souleyez 2.43.26__py3-none-any.whl → 2.43.34__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (358) hide show
  1. souleyez/__init__.py +1 -2
  2. souleyez/ai/__init__.py +21 -15
  3. souleyez/ai/action_mapper.py +249 -150
  4. souleyez/ai/chain_advisor.py +116 -100
  5. souleyez/ai/claude_provider.py +29 -28
  6. souleyez/ai/context_builder.py +80 -62
  7. souleyez/ai/executor.py +158 -117
  8. souleyez/ai/feedback_handler.py +136 -121
  9. souleyez/ai/llm_factory.py +27 -20
  10. souleyez/ai/llm_provider.py +4 -2
  11. souleyez/ai/ollama_provider.py +6 -9
  12. souleyez/ai/ollama_service.py +44 -37
  13. souleyez/ai/path_scorer.py +91 -76
  14. souleyez/ai/recommender.py +176 -144
  15. souleyez/ai/report_context.py +74 -73
  16. souleyez/ai/report_service.py +84 -66
  17. souleyez/ai/result_parser.py +222 -229
  18. souleyez/ai/safety.py +67 -44
  19. souleyez/auth/__init__.py +23 -22
  20. souleyez/auth/audit.py +36 -26
  21. souleyez/auth/engagement_access.py +65 -48
  22. souleyez/auth/permissions.py +14 -3
  23. souleyez/auth/session_manager.py +54 -37
  24. souleyez/auth/user_manager.py +109 -64
  25. souleyez/commands/audit.py +40 -43
  26. souleyez/commands/auth.py +35 -15
  27. souleyez/commands/deliverables.py +55 -50
  28. souleyez/commands/engagement.py +47 -28
  29. souleyez/commands/license.py +32 -23
  30. souleyez/commands/screenshots.py +36 -32
  31. souleyez/commands/user.py +82 -36
  32. souleyez/config.py +52 -44
  33. souleyez/core/credential_tester.py +87 -81
  34. souleyez/core/cve_mappings.py +179 -192
  35. souleyez/core/cve_matcher.py +162 -148
  36. souleyez/core/msf_auto_mapper.py +100 -83
  37. souleyez/core/msf_chain_engine.py +294 -256
  38. souleyez/core/msf_database.py +153 -70
  39. souleyez/core/msf_integration.py +679 -673
  40. souleyez/core/msf_rpc_client.py +40 -42
  41. souleyez/core/msf_rpc_manager.py +77 -79
  42. souleyez/core/msf_sync_manager.py +241 -181
  43. souleyez/core/network_utils.py +22 -15
  44. souleyez/core/parser_handler.py +34 -25
  45. souleyez/core/pending_chains.py +114 -63
  46. souleyez/core/templates.py +158 -107
  47. souleyez/core/tool_chaining.py +9526 -2879
  48. souleyez/core/version_utils.py +79 -94
  49. souleyez/core/vuln_correlation.py +136 -89
  50. souleyez/core/web_utils.py +33 -32
  51. souleyez/data/wordlists/ad_users.txt +378 -0
  52. souleyez/data/wordlists/api_endpoints_large.txt +769 -0
  53. souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
  54. souleyez/data/wordlists/lfi_payloads.txt +82 -0
  55. souleyez/data/wordlists/passwords_brute.txt +1548 -0
  56. souleyez/data/wordlists/passwords_crack.txt +2479 -0
  57. souleyez/data/wordlists/passwords_spray.txt +386 -0
  58. souleyez/data/wordlists/subdomains_large.txt +5057 -0
  59. souleyez/data/wordlists/usernames_common.txt +694 -0
  60. souleyez/data/wordlists/web_dirs_large.txt +4769 -0
  61. souleyez/detection/__init__.py +1 -1
  62. souleyez/detection/attack_signatures.py +12 -17
  63. souleyez/detection/mitre_mappings.py +61 -55
  64. souleyez/detection/validator.py +97 -86
  65. souleyez/devtools.py +23 -10
  66. souleyez/docs/README.md +4 -4
  67. souleyez/docs/api-reference/cli-commands.md +2 -2
  68. souleyez/docs/developer-guide/adding-new-tools.md +562 -0
  69. souleyez/docs/user-guide/auto-chaining.md +30 -8
  70. souleyez/docs/user-guide/getting-started.md +1 -1
  71. souleyez/docs/user-guide/installation.md +26 -3
  72. souleyez/docs/user-guide/metasploit-integration.md +2 -2
  73. souleyez/docs/user-guide/rbac.md +1 -1
  74. souleyez/docs/user-guide/scope-management.md +1 -1
  75. souleyez/docs/user-guide/siem-integration.md +1 -1
  76. souleyez/docs/user-guide/tools-reference.md +1 -8
  77. souleyez/docs/user-guide/worker-management.md +1 -1
  78. souleyez/engine/background.py +1239 -535
  79. souleyez/engine/base.py +4 -1
  80. souleyez/engine/job_status.py +17 -49
  81. souleyez/engine/log_sanitizer.py +103 -77
  82. souleyez/engine/manager.py +38 -7
  83. souleyez/engine/result_handler.py +2200 -1550
  84. souleyez/engine/worker_manager.py +50 -41
  85. souleyez/export/evidence_bundle.py +72 -62
  86. souleyez/feature_flags/features.py +16 -20
  87. souleyez/feature_flags.py +5 -9
  88. souleyez/handlers/__init__.py +11 -0
  89. souleyez/handlers/base.py +188 -0
  90. souleyez/handlers/bash_handler.py +277 -0
  91. souleyez/handlers/bloodhound_handler.py +243 -0
  92. souleyez/handlers/certipy_handler.py +311 -0
  93. souleyez/handlers/crackmapexec_handler.py +486 -0
  94. souleyez/handlers/dnsrecon_handler.py +344 -0
  95. souleyez/handlers/enum4linux_handler.py +400 -0
  96. souleyez/handlers/evil_winrm_handler.py +493 -0
  97. souleyez/handlers/ffuf_handler.py +815 -0
  98. souleyez/handlers/gobuster_handler.py +1114 -0
  99. souleyez/handlers/gpp_extract_handler.py +334 -0
  100. souleyez/handlers/hashcat_handler.py +444 -0
  101. souleyez/handlers/hydra_handler.py +563 -0
  102. souleyez/handlers/impacket_getuserspns_handler.py +343 -0
  103. souleyez/handlers/impacket_psexec_handler.py +222 -0
  104. souleyez/handlers/impacket_secretsdump_handler.py +426 -0
  105. souleyez/handlers/john_handler.py +286 -0
  106. souleyez/handlers/katana_handler.py +425 -0
  107. souleyez/handlers/kerbrute_handler.py +298 -0
  108. souleyez/handlers/ldapsearch_handler.py +636 -0
  109. souleyez/handlers/lfi_extract_handler.py +464 -0
  110. souleyez/handlers/msf_auxiliary_handler.py +408 -0
  111. souleyez/handlers/msf_exploit_handler.py +380 -0
  112. souleyez/handlers/nikto_handler.py +413 -0
  113. souleyez/handlers/nmap_handler.py +821 -0
  114. souleyez/handlers/nuclei_handler.py +359 -0
  115. souleyez/handlers/nxc_handler.py +371 -0
  116. souleyez/handlers/rdp_sec_check_handler.py +353 -0
  117. souleyez/handlers/registry.py +292 -0
  118. souleyez/handlers/responder_handler.py +232 -0
  119. souleyez/handlers/service_explorer_handler.py +434 -0
  120. souleyez/handlers/smbclient_handler.py +344 -0
  121. souleyez/handlers/smbmap_handler.py +510 -0
  122. souleyez/handlers/smbpasswd_handler.py +296 -0
  123. souleyez/handlers/sqlmap_handler.py +1116 -0
  124. souleyez/handlers/theharvester_handler.py +601 -0
  125. souleyez/handlers/web_login_test_handler.py +327 -0
  126. souleyez/handlers/whois_handler.py +277 -0
  127. souleyez/handlers/wpscan_handler.py +554 -0
  128. souleyez/history.py +32 -16
  129. souleyez/importers/msf_importer.py +106 -75
  130. souleyez/importers/smart_importer.py +208 -147
  131. souleyez/integrations/siem/__init__.py +10 -10
  132. souleyez/integrations/siem/base.py +17 -18
  133. souleyez/integrations/siem/elastic.py +108 -122
  134. souleyez/integrations/siem/factory.py +207 -80
  135. souleyez/integrations/siem/googlesecops.py +146 -154
  136. souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
  137. souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
  138. souleyez/integrations/siem/sentinel.py +107 -109
  139. souleyez/integrations/siem/splunk.py +246 -212
  140. souleyez/integrations/siem/wazuh.py +65 -71
  141. souleyez/integrations/wazuh/__init__.py +5 -5
  142. souleyez/integrations/wazuh/client.py +70 -93
  143. souleyez/integrations/wazuh/config.py +85 -57
  144. souleyez/integrations/wazuh/host_mapper.py +28 -36
  145. souleyez/integrations/wazuh/sync.py +78 -68
  146. souleyez/intelligence/__init__.py +4 -5
  147. souleyez/intelligence/correlation_analyzer.py +309 -295
  148. souleyez/intelligence/exploit_knowledge.py +661 -623
  149. souleyez/intelligence/exploit_suggestions.py +159 -139
  150. souleyez/intelligence/gap_analyzer.py +132 -97
  151. souleyez/intelligence/gap_detector.py +251 -214
  152. souleyez/intelligence/sensitive_tables.py +266 -129
  153. souleyez/intelligence/service_parser.py +137 -123
  154. souleyez/intelligence/surface_analyzer.py +407 -268
  155. souleyez/intelligence/target_parser.py +159 -162
  156. souleyez/licensing/__init__.py +6 -6
  157. souleyez/licensing/validator.py +17 -19
  158. souleyez/log_config.py +79 -54
  159. souleyez/main.py +1505 -687
  160. souleyez/migrations/fix_job_counter.py +16 -14
  161. souleyez/parsers/bloodhound_parser.py +41 -39
  162. souleyez/parsers/crackmapexec_parser.py +178 -111
  163. souleyez/parsers/dalfox_parser.py +72 -77
  164. souleyez/parsers/dnsrecon_parser.py +103 -91
  165. souleyez/parsers/enum4linux_parser.py +183 -153
  166. souleyez/parsers/ffuf_parser.py +29 -25
  167. souleyez/parsers/gobuster_parser.py +301 -41
  168. souleyez/parsers/hashcat_parser.py +324 -79
  169. souleyez/parsers/http_fingerprint_parser.py +350 -103
  170. souleyez/parsers/hydra_parser.py +131 -111
  171. souleyez/parsers/impacket_parser.py +231 -178
  172. souleyez/parsers/john_parser.py +98 -86
  173. souleyez/parsers/katana_parser.py +316 -0
  174. souleyez/parsers/msf_parser.py +943 -498
  175. souleyez/parsers/nikto_parser.py +346 -65
  176. souleyez/parsers/nmap_parser.py +262 -174
  177. souleyez/parsers/nuclei_parser.py +40 -44
  178. souleyez/parsers/responder_parser.py +26 -26
  179. souleyez/parsers/searchsploit_parser.py +74 -74
  180. souleyez/parsers/service_explorer_parser.py +279 -0
  181. souleyez/parsers/smbmap_parser.py +180 -124
  182. souleyez/parsers/sqlmap_parser.py +434 -308
  183. souleyez/parsers/theharvester_parser.py +75 -57
  184. souleyez/parsers/whois_parser.py +135 -94
  185. souleyez/parsers/wpscan_parser.py +278 -190
  186. souleyez/plugins/afp.py +44 -36
  187. souleyez/plugins/afp_brute.py +114 -46
  188. souleyez/plugins/ard.py +48 -37
  189. souleyez/plugins/bloodhound.py +95 -61
  190. souleyez/plugins/certipy.py +303 -0
  191. souleyez/plugins/crackmapexec.py +186 -85
  192. souleyez/plugins/dalfox.py +120 -59
  193. souleyez/plugins/dns_hijack.py +146 -41
  194. souleyez/plugins/dnsrecon.py +97 -61
  195. souleyez/plugins/enum4linux.py +91 -66
  196. souleyez/plugins/evil_winrm.py +291 -0
  197. souleyez/plugins/ffuf.py +166 -90
  198. souleyez/plugins/firmware_extract.py +133 -29
  199. souleyez/plugins/gobuster.py +387 -190
  200. souleyez/plugins/gpp_extract.py +393 -0
  201. souleyez/plugins/hashcat.py +100 -73
  202. souleyez/plugins/http_fingerprint.py +854 -267
  203. souleyez/plugins/hydra.py +566 -200
  204. souleyez/plugins/impacket_getnpusers.py +117 -69
  205. souleyez/plugins/impacket_psexec.py +84 -64
  206. souleyez/plugins/impacket_secretsdump.py +103 -69
  207. souleyez/plugins/impacket_smbclient.py +89 -75
  208. souleyez/plugins/john.py +86 -69
  209. souleyez/plugins/katana.py +313 -0
  210. souleyez/plugins/kerbrute.py +237 -0
  211. souleyez/plugins/lfi_extract.py +541 -0
  212. souleyez/plugins/macos_ssh.py +117 -48
  213. souleyez/plugins/mdns.py +35 -30
  214. souleyez/plugins/msf_auxiliary.py +253 -130
  215. souleyez/plugins/msf_exploit.py +239 -161
  216. souleyez/plugins/nikto.py +134 -78
  217. souleyez/plugins/nmap.py +275 -91
  218. souleyez/plugins/nuclei.py +180 -89
  219. souleyez/plugins/nxc.py +285 -0
  220. souleyez/plugins/plugin_base.py +35 -36
  221. souleyez/plugins/plugin_template.py +13 -5
  222. souleyez/plugins/rdp_sec_check.py +130 -0
  223. souleyez/plugins/responder.py +112 -71
  224. souleyez/plugins/router_http_brute.py +76 -65
  225. souleyez/plugins/router_ssh_brute.py +118 -41
  226. souleyez/plugins/router_telnet_brute.py +124 -42
  227. souleyez/plugins/routersploit.py +91 -59
  228. souleyez/plugins/routersploit_exploit.py +77 -55
  229. souleyez/plugins/searchsploit.py +91 -77
  230. souleyez/plugins/service_explorer.py +1160 -0
  231. souleyez/plugins/smbmap.py +122 -72
  232. souleyez/plugins/smbpasswd.py +215 -0
  233. souleyez/plugins/sqlmap.py +301 -113
  234. souleyez/plugins/theharvester.py +127 -75
  235. souleyez/plugins/tr069.py +79 -57
  236. souleyez/plugins/upnp.py +65 -47
  237. souleyez/plugins/upnp_abuse.py +73 -55
  238. souleyez/plugins/vnc_access.py +129 -42
  239. souleyez/plugins/vnc_brute.py +109 -38
  240. souleyez/plugins/web_login_test.py +417 -0
  241. souleyez/plugins/whois.py +77 -58
  242. souleyez/plugins/wpscan.py +173 -69
  243. souleyez/reporting/__init__.py +2 -1
  244. souleyez/reporting/attack_chain.py +411 -346
  245. souleyez/reporting/charts.py +436 -501
  246. souleyez/reporting/compliance_mappings.py +334 -201
  247. souleyez/reporting/detection_report.py +126 -125
  248. souleyez/reporting/formatters.py +828 -591
  249. souleyez/reporting/generator.py +386 -302
  250. souleyez/reporting/metrics.py +72 -75
  251. souleyez/scanner.py +35 -29
  252. souleyez/security/__init__.py +37 -11
  253. souleyez/security/scope_validator.py +175 -106
  254. souleyez/security/validation.py +223 -149
  255. souleyez/security.py +22 -6
  256. souleyez/storage/credentials.py +247 -186
  257. souleyez/storage/crypto.py +296 -129
  258. souleyez/storage/database.py +73 -50
  259. souleyez/storage/db.py +58 -36
  260. souleyez/storage/deliverable_evidence.py +177 -128
  261. souleyez/storage/deliverable_exporter.py +282 -246
  262. souleyez/storage/deliverable_templates.py +134 -116
  263. souleyez/storage/deliverables.py +135 -130
  264. souleyez/storage/engagements.py +109 -56
  265. souleyez/storage/evidence.py +181 -152
  266. souleyez/storage/execution_log.py +31 -17
  267. souleyez/storage/exploit_attempts.py +93 -57
  268. souleyez/storage/exploits.py +67 -36
  269. souleyez/storage/findings.py +48 -61
  270. souleyez/storage/hosts.py +176 -144
  271. souleyez/storage/migrate_to_engagements.py +43 -19
  272. souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
  273. souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
  274. souleyez/storage/migrations/_003_add_execution_log.py +14 -8
  275. souleyez/storage/migrations/_005_screenshots.py +13 -5
  276. souleyez/storage/migrations/_006_deliverables.py +13 -5
  277. souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
  278. souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
  279. souleyez/storage/migrations/_010_evidence_linking.py +17 -10
  280. souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
  281. souleyez/storage/migrations/_012_team_collaboration.py +34 -21
  282. souleyez/storage/migrations/_013_add_host_tags.py +12 -6
  283. souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
  284. souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
  285. souleyez/storage/migrations/_016_add_domain_field.py +10 -4
  286. souleyez/storage/migrations/_017_msf_sessions.py +16 -8
  287. souleyez/storage/migrations/_018_add_osint_target.py +10 -6
  288. souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
  289. souleyez/storage/migrations/_020_add_rbac.py +36 -15
  290. souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
  291. souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
  292. souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
  293. souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
  294. souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
  295. souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
  296. souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
  297. souleyez/storage/migrations/__init__.py +26 -26
  298. souleyez/storage/migrations/migration_manager.py +19 -19
  299. souleyez/storage/msf_sessions.py +100 -65
  300. souleyez/storage/osint.py +17 -24
  301. souleyez/storage/recommendation_engine.py +269 -235
  302. souleyez/storage/screenshots.py +33 -32
  303. souleyez/storage/smb_shares.py +136 -92
  304. souleyez/storage/sqlmap_data.py +183 -128
  305. souleyez/storage/team_collaboration.py +135 -141
  306. souleyez/storage/timeline_tracker.py +122 -94
  307. souleyez/storage/wazuh_vulns.py +64 -66
  308. souleyez/storage/web_paths.py +33 -37
  309. souleyez/testing/credential_tester.py +221 -205
  310. souleyez/ui/__init__.py +1 -1
  311. souleyez/ui/ai_quotes.py +12 -12
  312. souleyez/ui/attack_surface.py +2439 -1516
  313. souleyez/ui/chain_rules_view.py +914 -382
  314. souleyez/ui/correlation_view.py +312 -230
  315. souleyez/ui/dashboard.py +2382 -1130
  316. souleyez/ui/deliverables_view.py +148 -62
  317. souleyez/ui/design_system.py +13 -13
  318. souleyez/ui/errors.py +49 -49
  319. souleyez/ui/evidence_linking_view.py +284 -179
  320. souleyez/ui/evidence_vault.py +393 -285
  321. souleyez/ui/exploit_suggestions_view.py +555 -349
  322. souleyez/ui/export_view.py +100 -66
  323. souleyez/ui/gap_analysis_view.py +315 -171
  324. souleyez/ui/help_system.py +105 -97
  325. souleyez/ui/intelligence_view.py +436 -293
  326. souleyez/ui/interactive.py +23434 -10286
  327. souleyez/ui/interactive_selector.py +75 -68
  328. souleyez/ui/log_formatter.py +47 -39
  329. souleyez/ui/menu_components.py +22 -13
  330. souleyez/ui/msf_auxiliary_menu.py +184 -133
  331. souleyez/ui/pending_chains_view.py +336 -172
  332. souleyez/ui/progress_indicators.py +5 -3
  333. souleyez/ui/recommendations_view.py +195 -137
  334. souleyez/ui/rule_builder.py +343 -225
  335. souleyez/ui/setup_wizard.py +678 -284
  336. souleyez/ui/shortcuts.py +217 -165
  337. souleyez/ui/splunk_gap_analysis_view.py +452 -270
  338. souleyez/ui/splunk_vulns_view.py +139 -86
  339. souleyez/ui/team_dashboard.py +498 -335
  340. souleyez/ui/template_selector.py +196 -105
  341. souleyez/ui/terminal.py +6 -6
  342. souleyez/ui/timeline_view.py +198 -127
  343. souleyez/ui/tool_setup.py +264 -164
  344. souleyez/ui/tutorial.py +202 -72
  345. souleyez/ui/tutorial_state.py +40 -40
  346. souleyez/ui/wazuh_vulns_view.py +235 -141
  347. souleyez/ui/wordlist_browser.py +260 -107
  348. souleyez/ui.py +464 -312
  349. souleyez/utils/tool_checker.py +427 -367
  350. souleyez/utils.py +33 -29
  351. souleyez/wordlists.py +134 -167
  352. {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/METADATA +1 -1
  353. souleyez-2.43.34.dist-info/RECORD +443 -0
  354. {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/WHEEL +1 -1
  355. souleyez-2.43.26.dist-info/RECORD +0 -379
  356. {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/entry_points.txt +0 -0
  357. {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/licenses/LICENSE +0 -0
  358. {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/top_level.txt +0 -0
souleyez/plugins/nikto.py CHANGED
@@ -26,11 +26,11 @@ HELP = {
26
26
  "Nikto is noisy by design - it sends many requests to thoroughly test the server. "
27
27
  "Use with caution on production systems.\n"
28
28
  ),
29
- "usage": "souleyez jobs enqueue nikto <target> --args \"-h <host> -p <port>\"",
29
+ "usage": 'souleyez jobs enqueue nikto <target> --args "-h <host> -p <port>"',
30
30
  "examples": [
31
- "souleyez jobs enqueue nikto http://example.com --args \"-h example.com\"",
32
- "souleyez jobs enqueue nikto https://example.com --args \"-h example.com -ssl\"",
33
- "souleyez jobs enqueue nikto http://example.com:8080 --args \"-h example.com -p 8080\"",
31
+ 'souleyez jobs enqueue nikto http://example.com --args "-h example.com"',
32
+ 'souleyez jobs enqueue nikto https://example.com --args "-h example.com -ssl"',
33
+ 'souleyez jobs enqueue nikto http://example.com:8080 --args "-h example.com -p 8080"',
34
34
  ],
35
35
  "flags": [
36
36
  ["-h <host>", "Target host (required)"],
@@ -47,76 +47,123 @@ HELP = {
47
47
  {
48
48
  "name": "Quick Scan",
49
49
  "args": ["-h", "<target>", "-nointeractive", "-timeout", "10"],
50
- "desc": "Fast scan with default checks"
50
+ "desc": "Fast scan with default checks",
51
51
  },
52
52
  {
53
53
  "name": "Quick Scan (SSL)",
54
54
  "args": ["-h", "<target>", "-ssl", "-nointeractive", "-timeout", "10"],
55
- "desc": "Fast scan for HTTPS sites"
56
- }
55
+ "desc": "Fast scan for HTTPS sites",
56
+ },
57
57
  ],
58
58
  "comprehensive": [
59
59
  {
60
60
  "name": "Full Scan",
61
61
  "args": ["-h", "<target>", "-nointeractive", "-Tuning", "123456789abc"],
62
- "desc": "All scan types enabled"
62
+ "desc": "All scan types enabled",
63
63
  },
64
64
  {
65
65
  "name": "CGI Focus",
66
66
  "args": ["-h", "<target>", "-nointeractive", "-Tuning", "5"],
67
- "desc": "Focus on CGI/script vulnerabilities"
68
- }
67
+ "desc": "Focus on CGI/script vulnerabilities",
68
+ },
69
69
  ],
70
70
  "stealth": [
71
71
  {
72
72
  "name": "Slow & Quiet",
73
- "args": ["-h", "<target>", "-nointeractive", "-Pause", "3", "-timeout", "15"],
74
- "desc": "Slower scan to avoid detection"
73
+ "args": [
74
+ "-h",
75
+ "<target>",
76
+ "-nointeractive",
77
+ "-Pause",
78
+ "3",
79
+ "-timeout",
80
+ "15",
81
+ ],
82
+ "desc": "Slower scan to avoid detection",
75
83
  }
76
- ]
84
+ ],
77
85
  },
78
86
  "presets": [
79
- {"name": "Quick Scan", "args": ["-h", "<target>", "-nointeractive", "-timeout", "10"], "desc": "Fast scan with default checks"},
80
- {"name": "Quick Scan (SSL)", "args": ["-h", "<target>", "-ssl", "-nointeractive", "-timeout", "10"], "desc": "Fast scan for HTTPS sites"},
81
- {"name": "Full Scan", "args": ["-h", "<target>", "-nointeractive", "-Tuning", "123456789abc"], "desc": "All scan types enabled"},
82
- {"name": "CGI Focus", "args": ["-h", "<target>", "-nointeractive", "-Tuning", "5"], "desc": "Focus on CGI/script vulnerabilities"},
83
- {"name": "Slow & Quiet", "args": ["-h", "<target>", "-nointeractive", "-Pause", "3", "-timeout", "15"], "desc": "Slower scan to avoid detection"},
87
+ {
88
+ "name": "Quick Scan",
89
+ "args": ["-h", "<target>", "-nointeractive", "-timeout", "10"],
90
+ "desc": "Fast scan with default checks",
91
+ },
92
+ {
93
+ "name": "Quick Scan (SSL)",
94
+ "args": ["-h", "<target>", "-ssl", "-nointeractive", "-timeout", "10"],
95
+ "desc": "Fast scan for HTTPS sites",
96
+ },
97
+ {
98
+ "name": "Full Scan",
99
+ "args": ["-h", "<target>", "-nointeractive", "-Tuning", "123456789abc"],
100
+ "desc": "All scan types enabled",
101
+ },
102
+ {
103
+ "name": "CGI Focus",
104
+ "args": ["-h", "<target>", "-nointeractive", "-Tuning", "5"],
105
+ "desc": "Focus on CGI/script vulnerabilities",
106
+ },
107
+ {
108
+ "name": "Slow & Quiet",
109
+ "args": [
110
+ "-h",
111
+ "<target>",
112
+ "-nointeractive",
113
+ "-Pause",
114
+ "3",
115
+ "-timeout",
116
+ "15",
117
+ ],
118
+ "desc": "Slower scan to avoid detection",
119
+ },
84
120
  ],
85
121
  "help_sections": [
86
122
  {
87
123
  "title": "What is Nikto?",
88
124
  "color": "cyan",
89
125
  "content": [
90
- {"title": "Overview", "desc": "Nikto is a web server scanner that performs comprehensive tests against web servers for multiple items including dangerous files, outdated versions, and configuration problems."},
91
- {"title": "Use Cases", "desc": "Best for initial web server assessment", "tips": [
92
- "Find outdated server software",
93
- "Detect dangerous default files",
94
- "Identify server misconfigurations",
95
- "Check for known vulnerable CGI scripts"
96
- ]}
97
- ]
126
+ {
127
+ "title": "Overview",
128
+ "desc": "Nikto is a web server scanner that performs comprehensive tests against web servers for multiple items including dangerous files, outdated versions, and configuration problems.",
129
+ },
130
+ {
131
+ "title": "Use Cases",
132
+ "desc": "Best for initial web server assessment",
133
+ "tips": [
134
+ "Find outdated server software",
135
+ "Detect dangerous default files",
136
+ "Identify server misconfigurations",
137
+ "Check for known vulnerable CGI scripts",
138
+ ],
139
+ },
140
+ ],
98
141
  },
99
142
  {
100
143
  "title": "Tuning Options",
101
144
  "color": "green",
102
145
  "content": [
103
- {"title": "Tuning Codes", "desc": "Use -Tuning to focus scans:", "tips": [
104
- "1 - Interesting File / Seen in logs",
105
- "2 - Misconfiguration / Default File",
106
- "3 - Information Disclosure",
107
- "4 - Injection (XSS/Script/HTML)",
108
- "5 - Remote File Retrieval - Inside Web Root",
109
- "6 - Denial of Service",
110
- "7 - Remote File Retrieval - Server Wide",
111
- "8 - Command Execution / Remote Shell",
112
- "9 - SQL Injection",
113
- "a - Authentication Bypass",
114
- "b - Software Identification",
115
- "c - Remote Source Inclusion"
116
- ]}
117
- ]
118
- }
119
- ]
146
+ {
147
+ "title": "Tuning Codes",
148
+ "desc": "Use -Tuning to focus scans:",
149
+ "tips": [
150
+ "1 - Interesting File / Seen in logs",
151
+ "2 - Misconfiguration / Default File",
152
+ "3 - Information Disclosure",
153
+ "4 - Injection (XSS/Script/HTML)",
154
+ "5 - Remote File Retrieval - Inside Web Root",
155
+ "6 - Denial of Service",
156
+ "7 - Remote File Retrieval - Server Wide",
157
+ "8 - Command Execution / Remote Shell",
158
+ "9 - SQL Injection",
159
+ "a - Authentication Bypass",
160
+ "b - Software Identification",
161
+ "c - Remote Source Inclusion",
162
+ ],
163
+ }
164
+ ],
165
+ },
166
+ ],
120
167
  }
121
168
 
122
169
 
@@ -126,74 +173,79 @@ class NiktoPlugin(PluginBase):
126
173
  category = "vulnerability_analysis"
127
174
  HELP = HELP
128
175
 
129
- def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
176
+ def build_command(
177
+ self, target: str, args: List[str] = None, label: str = "", log_path: str = None
178
+ ):
130
179
  """Build nikto command for background execution."""
131
180
  args = args or []
132
181
 
133
182
  # Extract host from target URL if not in args
134
- if '-h' not in args:
183
+ if "-h" not in args:
135
184
  # Parse target to get host
136
- if target.startswith(('http://', 'https://')):
185
+ if target.startswith(("http://", "https://")):
137
186
  from urllib.parse import urlparse
187
+
138
188
  parsed = urlparse(target)
139
189
  host = parsed.netloc
140
- if ':' in host:
141
- host, port = host.rsplit(':', 1)
142
- if '-p' not in args:
143
- args.extend(['-p', port])
144
- args.extend(['-h', host])
190
+ if ":" in host:
191
+ host, port = host.rsplit(":", 1)
192
+ if "-p" not in args:
193
+ args.extend(["-p", port])
194
+ args.extend(["-h", host])
145
195
 
146
196
  # Add -ssl if https
147
- if parsed.scheme == 'https' and '-ssl' not in args:
148
- args.append('-ssl')
197
+ if parsed.scheme == "https" and "-ssl" not in args:
198
+ args.append("-ssl")
149
199
  else:
150
- args.extend(['-h', target])
200
+ args.extend(["-h", target])
151
201
 
152
202
  # Replace <target> placeholder in args
153
203
  processed_args = [arg.replace("<target>", target) for arg in args]
154
204
 
155
205
  # Ensure nointeractive mode for background execution
156
- if '-nointeractive' not in processed_args:
157
- processed_args.append('-nointeractive')
206
+ if "-nointeractive" not in processed_args:
207
+ processed_args.append("-nointeractive")
158
208
 
159
209
  cmd = ["nikto"] + processed_args
160
210
 
161
- return {
162
- 'cmd': cmd,
163
- 'timeout': 3600 # 1 hour (nikto can be slow)
164
- }
211
+ return {"cmd": cmd, "timeout": 3600} # 1 hour (nikto can be slow)
165
212
 
166
- def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
213
+ def run(
214
+ self, target: str, args: List[str] = None, label: str = "", log_path: str = None
215
+ ) -> int:
167
216
  """Execute nikto scan and write output to log_path."""
168
217
  args = args or []
169
218
 
170
219
  # Extract host from target URL if not in args
171
- if '-h' not in args:
172
- if target.startswith(('http://', 'https://')):
220
+ if "-h" not in args:
221
+ if target.startswith(("http://", "https://")):
173
222
  from urllib.parse import urlparse
223
+
174
224
  parsed = urlparse(target)
175
225
  host = parsed.netloc
176
- if ':' in host:
177
- host, port = host.rsplit(':', 1)
178
- if '-p' not in args:
179
- args.extend(['-p', port])
180
- args.extend(['-h', host])
181
-
182
- if parsed.scheme == 'https' and '-ssl' not in args:
183
- args.append('-ssl')
226
+ if ":" in host:
227
+ host, port = host.rsplit(":", 1)
228
+ if "-p" not in args:
229
+ args.extend(["-p", port])
230
+ args.extend(["-h", host])
231
+
232
+ if parsed.scheme == "https" and "-ssl" not in args:
233
+ args.append("-ssl")
184
234
  else:
185
- args.extend(['-h', target])
235
+ args.extend(["-h", target])
186
236
 
187
237
  processed_args = [arg.replace("<target>", target) for arg in args]
188
238
 
189
- if '-nointeractive' not in processed_args:
190
- processed_args.append('-nointeractive')
239
+ if "-nointeractive" not in processed_args:
240
+ processed_args.append("-nointeractive")
191
241
 
192
242
  cmd = ["nikto"] + processed_args
193
243
 
194
244
  if not log_path:
195
245
  try:
196
- proc = subprocess.run(cmd, capture_output=True, timeout=3600, check=False)
246
+ proc = subprocess.run(
247
+ cmd, capture_output=True, timeout=3600, check=False
248
+ )
197
249
  return proc.returncode
198
250
  except Exception:
199
251
  return 1
@@ -205,7 +257,9 @@ class NiktoPlugin(PluginBase):
205
257
  fh.write(f"Args: {processed_args}\n")
206
258
  if label:
207
259
  fh.write(f"Label: {label}\n")
208
- fh.write(f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n")
260
+ fh.write(
261
+ f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
262
+ )
209
263
  fh.write(f"Command: {' '.join(cmd)}\n")
210
264
  fh.write("=" * 60 + "\n\n")
211
265
  fh.flush()
@@ -216,11 +270,13 @@ class NiktoPlugin(PluginBase):
216
270
  stderr=subprocess.STDOUT,
217
271
  timeout=3600,
218
272
  check=False,
219
- text=True
273
+ text=True,
220
274
  )
221
275
 
222
276
  fh.write(proc.stdout)
223
- fh.write(f"\n=== Completed: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())} ===\n")
277
+ fh.write(
278
+ f"\n=== Completed: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())} ===\n"
279
+ )
224
280
  fh.write(f"Exit Code: {proc.returncode}\n")
225
281
 
226
282
  return proc.returncode