souleyez 2.43.26__py3-none-any.whl → 2.43.34__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -2
- souleyez/ai/__init__.py +21 -15
- souleyez/ai/action_mapper.py +249 -150
- souleyez/ai/chain_advisor.py +116 -100
- souleyez/ai/claude_provider.py +29 -28
- souleyez/ai/context_builder.py +80 -62
- souleyez/ai/executor.py +158 -117
- souleyez/ai/feedback_handler.py +136 -121
- souleyez/ai/llm_factory.py +27 -20
- souleyez/ai/llm_provider.py +4 -2
- souleyez/ai/ollama_provider.py +6 -9
- souleyez/ai/ollama_service.py +44 -37
- souleyez/ai/path_scorer.py +91 -76
- souleyez/ai/recommender.py +176 -144
- souleyez/ai/report_context.py +74 -73
- souleyez/ai/report_service.py +84 -66
- souleyez/ai/result_parser.py +222 -229
- souleyez/ai/safety.py +67 -44
- souleyez/auth/__init__.py +23 -22
- souleyez/auth/audit.py +36 -26
- souleyez/auth/engagement_access.py +65 -48
- souleyez/auth/permissions.py +14 -3
- souleyez/auth/session_manager.py +54 -37
- souleyez/auth/user_manager.py +109 -64
- souleyez/commands/audit.py +40 -43
- souleyez/commands/auth.py +35 -15
- souleyez/commands/deliverables.py +55 -50
- souleyez/commands/engagement.py +47 -28
- souleyez/commands/license.py +32 -23
- souleyez/commands/screenshots.py +36 -32
- souleyez/commands/user.py +82 -36
- souleyez/config.py +52 -44
- souleyez/core/credential_tester.py +87 -81
- souleyez/core/cve_mappings.py +179 -192
- souleyez/core/cve_matcher.py +162 -148
- souleyez/core/msf_auto_mapper.py +100 -83
- souleyez/core/msf_chain_engine.py +294 -256
- souleyez/core/msf_database.py +153 -70
- souleyez/core/msf_integration.py +679 -673
- souleyez/core/msf_rpc_client.py +40 -42
- souleyez/core/msf_rpc_manager.py +77 -79
- souleyez/core/msf_sync_manager.py +241 -181
- souleyez/core/network_utils.py +22 -15
- souleyez/core/parser_handler.py +34 -25
- souleyez/core/pending_chains.py +114 -63
- souleyez/core/templates.py +158 -107
- souleyez/core/tool_chaining.py +9526 -2879
- souleyez/core/version_utils.py +79 -94
- souleyez/core/vuln_correlation.py +136 -89
- souleyez/core/web_utils.py +33 -32
- souleyez/data/wordlists/ad_users.txt +378 -0
- souleyez/data/wordlists/api_endpoints_large.txt +769 -0
- souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
- souleyez/data/wordlists/lfi_payloads.txt +82 -0
- souleyez/data/wordlists/passwords_brute.txt +1548 -0
- souleyez/data/wordlists/passwords_crack.txt +2479 -0
- souleyez/data/wordlists/passwords_spray.txt +386 -0
- souleyez/data/wordlists/subdomains_large.txt +5057 -0
- souleyez/data/wordlists/usernames_common.txt +694 -0
- souleyez/data/wordlists/web_dirs_large.txt +4769 -0
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +12 -17
- souleyez/detection/mitre_mappings.py +61 -55
- souleyez/detection/validator.py +97 -86
- souleyez/devtools.py +23 -10
- souleyez/docs/README.md +4 -4
- souleyez/docs/api-reference/cli-commands.md +2 -2
- souleyez/docs/developer-guide/adding-new-tools.md +562 -0
- souleyez/docs/user-guide/auto-chaining.md +30 -8
- souleyez/docs/user-guide/getting-started.md +1 -1
- souleyez/docs/user-guide/installation.md +26 -3
- souleyez/docs/user-guide/metasploit-integration.md +2 -2
- souleyez/docs/user-guide/rbac.md +1 -1
- souleyez/docs/user-guide/scope-management.md +1 -1
- souleyez/docs/user-guide/siem-integration.md +1 -1
- souleyez/docs/user-guide/tools-reference.md +1 -8
- souleyez/docs/user-guide/worker-management.md +1 -1
- souleyez/engine/background.py +1239 -535
- souleyez/engine/base.py +4 -1
- souleyez/engine/job_status.py +17 -49
- souleyez/engine/log_sanitizer.py +103 -77
- souleyez/engine/manager.py +38 -7
- souleyez/engine/result_handler.py +2200 -1550
- souleyez/engine/worker_manager.py +50 -41
- souleyez/export/evidence_bundle.py +72 -62
- souleyez/feature_flags/features.py +16 -20
- souleyez/feature_flags.py +5 -9
- souleyez/handlers/__init__.py +11 -0
- souleyez/handlers/base.py +188 -0
- souleyez/handlers/bash_handler.py +277 -0
- souleyez/handlers/bloodhound_handler.py +243 -0
- souleyez/handlers/certipy_handler.py +311 -0
- souleyez/handlers/crackmapexec_handler.py +486 -0
- souleyez/handlers/dnsrecon_handler.py +344 -0
- souleyez/handlers/enum4linux_handler.py +400 -0
- souleyez/handlers/evil_winrm_handler.py +493 -0
- souleyez/handlers/ffuf_handler.py +815 -0
- souleyez/handlers/gobuster_handler.py +1114 -0
- souleyez/handlers/gpp_extract_handler.py +334 -0
- souleyez/handlers/hashcat_handler.py +444 -0
- souleyez/handlers/hydra_handler.py +563 -0
- souleyez/handlers/impacket_getuserspns_handler.py +343 -0
- souleyez/handlers/impacket_psexec_handler.py +222 -0
- souleyez/handlers/impacket_secretsdump_handler.py +426 -0
- souleyez/handlers/john_handler.py +286 -0
- souleyez/handlers/katana_handler.py +425 -0
- souleyez/handlers/kerbrute_handler.py +298 -0
- souleyez/handlers/ldapsearch_handler.py +636 -0
- souleyez/handlers/lfi_extract_handler.py +464 -0
- souleyez/handlers/msf_auxiliary_handler.py +408 -0
- souleyez/handlers/msf_exploit_handler.py +380 -0
- souleyez/handlers/nikto_handler.py +413 -0
- souleyez/handlers/nmap_handler.py +821 -0
- souleyez/handlers/nuclei_handler.py +359 -0
- souleyez/handlers/nxc_handler.py +371 -0
- souleyez/handlers/rdp_sec_check_handler.py +353 -0
- souleyez/handlers/registry.py +292 -0
- souleyez/handlers/responder_handler.py +232 -0
- souleyez/handlers/service_explorer_handler.py +434 -0
- souleyez/handlers/smbclient_handler.py +344 -0
- souleyez/handlers/smbmap_handler.py +510 -0
- souleyez/handlers/smbpasswd_handler.py +296 -0
- souleyez/handlers/sqlmap_handler.py +1116 -0
- souleyez/handlers/theharvester_handler.py +601 -0
- souleyez/handlers/web_login_test_handler.py +327 -0
- souleyez/handlers/whois_handler.py +277 -0
- souleyez/handlers/wpscan_handler.py +554 -0
- souleyez/history.py +32 -16
- souleyez/importers/msf_importer.py +106 -75
- souleyez/importers/smart_importer.py +208 -147
- souleyez/integrations/siem/__init__.py +10 -10
- souleyez/integrations/siem/base.py +17 -18
- souleyez/integrations/siem/elastic.py +108 -122
- souleyez/integrations/siem/factory.py +207 -80
- souleyez/integrations/siem/googlesecops.py +146 -154
- souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
- souleyez/integrations/siem/sentinel.py +107 -109
- souleyez/integrations/siem/splunk.py +246 -212
- souleyez/integrations/siem/wazuh.py +65 -71
- souleyez/integrations/wazuh/__init__.py +5 -5
- souleyez/integrations/wazuh/client.py +70 -93
- souleyez/integrations/wazuh/config.py +85 -57
- souleyez/integrations/wazuh/host_mapper.py +28 -36
- souleyez/integrations/wazuh/sync.py +78 -68
- souleyez/intelligence/__init__.py +4 -5
- souleyez/intelligence/correlation_analyzer.py +309 -295
- souleyez/intelligence/exploit_knowledge.py +661 -623
- souleyez/intelligence/exploit_suggestions.py +159 -139
- souleyez/intelligence/gap_analyzer.py +132 -97
- souleyez/intelligence/gap_detector.py +251 -214
- souleyez/intelligence/sensitive_tables.py +266 -129
- souleyez/intelligence/service_parser.py +137 -123
- souleyez/intelligence/surface_analyzer.py +407 -268
- souleyez/intelligence/target_parser.py +159 -162
- souleyez/licensing/__init__.py +6 -6
- souleyez/licensing/validator.py +17 -19
- souleyez/log_config.py +79 -54
- souleyez/main.py +1505 -687
- souleyez/migrations/fix_job_counter.py +16 -14
- souleyez/parsers/bloodhound_parser.py +41 -39
- souleyez/parsers/crackmapexec_parser.py +178 -111
- souleyez/parsers/dalfox_parser.py +72 -77
- souleyez/parsers/dnsrecon_parser.py +103 -91
- souleyez/parsers/enum4linux_parser.py +183 -153
- souleyez/parsers/ffuf_parser.py +29 -25
- souleyez/parsers/gobuster_parser.py +301 -41
- souleyez/parsers/hashcat_parser.py +324 -79
- souleyez/parsers/http_fingerprint_parser.py +350 -103
- souleyez/parsers/hydra_parser.py +131 -111
- souleyez/parsers/impacket_parser.py +231 -178
- souleyez/parsers/john_parser.py +98 -86
- souleyez/parsers/katana_parser.py +316 -0
- souleyez/parsers/msf_parser.py +943 -498
- souleyez/parsers/nikto_parser.py +346 -65
- souleyez/parsers/nmap_parser.py +262 -174
- souleyez/parsers/nuclei_parser.py +40 -44
- souleyez/parsers/responder_parser.py +26 -26
- souleyez/parsers/searchsploit_parser.py +74 -74
- souleyez/parsers/service_explorer_parser.py +279 -0
- souleyez/parsers/smbmap_parser.py +180 -124
- souleyez/parsers/sqlmap_parser.py +434 -308
- souleyez/parsers/theharvester_parser.py +75 -57
- souleyez/parsers/whois_parser.py +135 -94
- souleyez/parsers/wpscan_parser.py +278 -190
- souleyez/plugins/afp.py +44 -36
- souleyez/plugins/afp_brute.py +114 -46
- souleyez/plugins/ard.py +48 -37
- souleyez/plugins/bloodhound.py +95 -61
- souleyez/plugins/certipy.py +303 -0
- souleyez/plugins/crackmapexec.py +186 -85
- souleyez/plugins/dalfox.py +120 -59
- souleyez/plugins/dns_hijack.py +146 -41
- souleyez/plugins/dnsrecon.py +97 -61
- souleyez/plugins/enum4linux.py +91 -66
- souleyez/plugins/evil_winrm.py +291 -0
- souleyez/plugins/ffuf.py +166 -90
- souleyez/plugins/firmware_extract.py +133 -29
- souleyez/plugins/gobuster.py +387 -190
- souleyez/plugins/gpp_extract.py +393 -0
- souleyez/plugins/hashcat.py +100 -73
- souleyez/plugins/http_fingerprint.py +854 -267
- souleyez/plugins/hydra.py +566 -200
- souleyez/plugins/impacket_getnpusers.py +117 -69
- souleyez/plugins/impacket_psexec.py +84 -64
- souleyez/plugins/impacket_secretsdump.py +103 -69
- souleyez/plugins/impacket_smbclient.py +89 -75
- souleyez/plugins/john.py +86 -69
- souleyez/plugins/katana.py +313 -0
- souleyez/plugins/kerbrute.py +237 -0
- souleyez/plugins/lfi_extract.py +541 -0
- souleyez/plugins/macos_ssh.py +117 -48
- souleyez/plugins/mdns.py +35 -30
- souleyez/plugins/msf_auxiliary.py +253 -130
- souleyez/plugins/msf_exploit.py +239 -161
- souleyez/plugins/nikto.py +134 -78
- souleyez/plugins/nmap.py +275 -91
- souleyez/plugins/nuclei.py +180 -89
- souleyez/plugins/nxc.py +285 -0
- souleyez/plugins/plugin_base.py +35 -36
- souleyez/plugins/plugin_template.py +13 -5
- souleyez/plugins/rdp_sec_check.py +130 -0
- souleyez/plugins/responder.py +112 -71
- souleyez/plugins/router_http_brute.py +76 -65
- souleyez/plugins/router_ssh_brute.py +118 -41
- souleyez/plugins/router_telnet_brute.py +124 -42
- souleyez/plugins/routersploit.py +91 -59
- souleyez/plugins/routersploit_exploit.py +77 -55
- souleyez/plugins/searchsploit.py +91 -77
- souleyez/plugins/service_explorer.py +1160 -0
- souleyez/plugins/smbmap.py +122 -72
- souleyez/plugins/smbpasswd.py +215 -0
- souleyez/plugins/sqlmap.py +301 -113
- souleyez/plugins/theharvester.py +127 -75
- souleyez/plugins/tr069.py +79 -57
- souleyez/plugins/upnp.py +65 -47
- souleyez/plugins/upnp_abuse.py +73 -55
- souleyez/plugins/vnc_access.py +129 -42
- souleyez/plugins/vnc_brute.py +109 -38
- souleyez/plugins/web_login_test.py +417 -0
- souleyez/plugins/whois.py +77 -58
- souleyez/plugins/wpscan.py +173 -69
- souleyez/reporting/__init__.py +2 -1
- souleyez/reporting/attack_chain.py +411 -346
- souleyez/reporting/charts.py +436 -501
- souleyez/reporting/compliance_mappings.py +334 -201
- souleyez/reporting/detection_report.py +126 -125
- souleyez/reporting/formatters.py +828 -591
- souleyez/reporting/generator.py +386 -302
- souleyez/reporting/metrics.py +72 -75
- souleyez/scanner.py +35 -29
- souleyez/security/__init__.py +37 -11
- souleyez/security/scope_validator.py +175 -106
- souleyez/security/validation.py +223 -149
- souleyez/security.py +22 -6
- souleyez/storage/credentials.py +247 -186
- souleyez/storage/crypto.py +296 -129
- souleyez/storage/database.py +73 -50
- souleyez/storage/db.py +58 -36
- souleyez/storage/deliverable_evidence.py +177 -128
- souleyez/storage/deliverable_exporter.py +282 -246
- souleyez/storage/deliverable_templates.py +134 -116
- souleyez/storage/deliverables.py +135 -130
- souleyez/storage/engagements.py +109 -56
- souleyez/storage/evidence.py +181 -152
- souleyez/storage/execution_log.py +31 -17
- souleyez/storage/exploit_attempts.py +93 -57
- souleyez/storage/exploits.py +67 -36
- souleyez/storage/findings.py +48 -61
- souleyez/storage/hosts.py +176 -144
- souleyez/storage/migrate_to_engagements.py +43 -19
- souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
- souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
- souleyez/storage/migrations/_003_add_execution_log.py +14 -8
- souleyez/storage/migrations/_005_screenshots.py +13 -5
- souleyez/storage/migrations/_006_deliverables.py +13 -5
- souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
- souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
- souleyez/storage/migrations/_010_evidence_linking.py +17 -10
- souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
- souleyez/storage/migrations/_012_team_collaboration.py +34 -21
- souleyez/storage/migrations/_013_add_host_tags.py +12 -6
- souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
- souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
- souleyez/storage/migrations/_016_add_domain_field.py +10 -4
- souleyez/storage/migrations/_017_msf_sessions.py +16 -8
- souleyez/storage/migrations/_018_add_osint_target.py +10 -6
- souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
- souleyez/storage/migrations/_020_add_rbac.py +36 -15
- souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
- souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
- souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
- souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
- souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
- souleyez/storage/migrations/__init__.py +26 -26
- souleyez/storage/migrations/migration_manager.py +19 -19
- souleyez/storage/msf_sessions.py +100 -65
- souleyez/storage/osint.py +17 -24
- souleyez/storage/recommendation_engine.py +269 -235
- souleyez/storage/screenshots.py +33 -32
- souleyez/storage/smb_shares.py +136 -92
- souleyez/storage/sqlmap_data.py +183 -128
- souleyez/storage/team_collaboration.py +135 -141
- souleyez/storage/timeline_tracker.py +122 -94
- souleyez/storage/wazuh_vulns.py +64 -66
- souleyez/storage/web_paths.py +33 -37
- souleyez/testing/credential_tester.py +221 -205
- souleyez/ui/__init__.py +1 -1
- souleyez/ui/ai_quotes.py +12 -12
- souleyez/ui/attack_surface.py +2439 -1516
- souleyez/ui/chain_rules_view.py +914 -382
- souleyez/ui/correlation_view.py +312 -230
- souleyez/ui/dashboard.py +2382 -1130
- souleyez/ui/deliverables_view.py +148 -62
- souleyez/ui/design_system.py +13 -13
- souleyez/ui/errors.py +49 -49
- souleyez/ui/evidence_linking_view.py +284 -179
- souleyez/ui/evidence_vault.py +393 -285
- souleyez/ui/exploit_suggestions_view.py +555 -349
- souleyez/ui/export_view.py +100 -66
- souleyez/ui/gap_analysis_view.py +315 -171
- souleyez/ui/help_system.py +105 -97
- souleyez/ui/intelligence_view.py +436 -293
- souleyez/ui/interactive.py +23434 -10286
- souleyez/ui/interactive_selector.py +75 -68
- souleyez/ui/log_formatter.py +47 -39
- souleyez/ui/menu_components.py +22 -13
- souleyez/ui/msf_auxiliary_menu.py +184 -133
- souleyez/ui/pending_chains_view.py +336 -172
- souleyez/ui/progress_indicators.py +5 -3
- souleyez/ui/recommendations_view.py +195 -137
- souleyez/ui/rule_builder.py +343 -225
- souleyez/ui/setup_wizard.py +678 -284
- souleyez/ui/shortcuts.py +217 -165
- souleyez/ui/splunk_gap_analysis_view.py +452 -270
- souleyez/ui/splunk_vulns_view.py +139 -86
- souleyez/ui/team_dashboard.py +498 -335
- souleyez/ui/template_selector.py +196 -105
- souleyez/ui/terminal.py +6 -6
- souleyez/ui/timeline_view.py +198 -127
- souleyez/ui/tool_setup.py +264 -164
- souleyez/ui/tutorial.py +202 -72
- souleyez/ui/tutorial_state.py +40 -40
- souleyez/ui/wazuh_vulns_view.py +235 -141
- souleyez/ui/wordlist_browser.py +260 -107
- souleyez/ui.py +464 -312
- souleyez/utils/tool_checker.py +427 -367
- souleyez/utils.py +33 -29
- souleyez/wordlists.py +134 -167
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/METADATA +1 -1
- souleyez-2.43.34.dist-info/RECORD +443 -0
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/WHEEL +1 -1
- souleyez-2.43.26.dist-info/RECORD +0 -379
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/top_level.txt +0 -0
souleyez/plugins/routersploit.py
CHANGED
|
@@ -33,8 +33,8 @@ HELP = {
|
|
|
33
33
|
"usage": "souleyez jobs enqueue routersploit <target>",
|
|
34
34
|
"examples": [
|
|
35
35
|
"souleyez jobs enqueue routersploit 192.168.1.1",
|
|
36
|
-
|
|
37
|
-
|
|
36
|
+
'souleyez jobs enqueue routersploit 192.168.1.1 --args "--port 8080"',
|
|
37
|
+
'souleyez jobs enqueue routersploit 192.168.1.1 --args "--threads 4"',
|
|
38
38
|
],
|
|
39
39
|
"flags": [
|
|
40
40
|
["--port PORT", "Target HTTP port (default: 80)"],
|
|
@@ -45,42 +45,72 @@ HELP = {
|
|
|
45
45
|
# Scanning
|
|
46
46
|
{"name": "Quick Scan", "args": [], "desc": "Standard vulnerability scan"},
|
|
47
47
|
{"name": "HTTPS Scan", "args": ["--ssl"], "desc": "Scan over HTTPS (port 443)"},
|
|
48
|
-
{
|
|
48
|
+
{
|
|
49
|
+
"name": "Alt Port",
|
|
50
|
+
"args": ["--port", "8080"],
|
|
51
|
+
"desc": "Scan non-standard web port",
|
|
52
|
+
},
|
|
49
53
|
# Exploitation (specify module with --exploit)
|
|
50
|
-
{
|
|
51
|
-
|
|
52
|
-
|
|
54
|
+
{
|
|
55
|
+
"name": "Default Creds",
|
|
56
|
+
"args": ["--exploit", "creds/generic/http_default_creds"],
|
|
57
|
+
"desc": "Test default HTTP credentials",
|
|
58
|
+
},
|
|
59
|
+
{
|
|
60
|
+
"name": "Netgear RCE",
|
|
61
|
+
"args": ["--exploit", "exploits/routers/netgear/dgn1000_dgn2200_rce"],
|
|
62
|
+
"desc": "Netgear DGN1000/2200 RCE",
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
"name": "D-Link RCE",
|
|
66
|
+
"args": ["--exploit", "exploits/routers/dlink/dir_815_850l_rce"],
|
|
67
|
+
"desc": "D-Link DIR-815/850L RCE",
|
|
68
|
+
},
|
|
53
69
|
],
|
|
54
70
|
"help_sections": [
|
|
55
71
|
{
|
|
56
72
|
"title": "What is RouterSploit?",
|
|
57
73
|
"color": "cyan",
|
|
58
74
|
"content": [
|
|
59
|
-
{
|
|
60
|
-
|
|
61
|
-
"
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
"
|
|
65
|
-
"
|
|
66
|
-
|
|
67
|
-
|
|
75
|
+
{
|
|
76
|
+
"title": "Overview",
|
|
77
|
+
"desc": "RouterSploit is like Metasploit for routers. It has 200+ exploits for embedded devices from major vendors.",
|
|
78
|
+
},
|
|
79
|
+
{
|
|
80
|
+
"title": "Vendors Covered",
|
|
81
|
+
"desc": "Supported device manufacturers",
|
|
82
|
+
"tips": [
|
|
83
|
+
"Netgear, Linksys, TP-Link, D-Link, ASUS",
|
|
84
|
+
"Cisco, Juniper, MikroTik",
|
|
85
|
+
"Huawei, ZTE, ZyXEL",
|
|
86
|
+
"IP cameras: Hikvision, Dahua, Foscam",
|
|
87
|
+
"Many more embedded Linux devices",
|
|
88
|
+
],
|
|
89
|
+
},
|
|
90
|
+
],
|
|
68
91
|
},
|
|
69
92
|
{
|
|
70
93
|
"title": "Attack Workflow",
|
|
71
94
|
"color": "green",
|
|
72
95
|
"content": [
|
|
73
|
-
{
|
|
74
|
-
|
|
75
|
-
"
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
"
|
|
79
|
-
"
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
96
|
+
{
|
|
97
|
+
"title": "Typical Flow",
|
|
98
|
+
"desc": "1. Identify device (nmap, UPnP)\n2. Run RouterSploit scanner\n3. Exploit vulnerable services\n4. Extract credentials or get shell",
|
|
99
|
+
},
|
|
100
|
+
{
|
|
101
|
+
"title": "What Gets Tested",
|
|
102
|
+
"desc": "Types of vulnerabilities checked",
|
|
103
|
+
"tips": [
|
|
104
|
+
"Default/hardcoded credentials",
|
|
105
|
+
"Authentication bypasses",
|
|
106
|
+
"Remote code execution (RCE)",
|
|
107
|
+
"Information disclosure",
|
|
108
|
+
"Backdoor accounts",
|
|
109
|
+
],
|
|
110
|
+
},
|
|
111
|
+
],
|
|
112
|
+
},
|
|
113
|
+
],
|
|
84
114
|
}
|
|
85
115
|
|
|
86
116
|
|
|
@@ -93,13 +123,14 @@ class RouterSploitPlugin(PluginBase):
|
|
|
93
123
|
def check_tool_available(self) -> tuple:
|
|
94
124
|
"""Check if RouterSploit is available."""
|
|
95
125
|
# RouterSploit can be installed as 'rsf', 'rsf.py' (pipx), or run via python
|
|
96
|
-
rsf_path = shutil.which(
|
|
126
|
+
rsf_path = shutil.which("rsf") or shutil.which("rsf.py")
|
|
97
127
|
if rsf_path:
|
|
98
128
|
return True, None
|
|
99
129
|
|
|
100
130
|
# Check for routersploit Python module
|
|
101
131
|
try:
|
|
102
132
|
import routersploit
|
|
133
|
+
|
|
103
134
|
return True, None
|
|
104
135
|
except ImportError:
|
|
105
136
|
pass
|
|
@@ -112,7 +143,9 @@ class RouterSploitPlugin(PluginBase):
|
|
|
112
143
|
" cd routersploit && pip install -r requirements.txt"
|
|
113
144
|
)
|
|
114
145
|
|
|
115
|
-
def build_command(
|
|
146
|
+
def build_command(
|
|
147
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
148
|
+
):
|
|
116
149
|
"""Build RouterSploit scan command."""
|
|
117
150
|
args = args or []
|
|
118
151
|
|
|
@@ -121,29 +154,29 @@ class RouterSploitPlugin(PluginBase):
|
|
|
121
154
|
target = validate_target(target)
|
|
122
155
|
except ValidationError as e:
|
|
123
156
|
if log_path:
|
|
124
|
-
with open(log_path,
|
|
157
|
+
with open(log_path, "w") as f:
|
|
125
158
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
126
159
|
return None
|
|
127
160
|
|
|
128
161
|
# Parse arguments
|
|
129
|
-
port =
|
|
162
|
+
port = "80"
|
|
130
163
|
ssl = False
|
|
131
|
-
threads =
|
|
164
|
+
threads = "8"
|
|
132
165
|
exploit_module = None
|
|
133
166
|
|
|
134
167
|
i = 0
|
|
135
168
|
while i < len(args):
|
|
136
|
-
if args[i] ==
|
|
169
|
+
if args[i] == "--port" and i + 1 < len(args):
|
|
137
170
|
port = args[i + 1]
|
|
138
171
|
i += 2
|
|
139
|
-
elif args[i] ==
|
|
172
|
+
elif args[i] == "--ssl":
|
|
140
173
|
ssl = True
|
|
141
|
-
port =
|
|
174
|
+
port = "443" if port == "80" else port
|
|
142
175
|
i += 1
|
|
143
|
-
elif args[i] ==
|
|
176
|
+
elif args[i] == "--threads" and i + 1 < len(args):
|
|
144
177
|
threads = args[i + 1]
|
|
145
178
|
i += 2
|
|
146
|
-
elif args[i] ==
|
|
179
|
+
elif args[i] == "--exploit" and i + 1 < len(args):
|
|
147
180
|
exploit_module = args[i + 1]
|
|
148
181
|
i += 2
|
|
149
182
|
else:
|
|
@@ -151,7 +184,7 @@ class RouterSploitPlugin(PluginBase):
|
|
|
151
184
|
|
|
152
185
|
# Build RSF command script
|
|
153
186
|
# RouterSploit uses an interactive shell, so we create a script file
|
|
154
|
-
protocol =
|
|
187
|
+
protocol = "https" if ssl else "http"
|
|
155
188
|
|
|
156
189
|
# Create RouterSploit resource script
|
|
157
190
|
# Use exploit module if specified, otherwise use scanner
|
|
@@ -175,32 +208,34 @@ exit
|
|
|
175
208
|
import tempfile
|
|
176
209
|
import os
|
|
177
210
|
|
|
178
|
-
fd, rc_file = tempfile.mkstemp(suffix=
|
|
211
|
+
fd, rc_file = tempfile.mkstemp(suffix=".rsf", prefix="routersploit_")
|
|
179
212
|
try:
|
|
180
|
-
with os.fdopen(fd,
|
|
213
|
+
with os.fdopen(fd, "w") as f:
|
|
181
214
|
f.write(rsf_commands)
|
|
182
215
|
except Exception as e:
|
|
183
216
|
if log_path:
|
|
184
|
-
with open(log_path,
|
|
217
|
+
with open(log_path, "w") as f:
|
|
185
218
|
f.write(f"ERROR: Failed to create RSF script: {e}\n")
|
|
186
219
|
return None
|
|
187
220
|
|
|
188
221
|
# Check which RSF binary is available (rsf or rsf.py from pipx)
|
|
189
|
-
rsf_bin = shutil.which(
|
|
222
|
+
rsf_bin = shutil.which("rsf") or shutil.which("rsf.py")
|
|
190
223
|
if rsf_bin:
|
|
191
|
-
cmd = [rsf_bin,
|
|
224
|
+
cmd = [rsf_bin, "-m", rc_file]
|
|
192
225
|
else:
|
|
193
226
|
# Try running as Python module
|
|
194
|
-
cmd = [
|
|
227
|
+
cmd = ["python3", "-m", "routersploit", "-m", rc_file]
|
|
195
228
|
|
|
196
229
|
return {
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
230
|
+
"cmd": cmd,
|
|
231
|
+
"timeout": 1800, # 30 minute timeout
|
|
232
|
+
"env": {"RSF_RC_FILE": rc_file},
|
|
233
|
+
"_rc_file": rc_file, # Track for cleanup
|
|
201
234
|
}
|
|
202
235
|
|
|
203
|
-
def run(
|
|
236
|
+
def run(
|
|
237
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
238
|
+
) -> int:
|
|
204
239
|
"""Execute RouterSploit scan."""
|
|
205
240
|
import os
|
|
206
241
|
|
|
@@ -208,39 +243,36 @@ exit
|
|
|
208
243
|
if cmd_spec is None:
|
|
209
244
|
return 1
|
|
210
245
|
|
|
211
|
-
cmd = cmd_spec[
|
|
212
|
-
rc_file = cmd_spec.get(
|
|
246
|
+
cmd = cmd_spec["cmd"]
|
|
247
|
+
rc_file = cmd_spec.get("_rc_file")
|
|
213
248
|
|
|
214
249
|
if log_path:
|
|
215
|
-
with open(log_path,
|
|
250
|
+
with open(log_path, "w") as f:
|
|
216
251
|
f.write(f"# RouterSploit Vulnerability Scan on {target}\n")
|
|
217
252
|
f.write(f"# Command: {' '.join(cmd)}\n")
|
|
218
253
|
f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
|
|
219
254
|
|
|
220
255
|
try:
|
|
221
|
-
with open(log_path,
|
|
256
|
+
with open(log_path, "a") as f:
|
|
222
257
|
result = subprocess.run(
|
|
223
|
-
cmd,
|
|
224
|
-
stdout=f,
|
|
225
|
-
stderr=subprocess.STDOUT,
|
|
226
|
-
timeout=cmd_spec['timeout']
|
|
258
|
+
cmd, stdout=f, stderr=subprocess.STDOUT, timeout=cmd_spec["timeout"]
|
|
227
259
|
)
|
|
228
260
|
return result.returncode
|
|
229
261
|
|
|
230
262
|
except subprocess.TimeoutExpired:
|
|
231
263
|
if log_path:
|
|
232
|
-
with open(log_path,
|
|
264
|
+
with open(log_path, "a") as f:
|
|
233
265
|
f.write("\n\n# ERROR: Scan timed out\n")
|
|
234
266
|
return 124
|
|
235
267
|
except FileNotFoundError:
|
|
236
268
|
if log_path:
|
|
237
|
-
with open(log_path,
|
|
269
|
+
with open(log_path, "a") as f:
|
|
238
270
|
f.write("\n\n# ERROR: RouterSploit not found\n")
|
|
239
271
|
f.write("Install with: pipx install routersploit\n")
|
|
240
272
|
return 127
|
|
241
273
|
except Exception as e:
|
|
242
274
|
if log_path:
|
|
243
|
-
with open(log_path,
|
|
275
|
+
with open(log_path, "a") as f:
|
|
244
276
|
f.write(f"\n\n# ERROR: {e}\n")
|
|
245
277
|
return 1
|
|
246
278
|
finally:
|
|
@@ -29,43 +29,67 @@ HELP = {
|
|
|
29
29
|
"- Most exploits need target IP and port\n"
|
|
30
30
|
"- Some exploits give you a shell, others extract creds\n"
|
|
31
31
|
),
|
|
32
|
-
"usage":
|
|
32
|
+
"usage": 'souleyez jobs enqueue routersploit_exploit <target> --args "<module>"',
|
|
33
33
|
"examples": [
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
34
|
+
'souleyez jobs enqueue routersploit_exploit 192.168.1.1 --args "exploits/routers/netgear/dgn1000_dgn2200_rce"',
|
|
35
|
+
'souleyez jobs enqueue routersploit_exploit 192.168.1.1 --args "creds/routers/dlink/dcs_default_creds"',
|
|
36
|
+
'souleyez jobs enqueue routersploit_exploit 192.168.1.1 --args "exploits/routers/dlink/dir_815_850l_rce"',
|
|
37
37
|
],
|
|
38
38
|
"flags": [
|
|
39
39
|
["--port PORT", "Target port (default: 80)"],
|
|
40
40
|
["--ssl", "Use HTTPS"],
|
|
41
41
|
],
|
|
42
42
|
"presets": [
|
|
43
|
-
{
|
|
44
|
-
|
|
45
|
-
|
|
43
|
+
{
|
|
44
|
+
"name": "Netgear RCE",
|
|
45
|
+
"args": ["exploits/routers/netgear/dgn1000_dgn2200_rce"],
|
|
46
|
+
"desc": "Netgear DGN1000/2200 RCE",
|
|
47
|
+
},
|
|
48
|
+
{
|
|
49
|
+
"name": "D-Link RCE",
|
|
50
|
+
"args": ["exploits/routers/dlink/dir_815_850l_rce"],
|
|
51
|
+
"desc": "D-Link DIR-815/850L RCE",
|
|
52
|
+
},
|
|
53
|
+
{
|
|
54
|
+
"name": "Default Creds",
|
|
55
|
+
"args": ["creds/generic/http_default_creds"],
|
|
56
|
+
"desc": "Test default HTTP credentials",
|
|
57
|
+
},
|
|
46
58
|
],
|
|
47
59
|
"help_sections": [
|
|
48
60
|
{
|
|
49
61
|
"title": "Popular Exploits",
|
|
50
62
|
"color": "cyan",
|
|
51
63
|
"content": [
|
|
52
|
-
{
|
|
53
|
-
"
|
|
54
|
-
"
|
|
55
|
-
"
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
"
|
|
64
|
-
"
|
|
65
|
-
|
|
66
|
-
|
|
64
|
+
{
|
|
65
|
+
"title": "Netgear",
|
|
66
|
+
"desc": "Common Netgear exploits",
|
|
67
|
+
"tips": [
|
|
68
|
+
"dgn1000_dgn2200_rce - RCE via web interface",
|
|
69
|
+
"wnr2000_rce - WNR2000 router RCE",
|
|
70
|
+
"r7000_r6400_rce - R7000/R6400 command injection",
|
|
71
|
+
],
|
|
72
|
+
},
|
|
73
|
+
{
|
|
74
|
+
"title": "D-Link",
|
|
75
|
+
"desc": "Common D-Link exploits",
|
|
76
|
+
"tips": [
|
|
77
|
+
"dir_815_850l_rce - DIR-815/850L RCE",
|
|
78
|
+
"dcs_default_creds - IP camera default creds",
|
|
79
|
+
"dir_300_600_rce - DIR-300/600 RCE",
|
|
80
|
+
],
|
|
81
|
+
},
|
|
82
|
+
{
|
|
83
|
+
"title": "TP-Link",
|
|
84
|
+
"desc": "Common TP-Link exploits",
|
|
85
|
+
"tips": [
|
|
86
|
+
"archer_c2_c20i_rce - Archer C2/C20i RCE",
|
|
87
|
+
"wr740nd_rce - WR740ND command injection",
|
|
88
|
+
],
|
|
89
|
+
},
|
|
90
|
+
],
|
|
67
91
|
}
|
|
68
|
-
]
|
|
92
|
+
],
|
|
69
93
|
}
|
|
70
94
|
|
|
71
95
|
|
|
@@ -77,12 +101,13 @@ class RouterSploitExploitPlugin(PluginBase):
|
|
|
77
101
|
|
|
78
102
|
def check_tool_available(self) -> tuple:
|
|
79
103
|
"""Check if RouterSploit is available."""
|
|
80
|
-
rsf_path = shutil.which(
|
|
104
|
+
rsf_path = shutil.which("rsf")
|
|
81
105
|
if rsf_path:
|
|
82
106
|
return True, None
|
|
83
107
|
|
|
84
108
|
try:
|
|
85
109
|
import routersploit
|
|
110
|
+
|
|
86
111
|
return True, None
|
|
87
112
|
except ImportError:
|
|
88
113
|
pass
|
|
@@ -94,13 +119,15 @@ class RouterSploitExploitPlugin(PluginBase):
|
|
|
94
119
|
" git clone https://github.com/threat9/routersploit"
|
|
95
120
|
)
|
|
96
121
|
|
|
97
|
-
def build_command(
|
|
122
|
+
def build_command(
|
|
123
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
124
|
+
):
|
|
98
125
|
"""Build RouterSploit exploit command."""
|
|
99
126
|
args = args or []
|
|
100
127
|
|
|
101
128
|
if not args:
|
|
102
129
|
if log_path:
|
|
103
|
-
with open(log_path,
|
|
130
|
+
with open(log_path, "w") as f:
|
|
104
131
|
f.write("ERROR: Module path required\n")
|
|
105
132
|
f.write("Example: exploits/routers/netgear/dgn1000_dgn2200_rce\n")
|
|
106
133
|
return None
|
|
@@ -110,23 +137,23 @@ class RouterSploitExploitPlugin(PluginBase):
|
|
|
110
137
|
target = validate_target(target)
|
|
111
138
|
except ValidationError as e:
|
|
112
139
|
if log_path:
|
|
113
|
-
with open(log_path,
|
|
140
|
+
with open(log_path, "w") as f:
|
|
114
141
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
115
142
|
return None
|
|
116
143
|
|
|
117
144
|
# Parse module and options
|
|
118
145
|
module = args[0]
|
|
119
|
-
port =
|
|
146
|
+
port = "80"
|
|
120
147
|
ssl = False
|
|
121
148
|
|
|
122
149
|
i = 1
|
|
123
150
|
while i < len(args):
|
|
124
|
-
if args[i] ==
|
|
151
|
+
if args[i] == "--port" and i + 1 < len(args):
|
|
125
152
|
port = args[i + 1]
|
|
126
153
|
i += 2
|
|
127
|
-
elif args[i] ==
|
|
154
|
+
elif args[i] == "--ssl":
|
|
128
155
|
ssl = True
|
|
129
|
-
port =
|
|
156
|
+
port = "443" if port == "80" else port
|
|
130
157
|
i += 1
|
|
131
158
|
else:
|
|
132
159
|
i += 1
|
|
@@ -142,29 +169,27 @@ exit
|
|
|
142
169
|
import tempfile
|
|
143
170
|
import os
|
|
144
171
|
|
|
145
|
-
fd, rc_file = tempfile.mkstemp(suffix=
|
|
172
|
+
fd, rc_file = tempfile.mkstemp(suffix=".rsf", prefix="rsf_exploit_")
|
|
146
173
|
try:
|
|
147
|
-
with os.fdopen(fd,
|
|
174
|
+
with os.fdopen(fd, "w") as f:
|
|
148
175
|
f.write(rsf_commands)
|
|
149
176
|
except Exception as e:
|
|
150
177
|
if log_path:
|
|
151
|
-
with open(log_path,
|
|
178
|
+
with open(log_path, "w") as f:
|
|
152
179
|
f.write(f"ERROR: Failed to create RSF script: {e}\n")
|
|
153
180
|
return None
|
|
154
181
|
|
|
155
|
-
rsf_bin = shutil.which(
|
|
182
|
+
rsf_bin = shutil.which("rsf")
|
|
156
183
|
if rsf_bin:
|
|
157
|
-
cmd = [rsf_bin,
|
|
184
|
+
cmd = [rsf_bin, "-m", rc_file]
|
|
158
185
|
else:
|
|
159
|
-
cmd = [
|
|
186
|
+
cmd = ["python3", "-m", "routersploit", "-m", rc_file]
|
|
160
187
|
|
|
161
|
-
return {
|
|
162
|
-
'cmd': cmd,
|
|
163
|
-
'timeout': 600, # 10 minute timeout
|
|
164
|
-
'_rc_file': rc_file
|
|
165
|
-
}
|
|
188
|
+
return {"cmd": cmd, "timeout": 600, "_rc_file": rc_file} # 10 minute timeout
|
|
166
189
|
|
|
167
|
-
def run(
|
|
190
|
+
def run(
|
|
191
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
192
|
+
) -> int:
|
|
168
193
|
"""Execute RouterSploit exploit."""
|
|
169
194
|
import os
|
|
170
195
|
|
|
@@ -172,40 +197,37 @@ exit
|
|
|
172
197
|
if cmd_spec is None:
|
|
173
198
|
return 1
|
|
174
199
|
|
|
175
|
-
cmd = cmd_spec[
|
|
176
|
-
rc_file = cmd_spec.get(
|
|
177
|
-
module = args[0] if args else
|
|
200
|
+
cmd = cmd_spec["cmd"]
|
|
201
|
+
rc_file = cmd_spec.get("_rc_file")
|
|
202
|
+
module = args[0] if args else "unknown"
|
|
178
203
|
|
|
179
204
|
if log_path:
|
|
180
|
-
with open(log_path,
|
|
205
|
+
with open(log_path, "w") as f:
|
|
181
206
|
f.write(f"# RouterSploit Exploit on {target}\n")
|
|
182
207
|
f.write(f"# Module: {module}\n")
|
|
183
208
|
f.write(f"# Command: {' '.join(cmd)}\n")
|
|
184
209
|
f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
|
|
185
210
|
|
|
186
211
|
try:
|
|
187
|
-
with open(log_path,
|
|
212
|
+
with open(log_path, "a") as f:
|
|
188
213
|
result = subprocess.run(
|
|
189
|
-
cmd,
|
|
190
|
-
stdout=f,
|
|
191
|
-
stderr=subprocess.STDOUT,
|
|
192
|
-
timeout=cmd_spec['timeout']
|
|
214
|
+
cmd, stdout=f, stderr=subprocess.STDOUT, timeout=cmd_spec["timeout"]
|
|
193
215
|
)
|
|
194
216
|
return result.returncode
|
|
195
217
|
|
|
196
218
|
except subprocess.TimeoutExpired:
|
|
197
219
|
if log_path:
|
|
198
|
-
with open(log_path,
|
|
220
|
+
with open(log_path, "a") as f:
|
|
199
221
|
f.write("\n\n# ERROR: Exploit timed out\n")
|
|
200
222
|
return 124
|
|
201
223
|
except FileNotFoundError:
|
|
202
224
|
if log_path:
|
|
203
|
-
with open(log_path,
|
|
225
|
+
with open(log_path, "a") as f:
|
|
204
226
|
f.write("\n\n# ERROR: RouterSploit not found\n")
|
|
205
227
|
return 127
|
|
206
228
|
except Exception as e:
|
|
207
229
|
if log_path:
|
|
208
|
-
with open(log_path,
|
|
230
|
+
with open(log_path, "a") as f:
|
|
209
231
|
f.write(f"\n\n# ERROR: {e}\n")
|
|
210
232
|
return 1
|
|
211
233
|
finally:
|