souleyez 2.43.28__py3-none-any.whl → 2.43.32__py3-none-any.whl

souleyez/migrations/fix_job_counter.py

@@ -21,59 +21,61 @@ def fix_job_counter():
     jobs_dir = os.path.join(root, "data", "jobs")
     jobs_file = os.path.join(jobs_dir, "jobs.json")
     counter_file = os.path.join(jobs_dir, ".job_counter")
-    
+
     if not os.path.exists(jobs_dir):
         print(f"✗ Jobs directory not found: {jobs_dir}")
         return False
-    
+
     # Read existing jobs
     jobs = []
     if os.path.exists(jobs_file):
         try:
-            with open(jobs_file, 'r') as f:
+            with open(jobs_file, "r") as f:
                 jobs = json.load(f)
         except Exception as e:
             print(f"✗ Error reading jobs file: {e}")
             return False
-    
+
     # Find max job ID
     max_id = 0
     stuck_jobs = []
     for job in jobs:
-        job_id = job.get('id', 0)
+        job_id = job.get("id", 0)
         if job_id > max_id:
             max_id = job_id
-        
+
         # Identify stuck jobs (queued with no PID)
-        if job.get('status') == 'queued' and job.get('pid') is None:
+        if job.get("status") == "queued" and job.get("pid") is None:
             stuck_jobs.append(job_id)
-    
+
     # Create counter file
     next_id = max_id + 1
     try:
-        with open(counter_file, 'w') as f:
+        with open(counter_file, "w") as f:
             f.write(str(next_id))
         print(f"✓ Created job counter: next ID will be {next_id}")
     except Exception as e:
         print(f"✗ Error creating counter file: {e}")
         return False
-    
+
     # Report stuck jobs
     if stuck_jobs:
         print(f"\n⚠️  Found {len(stuck_jobs)} stuck job(s): {stuck_jobs}")
         print("   These jobs are in 'queued' status but have no PID (never started)")
-        print("   Recommendation: Delete them with 'souleyez jobs purge' or kill them individually")
+        print(
+            "   Recommendation: Delete them with 'souleyez jobs purge' or kill them individually"
+        )
     else:
         print("✓ No stuck jobs found")
-    
+
     print(f"\n✅ Migration complete!")
     print(f"   - Job counter initialized to {next_id}")
     print(f"   - Total jobs in queue: {len(jobs)}")
     print(f"   - Stuck jobs: {len(stuck_jobs)}")
-    
+
     return True
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     success = fix_job_counter()
     sys.exit(0 if success else 1)

souleyez/parsers/bloodhound_parser.py

@@ -20,53 +20,55 @@ def parse_bloodhound(log_path: str, target: str) -> Dict:
     """
     output_dir = Path.home() / ".souleyez" / "bloodhound_data"
 
-    collections = sorted(output_dir.glob("*"), key=lambda p: p.stat().st_mtime, reverse=True)
+    collections = sorted(
+        output_dir.glob("*"), key=lambda p: p.stat().st_mtime, reverse=True
+    )
 
     if not collections:
         return {
-            'tool': 'bloodhound',
-            'target': target,
-            'error': 'No Bloodhound data found'
+            "tool": "bloodhound",
+            "target": target,
+            "error": "No Bloodhound data found",
         }
 
     latest_collection = collections[0]
 
     stats = {
-        'users': 0,
-        'groups': 0,
-        'computers': 0,
-        'domains': 0,
-        'gpos': 0,
-        'sessions': 0
+        "users": 0,
+        "groups": 0,
+        "computers": 0,
+        "domains": 0,
+        "gpos": 0,
+        "sessions": 0,
     }
 
     for json_file in latest_collection.glob("*.json"):
         try:
-            with open(json_file, 'r') as f:
+            with open(json_file, "r") as f:
                 data = json.load(f)
 
-                if 'users' in data:
-                    stats['users'] += len(data['users'])
-                if 'groups' in data:
-                    stats['groups'] += len(data['groups'])
-                if 'computers' in data:
-                    stats['computers'] += len(data['computers'])
-                if 'domains' in data:
-                    stats['domains'] += len(data['domains'])
-                if 'gpos' in data:
-                    stats['gpos'] += len(data['gpos'])
-                if 'sessions' in data:
-                    stats['sessions'] += len(data['sessions'])
+                if "users" in data:
+                    stats["users"] += len(data["users"])
+                if "groups" in data:
+                    stats["groups"] += len(data["groups"])
+                if "computers" in data:
+                    stats["computers"] += len(data["computers"])
+                if "domains" in data:
+                    stats["domains"] += len(data["domains"])
+                if "gpos" in data:
+                    stats["gpos"] += len(data["gpos"])
+                if "sessions" in data:
+                    stats["sessions"] += len(data["sessions"])
         except Exception:
             continue
 
     return {
-        'tool': 'bloodhound',
-        'target': target,
-        'collection_path': str(latest_collection),
-        'statistics': stats,
-        'summary': f"Enumerated {stats['users']} users, {stats['groups']} groups, "
-                   f"{stats['computers']} computers in AD domain"
+        "tool": "bloodhound",
+        "target": target,
+        "collection_path": str(latest_collection),
+        "statistics": stats,
+        "summary": f"Enumerated {stats['users']} users, {stats['groups']} groups, "
+        f"{stats['computers']} computers in AD domain",
     }
 
 
@@ -83,19 +85,19 @@ def store_bloodhound_results(result: Dict, engagement_id: int, job_id: int):
 
     fm = FindingsManager()
 
-    stats = result.get('statistics', {})
+    stats = result.get("statistics", {})
 
     fm.add_finding(
         engagement_id=engagement_id,
         title=f"Active Directory Enumerated - {stats.get('users', 0)} Users Discovered",
         description=f"Bloodhound successfully enumerated Active Directory:\n"
-                    f"- Users: {stats.get('users', 0)}\n"
-                    f"- Groups: {stats.get('groups', 0)}\n"
-                    f"- Computers: {stats.get('computers', 0)}\n"
-                    f"- GPOs: {stats.get('gpos', 0)}\n\n"
-                    f"Data saved to: {result.get('collection_path', 'Unknown')}\n"
-                    f"Import into Bloodhound GUI to visualize attack paths.",
-        severity='info',
-        tool='bloodhound',
-        evidence=result.get('summary', 'AD enumeration complete')
+        f"- Users: {stats.get('users', 0)}\n"
+        f"- Groups: {stats.get('groups', 0)}\n"
+        f"- Computers: {stats.get('computers', 0)}\n"
+        f"- GPOs: {stats.get('gpos', 0)}\n\n"
+        f"Data saved to: {result.get('collection_path', 'Unknown')}\n"
+        f"Import into Bloodhound GUI to visualize attack paths.",
+        severity="info",
+        tool="bloodhound",
+        evidence=result.get("summary", "AD enumeration complete"),
     )

souleyez/parsers/crackmapexec_parser.py

@@ -32,22 +32,22 @@ def parse_crackmapexec(log_path: str, target: str) -> Dict[str, Any]:
         Dict containing parsed findings
     """
     try:
-        with open(log_path, 'r', encoding='utf-8', errors='replace') as f:
+        with open(log_path, "r", encoding="utf-8", errors="replace") as f:
             content = f.read()
             return _parse_content(content, target)
     except FileNotFoundError:
         return {
-            'tool': 'crackmapexec',
-            'target': target,
-            'error': 'Log file not found',
-            'findings': {
-                'hosts': [],
-                'shares': [],
-                'users': [],
-                'groups': [],
-                'credentials': [],
-                'vulnerabilities': []
-            }
+            "tool": "crackmapexec",
+            "target": target,
+            "error": "Log file not found",
+            "findings": {
+                "hosts": [],
+                "shares": [],
+                "users": [],
+                "groups": [],
+                "credentials": [],
+                "vulnerabilities": [],
+            },
         }
 
 
@@ -63,36 +63,45 @@ def _parse_content(content: str, target: str) -> Dict[str, Any]:
         Dict containing parsed findings
     """
     findings = {
-        'hosts': [],
-        'shares': [],
-        'users': [],
-        'groups': [],
-        'credentials': [],
-        'vulnerabilities': [],
-        'auth_info': {}
+        "hosts": [],
+        "shares": [],
+        "users": [],
+        "groups": [],
+        "credentials": [],
+        "vulnerabilities": [],
+        "auth_info": {},
+        "password_must_change": [],  # Users with STATUS_PASSWORD_MUST_CHANGE
     }
 
     # Remove ANSI color codes first
-    content = re.sub(r'\x1b\[[0-9;]*m', '', content)
+    content = re.sub(r"\x1b\[[0-9;]*m", "", content)
 
-    for line in content.split('\n'):
+    for line in content.split("\n"):
         # Parse host information (Windows OR Unix/Samba)
         # Format variations:
         # SMB  10.0.0.88  445  HOSTNAME  [*] Windows/Unix ... (name:HOSTNAME) (domain:DOMAIN) ...
         # SMB         10.0.0.88    445    HOSTNAME [*] Windows Server 2016 ...
         # WINRM  10.0.0.88  5985  HOSTNAME  [*] http://10.0.0.88:5985/wsman
 
-        os_keywords = ['Windows', 'Unix', 'Samba', 'Linux', 'Server', 'Microsoft']
-        if any(proto in line for proto in ['SMB', 'WINRM', 'SSH', 'RDP']) and '[*]' in line:
+        os_keywords = ["Windows", "Unix", "Samba", "Linux", "Server", "Microsoft"]
+        if (
+            any(proto in line for proto in ["SMB", "WINRM", "SSH", "RDP"])
+            and "[*]" in line
+        ):
             # Try multiple patterns for host info
             host_match = None
 
             # Pattern 1: Standard format with flexible whitespace
-            host_match = re.search(r'(\d+\.\d+\.\d+\.\d+)\s+(\d+)\s+(\S+)\s+\[\*\]\s*(.+)', line)
+            host_match = re.search(
+                r"(\d+\.\d+\.\d+\.\d+)\s+(\d+)\s+(\S+)\s+\[\*\]\s*(.+)", line
+            )
 
             # Pattern 2: Protocol prefix format
             if not host_match:
-                host_match = re.search(r'(?:SMB|WINRM|SSH|RDP)\s+(\d+\.\d+\.\d+\.\d+)\s+(\d+)\s+(\S+)\s+\[\*\]\s*(.+)', line)
+                host_match = re.search(
+                    r"(?:SMB|WINRM|SSH|RDP)\s+(\d+\.\d+\.\d+\.\d+)\s+(\d+)\s+(\S+)\s+\[\*\]\s*(.+)",
+                    line,
+                )
 
             if host_match:
                 ip = host_match.group(1)
@@ -101,43 +110,51 @@ def _parse_content(content: str, target: str) -> Dict[str, Any]:
                 details = host_match.group(4).strip()
 
                 # Only process as host info if it looks like OS/version info
-                if any(kw in details for kw in os_keywords) or '(domain:' in details:
+                if any(kw in details for kw in os_keywords) or "(domain:" in details:
                     # Extract domain from (domain:DOMAIN) or domain: pattern
-                    domain_match = re.search(r'\(?domain:?\s*([^)\s]+)\)?', details, re.IGNORECASE)
+                    domain_match = re.search(
+                        r"\(?domain:?\s*([^)\s]+)\)?", details, re.IGNORECASE
+                    )
                     domain = domain_match.group(1) if domain_match else None
 
                     # Extract OS info (everything before the first parenthesis)
-                    os_match = re.match(r'([^(]+)', details)
+                    os_match = re.match(r"([^(]+)", details)
                     os_info = os_match.group(1).strip() if os_match else details
 
                     # Extract SMB signing status (multiple formats)
-                    signing_match = re.search(r'\(?signing:?\s*(\w+)\)?', details, re.IGNORECASE)
+                    signing_match = re.search(
+                        r"\(?signing:?\s*(\w+)\)?", details, re.IGNORECASE
+                    )
                     signing = signing_match.group(1) if signing_match else None
 
                     # Extract SMBv1 status
-                    smbv1_match = re.search(r'\(?SMBv1:?\s*(\w+)\)?', details, re.IGNORECASE)
+                    smbv1_match = re.search(
+                        r"\(?SMBv1:?\s*(\w+)\)?", details, re.IGNORECASE
+                    )
                     smbv1 = smbv1_match.group(1) if smbv1_match else None
 
-                    findings['hosts'].append({
-                        'ip': ip,
-                        'port': port,
-                        'hostname': hostname,
-                        'domain': domain,
-                        'os': os_info,
-                        'signing': signing,
-                        'smbv1': smbv1
-                    })
+                    findings["hosts"].append(
+                        {
+                            "ip": ip,
+                            "port": port,
+                            "hostname": hostname,
+                            "domain": domain,
+                            "os": os_info,
+                            "signing": signing,
+                            "smbv1": smbv1,
+                        }
+                    )
 
         # Parse authentication status
         # Format: SMB  10.0.0.14  445  HOSTNAME  [+] \: (Guest)
-        if 'SMB' in line and '[+]' in line and ('Guest' in line or '\\' in line):
-            auth_match = re.search(r'\[\+\]\s+(.+)', line)
+        if "SMB" in line and "[+]" in line and ("Guest" in line or "\\" in line):
+            auth_match = re.search(r"\[\+\]\s+(.+)", line)
             if auth_match:
                 auth_str = auth_match.group(1).strip()
-                findings['auth_info'] = {
-                    'status': 'success',
-                    'details': auth_str,
-                    'is_guest': 'Guest' in auth_str
+                findings["auth_info"] = {
+                    "status": "success",
+                    "details": auth_str,
+                    "is_guest": "Guest" in auth_str,
                 }
 
         # Parse share enumeration (shares WITH permissions)
@@ -146,59 +163,102 @@ def _parse_content(content: str, target: str) -> Dict[str, Any]:
         # SMB ... ADMIN$  READ, WRITE  Remote Admin (with space)
         # SMB ... C$  READ ONLY  Default share
         share_perm_match = re.search(
-            r'SMB.*\s+(\S+\$?)\s+(READ,?\s*WRITE|READ\s*ONLY|WRITE\s*ONLY|READ|WRITE|NO\s*ACCESS)\s*(.*)$',
-            line, re.IGNORECASE
+            r"SMB.*\s+(\S+\$?)\s+(READ,?\s*WRITE|READ\s*ONLY|WRITE\s*ONLY|READ|WRITE|NO\s*ACCESS)\s*(.*)$",
+            line,
+            re.IGNORECASE,
         )
         if share_perm_match:
             share_name = share_perm_match.group(1)
             # Skip if it looks like a header or status line
-            if share_name not in ['Share', 'Permissions', 'shares']:
-                findings['shares'].append({
-                    'name': share_name,
-                    'permissions': share_perm_match.group(2).upper().replace(' ', ''),
-                    'comment': share_perm_match.group(3).strip() if share_perm_match.group(3) else ''
-                })
+            if share_name not in ["Share", "Permissions", "shares"]:
+                findings["shares"].append(
+                    {
+                        "name": share_name,
+                        "permissions": share_perm_match.group(2)
+                        .upper()
+                        .replace(" ", ""),
+                        "comment": (
+                            share_perm_match.group(3).strip()
+                            if share_perm_match.group(3)
+                            else ""
+                        ),
+                    }
+                )
         # Parse share enumeration (shares WITHOUT explicit permissions - just listed)
-        elif 'SMB' in line and not ('Share' in line and 'Permissions' in line) and not '-----' in line:
+        elif (
+            "SMB" in line
+            and not ("Share" in line and "Permissions" in line)
+            and not "-----" in line
+        ):
             # Look for lines with share names (ending with $, or common names like print$, public, IPC$)
-            share_list_match = re.search(r'SMB\s+\S+\s+\d+\s+\S+\s+(\w+\$?|\w+)\s+(.+)?$', line)
+            share_list_match = re.search(
+                r"SMB\s+\S+\s+\d+\s+\S+\s+(\w+\$?|\w+)\s+(.+)?$", line
+            )
             if share_list_match:
                 share_name = share_list_match.group(1).strip()
-                remark = share_list_match.group(2).strip() if share_list_match.group(2) else ''
+                remark = (
+                    share_list_match.group(2).strip()
+                    if share_list_match.group(2)
+                    else ""
+                )
                 # Only add if it looks like a share (not header text, not empty)
-                if share_name and share_name not in ['Share', 'Enumerated', 'shares'] and not share_name.startswith('['):
+                if (
+                    share_name
+                    and share_name not in ["Share", "Enumerated", "shares"]
+                    and not share_name.startswith("[")
+                ):
                     # Check if not already added
-                    if not any(s['name'] == share_name for s in findings['shares']):
-                        findings['shares'].append({
-                            'name': share_name,
-                            'permissions': None,
-                            'comment': remark
-                        })
+                    if not any(s["name"] == share_name for s in findings["shares"]):
+                        findings["shares"].append(
+                            {"name": share_name, "permissions": None, "comment": remark}
+                        )
 
         # Parse user enumeration with flexible format
         # Format variations:
         # username badpwdcount: 0 desc: Description
         # username  badpwdcount:0  desc:Description
         # username baddpwdcount: 0 description: Description
-        if 'badpwdcount' in line.lower() or 'baddpwdcount' in line.lower():
+        if "badpwdcount" in line.lower() or "baddpwdcount" in line.lower():
             user_match = re.search(
-                r'(\S+)\s+bad+pwdcount:?\s*(\d+)\s+(?:desc(?:ription)?:?\s*)?(.+)?',
-                line, re.IGNORECASE
+                r"(\S+)\s+bad+pwdcount:?\s*(\d+)\s+(?:desc(?:ription)?:?\s*)?(.+)?",
+                line,
+                re.IGNORECASE,
             )
             if user_match:
-                findings['users'].append({
-                    'username': user_match.group(1),
-                    'badpwdcount': int(user_match.group(2)),
-                    'description': user_match.group(3).strip() if user_match.group(3) else ''
-                })
+                findings["users"].append(
+                    {
+                        "username": user_match.group(1),
+                        "badpwdcount": int(user_match.group(2)),
+                        "description": (
+                            user_match.group(3).strip() if user_match.group(3) else ""
+                        ),
+                    }
+                )
 
         # Parse vulnerability findings
-        if 'vulnerable' in line.lower() or 'MS17-010' in line:
-            vuln_match = re.search(r'\[\+\]\s+(.+)', line)
+        if "vulnerable" in line.lower() or "MS17-010" in line:
+            vuln_match = re.search(r"\[\+\]\s+(.+)", line)
             if vuln_match:
-                findings['vulnerabilities'].append({
-                    'description': vuln_match.group(1).strip()
-                })
+                findings["vulnerabilities"].append(
+                    {"description": vuln_match.group(1).strip()}
+                )
+
+        # Parse STATUS_PASSWORD_MUST_CHANGE - user needs to change password
+        # Format: SMB  IP  445  HOST  [-] domain\user:password STATUS_PASSWORD_MUST_CHANGE
+        if "STATUS_PASSWORD_MUST_CHANGE" in line:
+            pwchange_match = re.search(
+                r"\[-\]\s*([^\\/:]+)[\\\/]+([^:]+):([^\s]+)\s+STATUS_PASSWORD_MUST_CHANGE",
+                line,
+                re.IGNORECASE,
+            )
+            if pwchange_match:
+                findings["password_must_change"].append(
+                    {
+                        "domain": pwchange_match.group(1).strip(),
+                        "username": pwchange_match.group(2).strip(),
+                        "password": pwchange_match.group(3).strip(),
+                    }
+                )
 
         # Parse valid credentials (but not Guest authentication)
         # Format variations:
@@ -206,57 +266,64 @@ def _parse_content(content: str, target: str) -> Dict[str, Any]:
         # [+] DOMAIN\\username:password (Pwn3d!)
         # [+] username:password (Pwn3d!)
         # [+] DOMAIN/username:password (Pwn3d!)
-        if '[+]' in line and ('Pwn3d' in line or ':' in line):
+        if "[+]" in line and ("Pwn3d" in line or ":" in line):
             # Try domain\user:pass format first
             cred_match = re.search(
-                r'\[\+\]\s*([^\\/:]+)[\\\/]+([^:]+):([^\s(]+)\s*(\(Pwn3d!?\))?',
-                line, re.IGNORECASE
+                r"\[\+\]\s*([^\\/:]+)[\\\/]+([^:]+):([^\s(]+)\s*(\(Pwn3d!?\))?",
+                line,
+                re.IGNORECASE,
             )
             if cred_match:
-                findings['credentials'].append({
-                    'domain': cred_match.group(1).strip(),
-                    'username': cred_match.group(2).strip(),
-                    'password': cred_match.group(3).strip(),
-                    'admin': bool(cred_match.group(4))
-                })
+                findings["credentials"].append(
+                    {
+                        "domain": cred_match.group(1).strip(),
+                        "username": cred_match.group(2).strip(),
+                        "password": cred_match.group(3).strip(),
+                        "admin": bool(cred_match.group(4)),
+                    }
+                )
             else:
                 # Try user:pass format (no domain)
                 cred_match = re.search(
-                    r'\[\+\]\s*([^:@\s]+):([^\s(]+)\s*(\(Pwn3d!?\))?',
-                    line, re.IGNORECASE
+                    r"\[\+\]\s*([^:@\s]+):([^\s(]+)\s*(\(Pwn3d!?\))?",
+                    line,
+                    re.IGNORECASE,
                 )
-                if cred_match and '@' not in cred_match.group(1):
-                    findings['credentials'].append({
-                        'domain': '',
-                        'username': cred_match.group(1).strip(),
-                        'password': cred_match.group(2).strip(),
-                        'admin': bool(cred_match.group(3))
-                    })
+                if cred_match and "@" not in cred_match.group(1):
+                    findings["credentials"].append(
+                        {
+                            "domain": "",
+                            "username": cred_match.group(1).strip(),
+                            "password": cred_match.group(2).strip(),
+                            "admin": bool(cred_match.group(3)),
+                        }
+                    )
 
     # Extract admin credentials for auto-chaining
-    admin_creds = [c for c in findings['credentials'] if c.get('admin')]
+    admin_creds = [c for c in findings["credentials"] if c.get("admin")]
 
     # Extract unique domains for auto-chaining
     domains = []
     seen_domains = set()
-    for host in findings['hosts']:
-        domain = host.get('domain')
+    for host in findings["hosts"]:
+        domain = host.get("domain")
         if domain and domain not in seen_domains:
-            domains.append({
-                'domain': domain,
-                'ip': host.get('ip')
-            })
+            domains.append({"domain": domain, "ip": host.get("ip")})
             seen_domains.add(domain)
 
     return {
-        'tool': 'crackmapexec',
-        'target': target,
-        'hosts_found': len(findings['hosts']),
-        'shares_found': len(findings['shares']),
-        'users_found': len(findings['users']),
-        'valid_credentials': len(findings['credentials']),
-        'vulnerabilities_found': len(findings['vulnerabilities']),
-        'findings': findings,
-        'domains': domains,  # For auto-chaining to GetNPUsers and other AD tools
-        'valid_admin_credentials': admin_creds  # For auto-chaining to secretsdump
+        "tool": "crackmapexec",
+        "target": target,
+        "hosts_found": len(findings["hosts"]),
+        "shares_found": len(findings["shares"]),
+        "users_found": len(findings["users"]),
+        "valid_credentials": len(findings["credentials"]),
+        "vulnerabilities_found": len(findings["vulnerabilities"]),
+        "password_must_change_found": len(findings["password_must_change"]),
+        "findings": findings,
+        "domains": domains,  # For auto-chaining to GetNPUsers and other AD tools
+        "valid_admin_credentials": admin_creds,  # For auto-chaining to secretsdump
+        "password_must_change": findings[
+            "password_must_change"
+        ],  # For smbpasswd chaining
     }