souleyez 2.22.0__py3-none-any.whl → 2.27.0__py3-none-any.whl

souleyez/__init__.py

@@ -1 +1 @@
-__version__ = '2.22.0'
+__version__ = '2.27.0'

souleyez/assets/__init__.py

@@ -0,0 +1 @@
+# SoulEyez assets package

souleyez/core/msf_sync_manager.py

@@ -29,15 +29,25 @@ logger = logging.getLogger(__name__)
 
 def get_msf_database_config() -> Optional[Dict[str, Any]]:
     """
-    Get MSF database configuration from ~/.msf4/database.yml
+    Get MSF database configuration from ~/.msf4/database.yml or system-wide config.
+
+    Checks user config first, then falls back to system-wide config (Kali Linux).
 
     Returns:
         Dictionary with database config or None if not found/parseable
     """
-    db_yml_path = Path.home() / ".msf4" / "database.yml"
-
-    if not db_yml_path.exists():
-        logger.debug(f"MSF database.yml not found at {db_yml_path}")
+    # Check user config first, then system-wide config (Kali uses system-wide)
+    user_db_path = Path.home() / ".msf4" / "database.yml"
+    system_db_path = Path('/usr/share/metasploit-framework/config/database.yml')
+
+    db_yml_path = None
+    if user_db_path.exists():
+        db_yml_path = user_db_path
+    elif system_db_path.exists():
+        db_yml_path = system_db_path
+
+    if not db_yml_path:
+        logger.debug("MSF database.yml not found in user or system config")
         return None
 
     try:

souleyez/core/tool_chaining.py

@@ -15,6 +15,17 @@ CATEGORY_CTF = "ctf"           # Lab/learning scenarios - vulnerable by design
 CATEGORY_ENTERPRISE = "enterprise"  # Real-world enterprise testing
 CATEGORY_GENERAL = "general"   # Standard recon that applies everywhere
 
+# Managed hosting platforms - skip CGI enumeration (pointless on these)
+# These are detected from server headers/banners and product names
+MANAGED_HOSTING_PLATFORMS = {
+    'squarespace', 'wix', 'shopify', 'webflow', 'weebly',
+    'wordpress.com', 'ghost.io', 'medium', 'tumblr', 'blogger',
+    'netlify', 'vercel', 'github.io', 'pages.dev', 'cloudflare',
+    'heroku', 'railway', 'render.com', 'fly.io',
+    'aws cloudfront', 'akamai', 'fastly', 'cloudflare',
+    'azure', 'google cloud', 'firebase',
+}
+
 # Category display icons
 CATEGORY_ICONS = {
     CATEGORY_CTF: "🎯",
@@ -140,6 +151,75 @@ def classify_os_device(os_string: str, services: list) -> dict:
     return {'os_family': 'unknown', 'device_type': 'unknown', 'vendor': None}
 
 
+def is_managed_hosting(services: List[Dict[str, Any]], http_fingerprint: Dict[str, Any] = None) -> bool:
+    """
+    Detect if target is a managed hosting platform.
+
+    These platforms don't have CGI directories, so tools like nikto
+    should skip CGI enumeration to avoid long, pointless scans.
+
+    Args:
+        services: List of service dicts from nmap parser
+        http_fingerprint: Optional fingerprint data from http_fingerprint plugin
+
+    Returns:
+        True if managed hosting detected, False otherwise
+    """
+    # Check fingerprint data first (most reliable, comes from actual HTTP headers)
+    if http_fingerprint:
+        managed = http_fingerprint.get('managed_hosting')
+        if managed:
+            return True
+
+    # Fall back to checking services data (less reliable, from nmap banners)
+    for service in services:
+        # Check product field
+        product = (service.get('product') or '').lower()
+        raw_version = (service.get('raw_version') or '').lower()
+        service_name = (service.get('service') or '').lower()
+
+        # Combine all fields for matching
+        combined = f"{product} {raw_version} {service_name}"
+
+        # Check against known managed hosting platforms
+        for platform in MANAGED_HOSTING_PLATFORMS:
+            if platform in combined:
+                return True
+
+    return False
+
+
+def get_managed_hosting_platform(services: List[Dict[str, Any]], http_fingerprint: Dict[str, Any] = None) -> Optional[str]:
+    """
+    Get the name of the managed hosting platform if detected.
+
+    Args:
+        services: List of service dicts from nmap parser
+        http_fingerprint: Optional fingerprint data from http_fingerprint plugin
+
+    Returns:
+        Platform name or None
+    """
+    # Check fingerprint data first
+    if http_fingerprint:
+        managed = http_fingerprint.get('managed_hosting')
+        if managed:
+            return managed
+
+    # Fall back to services check
+    for service in services:
+        product = (service.get('product') or '').lower()
+        raw_version = (service.get('raw_version') or '').lower()
+        service_name = (service.get('service') or '').lower()
+        combined = f"{product} {raw_version} {service_name}"
+
+        for platform in MANAGED_HOSTING_PLATFORMS:
+            if platform in combined:
+                return platform.title()
+
+    return None
+
+
 # Technology to Nuclei tags mapping
 # Maps detected products/technologies to relevant nuclei template tags
 TECH_TO_NUCLEI_TAGS = {
@@ -575,6 +655,25 @@ class ChainRule:
                 new_args.append(arg)
             args = new_args
 
+        # For Nikto: Skip CGI enumeration on managed hosting platforms
+        # This prevents long, pointless scans on Squarespace, Wix, etc.
+        if self.target_tool == 'nikto':
+            services = context.get('services', [])
+            http_fingerprint = context.get('http_fingerprint', {})
+            if is_managed_hosting(services, http_fingerprint):
+                # Add -C none to skip CGI dirs (pointless on managed hosting)
+                if '-C' not in str(args):
+                    args.extend(['-C', 'none'])
+                # Add -Tuning x6 to skip remote file inclusion tests
+                if '-Tuning' not in str(args):
+                    args.extend(['-Tuning', 'x6'])
+                # Log which platform was detected
+                platform = get_managed_hosting_platform(services, http_fingerprint)
+                if platform:
+                    from souleyez.log_config import get_logger
+                    logger = get_logger(__name__)
+                    logger.info(f"[FINGERPRINT] Managed hosting detected ({platform}) - nikto using optimized scan config")
+
         # For SQLMap with POST injections, add --data if we have POST data
         if self.target_tool == 'sqlmap' and post_data and '--data' not in str(args):
             # Insert --data after -u argument
@@ -642,32 +741,42 @@ class ToolChaining:
 
         # Web service discovered → run web scanners
         self.rules.extend([
-            # Modern vulnerability scanner (Nuclei) - PRIORITY
-            # Uses {nuclei_tags} placeholder to auto-detect tech and run relevant templates
+            # HTTP Fingerprinting - runs FIRST to detect WAF/CDN/managed hosting
+            # This enables smarter tool configuration for downstream scanners
             ChainRule(
                 trigger_tool='nmap',
                 trigger_condition='service:http',
+                target_tool='http_fingerprint',
+                priority=11,  # Highest priority - runs before all other web tools
+                args_template=[],
+                description='Web server detected, fingerprinting for WAF/CDN/platform detection'
+            ),
+            # Nikto triggered by http_fingerprint (uses fingerprint data for smart config)
+            ChainRule(
+                trigger_tool='http_fingerprint',
+                trigger_condition='has:services',
+                target_tool='nikto',
+                priority=8,
+                args_template=['-nointeractive', '-timeout', '10'],
+                description='Fingerprinting complete, scanning for server misconfigurations with Nikto'
+            ),
+            # Nuclei triggered by http_fingerprint
+            ChainRule(
+                trigger_tool='http_fingerprint',
+                trigger_condition='has:services',
                 target_tool='nuclei',
                 priority=9,
                 args_template=['-tags', '{nuclei_tags}', '-severity', 'critical,high', '-rate-limit', '50', '-c', '10', '-timeout', '10'],
-                description='Web server detected (HTTP/HTTPS), scanning with Nuclei'
+                description='Fingerprinting complete, scanning with Nuclei'
             ),
+            # Gobuster triggered by http_fingerprint
             ChainRule(
-                trigger_tool='nmap',
-                trigger_condition='service:http',
+                trigger_tool='http_fingerprint',
+                trigger_condition='has:services',
                 target_tool='gobuster',
                 priority=7,
                 args_template=['dir', '-u', 'http://{target}:{port}', '-w', 'data/wordlists/web_dirs_common.txt', '-x', 'js,json,php,asp,aspx,html,txt,bak,old,zip', '--no-error', '--timeout', '30s', '-t', '5', '--delay', '20ms'],
-                description='Web server detected (HTTP/HTTPS), discovering directories and files'
-            ),
-            # Nikto - web server vulnerability scanner (complements nuclei)
-            ChainRule(
-                trigger_tool='nmap',
-                trigger_condition='service:http',
-                target_tool='nikto',
-                priority=8,
-                args_template=['-nointeractive', '-timeout', '10'],
-                description='Web server detected, scanning for server misconfigurations with Nikto'
+                description='Fingerprinting complete, discovering directories and files'
             ),
             # Dalfox - XSS scanner triggered after gobuster finds pages
             ChainRule(
@@ -746,17 +855,8 @@ class ToolChaining:
                 args_template=['-a', '{target}'],
                 description='SMB service detected, enumerating shares and users (runs after CrackMapExec)'
             ),
-            # DISABLED: smbmap has upstream pickling bug with impacket (affects all versions)
-            # Use crackmapexec/netexec --shares instead (rule #10 above)
-            ChainRule(
-                trigger_tool='nmap',
-                trigger_condition='service:smb',
-                target_tool='smbmap',
-                priority=7,
-                enabled=False,  # Disabled due to impacket pickling bug
-                args_template=['-H', '{target}'],
-                description='SMB service detected, mapping shares (DISABLED - use netexec)'
-            ),
+            # NOTE: smbmap removed - has upstream impacket pickling bug on Python 3.13+
+            # Use crackmapexec/netexec --shares instead (enum4linux rule above)
         ])
 
         # Active Directory attacks - smart chaining workflow

souleyez/detection/validator.py

@@ -156,8 +156,10 @@ class DetectionValidator:
         job_command = _reconstruct_command(job)
         # Use started_at or finished_at for execution time
         executed_at = job.get('started_at') or job.get('finished_at') or job.get('created_at')
-        # Job is successful if status is 'done'
-        success = job.get('status') == 'done'
+        # Job ran successfully if status is done, no_results, or warning
+        # (all of these sent network traffic that should be detectable by SIEM)
+        job_status = job.get('status', '')
+        success = job_status in ('done', 'no_results', 'warning')
 
         # Extract target IP from command (common patterns)
         target_ip = None

souleyez/docs/README.md

@@ -1,7 +1,7 @@
 # SoulEyez Documentation
 
-**Version:** 2.22.0
-**Last Updated:** January 6, 2026
+**Version:** 2.27.0
+**Last Updated:** January 8, 2026
 **Organization:** CyberSoul Security
 
 Welcome to the SoulEyez documentation! This documentation covers architecture, development, user guides, and operational information for the SoulEyez penetration testing platform.

souleyez/docs/user-guide/configuration.md

@@ -748,4 +748,4 @@ rm ~/.souleyez/config.json && souleyez --version
 
 ---
 
-**Last Updated:** 2026-01-04 | **Version:** 2.6.0
+**Last Updated:** 2026-01-09 | **Version:** 2.27.0

souleyez/docs/user-guide/installation.md

@@ -22,6 +22,17 @@ This guide walks you through installing souleyez on your system. The process tak
 - **RAM Usage**: Running multiple heavy tools (Metasploit, SQLMap, Hashcat) simultaneously requires additional RAM
 - **Disk I/O**: SSD recommended for database operations and log processing
 
+> **🐉 Kali Linux Recommended**
+>
+> SoulEyez performs significantly better on **Kali Linux** than other distributions:
+> - All pentesting tools pre-installed and optimized
+> - Metasploit database and RPC already configured
+> - Security-focused kernel and networking stack
+> - No dependency hunting or version conflicts
+> - Wordlists, databases, and tool configs ready to go
+>
+> While Ubuntu and other Debian-based distros are supported, you may experience slower setup times and occasional tool compatibility issues.
+
 ### Software Requirements
 
 - **Operating System**: Linux (Kali Linux recommended, any Debian-based distro supported)
@@ -40,12 +51,14 @@ pipx is the Python community's recommended way to install CLI applications. It h
 # One-time setup
 sudo apt install pipx
 pipx ensurepath
-source ~/.bashrc
+source ~/.bashrc    # Kali Linux: use 'source ~/.zshrc' instead
 
 # Install SoulEyez
 pipx install souleyez
 ```
 
+> **Kali Linux users:** Kali uses zsh by default. Use `source ~/.zshrc` instead of `source ~/.bashrc`
+
 On first run, SoulEyez will prompt you to install pentesting tools (nmap, sqlmap, gobuster, etc.).
 
 ```bash