PyPI - souleyez - Versions diffs - 2.26.0__py3-none-any.whl → 2.28.0__py3-none-any.whl - Mend

souleyez 2.26.0py3-none-any.whl → 2.28.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

souleyez/__init__.py +1 -1
souleyez/core/tool_chaining.py +36 -12
souleyez/docs/README.md +2 -2
souleyez/docs/user-guide/configuration.md +1 -1
souleyez/docs/user-guide/scope-management.md +683 -0
souleyez/engine/background.py +655 -168
souleyez/engine/result_handler.py +340 -11
souleyez/engine/worker_manager.py +98 -2
souleyez/main.py +222 -1
souleyez/plugins/http_fingerprint.py +8 -2
souleyez/plugins/nuclei.py +2 -1
souleyez/plugins/searchsploit.py +21 -18
souleyez/security/scope_validator.py +615 -0
souleyez/storage/hosts.py +87 -2
souleyez/storage/migrations/_026_add_engagement_scope.py +87 -0
souleyez/ui/interactive.py +289 -5
{souleyez-2.26.0.dist-info → souleyez-2.28.0.dist-info}/METADATA +9 -3
{souleyez-2.26.0.dist-info → souleyez-2.28.0.dist-info}/RECORD +22 -19
{souleyez-2.26.0.dist-info → souleyez-2.28.0.dist-info}/WHEEL +0 -0
{souleyez-2.26.0.dist-info → souleyez-2.28.0.dist-info}/entry_points.txt +0 -0
{souleyez-2.26.0.dist-info → souleyez-2.28.0.dist-info}/licenses/LICENSE +0 -0
{souleyez-2.26.0.dist-info → souleyez-2.28.0.dist-info}/top_level.txt +0 -0

souleyez/main.py CHANGED Viewed

@@ -173,7 +173,7 @@ def _check_privileged_tools():
 @click.group()
-@click.version_option(version='2.26.0')
+@click.version_option(version='2.28.0')
 def cli():
     """SoulEyez - AI-Powered Pentesting Platform by CyberSoul Security"""
     from souleyez.log_config import init_logging
@@ -604,6 +604,227 @@ from souleyez.commands.audit import audit
 cli.add_command(audit)
+# ============================================================================
+# SCOPE MANAGEMENT
+# ============================================================================
+@cli.group()
+def scope():
+    """Engagement scope management - define and enforce target boundaries."""
+    pass
+@scope.command("add")
+@click.argument("engagement_name")
+@click.option("--cidr", help="Add CIDR range (e.g., 192.168.1.0/24)")
+@click.option("--domain", help="Add domain pattern (e.g., *.example.com)")
+@click.option("--url", help="Add URL (e.g., https://app.example.com)")
+@click.option("--hostname", help="Add specific hostname or IP")
+@click.option("--exclude", is_flag=True, help="Add as exclusion (deny rule)")
+@click.option("--description", "-d", default="", help="Description for this scope entry")
+def scope_add(engagement_name, cidr, domain, url, hostname, exclude, description):
+    """Add a scope entry to an engagement."""
+    from souleyez.security.scope_validator import ScopeManager
+    em = EngagementManager()
+    eng = em.get(engagement_name)
+    if not eng:
+        click.echo(f"Error: Engagement '{engagement_name}' not found", err=True)
+        return
+    manager = ScopeManager()
+    # Determine scope type and value
+    if cidr:
+        scope_type, value = 'cidr', cidr
+    elif domain:
+        scope_type, value = 'domain', domain
+    elif url:
+        scope_type, value = 'url', url
+    elif hostname:
+        scope_type, value = 'hostname', hostname
+    else:
+        click.echo("Error: Must specify one of --cidr, --domain, --url, or --hostname", err=True)
+        return
+    try:
+        scope_id = manager.add_scope(
+            engagement_id=eng['id'],
+            scope_type=scope_type,
+            value=value,
+            is_excluded=exclude,
+            description=description
+        )
+        action = "exclusion" if exclude else "scope entry"
+        click.echo(f"Added {action}: {scope_type}={value} (id={scope_id})")
+    except ValueError as e:
+        click.echo(f"Error: {e}", err=True)
+@scope.command("list")
+@click.argument("engagement_name")
+def scope_list(engagement_name):
+    """List scope entries for an engagement."""
+    from souleyez.security.scope_validator import ScopeManager, ScopeValidator
+    em = EngagementManager()
+    eng = em.get(engagement_name)
+    if not eng:
+        click.echo(f"Error: Engagement '{engagement_name}' not found", err=True)
+        return
+    manager = ScopeManager()
+    validator = ScopeValidator(eng['id'])
+    entries = manager.list_scope(eng['id'])
+    enforcement = validator.get_enforcement_mode()
+    click.echo(f"\nScope for '{engagement_name}' (enforcement: {enforcement})")
+    click.echo("=" * 70)
+    if not entries:
+        click.echo("No scope entries defined (all targets allowed)")
+        return
+    click.echo(f"{'ID':<5} {'Type':<10} {'Value':<35} {'Excluded':<10}")
+    click.echo("-" * 70)
+    for entry in entries:
+        excluded = "EXCLUDE" if entry.get('is_excluded') else ""
+        click.echo(f"{entry['id']:<5} {entry['scope_type']:<10} {entry['value']:<35} {excluded:<10}")
+        if entry.get('description'):
+            click.echo(f"      {entry['description']}")
+    click.echo()
+@scope.command("remove")
+@click.argument("engagement_name")
+@click.argument("scope_id", type=int)
+def scope_remove(engagement_name, scope_id):
+    """Remove a scope entry by ID."""
+    from souleyez.security.scope_validator import ScopeManager
+    em = EngagementManager()
+    eng = em.get(engagement_name)
+    if not eng:
+        click.echo(f"Error: Engagement '{engagement_name}' not found", err=True)
+        return
+    manager = ScopeManager()
+    if manager.remove_scope(scope_id):
+        click.echo(f"Removed scope entry {scope_id}")
+    else:
+        click.echo(f"Error: Failed to remove scope entry {scope_id}", err=True)
+@scope.command("enforcement")
+@click.argument("engagement_name")
+@click.argument("mode", type=click.Choice(['off', 'warn', 'block']))
+def scope_enforcement(engagement_name, mode):
+    """Set enforcement mode for an engagement.
+    Modes:
+      off   - No scope validation (default)
+      warn  - Allow out-of-scope targets but log warning
+      block - Reject jobs targeting out-of-scope hosts
+    """
+    from souleyez.security.scope_validator import ScopeManager
+    em = EngagementManager()
+    eng = em.get(engagement_name)
+    if not eng:
+        click.echo(f"Error: Engagement '{engagement_name}' not found", err=True)
+        return
+    manager = ScopeManager()
+    if manager.set_enforcement(eng['id'], mode):
+        click.echo(f"Enforcement mode set to '{mode}' for '{engagement_name}'")
+    else:
+        click.echo("Error: Failed to set enforcement mode", err=True)
+@scope.command("validate")
+@click.argument("engagement_name")
+@click.argument("target")
+def scope_validate(engagement_name, target):
+    """Test if a target is in scope."""
+    from souleyez.security.scope_validator import ScopeValidator
+    em = EngagementManager()
+    eng = em.get(engagement_name)
+    if not eng:
+        click.echo(f"Error: Engagement '{engagement_name}' not found", err=True)
+        return
+    validator = ScopeValidator(eng['id'])
+    result = validator.validate_target(target)
+    if result.is_in_scope:
+        click.echo(f"IN SCOPE: {target}")
+        if result.matched_entry:
+            click.echo(f"  Matched: {result.matched_entry.get('value')}")
+    else:
+        click.echo(f"OUT OF SCOPE: {target}")
+        click.echo(f"  Reason: {result.reason}")
+    click.echo(f"  Enforcement: {validator.get_enforcement_mode()}")
+@scope.command("revalidate")
+@click.argument("engagement_name")
+def scope_revalidate(engagement_name):
+    """Revalidate scope status for all hosts in an engagement."""
+    from souleyez.storage.hosts import HostManager
+    em = EngagementManager()
+    eng = em.get(engagement_name)
+    if not eng:
+        click.echo(f"Error: Engagement '{engagement_name}' not found", err=True)
+        return
+    hm = HostManager()
+    result = hm.revalidate_scope_status(eng['id'])
+    click.echo(f"Revalidated hosts for '{engagement_name}':")
+    click.echo(f"  Updated: {result['updated']}")
+    click.echo(f"  In scope: {result['in_scope']}")
+    click.echo(f"  Out of scope: {result['out_of_scope']}")
+@scope.command("log")
+@click.argument("engagement_name")
+@click.option("--limit", "-n", default=50, help="Number of entries to show")
+def scope_log(engagement_name, limit):
+    """Show scope validation audit log."""
+    from souleyez.security.scope_validator import ScopeManager
+    em = EngagementManager()
+    eng = em.get(engagement_name)
+    if not eng:
+        click.echo(f"Error: Engagement '{engagement_name}' not found", err=True)
+        return
+    manager = ScopeManager()
+    log_entries = manager.get_validation_log(eng['id'], limit)
+    click.echo(f"\nScope validation log for '{engagement_name}' (last {limit})")
+    click.echo("=" * 80)
+    if not log_entries:
+        click.echo("No validation log entries")
+        return
+    click.echo(f"{'Time':<20} {'Target':<25} {'Result':<12} {'Action':<10}")
+    click.echo("-" * 80)
+    for entry in log_entries:
+        timestamp = entry.get('created_at', '')[:19]  # Trim to datetime
+        target = entry.get('target', '')[:24]
+        result = entry.get('validation_result', '')
+        action = entry.get('action_taken', '')
+        click.echo(f"{timestamp:<20} {target:<25} {result:<12} {action:<10}")
 @cli.group()
 def jobs():
     """Background job management."""

souleyez/plugins/http_fingerprint.py CHANGED Viewed

@@ -326,6 +326,12 @@ class HttpFingerprintPlugin(PluginBase):
         }
         parsed = urlparse(url)
+        # Security: Only allow http/https schemes (B310 - prevent file:// or custom schemes)
+        if parsed.scheme not in ('http', 'https'):
+            result['error'] = f"Invalid URL scheme: {parsed.scheme}. Only http/https allowed."
+            return result
         is_https = parsed.scheme == 'https'
         # Create request with common browser headers
@@ -362,9 +368,9 @@ class HttpFingerprintPlugin(PluginBase):
                 except Exception:
                     pass  # TLS info is optional
-                response = urllib.request.urlopen(req, timeout=timeout, context=ctx)
+                response = urllib.request.urlopen(req, timeout=timeout, context=ctx)  # nosec B310 - scheme validated above
             else:
-                response = urllib.request.urlopen(req, timeout=timeout)
+                response = urllib.request.urlopen(req, timeout=timeout)  # nosec B310 - scheme validated above
             result['status_code'] = response.getcode()

souleyez/plugins/nuclei.py CHANGED Viewed

@@ -195,8 +195,9 @@ class NucleiPlugin(PluginBase):
         import os
         from pathlib import Path
-        # Check common template locations
+        # Check common template locations (nuclei v3 uses ~/.local/nuclei-templates)
         template_paths = [
+            Path.home() / ".local" / "nuclei-templates",  # nuclei v3 default
             Path.home() / "nuclei-templates",
             Path.home() / ".nuclei-templates",
             Path("/usr/share/nuclei-templates"),

souleyez/plugins/searchsploit.py CHANGED Viewed

@@ -126,27 +126,30 @@ class SearchSploitPlugin(PluginBase):
     def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
         """Build command for background execution with PID tracking."""
-        # Validate target
-        if not target or target.lower() == 'none':
-            raise ValueError("SearchSploit requires a search term. Usage: souleyez run searchsploit 'Apache 2.4.49'")
         args = args or []
         # Replace <target> placeholder
         args = [arg.replace("<target>", target) for arg in args]
-        # searchsploit syntax: searchsploit [--json] search_term [args]
-        cmd = ["searchsploit"]
-        # Force JSON output for parsing
-        if "--json" not in args:
-            cmd.append("--json")
-        # Add search term
-        cmd.append(target)
-        # Add user args (after target)
-        cmd.extend(args)
+        # searchsploit syntax: searchsploit [--json] search_term
+        cmd = ["searchsploit", "--json"]
+        # Determine search term: use args if they contain a non-flag search term,
+        # otherwise use target (but skip if target is a URL - not a valid search term)
+        non_flag_args = [a for a in args if not a.startswith('-')]
+        if non_flag_args:
+            # Args contain search term(s) - use those, ignore URL target
+            cmd.extend(non_flag_args)
+        elif target and not target.startswith(('http://', 'https://')):
+            # Target is not a URL - use it as search term
+            cmd.append(target)
+        else:
+            raise ValueError("SearchSploit requires a search term. Usage: souleyez run searchsploit 'Apache 2.4.49'")
+        # Add remaining flag args (excluding --json which is already added)
+        flag_args = [a for a in args if a.startswith('-') and a != '--json']
+        cmd.extend(flag_args)
         return {
             'cmd': cmd,

souleyez 2.26.0__py3-none-any.whl → 2.28.0__py3-none-any.whl

souleyez 2.26.0py3-none-any.whl → 2.28.0py3-none-any.whl