souleyez 2.40.0__py3-none-any.whl → 2.43.3__py3-none-any.whl

souleyez/licensing/validator.py

@@ -23,11 +23,19 @@ from datetime import datetime
 from pathlib import Path
 from typing import Optional, Tuple
 
+
+def _add_base64_padding(data: str) -> str:
+    """Add padding to base64 string if missing."""
+    padding = 4 - len(data) % 4
+    if padding != 4:
+        data += '=' * padding
+    return data
+
 # Ed25519 public key for license verification (Base64 encoded)
 # Private key is kept secure by the license issuer
 # This public key can only VERIFY signatures, not create them
 LICENSE_PUBLIC_KEY = """-----BEGIN PUBLIC KEY-----
-MCowBQYDK2VwAyEAQcYKDuMbdSnw0Ra8PX1BedqyNV7JBKeFnULM5PbINN0=
+MCowBQYDK2VwAyEABS0eqd9OPCtqOvQI1Aw8vGnXiX1qecBjZ0UY7esPk1I=
 -----END PUBLIC KEY-----"""
 
 
@@ -109,7 +117,8 @@ class LicenseValidator:
         try:
             # Decode the license key
             try:
-                decoded = base64.urlsafe_b64decode(license_key.strip())
+                padded_key = _add_base64_padding(license_key.strip())
+                decoded = base64.urlsafe_b64decode(padded_key)
                 payload = json.loads(decoded)
             except Exception as e:
                 return LicenseInfo(
@@ -232,7 +241,7 @@ class LicenseValidator:
             message = json.dumps(data, sort_keys=True, separators=(',', ':')).encode()
 
             # Decode signature
-            signature = base64.urlsafe_b64decode(signature_b64)
+            signature = base64.urlsafe_b64decode(_add_base64_padding(signature_b64))
 
             # Verify
             public_key.verify(signature, message)
@@ -258,7 +267,7 @@ class LicenseValidator:
         ).digest()
 
         try:
-            actual = base64.urlsafe_b64decode(signature_b64)
+            actual = base64.urlsafe_b64decode(_add_base64_padding(signature_b64))
             return hmac.compare_digest(expected, actual)
         except Exception:
             return False

souleyez/main.py

@@ -173,7 +173,7 @@ def _check_privileged_tools():
 
 
 @click.group()
-@click.version_option(version='2.40.0')
+@click.version_option(version='2.43.3')
 def cli():
     """SoulEyez - AI-Powered Pentesting Platform by CyberSoul Security"""
     from souleyez.log_config import init_logging

souleyez/reporting/generator.py

@@ -704,7 +704,7 @@ class ReportGenerator:
             if user.tier != Tier.PRO:
                 raise PermissionError(
                     "AI-enhanced reports require a PRO license. "
-                    "Upgrade at https://souleyez.com/pricing"
+                    "Upgrade at https://www.cybersoulsecurity.com/souleyez"
                 )
         except ImportError:
             # Auth module not available - allow

souleyez/ui/interactive.py

@@ -203,7 +203,7 @@ def _show_upgrade_prompt(feature_name: str):
         f"  • MSF Integration - Metasploit attack chains\n"
         f"  • Reports & Export - Professional deliverables\n"
         f"  • Team Dashboard - Collaboration & activity tracking\n\n"
-        f"[cyan]Visit: https://souleyez.com/pricing[/cyan]",
+        f"[cyan]Visit: https://www.cybersoulsecurity.com/souleyez[/cyan]",
         title="🔒 Upgrade Required",
         border_style="yellow"
     ))
@@ -8593,7 +8593,7 @@ def _license_management_menu():
             click.echo("    [y] Sync User Tier          - Update your account to PRO")
             click.echo("    [d] Deactivate              - Remove license (revert to FREE)")
         click.echo()
-        click.echo("    [p] Purchase Pro            - Visit souleyez.com/pricing")
+        click.echo("    [p] Purchase Pro            - Visit cybersoulsecurity.com/souleyez")
         click.echo()
         click.echo("    [q] ← Back")
         click.echo()
@@ -8742,9 +8742,9 @@ def _license_management_menu():
 
             elif choice == "p":
                 click.echo()
-                click.echo("  Visit: https://souleyez.com/pricing")
+                click.echo("  Visit: https://www.cybersoulsecurity.com/souleyez")
                 click.echo()
-                click.echo("  Or contact: sales@souleyez.com")
+                click.echo("  Or contact: cysoul.secit@gmail.com")
                 click.pause("\n  Press Enter to continue...")
 
             else:

souleyez/ui/tool_setup.py

@@ -24,6 +24,19 @@ from souleyez.utils.tool_checker import (
 )
 from souleyez.ui.design_system import DesignSystem
 
+
+def _reset_terminal():
+    """Reset terminal to sane state after interrupt."""
+    try:
+        # Reset terminal using stty
+        subprocess.run(['stty', 'sane'], check=False, timeout=5)
+        # Also try the reset command for good measure
+        subprocess.run(['reset', '-I'], check=False, timeout=5,
+                       stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
+    except Exception:
+        pass
+
+
 # Prerequisites needed for various install methods
 PREREQUISITES = {
     'build-deps': {
@@ -380,6 +393,17 @@ def _ensure_msfdb_initialized(console):
 
 def run_tool_setup(check_only: bool = False, install_all: bool = False):
     """Run the tool setup wizard."""
+    try:
+        _run_tool_setup_impl(check_only, install_all)
+    except KeyboardInterrupt:
+        # Reset terminal to sane state after Ctrl+C
+        _reset_terminal()
+        print("\n\n  Setup cancelled.")
+        raise
+
+
+def _run_tool_setup_impl(check_only: bool = False, install_all: bool = False):
+    """Internal implementation of tool setup wizard."""
     console = DesignSystem.get_console()
     distro = detect_distro()
 
@@ -773,22 +797,87 @@ def _install_snap_tool(console, tool: Dict) -> bool:
 
 def _install_git_tool(console, tool: Dict) -> bool:
     """Install a tool from git (requires sudo for /opt)."""
+    import re
+
     name = tool['name']
     cmd = tool['install']
 
-    console.print(f"    {name}...", end=" ")
+    console.print(f"    {name}...")
+
+    # Parse the command to handle existing directories properly
+    # Commands are typically: git clone <url> <dir> && pip install ... && ln -sf ...
+    commands = [c.strip() for c in cmd.split('&&')]
+
+    clone_cmd = None
+    post_clone_cmds = []
+    target_dir = None
+
+    for i, c in enumerate(commands):
+        if 'git clone' in c:
+            clone_cmd = c
+            post_clone_cmds = commands[i + 1:]
+            # Extract target directory from clone command
+            # Pattern: git clone <url> <directory>
+            match = re.search(r'git clone\s+\S+\s+(\S+)', c)
+            if match:
+                target_dir = match.group(1)
+            break
+
+    # If we found a git clone command and target directory
+    if clone_cmd and target_dir:
+        dir_exists = Path(target_dir).exists()
+
+        if dir_exists:
+            console.print(f"      [dim]Directory {target_dir} exists, updating...[/dim]")
+            # Try to update with git pull
+            pull_cmd = f"sudo git -C {target_dir} pull"
+            success, _, stderr = _run_command(pull_cmd, console, capture=True)
+
+            if not success and "not a git repository" in stderr.lower():
+                # Directory exists but isn't a git repo - remove and re-clone
+                console.print(f"      [dim]Not a git repo, re-cloning...[/dim]")
+                rm_cmd = f"sudo rm -rf {target_dir}"
+                _run_command(rm_cmd, console, capture=True)
+                success, _, stderr = _run_command(clone_cmd, console, capture=True)
+                if not success:
+                    console.print(f"[red]✗[/red]")
+                    if stderr:
+                        console.print(f"      [dim]{stderr[:80]}[/dim]")
+                    return False
+            elif not success:
+                # Pull failed for other reasons, try to continue anyway
+                console.print(f"      [yellow]⚠ git pull failed, continuing with existing files[/yellow]")
+        else:
+            # Directory doesn't exist, run the clone
+            success, _, stderr = _run_command(clone_cmd, console, capture=True)
+            if not success:
+                console.print(f"[red]✗[/red]")
+                if stderr:
+                    console.print(f"      [dim]{stderr[:80]}[/dim]")
+                return False
+
+        # Run post-clone commands (pip install, symlink, etc.)
+        for post_cmd in post_clone_cmds:
+            post_cmd = post_cmd.strip()
+            if not post_cmd:
+                continue
+            success, _, stderr = _run_command(post_cmd, console, capture=True)
+            if not success:
+                console.print(f"[red]✗[/red]")
+                if stderr:
+                    console.print(f"      [dim]{stderr[:80]}[/dim]")
+                return False
 
-    # These typically clone to /opt and need sudo
+        console.print(f"    [green]✓[/green]")
+        return True
+
+    # Fallback: run the full command as-is (no git clone detected)
     success, _, stderr = _run_command(cmd, console, capture=True)
 
     if success:
         console.print("[green]✓[/green]")
         return True
     else:
-        # Check if directory already exists
-        if "already exists" in stderr:
-            console.print("[green]✓ (already installed)[/green]")
-            return True
         console.print(f"[red]✗[/red]")
         if stderr:
             console.print(f"      [dim]{stderr[:80]}[/dim]")

souleyez/ui/tutorial.py

@@ -292,6 +292,14 @@ def _show_tutorial_complete():
     click.echo(click.style("⚠️  NEVER scan systems without permission!", fg='red', bold=True))
     click.echo()
 
+    # Always disable auto-chaining (it's a PRO feature, tutorial enabled for demo)
+    try:
+        from souleyez.core.tool_chaining import ToolChaining
+        chaining = ToolChaining()
+        chaining.disable_chaining()
+    except Exception:
+        pass
+
     # Offer to clean up tutorial data
     click.echo()
     if click.confirm("Clean up tutorial engagement and jobs?", default=True):
@@ -316,6 +324,14 @@ def _cleanup_tutorial_data():
     try:
         from souleyez.storage.engagements import EngagementManager
         from souleyez.engine.background import list_jobs, delete_job, kill_job
+        from souleyez.core.tool_chaining import ToolChaining
+
+        # Disable auto-chaining (it's a PRO feature, tutorial enabled it for demo)
+        try:
+            chaining = ToolChaining()
+            chaining.disable_chaining()
+        except Exception:
+            pass
 
         em = EngagementManager()
 

souleyez/utils/tool_checker.py

@@ -320,8 +320,8 @@ EXTERNAL_TOOLS = {
         },
         'responder': {
             'command': 'responder',
-            'install_kali': 'sudo apt install responder && sudo pip install aioquic',
-            'install_ubuntu': 'sudo git clone https://github.com/lgandx/Responder.git /opt/Responder && sudo pip install -r /opt/Responder/requirements.txt aioquic && sudo ln -sf /opt/Responder/Responder.py /usr/local/bin/responder',
+            'install_kali': 'sudo apt install responder && sudo pip install --break-system-packages aioquic',
+            'install_ubuntu': 'sudo git clone https://github.com/lgandx/Responder.git /opt/Responder && sudo pip install --break-system-packages -r /opt/Responder/requirements.txt aioquic && sudo ln -sf /opt/Responder/Responder.py /usr/local/bin/responder',
             'install_method': 'kali_only',
             'description': 'LLMNR, NBT-NS and MDNS poisoner',
             'needs_sudo': True  # Required for network poisoning

souleyez-2.43.3.dist-info/METADATA

@@ -0,0 +1,269 @@
+Metadata-Version: 2.4
+Name: souleyez
+Version: 2.43.3
+Summary: AI-Powered Penetration Testing Platform with 40+ integrated tools
+Author-email: CyberSoul Security <contact@cybersoulsecurity.com>
+Maintainer-email: CyberSoul Security <contact@cybersoulsecurity.com>
+License: MIT
+Project-URL: Homepage, https://github.com/cyber-soul-security/SoulEyez
+Project-URL: Documentation, https://github.com/cyber-soul-security/SoulEyez#readme
+Project-URL: Repository, https://github.com/cyber-soul-security/SoulEyez.git
+Project-URL: Issues, https://github.com/cyber-soul-security/SoulEyez/issues
+Keywords: pentesting,security,hacking,penetration-testing,cybersecurity,nmap,metasploit
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Environment :: Console :: Curses
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Operating System :: MacOS
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: System :: Networking
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: anthropic>=0.40.0
+Requires-Dist: click>=8.0.0
+Requires-Dist: cryptography>=3.4.0
+Requires-Dist: defusedxml>=0.7.0
+Requires-Dist: impacket>=0.11.0
+Requires-Dist: markdown>=3.4.0
+Requires-Dist: msgpack>=1.0.0
+Requires-Dist: ollama>=0.1.0
+Requires-Dist: psycopg2-binary>=2.9.0
+Requires-Dist: psutil>=5.9.0
+Requires-Dist: python-json-logger>=2.0.0
+Requires-Dist: requests>=2.28.0
+Requires-Dist: rich>=10.0.0
+Requires-Dist: wcwidth>=0.2.0
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0.0; extra == "dev"
+Dynamic: license-file
+
+# SoulEyez — AI-Powered Penetration Testing Platform
+
+[![CI](https://github.com/cyber-soul-security/souleyez/actions/workflows/python-ci.yml/badge.svg)](https://github.com/cyber-soul-security/souleyez/actions/workflows/python-ci.yml)
+[![codecov](https://codecov.io/gh/cyber-soul-security/souleyez/branch/main/graph/badge.svg)](https://codecov.io/gh/cyber-soul-security/souleyez)
+[![Python 3.9+](https://img.shields.io/badge/python-3.9+-blue.svg)](https://www.python.org/downloads/)
+[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
+[![Security: bandit](https://img.shields.io/badge/security-bandit-yellow.svg)](https://github.com/PyCQA/bandit)
+
+---
+
+## What is SoulEyez?
+
+**SoulEyez is your penetration testing command center.** Instead of juggling dozens of terminal windows and text files, SoulEyez gives you one organized place to:
+
+- **Run security scans** — Execute tools like Nmap, Gobuster, SQLMap with simple commands
+- **Auto-discover next steps** — When one scan finds something interesting, SoulEyez automatically suggests (or runs) the next logical tool
+- **Stay organized** — Keep all your targets, findings, and credentials in one searchable database
+- **Generate reports** — Export professional reports when you're done
+
+---
+
+## Who is this for?
+
+- **Security professionals** conducting authorized penetration tests
+- **CTF players** who want better organization during competitions
+- **Students** learning penetration testing methodology
+
+> **Important:** Only use SoulEyez on systems you have explicit authorization to test. Unauthorized scanning or exploitation is illegal.
+
+---
+
+## Features
+
+### Core Capabilities
+
+- 🎯 **Interactive Dashboard** — Real-time engagement monitoring with live updates
+- 🔗 **Smart Tool Chaining** — Automatic follow-up scans based on discoveries
+- 📊 **Findings Management** — Track and categorize vulnerabilities by severity
+- 🔑 **Credential Vault** — Encrypted storage for discovered credentials
+- 🌐 **Network Mapping** — Host discovery and service enumeration
+- 📈 **Progress Tracking** — Monitor scan completion and tool execution
+- 💾 **SQLite Storage** — Local database for all engagement data
+- 🔄 **Background Jobs** — Queue-based tool execution with status monitoring
+
+### Integrated Tools (40+)
+
+- **Reconnaissance**: nmap, masscan, theHarvester, whois, dnsrecon
+- **Web Testing**: nikto, gobuster, ffuf, sqlmap, nuclei, wpscan
+- **Enumeration**: enum4linux-ng, smbmap, crackmapexec, snmpwalk
+- **Exploitation**: Metasploit integration, searchsploit
+- **Password Attacks**: hydra, hashcat, john
+- **Post-Exploitation**: impacket suite, bloodhound
+
+### Pentest Workflow & Intelligence
+
+- 📁 **Evidence Vault** — Unified artifact collection organized by PTES phases
+- 🎯 **Attack Surface Dashboard** — Track what's exploited vs pending with priority scoring
+- 💣 **Exploit Suggestions** — Automatic CVE/Metasploit recommendations for discovered services
+- 🔗 **Correlation Engine** — Cross-phase attack tracking and gap analysis
+- 📝 **Report Generator** — Professional reports in Markdown/HTML/PDF formats
+- ✅ **Deliverable Tracking** — Manage testing requirements and acceptance criteria
+- 📸 **Screenshot Management** — Organized visual evidence by methodology phase
+
+### SIEM Integration
+
+- 🛡️ **SIEM Connectors** — Connect to Wazuh, Splunk, and other SIEM platforms
+- ✓ **Detection Validation** — Verify if your attacks triggered SIEM alerts
+- 🔍 **Vulnerability Management** — View CVEs from SIEM vulnerability data
+- ⚖️ **Gap Analysis** — Compare passive (SIEM) vs active (scan) findings
+- 🗺️ **MITRE ATT&CK Reports** — Detection coverage heatmaps by technique
+- 📡 **Real-time Alerts** — Monitor SIEM alerts during live engagements
+
+### FREE vs PRO
+
+| Feature | FREE | PRO |
+|---------|------|-----|
+| Core features (scans, findings, credentials) | ✅ | ✅ |
+| Report generation | ✅ | ✅ |
+| AI-powered suggestions & auto-chaining | ❌ | ✅ |
+| Metasploit integration & exploit suggestions | ❌ | ✅ |
+| SIEM integration & detection validation | ❌ | ✅ |
+| MITRE ATT&CK reports | ❌ | ✅ |
+
+---
+
+## Quick Start
+
+### Step 1: Install Prerequisites
+
+```bash
+sudo apt install pipx    # Install pipx
+pipx ensurepath          # Add pipx apps to your PATH
+source ~/.bashrc         # Reload shell (Kali: use ~/.zshrc)
+```
+
+### Step 2: Install SoulEyez
+
+```bash
+pipx install souleyez
+```
+
+### Step 3: Launch SoulEyez
+
+```bash
+souleyez interactive
+```
+
+### Step 4: First-Time Setup
+
+On your first run, the setup wizard guides you through:
+
+1. **Vault Password** — Create a master password that encrypts sensitive data
+2. **First Engagement** — Set up your first project and select engagement type
+3. **Tool Check** — Detect and optionally install missing security tools
+4. **AI Setup** — Configure Ollama for AI features (optional)
+5. **Tutorial** — Option to run the interactive tutorial (recommended)
+
+### Step 5: You're Ready!
+
+Once setup completes, you'll see the main menu.
+
+---
+
+## System Requirements
+
+| Component | Minimum | Recommended |
+|-----------|---------|-------------|
+| **OS** | Ubuntu 22.04+ | Kali Linux |
+| **Python** | 3.9+ | 3.11+ |
+| **RAM** | 4GB | 8GB+ |
+| **Disk** | 10GB | 50GB+ |
+
+### Supported Operating Systems
+
+| OS | Status | Notes |
+|----|--------|-------|
+| **Kali Linux** | ✅ Recommended | All pentesting tools pre-installed |
+| **Ubuntu 22.04+** | ✅ Supported | Tools installed via `souleyez setup` |
+| **Parrot OS** | ✅ Supported | Security-focused distro |
+| **Debian 12+** | ✅ Supported | Stable base system |
+| **macOS/Windows** | ❌ Not Supported | Use Linux in a VM |
+
+---
+
+## Common Commands
+
+| Command | What it does |
+|---------|--------------|
+| `souleyez interactive` | Launch the main interface |
+| `souleyez dashboard` | Real-time monitoring view |
+| `souleyez doctor` | Check if everything is set up correctly |
+| `souleyez setup` | Install/update pentesting tools |
+| `souleyez --help` | Show all available commands |
+
+---
+
+## Security & Encryption
+
+SoulEyez encrypts all stored credentials using **Fernet (AES-128-CBC + HMAC-SHA256)** with PBKDF2 key derivation (600k iterations).
+
+- Master password is never stored (cannot be recovered if lost)
+- Credentials encrypted at rest with industry-standard cryptography
+- Sensitive data is masked in the UI until explicitly revealed
+
+See [SECURITY.md](SECURITY.md) for complete security guidelines.
+
+---
+
+## Documentation
+
+- **[Getting Started](souleyez/docs/user-guide/getting-started.md)** — Your first engagement in 10 minutes
+- **[Installation Guide](souleyez/docs/user-guide/installation.md)** — Detailed setup instructions
+- **[Workflows](souleyez/docs/user-guide/workflows.md)** — Complete pentesting workflows
+- **[Auto-Chaining](souleyez/docs/user-guide/auto-chaining.md)** — Automatic follow-up scans
+- **[Configuration](souleyez/docs/user-guide/configuration.md)** — All configuration options
+- **[Troubleshooting](souleyez/docs/user-guide/troubleshooting.md)** — Common issues and fixes
+
+---
+
+## Troubleshooting
+
+| Problem | Solution |
+|---------|----------|
+| "command not found: souleyez" | Run `pipx ensurepath` then restart terminal |
+| "Tool not found" errors | Run `souleyez setup` to install missing tools |
+| Forgot vault password | Data is encrypted — start fresh with `rm -rf ~/.souleyez` |
+| Something seems broken | Run `souleyez doctor` to diagnose |
+
+---
+
+## Glossary
+
+New to pentesting? Here are some common terms:
+
+| Term | Meaning |
+|------|---------|
+| **Engagement** | A project or assessment — contains all data for one test |
+| **Target/Host** | A computer, server, or device you're testing |
+| **Finding** | A security issue or vulnerability you discovered |
+| **Credential** | Username/password combo found during testing |
+
+---
+
+## Support & Feedback
+
+- **Issues**: https://github.com/cyber-soul-security/souleyez/issues
+- **Security Issues**: cysoul.secit@gmail.com (see [SECURITY.md](SECURITY.md))
+- **General**: cysoul.secit@gmail.com
+
+---
+
+## License
+
+See [LICENSE](LICENSE) for details.
+
+---
+
+**Version**: 2.43.1 | **Maintainer**: [CyberSoul Security](https://www.cybersoulsecurity.com)