souleyez 2.26.0__py3-none-any.whl → 2.28.0__py3-none-any.whl

souleyez/engine/result_handler.py

@@ -10,6 +10,95 @@ from .job_status import STATUS_DONE, STATUS_NO_RESULTS, STATUS_WARNING, STATUS_E
 logger = logging.getLogger(__name__)
 
 
+# Common error patterns that indicate tool failure (not "no results")
+TOOL_ERROR_PATTERNS = {
+    'common': [
+        'connection refused',
+        'connection timed out',
+        'no route to host',
+        'network is unreachable',
+        'name or service not known',
+        'temporary failure in name resolution',
+        'host is down',
+        'connection reset by peer',
+    ],
+    'nmap': [
+        'host seems down',
+        'note: host seems down',
+        'failed to resolve',
+    ],
+    'gobuster': [
+        'timeout occurred during the request',
+        'error on running gobuster',
+        'unable to connect',
+        'context deadline exceeded',
+    ],
+    'hydra': [
+        'can not connect',
+        'could not connect',
+        'error connecting',
+        'target does not support',
+    ],
+    'nikto': [
+        'error connecting to host',
+        'unable to connect',
+        'no web server found',
+    ],
+    'nuclei': [
+        'could not connect',
+        'context deadline exceeded',
+        'no address found',
+    ],
+    'ffuf': [
+        'error making request',
+        'context deadline exceeded',
+    ],
+    'sqlmap': [
+        'connection timed out',
+        'unable to connect',
+        'target url content is not stable',
+    ],
+    'enum4linux': [
+        'could not initialise',
+        'nt_status_connection_refused',
+        'nt_status_host_unreachable',
+        'nt_status_io_timeout',
+    ],
+    'smbmap': [
+        'could not connect',
+        'connection error',
+        'nt_status_connection_refused',
+    ],
+}
+
+
+def detect_tool_error(log_content: str, tool: str) -> Optional[str]:
+    """
+    Check log content for tool errors that indicate failure (not just "no results").
+
+    Args:
+        log_content: The log file content
+        tool: Tool name (lowercase)
+
+    Returns:
+        Error pattern found, or None if no error detected
+    """
+    log_lower = log_content.lower()
+
+    # Check common patterns
+    for pattern in TOOL_ERROR_PATTERNS['common']:
+        if pattern in log_lower:
+            return pattern
+
+    # Check tool-specific patterns
+    tool_patterns = TOOL_ERROR_PATTERNS.get(tool, [])
+    for pattern in tool_patterns:
+        if pattern in log_lower:
+            return pattern
+
+    return None
+
+
 def handle_job_result(job: Dict[str, Any]) -> Optional[Dict[str, Any]]:
     """
     Process completed job and parse results into database.
@@ -44,6 +133,7 @@ def handle_job_result(job: Dict[str, Any]) -> Optional[Dict[str, Any]]:
         return None
 
     if not log_path or not os.path.exists(log_path):
+        logger.error(f"Job {job.get('id')} parse failed: log file missing or does not exist (path={log_path})")
         return None
 
     # Get engagement ID from job or fall back to current engagement
@@ -56,10 +146,12 @@ def handle_job_result(job: Dict[str, Any]) -> Optional[Dict[str, Any]]:
             engagement = em.get_current()
 
             if not engagement:
+                logger.error(f"Job {job.get('id')} parse failed: no engagement_id and no current engagement")
                 return None
 
             engagement_id = engagement['id']
-        except Exception:
+        except Exception as e:
+            logger.error(f"Job {job.get('id')} parse failed: engagement lookup error: {e}")
             return None
 
     # Route to appropriate parser
@@ -110,6 +202,13 @@ def handle_job_result(job: Dict[str, Any]) -> Optional[Dict[str, Any]]:
         parse_result = parse_dalfox_job(engagement_id, log_path, job)
     elif tool == 'http_fingerprint':
         parse_result = parse_http_fingerprint_job(engagement_id, log_path, job)
+    elif tool == 'hashcat':
+        parse_result = parse_hashcat_job(engagement_id, log_path, job)
+    elif tool == 'john':
+        parse_result = parse_john_job(engagement_id, log_path, job)
+    else:
+        # No parser for this tool - log it so we know
+        logger.warning(f"Job {job.get('id')} has no parser for tool '{tool}' - results not extracted")
 
     # NOTE: Auto-chaining is now handled in background.py after parsing completes
     # This avoids duplicate job creation and gives better control over timing
@@ -517,9 +616,16 @@ def parse_nmap_job(engagement_id: int, log_path: str, job: Dict[str, Any]) -> Di
                         'version': svc.get('version', '')
                     })
 
+        # Check for nmap errors before determining status
+        with open(log_path, 'r', encoding='utf-8', errors='replace') as f:
+            log_content = f.read()
+        nmap_error = detect_tool_error(log_content, 'nmap')
+
         # Determine status based on results
         hosts_up = len([h for h in parsed.get('hosts', []) if h.get('status') == 'up'])
-        if hosts_up > 0:
+        if nmap_error:
+            status = STATUS_ERROR  # Tool failed to run properly
+        elif hosts_up > 0:
             status = STATUS_DONE  # Found hosts
         else:
             status = STATUS_NO_RESULTS  # No hosts up
@@ -1112,8 +1218,13 @@ def parse_gobuster_job(engagement_id: int, log_path: str, job: Dict[str, Any]) -
                 exclude_length = length_match.group(1)
                 logger.info(f"Gobuster wildcard detected: Length {exclude_length}b")
 
+        # Check for gobuster errors
+        gobuster_error = detect_tool_error(log_content, 'gobuster')
+
         # Determine status based on results
-        if wildcard_detected:
+        if gobuster_error:
+            status = STATUS_ERROR  # Tool failed to connect
+        elif wildcard_detected:
             # Wildcard detected - warning status (triggers auto-retry)
             status = STATUS_WARNING
         elif stats['total'] > 0:
@@ -1494,8 +1605,13 @@ def parse_sqlmap_job(engagement_id: int, log_path: str, job: Dict[str, Any]) ->
 
         stats = get_sqli_stats(parsed)
 
+        # Check for sqlmap errors
+        sqlmap_error = detect_tool_error(log_content, 'sqlmap')
+
         # Determine status based on results
-        if stats['sqli_confirmed'] or stats['xss_possible'] or stats['fi_possible']:
+        if sqlmap_error:
+            status = STATUS_ERROR  # Tool failed to connect
+        elif stats['sqli_confirmed'] or stats['xss_possible'] or stats['fi_possible']:
             status = STATUS_DONE  # Found injection vulnerabilities
         else:
             status = STATUS_NO_RESULTS  # No injections found
@@ -2001,11 +2117,22 @@ def parse_smbmap_job(engagement_id: int, log_path: str, job: Dict[str, Any]) ->
             )
             findings_added += 1
 
+        # Check for smbmap errors
+        smbmap_error = detect_tool_error(log_content, 'smbmap')
+
+        # Determine status
+        if smbmap_error:
+            status = STATUS_ERROR  # Tool failed to connect
+        elif shares_added > 0 or findings_added > 0:
+            status = STATUS_DONE
+        else:
+            status = STATUS_NO_RESULTS
+
         return {
             'tool': 'smbmap',
             'host': parsed['target'],
             'connection_status': parsed.get('status', 'Unknown'),  # SMB connection status
-            'status': STATUS_DONE if (shares_added > 0 or findings_added > 0) else STATUS_NO_RESULTS,  # Job status
+            'status': status,  # Job status
             'shares_added': shares_added,
             'files_added': files_added,
             'findings_added': findings_added
@@ -2372,8 +2499,13 @@ def parse_hydra_job(engagement_id: int, log_path: str, job: Dict[str, Any]) -> D
             )
             findings_added += 1
 
+        # Check for hydra errors
+        hydra_error = detect_tool_error(log_content, 'hydra')
+
         # Determine status based on results
-        if len(parsed.get('credentials', [])) > 0:
+        if hydra_error:
+            status = STATUS_ERROR  # Tool failed to connect
+        elif len(parsed.get('credentials', [])) > 0:
             status = STATUS_DONE  # Found valid credentials
         elif len(parsed.get('usernames', [])) > 0:
             status = STATUS_DONE  # Found valid usernames (partial success is still a result)
@@ -2485,8 +2617,15 @@ def parse_nuclei_job(engagement_id: int, log_path: str, job: Dict[str, Any]) ->
             )
             findings_added += 1
 
+        # Check for nuclei errors
+        with open(log_path, 'r', encoding='utf-8', errors='replace') as f:
+            log_content = f.read()
+        nuclei_error = detect_tool_error(log_content, 'nuclei')
+
         # Determine status based on results
-        if parsed.get('findings_count', 0) > 0:
+        if nuclei_error:
+            status = STATUS_ERROR  # Tool failed to connect
+        elif parsed.get('findings_count', 0) > 0:
             status = STATUS_DONE  # Found vulnerabilities
         else:
             status = STATUS_NO_RESULTS  # No vulnerabilities found
@@ -2608,6 +2747,9 @@ def parse_enum4linux_job(engagement_id: int, log_path: str, job: Dict[str, Any])
                 'ip': parsed['target']
             })
 
+        # Check for enum4linux errors
+        enum4linux_error = detect_tool_error(log_content, 'enum4linux')
+
         # Determine status: done if we found any results (shares, users, or findings)
         has_results = (
             findings_added > 0 or
@@ -2616,9 +2758,16 @@ def parse_enum4linux_job(engagement_id: int, log_path: str, job: Dict[str, Any])
             stats['total_shares'] > 0
         )
 
+        if enum4linux_error:
+            status = STATUS_ERROR  # Tool failed to connect
+        elif has_results:
+            status = STATUS_DONE
+        else:
+            status = STATUS_NO_RESULTS
+
         return {
             'tool': 'enum4linux',
-            'status': STATUS_DONE if has_results else STATUS_NO_RESULTS,
+            'status': status,
             'findings_added': findings_added,
             'credentials_added': credentials_added,
             'users_found': len(parsed['users']),
@@ -2725,13 +2874,26 @@ def parse_ffuf_job(engagement_id: int, log_path: str, job: Dict[str, Any]) -> Di
         
         if host_id and parsed.get('paths'):
             paths_added = wpm.bulk_add_web_paths(host_id, parsed['paths'])
-            
+
             # Check for sensitive paths and create findings (same as gobuster)
             created_findings = _create_findings_for_sensitive_paths(engagement_id, host_id, parsed['paths'], job)
 
+        # Check for ffuf errors
+        with open(log_path, 'r', encoding='utf-8', errors='replace') as f:
+            log_content = f.read()
+        ffuf_error = detect_tool_error(log_content, 'ffuf')
+
+        # Determine status
+        if ffuf_error:
+            status = STATUS_ERROR  # Tool failed to connect
+        elif parsed.get('results_found', 0) > 0:
+            status = STATUS_DONE
+        else:
+            status = STATUS_NO_RESULTS
+
         return {
             'tool': 'ffuf',
-            'status': STATUS_DONE if parsed.get('results_found', 0) > 0 else STATUS_NO_RESULTS,
+            'status': status,
             'target': target,
             'results_found': parsed.get('results_found', 0),
             'paths_added': paths_added,
@@ -3050,8 +3212,13 @@ def parse_nikto_job(engagement_id: int, log_path: str, job: Dict[str, Any]) -> D
             )
             findings_added += 1
 
+        # Check for nikto errors
+        nikto_error = detect_tool_error(output, 'nikto')
+
         # Determine status based on results
-        if findings_added > 0:
+        if nikto_error:
+            status = STATUS_ERROR  # Tool failed to connect
+        elif findings_added > 0:
             status = STATUS_DONE
         else:
             status = STATUS_NO_RESULTS
@@ -3245,3 +3412,165 @@ def parse_dalfox_job(engagement_id: int, log_path: str, job: Dict[str, Any]) ->
     except Exception as e:
         logger.error(f"Error parsing dalfox job: {e}")
         return {'error': str(e)}
+
+
+def parse_hashcat_job(engagement_id: int, log_path: str, job: Dict[str, Any]) -> Dict[str, Any]:
+    """Parse hashcat job results and extract cracked passwords."""
+    try:
+        from souleyez.parsers.hashcat_parser import parse_hashcat_output, map_to_credentials
+        from souleyez.storage.credentials import CredentialsManager
+        from souleyez.storage.findings import FindingsManager
+
+        # Read the log file
+        with open(log_path, 'r', encoding='utf-8', errors='replace') as f:
+            log_content = f.read()
+
+        # Parse hashcat output
+        hash_file = job.get('metadata', {}).get('hash_file', '')
+        parsed = parse_hashcat_output(log_content, hash_file)
+
+        # Store credentials
+        cm = CredentialsManager()
+        creds_added = 0
+
+        for cracked in parsed.get('cracked', []):
+            try:
+                cm.add_credential(
+                    engagement_id=engagement_id,
+                    host_id=None,  # Hash cracking typically not tied to a specific host
+                    username='',  # Hashcat doesn't always know the username
+                    password=cracked['password'],
+                    service='cracked_hash',
+                    credential_type='password',
+                    tool='hashcat',
+                    status='cracked',
+                    notes=f"Cracked from hash: {cracked['hash'][:32]}..."
+                )
+                creds_added += 1
+            except Exception:
+                pass  # Skip duplicates
+
+        # Create finding if we cracked passwords
+        fm = FindingsManager()
+        findings_added = 0
+
+        if parsed.get('cracked'):
+            fm.add_finding(
+                engagement_id=engagement_id,
+                title=f"Password Hashes Cracked - {len(parsed['cracked'])} passwords recovered",
+                finding_type='credential',
+                severity='high',
+                description=f"Hashcat successfully cracked {len(parsed['cracked'])} password hash(es).\n\n"
+                           f"Status: {parsed['stats'].get('status', 'unknown')}\n"
+                           f"Cracked: {parsed['stats'].get('cracked_count', len(parsed['cracked']))}",
+                tool='hashcat'
+            )
+            findings_added += 1
+
+        # Determine status
+        if creds_added > 0:
+            status = STATUS_DONE
+        elif parsed['stats'].get('status') == 'exhausted':
+            status = STATUS_NO_RESULTS  # Ran to completion but found nothing
+        else:
+            status = STATUS_NO_RESULTS
+
+        return {
+            'tool': 'hashcat',
+            'status': status,
+            'cracked_count': len(parsed.get('cracked', [])),
+            'credentials_added': creds_added,
+            'findings_added': findings_added,
+            'hashcat_status': parsed['stats'].get('status', 'unknown')
+        }
+
+    except Exception as e:
+        logger.error(f"Error parsing hashcat job: {e}")
+        return {'error': str(e)}
+
+
+def parse_john_job(engagement_id: int, log_path: str, job: Dict[str, Any]) -> Dict[str, Any]:
+    """Parse John the Ripper job results and extract cracked passwords."""
+    try:
+        from souleyez.parsers.john_parser import parse_john_output
+        from souleyez.storage.credentials import CredentialsManager
+        from souleyez.storage.findings import FindingsManager
+
+        # Read the log file
+        with open(log_path, 'r', encoding='utf-8', errors='replace') as f:
+            log_content = f.read()
+
+        # Get hash file from job metadata if available
+        hash_file = job.get('metadata', {}).get('hash_file', None)
+
+        # Parse john output
+        parsed = parse_john_output(log_content, hash_file)
+
+        # Store credentials
+        cm = CredentialsManager()
+        creds_added = 0
+
+        for cred in parsed.get('cracked', []):
+            username = cred.get('username', '')
+            password = cred.get('password', '')
+
+            if password:  # At minimum we need a password
+                try:
+                    cm.add_credential(
+                        engagement_id=engagement_id,
+                        host_id=None,  # Hash cracking typically not tied to a specific host
+                        username=username if username != 'unknown' else '',
+                        password=password,
+                        service='cracked_hash',
+                        credential_type='password',
+                        tool='john',
+                        status='cracked',
+                        notes=f"Cracked by John the Ripper"
+                    )
+                    creds_added += 1
+                except Exception:
+                    pass  # Skip duplicates
+
+        # Create finding if we cracked passwords
+        fm = FindingsManager()
+        findings_added = 0
+
+        if parsed.get('cracked'):
+            usernames = [c.get('username', 'unknown') for c in parsed['cracked'] if c.get('username')]
+            usernames_str = ', '.join(usernames[:10])  # First 10
+            if len(usernames) > 10:
+                usernames_str += f" (+{len(usernames) - 10} more)"
+
+            fm.add_finding(
+                engagement_id=engagement_id,
+                title=f"Password Hashes Cracked - {len(parsed['cracked'])} passwords recovered",
+                finding_type='credential',
+                severity='high',
+                description=f"John the Ripper successfully cracked {len(parsed['cracked'])} password hash(es).\n\n"
+                           f"Usernames: {usernames_str}\n"
+                           f"Session status: {parsed.get('session_status', 'unknown')}",
+                tool='john'
+            )
+            findings_added += 1
+
+        # Determine status
+        if creds_added > 0:
+            status = STATUS_DONE
+        elif parsed.get('session_status') == 'completed':
+            status = STATUS_NO_RESULTS  # Ran to completion but found nothing
+        else:
+            status = STATUS_NO_RESULTS
+
+        return {
+            'tool': 'john',
+            'status': status,
+            'cracked_count': len(parsed.get('cracked', [])),
+            'credentials_added': creds_added,
+            'findings_added': findings_added,
+            'session_status': parsed.get('session_status', 'unknown'),
+            'total_loaded': parsed.get('total_loaded', 0)
+        }
+
+    except Exception as e:
+        logger.error(f"Error parsing john job: {e}")
+        return {'error': str(e)}

souleyez/engine/worker_manager.py

@@ -4,12 +4,13 @@ Worker health check and management utilities
 """
 import psutil
 import time
-from typing import Optional, Tuple
+from typing import Optional, Tuple, Dict, Any
 
 
 def is_worker_running() -> Tuple[bool, Optional[int]]:
     """
-    Check if background worker is running
+    Check if background worker is running.
+
     Returns: (is_running, pid)
     """
     for proc in psutil.process_iter(['pid', 'cmdline']):
@@ -29,6 +30,40 @@ def is_worker_running() -> Tuple[bool, Optional[int]]:
     return False, None
 
 
+def is_worker_healthy() -> Tuple[bool, Optional[int], Optional[str]]:
+    """
+    Check if background worker is running AND healthy (responding).
+
+    Uses heartbeat file to verify worker is actively processing.
+    A worker process may exist but be frozen/hung - heartbeat detects this.
+
+    Returns: (is_healthy, pid, issue)
+        - is_healthy: True if worker is running and heartbeat is fresh
+        - pid: Worker PID if found, None otherwise
+        - issue: Description of issue if not healthy, None otherwise
+    """
+    from souleyez.engine.background import (
+        get_heartbeat_age, HEARTBEAT_STALE_THRESHOLD
+    )
+
+    is_running, pid = is_worker_running()
+
+    if not is_running:
+        return False, None, "Worker process not found"
+
+    # Check heartbeat
+    heartbeat_age = get_heartbeat_age()
+
+    if heartbeat_age is None:
+        # No heartbeat file - worker may have just started
+        return True, pid, "No heartbeat yet (may be starting)"
+
+    if heartbeat_age > HEARTBEAT_STALE_THRESHOLD:
+        return False, pid, f"Heartbeat stale ({int(heartbeat_age)}s old, threshold: {HEARTBEAT_STALE_THRESHOLD}s)"
+
+    return True, pid, None
+
+
 def start_worker_if_needed() -> bool:
     """
     Start worker if not running
@@ -107,3 +142,64 @@ def get_worker_status() -> dict:
             pass
 
     return status
+
+
+def get_worker_health() -> Dict[str, Any]:
+    """
+    Get detailed worker health status including heartbeat info.
+
+    Returns dict with:
+        - running: Whether worker process exists
+        - healthy: Whether worker is running AND responsive
+        - pid: Worker PID if running
+        - uptime: Seconds since worker started
+        - heartbeat_age: Seconds since last heartbeat
+        - heartbeat_stale: Whether heartbeat is stale
+        - issue: Description of any health issue
+        - cpu_percent: CPU usage percentage
+        - memory_mb: Memory usage in MB
+    """
+    from souleyez.engine.background import (
+        get_heartbeat_age, HEARTBEAT_STALE_THRESHOLD
+    )
+
+    is_running, pid = is_worker_running()
+    heartbeat_age = get_heartbeat_age()
+
+    health = {
+        'running': is_running,
+        'healthy': False,
+        'pid': pid,
+        'uptime': None,
+        'heartbeat_age': heartbeat_age,
+        'heartbeat_stale': heartbeat_age is None or heartbeat_age > HEARTBEAT_STALE_THRESHOLD,
+        'issue': None,
+        'cpu_percent': None,
+        'memory_mb': None
+    }
+
+    if not is_running:
+        health['issue'] = "Worker process not found"
+        return health
+
+    # Get process info
+    try:
+        proc = psutil.Process(pid)
+        health['uptime'] = int(time.time() - proc.create_time())
+        health['cpu_percent'] = proc.cpu_percent(interval=0.1)
+        health['memory_mb'] = round(proc.memory_info().rss / 1024 / 1024, 1)
+    except (psutil.NoSuchProcess, psutil.AccessDenied):
+        health['issue'] = "Cannot access worker process"
+        return health
+
+    # Check heartbeat
+    if heartbeat_age is None:
+        health['issue'] = "No heartbeat yet (worker may be starting)"
+        health['healthy'] = True  # Give benefit of doubt for new workers
+    elif heartbeat_age > HEARTBEAT_STALE_THRESHOLD:
+        health['issue'] = f"Worker unresponsive (heartbeat {int(heartbeat_age)}s old)"
+        health['healthy'] = False
+    else:
+        health['healthy'] = True
+
+    return health