souleyez 2.43.26__py3-none-any.whl → 2.43.34__py3-none-any.whl

souleyez/plugins/john.py

@@ -41,138 +41,158 @@ HELP = {
             {
                 "name": "Quick Dictionary (Top 1000)",
                 "description": "Fast dictionary attack with top 1000 passwords",
-                "args": "--wordlist=data/wordlists/top100.txt"
+                "args": "--wordlist=data/wordlists/top100.txt",
             },
             {
                 "name": "Dictionary Attack (RockYou)",
                 "description": "Full dictionary attack with rockyou.txt",
-                "args": "--wordlist=data/wordlists/top100.txt"
-            }
+                "args": "--wordlist=data/wordlists/top100.txt",
+            },
         ],
         "formats": [
             {
                 "name": "MD5 Crypt (Linux Shadow)",
                 "description": "Linux /etc/shadow MD5 hashes",
-                "args": "--format=md5crypt"
+                "args": "--format=md5crypt",
             },
             {
                 "name": "SHA-512 Crypt (Modern Linux)",
                 "description": "Modern Linux /etc/shadow SHA-512 hashes",
-                "args": "--format=sha512crypt"
+                "args": "--format=sha512crypt",
             },
             {
                 "name": "NTLM (Windows)",
                 "description": "Windows NTLM password hashes",
-                "args": "--format=NT"
-            }
+                "args": "--format=NT",
+            },
         ],
         "advanced": [
             {
                 "name": "Incremental Brute Force",
                 "description": "Try all possible combinations (slow but thorough)",
-                "args": "--incremental"
+                "args": "--incremental",
             },
             {
                 "name": "Single Crack Mode",
                 "description": "Use usernames and GECOS info to generate passwords",
-                "args": "--single"
+                "args": "--single",
             },
             {
                 "name": "Rules with Wordlist",
                 "description": "Apply mutation rules to wordlist",
-                "args": "--wordlist=data/wordlists/top100.txt --rules"
-            }
-        ]
+                "args": "--wordlist=data/wordlists/top100.txt --rules",
+            },
+        ],
     },
     "help_sections": [
         {
             "title": "What is John the Ripper?",
             "color": "cyan",
             "content": [
-                {"title": "Overview", "desc": "John the Ripper is the legendary password cracker, perfect for Linux/Unix shadow files with automatic hash format detection."},
-                {"title": "Use Cases", "desc": "Simpler than hashcat for basic cracking", "tips": [
-                    "Crack Linux /etc/shadow files (use unshadow first)",
-                    "Auto-detect hash formats",
-                    "Windows LM/NTLM hashes",
-                    "ZIP/RAR password-protected archives"
-                ]}
-            ]
+                {
+                    "title": "Overview",
+                    "desc": "John the Ripper is the legendary password cracker, perfect for Linux/Unix shadow files with automatic hash format detection.",
+                },
+                {
+                    "title": "Use Cases",
+                    "desc": "Simpler than hashcat for basic cracking",
+                    "tips": [
+                        "Crack Linux /etc/shadow files (use unshadow first)",
+                        "Auto-detect hash formats",
+                        "Windows LM/NTLM hashes",
+                        "ZIP/RAR password-protected archives",
+                    ],
+                },
+            ],
         },
         {
             "title": "How to Use",
             "color": "green",
             "content": [
-                {"title": "Basic Workflow", "desc": "1. Prepare hashes (unshadow passwd shadow > hashes)\n     2. Run john with wordlist or incremental mode\n     3. Use --show to see cracked passwords\n     4. Results saved in ~/.john/john.pot"},
-                {"title": "Attack Modes", "desc": "Different cracking strategies", "tips": [
-                    "Dictionary: john --wordlist=wordlist.txt hashes",
-                    "Incremental: john --incremental hashes (brute-force)",
-                    "Single: john --single hashes (uses usernames)",
-                    "Rules: john --rules --wordlist=wordlist.txt hashes"
-                ]}
-            ]
+                {
+                    "title": "Basic Workflow",
+                    "desc": "1. Prepare hashes (unshadow passwd shadow > hashes)\n     2. Run john with wordlist or incremental mode\n     3. Use --show to see cracked passwords\n     4. Results saved in ~/.john/john.pot",
+                },
+                {
+                    "title": "Attack Modes",
+                    "desc": "Different cracking strategies",
+                    "tips": [
+                        "Dictionary: john --wordlist=wordlist.txt hashes",
+                        "Incremental: john --incremental hashes (brute-force)",
+                        "Single: john --single hashes (uses usernames)",
+                        "Rules: john --rules --wordlist=wordlist.txt hashes",
+                    ],
+                },
+            ],
         },
         {
             "title": "Tips & Best Practices",
             "color": "yellow",
             "content": [
-                ("Best Practices:", [
-                    "Use unshadow to combine passwd and shadow files",
-                    "John auto-detects most hash formats",
-                    "Check progress with --show",
-                    "Cracked passwords in ~/.john/john.pot",
-                    "Use --format to force specific hash type"
-                ]),
-                ("Common Issues:", [
-                    "No hash format: Use --format=<type> to specify",
-                    "Slow progress: Try different attack mode or wordlist",
-                    "Can't find john.pot: Check ~/.john/ directory",
-                    "Unshadow needed: Combine passwd and shadow first"
-                ])
-            ]
-        }
-    ]
+                (
+                    "Best Practices:",
+                    [
+                        "Use unshadow to combine passwd and shadow files",
+                        "John auto-detects most hash formats",
+                        "Check progress with --show",
+                        "Cracked passwords in ~/.john/john.pot",
+                        "Use --format to force specific hash type",
+                    ],
+                ),
+                (
+                    "Common Issues:",
+                    [
+                        "No hash format: Use --format=<type> to specify",
+                        "Slow progress: Try different attack mode or wordlist",
+                        "Can't find john.pot: Check ~/.john/ directory",
+                        "Unshadow needed: Combine passwd and shadow first",
+                    ],
+                ),
+            ],
+        },
+    ],
 }
 
 
 class JohnPlugin(PluginBase):
     """John the Ripper password cracking plugin."""
-    
+
     name = "john"
     tool = "john"
     category = "credential_access"
     HELP = HELP
 
-
-    def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
+    def build_command(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ):
         """Build command for background execution with PID tracking."""
         if not target:
             if log_path:
-                with open(log_path, 'w') as f:
+                with open(log_path, "w") as f:
                     f.write("ERROR: Hash file path is required\n")
             return None
-        
+
         # Validate hash file exists
         if not os.path.isfile(target):
             if log_path:
-                with open(log_path, 'w') as f:
+                with open(log_path, "w") as f:
                     f.write(f"ERROR: Hash file not found: {target}\n")
             return None
-        
+
         args = args or []
-        
+
         # John syntax: john [options] hashfile
         args_list = args if isinstance(args, list) else args.split()
         cmd = ["john"] + args_list + [target]
-        
-        return {
-            'cmd': cmd,
-            'timeout': 7200
-        }
 
-    def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
+        return {"cmd": cmd, "timeout": 7200}
+
+    def run(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ) -> int:
         """
         Execute john and write output to log_path.
-        
+
         Note: 'target' is used as the hash file path for this plugin.
         """
         if not target:
@@ -181,7 +201,7 @@ class JohnPlugin(PluginBase):
         # Validate hash file exists
         if not os.path.isfile(target):
             if log_path:
-                with open(log_path, 'w') as f:
+                with open(log_path, "w") as f:
                     f.write(f"ERROR: Hash file not found: {target}\n")
             return 1
 
@@ -193,7 +213,7 @@ class JohnPlugin(PluginBase):
         cmd = ["john"] + args_list + [target]
 
         if log_path:
-            with open(log_path, 'w') as f:
+            with open(log_path, "w") as f:
                 f.write(f"# John the Ripper password cracking\n")
                 f.write(f"# Hash file: {target}\n")
                 f.write(f"# Command: {' '.join(cmd)}\n")
@@ -201,18 +221,15 @@ class JohnPlugin(PluginBase):
 
         try:
             result = subprocess.run(
-                cmd,
-                capture_output=True,
-                text=True,
-                timeout=3600  # 1 hour timeout
+                cmd, capture_output=True, text=True, timeout=3600  # 1 hour timeout
             )
 
             if log_path:
-                with open(log_path, 'a') as f:
+                with open(log_path, "a") as f:
                     f.write(result.stdout)
                     if result.stderr:
                         f.write(f"\n\n# Errors:\n{result.stderr}\n")
-                    
+
                     # Add helper to show cracked passwords
                     f.write(f"\n\n# To view cracked passwords, run:\n")
                     f.write(f"# john --show {target}\n")
@@ -221,12 +238,12 @@ class JohnPlugin(PluginBase):
 
         except subprocess.TimeoutExpired:
             if log_path:
-                with open(log_path, 'a') as f:
+                with open(log_path, "a") as f:
                     f.write("\n\n# ERROR: Command timed out after 1 hour\n")
             return 124
         except Exception as e:
             if log_path:
-                with open(log_path, 'a') as f:
+                with open(log_path, "a") as f:
                     f.write(f"\n\n# ERROR: {str(e)}\n")
             return 1
 

souleyez/plugins/katana.py

@@ -0,0 +1,313 @@
+#!/usr/bin/env python3
+"""
+souleyez.plugins.katana - Web crawling and spidering for parameter discovery
+
+Katana is a next-generation crawling and spidering framework from ProjectDiscovery.
+It discovers endpoints, parameters, forms, and JavaScript-rendered routes.
+"""
+import subprocess
+import shutil
+from typing import List, Optional, Dict, Any
+
+from .plugin_base import PluginBase
+from souleyez.security.validation import validate_url, ValidationError
+
+HELP = {
+    "name": "Katana - Web Crawler & Spider",
+    "description": (
+        "Katana is a fast and configurable web crawler designed for reconnaissance.\n\n"
+        "It discovers hidden endpoints, query parameters, forms, and JavaScript-rendered routes "
+        "that static tools like gobuster miss. This is essential for finding actual attack surface "
+        "before running injection tests with SQLMap.\n\n"
+        "Key features:\n"
+        "- Headless browser mode for JavaScript-heavy SPAs (React, Angular, Vue)\n"
+        "- Automatic parameter extraction from discovered URLs\n"
+        "- Form discovery (POST endpoints)\n"
+        "- JavaScript parsing for hidden API routes\n"
+        "- Configurable crawl depth and scope\n\n"
+        "Quick tips:\n"
+        "- Default headless mode works best for modern web apps\n"
+        "- Use -d to control crawl depth (default: 3)\n"
+        "- Results chain automatically to SQLMap for injection testing\n"
+    ),
+    "usage": "souleyez jobs enqueue katana <target>",
+    "examples": [
+        "souleyez jobs enqueue katana http://example.com",
+        'souleyez jobs enqueue katana http://example.com --args "-d 5"',
+        'souleyez jobs enqueue katana http://example.com --args "-no-headless"',
+    ],
+    "flags": [
+        ["-d <depth>", "Maximum crawl depth (default: 3)"],
+        ["-headless", "Enable headless browser (default: ON)"],
+        ["-no-headless", "Disable headless browser for faster scanning"],
+        ["-jc", "Enable JavaScript crawling"],
+        ["-timeout <sec>", "Request timeout in seconds (default: 10)"],
+        ["-c <num>", "Concurrency level (default: 10)"],
+        ["-rl <num>", "Rate limit (requests per second)"],
+        ["-scope <regex>", "Regex to filter in-scope URLs"],
+        ["-silent", "Suppress banner and info output"],
+    ],
+    "preset_categories": {
+        "crawl_modes": [
+            {
+                "name": "Standard Crawl",
+                "args": ["-d", "3", "-headless", "-jc"],
+                "desc": "Default crawl with JavaScript support (recommended)",
+            },
+            {
+                "name": "Deep Crawl",
+                "args": ["-d", "5", "-headless", "-jc"],
+                "desc": "Deeper crawl for complex applications",
+            },
+            {
+                "name": "Fast Crawl",
+                "args": ["-d", "2", "-no-headless"],
+                "desc": "Quick scan without headless browser",
+            },
+            {
+                "name": "Aggressive",
+                "args": ["-d", "5", "-headless", "-jc", "-c", "20"],
+                "desc": "Deep and concurrent crawl",
+            },
+        ],
+        "scope_control": [
+            {
+                "name": "Same Domain Only",
+                "args": ["-headless", "-jc", "-fs", "dn"],
+                "desc": "Stay within the same domain",
+            },
+            {
+                "name": "Same Host Only",
+                "args": ["-headless", "-jc", "-fs", "sdn"],
+                "desc": "Stay on exact subdomain",
+            },
+        ],
+    },
+    "presets": [
+        {
+            "name": "Standard Crawl",
+            "args": ["-d", "3", "-headless", "-jc"],
+            "desc": "Default crawl with JavaScript support",
+        },
+        {
+            "name": "Deep Crawl",
+            "args": ["-d", "5", "-headless", "-jc"],
+            "desc": "Thorough crawl for complex apps",
+        },
+        {
+            "name": "Fast (No JS)",
+            "args": ["-d", "2", "-no-headless"],
+            "desc": "Quick crawl without browser",
+        },
+    ],
+    "help_sections": [
+        {
+            "title": "How It Fits In The Chain",
+            "color": "cyan",
+            "content": [
+                {
+                    "title": "Discovery Flow",
+                    "desc": (
+                        "1. Gobuster/FFUF find paths (/api, /admin, etc.)\n"
+                        "     2. Katana crawls those paths to find parameters\n"
+                        "     3. SQLMap tests the parameters for injection\n"
+                        "     4. Nuclei scans crawled URLs for other vulns"
+                    ),
+                }
+            ],
+        }
+    ],
+}
+
+
+class KatanaPlugin(PluginBase):
+    name = "Katana"
+    tool = "katana"
+    category = "vulnerability_analysis"
+    HELP = HELP
+
+    def check_tool_available(self) -> tuple:
+        """
+        Check if katana and chromium are installed.
+
+        Returns:
+            (is_available: bool, error_message: str or None)
+        """
+        # Check katana
+        if not shutil.which("katana"):
+            return (False, "Katana not found. Install with: sudo apt install katana")
+
+        # Check chromium for headless mode
+        chromium_binaries = ["chromium", "chromium-browser", "google-chrome", "chrome"]
+        chromium_found = any(shutil.which(b) for b in chromium_binaries)
+
+        if not chromium_found:
+            return (
+                False,
+                "Chromium not found (required for headless mode). Install with: sudo apt install chromium",
+            )
+
+        return (True, None)
+
+    def _normalize_target(self, target: str, log_path: str = None) -> Optional[str]:
+        """
+        Normalize target URL for Katana.
+
+        Katana requires a full URL - bare IPs/domains get http:// prepended.
+        """
+        import re
+
+        # Already a URL - validate and return
+        if target.startswith(("http://", "https://")):
+            try:
+                return validate_url(target)
+            except ValidationError as e:
+                if log_path:
+                    with open(log_path, "w") as f:
+                        f.write(f"ERROR: Invalid URL: {e}\n")
+                return None
+
+        # Bare IP or domain - prepend http://
+        ip_pattern = r"^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(:\d+)?$"
+        domain_pattern = r"^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*$"
+
+        if re.match(ip_pattern, target) or re.match(domain_pattern, target):
+            if log_path:
+                with open(log_path, "a") as f:
+                    f.write(
+                        f"NOTE: Converting bare target '{target}' to 'http://{target}'\n"
+                    )
+            return f"http://{target}"
+
+        return target
+
+    def build_command(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ) -> Optional[Dict[str, Any]]:
+        """
+        Build katana command for background execution.
+
+        Args:
+            target: Target URL to crawl
+            args: Additional command line arguments
+            label: Job label
+            log_path: Path to write output
+
+        Returns:
+            Dict with 'cmd' and 'timeout' keys, or None on error
+        """
+        args = args or []
+
+        # Normalize target
+        target = self._normalize_target(target, log_path)
+        if target is None:
+            return None
+
+        # Replace <target> placeholder in args
+        args = [arg.replace("<target>", target) for arg in args]
+
+        # Build base command
+        cmd = ["katana", "-u", target]
+
+        # Force JSONL output for parsing
+        if "-jsonl" not in args and "-json" not in args:
+            cmd.append("-jsonl")
+
+        # Output to log file
+        if log_path and "-o" not in args:
+            cmd.extend(["-o", log_path])
+
+        # Add user args
+        cmd.extend(args)
+
+        # Set defaults if not specified
+        # Headless mode by default (unless -no-headless specified)
+        if "-headless" not in args and "-no-headless" not in args:
+            cmd.append("-headless")
+
+        # JavaScript crawling by default
+        if "-jc" not in args:
+            cmd.append("-jc")
+
+        # Default crawl depth
+        if "-d" not in args and "-depth" not in args:
+            cmd.extend(["-d", "3"])
+
+        # Request timeout
+        if "-timeout" not in args:
+            cmd.extend(["-timeout", "10"])
+
+        # Silent mode to reduce noise
+        if "-silent" not in args:
+            cmd.append("-silent")
+
+        return {"cmd": cmd, "timeout": 1800}  # 30 minutes for crawling
+
+    def run(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ) -> int:
+        """
+        Execute katana crawl synchronously.
+
+        Args:
+            target: Target URL
+            args: Command line arguments
+            label: Job label
+            log_path: Output file path
+
+        Returns:
+            Exit code (0 = success)
+        """
+        cmd_spec = self.build_command(target, args, label, log_path)
+        if cmd_spec is None:
+            return 1
+
+        cmd = cmd_spec["cmd"]
+        timeout = cmd_spec.get("timeout", 1800)
+
+        try:
+            if log_path:
+                # Write metadata header
+                with open(log_path, "w") as f:
+                    f.write(f"=== Plugin: Katana ===\n")
+                    f.write(f"Target: {target}\n")
+                    f.write(f"Args: {args}\n")
+                    f.write(f"Label: {label}\n")
+                    f.write(f"Command: {' '.join(cmd)}\n\n")
+
+                # Run katana
+                proc = subprocess.run(
+                    cmd, capture_output=True, timeout=timeout, check=False
+                )
+
+                # Append completion marker
+                with open(log_path, "a") as f:
+                    f.write(f"\n=== Completed ===\n")
+                    f.write(f"Exit Code: {proc.returncode}\n")
+                    if proc.stderr:
+                        f.write(
+                            f"Stderr: {proc.stderr.decode('utf-8', errors='replace')}\n"
+                        )
+
+                return proc.returncode
+            else:
+                proc = subprocess.run(
+                    cmd, capture_output=True, timeout=timeout, check=False
+                )
+                return proc.returncode
+
+        except subprocess.TimeoutExpired:
+            if log_path:
+                with open(log_path, "a") as f:
+                    f.write(f"\nERROR: Crawl timed out after {timeout} seconds\n")
+            return 124
+
+        except Exception as e:
+            if log_path:
+                with open(log_path, "a") as f:
+                    f.write(f"\nERROR: {str(e)}\n")
+            return 1
+
+
+# Export plugin instance for auto-discovery
+plugin = KatanaPlugin()