souleyez 2.27.0__py3-none-any.whl → 2.32.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -1
- souleyez/core/tool_chaining.py +60 -16
- souleyez/docs/README.md +2 -2
- souleyez/docs/user-guide/configuration.md +1 -1
- souleyez/docs/user-guide/scope-management.md +683 -0
- souleyez/engine/background.py +38 -1
- souleyez/engine/result_handler.py +167 -10
- souleyez/integrations/wazuh/config.py +141 -18
- souleyez/main.py +222 -1
- souleyez/plugins/nuclei.py +2 -1
- souleyez/plugins/searchsploit.py +21 -18
- souleyez/security/scope_validator.py +615 -0
- souleyez/storage/database.py +59 -20
- souleyez/storage/hosts.py +87 -2
- souleyez/storage/migrations/_026_add_engagement_scope.py +87 -0
- souleyez/storage/migrations/_027_multi_siem_persistence.py +119 -0
- souleyez/storage/migrations/__init__.py +6 -0
- souleyez/storage/schema.sql +44 -4
- souleyez/ui/interactive.py +825 -233
- {souleyez-2.27.0.dist-info → souleyez-2.32.0.dist-info}/METADATA +9 -3
- {souleyez-2.27.0.dist-info → souleyez-2.32.0.dist-info}/RECORD +25 -21
- {souleyez-2.27.0.dist-info → souleyez-2.32.0.dist-info}/WHEEL +0 -0
- {souleyez-2.27.0.dist-info → souleyez-2.32.0.dist-info}/entry_points.txt +0 -0
- {souleyez-2.27.0.dist-info → souleyez-2.32.0.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.27.0.dist-info → souleyez-2.32.0.dist-info}/top_level.txt +0 -0
souleyez/__init__.py
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
__version__ = '2.
|
|
1
|
+
__version__ = '2.32.0'
|
souleyez/core/tool_chaining.py
CHANGED
|
@@ -591,6 +591,23 @@ class ChainRule:
|
|
|
591
591
|
if svc_port in group.get('ports', []):
|
|
592
592
|
port = str(svc_port)
|
|
593
593
|
break
|
|
594
|
+
elif 'has:services' in self.trigger_condition:
|
|
595
|
+
# For has:services condition, extract port from the services array
|
|
596
|
+
# Prioritize HTTP services for web tools (gobuster, nuclei, etc.)
|
|
597
|
+
services = context.get('services', [])
|
|
598
|
+
http_ports = {80, 443, 8080, 8443, 8000, 8888, 3000, 5000}
|
|
599
|
+
|
|
600
|
+
# First pass: look for HTTP service by name or common HTTP ports
|
|
601
|
+
for svc in services:
|
|
602
|
+
svc_name = svc.get('service_name', '').lower()
|
|
603
|
+
svc_port = svc.get('port')
|
|
604
|
+
if svc_name == 'http' or svc_name == 'https' or svc_port in http_ports:
|
|
605
|
+
port = str(svc_port)
|
|
606
|
+
break
|
|
607
|
+
|
|
608
|
+
# Second pass: if no HTTP service, use the first service's port
|
|
609
|
+
if not port and services:
|
|
610
|
+
port = str(services[0].get('port', ''))
|
|
594
611
|
|
|
595
612
|
# Calculate subnet for {subnet} placeholder (e.g., 10.0.0.88 → 10.0.0.0/24)
|
|
596
613
|
subnet = ''
|
|
@@ -1742,6 +1759,20 @@ class ToolChaining:
|
|
|
1742
1759
|
)
|
|
1743
1760
|
)
|
|
1744
1761
|
|
|
1762
|
+
# Database Admin → SQLMap (gentler settings for phpMyAdmin/Adminer)
|
|
1763
|
+
# These panels are slow and easily overwhelmed - use single thread and basic tests
|
|
1764
|
+
self.rules.append(
|
|
1765
|
+
ChainRule(
|
|
1766
|
+
trigger_tool='gobuster',
|
|
1767
|
+
trigger_condition='category:database_admin',
|
|
1768
|
+
target_tool='sqlmap',
|
|
1769
|
+
priority=6, # Lower priority than CVE/exploit scans
|
|
1770
|
+
args_template=['-u', '{target}', '--batch', '--forms', '--threads=1', '--time-sec=10',
|
|
1771
|
+
'--level=1', '--risk=1', '--technique=BEU', '--timeout=30'],
|
|
1772
|
+
description='Database admin panel detected, testing login form for SQL injection (low intensity)'
|
|
1773
|
+
)
|
|
1774
|
+
)
|
|
1775
|
+
|
|
1745
1776
|
# WordPress → WPScan enumeration
|
|
1746
1777
|
self.rules.append(
|
|
1747
1778
|
ChainRule(
|
|
@@ -5000,6 +5031,7 @@ class ToolChaining:
|
|
|
5000
5031
|
label=f"Auto-retry: gobuster (wildcard {exclude_length}b)",
|
|
5001
5032
|
engagement_id=engagement_id,
|
|
5002
5033
|
parent_id=job.get('id'),
|
|
5034
|
+
reason=f"Auto-triggered by gobuster: Wildcard response detected, retrying with --exclude-length {exclude_length}",
|
|
5003
5035
|
metadata={'retry_attempt': 1, 'retry_parent_job_id': job.get('id')}
|
|
5004
5036
|
)
|
|
5005
5037
|
|
|
@@ -5099,7 +5131,8 @@ class ToolChaining:
|
|
|
5099
5131
|
args=sqlmap_args,
|
|
5100
5132
|
label=f"Auto-chain: SQLMap testing {endpoint_url}",
|
|
5101
5133
|
engagement_id=engagement_id,
|
|
5102
|
-
parent_id=job.get('id')
|
|
5134
|
+
parent_id=job.get('id'),
|
|
5135
|
+
reason=f"Auto-triggered by ffuf: Database/dynamic endpoint detected ({status_code} response)"
|
|
5103
5136
|
)
|
|
5104
5137
|
|
|
5105
5138
|
job_ids.append(sqlmap_job_id)
|
|
@@ -5127,6 +5160,7 @@ class ToolChaining:
|
|
|
5127
5160
|
label=f"Auto-chain: ffuf recursive {endpoint_url}",
|
|
5128
5161
|
engagement_id=engagement_id,
|
|
5129
5162
|
parent_id=job.get('id'),
|
|
5163
|
+
reason=f"Auto-triggered by ffuf: {status_code} response suggests deeper path, fuzzing recursively",
|
|
5130
5164
|
metadata={'ffuf_depth': current_depth + 1}
|
|
5131
5165
|
)
|
|
5132
5166
|
|
|
@@ -5350,7 +5384,8 @@ class ToolChaining:
|
|
|
5350
5384
|
args=['-m', '18200', '-a', '0', 'data/wordlists/top100.txt'],
|
|
5351
5385
|
label='CRACK_ASREP',
|
|
5352
5386
|
engagement_id=engagement_id,
|
|
5353
|
-
parent_id=job.get('id')
|
|
5387
|
+
parent_id=job.get('id'),
|
|
5388
|
+
reason="Auto-triggered by impacket-getnpusers: AS-REP hash extracted, attempting to crack"
|
|
5354
5389
|
)
|
|
5355
5390
|
|
|
5356
5391
|
job_ids.append(job_id)
|
|
@@ -5395,7 +5430,8 @@ class ToolChaining:
|
|
|
5395
5430
|
args=['-m', '1000', '-a', '0', 'data/wordlists/top100.txt'],
|
|
5396
5431
|
label='CRACK_NTLM',
|
|
5397
5432
|
engagement_id=engagement_id,
|
|
5398
|
-
parent_id=job.get('id')
|
|
5433
|
+
parent_id=job.get('id'),
|
|
5434
|
+
reason="Auto-triggered by impacket-secretsdump: NTLM hash extracted, attempting to crack"
|
|
5399
5435
|
)
|
|
5400
5436
|
|
|
5401
5437
|
job_ids.append(job_id)
|
|
@@ -5435,7 +5471,8 @@ class ToolChaining:
|
|
|
5435
5471
|
args=[cred_str],
|
|
5436
5472
|
label='EXTRACT_CREDS',
|
|
5437
5473
|
engagement_id=engagement_id,
|
|
5438
|
-
parent_id=job.get('id')
|
|
5474
|
+
parent_id=job.get('id'),
|
|
5475
|
+
reason="Auto-triggered by hydra: Valid credentials found, attempting to extract domain secrets"
|
|
5439
5476
|
)
|
|
5440
5477
|
|
|
5441
5478
|
job_ids.append(job_id)
|
|
@@ -5827,18 +5864,25 @@ class ToolChaining:
|
|
|
5827
5864
|
# Auto mode: enqueue immediately
|
|
5828
5865
|
print(f" 🔗 Chaining {cmd['tool']} for {cmd_target}: {cmd['reason']}")
|
|
5829
5866
|
# enqueue_job will acquire _lock again (nested lock is safe - same thread)
|
|
5830
|
-
|
|
5831
|
-
|
|
5832
|
-
|
|
5833
|
-
|
|
5834
|
-
|
|
5835
|
-
|
|
5836
|
-
|
|
5837
|
-
|
|
5838
|
-
|
|
5839
|
-
|
|
5840
|
-
|
|
5841
|
-
|
|
5867
|
+
try:
|
|
5868
|
+
job_id = enqueue_job(
|
|
5869
|
+
tool=cmd['tool'],
|
|
5870
|
+
target=cmd_target,
|
|
5871
|
+
args=resolved_args,
|
|
5872
|
+
label=source_tool,
|
|
5873
|
+
engagement_id=engagement_id,
|
|
5874
|
+
parent_id=parent_job_id,
|
|
5875
|
+
reason=cmd.get('reason', f"Auto-chain from {source_tool}"),
|
|
5876
|
+
metadata=cmd.get('metadata'), # Pass through deduplication metadata
|
|
5877
|
+
rule_id=cmd.get('rule_id') # Pass rule ID for tracking
|
|
5878
|
+
)
|
|
5879
|
+
job_ids.append(job_id)
|
|
5880
|
+
except Exception as scope_err:
|
|
5881
|
+
# Handle scope violations gracefully - skip out-of-scope targets
|
|
5882
|
+
if 'ScopeViolationError' in type(scope_err).__name__ or 'out of scope' in str(scope_err).lower():
|
|
5883
|
+
print(f" ⚠️ Skipped (out of scope): {cmd_target}")
|
|
5884
|
+
else:
|
|
5885
|
+
raise # Re-raise unexpected errors
|
|
5842
5886
|
|
|
5843
5887
|
# Lock released here - next iteration gets fresh lock
|
|
5844
5888
|
|
souleyez/docs/README.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# SoulEyez Documentation
|
|
2
2
|
|
|
3
|
-
**Version:** 2.
|
|
4
|
-
**Last Updated:** January
|
|
3
|
+
**Version:** 2.32.0
|
|
4
|
+
**Last Updated:** January 9, 2026
|
|
5
5
|
**Organization:** CyberSoul Security
|
|
6
6
|
|
|
7
7
|
Welcome to the SoulEyez documentation! This documentation covers architecture, development, user guides, and operational information for the SoulEyez penetration testing platform.
|