PyPI - souleyez - Versions diffs - 2.43.26__py3-none-any.whl → 2.43.34__py3-none-any.whl - Mend

souleyez 2.43.26py3-none-any.whl → 2.43.34py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of souleyez might be problematic. Click here for more details.

Files changed (358) hide show

souleyez/__init__.py +1 -2
souleyez/ai/__init__.py +21 -15
souleyez/ai/action_mapper.py +249 -150
souleyez/ai/chain_advisor.py +116 -100
souleyez/ai/claude_provider.py +29 -28
souleyez/ai/context_builder.py +80 -62
souleyez/ai/executor.py +158 -117
souleyez/ai/feedback_handler.py +136 -121
souleyez/ai/llm_factory.py +27 -20
souleyez/ai/llm_provider.py +4 -2
souleyez/ai/ollama_provider.py +6 -9
souleyez/ai/ollama_service.py +44 -37
souleyez/ai/path_scorer.py +91 -76
souleyez/ai/recommender.py +176 -144
souleyez/ai/report_context.py +74 -73
souleyez/ai/report_service.py +84 -66
souleyez/ai/result_parser.py +222 -229
souleyez/ai/safety.py +67 -44
souleyez/auth/__init__.py +23 -22
souleyez/auth/audit.py +36 -26
souleyez/auth/engagement_access.py +65 -48
souleyez/auth/permissions.py +14 -3
souleyez/auth/session_manager.py +54 -37
souleyez/auth/user_manager.py +109 -64
souleyez/commands/audit.py +40 -43
souleyez/commands/auth.py +35 -15
souleyez/commands/deliverables.py +55 -50
souleyez/commands/engagement.py +47 -28
souleyez/commands/license.py +32 -23
souleyez/commands/screenshots.py +36 -32
souleyez/commands/user.py +82 -36
souleyez/config.py +52 -44
souleyez/core/credential_tester.py +87 -81
souleyez/core/cve_mappings.py +179 -192
souleyez/core/cve_matcher.py +162 -148
souleyez/core/msf_auto_mapper.py +100 -83
souleyez/core/msf_chain_engine.py +294 -256
souleyez/core/msf_database.py +153 -70
souleyez/core/msf_integration.py +679 -673
souleyez/core/msf_rpc_client.py +40 -42
souleyez/core/msf_rpc_manager.py +77 -79
souleyez/core/msf_sync_manager.py +241 -181
souleyez/core/network_utils.py +22 -15
souleyez/core/parser_handler.py +34 -25
souleyez/core/pending_chains.py +114 -63
souleyez/core/templates.py +158 -107
souleyez/core/tool_chaining.py +9526 -2879
souleyez/core/version_utils.py +79 -94
souleyez/core/vuln_correlation.py +136 -89
souleyez/core/web_utils.py +33 -32
souleyez/data/wordlists/ad_users.txt +378 -0
souleyez/data/wordlists/api_endpoints_large.txt +769 -0
souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
souleyez/data/wordlists/lfi_payloads.txt +82 -0
souleyez/data/wordlists/passwords_brute.txt +1548 -0
souleyez/data/wordlists/passwords_crack.txt +2479 -0
souleyez/data/wordlists/passwords_spray.txt +386 -0
souleyez/data/wordlists/subdomains_large.txt +5057 -0
souleyez/data/wordlists/usernames_common.txt +694 -0
souleyez/data/wordlists/web_dirs_large.txt +4769 -0
souleyez/detection/__init__.py +1 -1
souleyez/detection/attack_signatures.py +12 -17
souleyez/detection/mitre_mappings.py +61 -55
souleyez/detection/validator.py +97 -86
souleyez/devtools.py +23 -10
souleyez/docs/README.md +4 -4
souleyez/docs/api-reference/cli-commands.md +2 -2
souleyez/docs/developer-guide/adding-new-tools.md +562 -0
souleyez/docs/user-guide/auto-chaining.md +30 -8
souleyez/docs/user-guide/getting-started.md +1 -1
souleyez/docs/user-guide/installation.md +26 -3
souleyez/docs/user-guide/metasploit-integration.md +2 -2
souleyez/docs/user-guide/rbac.md +1 -1
souleyez/docs/user-guide/scope-management.md +1 -1
souleyez/docs/user-guide/siem-integration.md +1 -1
souleyez/docs/user-guide/tools-reference.md +1 -8
souleyez/docs/user-guide/worker-management.md +1 -1
souleyez/engine/background.py +1239 -535
souleyez/engine/base.py +4 -1
souleyez/engine/job_status.py +17 -49
souleyez/engine/log_sanitizer.py +103 -77
souleyez/engine/manager.py +38 -7
souleyez/engine/result_handler.py +2200 -1550
souleyez/engine/worker_manager.py +50 -41
souleyez/export/evidence_bundle.py +72 -62
souleyez/feature_flags/features.py +16 -20
souleyez/feature_flags.py +5 -9
souleyez/handlers/__init__.py +11 -0
souleyez/handlers/base.py +188 -0
souleyez/handlers/bash_handler.py +277 -0
souleyez/handlers/bloodhound_handler.py +243 -0
souleyez/handlers/certipy_handler.py +311 -0
souleyez/handlers/crackmapexec_handler.py +486 -0
souleyez/handlers/dnsrecon_handler.py +344 -0
souleyez/handlers/enum4linux_handler.py +400 -0
souleyez/handlers/evil_winrm_handler.py +493 -0
souleyez/handlers/ffuf_handler.py +815 -0
souleyez/handlers/gobuster_handler.py +1114 -0
souleyez/handlers/gpp_extract_handler.py +334 -0
souleyez/handlers/hashcat_handler.py +444 -0
souleyez/handlers/hydra_handler.py +563 -0
souleyez/handlers/impacket_getuserspns_handler.py +343 -0
souleyez/handlers/impacket_psexec_handler.py +222 -0
souleyez/handlers/impacket_secretsdump_handler.py +426 -0
souleyez/handlers/john_handler.py +286 -0
souleyez/handlers/katana_handler.py +425 -0
souleyez/handlers/kerbrute_handler.py +298 -0
souleyez/handlers/ldapsearch_handler.py +636 -0
souleyez/handlers/lfi_extract_handler.py +464 -0
souleyez/handlers/msf_auxiliary_handler.py +408 -0
souleyez/handlers/msf_exploit_handler.py +380 -0
souleyez/handlers/nikto_handler.py +413 -0
souleyez/handlers/nmap_handler.py +821 -0
souleyez/handlers/nuclei_handler.py +359 -0
souleyez/handlers/nxc_handler.py +371 -0
souleyez/handlers/rdp_sec_check_handler.py +353 -0
souleyez/handlers/registry.py +292 -0
souleyez/handlers/responder_handler.py +232 -0
souleyez/handlers/service_explorer_handler.py +434 -0
souleyez/handlers/smbclient_handler.py +344 -0
souleyez/handlers/smbmap_handler.py +510 -0
souleyez/handlers/smbpasswd_handler.py +296 -0
souleyez/handlers/sqlmap_handler.py +1116 -0
souleyez/handlers/theharvester_handler.py +601 -0
souleyez/handlers/web_login_test_handler.py +327 -0
souleyez/handlers/whois_handler.py +277 -0
souleyez/handlers/wpscan_handler.py +554 -0
souleyez/history.py +32 -16
souleyez/importers/msf_importer.py +106 -75
souleyez/importers/smart_importer.py +208 -147
souleyez/integrations/siem/__init__.py +10 -10
souleyez/integrations/siem/base.py +17 -18
souleyez/integrations/siem/elastic.py +108 -122
souleyez/integrations/siem/factory.py +207 -80
souleyez/integrations/siem/googlesecops.py +146 -154
souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
souleyez/integrations/siem/sentinel.py +107 -109
souleyez/integrations/siem/splunk.py +246 -212
souleyez/integrations/siem/wazuh.py +65 -71
souleyez/integrations/wazuh/__init__.py +5 -5
souleyez/integrations/wazuh/client.py +70 -93
souleyez/integrations/wazuh/config.py +85 -57
souleyez/integrations/wazuh/host_mapper.py +28 -36
souleyez/integrations/wazuh/sync.py +78 -68
souleyez/intelligence/__init__.py +4 -5
souleyez/intelligence/correlation_analyzer.py +309 -295
souleyez/intelligence/exploit_knowledge.py +661 -623
souleyez/intelligence/exploit_suggestions.py +159 -139
souleyez/intelligence/gap_analyzer.py +132 -97
souleyez/intelligence/gap_detector.py +251 -214
souleyez/intelligence/sensitive_tables.py +266 -129
souleyez/intelligence/service_parser.py +137 -123
souleyez/intelligence/surface_analyzer.py +407 -268
souleyez/intelligence/target_parser.py +159 -162
souleyez/licensing/__init__.py +6 -6
souleyez/licensing/validator.py +17 -19
souleyez/log_config.py +79 -54
souleyez/main.py +1505 -687
souleyez/migrations/fix_job_counter.py +16 -14
souleyez/parsers/bloodhound_parser.py +41 -39
souleyez/parsers/crackmapexec_parser.py +178 -111
souleyez/parsers/dalfox_parser.py +72 -77
souleyez/parsers/dnsrecon_parser.py +103 -91
souleyez/parsers/enum4linux_parser.py +183 -153
souleyez/parsers/ffuf_parser.py +29 -25
souleyez/parsers/gobuster_parser.py +301 -41
souleyez/parsers/hashcat_parser.py +324 -79
souleyez/parsers/http_fingerprint_parser.py +350 -103
souleyez/parsers/hydra_parser.py +131 -111
souleyez/parsers/impacket_parser.py +231 -178
souleyez/parsers/john_parser.py +98 -86
souleyez/parsers/katana_parser.py +316 -0
souleyez/parsers/msf_parser.py +943 -498
souleyez/parsers/nikto_parser.py +346 -65
souleyez/parsers/nmap_parser.py +262 -174
souleyez/parsers/nuclei_parser.py +40 -44
souleyez/parsers/responder_parser.py +26 -26
souleyez/parsers/searchsploit_parser.py +74 -74
souleyez/parsers/service_explorer_parser.py +279 -0
souleyez/parsers/smbmap_parser.py +180 -124
souleyez/parsers/sqlmap_parser.py +434 -308
souleyez/parsers/theharvester_parser.py +75 -57
souleyez/parsers/whois_parser.py +135 -94
souleyez/parsers/wpscan_parser.py +278 -190
souleyez/plugins/afp.py +44 -36
souleyez/plugins/afp_brute.py +114 -46
souleyez/plugins/ard.py +48 -37
souleyez/plugins/bloodhound.py +95 -61
souleyez/plugins/certipy.py +303 -0
souleyez/plugins/crackmapexec.py +186 -85
souleyez/plugins/dalfox.py +120 -59
souleyez/plugins/dns_hijack.py +146 -41
souleyez/plugins/dnsrecon.py +97 -61
souleyez/plugins/enum4linux.py +91 -66
souleyez/plugins/evil_winrm.py +291 -0
souleyez/plugins/ffuf.py +166 -90
souleyez/plugins/firmware_extract.py +133 -29
souleyez/plugins/gobuster.py +387 -190
souleyez/plugins/gpp_extract.py +393 -0
souleyez/plugins/hashcat.py +100 -73
souleyez/plugins/http_fingerprint.py +854 -267
souleyez/plugins/hydra.py +566 -200
souleyez/plugins/impacket_getnpusers.py +117 -69
souleyez/plugins/impacket_psexec.py +84 -64
souleyez/plugins/impacket_secretsdump.py +103 -69
souleyez/plugins/impacket_smbclient.py +89 -75
souleyez/plugins/john.py +86 -69
souleyez/plugins/katana.py +313 -0
souleyez/plugins/kerbrute.py +237 -0
souleyez/plugins/lfi_extract.py +541 -0
souleyez/plugins/macos_ssh.py +117 -48
souleyez/plugins/mdns.py +35 -30
souleyez/plugins/msf_auxiliary.py +253 -130
souleyez/plugins/msf_exploit.py +239 -161
souleyez/plugins/nikto.py +134 -78
souleyez/plugins/nmap.py +275 -91
souleyez/plugins/nuclei.py +180 -89
souleyez/plugins/nxc.py +285 -0
souleyez/plugins/plugin_base.py +35 -36
souleyez/plugins/plugin_template.py +13 -5
souleyez/plugins/rdp_sec_check.py +130 -0
souleyez/plugins/responder.py +112 -71
souleyez/plugins/router_http_brute.py +76 -65
souleyez/plugins/router_ssh_brute.py +118 -41
souleyez/plugins/router_telnet_brute.py +124 -42
souleyez/plugins/routersploit.py +91 -59
souleyez/plugins/routersploit_exploit.py +77 -55
souleyez/plugins/searchsploit.py +91 -77
souleyez/plugins/service_explorer.py +1160 -0
souleyez/plugins/smbmap.py +122 -72
souleyez/plugins/smbpasswd.py +215 -0
souleyez/plugins/sqlmap.py +301 -113
souleyez/plugins/theharvester.py +127 -75
souleyez/plugins/tr069.py +79 -57
souleyez/plugins/upnp.py +65 -47
souleyez/plugins/upnp_abuse.py +73 -55
souleyez/plugins/vnc_access.py +129 -42
souleyez/plugins/vnc_brute.py +109 -38
souleyez/plugins/web_login_test.py +417 -0
souleyez/plugins/whois.py +77 -58
souleyez/plugins/wpscan.py +173 -69
souleyez/reporting/__init__.py +2 -1
souleyez/reporting/attack_chain.py +411 -346
souleyez/reporting/charts.py +436 -501
souleyez/reporting/compliance_mappings.py +334 -201
souleyez/reporting/detection_report.py +126 -125
souleyez/reporting/formatters.py +828 -591
souleyez/reporting/generator.py +386 -302
souleyez/reporting/metrics.py +72 -75
souleyez/scanner.py +35 -29
souleyez/security/__init__.py +37 -11
souleyez/security/scope_validator.py +175 -106
souleyez/security/validation.py +223 -149
souleyez/security.py +22 -6
souleyez/storage/credentials.py +247 -186
souleyez/storage/crypto.py +296 -129
souleyez/storage/database.py +73 -50
souleyez/storage/db.py +58 -36
souleyez/storage/deliverable_evidence.py +177 -128
souleyez/storage/deliverable_exporter.py +282 -246
souleyez/storage/deliverable_templates.py +134 -116
souleyez/storage/deliverables.py +135 -130
souleyez/storage/engagements.py +109 -56
souleyez/storage/evidence.py +181 -152
souleyez/storage/execution_log.py +31 -17
souleyez/storage/exploit_attempts.py +93 -57
souleyez/storage/exploits.py +67 -36
souleyez/storage/findings.py +48 -61
souleyez/storage/hosts.py +176 -144
souleyez/storage/migrate_to_engagements.py +43 -19
souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
souleyez/storage/migrations/_003_add_execution_log.py +14 -8
souleyez/storage/migrations/_005_screenshots.py +13 -5
souleyez/storage/migrations/_006_deliverables.py +13 -5
souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
souleyez/storage/migrations/_010_evidence_linking.py +17 -10
souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
souleyez/storage/migrations/_012_team_collaboration.py +34 -21
souleyez/storage/migrations/_013_add_host_tags.py +12 -6
souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
souleyez/storage/migrations/_016_add_domain_field.py +10 -4
souleyez/storage/migrations/_017_msf_sessions.py +16 -8
souleyez/storage/migrations/_018_add_osint_target.py +10 -6
souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
souleyez/storage/migrations/_020_add_rbac.py +36 -15
souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
souleyez/storage/migrations/__init__.py +26 -26
souleyez/storage/migrations/migration_manager.py +19 -19
souleyez/storage/msf_sessions.py +100 -65
souleyez/storage/osint.py +17 -24
souleyez/storage/recommendation_engine.py +269 -235
souleyez/storage/screenshots.py +33 -32
souleyez/storage/smb_shares.py +136 -92
souleyez/storage/sqlmap_data.py +183 -128
souleyez/storage/team_collaboration.py +135 -141
souleyez/storage/timeline_tracker.py +122 -94
souleyez/storage/wazuh_vulns.py +64 -66
souleyez/storage/web_paths.py +33 -37
souleyez/testing/credential_tester.py +221 -205
souleyez/ui/__init__.py +1 -1
souleyez/ui/ai_quotes.py +12 -12
souleyez/ui/attack_surface.py +2439 -1516
souleyez/ui/chain_rules_view.py +914 -382
souleyez/ui/correlation_view.py +312 -230
souleyez/ui/dashboard.py +2382 -1130
souleyez/ui/deliverables_view.py +148 -62
souleyez/ui/design_system.py +13 -13
souleyez/ui/errors.py +49 -49
souleyez/ui/evidence_linking_view.py +284 -179
souleyez/ui/evidence_vault.py +393 -285
souleyez/ui/exploit_suggestions_view.py +555 -349
souleyez/ui/export_view.py +100 -66
souleyez/ui/gap_analysis_view.py +315 -171
souleyez/ui/help_system.py +105 -97
souleyez/ui/intelligence_view.py +436 -293
souleyez/ui/interactive.py +23434 -10286
souleyez/ui/interactive_selector.py +75 -68
souleyez/ui/log_formatter.py +47 -39
souleyez/ui/menu_components.py +22 -13
souleyez/ui/msf_auxiliary_menu.py +184 -133
souleyez/ui/pending_chains_view.py +336 -172
souleyez/ui/progress_indicators.py +5 -3
souleyez/ui/recommendations_view.py +195 -137
souleyez/ui/rule_builder.py +343 -225
souleyez/ui/setup_wizard.py +678 -284
souleyez/ui/shortcuts.py +217 -165
souleyez/ui/splunk_gap_analysis_view.py +452 -270
souleyez/ui/splunk_vulns_view.py +139 -86
souleyez/ui/team_dashboard.py +498 -335
souleyez/ui/template_selector.py +196 -105
souleyez/ui/terminal.py +6 -6
souleyez/ui/timeline_view.py +198 -127
souleyez/ui/tool_setup.py +264 -164
souleyez/ui/tutorial.py +202 -72
souleyez/ui/tutorial_state.py +40 -40
souleyez/ui/wazuh_vulns_view.py +235 -141
souleyez/ui/wordlist_browser.py +260 -107
souleyez/ui.py +464 -312
souleyez/utils/tool_checker.py +427 -367
souleyez/utils.py +33 -29
souleyez/wordlists.py +134 -167
{souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/METADATA +1 -1
souleyez-2.43.34.dist-info/RECORD +443 -0
{souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/WHEEL +1 -1
souleyez-2.43.26.dist-info/RECORD +0 -379
{souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/entry_points.txt +0 -0
{souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/licenses/LICENSE +0 -0
{souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/top_level.txt +0 -0

souleyez/handlers/wpscan_handler.py ADDED Viewed

@@ -0,0 +1,554 @@
+#!/usr/bin/env python3
+"""
+WPScan handler.
+Consolidates parsing and display logic for WPScan WordPress security scanner jobs.
+"""
+import logging
+import os
+import re
+from typing import Any, Dict, Optional
+from urllib.parse import urlparse
+import click
+from souleyez.engine.job_status import STATUS_DONE, STATUS_ERROR, STATUS_NO_RESULTS
+from souleyez.handlers.base import BaseToolHandler
+logger = logging.getLogger(__name__)
+class WPScanHandler(BaseToolHandler):
+    """Handler for WPScan WordPress security scanner jobs."""
+    tool_name = "wpscan"
+    display_name = "WPScan"
+    # All handlers enabled
+    has_error_handler = True
+    has_warning_handler = True
+    has_no_results_handler = True
+    has_done_handler = True
+    def parse_job(
+        self,
+        engagement_id: int,
+        log_path: str,
+        job: Dict[str, Any],
+        host_manager: Optional[Any] = None,
+        findings_manager: Optional[Any] = None,
+        credentials_manager: Optional[Any] = None,
+    ) -> Dict[str, Any]:
+        """
+        Parse WPScan job results.
+        Extracts WordPress vulnerabilities for plugins, themes, and core.
+        """
+        try:
+            from souleyez.parsers.wpscan_parser import parse_wpscan_output
+            from souleyez.engine.result_handler import detect_tool_error
+            # Import managers if not provided
+            if host_manager is None:
+                from souleyez.storage.hosts import HostManager
+                host_manager = HostManager()
+            if findings_manager is None:
+                from souleyez.storage.findings import FindingsManager
+                findings_manager = FindingsManager()
+            if credentials_manager is None:
+                from souleyez.storage.credentials import CredentialsManager
+                credentials_manager = CredentialsManager()
+            target = job.get("target", "")
+            # Read log file
+            with open(log_path, "r", encoding="utf-8", errors="replace") as f:
+                output = f.read()
+            parsed = parse_wpscan_output(output, target)
+            # Get or create host
+            host_id = None
+            target_ip = target
+            if "://" in str(target):
+                parsed_url = urlparse(target)
+                target_ip = parsed_url.hostname or target
+            if target_ip:
+                host = host_manager.get_host_by_ip(engagement_id, target_ip)
+                if not host:
+                    host_id = host_manager.add_or_update_host(
+                        engagement_id, {"ip": target_ip, "status": "up"}
+                    )
+                else:
+                    host_id = host["id"]
+            # Store findings
+            findings_added = 0
+            # WordPress version vulnerabilities
+            for vuln in parsed.get("findings", []):
+                findings_manager.add_finding(
+                    engagement_id=engagement_id,
+                    host_id=host_id,
+                    title=vuln["title"],
+                    finding_type="vulnerability",
+                    severity=vuln.get("severity", "medium"),
+                    description=vuln.get("description", ""),
+                    tool="wpscan",
+                    refs=", ".join(vuln.get("references", [])),
+                )
+                findings_added += 1
+            # Plugin vulnerabilities (parser returns list of dicts)
+            plugins = parsed.get("plugins", [])
+            if isinstance(plugins, list):
+                for plugin_data in plugins:
+                    if isinstance(plugin_data, dict):
+                        plugin_name = plugin_data.get("name", "Unknown")
+                        for vuln in plugin_data.get("vulnerabilities", []):
+                            findings_manager.add_finding(
+                                engagement_id=engagement_id,
+                                host_id=host_id,
+                                title=f"WordPress Plugin: {plugin_name} - {vuln['title']}",
+                                finding_type="vulnerability",
+                                severity=vuln.get("severity", "medium"),
+                                description=vuln.get("description", ""),
+                                tool="wpscan",
+                                refs=", ".join(vuln.get("references", [])),
+                            )
+                            findings_added += 1
+            # Theme vulnerabilities (parser returns list of dicts)
+            themes = parsed.get("themes", [])
+            if isinstance(themes, list):
+                for theme_data in themes:
+                    if isinstance(theme_data, dict):
+                        theme_name = theme_data.get("name", "Unknown")
+                        for vuln in theme_data.get("vulnerabilities", []):
+                            findings_manager.add_finding(
+                                engagement_id=engagement_id,
+                                host_id=host_id,
+                                title=f"WordPress Theme: {theme_name} - {vuln['title']}",
+                                finding_type="vulnerability",
+                                severity=vuln.get("severity", "medium"),
+                                description=vuln.get("description", ""),
+                                tool="wpscan",
+                                refs=", ".join(vuln.get("references", [])),
+                            )
+                            findings_added += 1
+            # Check for wpscan errors
+            wpscan_error = detect_tool_error(output, "wpscan")
+            # Count WordPress info as results (version, users, plugins, themes)
+            wp_version = parsed.get("version") or parsed.get("wordpress_version")
+            users_list = parsed.get("users", [])
+            users_found = len(users_list)
+            plugins_found = len(parsed.get("plugins", []))
+            themes_found = len(parsed.get("themes", []))
+            has_wp_info = (
+                wp_version or users_found > 0 or plugins_found > 0 or themes_found > 0
+            )
+            # Add enumerated users to credentials (for brute force chaining)
+            credentials_added = 0
+            if users_list and credentials_manager:
+                for username in users_list:
+                    try:
+                        credentials_manager.add_credential(
+                            engagement_id=engagement_id,
+                            host_id=host_id,
+                            service="wordpress",
+                            username=username,
+                            password=None,
+                            status="untested",
+                            tool="wpscan",
+                        )
+                        credentials_added += 1
+                    except Exception as cred_err:
+                        logger.debug(
+                            f"Could not add credential for {username}: {cred_err}"
+                        )
+            # Determine status based on results
+            if wpscan_error:
+                status = STATUS_ERROR
+            elif findings_added > 0 or has_wp_info:
+                # CVE findings OR WordPress info = successful scan
+                status = STATUS_DONE
+            else:
+                status = STATUS_NO_RESULTS
+            return {
+                "tool": "wpscan",
+                "status": status,
+                "target": target,
+                "wp_version": parsed.get("version") or parsed.get("wordpress_version"),
+                "plugins_found": len(parsed.get("plugins", {})),
+                "themes_found": len(parsed.get("themes", {})),
+                "users_found": len(parsed.get("users", [])),
+                "findings_added": findings_added,
+                "users": parsed.get("users", []),  # For hydra chaining
+            }
+        except Exception as e:
+            logger.error(f"Error parsing wpscan job: {e}")
+            return {"error": str(e)}
+    def display_done(
+        self,
+        job: Dict[str, Any],
+        log_path: str,
+        show_all: bool = False,
+        show_passwords: bool = False,
+    ) -> None:
+        """Display successful WPScan results."""
+        try:
+            from souleyez.parsers.wpscan_parser import parse_wpscan_output
+            if not log_path or not os.path.exists(log_path):
+                return
+            with open(log_path, "r", encoding="utf-8", errors="replace") as f:
+                log_content = f.read()
+            parsed = parse_wpscan_output(log_content, job.get("target", ""))
+            # Check if we have any results
+            has_results = (
+                parsed.get("wordpress_version")
+                or parsed.get("findings")
+                or parsed.get("plugins")
+                or parsed.get("themes")
+                or parsed.get("users")
+                or parsed.get("info")
+            )
+            if not has_results:
+                self.display_no_results(job, log_path)
+                return
+            # Header
+            click.echo(click.style("=" * 70, fg="cyan"))
+            click.echo(
+                click.style("WPSCAN WORDPRESS SECURITY SCAN", bold=True, fg="cyan")
+            )
+            click.echo(click.style("=" * 70, fg="cyan"))
+            click.echo()
+            # WordPress version with status
+            if parsed.get("wordpress_version"):
+                version_str = parsed["wordpress_version"]
+                version_status = parsed.get("version_status")
+                version_date = parsed.get("version_release_date")
+                click.echo(click.style("WordPress Version: ", bold=True), nl=False)
+                if version_status == "Insecure":
+                    click.echo(
+                        click.style(f"{version_str} (Insecure)", fg="red", bold=True),
+                        nl=False,
+                    )
+                elif version_status == "Outdated":
+                    click.echo(
+                        click.style(
+                            f"{version_str} (Outdated)", fg="yellow", bold=True
+                        ),
+                        nl=False,
+                    )
+                else:
+                    click.echo(version_str, nl=False)
+                if version_date:
+                    click.echo(f" - Released {version_date}")
+                else:
+                    click.echo()
+                click.echo()
+            # Additional information/findings
+            info_items = parsed.get("info", [])
+            if info_items:
+                click.echo(click.style("Scan Findings:", bold=True))
+                for item in info_items:
+                    title = item.get("title", "Unknown")
+                    severity = item.get("severity", "info").lower()
+                    item_type = item.get("type", "info")
+                    # Icon based on severity/type
+                    if severity == "low" or item_type == "warning":
+                        icon = "!"
+                        color = "yellow"
+                    elif item_type == "config":
+                        icon = "*"
+                        color = "cyan"
+                    elif item_type == "disclosure":
+                        icon = "#"
+                        color = "yellow"
+                    elif item_type == "header":
+                        icon = "?"
+                        color = "cyan"
+                    else:
+                        icon = "i"
+                        color = "white"
+                    click.echo(click.style(f"  [{icon}] {title}", fg=color))
+                click.echo()
+            # Vulnerabilities/Findings
+            findings = parsed.get("findings", [])
+            if findings:
+                # Group by severity
+                severity_order = ["critical", "high", "medium", "low", "info"]
+                severity_groups = {sev: [] for sev in severity_order}
+                for finding in findings:
+                    severity = finding.get("severity", "medium").lower()
+                    if severity in severity_groups:
+                        severity_groups[severity].append(finding)
+                click.echo(
+                    click.style(
+                        f"Vulnerabilities Found: {len(findings)}", bold=True, fg="red"
+                    )
+                )
+                click.echo()
+                max_per_severity = None if show_all else 3
+                for severity in severity_order:
+                    if severity_groups[severity]:
+                        # Color code by severity
+                        if severity in ("critical", "high"):
+                            color = "red"
+                        elif severity == "medium":
+                            color = "yellow"
+                        elif severity == "low":
+                            color = "green"
+                        else:
+                            color = "cyan"
+                        click.echo(
+                            click.style(
+                                f"[{severity.upper()}] ({len(severity_groups[severity])})",
+                                bold=True,
+                                fg=color,
+                            )
+                        )
+                        display_findings = (
+                            severity_groups[severity]
+                            if max_per_severity is None
+                            else severity_groups[severity][:max_per_severity]
+                        )
+                        for finding in display_findings:
+                            click.echo(
+                                f"  - {finding.get('title', 'Unknown vulnerability')}"
+                            )
+                            if finding.get("type") and finding.get("name"):
+                                click.echo(
+                                    f"    Type: {finding['type']} - {finding['name']}"
+                                )
+                            if finding.get("fixed_in"):
+                                click.echo(f"    Fixed in: {finding['fixed_in']}")
+                            if finding.get("references"):
+                                refs = finding["references"][
+                                    :2
+                                ]  # Show first 2 references
+                                for ref in refs:
+                                    click.echo(f"    Ref: {ref}")
+                            click.echo()
+                        if (
+                            max_per_severity
+                            and len(severity_groups[severity]) > max_per_severity
+                        ):
+                            click.echo(
+                                f"  ... and {len(severity_groups[severity]) - max_per_severity} more {severity} severity issues"
+                            )
+                            click.echo()
+            # Plugins
+            plugins = parsed.get("plugins", [])
+            if plugins:
+                vulnerable_plugins = [p for p in plugins if p.get("vulnerable")]
+                click.echo(click.style(f"Plugins Detected: {len(plugins)}", bold=True))
+                if vulnerable_plugins:
+                    click.echo(
+                        click.style(
+                            f"  ! {len(vulnerable_plugins)} vulnerable", fg="red"
+                        )
+                    )
+                click.echo()
+                max_plugins = None if show_all else 5
+                display_plugins = (
+                    plugins if max_plugins is None else plugins[:max_plugins]
+                )
+                for plugin in display_plugins:
+                    vuln_marker = (
+                        click.style("!", fg="red") if plugin.get("vulnerable") else " "
+                    )
+                    plugin_name = plugin.get("name", "Unknown")
+                    plugin_version = plugin.get("version", "Unknown version")
+                    click.echo(f"  {vuln_marker} {plugin_name} - {plugin_version}")
+                if max_plugins and len(plugins) > max_plugins:
+                    click.echo(f"  ... and {len(plugins) - max_plugins} more plugins")
+                click.echo()
+            # Themes
+            themes = parsed.get("themes", [])
+            if themes:
+                vulnerable_themes = [t for t in themes if t.get("vulnerable")]
+                click.echo(click.style(f"Themes Detected: {len(themes)}", bold=True))
+                if vulnerable_themes:
+                    click.echo(
+                        click.style(
+                            f"  ! {len(vulnerable_themes)} vulnerable", fg="red"
+                        )
+                    )
+                click.echo()
+                max_themes = None if show_all else 3
+                display_themes = themes if max_themes is None else themes[:max_themes]
+                for theme in display_themes:
+                    vuln_marker = (
+                        click.style("!", fg="red") if theme.get("vulnerable") else " "
+                    )
+                    theme_name = theme.get("name", "Unknown")
+                    theme_version = theme.get("version", "Unknown version")
+                    click.echo(f"  {vuln_marker} {theme_name} - {theme_version}")
+                if max_themes and len(themes) > max_themes:
+                    click.echo(f"  ... and {len(themes) - max_themes} more themes")
+                click.echo()
+            # Enumerated users
+            users = parsed.get("users", [])
+            if users:
+                click.echo(
+                    click.style(
+                        f"Users Enumerated: {len(users)}", bold=True, fg="yellow"
+                    )
+                )
+                max_users = None if show_all else 10
+                display_users = users if max_users is None else users[:max_users]
+                for user in display_users:
+                    click.echo(f"  - {user}")
+                if max_users and len(users) > max_users:
+                    click.echo(f"  ... and {len(users) - max_users} more users")
+                click.echo()
+            click.echo(click.style("=" * 70, fg="cyan"))
+            click.echo()
+        except Exception as e:
+            logger.debug(f"Error in display_done: {e}")
+    def display_warning(
+        self,
+        job: Dict[str, Any],
+        log_path: str,
+        log_content: Optional[str] = None,
+    ) -> None:
+        """Display warning status for WPScan."""
+        click.echo(click.style("=" * 70, fg="yellow"))
+        click.echo(click.style("[WARNING] WPSCAN", bold=True, fg="yellow"))
+        click.echo(click.style("=" * 70, fg="yellow"))
+        click.echo()
+        click.echo("  Scan completed with warnings. Check raw logs for details.")
+        click.echo("  Press [r] to view raw logs.")
+        click.echo()
+        click.echo(click.style("=" * 70, fg="yellow"))
+        click.echo()
+    def display_error(
+        self,
+        job: Dict[str, Any],
+        log_path: str,
+        log_content: Optional[str] = None,
+    ) -> None:
+        """Display error status for WPScan."""
+        # Read log if not provided
+        if log_content is None and log_path and os.path.exists(log_path):
+            try:
+                with open(log_path, "r", encoding="utf-8", errors="replace") as f:
+                    log_content = f.read()
+            except Exception:
+                log_content = ""
+        click.echo(click.style("=" * 70, fg="red"))
+        click.echo(click.style("[ERROR] WPSCAN FAILED", bold=True, fg="red"))
+        click.echo(click.style("=" * 70, fg="red"))
+        click.echo()
+        # Check for common wpscan errors
+        error_msg = None
+        if log_content:
+            if "The target is NOT running WordPress" in log_content:
+                error_msg = "Target is not running WordPress"
+            elif "could not resolve" in log_content.lower():
+                error_msg = "Could not resolve target hostname"
+            elif (
+                "Connection refused" in log_content
+                or "Unable to connect" in log_content
+            ):
+                error_msg = "Connection refused - web server may be down"
+            elif "timed out" in log_content.lower() or "timeout" in log_content.lower():
+                error_msg = "Connection timed out - target may be slow or filtering"
+            elif "SSL" in log_content and (
+                "error" in log_content.lower() or "fail" in log_content.lower()
+            ):
+                error_msg = "SSL error - try with --disable-tls-checks"
+            elif (
+                "api limit" in log_content.lower()
+                or "rate limit" in log_content.lower()
+            ):
+                error_msg = "WPScan API rate limit reached - try again later"
+            elif "[!]" in log_content:
+                match = re.search(r"\[!\]\s*(.+?)(?:\n|$)", log_content)
+                if match:
+                    error_msg = match.group(1).strip()[:100]
+        if error_msg:
+            click.echo(f"  {error_msg}")
+        else:
+            click.echo("  Scan failed - see raw logs for details (press 'r')")
+        click.echo()
+        click.echo(click.style("=" * 70, fg="red"))
+        click.echo()
+    def display_no_results(
+        self,
+        job: Dict[str, Any],
+        log_path: str,
+    ) -> None:
+        """Display no_results status for WPScan."""
+        click.echo(click.style("=" * 70, fg="cyan"))
+        click.echo(click.style("WPSCAN WORDPRESS SECURITY SCAN", bold=True, fg="cyan"))
+        click.echo(click.style("=" * 70, fg="cyan"))
+        click.echo()
+        if job.get("target"):
+            click.echo(click.style(f"Target: {job.get('target')}", bold=True))
+            click.echo()
+        click.echo(
+            click.style(
+                "Result: No WordPress detected or no issues found",
+                fg="green",
+                bold=True,
+            )
+        )
+        click.echo()
+        click.echo("  The scan did not find WordPress or any security issues.")
+        click.echo()
+        click.echo(click.style("Tips:", dim=True))
+        click.echo("  - Verify the target is a WordPress site")
+        click.echo("  - Try enumeration: --enumerate ap,at,u")
+        click.echo("  - Check API token for vuln database access")
+        click.echo()
+        click.echo(click.style("=" * 70, fg="cyan"))
+        click.echo()

souleyez/history.py CHANGED Viewed

@@ -14,7 +14,9 @@ def load_history():
     return read_json(HISTORY_FILE)
-def add_history_entry(target, args, label, logpath, xmlpath=None, tool="nmap", summary=None):
+def add_history_entry(
+    target, args, label, logpath, xmlpath=None, tool="nmap", summary=None
+):
     """
     Add an entry to the history.
     """
@@ -28,7 +30,7 @@ def add_history_entry(target, args, label, logpath, xmlpath=None, tool="nmap", s
         "label": label,
         "log": str(logpath),
         "xml": str(xmlpath) if xmlpath else None,
-        "summary": summary if isinstance(summary, dict) else None
+        "summary": summary if isinstance(summary, dict) else None,
     }
     h.insert(0, entry)
     write_json(HISTORY_FILE, h[:200])
@@ -46,7 +48,7 @@ def get_tools():
 def _safe_filename_component(s):
     s = str(s or "")
-    return "".join(c if (c.isalnum() or c in ('.', '-', '_')) else '_' for c in s)
+    return "".join(c if (c.isalnum() or c in (".", "-", "_")) else "_" for c in s)
 def _make_export_name(entry, ext):
@@ -76,19 +78,33 @@ def export_entry_csv(entry):
     if not per_host:
         per_host = [{"addr": "", "up": None, "open": summary.get("open_ports", 0)}]
-    with open(path, "w", newline='', encoding="utf-8") as csvfile:
+    with open(path, "w", newline="", encoding="utf-8") as csvfile:
         writer = csv.writer(csvfile)
-        writer.writerow(["timestamp", "tool", "target", "label", "host", "up", "open_ports", "log", "xml"])
+        writer.writerow(
+            [
+                "timestamp",
+                "tool",
+                "target",
+                "label",
+                "host",
+                "up",
+                "open_ports",
+                "log",
+                "xml",
+            ]
+        )
         for h in per_host:
-            writer.writerow([
-                entry.get("ts", ""),
-                entry.get("tool", ""),
-                entry.get("target", ""),
-                entry.get("label", ""),
-                h.get("addr", ""),
-                bool(h.get("up")) if h.get("up") is not None else "",
-                h.get("open", 0),
-                entry.get("log", ""),
-                entry.get("xml", "")
-            ])
+            writer.writerow(
+                [
+                    entry.get("ts", ""),
+                    entry.get("tool", ""),
+                    entry.get("target", ""),
+                    entry.get("label", ""),
+                    h.get("addr", ""),
+                    bool(h.get("up")) if h.get("up") is not None else "",
+                    h.get("open", 0),
+                    entry.get("log", ""),
+                    entry.get("xml", ""),
+                ]
+            )
     return path

souleyez 2.43.26__py3-none-any.whl → 2.43.34__py3-none-any.whl

Potentially problematic release.

souleyez 2.43.26py3-none-any.whl → 2.43.34py3-none-any.whl