souleyez 2.43.20__tar.gz → 2.43.23__tar.gz

{souleyez-2.43.20/souleyez.egg-info → souleyez-2.43.23}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: souleyez
-Version: 2.43.20
+Version: 2.43.23
 Summary: AI-Powered Penetration Testing Platform with 40+ integrated tools
 Author-email: CyberSoul Security <contact@cybersoulsecurity.com>
 Maintainer-email: CyberSoul Security <contact@cybersoulsecurity.com>
@@ -266,4 +266,4 @@ See [LICENSE](LICENSE) for details.
 
 ---
 
-**Version**: 2.43.20 | **Maintainer**: [CyberSoul Security](https://www.cybersoulsecurity.com)
+**Version**: 2.43.21 | **Maintainer**: [CyberSoul Security](https://www.cybersoulsecurity.com)

{souleyez-2.43.20 → souleyez-2.43.23}/README.md

@@ -215,4 +215,4 @@ See [LICENSE](LICENSE) for details.
 
 ---
 
-**Version**: 2.43.20 | **Maintainer**: [CyberSoul Security](https://www.cybersoulsecurity.com)
+**Version**: 2.43.21 | **Maintainer**: [CyberSoul Security](https://www.cybersoulsecurity.com)

{souleyez-2.43.20 → souleyez-2.43.23}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "souleyez"
-version = "2.43.20"
+version = "2.43.23"
 description = "AI-Powered Penetration Testing Platform with 40+ integrated tools"
 readme = "README.md"
 license = {text = "MIT"}

souleyez-2.43.23/souleyez/__init__.py

@@ -0,0 +1,2 @@
+__version__ = '2.43.23'
+

{souleyez-2.43.20 → souleyez-2.43.23}/souleyez/docs/README.md

@@ -1,6 +1,6 @@
 # SoulEyez Documentation
 
-**Version:** 2.43.20
+**Version:** 2.43.23
 **Last Updated:** January 12, 2026
 **Organization:** CyberSoul Security
 

{souleyez-2.43.20 → souleyez-2.43.23}/souleyez/engine/background.py

@@ -833,7 +833,18 @@ def _try_run_plugin(tool: str, target: str, args: List[str], label: str, log_pat
                 cmd_spec = build_command_method(target, args or [], label or "", log_path)
                 
                 if cmd_spec is None:
-                    # build_command returned None - check if plugin has run() method
+                    # build_command returned None - check if this is a deliberate abort
+                    # (e.g., gobuster detected host redirect and aborted to avoid wasted scan)
+                    if os.path.exists(log_path):
+                        with open(log_path, 'r', encoding='utf-8', errors='replace') as fh:
+                            log_content = fh.read()
+                            if 'HOST_REDIRECT_TARGET:' in log_content:
+                                # Plugin aborted due to host redirect - don't fall through to run()
+                                # Return success (0) so parser can set WARNING status and trigger retry
+                                _append_worker_log(f"job {jid}: gobuster aborted due to host redirect")
+                                return (True, 0)
+
+                    # Otherwise check if plugin has run() method
                     # This allows plugins to signal "use run() instead" by returning None
                     run_method = getattr(plugin, "run", None)
                     if callable(run_method):

{souleyez-2.43.20 → souleyez-2.43.23}/souleyez/engine/result_handler.py

@@ -2522,10 +2522,17 @@ def parse_hydra_job(engagement_id: int, log_path: str, job: Dict[str, Any]) -> D
 
         # Check for hydra errors
         hydra_error = detect_tool_error(log_content, 'hydra')
+        summary = None
 
         # Determine status based on results
         if hydra_error:
-            status = STATUS_ERROR  # Tool failed to connect
+            # "Connection refused" means service not available - not a tool error
+            # This is a valid result: we successfully tested, service doesn't exist
+            if 'connection refused' in hydra_error.lower():
+                status = STATUS_NO_RESULTS  # Service not reachable
+                summary = f"Service not reachable (connection refused)"
+            else:
+                status = STATUS_ERROR  # Actual tool failure
         elif len(parsed.get('credentials', [])) > 0:
             status = STATUS_DONE  # Found valid credentials
         elif len(parsed.get('usernames', [])) > 0:
@@ -2533,7 +2540,7 @@ def parse_hydra_job(engagement_id: int, log_path: str, job: Dict[str, Any]) -> D
         else:
             status = STATUS_NO_RESULTS  # No valid credentials or usernames found
 
-        return {
+        result = {
             'tool': 'hydra',
             'status': status,
             'target': target,
@@ -2548,6 +2555,9 @@ def parse_hydra_job(engagement_id: int, log_path: str, job: Dict[str, Any]) -> D
             'findings_added': findings_added,
             'attempts': parsed.get('attempts', 0)
         }
+        if summary:
+            result['summary'] = summary
+        return result
     except Exception as e:
         return {'error': str(e)}
 
@@ -3316,8 +3326,10 @@ def parse_http_fingerprint_job(engagement_id: int, log_path: str, job: Dict[str,
         summary_parts = []
 
         if parsed.get('error'):
-            status = STATUS_ERROR
-            summary_parts.append(f"Error: {parsed.get('error')}")
+            # Network errors (connection refused, timeout, etc.) are findings about the target,
+            # not job failures. The job ran successfully - it just couldn't reach the target.
+            status = STATUS_WARNING
+            summary_parts.append(f"Unreachable: {parsed.get('error')}")
         elif parsed.get('managed_hosting') or parsed.get('waf') or parsed.get('cdn'):
             status = STATUS_DONE  # Found useful info
         elif parsed.get('server'):

{souleyez-2.43.20 → souleyez-2.43.23}/souleyez/main.py

@@ -173,7 +173,7 @@ def _check_privileged_tools():
 
 
 @click.group()
-@click.version_option(version='2.43.20')
+@click.version_option(version='2.43.23')
 def cli():
     """SoulEyez - AI-Powered Pentesting Platform by CyberSoul Security"""
     from souleyez.log_config import init_logging

{souleyez-2.43.20 → souleyez-2.43.23}/souleyez/plugins/gobuster.py

@@ -420,6 +420,18 @@ class GobusterPlugin(PluginBase):
 
             # Always run preflight - merge detected length with any existing exclusions
             preflight = self._preflight_check(base_url, timeout=5.0, log_path=log_path)
+
+            # If host redirect detected, abort scan immediately
+            # Don't waste time running on wrong target - result_handler will spawn retry
+            if preflight.get('redirect_host'):
+                if log_path:
+                    with open(log_path, 'a') as f:
+                        f.write("\n=== SCAN ABORTED ===\n")
+                        f.write("Host redirect detected. Aborting to avoid wasted scan time.\n")
+                        f.write("A retry job will be auto-queued with the correct target.\n")
+                        f.write(f"=== Completed: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())} ===\n")
+                return None  # Abort - background.py will check log for HOST_REDIRECT_TARGET
+
             if preflight['exclude_length']:
                 # Collect existing exclusions
                 existing_excludes = set()

{souleyez-2.43.20 → souleyez-2.43.23}/souleyez/ui/interactive.py

@@ -5487,7 +5487,7 @@ def view_job_detail(job_id: int):
 
         # Check if tool has a parser - if yes, hide raw logs by default
         tool = job.get('tool', '')
-        has_parser = tool in ['dnsrecon', 'nmap', 'ard', 'nuclei', 'nikto', 'dalfox', 'theharvester', 'sqlmap', 'ffuf', 'gobuster', 'wpscan', 'crackmapexec', 'hydra', 'whois', 'smbmap', 'enum4linux', 'msf_auxiliary', 'searchsploit']
+        has_parser = tool in ['dnsrecon', 'nmap', 'ard', 'nuclei', 'nikto', 'dalfox', 'theharvester', 'sqlmap', 'ffuf', 'gobuster', 'wpscan', 'crackmapexec', 'hydra', 'whois', 'smbmap', 'enum4linux', 'msf_auxiliary', 'searchsploit', 'http_fingerprint']
 
         # Show log file if exists
         log_path = job.get('log')
@@ -5677,6 +5677,116 @@ def view_job_detail(job_id: int):
                         except Exception:
                             pass  # Non-critical, just display the paths
 
+                    # Security concern patterns - check for interesting/dangerous paths
+                    security_concerns = []
+                    concern_patterns = {
+                        # Database files
+                        'database_files': {
+                            'patterns': [r'\.sql$', r'\.db$', r'\.mdb$', r'\.sqlite', r'/db\.', r'/database\.', r'\.bak\.sql'],
+                            'label': 'Database file exposed',
+                            'severity': 'high',
+                        },
+                        # Backup files
+                        'backup_files': {
+                            'patterns': [r'\.bak$', r'\.old$', r'\.backup$', r'\.orig$', r'\.save$', r'\.swp$', r'~$', r'\.zip$', r'\.tar', r'\.gz$', r'\.rar$'],
+                            'label': 'Backup/archive file',
+                            'severity': 'high',
+                        },
+                        # Config files
+                        'config_files': {
+                            'patterns': [r'web\.config', r'\.htaccess', r'\.htpasswd', r'\.env$', r'config\.php', r'config\.inc', r'settings\.py', r'\.ini$', r'\.conf$', r'\.cfg$'],
+                            'label': 'Configuration file exposed',
+                            'severity': 'high',
+                        },
+                        # Source code / dev files
+                        'source_files': {
+                            'patterns': [r'\.git/', r'\.svn/', r'\.DS_Store', r'\.vscode/', r'\.idea/', r'Thumbs\.db', r'\.log$', r'debug\.', r'test\.php', r'phpinfo'],
+                            'label': 'Development/debug file',
+                            'severity': 'medium',
+                        },
+                        # Legacy/vulnerable directories
+                        'legacy_dirs': {
+                            'patterns': [r'_vti_', r'/cgi-bin', r'/cgi/', r'/fcgi/', r'/admin/', r'/administrator/', r'/phpmyadmin', r'/pma/', r'/myadmin'],
+                            'label': 'Legacy/admin directory',
+                            'severity': 'medium',
+                        },
+                        # Sensitive endpoints
+                        'sensitive_endpoints': {
+                            'patterns': [r'/upload', r'/uploads/', r'/file/', r'/files/', r'/tmp/', r'/temp/', r'/private/', r'/internal/', r'/api/'],
+                            'label': 'Potentially sensitive directory',
+                            'severity': 'low',
+                        },
+                    }
+
+                    import re
+                    for path_entry in paths:
+                        url = path_entry.get('url', '').lower()
+                        for concern_type, concern_info in concern_patterns.items():
+                            for pattern in concern_info['patterns']:
+                                if re.search(pattern, url, re.IGNORECASE):
+                                    security_concerns.append({
+                                        'url': path_entry.get('url', ''),
+                                        'type': concern_type,
+                                        'label': concern_info['label'],
+                                        'severity': concern_info['severity'],
+                                        'status_code': path_entry.get('status_code', 'unknown'),
+                                    })
+                                    break  # Only match once per path per type
+
+                    # Display security concerns if found
+                    if security_concerns:
+                        click.echo(click.style("=" * 70, fg='red'))
+                        click.echo(click.style("⚠️  SECURITY CONCERNS", bold=True, fg='red'))
+                        click.echo(click.style("=" * 70, fg='red'))
+                        click.echo()
+
+                        # Group by severity
+                        high_concerns = [c for c in security_concerns if c['severity'] == 'high']
+                        medium_concerns = [c for c in security_concerns if c['severity'] == 'medium']
+                        low_concerns = [c for c in security_concerns if c['severity'] == 'low']
+
+                        if high_concerns:
+                            click.echo(click.style("[HIGH] Critical findings:", fg='red', bold=True))
+                            # Group by label
+                            by_label = {}
+                            for c in high_concerns:
+                                if c['label'] not in by_label:
+                                    by_label[c['label']] = []
+                                by_label[c['label']].append(c['url'])
+                            for label, urls in by_label.items():
+                                click.echo(click.style(f"  • {label}:", fg='red'))
+                                for url in urls[:5]:  # Limit to 5 per type
+                                    click.echo(f"    → {url}")
+                                if len(urls) > 5:
+                                    click.echo(f"    ... and {len(urls) - 5} more")
+                            click.echo()
+
+                        if medium_concerns:
+                            click.echo(click.style("[MEDIUM] Notable findings:", fg='yellow', bold=True))
+                            by_label = {}
+                            for c in medium_concerns:
+                                if c['label'] not in by_label:
+                                    by_label[c['label']] = []
+                                by_label[c['label']].append(c['url'])
+                            for label, urls in by_label.items():
+                                click.echo(click.style(f"  • {label}:", fg='yellow'))
+                                for url in urls[:5]:
+                                    click.echo(f"    → {url}")
+                                if len(urls) > 5:
+                                    click.echo(f"    ... and {len(urls) - 5} more")
+                            click.echo()
+
+                        if low_concerns:
+                            click.echo(click.style("[LOW] Worth investigating:", fg='cyan', bold=True))
+                            by_label = {}
+                            for c in low_concerns:
+                                if c['label'] not in by_label:
+                                    by_label[c['label']] = []
+                                by_label[c['label']].append(c['url'])
+                            for label, urls in by_label.items():
+                                click.echo(f"  • {label}: {len(urls)} path(s)")
+                            click.echo()
+
                     click.echo(click.style("=" * 70, fg='cyan'))
                     click.echo(click.style("DISCOVERED WEB PATHS", bold=True, fg='cyan'))
                     click.echo(click.style("=" * 70, fg='cyan'))
@@ -7177,6 +7287,110 @@ def view_job_detail(job_id: int):
                 # Silently fail - not critical
                 pass
 
+        # Parse and display http_fingerprint results if available (only when not showing raw logs)
+        if not show_raw_logs and job.get('tool') == 'http_fingerprint' and job.get('status') in ['done', 'completed', 'no_results'] and log_path and os.path.exists(log_path):
+            try:
+                with open(log_path, 'r', encoding='utf-8', errors='replace') as f:
+                    log_content = f.read()
+
+                # Extract JSON result from log
+                import json
+                import re
+                json_match = re.search(r'=== JSON_RESULT ===\s*(\{.*?\})\s*=== END_JSON_RESULT ===', log_content, re.DOTALL)
+
+                if json_match:
+                    result = json.loads(json_match.group(1))
+
+                    click.echo(click.style("=" * 70, fg='cyan'))
+                    click.echo(click.style("HTTP FINGERPRINT RESULTS", bold=True, fg='cyan'))
+                    click.echo(click.style("=" * 70, fg='cyan'))
+                    click.echo()
+
+                    # Status and redirects
+                    status_code = result.get('status_code')
+                    redirect_url = result.get('redirect_url')
+                    if status_code:
+                        click.echo(f"  HTTP Status: {status_code}")
+                    if redirect_url:
+                        click.echo(f"  Redirects to: {redirect_url}")
+
+                    # Server info
+                    server = result.get('server')
+                    server_version = result.get('server_version')
+                    if server:
+                        server_str = f"{server} {server_version}" if server_version else server
+                        click.echo(f"  Server: {server_str}")
+
+                    # Security detections - WAF (red, important)
+                    waf = result.get('waf', [])
+                    if waf:
+                        click.echo()
+                        click.echo(click.style(f"  ⚠️  WAF Detected: {', '.join(waf)}", fg='red', bold=True))
+
+                    # Managed hosting (yellow)
+                    managed_hosting = result.get('managed_hosting')
+                    if managed_hosting:
+                        click.echo(click.style(f"  Managed Hosting: {managed_hosting}", fg='yellow'))
+
+                    # CDN
+                    cdn = result.get('cdn', [])
+                    if cdn:
+                        click.echo(f"  CDN: {', '.join(cdn)}")
+
+                    # Technologies
+                    technologies = result.get('technologies', [])
+                    if technologies:
+                        click.echo(f"  Technologies: {', '.join(technologies)}")
+
+                    # TLS info
+                    tls = result.get('tls')
+                    if tls:
+                        click.echo()
+                        click.echo(click.style("  TLS Certificate:", bold=True))
+                        if tls.get('issuer'):
+                            click.echo(f"    Issuer: {tls['issuer']}")
+                        if tls.get('subject'):
+                            click.echo(f"    Subject: {tls['subject']}")
+                        if tls.get('not_after'):
+                            click.echo(f"    Expires: {tls['not_after']}")
+
+                    # Cookies
+                    cookies = result.get('cookies', [])
+                    if cookies:
+                        click.echo()
+                        click.echo(click.style(f"  Cookies ({len(cookies)}):", bold=True))
+                        for cookie in cookies[:5]:
+                            # Truncate long cookies
+                            cookie_display = cookie[:60] + '...' if len(cookie) > 60 else cookie
+                            click.echo(f"    • {cookie_display}")
+                        if len(cookies) > 5:
+                            click.echo(f"    ... and {len(cookies) - 5} more")
+
+                    # Security headers summary
+                    headers = result.get('headers', {})
+                    security_headers = []
+                    if headers.get('Strict-Transport-Security'):
+                        security_headers.append('HSTS')
+                    if headers.get('Content-Security-Policy'):
+                        security_headers.append('CSP')
+                    if headers.get('X-Frame-Options'):
+                        security_headers.append('X-Frame-Options')
+                    if headers.get('X-Content-Type-Options'):
+                        security_headers.append('X-Content-Type-Options')
+                    if headers.get('Referrer-Policy'):
+                        security_headers.append('Referrer-Policy')
+
+                    if security_headers:
+                        click.echo()
+                        click.echo(click.style(f"  Security Headers: {', '.join(security_headers)}", fg='green'))
+
+                    click.echo()
+                    click.echo(click.style("=" * 70, fg='cyan'))
+
+            except Exception as e:
+                # Silently fail - not critical
+                pass
+
         click.echo()
 
         # Actions menu

{souleyez-2.43.20 → souleyez-2.43.23/souleyez.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: souleyez
-Version: 2.43.20
+Version: 2.43.23
 Summary: AI-Powered Penetration Testing Platform with 40+ integrated tools
 Author-email: CyberSoul Security <contact@cybersoulsecurity.com>
 Maintainer-email: CyberSoul Security <contact@cybersoulsecurity.com>
@@ -266,4 +266,4 @@ See [LICENSE](LICENSE) for details.
 
 ---
 
-**Version**: 2.43.20 | **Maintainer**: [CyberSoul Security](https://www.cybersoulsecurity.com)
+**Version**: 2.43.21 | **Maintainer**: [CyberSoul Security](https://www.cybersoulsecurity.com)

souleyez-2.43.20/souleyez/__init__.py

@@ -1,2 +0,0 @@
-__version__ = '2.43.20'
-