash.lower() == '31d6cfe0d16ae931b73c59d7e0c089c0':
+                    continue
+
+                hashes.append({
                     'username': username,
-                    'password': password,
-                    'credential_type': 'plaintext'
+                    'rid': rid,
+                    'lm_hash': lm_hash,
+                    'nt_hash': nt_hash,
+                    'hash_type': 'NTLM'
                 })
+            
+        # Parse plaintext passwords with multiple format support
+        # Format 1: DOMAIN\username:password
+        # Format 2: DOMAIN\\username:password (escaped backslash)
+        # Format 3: username@DOMAIN:password
+        # Format 4: [*] DOMAIN\username:password (with prefix)
+
+        plaintext_patterns = [
+            r'([^\\:\s]+)[\\]+([^:\s]+):([^\n\r]+)',  # DOMAIN\user:pass
+            r'([^@:\s]+)@([^:\s]+):([^\n\r]+)',  # user@DOMAIN:pass
+            r'\[\*\]\s*([^\\:\s]+)[\\]+([^:\s]+):([^\n\r]+)',  # [*] DOMAIN\user:pass
+        ]
+
+        for pattern in plaintext_patterns:
+            for match in re.finditer(pattern, content):
+                groups = match.groups()
+                if len(groups) == 3:
+                    part1, part2, password = groups
+                    password = password.strip()
+
+                    # Skip null/empty passwords and hash-like values
+                    if not password or password.startswith('(null)'):
+                        continue
+                    # Skip if password looks like a hash (32+ hex chars)
+                    if re.match(r'^[0-9a-fA-F]{32,}$', password):
+                        continue
+
+                    # Determine domain/username based on pattern
+                    if '@' in match.group(0):
+                        username, domain = part1, part2
+                    else:
+                        domain, username = part1, part2
+
+                    credentials.append({
+                        'domain': domain,
+                        'username': username,
+                        'password': password,
+                        'credential_type': 'plaintext'
+                    })
                 
         # Parse Kerberos keys (format: username:$krb5...)
         krb_pattern = r'([^:\s]+):(\$krb5[^\s]+)'
@@ -113,25 +158,46 @@ def parse_getnpusers(log_path: str, target: str) -> Dict[str, Any]:
         with open(log_path, 'r', encoding='utf-8') as f:
             content = f.read()
             
-        # Parse AS-REP hashes (format: $krb5asrep$...)
-        hash_pattern = r'\$krb5asrep\$23\$([^@]+)@([^:]+):([^\s]+)'
-        for match in re.finditer(hash_pattern, content):
-            username, domain, hash_value = match.groups()
-            
-            hashes.append({
-                'username': username,
-                'domain': domain,
-                'hash': f'$krb5asrep$23${username}@{domain}:{hash_value}',
-                'hash_type': 'AS-REP',
-                'crackable': True
-            })
-            
+        # Parse AS-REP hashes with multiple format support
+        # Format 1: $krb5asrep$23$user@DOMAIN:hash (etype 23)
+        # Format 2: $krb5asrep$18$user@DOMAIN:hash (etype 18)
+        # Format 3: $krb5asrep$user@DOMAIN:hash (no etype)
+        # Format 4: username:$krb5asrep... (username:hash format)
+
+        # Full format with etype: $krb5asrep$ETYPE$user@DOMAIN:hash
+        hash_patterns = [
+            r'\$krb5asrep\$(\d+)\$([^@]+)@([^:]+):([^\s]+)',  # With etype
+            r'\$krb5asrep\$([^@$]+)@([^:]+):([^\s]+)',  # Without etype
+        ]
+
+        for pattern in hash_patterns:
+            for match in re.finditer(pattern, content):
+                groups = match.groups()
+                if len(groups) == 4:
+                    etype, username, domain, hash_value = groups
+                    full_hash = f'$krb5asrep${etype}${username}@{domain}:{hash_value}'
+                elif len(groups) == 3:
+                    username, domain, hash_value = groups
+                    etype = '23'  # Default etype
+                    full_hash = f'$krb5asrep${username}@{domain}:{hash_value}'
+                else:
+                    continue
+
+                hashes.append({
+                    'username': username,
+                    'domain': domain,
+                    'hash': full_hash,
+                    'hash_type': 'AS-REP',
+                    'etype': etype,
+                    'crackable': True
+                })
+
         # Also check for simple format (username:hash)
         if not hashes:
             simple_pattern = r'^([^:\s]+):(\$krb5asrep[^\s]+)'
             for match in re.finditer(simple_pattern, content, re.MULTILINE):
                 username, hash_value = match.groups()
-                
+
                 hashes.append({
                     'username': username,
                     'hash': hash_value,
@@ -174,9 +240,22 @@ def parse_psexec(log_path: str, target: str) -> Dict[str, Any]:
         with open(log_path, 'r', encoding='utf-8') as f:
             content = f.read()
             
-        # Check for successful connection
-        if '[*] Requesting shares on' in content or 'C:\\Windows\\system32>' in content:
-            success = True
+        # Check for successful connection with multiple indicators
+        success_indicators = [
+            '[*] Requesting shares on',
+            'C:\\Windows\\system32>',
+            'C:\\WINDOWS\\system32>',
+            '[*] Uploading',
+            '[*] Opening SVCManager',
+            'Microsoft Windows',  # Version banner
+            '[*] Starting service',
+            'Process .+ created',  # Process creation message
+        ]
+
+        for indicator in success_indicators:
+            if re.search(indicator, content, re.IGNORECASE):
+                success = True
+                break
             
         # Extract command output (everything after the prompt)
         output_lines = [line for line in content.split('\n') if line.strip()]

souleyez/parsers/john_parser.py

@@ -32,11 +32,18 @@ def parse_john_output(output: str, hash_file: str = None) -> Dict:
     if loaded_match:
         results['total_loaded'] = int(loaded_match.group(1))
     
-    # Parse cracked passwords from live output
-    # Format: "password         (username)"
+    # Parse cracked passwords from live output with multiple format support
+    # Format 1: "password         (username)"
+    # Format 2: "password (username)"
+    # Format 3: "username:password"
+    # Format 4: "password          (username) [hash_type]"
     for line in output.split('\n'):
-        # Look for cracked passwords in format: password (username)
-        match = re.match(r'^(\S+)\s+\((\S+)\)\s*$', line.strip())
+        line = line.strip()
+        if not line or line.startswith('#') or line.startswith('['):
+            continue
+
+        # Try format: password (username) with optional hash type
+        match = re.match(r'^(\S+)\s+\(([^)]+)\)(?:\s+\[.+\])?\s*$', line)
         if match:
             password = match.group(1)
             username = match.group(2)
@@ -45,18 +52,44 @@ def parse_john_output(output: str, hash_file: str = None) -> Dict:
                 'password': password,
                 'source': 'john_live'
             })
-    
-    # Check session status
-    if 'Session completed' in output:
+            continue
+
+        # Try format: username:password (from --show output)
+        if ':' in line and not line.startswith('Loaded'):
+            parts = line.split(':')
+            if len(parts) >= 2 and len(parts[0]) > 0 and len(parts[-1]) > 0:
+                # Skip if it looks like a hash (32+ hex chars)
+                if not re.match(r'^[0-9a-fA-F]{32,}$', parts[-1]):
+                    username = parts[0]
+                    password = parts[-1]
+                    results['cracked'].append({
+                        'username': username,
+                        'password': password,
+                        'source': 'john_live'
+                    })
+
+    # Check session status with multiple format support
+    if any(x in output for x in ['Session completed', 'session completed', 'Proceeding with next']):
         results['session_status'] = 'completed'
-    elif 'Session aborted' in output:
+    elif any(x in output for x in ['Session aborted', 'session aborted', 'Interrupted']):
         results['session_status'] = 'aborted'
-    
-    # Parse summary line
-    # Format: "2g 0:00:00:01 DONE..."
-    summary_match = re.search(r'(\d+)g\s+[\d:]+\s+(DONE|Session)', output)
-    if summary_match:
-        results['total_cracked'] = int(summary_match.group(1))
+    elif 'No password hashes left to crack' in output:
+        results['session_status'] = 'completed'
+
+    # Parse summary line with multiple formats
+    # Format 1: "2g 0:00:00:01 DONE..."
+    # Format 2: "2g 0:00:00:01 100% DONE..."
+    # Format 3: "Session completed, 2g"
+    summary_patterns = [
+        r'(\d+)g\s+[\d:]+\s+(?:\d+%\s+)?(DONE|Session)',
+        r'Session completed[,\s]+(\d+)g',
+        r'(\d+)\s+password hashes? cracked',
+    ]
+    for pattern in summary_patterns:
+        summary_match = re.search(pattern, output, re.IGNORECASE)
+        if summary_match:
+            results['total_cracked'] = int(summary_match.group(1))
+            break
     
     # If hash_file provided, also parse john.pot or run --show
     if hash_file and os.path.isfile(hash_file):

souleyez/parsers/msf_parser.py

@@ -7,9 +7,16 @@ from typing import Dict, Any
 
 
 def strip_ansi_codes(text: str) -> str:
-    """Remove ANSI escape codes from text."""
-    ansi_escape = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])')
-    return ansi_escape.sub('', text)
+    """Remove ANSI escape codes and other terminal control sequences from text."""
+    # Pattern 1: Standard ANSI escape sequences
+    text = re.sub(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])', '', text)
+    # Pattern 2: OSC sequences (Operating System Command)
+    text = re.sub(r'\x1B\].*?\x07', '', text)
+    # Pattern 3: Simple color codes
+    text = re.sub(r'\x1b\[[0-9;]*m', '', text)
+    # Pattern 4: Carriage returns and other control chars (except newlines)
+    text = re.sub(r'[\x00-\x08\x0b\x0c\x0e-\x1f]', '', text)
+    return text
 
 
 def parse_msf_ssh_version(output: str, target: str) -> Dict[str, Any]:
@@ -254,6 +261,7 @@ def parse_msf_login_success(output: str, target: str, module: str) -> Dict[str,
     seen_creds = set()  # Avoid duplicates
 
     # Pattern 1: [+] 10.0.0.82:22 - Success: 'username:password' 'additional info'
+    # Also handles: [+] 10.0.0.82:22 - Success: "username:password"
     success_pattern1 = r'\[\+\]\s+[\d.]+:(\d+)\s+-\s+Success:\s+[\'"]([^:]+):([^\'\"]+)[\'"]'
 
     # Pattern 2: [+] IP:PORT - IP:PORT - Login Successful: user:pass@database
@@ -268,6 +276,13 @@ def parse_msf_login_success(output: str, target: str, module: str) -> Dict[str,
     # MSF telnet_login uses "username:password login: Login OK" format
     success_pattern_telnet = r'\[\+\]\s+[\d.]+:(\d+).*-\s+([^:\s]+):([^\s]+)\s+login:\s+Login OK'
 
+    # Pattern 5: Flexible [+] with credentials anywhere (fallback)
+    # Handles: [+] 10.0.0.82:22 Found credentials: user:pass
+    success_pattern_flexible = r'\[\+\]\s+[\d.]+:(\d+).*(?:credential|found|valid).*?[\'"]?([^:\s\'\"]+):([^\'\"@\s]+)[\'"]?'
+
+    # Pattern 6: RDP format [+] 10.0.0.82:3389 - DOMAIN\user:password - Success
+    success_pattern_rdp = r'\[\+\]\s+[\d.]+:(\d+).*?([^\\:\s]+\\)?([^:\s]+):([^\s-]+)\s*-\s*Success'
+
     # Try pattern 3 first (VNC with empty username)
     for match in re.finditer(success_pattern3, clean_output):
         port = int(match.group(1))
@@ -295,8 +310,8 @@ def parse_msf_login_success(output: str, target: str, module: str) -> Dict[str,
             })
 
     # Try other patterns (username:password style)
-    for pattern in [success_pattern1, success_pattern2, success_pattern_telnet]:
-        for match in re.finditer(pattern, clean_output):
+    for pattern in [success_pattern1, success_pattern2, success_pattern_telnet, success_pattern_flexible]:
+        for match in re.finditer(pattern, clean_output, re.IGNORECASE):
             port = int(match.group(1))
             username = match.group(2)
             password = match.group(3)

souleyez/parsers/nmap_parser.py

@@ -449,34 +449,55 @@ def parse_nmap_text(output: str) -> Dict[str, Any]:
                 version = None
                 
                 if raw_version:
-                    # Remove nmap metadata: "syn-ack ttl XX"
-                    cleaned = raw_version
-                    if cleaned.startswith('syn-ack'):
-                        parts_ver = cleaned.split()
-                        # Skip "syn-ack", "ttl", and the TTL number
-                        if 'ttl' in parts_ver:
-                            ttl_idx = parts_ver.index('ttl')
-                            cleaned = ' '.join(parts_ver[ttl_idx+2:])  # Skip "ttl XX"
-                        else:
-                            cleaned = ' '.join(parts_ver[1:])  # Skip "syn-ack"
-                    
-                    # Extract product and version
-                    # Pattern: "ProductName version.number rest of string"
-                    # Examples:
-                    #   "ProFTPD 1.3.5" → product="ProFTPD", version="1.3.5"
-                    #   "Apache httpd 2.4.7 ((Ubuntu))" → product="Apache httpd", version="2.4.7"
-                    #   "OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13" → product="OpenSSH", version="6.6.1p1"
-                    
-                    version_pattern = r'([A-Za-z][\w\s\-\.]+?)\s+(v?\d+[\.\d]+[\w\-\.]*)'
-                    match = re.search(version_pattern, cleaned)
-                    
-                    if match:
-                        product = match.group(1).strip()
-                        version = match.group(2).strip()
-                    else:
-                        # Fallback: use cleaned string as version, service as product
+                    try:
+                        # Remove nmap metadata: "syn-ack ttl XX", "reset ttl XX", etc.
+                        cleaned = raw_version
+                        # Handle various nmap scan type prefixes
+                        metadata_prefixes = ['syn-ack', 'reset', 'conn-refused', 'no-response']
+                        for prefix in metadata_prefixes:
+                            if cleaned.lower().startswith(prefix):
+                                parts_ver = cleaned.split()
+                                # Skip prefix and "ttl XX" if present
+                                if len(parts_ver) > 1 and 'ttl' in parts_ver:
+                                    try:
+                                        ttl_idx = parts_ver.index('ttl')
+                                        cleaned = ' '.join(parts_ver[ttl_idx+2:])  # Skip "ttl XX"
+                                    except (ValueError, IndexError):
+                                        cleaned = ' '.join(parts_ver[1:])  # Skip just prefix
+                                else:
+                                    cleaned = ' '.join(parts_ver[1:])  # Skip just prefix
+                                break
+
+                        # Extract product and version with multiple patterns
+                        # Pattern: "ProductName version.number rest of string"
+                        # Examples:
+                        #   "ProFTPD 1.3.5" → product="ProFTPD", version="1.3.5"
+                        #   "Apache httpd 2.4.7 ((Ubuntu))" → product="Apache httpd", version="2.4.7"
+                        #   "OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13" → product="OpenSSH", version="6.6.1p1"
+
+                        version_patterns = [
+                            r'([A-Za-z][\w\s\-\.]+?)\s+(v?\d+[\.\d]+[\w\-\.]*)',  # Standard
+                            r'^([A-Za-z][\w\-]+)\s+(\d[\w\.\-]+)',  # ProductName vX.Y.Z
+                            r'^([A-Za-z][\w\s]+?)\s+v?(\d+(?:\.\d+)+)',  # "Product Name 1.2.3"
+                        ]
+
+                        matched = False
+                        for pattern in version_patterns:
+                            match = re.search(pattern, cleaned)
+                            if match:
+                                product = match.group(1).strip()
+                                version = match.group(2).strip()
+                                matched = True
+                                break
+
+                        if not matched:
+                            # Fallback: use cleaned string as version, service as product
+                            product = service_name
+                            version = cleaned.strip() if cleaned.strip() else None
+                    except Exception:
+                        # If version parsing fails, use raw values
                         product = service_name
-                        version = cleaned if cleaned else None
+                        version = raw_version
 
                 # Fallback: If service is unknown but port is a common web port, assume HTTP
                 # This handles cases where nmap misidentifies or can't fingerprint web apps
@@ -580,12 +601,108 @@ def parse_nmap_text(output: str) -> Dict[str, Any]:
     # Parse vulnerability scripts (--script vuln output)
     vulnerabilities = parse_nmap_vuln_scripts(output)
 
+    # Parse info scripts (vnc-info, ssh-hostkey, etc.)
+    info_scripts = parse_nmap_info_scripts(output)
+
     return {
         "hosts": hosts,
-        "vulnerabilities": vulnerabilities
+        "vulnerabilities": vulnerabilities,
+        "info_scripts": info_scripts
     }
 
 
+def parse_nmap_info_scripts(output: str) -> List[Dict[str, Any]]:
+    """
+    Parse nmap info script output (non-vulnerability scripts).
+
+    Extracts results from scripts like vnc-info, ssh-hostkey, etc.
+    These provide useful information that should be captured as findings.
+
+    Returns:
+        List of info findings with:
+        - host_ip: IP address
+        - port: Port number
+        - script: Script name
+        - title: Finding title
+        - severity: Always 'info' for info scripts
+        - description: Script output content
+    """
+    findings = []
+    current_host_ip = None
+    current_port = None
+
+    lines = output.split('\n')
+    i = 0
+
+    # Info scripts to capture (add more as needed)
+    info_scripts = {
+        'vnc-info': 'VNC Server Information',
+        'ssh-hostkey': 'SSH Host Key',
+        'http-server-header': 'HTTP Server Header',
+        'ssl-cert': 'SSL Certificate',
+        'http-title': 'HTTP Page Title',
+        'smb-os-discovery': 'SMB OS Discovery',
+        'rdp-ntlm-info': 'RDP NTLM Information',
+    }
+
+    while i < len(lines):
+        line = lines[i]
+
+        # Track current host - "Nmap scan report for 10.0.0.73"
+        if line.startswith("Nmap scan report for"):
+            match = re.search(r'for (\d+\.\d+\.\d+\.\d+)', line)
+            if match:
+                current_host_ip = match.group(1)
+            else:
+                # Try hostname (IP in parens)
+                match = re.search(r'\((\d+\.\d+\.\d+\.\d+)\)', line)
+                if match:
+                    current_host_ip = match.group(1)
+
+        # Track current port - "80/tcp   open  http"
+        elif re.match(r'^\d+/(tcp|udp)', line):
+            parts = line.split()
+            if parts:
+                port_proto = parts[0].split('/')
+                current_port = int(port_proto[0])
+
+        # Parse info script blocks
+        elif line.startswith('| ') and ':' in line and current_host_ip:
+            # Could be start of a script block like "| vnc-info:"
+            script_match = re.match(r'\|\s*([a-zA-Z0-9_-]+):\s*$', line)
+            if script_match:
+                script_name = script_match.group(1)
+
+                # Only process info scripts we care about
+                if script_name in info_scripts:
+                    # Collect all lines of this script block
+                    script_lines = []
+                    i += 1
+                    while i < len(lines) and (lines[i].startswith('|') or lines[i].startswith('|_')):
+                        # Clean up the line
+                        clean_line = lines[i].lstrip('|').lstrip('_').strip()
+                        if clean_line:
+                            script_lines.append(clean_line)
+                        if lines[i].startswith('|_'):
+                            break
+                        i += 1
+
+                    if script_lines:
+                        findings.append({
+                            'host_ip': current_host_ip,
+                            'port': current_port,
+                            'script': script_name,
+                            'title': info_scripts[script_name],
+                            'severity': 'info',
+                            'description': '\n'.join(script_lines)
+                        })
+                    continue
+
+        i += 1
+
+    return findings
+
+
 def parse_nmap_output(content: str, target: str = "") -> Dict[str, Any]:
     """
     Wrapper for parse_nmap_text that matches the display interface.

souleyez/parsers/smbmap_parser.py

@@ -49,24 +49,54 @@ def parse_smbmap_output(output: str, target: str = "") -> Dict[str, Any]:
                     'timestamp': str
                 },
                 ...
-            ]
+            ],
+            'smb_detected': bool,  # True if SMB service was detected
+            'hosts_count': int,    # Number of hosts serving SMB
+            'error': str           # Error message if tool crashed
         }
     """
     result = {
         'target': target,
         'status': None,
         'shares': [],
-        'files': []
+        'files': [],
+        'smb_detected': False,
+        'hosts_count': 0,
+        'error': None
     }
 
+    # Check for SMB detection (even if tool crashes later)
+    # [*] Detected 1 hosts serving SMB
+    smb_detected_match = re.search(r'\[\*\]\s*Detected\s+(\d+)\s+hosts?\s+serving\s+SMB', output)
+    if smb_detected_match:
+        result['smb_detected'] = True
+        result['hosts_count'] = int(smb_detected_match.group(1))
+
+    # Check for Python traceback (tool crash)
+    if 'Traceback (most recent call last):' in output:
+        # Extract error message from traceback
+        error_match = re.search(r'(?:Error|Exception).*?[\'"]([^\'"]+)[\'"]', output, re.DOTALL)
+        if error_match:
+            result['error'] = error_match.group(1)
+        else:
+            # Try to get the last line of the traceback
+            traceback_lines = output.split('Traceback (most recent call last):')[-1].strip().split('\n')
+            for line in reversed(traceback_lines):
+                line = line.strip()
+                if line and not line.startswith('File') and not line.startswith('raise'):
+                    result['error'] = line[:200]  # Limit length
+                    break
+
     lines = output.split('\n')
     in_share_table = False
     current_share = None
 
     for i, line in enumerate(lines):
-        # Remove ANSI color codes and control characters
-        line = re.sub(r'\x1b\[[0-9;]*m', '', line)
-        line = re.sub(r'[\[\]\|/\\-]', '', line, count=1)  # Remove progress indicators
+        # Remove ANSI color codes and control characters more thoroughly
+        line = re.sub(r'\x1b\[[0-9;]*[a-zA-Z]', '', line)  # All ANSI escape sequences
+        line = re.sub(r'\x1b\].*?\x07', '', line)  # OSC sequences
+        # Only remove leading progress indicators, not all brackets
+        line = re.sub(r'^[\[\]\|/\\-]+\s*', '', line)
         line = line.strip()
 
         # Extract target and status
@@ -98,29 +128,43 @@ def parse_smbmap_output(output: str, target: str = "") -> Dict[str, Any]:
             # Format: sharename <tabs/spaces> permissions <tabs/spaces> comment
             # tmp                                               	READ, WRITE	oh noes!
 
+            share_name = None
+            permissions = None
+            comment = ''
+
             # Try tab split first
             parts = re.split(r'\t+', line)
-            if len(parts) >= 3:
-                # Tab-separated format
+            if len(parts) >= 2:
                 share_name = parts[0].strip()
-                permissions = parts[1].strip()
-                comment = parts[2].strip() if len(parts) > 2 else ''
-            elif len(parts) == 2:
-                # Only 2 parts (share + permissions, no comment)
-                share_name = parts[0].strip()
-                permissions = parts[1].strip()
-                comment = ''
-            else:
-                # No tabs - try space-based parsing
-                # Match pattern: SHARENAME (spaces) PERMISSIONS (spaces) COMMENT
-                # Need at least 2+ spaces to separate fields
-                match = re.match(r'^\s*(\S+)\s{2,}(READ, WRITE|NO ACCESS|READ|WRITE)(?:\s{2,}(.*))?$', line)
-                if match:
-                    share_name = match.group(1).strip()
-                    permissions = match.group(2).strip()
-                    comment = match.group(3).strip() if match.group(3) else ''
-                else:
-                    continue
+                # Find permissions in remaining parts
+                for p in parts[1:]:
+                    p = p.strip().upper()
+                    if any(x in p for x in ['READ', 'WRITE', 'NO ACCESS', 'NOACCESS']):
+                        permissions = p
+                        break
+                # Comment is everything after permissions
+                if permissions and len(parts) > 2:
+                    perm_idx = next((i for i, p in enumerate(parts) if permissions in p.upper()), -1)
+                    if perm_idx >= 0 and perm_idx + 1 < len(parts):
+                        comment = ' '.join(parts[perm_idx + 1:]).strip()
+
+            # No tabs or tab parse failed - try space-based parsing
+            if not permissions:
+                # Match patterns with flexible spacing and permission variations
+                permission_patterns = [
+                    r'^\s*(\S+)\s{2,}(READ,?\s*WRITE|READ\s*ONLY|WRITE\s*ONLY|NO\s*ACCESS|READ|WRITE)(?:\s{2,}(.*))?$',
+                    r'^\s*(\S+)\s+(READ,?\s*WRITE|READ\s*ONLY|WRITE\s*ONLY|NO\s*ACCESS|READ|WRITE)\s*(.*)$',
+                ]
+                for pattern in permission_patterns:
+                    match = re.match(pattern, line, re.IGNORECASE)
+                    if match:
+                        share_name = match.group(1).strip()
+                        permissions = match.group(2).strip().upper()
+                        comment = match.group(3).strip() if match.group(3) else ''
+                        break
+
+            if not share_name or not permissions:
+                continue
 
             # Skip empty lines or non-share lines
             if not share_name or share_name in ['Disk', 'IPC', '', '*']: