souleyez 2.43.26__py3-none-any.whl → 2.43.34__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -2
- souleyez/ai/__init__.py +21 -15
- souleyez/ai/action_mapper.py +249 -150
- souleyez/ai/chain_advisor.py +116 -100
- souleyez/ai/claude_provider.py +29 -28
- souleyez/ai/context_builder.py +80 -62
- souleyez/ai/executor.py +158 -117
- souleyez/ai/feedback_handler.py +136 -121
- souleyez/ai/llm_factory.py +27 -20
- souleyez/ai/llm_provider.py +4 -2
- souleyez/ai/ollama_provider.py +6 -9
- souleyez/ai/ollama_service.py +44 -37
- souleyez/ai/path_scorer.py +91 -76
- souleyez/ai/recommender.py +176 -144
- souleyez/ai/report_context.py +74 -73
- souleyez/ai/report_service.py +84 -66
- souleyez/ai/result_parser.py +222 -229
- souleyez/ai/safety.py +67 -44
- souleyez/auth/__init__.py +23 -22
- souleyez/auth/audit.py +36 -26
- souleyez/auth/engagement_access.py +65 -48
- souleyez/auth/permissions.py +14 -3
- souleyez/auth/session_manager.py +54 -37
- souleyez/auth/user_manager.py +109 -64
- souleyez/commands/audit.py +40 -43
- souleyez/commands/auth.py +35 -15
- souleyez/commands/deliverables.py +55 -50
- souleyez/commands/engagement.py +47 -28
- souleyez/commands/license.py +32 -23
- souleyez/commands/screenshots.py +36 -32
- souleyez/commands/user.py +82 -36
- souleyez/config.py +52 -44
- souleyez/core/credential_tester.py +87 -81
- souleyez/core/cve_mappings.py +179 -192
- souleyez/core/cve_matcher.py +162 -148
- souleyez/core/msf_auto_mapper.py +100 -83
- souleyez/core/msf_chain_engine.py +294 -256
- souleyez/core/msf_database.py +153 -70
- souleyez/core/msf_integration.py +679 -673
- souleyez/core/msf_rpc_client.py +40 -42
- souleyez/core/msf_rpc_manager.py +77 -79
- souleyez/core/msf_sync_manager.py +241 -181
- souleyez/core/network_utils.py +22 -15
- souleyez/core/parser_handler.py +34 -25
- souleyez/core/pending_chains.py +114 -63
- souleyez/core/templates.py +158 -107
- souleyez/core/tool_chaining.py +9526 -2879
- souleyez/core/version_utils.py +79 -94
- souleyez/core/vuln_correlation.py +136 -89
- souleyez/core/web_utils.py +33 -32
- souleyez/data/wordlists/ad_users.txt +378 -0
- souleyez/data/wordlists/api_endpoints_large.txt +769 -0
- souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
- souleyez/data/wordlists/lfi_payloads.txt +82 -0
- souleyez/data/wordlists/passwords_brute.txt +1548 -0
- souleyez/data/wordlists/passwords_crack.txt +2479 -0
- souleyez/data/wordlists/passwords_spray.txt +386 -0
- souleyez/data/wordlists/subdomains_large.txt +5057 -0
- souleyez/data/wordlists/usernames_common.txt +694 -0
- souleyez/data/wordlists/web_dirs_large.txt +4769 -0
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +12 -17
- souleyez/detection/mitre_mappings.py +61 -55
- souleyez/detection/validator.py +97 -86
- souleyez/devtools.py +23 -10
- souleyez/docs/README.md +4 -4
- souleyez/docs/api-reference/cli-commands.md +2 -2
- souleyez/docs/developer-guide/adding-new-tools.md +562 -0
- souleyez/docs/user-guide/auto-chaining.md +30 -8
- souleyez/docs/user-guide/getting-started.md +1 -1
- souleyez/docs/user-guide/installation.md +26 -3
- souleyez/docs/user-guide/metasploit-integration.md +2 -2
- souleyez/docs/user-guide/rbac.md +1 -1
- souleyez/docs/user-guide/scope-management.md +1 -1
- souleyez/docs/user-guide/siem-integration.md +1 -1
- souleyez/docs/user-guide/tools-reference.md +1 -8
- souleyez/docs/user-guide/worker-management.md +1 -1
- souleyez/engine/background.py +1239 -535
- souleyez/engine/base.py +4 -1
- souleyez/engine/job_status.py +17 -49
- souleyez/engine/log_sanitizer.py +103 -77
- souleyez/engine/manager.py +38 -7
- souleyez/engine/result_handler.py +2200 -1550
- souleyez/engine/worker_manager.py +50 -41
- souleyez/export/evidence_bundle.py +72 -62
- souleyez/feature_flags/features.py +16 -20
- souleyez/feature_flags.py +5 -9
- souleyez/handlers/__init__.py +11 -0
- souleyez/handlers/base.py +188 -0
- souleyez/handlers/bash_handler.py +277 -0
- souleyez/handlers/bloodhound_handler.py +243 -0
- souleyez/handlers/certipy_handler.py +311 -0
- souleyez/handlers/crackmapexec_handler.py +486 -0
- souleyez/handlers/dnsrecon_handler.py +344 -0
- souleyez/handlers/enum4linux_handler.py +400 -0
- souleyez/handlers/evil_winrm_handler.py +493 -0
- souleyez/handlers/ffuf_handler.py +815 -0
- souleyez/handlers/gobuster_handler.py +1114 -0
- souleyez/handlers/gpp_extract_handler.py +334 -0
- souleyez/handlers/hashcat_handler.py +444 -0
- souleyez/handlers/hydra_handler.py +563 -0
- souleyez/handlers/impacket_getuserspns_handler.py +343 -0
- souleyez/handlers/impacket_psexec_handler.py +222 -0
- souleyez/handlers/impacket_secretsdump_handler.py +426 -0
- souleyez/handlers/john_handler.py +286 -0
- souleyez/handlers/katana_handler.py +425 -0
- souleyez/handlers/kerbrute_handler.py +298 -0
- souleyez/handlers/ldapsearch_handler.py +636 -0
- souleyez/handlers/lfi_extract_handler.py +464 -0
- souleyez/handlers/msf_auxiliary_handler.py +408 -0
- souleyez/handlers/msf_exploit_handler.py +380 -0
- souleyez/handlers/nikto_handler.py +413 -0
- souleyez/handlers/nmap_handler.py +821 -0
- souleyez/handlers/nuclei_handler.py +359 -0
- souleyez/handlers/nxc_handler.py +371 -0
- souleyez/handlers/rdp_sec_check_handler.py +353 -0
- souleyez/handlers/registry.py +292 -0
- souleyez/handlers/responder_handler.py +232 -0
- souleyez/handlers/service_explorer_handler.py +434 -0
- souleyez/handlers/smbclient_handler.py +344 -0
- souleyez/handlers/smbmap_handler.py +510 -0
- souleyez/handlers/smbpasswd_handler.py +296 -0
- souleyez/handlers/sqlmap_handler.py +1116 -0
- souleyez/handlers/theharvester_handler.py +601 -0
- souleyez/handlers/web_login_test_handler.py +327 -0
- souleyez/handlers/whois_handler.py +277 -0
- souleyez/handlers/wpscan_handler.py +554 -0
- souleyez/history.py +32 -16
- souleyez/importers/msf_importer.py +106 -75
- souleyez/importers/smart_importer.py +208 -147
- souleyez/integrations/siem/__init__.py +10 -10
- souleyez/integrations/siem/base.py +17 -18
- souleyez/integrations/siem/elastic.py +108 -122
- souleyez/integrations/siem/factory.py +207 -80
- souleyez/integrations/siem/googlesecops.py +146 -154
- souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
- souleyez/integrations/siem/sentinel.py +107 -109
- souleyez/integrations/siem/splunk.py +246 -212
- souleyez/integrations/siem/wazuh.py +65 -71
- souleyez/integrations/wazuh/__init__.py +5 -5
- souleyez/integrations/wazuh/client.py +70 -93
- souleyez/integrations/wazuh/config.py +85 -57
- souleyez/integrations/wazuh/host_mapper.py +28 -36
- souleyez/integrations/wazuh/sync.py +78 -68
- souleyez/intelligence/__init__.py +4 -5
- souleyez/intelligence/correlation_analyzer.py +309 -295
- souleyez/intelligence/exploit_knowledge.py +661 -623
- souleyez/intelligence/exploit_suggestions.py +159 -139
- souleyez/intelligence/gap_analyzer.py +132 -97
- souleyez/intelligence/gap_detector.py +251 -214
- souleyez/intelligence/sensitive_tables.py +266 -129
- souleyez/intelligence/service_parser.py +137 -123
- souleyez/intelligence/surface_analyzer.py +407 -268
- souleyez/intelligence/target_parser.py +159 -162
- souleyez/licensing/__init__.py +6 -6
- souleyez/licensing/validator.py +17 -19
- souleyez/log_config.py +79 -54
- souleyez/main.py +1505 -687
- souleyez/migrations/fix_job_counter.py +16 -14
- souleyez/parsers/bloodhound_parser.py +41 -39
- souleyez/parsers/crackmapexec_parser.py +178 -111
- souleyez/parsers/dalfox_parser.py +72 -77
- souleyez/parsers/dnsrecon_parser.py +103 -91
- souleyez/parsers/enum4linux_parser.py +183 -153
- souleyez/parsers/ffuf_parser.py +29 -25
- souleyez/parsers/gobuster_parser.py +301 -41
- souleyez/parsers/hashcat_parser.py +324 -79
- souleyez/parsers/http_fingerprint_parser.py +350 -103
- souleyez/parsers/hydra_parser.py +131 -111
- souleyez/parsers/impacket_parser.py +231 -178
- souleyez/parsers/john_parser.py +98 -86
- souleyez/parsers/katana_parser.py +316 -0
- souleyez/parsers/msf_parser.py +943 -498
- souleyez/parsers/nikto_parser.py +346 -65
- souleyez/parsers/nmap_parser.py +262 -174
- souleyez/parsers/nuclei_parser.py +40 -44
- souleyez/parsers/responder_parser.py +26 -26
- souleyez/parsers/searchsploit_parser.py +74 -74
- souleyez/parsers/service_explorer_parser.py +279 -0
- souleyez/parsers/smbmap_parser.py +180 -124
- souleyez/parsers/sqlmap_parser.py +434 -308
- souleyez/parsers/theharvester_parser.py +75 -57
- souleyez/parsers/whois_parser.py +135 -94
- souleyez/parsers/wpscan_parser.py +278 -190
- souleyez/plugins/afp.py +44 -36
- souleyez/plugins/afp_brute.py +114 -46
- souleyez/plugins/ard.py +48 -37
- souleyez/plugins/bloodhound.py +95 -61
- souleyez/plugins/certipy.py +303 -0
- souleyez/plugins/crackmapexec.py +186 -85
- souleyez/plugins/dalfox.py +120 -59
- souleyez/plugins/dns_hijack.py +146 -41
- souleyez/plugins/dnsrecon.py +97 -61
- souleyez/plugins/enum4linux.py +91 -66
- souleyez/plugins/evil_winrm.py +291 -0
- souleyez/plugins/ffuf.py +166 -90
- souleyez/plugins/firmware_extract.py +133 -29
- souleyez/plugins/gobuster.py +387 -190
- souleyez/plugins/gpp_extract.py +393 -0
- souleyez/plugins/hashcat.py +100 -73
- souleyez/plugins/http_fingerprint.py +854 -267
- souleyez/plugins/hydra.py +566 -200
- souleyez/plugins/impacket_getnpusers.py +117 -69
- souleyez/plugins/impacket_psexec.py +84 -64
- souleyez/plugins/impacket_secretsdump.py +103 -69
- souleyez/plugins/impacket_smbclient.py +89 -75
- souleyez/plugins/john.py +86 -69
- souleyez/plugins/katana.py +313 -0
- souleyez/plugins/kerbrute.py +237 -0
- souleyez/plugins/lfi_extract.py +541 -0
- souleyez/plugins/macos_ssh.py +117 -48
- souleyez/plugins/mdns.py +35 -30
- souleyez/plugins/msf_auxiliary.py +253 -130
- souleyez/plugins/msf_exploit.py +239 -161
- souleyez/plugins/nikto.py +134 -78
- souleyez/plugins/nmap.py +275 -91
- souleyez/plugins/nuclei.py +180 -89
- souleyez/plugins/nxc.py +285 -0
- souleyez/plugins/plugin_base.py +35 -36
- souleyez/plugins/plugin_template.py +13 -5
- souleyez/plugins/rdp_sec_check.py +130 -0
- souleyez/plugins/responder.py +112 -71
- souleyez/plugins/router_http_brute.py +76 -65
- souleyez/plugins/router_ssh_brute.py +118 -41
- souleyez/plugins/router_telnet_brute.py +124 -42
- souleyez/plugins/routersploit.py +91 -59
- souleyez/plugins/routersploit_exploit.py +77 -55
- souleyez/plugins/searchsploit.py +91 -77
- souleyez/plugins/service_explorer.py +1160 -0
- souleyez/plugins/smbmap.py +122 -72
- souleyez/plugins/smbpasswd.py +215 -0
- souleyez/plugins/sqlmap.py +301 -113
- souleyez/plugins/theharvester.py +127 -75
- souleyez/plugins/tr069.py +79 -57
- souleyez/plugins/upnp.py +65 -47
- souleyez/plugins/upnp_abuse.py +73 -55
- souleyez/plugins/vnc_access.py +129 -42
- souleyez/plugins/vnc_brute.py +109 -38
- souleyez/plugins/web_login_test.py +417 -0
- souleyez/plugins/whois.py +77 -58
- souleyez/plugins/wpscan.py +173 -69
- souleyez/reporting/__init__.py +2 -1
- souleyez/reporting/attack_chain.py +411 -346
- souleyez/reporting/charts.py +436 -501
- souleyez/reporting/compliance_mappings.py +334 -201
- souleyez/reporting/detection_report.py +126 -125
- souleyez/reporting/formatters.py +828 -591
- souleyez/reporting/generator.py +386 -302
- souleyez/reporting/metrics.py +72 -75
- souleyez/scanner.py +35 -29
- souleyez/security/__init__.py +37 -11
- souleyez/security/scope_validator.py +175 -106
- souleyez/security/validation.py +223 -149
- souleyez/security.py +22 -6
- souleyez/storage/credentials.py +247 -186
- souleyez/storage/crypto.py +296 -129
- souleyez/storage/database.py +73 -50
- souleyez/storage/db.py +58 -36
- souleyez/storage/deliverable_evidence.py +177 -128
- souleyez/storage/deliverable_exporter.py +282 -246
- souleyez/storage/deliverable_templates.py +134 -116
- souleyez/storage/deliverables.py +135 -130
- souleyez/storage/engagements.py +109 -56
- souleyez/storage/evidence.py +181 -152
- souleyez/storage/execution_log.py +31 -17
- souleyez/storage/exploit_attempts.py +93 -57
- souleyez/storage/exploits.py +67 -36
- souleyez/storage/findings.py +48 -61
- souleyez/storage/hosts.py +176 -144
- souleyez/storage/migrate_to_engagements.py +43 -19
- souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
- souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
- souleyez/storage/migrations/_003_add_execution_log.py +14 -8
- souleyez/storage/migrations/_005_screenshots.py +13 -5
- souleyez/storage/migrations/_006_deliverables.py +13 -5
- souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
- souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
- souleyez/storage/migrations/_010_evidence_linking.py +17 -10
- souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
- souleyez/storage/migrations/_012_team_collaboration.py +34 -21
- souleyez/storage/migrations/_013_add_host_tags.py +12 -6
- souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
- souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
- souleyez/storage/migrations/_016_add_domain_field.py +10 -4
- souleyez/storage/migrations/_017_msf_sessions.py +16 -8
- souleyez/storage/migrations/_018_add_osint_target.py +10 -6
- souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
- souleyez/storage/migrations/_020_add_rbac.py +36 -15
- souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
- souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
- souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
- souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
- souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
- souleyez/storage/migrations/__init__.py +26 -26
- souleyez/storage/migrations/migration_manager.py +19 -19
- souleyez/storage/msf_sessions.py +100 -65
- souleyez/storage/osint.py +17 -24
- souleyez/storage/recommendation_engine.py +269 -235
- souleyez/storage/screenshots.py +33 -32
- souleyez/storage/smb_shares.py +136 -92
- souleyez/storage/sqlmap_data.py +183 -128
- souleyez/storage/team_collaboration.py +135 -141
- souleyez/storage/timeline_tracker.py +122 -94
- souleyez/storage/wazuh_vulns.py +64 -66
- souleyez/storage/web_paths.py +33 -37
- souleyez/testing/credential_tester.py +221 -205
- souleyez/ui/__init__.py +1 -1
- souleyez/ui/ai_quotes.py +12 -12
- souleyez/ui/attack_surface.py +2439 -1516
- souleyez/ui/chain_rules_view.py +914 -382
- souleyez/ui/correlation_view.py +312 -230
- souleyez/ui/dashboard.py +2382 -1130
- souleyez/ui/deliverables_view.py +148 -62
- souleyez/ui/design_system.py +13 -13
- souleyez/ui/errors.py +49 -49
- souleyez/ui/evidence_linking_view.py +284 -179
- souleyez/ui/evidence_vault.py +393 -285
- souleyez/ui/exploit_suggestions_view.py +555 -349
- souleyez/ui/export_view.py +100 -66
- souleyez/ui/gap_analysis_view.py +315 -171
- souleyez/ui/help_system.py +105 -97
- souleyez/ui/intelligence_view.py +436 -293
- souleyez/ui/interactive.py +23434 -10286
- souleyez/ui/interactive_selector.py +75 -68
- souleyez/ui/log_formatter.py +47 -39
- souleyez/ui/menu_components.py +22 -13
- souleyez/ui/msf_auxiliary_menu.py +184 -133
- souleyez/ui/pending_chains_view.py +336 -172
- souleyez/ui/progress_indicators.py +5 -3
- souleyez/ui/recommendations_view.py +195 -137
- souleyez/ui/rule_builder.py +343 -225
- souleyez/ui/setup_wizard.py +678 -284
- souleyez/ui/shortcuts.py +217 -165
- souleyez/ui/splunk_gap_analysis_view.py +452 -270
- souleyez/ui/splunk_vulns_view.py +139 -86
- souleyez/ui/team_dashboard.py +498 -335
- souleyez/ui/template_selector.py +196 -105
- souleyez/ui/terminal.py +6 -6
- souleyez/ui/timeline_view.py +198 -127
- souleyez/ui/tool_setup.py +264 -164
- souleyez/ui/tutorial.py +202 -72
- souleyez/ui/tutorial_state.py +40 -40
- souleyez/ui/wazuh_vulns_view.py +235 -141
- souleyez/ui/wordlist_browser.py +260 -107
- souleyez/ui.py +464 -312
- souleyez/utils/tool_checker.py +427 -367
- souleyez/utils.py +33 -29
- souleyez/wordlists.py +134 -167
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/METADATA +1 -1
- souleyez-2.43.34.dist-info/RECORD +443 -0
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/WHEEL +1 -1
- souleyez-2.43.26.dist-info/RECORD +0 -379
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/top_level.txt +0 -0
souleyez/core/cve_matcher.py
CHANGED
|
@@ -12,134 +12,136 @@ class CVEMatcher:
|
|
|
12
12
|
# Common vulnerable service versions (simple database)
|
|
13
13
|
KNOWN_VULNS = {
|
|
14
14
|
# OpenSSH vulnerabilities
|
|
15
|
-
|
|
16
|
-
(
|
|
17
|
-
(
|
|
18
|
-
(
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
15
|
+
"openssh": [
|
|
16
|
+
("4.7", "CVE-2008-5161", 7.5, "Privilege escalation via X11 forwarding"),
|
|
17
|
+
("5.8", "CVE-2011-4327", 3.5, "Forced command handling weakness"),
|
|
18
|
+
(
|
|
19
|
+
"6.6",
|
|
20
|
+
"CVE-2015-5600",
|
|
21
|
+
8.5,
|
|
22
|
+
"Keyboard-interactive authentication brute force",
|
|
23
|
+
),
|
|
24
|
+
("7.2", "CVE-2016-3115", 5.5, "Command injection via X11 forwarding"),
|
|
25
|
+
("7.4", "CVE-2018-15473", 7.5, "Username enumeration vulnerability"),
|
|
26
|
+
("7.7", "CVE-2019-6109", 6.8, "Forced command injection"),
|
|
27
|
+
("8.2", "CVE-2020-15778", 7.8, "Command injection via scp"),
|
|
28
|
+
("8.5", "CVE-2021-41617", 7.0, "Privilege escalation"),
|
|
24
29
|
],
|
|
25
|
-
|
|
26
30
|
# vsftpd vulnerabilities
|
|
27
|
-
|
|
28
|
-
(
|
|
29
|
-
(
|
|
31
|
+
"vsftpd": [
|
|
32
|
+
("2.0.5", "CVE-2011-0762", 6.8, "Denial of service"),
|
|
33
|
+
("2.3.4", "CVE-2011-2523", 10.0, "Backdoor command execution"),
|
|
30
34
|
],
|
|
31
|
-
|
|
32
35
|
# ProFTPD vulnerabilities
|
|
33
|
-
|
|
34
|
-
(
|
|
35
|
-
(
|
|
36
|
-
(
|
|
37
|
-
(
|
|
36
|
+
"proftpd": [
|
|
37
|
+
("1.3.0", "CVE-2010-4221", 9.0, "SQL injection in mod_sql"),
|
|
38
|
+
("1.3.3", "CVE-2011-4130", 10.0, "Remote code execution"),
|
|
39
|
+
("1.3.5", "CVE-2015-3306", 10.0, "Remote code execution via mod_copy"),
|
|
40
|
+
("1.3.6", "CVE-2019-12815", 9.8, "Arbitrary file copy"),
|
|
38
41
|
],
|
|
39
|
-
|
|
40
42
|
# Apache HTTP Server vulnerabilities
|
|
41
|
-
|
|
42
|
-
(
|
|
43
|
-
(
|
|
44
|
-
(
|
|
45
|
-
(
|
|
46
|
-
(
|
|
47
|
-
(
|
|
48
|
-
(
|
|
43
|
+
"apache": [
|
|
44
|
+
("2.2.8", "CVE-2011-3192", 7.8, "Range header DoS (Killapache)"),
|
|
45
|
+
("2.4.7", "CVE-2014-0098", 5.0, "Denial of service"),
|
|
46
|
+
("2.4.29", "CVE-2017-15710", 5.0, "Out-of-bounds read"),
|
|
47
|
+
("2.4.43", "CVE-2020-9490", 7.5, "HTTP request smuggling"),
|
|
48
|
+
("2.4.48", "CVE-2021-40438", 9.0, "Server-side request forgery"),
|
|
49
|
+
("2.4.49", "CVE-2021-41773", 7.5, "Path traversal and RCE"),
|
|
50
|
+
("2.4.50", "CVE-2021-42013", 9.8, "Path traversal and RCE"),
|
|
49
51
|
],
|
|
50
|
-
|
|
51
52
|
# Nginx vulnerabilities
|
|
52
|
-
|
|
53
|
-
(
|
|
54
|
-
(
|
|
55
|
-
(
|
|
53
|
+
"nginx": [
|
|
54
|
+
("1.3.9", "CVE-2013-2028", 5.8, "Chunked transfer encoding bypass"),
|
|
55
|
+
("1.16.1", "CVE-2019-20372", 5.3, "HTTP request smuggling"),
|
|
56
|
+
(
|
|
57
|
+
"1.20.0",
|
|
58
|
+
"CVE-2021-23017",
|
|
59
|
+
9.8,
|
|
60
|
+
"Off-by-one buffer overflow in DNS resolver",
|
|
61
|
+
),
|
|
56
62
|
],
|
|
57
|
-
|
|
58
63
|
# MySQL vulnerabilities
|
|
59
|
-
|
|
60
|
-
(
|
|
61
|
-
(
|
|
62
|
-
(
|
|
63
|
-
(
|
|
64
|
+
"mysql": [
|
|
65
|
+
("5.0.51", "CVE-2009-2446", 8.5, "Format string vulnerability"),
|
|
66
|
+
("5.5.62", "CVE-2019-2805", 6.5, "Partial DOS vulnerability"),
|
|
67
|
+
("5.7.29", "CVE-2020-2922", 3.7, "Information disclosure"),
|
|
68
|
+
("8.0.19", "CVE-2020-2780", 6.5, "Server component vulnerability"),
|
|
64
69
|
],
|
|
65
|
-
|
|
66
70
|
# Samba vulnerabilities
|
|
67
|
-
|
|
68
|
-
(
|
|
69
|
-
(
|
|
70
|
-
(
|
|
71
|
-
(
|
|
72
|
-
(
|
|
71
|
+
"samba": [
|
|
72
|
+
("3.0", "CVE-2007-2447", 10.0, "Remote command execution via MS-RPC"),
|
|
73
|
+
("3.5.0", "CVE-2017-7494", 10.0, "Remote code execution (SambaCry)"),
|
|
74
|
+
("4.4", "CVE-2017-12150", 7.5, "SMB encryption downgrade"),
|
|
75
|
+
("4.5.16", "CVE-2017-14746", 7.5, "Use-after-free"),
|
|
76
|
+
("4.11.6", "CVE-2020-1472", 10.0, "Zerologon privilege escalation"),
|
|
73
77
|
],
|
|
74
|
-
|
|
75
78
|
# PostgreSQL vulnerabilities
|
|
76
|
-
|
|
77
|
-
(
|
|
78
|
-
(
|
|
79
|
-
(
|
|
79
|
+
"postgresql": [
|
|
80
|
+
("8.3.0", "CVE-2009-3230", 6.5, "Privilege escalation"),
|
|
81
|
+
("9.3.10", "CVE-2016-0766", 8.0, "Privilege escalation"),
|
|
82
|
+
("11.2", "CVE-2019-10130", 4.0, "Partition routing information disclosure"),
|
|
80
83
|
],
|
|
81
|
-
|
|
82
84
|
# Tomcat vulnerabilities
|
|
83
|
-
|
|
84
|
-
(
|
|
85
|
-
(
|
|
86
|
-
(
|
|
87
|
-
(
|
|
85
|
+
"tomcat": [
|
|
86
|
+
("7.0.0", "CVE-2017-12615", 8.1, "Remote code execution via PUT"),
|
|
87
|
+
("8.5.0", "CVE-2017-12617", 8.1, "Remote code execution via PUT"),
|
|
88
|
+
("9.0.0", "CVE-2020-1938", 9.8, "Ghostcat - AJP file read/inclusion"),
|
|
89
|
+
(
|
|
90
|
+
"9.0.30",
|
|
91
|
+
"CVE-2020-9484",
|
|
92
|
+
7.0,
|
|
93
|
+
"Remote code execution via session persistence",
|
|
94
|
+
),
|
|
88
95
|
],
|
|
89
|
-
|
|
90
96
|
# ISC BIND vulnerabilities
|
|
91
|
-
|
|
92
|
-
(
|
|
93
|
-
(
|
|
94
|
-
(
|
|
97
|
+
"bind": [
|
|
98
|
+
("9.4.2", "CVE-2009-0696", 7.8, "Dynamic update message DoS"),
|
|
99
|
+
("9.8.0", "CVE-2012-1667", 7.8, "Denial of service"),
|
|
100
|
+
("9.11.0", "CVE-2017-3137", 5.9, "Denial of service"),
|
|
95
101
|
],
|
|
96
|
-
|
|
97
102
|
# Postfix vulnerabilities
|
|
98
|
-
|
|
99
|
-
(
|
|
100
|
-
(
|
|
103
|
+
"postfix": [
|
|
104
|
+
("2.5.0", "CVE-2011-1720", 6.8, "SMTP server STARTTLS plaintext injection"),
|
|
105
|
+
("3.3.0", "CVE-2018-16554", 5.3, "Denial of service"),
|
|
101
106
|
],
|
|
102
|
-
|
|
103
107
|
# UnrealIRCd vulnerabilities
|
|
104
|
-
|
|
105
|
-
(
|
|
108
|
+
"unrealircd": [
|
|
109
|
+
("3.2.8", "CVE-2010-2075", 10.0, "Backdoor command execution"),
|
|
106
110
|
],
|
|
107
|
-
|
|
108
111
|
# distcc vulnerabilities
|
|
109
|
-
|
|
110
|
-
(
|
|
112
|
+
"distccd": [
|
|
113
|
+
("1.0", "CVE-2004-2687", 9.3, "Remote command execution"),
|
|
111
114
|
],
|
|
112
|
-
|
|
113
115
|
# Ruby DRb vulnerabilities
|
|
114
|
-
|
|
115
|
-
(
|
|
116
|
+
"drb": [
|
|
117
|
+
("1.8", "CVE-2011-1004", 10.0, "Arbitrary command execution"),
|
|
116
118
|
],
|
|
117
|
-
|
|
118
119
|
# VNC vulnerabilities
|
|
119
|
-
|
|
120
|
-
(
|
|
120
|
+
"vnc": [
|
|
121
|
+
("3.3", "CVE-2006-2369", 7.5, "Authentication bypass"),
|
|
121
122
|
],
|
|
122
|
-
|
|
123
123
|
# Jetty vulnerabilities
|
|
124
|
-
|
|
125
|
-
(
|
|
126
|
-
(
|
|
124
|
+
"jetty": [
|
|
125
|
+
("8.1.7", "CVE-2017-7656", 7.5, "HTTP request smuggling"),
|
|
126
|
+
("9.3.0", "CVE-2017-7658", 9.8, "Remote code execution"),
|
|
127
127
|
],
|
|
128
|
-
|
|
129
128
|
# ElasticSearch vulnerabilities
|
|
130
|
-
|
|
131
|
-
(
|
|
129
|
+
"elasticsearch": [
|
|
130
|
+
(
|
|
131
|
+
"1.4.2",
|
|
132
|
+
"CVE-2015-1427",
|
|
133
|
+
10.0,
|
|
134
|
+
"Remote code execution via Groovy scripting",
|
|
135
|
+
),
|
|
132
136
|
],
|
|
133
|
-
|
|
134
137
|
# Redis vulnerabilities
|
|
135
|
-
|
|
136
|
-
(
|
|
137
|
-
(
|
|
138
|
+
"redis": [
|
|
139
|
+
("4.0.0", "CVE-2018-11218", 7.5, "Integer overflow"),
|
|
140
|
+
("5.0.0", "CVE-2019-10192", 7.2, "Hyperloglog DoS"),
|
|
138
141
|
],
|
|
139
|
-
|
|
140
142
|
# MongoDB vulnerabilities
|
|
141
|
-
|
|
142
|
-
(
|
|
143
|
+
"mongodb": [
|
|
144
|
+
("3.6.0", "CVE-2019-2386", 9.8, "Incorrect authorization"),
|
|
143
145
|
],
|
|
144
146
|
}
|
|
145
147
|
|
|
@@ -154,14 +156,12 @@ class CVEMatcher:
|
|
|
154
156
|
List of CVE IDs found
|
|
155
157
|
"""
|
|
156
158
|
# Match CVE-YYYY-NNNNN format
|
|
157
|
-
pattern = r
|
|
159
|
+
pattern = r"CVE-\d{4}-\d{4,7}"
|
|
158
160
|
cves = re.findall(pattern, text, re.IGNORECASE)
|
|
159
161
|
return list(set([cve.upper() for cve in cves]))
|
|
160
162
|
|
|
161
163
|
def match_service_version(
|
|
162
|
-
self,
|
|
163
|
-
service: str,
|
|
164
|
-
version: str
|
|
164
|
+
self, service: str, version: str
|
|
165
165
|
) -> List[Tuple[str, float, str]]:
|
|
166
166
|
"""
|
|
167
167
|
Match service/version to known vulnerabilities.
|
|
@@ -181,24 +181,30 @@ class CVEMatcher:
|
|
|
181
181
|
version_clean = version
|
|
182
182
|
|
|
183
183
|
# Remove nmap response prefixes
|
|
184
|
-
for prefix in [
|
|
184
|
+
for prefix in ["syn-ack", "reset", "no-response", "ttl"]:
|
|
185
185
|
if prefix in version_clean:
|
|
186
186
|
parts = version_clean.split(prefix)
|
|
187
|
-
version_clean =
|
|
187
|
+
version_clean = (
|
|
188
|
+
" ".join(parts[1:]).strip() if len(parts) > 1 else parts[0]
|
|
189
|
+
)
|
|
188
190
|
|
|
189
191
|
# Extract version number (digits and dots)
|
|
190
192
|
import re
|
|
191
|
-
|
|
193
|
+
|
|
194
|
+
version_match = re.search(r"(\d+\.[\d.]+(?:p\d+)?(?:-\w+)?)", version_clean)
|
|
192
195
|
if version_match:
|
|
193
196
|
version_clean = version_match.group(1)
|
|
194
197
|
|
|
195
198
|
# Normalize further (remove 'p' suffix for matching, keep letters/hyphens)
|
|
196
|
-
version_for_match = version_clean.split(
|
|
199
|
+
version_for_match = version_clean.split("p")[0].split("-")[0]
|
|
197
200
|
|
|
198
201
|
if service_lower in self.KNOWN_VULNS:
|
|
199
202
|
for vuln_version, cve, cvss, desc in self.KNOWN_VULNS[service_lower]:
|
|
200
203
|
# Simple version matching (exact or starts with)
|
|
201
|
-
if
|
|
204
|
+
if (
|
|
205
|
+
version_for_match.startswith(vuln_version)
|
|
206
|
+
or version_for_match == vuln_version
|
|
207
|
+
):
|
|
202
208
|
results.append((cve, cvss, desc))
|
|
203
209
|
|
|
204
210
|
return results
|
|
@@ -213,9 +219,9 @@ class CVEMatcher:
|
|
|
213
219
|
Returns:
|
|
214
220
|
List of vulnerability dicts
|
|
215
221
|
"""
|
|
216
|
-
service = (service_info.get(
|
|
217
|
-
version = service_info.get(
|
|
218
|
-
port = service_info.get(
|
|
222
|
+
service = (service_info.get("service_name") or "").lower()
|
|
223
|
+
version = service_info.get("version") or ""
|
|
224
|
+
port = service_info.get("port")
|
|
219
225
|
|
|
220
226
|
if not version:
|
|
221
227
|
return []
|
|
@@ -237,31 +243,33 @@ class CVEMatcher:
|
|
|
237
243
|
vulns = self.match_service_version(product_name, version)
|
|
238
244
|
|
|
239
245
|
for cve_id, cvss_score, description in vulns:
|
|
240
|
-
findings.append(
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
246
|
+
findings.append(
|
|
247
|
+
{
|
|
248
|
+
"cve_id": cve_id,
|
|
249
|
+
"cvss_score": cvss_score,
|
|
250
|
+
"title": f"{cve_id} - Vulnerable {product_name} detected",
|
|
251
|
+
"description": f"{description}\n\nService: {service}\nVersion: {version}\nPort: {port}",
|
|
252
|
+
"service": product_name,
|
|
253
|
+
"version": version,
|
|
254
|
+
"port": port,
|
|
255
|
+
"severity": self._cvss_to_severity(cvss_score),
|
|
256
|
+
}
|
|
257
|
+
)
|
|
250
258
|
|
|
251
259
|
return findings
|
|
252
260
|
|
|
253
261
|
def _cvss_to_severity(self, cvss_score: float) -> str:
|
|
254
262
|
"""Convert CVSS score to severity level."""
|
|
255
263
|
if cvss_score >= 9.0:
|
|
256
|
-
return
|
|
264
|
+
return "critical"
|
|
257
265
|
elif cvss_score >= 7.0:
|
|
258
|
-
return
|
|
266
|
+
return "high"
|
|
259
267
|
elif cvss_score >= 4.0:
|
|
260
|
-
return
|
|
268
|
+
return "medium"
|
|
261
269
|
elif cvss_score >= 0.1:
|
|
262
|
-
return
|
|
270
|
+
return "low"
|
|
263
271
|
else:
|
|
264
|
-
return
|
|
272
|
+
return "info"
|
|
265
273
|
|
|
266
274
|
def scan_for_common_issues(self, service_info: Dict) -> List[Dict]:
|
|
267
275
|
"""
|
|
@@ -274,40 +282,46 @@ class CVEMatcher:
|
|
|
274
282
|
List of finding dicts
|
|
275
283
|
"""
|
|
276
284
|
findings = []
|
|
277
|
-
service = (service_info.get(
|
|
278
|
-
port = service_info.get(
|
|
285
|
+
service = (service_info.get("service_name") or "").lower()
|
|
286
|
+
port = service_info.get("port")
|
|
279
287
|
|
|
280
288
|
# Check for insecure services
|
|
281
|
-
if service in [
|
|
282
|
-
findings.append(
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
289
|
+
if service in ["telnet", "ftp", "tftp"]:
|
|
290
|
+
findings.append(
|
|
291
|
+
{
|
|
292
|
+
"title": f"Insecure Protocol - {service.upper()}",
|
|
293
|
+
"description": f"{service.upper()} transmits data in cleartext and should not be used. Consider using secure alternatives (SSH for telnet, SFTP/FTPS for FTP).",
|
|
294
|
+
"severity": "high",
|
|
295
|
+
"category": "misconfiguration",
|
|
296
|
+
"port": port,
|
|
297
|
+
"remediation": f"Disable {service.upper()} and use encrypted alternatives.",
|
|
298
|
+
}
|
|
299
|
+
)
|
|
290
300
|
|
|
291
301
|
# Check for default/dangerous ports
|
|
292
|
-
if service ==
|
|
293
|
-
findings.append(
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
302
|
+
if service == "http" and port == 80:
|
|
303
|
+
findings.append(
|
|
304
|
+
{
|
|
305
|
+
"title": "Unencrypted HTTP Service",
|
|
306
|
+
"description": "HTTP service detected without encryption. Data transmitted over HTTP can be intercepted.",
|
|
307
|
+
"severity": "medium",
|
|
308
|
+
"category": "misconfiguration",
|
|
309
|
+
"port": port,
|
|
310
|
+
"remediation": "Enable HTTPS (TLS/SSL) for all web services.",
|
|
311
|
+
}
|
|
312
|
+
)
|
|
301
313
|
|
|
302
314
|
# Check for SMB
|
|
303
|
-
if service in [
|
|
304
|
-
findings.append(
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
315
|
+
if service in ["microsoft-ds", "netbios-ssn", "smb"]:
|
|
316
|
+
findings.append(
|
|
317
|
+
{
|
|
318
|
+
"title": "SMB Service Exposed",
|
|
319
|
+
"description": "SMB file sharing is exposed. Ensure proper authentication and encryption are configured.",
|
|
320
|
+
"severity": "medium",
|
|
321
|
+
"category": "exposure",
|
|
322
|
+
"port": port,
|
|
323
|
+
"remediation": "Restrict SMB access to trusted networks, enable SMB signing, disable SMBv1.",
|
|
324
|
+
}
|
|
325
|
+
)
|
|
312
326
|
|
|
313
327
|
return findings
|