souleyez 2.43.26__py3-none-any.whl → 2.43.34__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of souleyez might be problematic. Click here for more details.
- souleyez/__init__.py +1 -2
- souleyez/ai/__init__.py +21 -15
- souleyez/ai/action_mapper.py +249 -150
- souleyez/ai/chain_advisor.py +116 -100
- souleyez/ai/claude_provider.py +29 -28
- souleyez/ai/context_builder.py +80 -62
- souleyez/ai/executor.py +158 -117
- souleyez/ai/feedback_handler.py +136 -121
- souleyez/ai/llm_factory.py +27 -20
- souleyez/ai/llm_provider.py +4 -2
- souleyez/ai/ollama_provider.py +6 -9
- souleyez/ai/ollama_service.py +44 -37
- souleyez/ai/path_scorer.py +91 -76
- souleyez/ai/recommender.py +176 -144
- souleyez/ai/report_context.py +74 -73
- souleyez/ai/report_service.py +84 -66
- souleyez/ai/result_parser.py +222 -229
- souleyez/ai/safety.py +67 -44
- souleyez/auth/__init__.py +23 -22
- souleyez/auth/audit.py +36 -26
- souleyez/auth/engagement_access.py +65 -48
- souleyez/auth/permissions.py +14 -3
- souleyez/auth/session_manager.py +54 -37
- souleyez/auth/user_manager.py +109 -64
- souleyez/commands/audit.py +40 -43
- souleyez/commands/auth.py +35 -15
- souleyez/commands/deliverables.py +55 -50
- souleyez/commands/engagement.py +47 -28
- souleyez/commands/license.py +32 -23
- souleyez/commands/screenshots.py +36 -32
- souleyez/commands/user.py +82 -36
- souleyez/config.py +52 -44
- souleyez/core/credential_tester.py +87 -81
- souleyez/core/cve_mappings.py +179 -192
- souleyez/core/cve_matcher.py +162 -148
- souleyez/core/msf_auto_mapper.py +100 -83
- souleyez/core/msf_chain_engine.py +294 -256
- souleyez/core/msf_database.py +153 -70
- souleyez/core/msf_integration.py +679 -673
- souleyez/core/msf_rpc_client.py +40 -42
- souleyez/core/msf_rpc_manager.py +77 -79
- souleyez/core/msf_sync_manager.py +241 -181
- souleyez/core/network_utils.py +22 -15
- souleyez/core/parser_handler.py +34 -25
- souleyez/core/pending_chains.py +114 -63
- souleyez/core/templates.py +158 -107
- souleyez/core/tool_chaining.py +9526 -2879
- souleyez/core/version_utils.py +79 -94
- souleyez/core/vuln_correlation.py +136 -89
- souleyez/core/web_utils.py +33 -32
- souleyez/data/wordlists/ad_users.txt +378 -0
- souleyez/data/wordlists/api_endpoints_large.txt +769 -0
- souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
- souleyez/data/wordlists/lfi_payloads.txt +82 -0
- souleyez/data/wordlists/passwords_brute.txt +1548 -0
- souleyez/data/wordlists/passwords_crack.txt +2479 -0
- souleyez/data/wordlists/passwords_spray.txt +386 -0
- souleyez/data/wordlists/subdomains_large.txt +5057 -0
- souleyez/data/wordlists/usernames_common.txt +694 -0
- souleyez/data/wordlists/web_dirs_large.txt +4769 -0
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +12 -17
- souleyez/detection/mitre_mappings.py +61 -55
- souleyez/detection/validator.py +97 -86
- souleyez/devtools.py +23 -10
- souleyez/docs/README.md +4 -4
- souleyez/docs/api-reference/cli-commands.md +2 -2
- souleyez/docs/developer-guide/adding-new-tools.md +562 -0
- souleyez/docs/user-guide/auto-chaining.md +30 -8
- souleyez/docs/user-guide/getting-started.md +1 -1
- souleyez/docs/user-guide/installation.md +26 -3
- souleyez/docs/user-guide/metasploit-integration.md +2 -2
- souleyez/docs/user-guide/rbac.md +1 -1
- souleyez/docs/user-guide/scope-management.md +1 -1
- souleyez/docs/user-guide/siem-integration.md +1 -1
- souleyez/docs/user-guide/tools-reference.md +1 -8
- souleyez/docs/user-guide/worker-management.md +1 -1
- souleyez/engine/background.py +1239 -535
- souleyez/engine/base.py +4 -1
- souleyez/engine/job_status.py +17 -49
- souleyez/engine/log_sanitizer.py +103 -77
- souleyez/engine/manager.py +38 -7
- souleyez/engine/result_handler.py +2200 -1550
- souleyez/engine/worker_manager.py +50 -41
- souleyez/export/evidence_bundle.py +72 -62
- souleyez/feature_flags/features.py +16 -20
- souleyez/feature_flags.py +5 -9
- souleyez/handlers/__init__.py +11 -0
- souleyez/handlers/base.py +188 -0
- souleyez/handlers/bash_handler.py +277 -0
- souleyez/handlers/bloodhound_handler.py +243 -0
- souleyez/handlers/certipy_handler.py +311 -0
- souleyez/handlers/crackmapexec_handler.py +486 -0
- souleyez/handlers/dnsrecon_handler.py +344 -0
- souleyez/handlers/enum4linux_handler.py +400 -0
- souleyez/handlers/evil_winrm_handler.py +493 -0
- souleyez/handlers/ffuf_handler.py +815 -0
- souleyez/handlers/gobuster_handler.py +1114 -0
- souleyez/handlers/gpp_extract_handler.py +334 -0
- souleyez/handlers/hashcat_handler.py +444 -0
- souleyez/handlers/hydra_handler.py +563 -0
- souleyez/handlers/impacket_getuserspns_handler.py +343 -0
- souleyez/handlers/impacket_psexec_handler.py +222 -0
- souleyez/handlers/impacket_secretsdump_handler.py +426 -0
- souleyez/handlers/john_handler.py +286 -0
- souleyez/handlers/katana_handler.py +425 -0
- souleyez/handlers/kerbrute_handler.py +298 -0
- souleyez/handlers/ldapsearch_handler.py +636 -0
- souleyez/handlers/lfi_extract_handler.py +464 -0
- souleyez/handlers/msf_auxiliary_handler.py +408 -0
- souleyez/handlers/msf_exploit_handler.py +380 -0
- souleyez/handlers/nikto_handler.py +413 -0
- souleyez/handlers/nmap_handler.py +821 -0
- souleyez/handlers/nuclei_handler.py +359 -0
- souleyez/handlers/nxc_handler.py +371 -0
- souleyez/handlers/rdp_sec_check_handler.py +353 -0
- souleyez/handlers/registry.py +292 -0
- souleyez/handlers/responder_handler.py +232 -0
- souleyez/handlers/service_explorer_handler.py +434 -0
- souleyez/handlers/smbclient_handler.py +344 -0
- souleyez/handlers/smbmap_handler.py +510 -0
- souleyez/handlers/smbpasswd_handler.py +296 -0
- souleyez/handlers/sqlmap_handler.py +1116 -0
- souleyez/handlers/theharvester_handler.py +601 -0
- souleyez/handlers/web_login_test_handler.py +327 -0
- souleyez/handlers/whois_handler.py +277 -0
- souleyez/handlers/wpscan_handler.py +554 -0
- souleyez/history.py +32 -16
- souleyez/importers/msf_importer.py +106 -75
- souleyez/importers/smart_importer.py +208 -147
- souleyez/integrations/siem/__init__.py +10 -10
- souleyez/integrations/siem/base.py +17 -18
- souleyez/integrations/siem/elastic.py +108 -122
- souleyez/integrations/siem/factory.py +207 -80
- souleyez/integrations/siem/googlesecops.py +146 -154
- souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
- souleyez/integrations/siem/sentinel.py +107 -109
- souleyez/integrations/siem/splunk.py +246 -212
- souleyez/integrations/siem/wazuh.py +65 -71
- souleyez/integrations/wazuh/__init__.py +5 -5
- souleyez/integrations/wazuh/client.py +70 -93
- souleyez/integrations/wazuh/config.py +85 -57
- souleyez/integrations/wazuh/host_mapper.py +28 -36
- souleyez/integrations/wazuh/sync.py +78 -68
- souleyez/intelligence/__init__.py +4 -5
- souleyez/intelligence/correlation_analyzer.py +309 -295
- souleyez/intelligence/exploit_knowledge.py +661 -623
- souleyez/intelligence/exploit_suggestions.py +159 -139
- souleyez/intelligence/gap_analyzer.py +132 -97
- souleyez/intelligence/gap_detector.py +251 -214
- souleyez/intelligence/sensitive_tables.py +266 -129
- souleyez/intelligence/service_parser.py +137 -123
- souleyez/intelligence/surface_analyzer.py +407 -268
- souleyez/intelligence/target_parser.py +159 -162
- souleyez/licensing/__init__.py +6 -6
- souleyez/licensing/validator.py +17 -19
- souleyez/log_config.py +79 -54
- souleyez/main.py +1505 -687
- souleyez/migrations/fix_job_counter.py +16 -14
- souleyez/parsers/bloodhound_parser.py +41 -39
- souleyez/parsers/crackmapexec_parser.py +178 -111
- souleyez/parsers/dalfox_parser.py +72 -77
- souleyez/parsers/dnsrecon_parser.py +103 -91
- souleyez/parsers/enum4linux_parser.py +183 -153
- souleyez/parsers/ffuf_parser.py +29 -25
- souleyez/parsers/gobuster_parser.py +301 -41
- souleyez/parsers/hashcat_parser.py +324 -79
- souleyez/parsers/http_fingerprint_parser.py +350 -103
- souleyez/parsers/hydra_parser.py +131 -111
- souleyez/parsers/impacket_parser.py +231 -178
- souleyez/parsers/john_parser.py +98 -86
- souleyez/parsers/katana_parser.py +316 -0
- souleyez/parsers/msf_parser.py +943 -498
- souleyez/parsers/nikto_parser.py +346 -65
- souleyez/parsers/nmap_parser.py +262 -174
- souleyez/parsers/nuclei_parser.py +40 -44
- souleyez/parsers/responder_parser.py +26 -26
- souleyez/parsers/searchsploit_parser.py +74 -74
- souleyez/parsers/service_explorer_parser.py +279 -0
- souleyez/parsers/smbmap_parser.py +180 -124
- souleyez/parsers/sqlmap_parser.py +434 -308
- souleyez/parsers/theharvester_parser.py +75 -57
- souleyez/parsers/whois_parser.py +135 -94
- souleyez/parsers/wpscan_parser.py +278 -190
- souleyez/plugins/afp.py +44 -36
- souleyez/plugins/afp_brute.py +114 -46
- souleyez/plugins/ard.py +48 -37
- souleyez/plugins/bloodhound.py +95 -61
- souleyez/plugins/certipy.py +303 -0
- souleyez/plugins/crackmapexec.py +186 -85
- souleyez/plugins/dalfox.py +120 -59
- souleyez/plugins/dns_hijack.py +146 -41
- souleyez/plugins/dnsrecon.py +97 -61
- souleyez/plugins/enum4linux.py +91 -66
- souleyez/plugins/evil_winrm.py +291 -0
- souleyez/plugins/ffuf.py +166 -90
- souleyez/plugins/firmware_extract.py +133 -29
- souleyez/plugins/gobuster.py +387 -190
- souleyez/plugins/gpp_extract.py +393 -0
- souleyez/plugins/hashcat.py +100 -73
- souleyez/plugins/http_fingerprint.py +854 -267
- souleyez/plugins/hydra.py +566 -200
- souleyez/plugins/impacket_getnpusers.py +117 -69
- souleyez/plugins/impacket_psexec.py +84 -64
- souleyez/plugins/impacket_secretsdump.py +103 -69
- souleyez/plugins/impacket_smbclient.py +89 -75
- souleyez/plugins/john.py +86 -69
- souleyez/plugins/katana.py +313 -0
- souleyez/plugins/kerbrute.py +237 -0
- souleyez/plugins/lfi_extract.py +541 -0
- souleyez/plugins/macos_ssh.py +117 -48
- souleyez/plugins/mdns.py +35 -30
- souleyez/plugins/msf_auxiliary.py +253 -130
- souleyez/plugins/msf_exploit.py +239 -161
- souleyez/plugins/nikto.py +134 -78
- souleyez/plugins/nmap.py +275 -91
- souleyez/plugins/nuclei.py +180 -89
- souleyez/plugins/nxc.py +285 -0
- souleyez/plugins/plugin_base.py +35 -36
- souleyez/plugins/plugin_template.py +13 -5
- souleyez/plugins/rdp_sec_check.py +130 -0
- souleyez/plugins/responder.py +112 -71
- souleyez/plugins/router_http_brute.py +76 -65
- souleyez/plugins/router_ssh_brute.py +118 -41
- souleyez/plugins/router_telnet_brute.py +124 -42
- souleyez/plugins/routersploit.py +91 -59
- souleyez/plugins/routersploit_exploit.py +77 -55
- souleyez/plugins/searchsploit.py +91 -77
- souleyez/plugins/service_explorer.py +1160 -0
- souleyez/plugins/smbmap.py +122 -72
- souleyez/plugins/smbpasswd.py +215 -0
- souleyez/plugins/sqlmap.py +301 -113
- souleyez/plugins/theharvester.py +127 -75
- souleyez/plugins/tr069.py +79 -57
- souleyez/plugins/upnp.py +65 -47
- souleyez/plugins/upnp_abuse.py +73 -55
- souleyez/plugins/vnc_access.py +129 -42
- souleyez/plugins/vnc_brute.py +109 -38
- souleyez/plugins/web_login_test.py +417 -0
- souleyez/plugins/whois.py +77 -58
- souleyez/plugins/wpscan.py +173 -69
- souleyez/reporting/__init__.py +2 -1
- souleyez/reporting/attack_chain.py +411 -346
- souleyez/reporting/charts.py +436 -501
- souleyez/reporting/compliance_mappings.py +334 -201
- souleyez/reporting/detection_report.py +126 -125
- souleyez/reporting/formatters.py +828 -591
- souleyez/reporting/generator.py +386 -302
- souleyez/reporting/metrics.py +72 -75
- souleyez/scanner.py +35 -29
- souleyez/security/__init__.py +37 -11
- souleyez/security/scope_validator.py +175 -106
- souleyez/security/validation.py +223 -149
- souleyez/security.py +22 -6
- souleyez/storage/credentials.py +247 -186
- souleyez/storage/crypto.py +296 -129
- souleyez/storage/database.py +73 -50
- souleyez/storage/db.py +58 -36
- souleyez/storage/deliverable_evidence.py +177 -128
- souleyez/storage/deliverable_exporter.py +282 -246
- souleyez/storage/deliverable_templates.py +134 -116
- souleyez/storage/deliverables.py +135 -130
- souleyez/storage/engagements.py +109 -56
- souleyez/storage/evidence.py +181 -152
- souleyez/storage/execution_log.py +31 -17
- souleyez/storage/exploit_attempts.py +93 -57
- souleyez/storage/exploits.py +67 -36
- souleyez/storage/findings.py +48 -61
- souleyez/storage/hosts.py +176 -144
- souleyez/storage/migrate_to_engagements.py +43 -19
- souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
- souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
- souleyez/storage/migrations/_003_add_execution_log.py +14 -8
- souleyez/storage/migrations/_005_screenshots.py +13 -5
- souleyez/storage/migrations/_006_deliverables.py +13 -5
- souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
- souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
- souleyez/storage/migrations/_010_evidence_linking.py +17 -10
- souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
- souleyez/storage/migrations/_012_team_collaboration.py +34 -21
- souleyez/storage/migrations/_013_add_host_tags.py +12 -6
- souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
- souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
- souleyez/storage/migrations/_016_add_domain_field.py +10 -4
- souleyez/storage/migrations/_017_msf_sessions.py +16 -8
- souleyez/storage/migrations/_018_add_osint_target.py +10 -6
- souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
- souleyez/storage/migrations/_020_add_rbac.py +36 -15
- souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
- souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
- souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
- souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
- souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
- souleyez/storage/migrations/__init__.py +26 -26
- souleyez/storage/migrations/migration_manager.py +19 -19
- souleyez/storage/msf_sessions.py +100 -65
- souleyez/storage/osint.py +17 -24
- souleyez/storage/recommendation_engine.py +269 -235
- souleyez/storage/screenshots.py +33 -32
- souleyez/storage/smb_shares.py +136 -92
- souleyez/storage/sqlmap_data.py +183 -128
- souleyez/storage/team_collaboration.py +135 -141
- souleyez/storage/timeline_tracker.py +122 -94
- souleyez/storage/wazuh_vulns.py +64 -66
- souleyez/storage/web_paths.py +33 -37
- souleyez/testing/credential_tester.py +221 -205
- souleyez/ui/__init__.py +1 -1
- souleyez/ui/ai_quotes.py +12 -12
- souleyez/ui/attack_surface.py +2439 -1516
- souleyez/ui/chain_rules_view.py +914 -382
- souleyez/ui/correlation_view.py +312 -230
- souleyez/ui/dashboard.py +2382 -1130
- souleyez/ui/deliverables_view.py +148 -62
- souleyez/ui/design_system.py +13 -13
- souleyez/ui/errors.py +49 -49
- souleyez/ui/evidence_linking_view.py +284 -179
- souleyez/ui/evidence_vault.py +393 -285
- souleyez/ui/exploit_suggestions_view.py +555 -349
- souleyez/ui/export_view.py +100 -66
- souleyez/ui/gap_analysis_view.py +315 -171
- souleyez/ui/help_system.py +105 -97
- souleyez/ui/intelligence_view.py +436 -293
- souleyez/ui/interactive.py +23434 -10286
- souleyez/ui/interactive_selector.py +75 -68
- souleyez/ui/log_formatter.py +47 -39
- souleyez/ui/menu_components.py +22 -13
- souleyez/ui/msf_auxiliary_menu.py +184 -133
- souleyez/ui/pending_chains_view.py +336 -172
- souleyez/ui/progress_indicators.py +5 -3
- souleyez/ui/recommendations_view.py +195 -137
- souleyez/ui/rule_builder.py +343 -225
- souleyez/ui/setup_wizard.py +678 -284
- souleyez/ui/shortcuts.py +217 -165
- souleyez/ui/splunk_gap_analysis_view.py +452 -270
- souleyez/ui/splunk_vulns_view.py +139 -86
- souleyez/ui/team_dashboard.py +498 -335
- souleyez/ui/template_selector.py +196 -105
- souleyez/ui/terminal.py +6 -6
- souleyez/ui/timeline_view.py +198 -127
- souleyez/ui/tool_setup.py +264 -164
- souleyez/ui/tutorial.py +202 -72
- souleyez/ui/tutorial_state.py +40 -40
- souleyez/ui/wazuh_vulns_view.py +235 -141
- souleyez/ui/wordlist_browser.py +260 -107
- souleyez/ui.py +464 -312
- souleyez/utils/tool_checker.py +427 -367
- souleyez/utils.py +33 -29
- souleyez/wordlists.py +134 -167
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/METADATA +1 -1
- souleyez-2.43.34.dist-info/RECORD +443 -0
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/WHEEL +1 -1
- souleyez-2.43.26.dist-info/RECORD +0 -379
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.26.dist-info → souleyez-2.43.34.dist-info}/top_level.txt +0 -0
|
@@ -9,14 +9,14 @@ from souleyez.intelligence.correlation_analyzer import CorrelationAnalyzer
|
|
|
9
9
|
|
|
10
10
|
class GapDetector:
|
|
11
11
|
"""Detect gaps in exploitation coverage."""
|
|
12
|
-
|
|
12
|
+
|
|
13
13
|
def __init__(self):
|
|
14
14
|
self.analyzer = CorrelationAnalyzer()
|
|
15
|
-
|
|
15
|
+
|
|
16
16
|
def find_gaps(self, engagement_id: int) -> List[Dict]:
|
|
17
17
|
"""
|
|
18
18
|
Find services that haven't been attempted.
|
|
19
|
-
|
|
19
|
+
|
|
20
20
|
Returns:
|
|
21
21
|
[
|
|
22
22
|
{
|
|
@@ -35,32 +35,31 @@ class GapDetector:
|
|
|
35
35
|
"""
|
|
36
36
|
# Run full engagement analysis
|
|
37
37
|
analysis = self.analyzer.analyze_engagement(engagement_id)
|
|
38
|
-
|
|
38
|
+
|
|
39
39
|
# Extract gaps
|
|
40
|
-
gaps = analysis.get(
|
|
41
|
-
|
|
40
|
+
gaps = analysis.get("gaps", [])
|
|
41
|
+
|
|
42
42
|
# Enrich gaps with MSF modules and priority scores
|
|
43
43
|
enriched_gaps = []
|
|
44
44
|
for gap in gaps:
|
|
45
45
|
enriched = gap.copy()
|
|
46
|
-
|
|
46
|
+
|
|
47
47
|
# Add MSF module suggestions
|
|
48
|
-
enriched[
|
|
49
|
-
gap.get(
|
|
50
|
-
gap.get('version')
|
|
48
|
+
enriched["msf_modules"] = self._get_msf_modules(
|
|
49
|
+
gap.get("service"), gap.get("version")
|
|
51
50
|
)
|
|
52
|
-
|
|
51
|
+
|
|
53
52
|
# Calculate priority score
|
|
54
|
-
enriched[
|
|
55
|
-
|
|
53
|
+
enriched["priority_score"] = self._calculate_priority_score(gap)
|
|
54
|
+
|
|
56
55
|
enriched_gaps.append(enriched)
|
|
57
|
-
|
|
56
|
+
|
|
58
57
|
return enriched_gaps
|
|
59
|
-
|
|
58
|
+
|
|
60
59
|
def prioritize_gaps(self, gaps: List[Dict]) -> List[Dict]:
|
|
61
60
|
"""
|
|
62
61
|
Prioritize gaps by exploitation potential.
|
|
63
|
-
|
|
62
|
+
|
|
64
63
|
Ranking factors:
|
|
65
64
|
1. Service criticality (database > admin > standard)
|
|
66
65
|
2. Known vulnerabilities (version-specific exploits)
|
|
@@ -68,14 +67,16 @@ class GapDetector:
|
|
|
68
67
|
4. Version info available
|
|
69
68
|
"""
|
|
70
69
|
# Sort by priority_score (descending)
|
|
71
|
-
prioritized = sorted(
|
|
72
|
-
|
|
70
|
+
prioritized = sorted(
|
|
71
|
+
gaps, key=lambda g: g.get("priority_score", 0), reverse=True
|
|
72
|
+
)
|
|
73
|
+
|
|
73
74
|
return prioritized
|
|
74
|
-
|
|
75
|
+
|
|
75
76
|
def _calculate_priority_score(self, gap: Dict) -> int:
|
|
76
77
|
"""
|
|
77
78
|
Calculate priority score (0-100).
|
|
78
|
-
|
|
79
|
+
|
|
79
80
|
Factors:
|
|
80
81
|
- Severity: critical=40, high=30, medium=20, low=10
|
|
81
82
|
- Version known: +20
|
|
@@ -83,235 +84,274 @@ class GapDetector:
|
|
|
83
84
|
- Database/admin service: +10
|
|
84
85
|
"""
|
|
85
86
|
score = 0
|
|
86
|
-
|
|
87
|
+
|
|
87
88
|
# Severity baseline
|
|
88
|
-
severity_scores = {
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
'medium': 20,
|
|
92
|
-
'low': 10
|
|
93
|
-
}
|
|
94
|
-
score += severity_scores.get(gap.get('severity', 'low'), 10)
|
|
95
|
-
|
|
89
|
+
severity_scores = {"critical": 40, "high": 30, "medium": 20, "low": 10}
|
|
90
|
+
score += severity_scores.get(gap.get("severity", "low"), 10)
|
|
91
|
+
|
|
96
92
|
# Version information available
|
|
97
|
-
if gap.get(
|
|
93
|
+
if gap.get("version"):
|
|
98
94
|
score += 20
|
|
99
|
-
|
|
95
|
+
|
|
100
96
|
# Check for known vulnerable versions
|
|
101
|
-
if gap.get(
|
|
97
|
+
if gap.get("service") and self._has_known_vulnerability(
|
|
98
|
+
gap["service"], gap["version"]
|
|
99
|
+
):
|
|
102
100
|
score += 30
|
|
103
|
-
|
|
101
|
+
|
|
104
102
|
# High-value service types
|
|
105
|
-
service = (gap.get(
|
|
106
|
-
if service in [
|
|
103
|
+
service = (gap.get("service") or "").lower()
|
|
104
|
+
if service in [
|
|
105
|
+
"mysql",
|
|
106
|
+
"postgres",
|
|
107
|
+
"mssql",
|
|
108
|
+
"mongodb",
|
|
109
|
+
"redis",
|
|
110
|
+
"ssh",
|
|
111
|
+
"rdp",
|
|
112
|
+
"smb",
|
|
113
|
+
]:
|
|
107
114
|
score += 10
|
|
108
|
-
|
|
115
|
+
|
|
109
116
|
return min(score, 100)
|
|
110
|
-
|
|
117
|
+
|
|
111
118
|
def _has_known_vulnerability(self, service: str, version: str) -> bool:
|
|
112
119
|
"""Check if service version has known vulnerabilities."""
|
|
113
120
|
if not version:
|
|
114
121
|
return False
|
|
115
|
-
|
|
122
|
+
|
|
116
123
|
if not service:
|
|
117
124
|
return False
|
|
118
|
-
|
|
125
|
+
|
|
119
126
|
version_lower = version.lower()
|
|
120
127
|
service_lower = service.lower()
|
|
121
|
-
|
|
128
|
+
|
|
122
129
|
# Known vulnerable versions
|
|
123
130
|
vulnerable_patterns = {
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
131
|
+
"vsftpd": ["2.3.4"],
|
|
132
|
+
"mysql": ["5.0", "5.1"],
|
|
133
|
+
"samba": ["3.5", "3.6", "4.4", "4.5"],
|
|
134
|
+
"openssh": ["7.2", "7.3", "7.4"],
|
|
135
|
+
"proftpd": ["1.3.3", "1.3.5"],
|
|
129
136
|
}
|
|
130
|
-
|
|
137
|
+
|
|
131
138
|
if service_lower in vulnerable_patterns:
|
|
132
139
|
for vuln_version in vulnerable_patterns[service_lower]:
|
|
133
140
|
if vuln_version in version_lower:
|
|
134
141
|
return True
|
|
135
|
-
|
|
142
|
+
|
|
136
143
|
return False
|
|
137
|
-
|
|
144
|
+
|
|
138
145
|
def get_suggested_actions(self, service: str, version: str = None) -> List[str]:
|
|
139
146
|
"""
|
|
140
147
|
Get suggested exploitation actions for a service.
|
|
141
|
-
|
|
148
|
+
|
|
142
149
|
Examples:
|
|
143
150
|
get_suggested_actions('mysql') → ['Try mysql_login', 'Check for weak passwords']
|
|
144
151
|
get_suggested_actions('ftp', 'vsftpd 2.3.4') → ['Try vsftpd_234_backdoor exploit']
|
|
145
152
|
"""
|
|
146
153
|
actions = []
|
|
147
|
-
|
|
154
|
+
|
|
148
155
|
if not service:
|
|
149
156
|
return actions
|
|
150
|
-
|
|
157
|
+
|
|
151
158
|
service_lower = service.lower()
|
|
152
|
-
|
|
159
|
+
|
|
153
160
|
# Version-specific exploits
|
|
154
161
|
if version:
|
|
155
162
|
version_lower = version.lower()
|
|
156
|
-
|
|
157
|
-
if
|
|
158
|
-
actions.append(
|
|
159
|
-
|
|
160
|
-
if
|
|
161
|
-
if any(v in version_lower for v in [
|
|
162
|
-
actions.append(
|
|
163
|
-
|
|
164
|
-
if
|
|
165
|
-
actions.append(
|
|
166
|
-
|
|
163
|
+
|
|
164
|
+
if "vsftpd 2.3.4" in version_lower:
|
|
165
|
+
actions.append("💥 CRITICAL: Try vsftpd_234_backdoor exploit")
|
|
166
|
+
|
|
167
|
+
if "samba" in version_lower or "smb" in service_lower:
|
|
168
|
+
if any(v in version_lower for v in ["3.5", "3.6", "4.4", "4.5", "4.6"]):
|
|
169
|
+
actions.append("💥 CRITICAL: Check for SambaCry (CVE-2017-7494)")
|
|
170
|
+
|
|
171
|
+
if "mysql" in version_lower and "5.0" in version_lower:
|
|
172
|
+
actions.append(
|
|
173
|
+
"💥 HIGH: Try mysql_yassl_getname exploit (CVE-2009-2446)"
|
|
174
|
+
)
|
|
175
|
+
|
|
167
176
|
# Generic service actions
|
|
168
|
-
if service_lower ==
|
|
169
|
-
actions.extend(
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
177
|
+
if service_lower == "ssh":
|
|
178
|
+
actions.extend(
|
|
179
|
+
[
|
|
180
|
+
"Try ssh_login with default credentials",
|
|
181
|
+
"Brute force with passwords_brute.txt",
|
|
182
|
+
"Check for user enumeration (CVE-2018-15473)",
|
|
183
|
+
]
|
|
184
|
+
)
|
|
185
|
+
|
|
186
|
+
elif service_lower == "ftp":
|
|
187
|
+
actions.extend(
|
|
188
|
+
[
|
|
189
|
+
"Try anonymous FTP login",
|
|
190
|
+
"Check for directory traversal",
|
|
191
|
+
"Test for bounce attack",
|
|
192
|
+
]
|
|
193
|
+
)
|
|
194
|
+
|
|
195
|
+
elif service_lower in ["mysql", "mariadb"]:
|
|
196
|
+
actions.extend(
|
|
197
|
+
[
|
|
198
|
+
"Try mysql_login brute force",
|
|
199
|
+
"Check for default root password",
|
|
200
|
+
"Test for mysql_hashdump access",
|
|
201
|
+
]
|
|
202
|
+
)
|
|
203
|
+
|
|
204
|
+
elif service_lower == "smb":
|
|
205
|
+
actions.extend(
|
|
206
|
+
[
|
|
207
|
+
"Try SMB null session enumeration",
|
|
208
|
+
"Check for EternalBlue (MS17-010)",
|
|
209
|
+
"Test smb_login brute force",
|
|
210
|
+
]
|
|
211
|
+
)
|
|
212
|
+
|
|
213
|
+
elif service_lower in ["http", "https"]:
|
|
214
|
+
actions.extend(
|
|
215
|
+
[
|
|
216
|
+
"Run Nuclei vulnerability scan",
|
|
217
|
+
"Try Gobuster directory enumeration",
|
|
218
|
+
"Check for SQLi with SQLMap",
|
|
219
|
+
]
|
|
220
|
+
)
|
|
221
|
+
|
|
222
|
+
elif service_lower == "rdp":
|
|
223
|
+
actions.extend(
|
|
224
|
+
[
|
|
225
|
+
"Try BlueKeep exploit (CVE-2019-0708)",
|
|
226
|
+
"Brute force RDP credentials",
|
|
227
|
+
"Check for weak encryption",
|
|
228
|
+
]
|
|
229
|
+
)
|
|
230
|
+
|
|
231
|
+
elif service_lower == "postgres":
|
|
232
|
+
actions.extend(
|
|
233
|
+
[
|
|
234
|
+
"Try postgres_login brute force",
|
|
235
|
+
"Check for default postgres password",
|
|
236
|
+
"Test for SQL injection",
|
|
237
|
+
]
|
|
238
|
+
)
|
|
239
|
+
|
|
240
|
+
elif service_lower == "telnet":
|
|
241
|
+
actions.extend(
|
|
242
|
+
[
|
|
243
|
+
"Try telnet_login with defaults",
|
|
244
|
+
"Brute force credentials",
|
|
245
|
+
"Capture credentials with packet sniffing",
|
|
246
|
+
]
|
|
247
|
+
)
|
|
248
|
+
|
|
249
|
+
elif service_lower == "smtp":
|
|
250
|
+
actions.extend(
|
|
251
|
+
[
|
|
252
|
+
"Enumerate users with VRFY/EXPN",
|
|
253
|
+
"Check for open relay",
|
|
254
|
+
"Try SMTP auth brute force",
|
|
255
|
+
]
|
|
256
|
+
)
|
|
257
|
+
|
|
231
258
|
else:
|
|
232
|
-
actions.append(f
|
|
233
|
-
actions.append(f
|
|
234
|
-
|
|
259
|
+
actions.append(f"Research exploits for {service}")
|
|
260
|
+
actions.append(f"Try default credential lists")
|
|
261
|
+
|
|
235
262
|
return actions
|
|
236
|
-
|
|
263
|
+
|
|
237
264
|
def _get_msf_modules(self, service: str, version: str = None) -> List[str]:
|
|
238
265
|
"""Get relevant Metasploit modules for a service."""
|
|
239
266
|
if not service:
|
|
240
267
|
return []
|
|
241
|
-
|
|
268
|
+
|
|
242
269
|
modules = []
|
|
243
270
|
service_lower = service.lower()
|
|
244
|
-
|
|
271
|
+
|
|
245
272
|
# Version-specific exploits
|
|
246
273
|
if version:
|
|
247
274
|
version_lower = version.lower()
|
|
248
|
-
|
|
249
|
-
if
|
|
250
|
-
modules.append(
|
|
251
|
-
|
|
252
|
-
if
|
|
253
|
-
modules.append(
|
|
254
|
-
|
|
255
|
-
if
|
|
256
|
-
modules.append(
|
|
257
|
-
|
|
275
|
+
|
|
276
|
+
if "vsftpd 2.3.4" in version_lower:
|
|
277
|
+
modules.append("exploit/unix/ftp/vsftpd_234_backdoor")
|
|
278
|
+
|
|
279
|
+
if "mysql" in version_lower and "5.0" in version_lower:
|
|
280
|
+
modules.append("exploit/linux/mysql/mysql_yassl_getname")
|
|
281
|
+
|
|
282
|
+
if "samba" in version_lower:
|
|
283
|
+
modules.append("exploit/linux/samba/is_known_pipename")
|
|
284
|
+
|
|
258
285
|
# Generic service modules
|
|
259
|
-
if service_lower ==
|
|
260
|
-
modules.extend(
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
286
|
+
if service_lower == "ssh":
|
|
287
|
+
modules.extend(
|
|
288
|
+
[
|
|
289
|
+
"auxiliary/scanner/ssh/ssh_login",
|
|
290
|
+
"auxiliary/scanner/ssh/ssh_enumusers",
|
|
291
|
+
]
|
|
292
|
+
)
|
|
293
|
+
|
|
294
|
+
elif service_lower == "ftp":
|
|
295
|
+
modules.extend(
|
|
296
|
+
["auxiliary/scanner/ftp/ftp_login", "auxiliary/scanner/ftp/anonymous"]
|
|
297
|
+
)
|
|
298
|
+
|
|
299
|
+
elif service_lower in ["mysql", "mariadb"]:
|
|
300
|
+
modules.extend(
|
|
301
|
+
[
|
|
302
|
+
"auxiliary/scanner/mysql/mysql_login",
|
|
303
|
+
"auxiliary/admin/mysql/mysql_enum",
|
|
304
|
+
"auxiliary/admin/mysql/mysql_hashdump",
|
|
305
|
+
]
|
|
306
|
+
)
|
|
307
|
+
|
|
308
|
+
elif service_lower == "smb":
|
|
309
|
+
modules.extend(
|
|
310
|
+
[
|
|
311
|
+
"auxiliary/scanner/smb/smb_login",
|
|
312
|
+
"exploit/windows/smb/ms17_010_eternalblue",
|
|
313
|
+
"auxiliary/scanner/smb/smb_ms17_010",
|
|
314
|
+
]
|
|
315
|
+
)
|
|
316
|
+
|
|
317
|
+
elif service_lower == "rdp":
|
|
318
|
+
modules.extend(
|
|
319
|
+
[
|
|
320
|
+
"auxiliary/scanner/rdp/rdp_scanner",
|
|
321
|
+
"exploit/windows/rdp/cve_2019_0708_bluekeep_rce",
|
|
322
|
+
]
|
|
323
|
+
)
|
|
324
|
+
|
|
325
|
+
elif service_lower == "postgres":
|
|
326
|
+
modules.extend(
|
|
327
|
+
[
|
|
328
|
+
"auxiliary/scanner/postgres/postgres_login",
|
|
329
|
+
"auxiliary/admin/postgres/postgres_sql",
|
|
330
|
+
]
|
|
331
|
+
)
|
|
332
|
+
|
|
333
|
+
elif service_lower == "telnet":
|
|
334
|
+
modules.extend(
|
|
335
|
+
[
|
|
336
|
+
"auxiliary/scanner/telnet/telnet_login",
|
|
337
|
+
"auxiliary/scanner/telnet/telnet_version",
|
|
338
|
+
]
|
|
339
|
+
)
|
|
340
|
+
|
|
341
|
+
elif service_lower == "smtp":
|
|
342
|
+
modules.extend(
|
|
343
|
+
[
|
|
344
|
+
"auxiliary/scanner/smtp/smtp_enum",
|
|
345
|
+
"auxiliary/scanner/smtp/smtp_version",
|
|
346
|
+
]
|
|
347
|
+
)
|
|
348
|
+
|
|
309
349
|
return modules
|
|
310
|
-
|
|
350
|
+
|
|
311
351
|
def get_gap_summary(self, engagement_id: int) -> Dict:
|
|
312
352
|
"""
|
|
313
353
|
Get quick summary of exploitation gaps.
|
|
314
|
-
|
|
354
|
+
|
|
315
355
|
Returns:
|
|
316
356
|
{
|
|
317
357
|
'total_gaps': 10,
|
|
@@ -328,31 +368,28 @@ class GapDetector:
|
|
|
328
368
|
"""
|
|
329
369
|
gaps = self.find_gaps(engagement_id)
|
|
330
370
|
prioritized = self.prioritize_gaps(gaps)
|
|
331
|
-
|
|
371
|
+
|
|
332
372
|
# Count by severity
|
|
333
|
-
by_severity = {
|
|
334
|
-
|
|
335
|
-
'high': 0,
|
|
336
|
-
'medium': 0,
|
|
337
|
-
'low': 0
|
|
338
|
-
}
|
|
339
|
-
|
|
373
|
+
by_severity = {"critical": 0, "high": 0, "medium": 0, "low": 0}
|
|
374
|
+
|
|
340
375
|
for gap in gaps:
|
|
341
|
-
severity = gap.get(
|
|
376
|
+
severity = gap.get("severity", "low")
|
|
342
377
|
by_severity[severity] = by_severity.get(severity, 0) + 1
|
|
343
|
-
|
|
378
|
+
|
|
344
379
|
# Get top 5 priorities
|
|
345
380
|
top_priorities = []
|
|
346
381
|
for gap in prioritized[:5]:
|
|
347
|
-
top_priorities.append(
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
382
|
+
top_priorities.append(
|
|
383
|
+
{
|
|
384
|
+
"host": gap["host"],
|
|
385
|
+
"port": gap["port"],
|
|
386
|
+
"service": gap.get("service") or "unknown",
|
|
387
|
+
"score": gap["priority_score"],
|
|
388
|
+
}
|
|
389
|
+
)
|
|
390
|
+
|
|
354
391
|
return {
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
|
|
392
|
+
"total_gaps": len(gaps),
|
|
393
|
+
"by_severity": by_severity,
|
|
394
|
+
"top_priorities": top_priorities,
|
|
358
395
|
}
|