souleyez 2.24.0__tar.gz → 2.25.0__tar.gz

{souleyez-2.24.0 → souleyez-2.25.0}/BETA_README.md

@@ -21,7 +21,7 @@ Welcome to the SoulEyez beta! Thank you for helping us test and improve this pen
 
 > ⚠️ **Important**: Only use SoulEyez on systems you have explicit authorization to test.
 
-## Version: 2.24.0
+## Version: 2.25.0
 
 ### What's Included
 
@@ -59,6 +59,17 @@ Welcome to the SoulEyez beta! Thank you for helping us test and improve this pen
 - **Python**: 3.8 or newer
 - **Storage**: ~500MB for SoulEyez + tools
 
+> **🐉 Kali Linux Recommended**
+>
+> SoulEyez performs significantly better on **Kali Linux** than other distributions:
+> - All pentesting tools pre-installed and optimized
+> - Metasploit database and RPC already configured
+> - Security-focused kernel and networking stack
+> - No dependency hunting or version conflicts
+> - Wordlists, databases, and tool configs ready to go
+>
+> While Ubuntu and other Debian-based distros are supported, you may experience slower setup times and occasional tool compatibility issues.
+
 ### Known Issues
 
 - Very large scan outputs (>10MB) may slow the interface

{souleyez-2.24.0/souleyez.egg-info → souleyez-2.25.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: souleyez
-Version: 2.24.0
+Version: 2.25.0
 Summary: AI-Powered Penetration Testing Platform with 40+ integrated tools
 Author-email: CyberSoul Security <contact@cybersoulsecurity.com>
 Maintainer-email: CyberSoul Security <contact@cybersoulsecurity.com>
@@ -72,7 +72,7 @@ Welcome to the SoulEyez beta! Thank you for helping us test and improve this pen
 
 > ⚠️ **Important**: Only use SoulEyez on systems you have explicit authorization to test.
 
-## Version: 2.24.0
+## Version: 2.25.0
 
 ### What's Included
 
@@ -110,6 +110,17 @@ Welcome to the SoulEyez beta! Thank you for helping us test and improve this pen
 - **Python**: 3.8 or newer
 - **Storage**: ~500MB for SoulEyez + tools
 
+> **🐉 Kali Linux Recommended**
+>
+> SoulEyez performs significantly better on **Kali Linux** than other distributions:
+> - All pentesting tools pre-installed and optimized
+> - Metasploit database and RPC already configured
+> - Security-focused kernel and networking stack
+> - No dependency hunting or version conflicts
+> - Wordlists, databases, and tool configs ready to go
+>
+> While Ubuntu and other Debian-based distros are supported, you may experience slower setup times and occasional tool compatibility issues.
+
 ### Known Issues
 
 - Very large scan outputs (>10MB) may slow the interface

{souleyez-2.24.0 → souleyez-2.25.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "souleyez"
-version = "2.24.0"
+version = "2.25.0"
 description = "AI-Powered Penetration Testing Platform with 40+ integrated tools"
 readme = "BETA_README.md"
 license = {text = "MIT"}

souleyez-2.25.0/souleyez/__init__.py

@@ -0,0 +1 @@
+__version__ = '2.25.0'

{souleyez-2.24.0 → souleyez-2.25.0}/souleyez/core/tool_chaining.py

@@ -746,17 +746,8 @@ class ToolChaining:
                 args_template=['-a', '{target}'],
                 description='SMB service detected, enumerating shares and users (runs after CrackMapExec)'
             ),
-            # DISABLED: smbmap has upstream pickling bug with impacket (affects all versions)
-            # Use crackmapexec/netexec --shares instead (rule #10 above)
-            ChainRule(
-                trigger_tool='nmap',
-                trigger_condition='service:smb',
-                target_tool='smbmap',
-                priority=7,
-                enabled=False,  # Disabled due to impacket pickling bug
-                args_template=['-H', '{target}'],
-                description='SMB service detected, mapping shares (DISABLED - use netexec)'
-            ),
+            # NOTE: smbmap removed - has upstream impacket pickling bug on Python 3.13+
+            # Use crackmapexec/netexec --shares instead (enum4linux rule above)
         ])
 
         # Active Directory attacks - smart chaining workflow

{souleyez-2.24.0 → souleyez-2.25.0}/souleyez/docs/README.md

@@ -1,6 +1,6 @@
 # SoulEyez Documentation
 
-**Version:** 2.24.0
+**Version:** 2.25.0
 **Last Updated:** January 8, 2026
 **Organization:** CyberSoul Security
 

{souleyez-2.24.0 → souleyez-2.25.0}/souleyez/docs/user-guide/installation.md

@@ -22,6 +22,17 @@ This guide walks you through installing souleyez on your system. The process tak
 - **RAM Usage**: Running multiple heavy tools (Metasploit, SQLMap, Hashcat) simultaneously requires additional RAM
 - **Disk I/O**: SSD recommended for database operations and log processing
 
+> **🐉 Kali Linux Recommended**
+>
+> SoulEyez performs significantly better on **Kali Linux** than other distributions:
+> - All pentesting tools pre-installed and optimized
+> - Metasploit database and RPC already configured
+> - Security-focused kernel and networking stack
+> - No dependency hunting or version conflicts
+> - Wordlists, databases, and tool configs ready to go
+>
+> While Ubuntu and other Debian-based distros are supported, you may experience slower setup times and occasional tool compatibility issues.
+
 ### Software Requirements
 
 - **Operating System**: Linux (Kali Linux recommended, any Debian-based distro supported)

{souleyez-2.24.0 → souleyez-2.25.0}/souleyez/engine/background.py

@@ -1039,7 +1039,8 @@ def _is_true_error_exit_code(rc: int, tool: str) -> bool:
     # Tools that use non-zero exit codes for non-error conditions
     # Parser will determine the actual status based on output
     # msf_exploit returns 1 when no session opened (exploit ran but target not vulnerable)
-    tools_with_nonzero_success = ['gobuster', 'hydra', 'medusa', 'msf_exploit']
+    # nikto returns non-zero when it finds vulnerabilities (not an error!)
+    tools_with_nonzero_success = ['gobuster', 'hydra', 'medusa', 'msf_exploit', 'nikto']
 
     if tool.lower() in tools_with_nonzero_success:
         # Let parser determine status
@@ -1433,6 +1434,21 @@ def _detect_and_recover_stale_jobs() -> int:
                                 "status": status,
                                 "parse_result": parse_result
                             })
+
+                            # Mark for auto-chaining if conditions are met
+                            try:
+                                from souleyez.core.tool_chaining import ToolChaining
+                                chaining = ToolChaining()
+                                if chaining.is_enabled() and is_chainable(status):
+                                    _update_job(jid, chainable=True)
+                                    _append_worker_log(f"job {jid} stale recovery marked as chainable")
+                                    logger.info("Stale job marked as chainable", extra={
+                                        "job_id": jid,
+                                        "tool": tool,
+                                        "status": status
+                                    })
+                            except Exception as chain_err:
+                                _append_worker_log(f"job {jid} stale recovery chainable error: {chain_err}")
                 except Exception as parse_err:
                     _append_worker_log(f"job {jid} stale recovery parse exception: {parse_err}")
 

{souleyez-2.24.0 → souleyez-2.25.0}/souleyez/main.py

@@ -173,7 +173,7 @@ def _check_privileged_tools():
 
 
 @click.group()
-@click.version_option(version='2.24.0')
+@click.version_option(version='2.25.0')
 def cli():
     """SoulEyez - AI-Powered Pentesting Platform by CyberSoul Security"""
     from souleyez.log_config import init_logging

{souleyez-2.24.0 → souleyez-2.25.0}/souleyez/plugins/nuclei.py

@@ -207,19 +207,51 @@ class NucleiPlugin(PluginBase):
                 return True
         return False
 
-    def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
-        """Build nuclei command for background execution with PID tracking."""
-        # For URLs, validate them. For bare IPs/domains, let Nuclei auto-detect protocols
+    def _normalize_target(self, target: str, args: List[str] = None, log_path: str = None) -> str:
+        """
+        Normalize target for Nuclei scanning.
+
+        - URLs are validated and passed through
+        - Bare IPs/domains get http:// prepended for web scanning
+
+        This fixes the issue where nmap chains pass bare IPs but Nuclei
+        needs URLs to properly scan web services.
+        """
+        import re
+
+        # Already a URL - validate and return
         if target.startswith(('http://', 'https://')):
             try:
-                target = validate_url(target)
+                return validate_url(target)
             except ValidationError as e:
                 if log_path:
                     with open(log_path, 'w') as f:
                         f.write(f"ERROR: Invalid URL: {e}\n")
                 return None
 
+        # Bare IP or domain - prepend http:// for web scanning
+        # This is needed because Nuclei web templates require a URL
+        ip_pattern = r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(:\d+)?$'
+        domain_pattern = r'^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*$'
+
+        if re.match(ip_pattern, target) or re.match(domain_pattern, target):
+            # Log the conversion
+            if log_path:
+                with open(log_path, 'a') as f:
+                    f.write(f"NOTE: Converting bare target '{target}' to 'http://{target}' for web scanning\n")
+            return f"http://{target}"
+
+        # Unknown format - return as-is
+        return target
+
+    def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
+        """Build nuclei command for background execution with PID tracking."""
         args = args or []
+
+        # Normalize target (convert bare IPs to URLs)
+        target = self._normalize_target(target, args, log_path)
+        if target is None:
+            return None
         args = [arg.replace("<target>", target) for arg in args]
 
         cmd = ["nuclei", "-target", target]
@@ -252,21 +284,13 @@ class NucleiPlugin(PluginBase):
 
     def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
         """Execute nuclei scan and write JSON output to log_path."""
-
-        # For URLs, validate them. For bare IPs/domains, let Nuclei auto-detect protocols
-        if target.startswith(('http://', 'https://')):
-            try:
-                target = validate_url(target)
-            except ValidationError as e:
-                if log_path:
-                    with open(log_path, 'w') as f:
-                        f.write(f"ERROR: Invalid URL: {e}\n")
-                    return 1
-                raise ValueError(f"Invalid URL: {e}")
-        # Otherwise keep target as-is (IP or domain) for Nuclei auto-detect protocols
-
         args = args or []
 
+        # Normalize target (convert bare IPs to URLs)
+        target = self._normalize_target(target, args, log_path)
+        if target is None:
+            return 1
+
         # Replace <target> placeholder
         args = [arg.replace("<target>", target) for arg in args]
 

{souleyez-2.24.0 → souleyez-2.25.0}/souleyez/ui/interactive.py

@@ -130,6 +130,63 @@ def render_standard_header(title: str, width: int = None) -> None:
     click.echo()
 
 
+def parse_syslog_description(desc: str) -> str:
+    """
+    Extract meaningful message from syslog-formatted descriptions.
+
+    Syslog format: <timestamp> <host> [timestamp] <program>[pid]: <message>
+    Example input: "Jan  8 07:00:05 192.168.1.111 Jan  8 07:00:05 eyez CRON[537281]: pam_unix(cron:session): session closed for user yoda"
+    Example output: "CRON: pam_unix(cron:session): session closed for user yoda"
+    """
+    import re
+
+    if not desc:
+        return 'No description'
+
+    # Try to find the actual message after common syslog patterns
+    # Pattern 1: Look for process name with PID followed by colon (e.g., "CRON[537281]:")
+    pid_match = re.search(r'([A-Za-z_][A-Za-z0-9_-]*)\[(\d+)\]:\s*(.+)$', desc)
+    if pid_match:
+        process_name = pid_match.group(1)
+        message = pid_match.group(3)
+        return f"{process_name}: {message}"
+
+    # Pattern 2: Look for systemd-style messages (e.g., "systemd[1]: Started...")
+    systemd_match = re.search(r'(systemd(?:-[a-z]+)?)\[?\d*\]?:\s*(.+)$', desc, re.IGNORECASE)
+    if systemd_match:
+        return f"{systemd_match.group(1)}: {systemd_match.group(2)}"
+
+    # Pattern 3: Look for kernel messages
+    kernel_match = re.search(r'kernel:\s*(.+)$', desc)
+    if kernel_match:
+        return f"kernel: {kernel_match.group(1)}"
+
+    # Pattern 4: Generic - find content after last colon that has substance
+    colon_parts = desc.split(': ')
+    if len(colon_parts) > 1:
+        # Get the meaningful part (usually after the first "process:" pattern)
+        for i, part in enumerate(colon_parts):
+            # Skip parts that look like timestamps or IPs
+            if not re.match(r'^(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec|\d{1,3}\.\d{1,3}|\d{4}-\d{2})', part):
+                # Found something meaningful - join from here
+                meaningful = ': '.join(colon_parts[i:])
+                if len(meaningful) > 10:  # Ensure it's substantial
+                    return meaningful
+
+    # Pattern 5: Strip leading timestamp patterns
+    # Remove patterns like "Jan  8 07:00:05 192.168.1.111 Jan  8 07:00:05 hostname"
+    stripped = re.sub(
+        r'^(?:[A-Z][a-z]{2}\s+\d+\s+\d{2}:\d{2}:\d{2}\s+\S+\s*)+',
+        '', desc
+    ).strip()
+
+    if stripped and len(stripped) > 5:
+        return stripped
+
+    # Fallback: return original if no patterns matched
+    return desc
+
+
 def _show_upgrade_prompt(feature_name: str):
     """Show upgrade prompt when FREE user tries to access Pro feature."""
     from rich.panel import Panel
@@ -5345,7 +5402,7 @@ def view_job_detail(job_id: int):
 
         # Check if tool has a parser - if yes, hide raw logs by default
         tool = job.get('tool', '')
-        has_parser = tool in ['dnsrecon', 'nmap', 'nuclei', 'nikto', 'dalfox', 'theharvester', 'sqlmap', 'ffuf', 'gobuster', 'wpscan', 'crackmapexec', 'hydra', 'whois', 'smbmap', 'enum4linux', 'msf_auxiliary', 'searchsploit']
+        has_parser = tool in ['dnsrecon', 'nmap', 'ard', 'nuclei', 'nikto', 'dalfox', 'theharvester', 'sqlmap', 'ffuf', 'gobuster', 'wpscan', 'crackmapexec', 'hydra', 'whois', 'smbmap', 'enum4linux', 'msf_auxiliary', 'searchsploit']
 
         # Show log file if exists
         log_path = job.get('log')
@@ -5941,7 +5998,9 @@ def view_job_detail(job_id: int):
                 pass
 
         # Parse and display Nmap results if available (only when not showing raw logs)
-        if not show_raw_logs and job.get('tool') == 'nmap' and job.get('status') in ['done', 'completed'] and log_path and os.path.exists(log_path):
+        # ARD plugin uses nmap under the hood, so include it here
+        nmap_based_tools = ['nmap', 'ard']
+        if not show_raw_logs and job.get('tool') in nmap_based_tools and job.get('status') in ['done', 'completed'] and log_path and os.path.exists(log_path):
             try:
                 from souleyez.parsers.nmap_parser import parse_nmap_output
                 with open(log_path, 'r', encoding='utf-8', errors='replace') as f:
@@ -8898,7 +8957,8 @@ def _view_wazuh_alerts(engagement_id: int):
                 icon = get_level_icon(level)
                 rule_id = str(alert.get('rule_id', 'N/A'))[:10]
                 agent_name = alert.get('agent_name', 'N/A')[:15]
-                desc = (alert.get('description') or 'No description')[:45]
+                raw_desc = alert.get('description') or 'No description'
+                desc = parse_syslog_description(raw_desc)[:45]
                 ts = alert.get('timestamp', 'N/A')
                 if hasattr(ts, 'strftime'):
                     ts = ts.strftime('%Y-%m-%d %H:%M:%S')
@@ -9075,7 +9135,8 @@ def _view_alert_detail(alert: dict):
 
     # Get values from normalized format first, then fall back to raw_data
     rule_id = alert.get('rule_id') or rule.get('id', 'N/A')
-    description = alert.get('description') or rule.get('description', 'N/A')
+    raw_description = alert.get('description') or rule.get('description', 'N/A')
+    description = parse_syslog_description(raw_description)
     level = alert.get('level', 0) or rule.get('level', 0)
     severity = alert.get('severity', 'info')
 
@@ -15790,6 +15851,37 @@ def view_findings(engagement_id: int):
             summary_parts.append(f"Filters: {', '.join(active_filters)}")
 
         click.echo("  " + "  |  ".join(summary_parts))
+
+        # Show tool distribution legend
+        if findings:
+            tool_counts = {}
+            for f in findings:
+                tool = f.get('tool') or 'unknown'
+                tool_counts[tool] = tool_counts.get(tool, 0) + 1
+
+            # Sort by count (descending) and format
+            sorted_tools = sorted(tool_counts.items(), key=lambda x: x[1], reverse=True)
+            tool_parts = [f"{tool}({count})" for tool, count in sorted_tools]
+
+            # Display on one or more lines if needed
+            tool_legend = "  Tools: " + " | ".join(tool_parts)
+            if len(tool_legend) > width - 4:
+                # Wrap to multiple lines if too long
+                lines = []
+                current_line = "  Tools: "
+                for i, part in enumerate(tool_parts):
+                    test_line = current_line + part + (" | " if i < len(tool_parts) - 1 else "")
+                    if len(test_line) > width - 4 and current_line != "  Tools: ":
+                        lines.append(current_line.rstrip(" | "))
+                        current_line = "         " + part + (" | " if i < len(tool_parts) - 1 else "")
+                    else:
+                        current_line = test_line
+                lines.append(current_line.rstrip(" | "))
+                for line in lines:
+                    click.echo(click.style(line, fg='cyan'))
+            else:
+                click.echo(click.style(tool_legend, fg='cyan'))
+
         click.echo()
 
         if not findings:

{souleyez-2.24.0 → souleyez-2.25.0/souleyez.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: souleyez
-Version: 2.24.0
+Version: 2.25.0
 Summary: AI-Powered Penetration Testing Platform with 40+ integrated tools
 Author-email: CyberSoul Security <contact@cybersoulsecurity.com>
 Maintainer-email: CyberSoul Security <contact@cybersoulsecurity.com>
@@ -72,7 +72,7 @@ Welcome to the SoulEyez beta! Thank you for helping us test and improve this pen
 
 > ⚠️ **Important**: Only use SoulEyez on systems you have explicit authorization to test.
 
-## Version: 2.24.0
+## Version: 2.25.0
 
 ### What's Included
 
@@ -110,6 +110,17 @@ Welcome to the SoulEyez beta! Thank you for helping us test and improve this pen
 - **Python**: 3.8 or newer
 - **Storage**: ~500MB for SoulEyez + tools
 
+> **🐉 Kali Linux Recommended**
+>
+> SoulEyez performs significantly better on **Kali Linux** than other distributions:
+> - All pentesting tools pre-installed and optimized
+> - Metasploit database and RPC already configured
+> - Security-focused kernel and networking stack
+> - No dependency hunting or version conflicts
+> - Wordlists, databases, and tool configs ready to go
+>
+> While Ubuntu and other Debian-based distros are supported, you may experience slower setup times and occasional tool compatibility issues.
+
 ### Known Issues
 
 - Very large scan outputs (>10MB) may slow the interface

souleyez-2.24.0/souleyez/__init__.py

@@ -1 +0,0 @@
-__version__ = '2.24.0'