souleyez 2.22.0__py3-none-any.whl → 2.27.0__py3-none-any.whl

souleyez/parsers/msf_parser.py

@@ -7,9 +7,16 @@ from typing import Dict, Any
 
 
 def strip_ansi_codes(text: str) -> str:
-    """Remove ANSI escape codes from text."""
-    ansi_escape = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])')
-    return ansi_escape.sub('', text)
+    """Remove ANSI escape codes and other terminal control sequences from text."""
+    # Pattern 1: Standard ANSI escape sequences
+    text = re.sub(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])', '', text)
+    # Pattern 2: OSC sequences (Operating System Command)
+    text = re.sub(r'\x1B\].*?\x07', '', text)
+    # Pattern 3: Simple color codes
+    text = re.sub(r'\x1b\[[0-9;]*m', '', text)
+    # Pattern 4: Carriage returns and other control chars (except newlines)
+    text = re.sub(r'[\x00-\x08\x0b\x0c\x0e-\x1f]', '', text)
+    return text
 
 
 def parse_msf_ssh_version(output: str, target: str) -> Dict[str, Any]:
@@ -254,6 +261,7 @@ def parse_msf_login_success(output: str, target: str, module: str) -> Dict[str,
     seen_creds = set()  # Avoid duplicates
 
     # Pattern 1: [+] 10.0.0.82:22 - Success: 'username:password' 'additional info'
+    # Also handles: [+] 10.0.0.82:22 - Success: "username:password"
     success_pattern1 = r'\[\+\]\s+[\d.]+:(\d+)\s+-\s+Success:\s+[\'"]([^:]+):([^\'\"]+)[\'"]'
 
     # Pattern 2: [+] IP:PORT - IP:PORT - Login Successful: user:pass@database
@@ -268,6 +276,13 @@ def parse_msf_login_success(output: str, target: str, module: str) -> Dict[str,
     # MSF telnet_login uses "username:password login: Login OK" format
     success_pattern_telnet = r'\[\+\]\s+[\d.]+:(\d+).*-\s+([^:\s]+):([^\s]+)\s+login:\s+Login OK'
 
+    # Pattern 5: Flexible [+] with credentials anywhere (fallback)
+    # Handles: [+] 10.0.0.82:22 Found credentials: user:pass
+    success_pattern_flexible = r'\[\+\]\s+[\d.]+:(\d+).*(?:credential|found|valid).*?[\'"]?([^:\s\'\"]+):([^\'\"@\s]+)[\'"]?'
+
+    # Pattern 6: RDP format [+] 10.0.0.82:3389 - DOMAIN\user:password - Success
+    success_pattern_rdp = r'\[\+\]\s+[\d.]+:(\d+).*?([^\\:\s]+\\)?([^:\s]+):([^\s-]+)\s*-\s*Success'
+
     # Try pattern 3 first (VNC with empty username)
     for match in re.finditer(success_pattern3, clean_output):
         port = int(match.group(1))
@@ -295,8 +310,8 @@ def parse_msf_login_success(output: str, target: str, module: str) -> Dict[str,
             })
 
     # Try other patterns (username:password style)
-    for pattern in [success_pattern1, success_pattern2, success_pattern_telnet]:
-        for match in re.finditer(pattern, clean_output):
+    for pattern in [success_pattern1, success_pattern2, success_pattern_telnet, success_pattern_flexible]:
+        for match in re.finditer(pattern, clean_output, re.IGNORECASE):
             port = int(match.group(1))
             username = match.group(2)
             password = match.group(3)

souleyez/parsers/nmap_parser.py

@@ -449,34 +449,55 @@ def parse_nmap_text(output: str) -> Dict[str, Any]:
                 version = None
                 
                 if raw_version:
-                    # Remove nmap metadata: "syn-ack ttl XX"
-                    cleaned = raw_version
-                    if cleaned.startswith('syn-ack'):
-                        parts_ver = cleaned.split()
-                        # Skip "syn-ack", "ttl", and the TTL number
-                        if 'ttl' in parts_ver:
-                            ttl_idx = parts_ver.index('ttl')
-                            cleaned = ' '.join(parts_ver[ttl_idx+2:])  # Skip "ttl XX"
-                        else:
-                            cleaned = ' '.join(parts_ver[1:])  # Skip "syn-ack"
-                    
-                    # Extract product and version
-                    # Pattern: "ProductName version.number rest of string"
-                    # Examples:
-                    #   "ProFTPD 1.3.5" → product="ProFTPD", version="1.3.5"
-                    #   "Apache httpd 2.4.7 ((Ubuntu))" → product="Apache httpd", version="2.4.7"
-                    #   "OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13" → product="OpenSSH", version="6.6.1p1"
-                    
-                    version_pattern = r'([A-Za-z][\w\s\-\.]+?)\s+(v?\d+[\.\d]+[\w\-\.]*)'
-                    match = re.search(version_pattern, cleaned)
-                    
-                    if match:
-                        product = match.group(1).strip()
-                        version = match.group(2).strip()
-                    else:
-                        # Fallback: use cleaned string as version, service as product
+                    try:
+                        # Remove nmap metadata: "syn-ack ttl XX", "reset ttl XX", etc.
+                        cleaned = raw_version
+                        # Handle various nmap scan type prefixes
+                        metadata_prefixes = ['syn-ack', 'reset', 'conn-refused', 'no-response']
+                        for prefix in metadata_prefixes:
+                            if cleaned.lower().startswith(prefix):
+                                parts_ver = cleaned.split()
+                                # Skip prefix and "ttl XX" if present
+                                if len(parts_ver) > 1 and 'ttl' in parts_ver:
+                                    try:
+                                        ttl_idx = parts_ver.index('ttl')
+                                        cleaned = ' '.join(parts_ver[ttl_idx+2:])  # Skip "ttl XX"
+                                    except (ValueError, IndexError):
+                                        cleaned = ' '.join(parts_ver[1:])  # Skip just prefix
+                                else:
+                                    cleaned = ' '.join(parts_ver[1:])  # Skip just prefix
+                                break
+
+                        # Extract product and version with multiple patterns
+                        # Pattern: "ProductName version.number rest of string"
+                        # Examples:
+                        #   "ProFTPD 1.3.5" → product="ProFTPD", version="1.3.5"
+                        #   "Apache httpd 2.4.7 ((Ubuntu))" → product="Apache httpd", version="2.4.7"
+                        #   "OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13" → product="OpenSSH", version="6.6.1p1"
+
+                        version_patterns = [
+                            r'([A-Za-z][\w\s\-\.]+?)\s+(v?\d+[\.\d]+[\w\-\.]*)',  # Standard
+                            r'^([A-Za-z][\w\-]+)\s+(\d[\w\.\-]+)',  # ProductName vX.Y.Z
+                            r'^([A-Za-z][\w\s]+?)\s+v?(\d+(?:\.\d+)+)',  # "Product Name 1.2.3"
+                        ]
+
+                        matched = False
+                        for pattern in version_patterns:
+                            match = re.search(pattern, cleaned)
+                            if match:
+                                product = match.group(1).strip()
+                                version = match.group(2).strip()
+                                matched = True
+                                break
+
+                        if not matched:
+                            # Fallback: use cleaned string as version, service as product
+                            product = service_name
+                            version = cleaned.strip() if cleaned.strip() else None
+                    except Exception:
+                        # If version parsing fails, use raw values
                         product = service_name
-                        version = cleaned if cleaned else None
+                        version = raw_version
 
                 # Fallback: If service is unknown but port is a common web port, assume HTTP
                 # This handles cases where nmap misidentifies or can't fingerprint web apps

souleyez/parsers/smbmap_parser.py

@@ -92,9 +92,11 @@ def parse_smbmap_output(output: str, target: str = "") -> Dict[str, Any]:
     current_share = None
 
     for i, line in enumerate(lines):
-        # Remove ANSI color codes and control characters
-        line = re.sub(r'\x1b\[[0-9;]*m', '', line)
-        line = re.sub(r'[\[\]\|/\\-]', '', line, count=1)  # Remove progress indicators
+        # Remove ANSI color codes and control characters more thoroughly
+        line = re.sub(r'\x1b\[[0-9;]*[a-zA-Z]', '', line)  # All ANSI escape sequences
+        line = re.sub(r'\x1b\].*?\x07', '', line)  # OSC sequences
+        # Only remove leading progress indicators, not all brackets
+        line = re.sub(r'^[\[\]\|/\\-]+\s*', '', line)
         line = line.strip()
 
         # Extract target and status
@@ -126,29 +128,43 @@ def parse_smbmap_output(output: str, target: str = "") -> Dict[str, Any]:
             # Format: sharename <tabs/spaces> permissions <tabs/spaces> comment
             # tmp                                               	READ, WRITE	oh noes!
 
+            share_name = None
+            permissions = None
+            comment = ''
+
             # Try tab split first
             parts = re.split(r'\t+', line)
-            if len(parts) >= 3:
-                # Tab-separated format
-                share_name = parts[0].strip()
-                permissions = parts[1].strip()
-                comment = parts[2].strip() if len(parts) > 2 else ''
-            elif len(parts) == 2:
-                # Only 2 parts (share + permissions, no comment)
+            if len(parts) >= 2:
                 share_name = parts[0].strip()
-                permissions = parts[1].strip()
-                comment = ''
-            else:
-                # No tabs - try space-based parsing
-                # Match pattern: SHARENAME (spaces) PERMISSIONS (spaces) COMMENT
-                # Need at least 2+ spaces to separate fields
-                match = re.match(r'^\s*(\S+)\s{2,}(READ, WRITE|NO ACCESS|READ|WRITE)(?:\s{2,}(.*))?$', line)
-                if match:
-                    share_name = match.group(1).strip()
-                    permissions = match.group(2).strip()
-                    comment = match.group(3).strip() if match.group(3) else ''
-                else:
-                    continue
+                # Find permissions in remaining parts
+                for p in parts[1:]:
+                    p = p.strip().upper()
+                    if any(x in p for x in ['READ', 'WRITE', 'NO ACCESS', 'NOACCESS']):
+                        permissions = p
+                        break
+                # Comment is everything after permissions
+                if permissions and len(parts) > 2:
+                    perm_idx = next((i for i, p in enumerate(parts) if permissions in p.upper()), -1)
+                    if perm_idx >= 0 and perm_idx + 1 < len(parts):
+                        comment = ' '.join(parts[perm_idx + 1:]).strip()
+
+            # No tabs or tab parse failed - try space-based parsing
+            if not permissions:
+                # Match patterns with flexible spacing and permission variations
+                permission_patterns = [
+                    r'^\s*(\S+)\s{2,}(READ,?\s*WRITE|READ\s*ONLY|WRITE\s*ONLY|NO\s*ACCESS|READ|WRITE)(?:\s{2,}(.*))?$',
+                    r'^\s*(\S+)\s+(READ,?\s*WRITE|READ\s*ONLY|WRITE\s*ONLY|NO\s*ACCESS|READ|WRITE)\s*(.*)$',
+                ]
+                for pattern in permission_patterns:
+                    match = re.match(pattern, line, re.IGNORECASE)
+                    if match:
+                        share_name = match.group(1).strip()
+                        permissions = match.group(2).strip().upper()
+                        comment = match.group(3).strip() if match.group(3) else ''
+                        break
+
+            if not share_name or not permissions:
+                continue
 
             # Skip empty lines or non-share lines
             if not share_name or share_name in ['Disk', 'IPC', '', '*']:

souleyez/parsers/sqlmap_parser.py

@@ -89,11 +89,13 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
         line = line.strip()
 
         # Extract URL being tested (GET requests typically)
-        if 'testing URL' in line:
-            url_match = re.search(r"testing URL '([^']+)'", line)
+        # Format variations: "testing URL 'http://...'" or 'testing URL "http://..."' or testing URL http://...
+        if 'testing URL' in line or 'testing url' in line.lower():
+            # Try single quotes first
+            url_match = re.search(r"testing URL ['\"]?([^'\"]+)['\"]?", line, re.IGNORECASE)
             if url_match:
-                current_url = url_match.group(1)
-                if current_url not in result['urls_tested']:
+                current_url = url_match.group(1).strip()
+                if current_url and current_url not in result['urls_tested']:
                     result['urls_tested'].append(current_url)
 
         # Extract POST/GET URLs from form testing (crawl mode)
@@ -184,12 +186,19 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
                 if next_line.startswith('[') or next_line.startswith('back-end'):
                     break
 
-        # Extract DBMS type
-        if 'back-end DBMS:' in line:
-            # Pattern: "back-end DBMS: MySQL >= 5.0.12"
-            dbms_match = re.search(r"back-end DBMS:\s*([^\s]+)", line)
+        # Extract DBMS type with full version info
+        # Format variations:
+        # "back-end DBMS: MySQL >= 5.0.12"
+        # "back-end DBMS: Microsoft SQL Server 2019"
+        # "back-end DBMS: PostgreSQL"
+        if 'back-end DBMS:' in line or 'back-end dbms:' in line.lower():
+            dbms_match = re.search(r"back-end DBMS:\s*(.+)", line, re.IGNORECASE)
             if dbms_match and not result['dbms']:
-                result['dbms'] = dbms_match.group(1)
+                dbms_full = dbms_match.group(1).strip()
+                # Extract just the DBMS name for the main field (first word)
+                # but store full version in a separate field
+                result['dbms'] = dbms_full.split()[0] if dbms_full else None
+                result['dbms_full'] = dbms_full  # Keep full string
 
         # Extract web server OS
         if 'web server operating system:' in line.lower():

souleyez/parsers/theharvester_parser.py

@@ -67,18 +67,19 @@ def parse_theharvester_output(output: str, target: str = "") -> Dict[str, Any]:
             if target_match:
                 result['target'] = target_match.group(1)
 
-        # Detect section headers
-        elif '[*] ASNS found:' in line or 'ASNs found:' in line:
+        # Detect section headers (case-insensitive, multiple format variations)
+        line_lower = line.lower()
+        if any(x in line_lower for x in ['asns found', 'asn found', 'autonomous system']):
             current_section = 'asns'
-        elif '[*] Interesting Urls found:' in line or '[*] URLs found:' in line:
+        elif any(x in line_lower for x in ['urls found', 'interesting urls', 'url found']):
             current_section = 'urls'
-        elif '[*] IPs found:' in line:
+        elif any(x in line_lower for x in ['ips found', 'ip found', 'ip addresses']):
             current_section = 'ips'
-        elif '[*] Emails found:' in line or 'Email addresses found:' in line:
+        elif any(x in line_lower for x in ['emails found', 'email found', 'email addresses']):
             current_section = 'emails'
-        elif '[*] Hosts found:' in line or 'Hosts found:' in line:
+        elif any(x in line_lower for x in ['hosts found', 'host found', 'subdomains found', 'subdomain found']):
             current_section = 'hosts'
-        elif '[*] People found:' in line or '[*] No people found' in line:
+        elif any(x in line_lower for x in ['people found', 'no people found', 'linkedin']):
             current_section = 'people'  # We'll skip this for now
 
         # Skip separator lines and empty lines
@@ -117,18 +118,25 @@ def parse_theharvester_output(output: str, target: str = "") -> Dict[str, Any]:
         elif current_section == 'emails':
             # Email format: user@domain
             if '@' in line and '.' in line:
-                # Basic email validation
-                if re.match(r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$', line):
-                    if line not in result['emails']:
-                        result['emails'].append(line)
+                # More permissive email validation (supports international domains)
+                # Pattern allows: standard emails, plus-addressing, dots, underscores
+                email = line.strip().lower()
+                # Remove any leading/trailing brackets or quotes
+                email = re.sub(r'^[\[\(<\'\"]+|[\]\)>\'\"]$', '', email)
+                if re.match(r'^[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}$', email):
+                    if email not in result['emails']:
+                        result['emails'].append(email)
 
         elif current_section == 'hosts':
             # Host format: subdomain.domain.tld
             if '.' in line and not line.startswith('http'):
                 # Clean and validate hostname
                 host = line.strip().lower()
-                # Basic validation: has at least one dot and no invalid chars
-                if re.match(r'^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$', host):
+                # Remove any leading/trailing brackets, quotes, or trailing dots
+                host = re.sub(r'^[\[\(<\'\"]+|[\]\)>\'\".]+$', '', host)
+                # More permissive validation: allows underscores (common in some hosts)
+                # and longer TLDs (some are 4+ chars)
+                if re.match(r'^[a-zA-Z0-9._-]+\.[a-zA-Z]{2,}$', host) and len(host) > 3:
                     if host not in result['hosts']:
                         result['hosts'].append(host)