souleyez 2.43.26__py3-none-any.whl → 2.43.34__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -2
- souleyez/ai/__init__.py +21 -15
- souleyez/ai/action_mapper.py +249 -150
- souleyez/ai/chain_advisor.py +116 -100
- souleyez/ai/claude_provider.py +29 -28
- souleyez/ai/context_builder.py +80 -62
- souleyez/ai/executor.py +158 -117
- souleyez/ai/feedback_handler.py +136 -121
- souleyez/ai/llm_factory.py +27 -20
- souleyez/ai/llm_provider.py +4 -2
- souleyez/ai/ollama_provider.py +6 -9
- souleyez/ai/ollama_service.py +44 -37
- souleyez/ai/path_scorer.py +91 -76
- souleyez/ai/recommender.py +176 -144
- souleyez/ai/report_context.py +74 -73
- souleyez/ai/report_service.py +84 -66
- souleyez/ai/result_parser.py +222 -229
- souleyez/ai/safety.py +67 -44
- souleyez/auth/__init__.py +23 -22
- souleyez/auth/audit.py +36 -26
- souleyez/auth/engagement_access.py +65 -48
- souleyez/auth/permissions.py +14 -3
- souleyez/auth/session_manager.py +54 -37
- souleyez/auth/user_manager.py +109 -64
- souleyez/commands/audit.py +40 -43
- souleyez/commands/auth.py +35 -15
- souleyez/commands/deliverables.py +55 -50
- souleyez/commands/engagement.py +47 -28
- souleyez/commands/license.py +32 -23
- souleyez/commands/screenshots.py +36 -32
- souleyez/commands/user.py +82 -36
- souleyez/config.py +52 -44
- souleyez/core/credential_tester.py +87 -81
- souleyez/core/cve_mappings.py +179 -192
- souleyez/core/cve_matcher.py +162 -148
- souleyez/core/msf_auto_mapper.py +100 -83
- souleyez/core/msf_chain_engine.py +294 -256
- souleyez/core/msf_database.py +153 -70
- souleyez/core/msf_integration.py +679 -673
- souleyez/core/msf_rpc_client.py +40 -42
- souleyez/core/msf_rpc_manager.py +77 -79
- souleyez/core/msf_sync_manager.py +241 -181
- souleyez/core/network_utils.py +22 -15
- souleyez/core/parser_handler.py +34 -25
- souleyez/core/pending_chains.py +114 -63
- souleyez/core/templates.py +158 -107
- souleyez/core/tool_chaining.py +9526 -2879
- souleyez/core/version_utils.py +79 -94
- souleyez/core/vuln_correlation.py +136 -89
- souleyez/core/web_utils.py +33 -32
- souleyez/data/wordlists/ad_users.txt +378 -0
- souleyez/data/wordlists/api_endpoints_large.txt +769 -0
- souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
- souleyez/data/wordlists/lfi_payloads.txt +82 -0
- souleyez/data/wordlists/passwords_brute.txt +1548 -0
- souleyez/data/wordlists/passwords_crack.txt +2479 -0
- souleyez/data/wordlists/passwords_spray.txt +386 -0
- souleyez/data/wordlists/subdomains_large.txt +5057 -0
- souleyez/data/wordlists/usernames_common.txt +694 -0
- souleyez/data/wordlists/web_dirs_large.txt +4769 -0
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +12 -17
- souleyez/detection/mitre_mappings.py +61 -55
- souleyez/detection/validator.py +97 -86
- souleyez/devtools.py +23 -10
- souleyez/docs/README.md +4 -4
- souleyez/docs/api-reference/cli-commands.md +2 -2
- souleyez/docs/developer-guide/adding-new-tools.md +562 -0
- souleyez/docs/user-guide/auto-chaining.md +30 -8
- souleyez/docs/user-guide/getting-started.md +1 -1
- souleyez/docs/user-guide/installation.md +26 -3
- souleyez/docs/user-guide/metasploit-integration.md +2 -2
- souleyez/docs/user-guide/rbac.md +1 -1
- souleyez/docs/user-guide/scope-management.md +1 -1
- souleyez/docs/user-guide/siem-integration.md +1 -1
- souleyez/docs/user-guide/tools-reference.md +1 -8
- souleyez/docs/user-guide/worker-management.md +1 -1
- souleyez/engine/background.py +1239 -535
- souleyez/engine/base.py +4 -1
- souleyez/engine/job_status.py +17 -49
- souleyez/engine/log_sanitizer.py +103 -77
- souleyez/engine/manager.py +38 -7
- souleyez/engine/result_handler.py +2200 -1550
- souleyez/engine/worker_manager.py +50 -41
- souleyez/export/evidence_bundle.py +72 -62
- souleyez/feature_flags/features.py +16 -20
- souleyez/feature_flags.py +5 -9
- souleyez/handlers/__init__.py +11 -0
- souleyez/handlers/base.py +188 -0
- souleyez/handlers/bash_handler.py +277 -0
- souleyez/handlers/bloodhound_handler.py +243 -0
- souleyez/handlers/certipy_handler.py +311 -0
- souleyez/handlers/crackmapexec_handler.py +486 -0
- souleyez/handlers/dnsrecon_handler.py +344 -0
- souleyez/handlers/enum4linux_handler.py +400 -0
- souleyez/handlers/evil_winrm_handler.py +493 -0
- souleyez/handlers/ffuf_handler.py +815 -0
- souleyez/handlers/gobuster_handler.py +1114 -0
- souleyez/handlers/gpp_extract_handler.py +334 -0
- souleyez/handlers/hashcat_handler.py +444 -0
- souleyez/handlers/hydra_handler.py +563 -0
- souleyez/handlers/impacket_getuserspns_handler.py +343 -0
- souleyez/handlers/impacket_psexec_handler.py +222 -0
- souleyez/handlers/impacket_secretsdump_handler.py +426 -0
- souleyez/handlers/john_handler.py +286 -0
- souleyez/handlers/katana_handler.py +425 -0
- souleyez/handlers/kerbrute_handler.py +298 -0
- souleyez/handlers/ldapsearch_handler.py +636 -0
- souleyez/handlers/lfi_extract_handler.py +464 -0
- souleyez/handlers/msf_auxiliary_handler.py +408 -0
- souleyez/handlers/msf_exploit_handler.py +380 -0
- souleyez/handlers/nikto_handler.py +413 -0
- souleyez/handlers/nmap_handler.py +821 -0
- souleyez/handlers/nuclei_handler.py +359 -0
- souleyez/handlers/nxc_handler.py +371 -0
- souleyez/handlers/rdp_sec_check_handler.py +353 -0
- souleyez/handlers/registry.py +292 -0
- souleyez/handlers/responder_handler.py +232 -0
- souleyez/handlers/service_explorer_handler.py +434 -0
- souleyez/handlers/smbclient_handler.py +344 -0
- souleyez/handlers/smbmap_handler.py +510 -0
- souleyez/handlers/smbpasswd_handler.py +296 -0
- souleyez/handlers/sqlmap_handler.py +1116 -0
- souleyez/handlers/theharvester_handler.py +601 -0
- souleyez/handlers/web_login_test_handler.py +327 -0
- souleyez/handlers/whois_handler.py +277 -0
- souleyez/handlers/wpscan_handler.py +554 -0
- souleyez/history.py +32 -16
- souleyez/importers/msf_importer.py +106 -75
- souleyez/importers/smart_importer.py +208 -147
- souleyez/integrations/siem/__init__.py +10 -10
- souleyez/integrations/siem/base.py +17 -18
- souleyez/integrations/siem/elastic.py +108 -122
- souleyez/integrations/siem/factory.py +207 -80
- souleyez/integrations/siem/googlesecops.py +146 -154
- souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
- souleyez/integrations/siem/sentinel.py +107 -109
- souleyez/integrations/siem/splunk.py +246 -212
- souleyez/integrations/siem/wazuh.py +65 -71
- souleyez/integrations/wazuh/__init__.py +5 -5
- souleyez/integrations/wazuh/client.py +70 -93
- souleyez/integrations/wazuh/config.py +85 -57
- souleyez/integrations/wazuh/host_mapper.py +28 -36
- souleyez/integrations/wazuh/sync.py +78 -68
- souleyez/intelligence/__init__.py +4 -5
- souleyez/intelligence/correlation_analyzer.py +309 -295
- souleyez/intelligence/exploit_knowledge.py +661 -623
- souleyez/intelligence/exploit_suggestions.py +159 -139
- souleyez/intelligence/gap_analyzer.py +132 -97
- souleyez/intelligence/gap_detector.py +251 -214
- souleyez/intelligence/sensitive_tables.py +266 -129
- souleyez/intelligence/service_parser.py +137 -123
- souleyez/intelligence/surface_analyzer.py +407 -268
- souleyez/intelligence/target_parser.py +159 -162
- souleyez/licensing/__init__.py +6 -6
- souleyez/licensing/validator.py +17 -19
- souleyez/log_config.py +79 -54
- souleyez/main.py +1505 -687
- souleyez/migrations/fix_job_counter.py +16 -14
- souleyez/parsers/bloodhound_parser.py +41 -39
- souleyez/parsers/crackmapexec_parser.py +178 -111
- souleyez/parsers/dalfox_parser.py +72 -77
- souleyez/parsers/dnsrecon_parser.py +103 -91
- souleyez/parsers/enum4linux_parser.py +183 -153
- souleyez/parsers/ffuf_parser.py +29 -25
- souleyez/parsers/gobuster_parser.py +301 -41
- souleyez/parsers/hashcat_parser.py +324 -79
- souleyez/parsers/http_fingerprint_parser.py +350 -103
- souleyez/parsers/hydra_parser.py +131 -111
- souleyez/parsers/impacket_parser.py +231 -178
- souleyez/parsers/john_parser.py +98 -86
- souleyez/parsers/katana_parser.py +316 -0
- souleyez/parsers/msf_parser.py +943 -498
- souleyez/parsers/nikto_parser.py +346 -65
- souleyez/parsers/nmap_parser.py +262 -174
- souleyez/parsers/nuclei_parser.py +40 -44
- souleyez/parsers/responder_parser.py +26 -26
- souleyez/parsers/searchsploit_parser.py +74 -74
- souleyez/parsers/service_explorer_parser.py +279 -0
- souleyez/parsers/smbmap_parser.py +180 -124
- souleyez/parsers/sqlmap_parser.py +434 -308
- souleyez/parsers/theharvester_parser.py +75 -57
- souleyez/parsers/whois_parser.py +135 -94
- souleyez/parsers/wpscan_parser.py +278 -190
- souleyez/plugins/afp.py +44 -36
- souleyez/plugins/afp_brute.py +114 -46
- souleyez/plugins/ard.py +48 -37
- souleyez/plugins/bloodhound.py +95 -61
- souleyez/plugins/certipy.py +303 -0
- souleyez/plugins/crackmapexec.py +186 -85
- souleyez/plugins/dalfox.py +120 -59
- souleyez/plugins/dns_hijack.py +146 -41
- souleyez/plugins/dnsrecon.py +97 -61
- souleyez/plugins/enum4linux.py +91 -66
- souleyez/plugins/evil_winrm.py +291 -0
- souleyez/plugins/ffuf.py +166 -90
- souleyez/plugins/firmware_extract.py +133 -29
- souleyez/plugins/gobuster.py +387 -190
- souleyez/plugins/gpp_extract.py +393 -0
- souleyez/plugins/hashcat.py +100 -73
- souleyez/plugins/http_fingerprint.py +854 -267
- souleyez/plugins/hydra.py +566 -200
- souleyez/plugins/impacket_getnpusers.py +117 -69
- souleyez/plugins/impacket_psexec.py +84 -64
- souleyez/plugins/impacket_secretsdump.py +103 -69
- souleyez/plugins/impacket_smbclient.py +89 -75
- souleyez/plugins/john.py +86 -69
- souleyez/plugins/katana.py +313 -0
- souleyez/plugins/kerbrute.py +237 -0
- souleyez/plugins/lfi_extract.py +541 -0
- souleyez/plugins/macos_ssh.py +117 -48
- souleyez/plugins/mdns.py +35 -30
- souleyez/plugins/msf_auxiliary.py +253 -130
- souleyez/plugins/msf_exploit.py +239 -161
- souleyez/plugins/nikto.py +134 -78
- souleyez/plugins/nmap.py +275 -91
- souleyez/plugins/nuclei.py +180 -89
- souleyez/plugins/nxc.py +285 -0
- souleyez/plugins/plugin_base.py +35 -36
- souleyez/plugins/plugin_template.py +13 -5
- souleyez/plugins/rdp_sec_check.py +130 -0
- souleyez/plugins/responder.py +112 -71
- souleyez/plugins/router_http_brute.py +76 -65
- souleyez/plugins/router_ssh_brute.py +118 -41
- souleyez/plugins/router_telnet_brute.py +124 -42
- souleyez/plugins/routersploit.py +91 -59
- souleyez/plugins/routersploit_exploit.py +77 -55
- souleyez/plugins/searchsploit.py +91 -77
- souleyez/plugins/service_explorer.py +1160 -0
- souleyez/plugins/smbmap.py +122 -72
- souleyez/plugins/smbpasswd.py +215 -0
- souleyez/plugins/sqlmap.py +301 -113
- souleyez/plugins/theharvester.py +127 -75
- souleyez/plugins/tr069.py +79 -57
- souleyez/plugins/upnp.py +65 -47
- souleyez/plugins/upnp_abuse.py +73 -55
- souleyez/plugins/vnc_access.py +129 -42
- souleyez/plugins/vnc_brute.py +109 -38
- souleyez/plugins/web_login_test.py +417 -0
- souleyez/plugins/whois.py +77 -58
- souleyez/plugins/wpscan.py +173 -69
- souleyez/reporting/__init__.py +2 -1
- souleyez/reporting/attack_chain.py +411 -346
- souleyez/reporting/charts.py +436 -501
- souleyez/reporting/compliance_mappings.py +334 -201
- souleyez/reporting/detection_report.py +126 -125
- souleyez/reporting/formatters.py +828 -591
- souleyez/reporting/generator.py +386 -302
- souleyez/reporting/metrics.py +72 -75
- souleyez/scanner.py +35 -29
- souleyez/security/__init__.py +37 -11
- souleyez/security/scope_validator.py +175 -106
- souleyez/security/validation.py +223 -149
- souleyez/security.py +22 -6
- souleyez/storage/credentials.py +247 -186
- souleyez/storage/crypto.py +296 -129
- souleyez/storage/database.py +73 -50
- souleyez/storage/db.py +58 -36
- souleyez/storage/deliverable_evidence.py +177 -128
- souleyez/storage/deliverable_exporter.py +282 -246
- souleyez/storage/deliverable_templates.py +134 -116
- souleyez/storage/deliverables.py +135 -130
- souleyez/storage/engagements.py +109 -56
- souleyez/storage/evidence.py +181 -152
- souleyez/storage/execution_log.py +31 -17
- souleyez/storage/exploit_attempts.py +93 -57
- souleyez/storage/exploits.py +67 -36
- souleyez/storage/findings.py +48 -61
- souleyez/storage/hosts.py +176 -144
- souleyez/storage/migrate_to_engagements.py +43 -19
- souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
- souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
- souleyez/storage/migrations/_003_add_execution_log.py +14 -8
- souleyez/storage/migrations/_005_screenshots.py +13 -5
- souleyez/storage/migrations/_006_deliverables.py +13 -5
- souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
- souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
- souleyez/storage/migrations/_010_evidence_linking.py +17 -10
- souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
- souleyez/storage/migrations/_012_team_collaboration.py +34 -21
- souleyez/storage/migrations/_013_add_host_tags.py +12 -6
- souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
- souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
- souleyez/storage/migrations/_016_add_domain_field.py +10 -4
- souleyez/storage/migrations/_017_msf_sessions.py +16 -8
- souleyez/storage/migrations/_018_add_osint_target.py +10 -6
- souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
- souleyez/storage/migrations/_020_add_rbac.py +36 -15
- souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
- souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
- souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
- souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
- souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
- souleyez/storage/migrations/__init__.py +26 -26
- souleyez/storage/migrations/migration_manager.py +19 -19
- souleyez/storage/msf_sessions.py +100 -65
- souleyez/storage/osint.py +17 -24
- souleyez/storage/recommendation_engine.py +269 -235
- souleyez/storage/screenshots.py +33 -32
- souleyez/storage/smb_shares.py +136 -92
- souleyez/storage/sqlmap_data.py +183 -128
- souleyez/storage/team_collaboration.py +135 -141
- souleyez/storage/timeline_tracker.py +122 -94
- souleyez/storage/wazuh_vulns.py +64 -66
- souleyez/storage/web_paths.py +33 -37
- souleyez/testing/credential_tester.py +221 -205
- souleyez/ui/__init__.py +1 -1
- souleyez/ui/ai_quotes.py +12 -12
- souleyez/ui/attack_surface.py +2439 -1516
- souleyez/ui/chain_rules_view.py +914 -382
- souleyez/ui/correlation_view.py +312 -230
- souleyez/ui/dashboard.py +2382 -1130
- souleyez/ui/deliverables_view.py +148 -62
- souleyez/ui/design_system.py +13 -13
- souleyez/ui/errors.py +49 -49
- souleyez/ui/evidence_linking_view.py +284 -179
- souleyez/ui/evidence_vault.py +393 -285
- souleyez/ui/exploit_suggestions_view.py +555 -349
- souleyez/ui/export_view.py +100 -66
- souleyez/ui/gap_analysis_view.py +315 -171
- souleyez/ui/help_system.py +105 -97
- souleyez/ui/intelligence_view.py +436 -293
- souleyez/ui/interactive.py +23434 -10286
- souleyez/ui/interactive_selector.py +75 -68
- souleyez/ui/log_formatter.py +47 -39
- souleyez/ui/menu_components.py +22 -13
- souleyez/ui/msf_auxiliary_menu.py +184 -133
- souleyez/ui/pending_chains_view.py +336 -172
- souleyez/ui/progress_indicators.py +5 -3
- souleyez/ui/recommendations_view.py +195 -137
- souleyez/ui/rule_builder.py +343 -225
- souleyez/ui/setup_wizard.py +678 -284
- souleyez/ui/shortcuts.py +217 -165
- souleyez/ui/splunk_gap_analysis_view.py +452 -270
- souleyez/ui/splunk_vulns_view.py +139 -86
- souleyez/ui/team_dashboard.py +498 -335
- souleyez/ui/template_selector.py +196 -105
- souleyez/ui/terminal.py +6 -6
- souleyez/ui/timeline_view.py +198 -127
- souleyez/ui/tool_setup.py +264 -164
- souleyez/ui/tutorial.py +202 -72
- souleyez/ui/tutorial_state.py +40 -40
- souleyez/ui/wazuh_vulns_view.py +235 -141
- souleyez/ui/wordlist_browser.py +260 -107
- souleyez/ui.py +464 -312
- souleyez/utils/tool_checker.py +427 -367
- souleyez/utils.py +33 -29
- souleyez/wordlists.py +134 -167
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/METADATA +1 -1
- souleyez-2.43.34.dist-info/RECORD +443 -0
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/WHEEL +1 -1
- souleyez-2.43.26.dist-info/RECORD +0 -379
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/top_level.txt +0 -0
souleyez/plugins/dnsrecon.py
CHANGED
|
@@ -34,7 +34,10 @@ HELP = {
|
|
|
34
34
|
],
|
|
35
35
|
"flags": [
|
|
36
36
|
["-d <domain>", "Target domain"],
|
|
37
|
-
[
|
|
37
|
+
[
|
|
38
|
+
"-t <type>",
|
|
39
|
+
"Enumeration type: std, axfr, brt, srv, rvl, snoop, tld, zonewalk",
|
|
40
|
+
],
|
|
38
41
|
["-D <file>", "Dictionary file for subdomain brute force"],
|
|
39
42
|
["-n <ns>", "Use specific nameserver"],
|
|
40
43
|
["-a", "Perform AXFR with standard enumeration"],
|
|
@@ -44,59 +47,95 @@ HELP = {
|
|
|
44
47
|
["--threads <num>", "Number of threads (default: 10)"],
|
|
45
48
|
],
|
|
46
49
|
"presets": [
|
|
47
|
-
{
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
50
|
+
{
|
|
51
|
+
"name": "Standard Enum",
|
|
52
|
+
"args": ["-t", "std"],
|
|
53
|
+
"desc": "Standard DNS enumeration (A, MX, NS, TXT records)",
|
|
54
|
+
},
|
|
55
|
+
{
|
|
56
|
+
"name": "Zone Transfer",
|
|
57
|
+
"args": ["-a"],
|
|
58
|
+
"desc": "Attempt AXFR zone transfer with standard enum",
|
|
59
|
+
},
|
|
60
|
+
{
|
|
61
|
+
"name": "Subdomain Brute",
|
|
62
|
+
"args": ["-t", "brt", "-D", "data/wordlists/subdomains_common.txt"],
|
|
63
|
+
"desc": "Brute force subdomains with wordlist",
|
|
64
|
+
},
|
|
65
|
+
{
|
|
66
|
+
"name": "Full Enum",
|
|
67
|
+
"args": ["-a", "-s", "-k"],
|
|
68
|
+
"desc": "Comprehensive enumeration with all techniques",
|
|
69
|
+
},
|
|
51
70
|
],
|
|
52
71
|
"help_sections": [
|
|
53
72
|
{
|
|
54
73
|
"title": "What is DNSRecon?",
|
|
55
74
|
"color": "cyan",
|
|
56
75
|
"content": [
|
|
57
|
-
{
|
|
58
|
-
|
|
59
|
-
"
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
"
|
|
63
|
-
"
|
|
64
|
-
|
|
65
|
-
|
|
76
|
+
{
|
|
77
|
+
"title": "Overview",
|
|
78
|
+
"desc": "DNSRecon performs comprehensive DNS enumeration including standard record queries, zone transfers, subdomain brute-forcing, and reverse lookups.",
|
|
79
|
+
},
|
|
80
|
+
{
|
|
81
|
+
"title": "Use Cases",
|
|
82
|
+
"desc": "Essential for mapping DNS infrastructure and discovering hidden subdomains.",
|
|
83
|
+
"tips": [
|
|
84
|
+
"Discover all DNS records (A, MX, NS, TXT, etc.)",
|
|
85
|
+
"Attempt zone transfers (AXFR) for full DNS data",
|
|
86
|
+
"Brute-force subdomains with wordlists",
|
|
87
|
+
"Find mail servers and SPF records",
|
|
88
|
+
"Identify nameserver configuration",
|
|
89
|
+
],
|
|
90
|
+
},
|
|
91
|
+
],
|
|
66
92
|
},
|
|
67
93
|
{
|
|
68
94
|
"title": "How to Use",
|
|
69
95
|
"color": "green",
|
|
70
96
|
"content": [
|
|
71
|
-
{
|
|
72
|
-
|
|
73
|
-
"
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
"
|
|
77
|
-
|
|
78
|
-
|
|
97
|
+
{
|
|
98
|
+
"title": "Basic Workflow",
|
|
99
|
+
"desc": "1. Select target domain\n 2. Choose enumeration type (standard, zone transfer, brute force, full)\n 3. Review discovered subdomains and records\n 4. Feed results into next phase (port scanning)",
|
|
100
|
+
},
|
|
101
|
+
{
|
|
102
|
+
"title": "Enumeration Types",
|
|
103
|
+
"desc": "Different scan modes for different goals",
|
|
104
|
+
"tips": [
|
|
105
|
+
"Standard Enum: Quick record lookup (A, MX, NS, TXT)",
|
|
106
|
+
"Zone Transfer: Attempt AXFR for complete zone data",
|
|
107
|
+
"Subdomain Brute: Dictionary-based subdomain discovery",
|
|
108
|
+
"Full Enum: All techniques combined (zone transfer + SPF + crt.sh)",
|
|
109
|
+
],
|
|
110
|
+
},
|
|
111
|
+
],
|
|
79
112
|
},
|
|
80
113
|
{
|
|
81
114
|
"title": "Tips & Best Practices",
|
|
82
115
|
"color": "yellow",
|
|
83
116
|
"content": [
|
|
84
|
-
(
|
|
85
|
-
"
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
"
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
117
|
+
(
|
|
118
|
+
"Best Practices:",
|
|
119
|
+
[
|
|
120
|
+
"Start with standard enum to get baseline records",
|
|
121
|
+
"Always try zone transfer (often misconfigured)",
|
|
122
|
+
"Use comprehensive wordlists for brute forcing",
|
|
123
|
+
"Combine with crt.sh for certificate transparency data",
|
|
124
|
+
"Export results and import into host database",
|
|
125
|
+
],
|
|
126
|
+
),
|
|
127
|
+
(
|
|
128
|
+
"Common Issues:",
|
|
129
|
+
[
|
|
130
|
+
"Zone transfer denied: Expected, try brute force instead",
|
|
131
|
+
"Slow brute force: Reduce wordlist size or increase threads",
|
|
132
|
+
"No results: Verify domain is valid and DNS is reachable",
|
|
133
|
+
"Timeout: Large zones may take time, increase timeout",
|
|
134
|
+
],
|
|
135
|
+
),
|
|
136
|
+
],
|
|
137
|
+
},
|
|
138
|
+
],
|
|
100
139
|
}
|
|
101
140
|
|
|
102
141
|
|
|
@@ -106,40 +145,40 @@ class DnsreconPlugin(PluginBase):
|
|
|
106
145
|
category = "reconnaissance"
|
|
107
146
|
HELP = HELP
|
|
108
147
|
|
|
109
|
-
|
|
110
|
-
|
|
148
|
+
def build_command(
|
|
149
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
150
|
+
):
|
|
111
151
|
"""Build command for background execution with PID tracking."""
|
|
112
152
|
if not target:
|
|
113
153
|
if log_path:
|
|
114
|
-
with open(log_path,
|
|
154
|
+
with open(log_path, "w") as f:
|
|
115
155
|
f.write("ERROR: Target domain is required\n")
|
|
116
156
|
return None
|
|
117
|
-
|
|
157
|
+
|
|
118
158
|
# Validate target
|
|
119
159
|
try:
|
|
120
160
|
target = validate_target(target)
|
|
121
161
|
except ValidationError as e:
|
|
122
162
|
if log_path:
|
|
123
|
-
with open(log_path,
|
|
163
|
+
with open(log_path, "w") as f:
|
|
124
164
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
125
165
|
return None
|
|
126
|
-
|
|
166
|
+
|
|
127
167
|
args = args or ["-t", "std"]
|
|
128
|
-
|
|
168
|
+
|
|
129
169
|
# Check if -d flag is already in args (from auto-chaining)
|
|
130
|
-
if
|
|
170
|
+
if "-d" in args:
|
|
131
171
|
# Args already contain -d domain, just use them as-is
|
|
132
172
|
cmd = ["dnsrecon"] + args
|
|
133
173
|
else:
|
|
134
174
|
# Add -d flag with target
|
|
135
175
|
cmd = ["dnsrecon", "-d", target] + args
|
|
136
|
-
|
|
137
|
-
return {
|
|
138
|
-
'cmd': cmd,
|
|
139
|
-
'timeout': 1800
|
|
140
|
-
}
|
|
141
176
|
|
|
142
|
-
|
|
177
|
+
return {"cmd": cmd, "timeout": 1800}
|
|
178
|
+
|
|
179
|
+
def run(
|
|
180
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
181
|
+
) -> int:
|
|
143
182
|
"""
|
|
144
183
|
Execute DNSRecon and write output to log_path.
|
|
145
184
|
"""
|
|
@@ -151,7 +190,7 @@ class DnsreconPlugin(PluginBase):
|
|
|
151
190
|
target = validate_target(target)
|
|
152
191
|
except ValidationError as e:
|
|
153
192
|
if log_path:
|
|
154
|
-
with open(log_path,
|
|
193
|
+
with open(log_path, "w") as f:
|
|
155
194
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
156
195
|
return 1
|
|
157
196
|
raise ValueError(f"Invalid target: {e}")
|
|
@@ -163,21 +202,18 @@ class DnsreconPlugin(PluginBase):
|
|
|
163
202
|
cmd = ["dnsrecon", "-d", target] + args
|
|
164
203
|
|
|
165
204
|
if log_path:
|
|
166
|
-
with open(log_path,
|
|
205
|
+
with open(log_path, "w") as f:
|
|
167
206
|
f.write(f"# DNSRecon enumeration for {target}\n")
|
|
168
207
|
f.write(f"# Command: {' '.join(cmd)}\n")
|
|
169
208
|
f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
|
|
170
209
|
|
|
171
210
|
try:
|
|
172
211
|
result = subprocess.run(
|
|
173
|
-
cmd,
|
|
174
|
-
capture_output=True,
|
|
175
|
-
text=True,
|
|
176
|
-
timeout=600 # 10 minutes max
|
|
212
|
+
cmd, capture_output=True, text=True, timeout=600 # 10 minutes max
|
|
177
213
|
)
|
|
178
214
|
|
|
179
215
|
if log_path:
|
|
180
|
-
with open(log_path,
|
|
216
|
+
with open(log_path, "a") as f:
|
|
181
217
|
f.write(result.stdout)
|
|
182
218
|
if result.stderr:
|
|
183
219
|
f.write(f"\n\n# Errors:\n{result.stderr}\n")
|
|
@@ -186,12 +222,12 @@ class DnsreconPlugin(PluginBase):
|
|
|
186
222
|
|
|
187
223
|
except subprocess.TimeoutExpired:
|
|
188
224
|
if log_path:
|
|
189
|
-
with open(log_path,
|
|
225
|
+
with open(log_path, "a") as f:
|
|
190
226
|
f.write("\n\n# ERROR: Command timed out after 600 seconds\n")
|
|
191
227
|
return 124
|
|
192
228
|
except Exception as e:
|
|
193
229
|
if log_path:
|
|
194
|
-
with open(log_path,
|
|
230
|
+
with open(log_path, "a") as f:
|
|
195
231
|
f.write(f"\n\n# ERROR: {str(e)}\n")
|
|
196
232
|
return 1
|
|
197
233
|
|
souleyez/plugins/enum4linux.py
CHANGED
|
@@ -29,10 +29,10 @@ HELP = {
|
|
|
29
29
|
"- Be cautious with noisy probes (userenum / RID cycling); run them only with explicit permission.\n"
|
|
30
30
|
"- Correlate Enum4linux output with other SMB checks (smbclient, smbmap, bloodhound, etc.) for a fuller risk picture.\n"
|
|
31
31
|
),
|
|
32
|
-
"usage":
|
|
32
|
+
"usage": 'souleyez jobs enqueue enum4linux <target> --args "-a"',
|
|
33
33
|
"examples": [
|
|
34
|
-
|
|
35
|
-
|
|
34
|
+
'souleyez jobs enqueue enum4linux 10.0.0.5 --args "-a"',
|
|
35
|
+
'souleyez jobs enqueue enum4linux 10.0.0.5 --args "-U -S"',
|
|
36
36
|
],
|
|
37
37
|
"flags": [
|
|
38
38
|
["-U", "Get userlist"],
|
|
@@ -45,17 +45,13 @@ HELP = {
|
|
|
45
45
|
{
|
|
46
46
|
"name": "Full Enum",
|
|
47
47
|
"args": ["-a"],
|
|
48
|
-
"desc": "All enumeration (users, shares, groups, etc.)"
|
|
49
|
-
},
|
|
50
|
-
{
|
|
51
|
-
"name": "Shares Only",
|
|
52
|
-
"args": ["-S"],
|
|
53
|
-
"desc": "Enumerate shares only"
|
|
48
|
+
"desc": "All enumeration (users, shares, groups, etc.)",
|
|
54
49
|
},
|
|
50
|
+
{"name": "Shares Only", "args": ["-S"], "desc": "Enumerate shares only"},
|
|
55
51
|
{
|
|
56
52
|
"name": "Users & Shares",
|
|
57
53
|
"args": ["-U", "-S"],
|
|
58
|
-
"desc": "Enumerate users and shares"
|
|
54
|
+
"desc": "Enumerate users and shares",
|
|
59
55
|
},
|
|
60
56
|
],
|
|
61
57
|
"help_sections": [
|
|
@@ -63,49 +59,69 @@ HELP = {
|
|
|
63
59
|
"title": "What is enum4linux?",
|
|
64
60
|
"color": "cyan",
|
|
65
61
|
"content": [
|
|
66
|
-
{
|
|
67
|
-
|
|
68
|
-
"
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
"
|
|
72
|
-
|
|
73
|
-
|
|
62
|
+
{
|
|
63
|
+
"title": "Overview",
|
|
64
|
+
"desc": "enum4linux is a comprehensive SMB/CIFS enumeration tool for Windows and Samba systems, automating common reconnaissance tasks.",
|
|
65
|
+
},
|
|
66
|
+
{
|
|
67
|
+
"title": "Use Cases",
|
|
68
|
+
"desc": "Best for legacy Samba and Windows SMB enumeration",
|
|
69
|
+
"tips": [
|
|
70
|
+
"List shares and permissions",
|
|
71
|
+
"Enumerate users and groups via RID cycling",
|
|
72
|
+
"Pull OS and domain information",
|
|
73
|
+
"Check for null/anonymous access",
|
|
74
|
+
],
|
|
75
|
+
},
|
|
76
|
+
],
|
|
74
77
|
},
|
|
75
78
|
{
|
|
76
79
|
"title": "How to Use",
|
|
77
80
|
"color": "green",
|
|
78
81
|
"content": [
|
|
79
|
-
{
|
|
80
|
-
|
|
81
|
-
"
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
"
|
|
85
|
-
"
|
|
86
|
-
|
|
87
|
-
|
|
82
|
+
{
|
|
83
|
+
"title": "Basic Workflow",
|
|
84
|
+
"desc": "1. Run full enumeration (-a) for complete picture\n 2. Review shares for anonymous access\n 3. Check user/group lists for attack targets\n 4. Document findings in job log",
|
|
85
|
+
},
|
|
86
|
+
{
|
|
87
|
+
"title": "Key Options",
|
|
88
|
+
"desc": "Common enumeration tasks",
|
|
89
|
+
"tips": [
|
|
90
|
+
"-a: All enumeration (recommended start)",
|
|
91
|
+
"-U: User enumeration",
|
|
92
|
+
"-S: Share enumeration",
|
|
93
|
+
"-G: Group and member enumeration",
|
|
94
|
+
"-P: Password policy information",
|
|
95
|
+
],
|
|
96
|
+
},
|
|
97
|
+
],
|
|
88
98
|
},
|
|
89
99
|
{
|
|
90
100
|
"title": "Tips & Best Practices",
|
|
91
101
|
"color": "yellow",
|
|
92
102
|
"content": [
|
|
93
|
-
(
|
|
94
|
-
"
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
"
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
103
|
+
(
|
|
104
|
+
"Best Practices:",
|
|
105
|
+
[
|
|
106
|
+
"Start with -a for comprehensive baseline",
|
|
107
|
+
"Flag anonymous shares as security findings",
|
|
108
|
+
"Correlate with smbmap and CrackMapExec results",
|
|
109
|
+
"Save output for later analysis and reporting",
|
|
110
|
+
"Document weak permissions and exposed data",
|
|
111
|
+
],
|
|
112
|
+
),
|
|
113
|
+
(
|
|
114
|
+
"Common Issues:",
|
|
115
|
+
[
|
|
116
|
+
"RID cycling fails: Try with credentials or different host",
|
|
117
|
+
"Timeout errors: Some checks can be slow on large domains",
|
|
118
|
+
"Access denied: Check if guest/anonymous access is disabled",
|
|
119
|
+
"No users found: Requires SMB enumeration to be enabled",
|
|
120
|
+
],
|
|
121
|
+
),
|
|
122
|
+
],
|
|
123
|
+
},
|
|
124
|
+
],
|
|
109
125
|
}
|
|
110
126
|
|
|
111
127
|
|
|
@@ -119,11 +135,12 @@ class Enum4linuxPlugin(PluginBase):
|
|
|
119
135
|
def _get_tool_command(self) -> str:
|
|
120
136
|
"""Get the actual tool command available on the system."""
|
|
121
137
|
import shutil
|
|
138
|
+
|
|
122
139
|
# Check primary command first
|
|
123
140
|
if shutil.which(self.tool):
|
|
124
141
|
return self.tool
|
|
125
142
|
# Check alternative commands (e.g., enum4linux-ng on Ubuntu)
|
|
126
|
-
for alt in getattr(self,
|
|
143
|
+
for alt in getattr(self, "alt_tools", []):
|
|
127
144
|
if shutil.which(alt):
|
|
128
145
|
return alt
|
|
129
146
|
return self.tool # Return default, will fail with clear error
|
|
@@ -135,12 +152,12 @@ class Enum4linuxPlugin(PluginBase):
|
|
|
135
152
|
- -a (all) becomes -A
|
|
136
153
|
- Most other flags (-U, -S, -G, -P) are the same
|
|
137
154
|
"""
|
|
138
|
-
if
|
|
155
|
+
if "enum4linux-ng" not in tool_cmd:
|
|
139
156
|
return args
|
|
140
157
|
|
|
141
158
|
# Argument mapping: enum4linux -> enum4linux-ng
|
|
142
159
|
arg_map = {
|
|
143
|
-
|
|
160
|
+
"-a": "-A", # All enumeration
|
|
144
161
|
}
|
|
145
162
|
|
|
146
163
|
translated = []
|
|
@@ -148,7 +165,9 @@ class Enum4linuxPlugin(PluginBase):
|
|
|
148
165
|
translated.append(arg_map.get(arg, arg))
|
|
149
166
|
return translated
|
|
150
167
|
|
|
151
|
-
def build_command(
|
|
168
|
+
def build_command(
|
|
169
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
170
|
+
):
|
|
152
171
|
"""Build command for background execution with PID tracking."""
|
|
153
172
|
args = args or []
|
|
154
173
|
|
|
@@ -157,13 +176,18 @@ class Enum4linuxPlugin(PluginBase):
|
|
|
157
176
|
|
|
158
177
|
# Check if tool exists
|
|
159
178
|
import shutil
|
|
179
|
+
|
|
160
180
|
if not shutil.which(tool_cmd):
|
|
161
181
|
if log_path:
|
|
162
|
-
with open(log_path,
|
|
163
|
-
f.write(
|
|
182
|
+
with open(log_path, "w") as f:
|
|
183
|
+
f.write(
|
|
184
|
+
f"ERROR: Neither enum4linux nor enum4linux-ng found in PATH\n"
|
|
185
|
+
)
|
|
164
186
|
f.write("Install with:\n")
|
|
165
187
|
f.write(" Kali/Parrot: sudo apt install enum4linux\n")
|
|
166
|
-
f.write(
|
|
188
|
+
f.write(
|
|
189
|
+
" Ubuntu: pipx install git+https://github.com/cddmp/enum4linux-ng\n"
|
|
190
|
+
)
|
|
167
191
|
return None
|
|
168
192
|
|
|
169
193
|
# Validate target
|
|
@@ -171,7 +195,7 @@ class Enum4linuxPlugin(PluginBase):
|
|
|
171
195
|
target = validate_target(target)
|
|
172
196
|
except ValidationError as e:
|
|
173
197
|
if log_path:
|
|
174
|
-
with open(log_path,
|
|
198
|
+
with open(log_path, "w") as f:
|
|
175
199
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
176
200
|
return None
|
|
177
201
|
|
|
@@ -185,12 +209,11 @@ class Enum4linuxPlugin(PluginBase):
|
|
|
185
209
|
if target not in args:
|
|
186
210
|
cmd.append(target)
|
|
187
211
|
|
|
188
|
-
return {
|
|
189
|
-
'cmd': cmd,
|
|
190
|
-
'timeout': 1800 # 30 minutes
|
|
191
|
-
}
|
|
212
|
+
return {"cmd": cmd, "timeout": 1800} # 30 minutes
|
|
192
213
|
|
|
193
|
-
def run(
|
|
214
|
+
def run(
|
|
215
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
216
|
+
) -> int:
|
|
194
217
|
"""
|
|
195
218
|
Execute enum4linux scan and write output to log_path.
|
|
196
219
|
|
|
@@ -208,11 +231,11 @@ class Enum4linuxPlugin(PluginBase):
|
|
|
208
231
|
target = validate_target(target)
|
|
209
232
|
except ValidationError as e:
|
|
210
233
|
if log_path:
|
|
211
|
-
with open(log_path,
|
|
234
|
+
with open(log_path, "w") as f:
|
|
212
235
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
213
236
|
return 1
|
|
214
237
|
raise ValueError(f"Invalid target: {e}")
|
|
215
|
-
|
|
238
|
+
|
|
216
239
|
args = args or []
|
|
217
240
|
|
|
218
241
|
# Replace <target> placeholder if present
|
|
@@ -232,7 +255,9 @@ class Enum4linuxPlugin(PluginBase):
|
|
|
232
255
|
if not log_path:
|
|
233
256
|
# Fallback for direct calls
|
|
234
257
|
try:
|
|
235
|
-
proc = subprocess.run(
|
|
258
|
+
proc = subprocess.run(
|
|
259
|
+
cmd, capture_output=True, timeout=300, check=False
|
|
260
|
+
)
|
|
236
261
|
return proc.returncode
|
|
237
262
|
except Exception:
|
|
238
263
|
return 1
|
|
@@ -241,18 +266,18 @@ class Enum4linuxPlugin(PluginBase):
|
|
|
241
266
|
try:
|
|
242
267
|
with open(log_path, "a", encoding="utf-8", errors="replace") as fh:
|
|
243
268
|
fh.write(f"Command: {' '.join(cmd)}\n")
|
|
244
|
-
fh.write(
|
|
269
|
+
fh.write(
|
|
270
|
+
f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n\n"
|
|
271
|
+
)
|
|
245
272
|
fh.flush()
|
|
246
273
|
|
|
247
274
|
proc = subprocess.run(
|
|
248
|
-
cmd,
|
|
249
|
-
stdout=fh,
|
|
250
|
-
stderr=subprocess.STDOUT,
|
|
251
|
-
timeout=300,
|
|
252
|
-
check=False
|
|
275
|
+
cmd, stdout=fh, stderr=subprocess.STDOUT, timeout=300, check=False
|
|
253
276
|
)
|
|
254
277
|
|
|
255
|
-
fh.write(
|
|
278
|
+
fh.write(
|
|
279
|
+
f"\nCompleted: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
|
|
280
|
+
)
|
|
256
281
|
fh.write(f"Exit Code: {proc.returncode}\n")
|
|
257
282
|
|
|
258
283
|
return proc.returncode
|