souleyez 2.43.28__py3-none-any.whl → 2.43.32__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (356) hide show
  1. souleyez/__init__.py +1 -2
  2. souleyez/ai/__init__.py +21 -15
  3. souleyez/ai/action_mapper.py +249 -150
  4. souleyez/ai/chain_advisor.py +116 -100
  5. souleyez/ai/claude_provider.py +29 -28
  6. souleyez/ai/context_builder.py +80 -62
  7. souleyez/ai/executor.py +158 -117
  8. souleyez/ai/feedback_handler.py +136 -121
  9. souleyez/ai/llm_factory.py +27 -20
  10. souleyez/ai/llm_provider.py +4 -2
  11. souleyez/ai/ollama_provider.py +6 -9
  12. souleyez/ai/ollama_service.py +44 -37
  13. souleyez/ai/path_scorer.py +91 -76
  14. souleyez/ai/recommender.py +176 -144
  15. souleyez/ai/report_context.py +74 -73
  16. souleyez/ai/report_service.py +84 -66
  17. souleyez/ai/result_parser.py +222 -229
  18. souleyez/ai/safety.py +67 -44
  19. souleyez/auth/__init__.py +23 -22
  20. souleyez/auth/audit.py +36 -26
  21. souleyez/auth/engagement_access.py +65 -48
  22. souleyez/auth/permissions.py +14 -3
  23. souleyez/auth/session_manager.py +54 -37
  24. souleyez/auth/user_manager.py +109 -64
  25. souleyez/commands/audit.py +40 -43
  26. souleyez/commands/auth.py +35 -15
  27. souleyez/commands/deliverables.py +55 -50
  28. souleyez/commands/engagement.py +47 -28
  29. souleyez/commands/license.py +32 -23
  30. souleyez/commands/screenshots.py +36 -32
  31. souleyez/commands/user.py +82 -36
  32. souleyez/config.py +52 -44
  33. souleyez/core/credential_tester.py +87 -81
  34. souleyez/core/cve_mappings.py +179 -192
  35. souleyez/core/cve_matcher.py +162 -148
  36. souleyez/core/msf_auto_mapper.py +100 -83
  37. souleyez/core/msf_chain_engine.py +294 -256
  38. souleyez/core/msf_database.py +153 -70
  39. souleyez/core/msf_integration.py +679 -673
  40. souleyez/core/msf_rpc_client.py +40 -42
  41. souleyez/core/msf_rpc_manager.py +77 -79
  42. souleyez/core/msf_sync_manager.py +241 -181
  43. souleyez/core/network_utils.py +22 -15
  44. souleyez/core/parser_handler.py +34 -25
  45. souleyez/core/pending_chains.py +114 -63
  46. souleyez/core/templates.py +158 -107
  47. souleyez/core/tool_chaining.py +9592 -2879
  48. souleyez/core/version_utils.py +79 -94
  49. souleyez/core/vuln_correlation.py +136 -89
  50. souleyez/core/web_utils.py +33 -32
  51. souleyez/data/wordlists/ad_users.txt +378 -0
  52. souleyez/data/wordlists/api_endpoints_large.txt +769 -0
  53. souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
  54. souleyez/data/wordlists/lfi_payloads.txt +82 -0
  55. souleyez/data/wordlists/passwords_brute.txt +1548 -0
  56. souleyez/data/wordlists/passwords_crack.txt +2479 -0
  57. souleyez/data/wordlists/passwords_spray.txt +386 -0
  58. souleyez/data/wordlists/subdomains_large.txt +5057 -0
  59. souleyez/data/wordlists/usernames_common.txt +694 -0
  60. souleyez/data/wordlists/web_dirs_large.txt +4769 -0
  61. souleyez/detection/__init__.py +1 -1
  62. souleyez/detection/attack_signatures.py +12 -17
  63. souleyez/detection/mitre_mappings.py +61 -55
  64. souleyez/detection/validator.py +97 -86
  65. souleyez/devtools.py +23 -10
  66. souleyez/docs/README.md +4 -4
  67. souleyez/docs/api-reference/cli-commands.md +2 -2
  68. souleyez/docs/developer-guide/adding-new-tools.md +562 -0
  69. souleyez/docs/user-guide/auto-chaining.md +30 -8
  70. souleyez/docs/user-guide/getting-started.md +1 -1
  71. souleyez/docs/user-guide/installation.md +26 -3
  72. souleyez/docs/user-guide/metasploit-integration.md +2 -2
  73. souleyez/docs/user-guide/rbac.md +1 -1
  74. souleyez/docs/user-guide/scope-management.md +1 -1
  75. souleyez/docs/user-guide/siem-integration.md +1 -1
  76. souleyez/docs/user-guide/tools-reference.md +1 -8
  77. souleyez/docs/user-guide/worker-management.md +1 -1
  78. souleyez/engine/background.py +1238 -535
  79. souleyez/engine/base.py +4 -1
  80. souleyez/engine/job_status.py +17 -49
  81. souleyez/engine/log_sanitizer.py +103 -77
  82. souleyez/engine/manager.py +38 -7
  83. souleyez/engine/result_handler.py +2198 -1550
  84. souleyez/engine/worker_manager.py +50 -41
  85. souleyez/export/evidence_bundle.py +72 -62
  86. souleyez/feature_flags/features.py +16 -20
  87. souleyez/feature_flags.py +5 -9
  88. souleyez/handlers/__init__.py +11 -0
  89. souleyez/handlers/base.py +188 -0
  90. souleyez/handlers/bash_handler.py +277 -0
  91. souleyez/handlers/bloodhound_handler.py +243 -0
  92. souleyez/handlers/certipy_handler.py +311 -0
  93. souleyez/handlers/crackmapexec_handler.py +486 -0
  94. souleyez/handlers/dnsrecon_handler.py +344 -0
  95. souleyez/handlers/enum4linux_handler.py +400 -0
  96. souleyez/handlers/evil_winrm_handler.py +493 -0
  97. souleyez/handlers/ffuf_handler.py +815 -0
  98. souleyez/handlers/gobuster_handler.py +1114 -0
  99. souleyez/handlers/gpp_extract_handler.py +334 -0
  100. souleyez/handlers/hashcat_handler.py +444 -0
  101. souleyez/handlers/hydra_handler.py +563 -0
  102. souleyez/handlers/impacket_getuserspns_handler.py +343 -0
  103. souleyez/handlers/impacket_psexec_handler.py +222 -0
  104. souleyez/handlers/impacket_secretsdump_handler.py +426 -0
  105. souleyez/handlers/john_handler.py +286 -0
  106. souleyez/handlers/katana_handler.py +425 -0
  107. souleyez/handlers/kerbrute_handler.py +298 -0
  108. souleyez/handlers/ldapsearch_handler.py +636 -0
  109. souleyez/handlers/lfi_extract_handler.py +464 -0
  110. souleyez/handlers/msf_auxiliary_handler.py +408 -0
  111. souleyez/handlers/msf_exploit_handler.py +380 -0
  112. souleyez/handlers/nikto_handler.py +413 -0
  113. souleyez/handlers/nmap_handler.py +821 -0
  114. souleyez/handlers/nuclei_handler.py +359 -0
  115. souleyez/handlers/nxc_handler.py +371 -0
  116. souleyez/handlers/rdp_sec_check_handler.py +353 -0
  117. souleyez/handlers/registry.py +288 -0
  118. souleyez/handlers/responder_handler.py +232 -0
  119. souleyez/handlers/service_explorer_handler.py +434 -0
  120. souleyez/handlers/smbclient_handler.py +344 -0
  121. souleyez/handlers/smbmap_handler.py +510 -0
  122. souleyez/handlers/smbpasswd_handler.py +296 -0
  123. souleyez/handlers/sqlmap_handler.py +1116 -0
  124. souleyez/handlers/theharvester_handler.py +601 -0
  125. souleyez/handlers/whois_handler.py +277 -0
  126. souleyez/handlers/wpscan_handler.py +554 -0
  127. souleyez/history.py +32 -16
  128. souleyez/importers/msf_importer.py +106 -75
  129. souleyez/importers/smart_importer.py +208 -147
  130. souleyez/integrations/siem/__init__.py +10 -10
  131. souleyez/integrations/siem/base.py +17 -18
  132. souleyez/integrations/siem/elastic.py +108 -122
  133. souleyez/integrations/siem/factory.py +207 -80
  134. souleyez/integrations/siem/googlesecops.py +146 -154
  135. souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
  136. souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
  137. souleyez/integrations/siem/sentinel.py +107 -109
  138. souleyez/integrations/siem/splunk.py +246 -212
  139. souleyez/integrations/siem/wazuh.py +65 -71
  140. souleyez/integrations/wazuh/__init__.py +5 -5
  141. souleyez/integrations/wazuh/client.py +70 -93
  142. souleyez/integrations/wazuh/config.py +85 -57
  143. souleyez/integrations/wazuh/host_mapper.py +28 -36
  144. souleyez/integrations/wazuh/sync.py +78 -68
  145. souleyez/intelligence/__init__.py +4 -5
  146. souleyez/intelligence/correlation_analyzer.py +309 -295
  147. souleyez/intelligence/exploit_knowledge.py +661 -623
  148. souleyez/intelligence/exploit_suggestions.py +159 -139
  149. souleyez/intelligence/gap_analyzer.py +132 -97
  150. souleyez/intelligence/gap_detector.py +251 -214
  151. souleyez/intelligence/sensitive_tables.py +266 -129
  152. souleyez/intelligence/service_parser.py +137 -123
  153. souleyez/intelligence/surface_analyzer.py +407 -268
  154. souleyez/intelligence/target_parser.py +159 -162
  155. souleyez/licensing/__init__.py +6 -6
  156. souleyez/licensing/validator.py +17 -19
  157. souleyez/log_config.py +79 -54
  158. souleyez/main.py +1505 -687
  159. souleyez/migrations/fix_job_counter.py +16 -14
  160. souleyez/parsers/bloodhound_parser.py +41 -39
  161. souleyez/parsers/crackmapexec_parser.py +178 -111
  162. souleyez/parsers/dalfox_parser.py +72 -77
  163. souleyez/parsers/dnsrecon_parser.py +103 -91
  164. souleyez/parsers/enum4linux_parser.py +183 -153
  165. souleyez/parsers/ffuf_parser.py +29 -25
  166. souleyez/parsers/gobuster_parser.py +301 -41
  167. souleyez/parsers/hashcat_parser.py +324 -79
  168. souleyez/parsers/http_fingerprint_parser.py +350 -103
  169. souleyez/parsers/hydra_parser.py +131 -111
  170. souleyez/parsers/impacket_parser.py +231 -178
  171. souleyez/parsers/john_parser.py +98 -86
  172. souleyez/parsers/katana_parser.py +316 -0
  173. souleyez/parsers/msf_parser.py +943 -498
  174. souleyez/parsers/nikto_parser.py +346 -65
  175. souleyez/parsers/nmap_parser.py +262 -174
  176. souleyez/parsers/nuclei_parser.py +40 -44
  177. souleyez/parsers/responder_parser.py +26 -26
  178. souleyez/parsers/searchsploit_parser.py +74 -74
  179. souleyez/parsers/service_explorer_parser.py +279 -0
  180. souleyez/parsers/smbmap_parser.py +180 -124
  181. souleyez/parsers/sqlmap_parser.py +434 -308
  182. souleyez/parsers/theharvester_parser.py +75 -57
  183. souleyez/parsers/whois_parser.py +135 -94
  184. souleyez/parsers/wpscan_parser.py +278 -190
  185. souleyez/plugins/afp.py +44 -36
  186. souleyez/plugins/afp_brute.py +114 -46
  187. souleyez/plugins/ard.py +48 -37
  188. souleyez/plugins/bloodhound.py +95 -61
  189. souleyez/plugins/certipy.py +303 -0
  190. souleyez/plugins/crackmapexec.py +186 -85
  191. souleyez/plugins/dalfox.py +120 -59
  192. souleyez/plugins/dns_hijack.py +146 -41
  193. souleyez/plugins/dnsrecon.py +97 -61
  194. souleyez/plugins/enum4linux.py +91 -66
  195. souleyez/plugins/evil_winrm.py +291 -0
  196. souleyez/plugins/ffuf.py +166 -90
  197. souleyez/plugins/firmware_extract.py +133 -29
  198. souleyez/plugins/gobuster.py +387 -190
  199. souleyez/plugins/gpp_extract.py +393 -0
  200. souleyez/plugins/hashcat.py +100 -73
  201. souleyez/plugins/http_fingerprint.py +854 -267
  202. souleyez/plugins/hydra.py +566 -200
  203. souleyez/plugins/impacket_getnpusers.py +117 -69
  204. souleyez/plugins/impacket_psexec.py +84 -64
  205. souleyez/plugins/impacket_secretsdump.py +103 -69
  206. souleyez/plugins/impacket_smbclient.py +89 -75
  207. souleyez/plugins/john.py +86 -69
  208. souleyez/plugins/katana.py +313 -0
  209. souleyez/plugins/kerbrute.py +237 -0
  210. souleyez/plugins/lfi_extract.py +541 -0
  211. souleyez/plugins/macos_ssh.py +117 -48
  212. souleyez/plugins/mdns.py +35 -30
  213. souleyez/plugins/msf_auxiliary.py +253 -130
  214. souleyez/plugins/msf_exploit.py +239 -161
  215. souleyez/plugins/nikto.py +134 -78
  216. souleyez/plugins/nmap.py +275 -91
  217. souleyez/plugins/nuclei.py +180 -89
  218. souleyez/plugins/nxc.py +285 -0
  219. souleyez/plugins/plugin_base.py +35 -36
  220. souleyez/plugins/plugin_template.py +13 -5
  221. souleyez/plugins/rdp_sec_check.py +130 -0
  222. souleyez/plugins/responder.py +112 -71
  223. souleyez/plugins/router_http_brute.py +76 -65
  224. souleyez/plugins/router_ssh_brute.py +118 -41
  225. souleyez/plugins/router_telnet_brute.py +124 -42
  226. souleyez/plugins/routersploit.py +91 -59
  227. souleyez/plugins/routersploit_exploit.py +77 -55
  228. souleyez/plugins/searchsploit.py +91 -77
  229. souleyez/plugins/service_explorer.py +1160 -0
  230. souleyez/plugins/smbmap.py +122 -72
  231. souleyez/plugins/smbpasswd.py +215 -0
  232. souleyez/plugins/sqlmap.py +301 -113
  233. souleyez/plugins/theharvester.py +127 -75
  234. souleyez/plugins/tr069.py +79 -57
  235. souleyez/plugins/upnp.py +65 -47
  236. souleyez/plugins/upnp_abuse.py +73 -55
  237. souleyez/plugins/vnc_access.py +129 -42
  238. souleyez/plugins/vnc_brute.py +109 -38
  239. souleyez/plugins/whois.py +77 -58
  240. souleyez/plugins/wpscan.py +173 -69
  241. souleyez/reporting/__init__.py +2 -1
  242. souleyez/reporting/attack_chain.py +411 -346
  243. souleyez/reporting/charts.py +436 -501
  244. souleyez/reporting/compliance_mappings.py +334 -201
  245. souleyez/reporting/detection_report.py +126 -125
  246. souleyez/reporting/formatters.py +828 -591
  247. souleyez/reporting/generator.py +386 -302
  248. souleyez/reporting/metrics.py +72 -75
  249. souleyez/scanner.py +35 -29
  250. souleyez/security/__init__.py +37 -11
  251. souleyez/security/scope_validator.py +175 -106
  252. souleyez/security/validation.py +223 -149
  253. souleyez/security.py +22 -6
  254. souleyez/storage/credentials.py +247 -186
  255. souleyez/storage/crypto.py +296 -129
  256. souleyez/storage/database.py +73 -50
  257. souleyez/storage/db.py +58 -36
  258. souleyez/storage/deliverable_evidence.py +177 -128
  259. souleyez/storage/deliverable_exporter.py +282 -246
  260. souleyez/storage/deliverable_templates.py +134 -116
  261. souleyez/storage/deliverables.py +135 -130
  262. souleyez/storage/engagements.py +109 -56
  263. souleyez/storage/evidence.py +181 -152
  264. souleyez/storage/execution_log.py +31 -17
  265. souleyez/storage/exploit_attempts.py +93 -57
  266. souleyez/storage/exploits.py +67 -36
  267. souleyez/storage/findings.py +48 -61
  268. souleyez/storage/hosts.py +176 -144
  269. souleyez/storage/migrate_to_engagements.py +43 -19
  270. souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
  271. souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
  272. souleyez/storage/migrations/_003_add_execution_log.py +14 -8
  273. souleyez/storage/migrations/_005_screenshots.py +13 -5
  274. souleyez/storage/migrations/_006_deliverables.py +13 -5
  275. souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
  276. souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
  277. souleyez/storage/migrations/_010_evidence_linking.py +17 -10
  278. souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
  279. souleyez/storage/migrations/_012_team_collaboration.py +34 -21
  280. souleyez/storage/migrations/_013_add_host_tags.py +12 -6
  281. souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
  282. souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
  283. souleyez/storage/migrations/_016_add_domain_field.py +10 -4
  284. souleyez/storage/migrations/_017_msf_sessions.py +16 -8
  285. souleyez/storage/migrations/_018_add_osint_target.py +10 -6
  286. souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
  287. souleyez/storage/migrations/_020_add_rbac.py +36 -15
  288. souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
  289. souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
  290. souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
  291. souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
  292. souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
  293. souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
  294. souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
  295. souleyez/storage/migrations/__init__.py +26 -26
  296. souleyez/storage/migrations/migration_manager.py +19 -19
  297. souleyez/storage/msf_sessions.py +100 -65
  298. souleyez/storage/osint.py +17 -24
  299. souleyez/storage/recommendation_engine.py +269 -235
  300. souleyez/storage/screenshots.py +33 -32
  301. souleyez/storage/smb_shares.py +136 -92
  302. souleyez/storage/sqlmap_data.py +183 -128
  303. souleyez/storage/team_collaboration.py +135 -141
  304. souleyez/storage/timeline_tracker.py +122 -94
  305. souleyez/storage/wazuh_vulns.py +64 -66
  306. souleyez/storage/web_paths.py +33 -37
  307. souleyez/testing/credential_tester.py +221 -205
  308. souleyez/ui/__init__.py +1 -1
  309. souleyez/ui/ai_quotes.py +12 -12
  310. souleyez/ui/attack_surface.py +2439 -1516
  311. souleyez/ui/chain_rules_view.py +914 -382
  312. souleyez/ui/correlation_view.py +312 -230
  313. souleyez/ui/dashboard.py +2382 -1130
  314. souleyez/ui/deliverables_view.py +148 -62
  315. souleyez/ui/design_system.py +13 -13
  316. souleyez/ui/errors.py +49 -49
  317. souleyez/ui/evidence_linking_view.py +284 -179
  318. souleyez/ui/evidence_vault.py +393 -285
  319. souleyez/ui/exploit_suggestions_view.py +555 -349
  320. souleyez/ui/export_view.py +100 -66
  321. souleyez/ui/gap_analysis_view.py +315 -171
  322. souleyez/ui/help_system.py +105 -97
  323. souleyez/ui/intelligence_view.py +436 -293
  324. souleyez/ui/interactive.py +23142 -10430
  325. souleyez/ui/interactive_selector.py +75 -68
  326. souleyez/ui/log_formatter.py +47 -39
  327. souleyez/ui/menu_components.py +22 -13
  328. souleyez/ui/msf_auxiliary_menu.py +184 -133
  329. souleyez/ui/pending_chains_view.py +336 -172
  330. souleyez/ui/progress_indicators.py +5 -3
  331. souleyez/ui/recommendations_view.py +195 -137
  332. souleyez/ui/rule_builder.py +343 -225
  333. souleyez/ui/setup_wizard.py +678 -284
  334. souleyez/ui/shortcuts.py +217 -165
  335. souleyez/ui/splunk_gap_analysis_view.py +452 -270
  336. souleyez/ui/splunk_vulns_view.py +139 -86
  337. souleyez/ui/team_dashboard.py +498 -335
  338. souleyez/ui/template_selector.py +196 -105
  339. souleyez/ui/terminal.py +6 -6
  340. souleyez/ui/timeline_view.py +198 -127
  341. souleyez/ui/tool_setup.py +264 -164
  342. souleyez/ui/tutorial.py +202 -72
  343. souleyez/ui/tutorial_state.py +40 -40
  344. souleyez/ui/wazuh_vulns_view.py +235 -141
  345. souleyez/ui/wordlist_browser.py +260 -107
  346. souleyez/ui.py +464 -312
  347. souleyez/utils/tool_checker.py +427 -367
  348. souleyez/utils.py +33 -29
  349. souleyez/wordlists.py +134 -167
  350. {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/METADATA +1 -1
  351. souleyez-2.43.32.dist-info/RECORD +441 -0
  352. {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/WHEEL +1 -1
  353. souleyez-2.43.28.dist-info/RECORD +0 -379
  354. {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/entry_points.txt +0 -0
  355. {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/licenses/LICENSE +0 -0
  356. {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/top_level.txt +0 -0
souleyez/parsers/service_explorer_parser.py ADDED
@@ -0,0 +1,279 @@
1
+ #!/usr/bin/env python3
2
+ """
3
+ souleyez.parsers.service_explorer_parser
4
+
5
+ Parses Service Explorer JSON output into structured data for display and findings.
6
+ """
7
+ import json
8
+ import re
9
+ from typing import Any, Dict, List
10
+
11
+
12
+ def parse_service_explorer_output(output: str, target: str = "") -> Dict[str, Any]:
13
+ """
14
+ Parse Service Explorer JSON output.
15
+
16
+ Service Explorer outputs JSON with this structure:
17
+ {
18
+ "protocol": "ftp",
19
+ "target": "192.168.1.100",
20
+ "port": 21,
21
+ "username": "anonymous",
22
+ "files_found": 15,
23
+ "interesting_files": 3,
24
+ "downloaded": 2,
25
+ "files": [...],
26
+ "interesting": [...],
27
+ "downloaded_files": [...],
28
+ "errors": [...]
29
+ }
30
+
31
+ Args:
32
+ output: Raw JSON output from Service Explorer
33
+ target: Target IP/hostname from job
34
+
35
+ Returns:
36
+ Dict with parsed data
37
+ """
38
+ result = {
39
+ "target": target,
40
+ "protocol": None,
41
+ "port": None,
42
+ "username": None,
43
+ "files_found": 0,
44
+ "interesting_count": 0,
45
+ "downloaded_count": 0,
46
+ "files": [],
47
+ "interesting_files": [],
48
+ "downloaded_files": [],
49
+ "errors": [],
50
+ "server_info": None,
51
+ "error": None,
52
+ }
53
+
54
+ # Try to parse as JSON first
55
+ try:
56
+ # Handle log file format (may have header lines)
57
+ json_start = output.find("{")
58
+ if json_start >= 0:
59
+ json_str = output[json_start:]
60
+ data = json.loads(json_str)
61
+
62
+ result["protocol"] = data.get("protocol")
63
+ result["port"] = data.get("port")
64
+ result["username"] = data.get("username")
65
+ result["target"] = data.get("target") or target
66
+ result["files_found"] = data.get("files_found", 0)
67
+ result["interesting_count"] = data.get("interesting_files", 0)
68
+ result["downloaded_count"] = data.get("downloaded", 0)
69
+ result["files"] = data.get("files", [])
70
+ result["interesting_files"] = data.get("interesting", [])
71
+ result["downloaded_files"] = data.get("downloaded_files", [])
72
+ result["errors"] = data.get("errors", [])
73
+
74
+ # Check for connection error
75
+ if data.get("error"):
76
+ result["error"] = data.get("error")
77
+
78
+ # Extract server info if present (Redis/MongoDB)
79
+ for item in result["files"]:
80
+ if item.get("name") == "__SERVER_INFO__":
81
+ result["server_info"] = item.get("data", {})
82
+ result["files"].remove(item)
83
+ break
84
+
85
+ return result
86
+
87
+ except json.JSONDecodeError:
88
+ pass
89
+
90
+ # Fallback: try to extract info from non-JSON output
91
+ if "Connection failed" in output or "connection failed" in output:
92
+ result["error"] = "Connection failed"
93
+ elif "not installed" in output:
94
+ error_match = re.search(r"(\w+) not installed", output)
95
+ if error_match:
96
+ result["error"] = f"{error_match.group(1)} not installed"
97
+
98
+ return result
99
+
100
+
101
+ def extract_findings(parsed_data: Dict[str, Any]) -> List[Dict[str, Any]]:
102
+ """
103
+ Extract security findings from parsed Service Explorer data.
104
+
105
+ Returns:
106
+ List of finding dictionaries with:
107
+ {
108
+ 'title': str,
109
+ 'severity': str, # high, medium, low, info
110
+ 'description': str,
111
+ 'evidence': str
112
+ }
113
+ """
114
+ findings = []
115
+ protocol = parsed_data.get("protocol", "unknown").upper()
116
+ target = parsed_data.get("target", "unknown")
117
+ username = parsed_data.get("username", "")
118
+
119
+ # Finding: Sensitive files discovered
120
+ sensitive_files = []
121
+ for f in parsed_data.get("interesting_files", []):
122
+ filename = f.get("name", "")
123
+ # Categorize sensitivity
124
+ if any(
125
+ p in filename.lower()
126
+ for p in ["passwd", "shadow", "password", "credential", "secret"]
127
+ ):
128
+ sensitive_files.append((f, "critical"))
129
+ elif any(
130
+ p in filename.lower() for p in ["id_rsa", "id_dsa", ".pem", ".key", ".pfx"]
131
+ ):
132
+ sensitive_files.append((f, "critical"))
133
+ elif any(p in filename.lower() for p in [".sql", ".db", ".sqlite", ".mdb"]):
134
+ sensitive_files.append((f, "high"))
135
+ elif any(p in filename.lower() for p in [".conf", ".config", ".ini", ".env"]):
136
+ sensitive_files.append((f, "medium"))
137
+ elif any(
138
+ p in filename.lower() for p in ["flag", "proof", "root.txt", "user.txt"]
139
+ ):
140
+ sensitive_files.append((f, "high")) # CTF flags
141
+ elif any(p in filename.lower() for p in [".bak", ".backup", ".old"]):
142
+ sensitive_files.append((f, "medium"))
143
+ else:
144
+ sensitive_files.append((f, "low"))
145
+
146
+ # Critical files
147
+ critical_files = [(f, s) for f, s in sensitive_files if s == "critical"]
148
+ if critical_files:
149
+ findings.append(
150
+ {
151
+ "title": f"{protocol} Critical Sensitive Files Exposed",
152
+ "severity": "high",
153
+ "description": f"Found {len(critical_files)} critical sensitive file(s) on {protocol} service. "
154
+ "These files may contain credentials, private keys, or other highly sensitive data.",
155
+ "evidence": "\n".join(
156
+ [
157
+ f"- {f.get('full_path', f.get('name'))} ({f.get('size', 0)} bytes)"
158
+ for f, _ in critical_files[:10]
159
+ ]
160
+ ),
161
+ }
162
+ )
163
+
164
+ # High severity files
165
+ high_files = [(f, s) for f, s in sensitive_files if s == "high"]
166
+ if high_files:
167
+ findings.append(
168
+ {
169
+ "title": f"{protocol} Database/Flag Files Found",
170
+ "severity": "medium",
171
+ "description": f"Found {len(high_files)} database or flag file(s) on {protocol} service.",
172
+ "evidence": "\n".join(
173
+ [
174
+ f"- {f.get('full_path', f.get('name'))} ({f.get('size', 0)} bytes)"
175
+ for f, _ in high_files[:10]
176
+ ]
177
+ ),
178
+ }
179
+ )
180
+
181
+ # Finding: Anonymous/null session access
182
+ if (
183
+ username in ["anonymous", "guest", "", None]
184
+ and parsed_data.get("files_found", 0) > 0
185
+ ):
186
+ findings.append(
187
+ {
188
+ "title": f"{protocol} Anonymous Access Allowed",
189
+ "severity": "medium",
190
+ "description": f"Anonymous/guest access is permitted on {protocol} service at {target}. "
191
+ f"Found {parsed_data.get('files_found')} files accessible without authentication.",
192
+ "evidence": f"Protocol: {protocol}\nTarget: {target}\nUsername: {username or 'anonymous'}\n"
193
+ f"Files Found: {parsed_data.get('files_found')}\n"
194
+ f"Interesting Files: {parsed_data.get('interesting_count')}",
195
+ }
196
+ )
197
+
198
+ # Finding: Files downloaded
199
+ if parsed_data.get("downloaded_count", 0) > 0:
200
+ findings.append(
201
+ {
202
+ "title": f"{protocol} Files Downloaded",
203
+ "severity": "info",
204
+ "description": f"Successfully downloaded {parsed_data.get('downloaded_count')} file(s) "
205
+ f"from {protocol} service for analysis.",
206
+ "evidence": "\n".join(
207
+ [f"- {f}" for f in parsed_data.get("downloaded_files", [])[:10]]
208
+ ),
209
+ }
210
+ )
211
+
212
+ # Finding: Redis server info
213
+ if protocol == "REDIS" and parsed_data.get("server_info"):
214
+ info = parsed_data["server_info"]
215
+ findings.append(
216
+ {
217
+ "title": "Redis Server Information Exposed",
218
+ "severity": "medium",
219
+ "description": "Redis server is accessible and exposes detailed configuration information. "
220
+ "This may allow attackers to gather intelligence for further attacks.",
221
+ "evidence": "\n".join(
222
+ [f"- {k}: {v}" for k, v in info.items() if v is not None]
223
+ ),
224
+ }
225
+ )
226
+
227
+ # Check for dangerous Redis config
228
+ if info.get("total_keys", 0) > 0:
229
+ findings.append(
230
+ {
231
+ "title": "Redis Database Contains Data",
232
+ "severity": "medium",
233
+ "description": f"Redis database contains {info.get('total_keys')} keys. "
234
+ "May contain cached credentials, session tokens, or sensitive application data.",
235
+ "evidence": f"Total keys: {info.get('total_keys')}",
236
+ }
237
+ )
238
+
239
+ # Finding: MongoDB server info
240
+ if protocol in ["MONGO", "MONGODB"] and parsed_data.get("server_info"):
241
+ info = parsed_data["server_info"]
242
+ findings.append(
243
+ {
244
+ "title": "MongoDB Server Information Exposed",
245
+ "severity": "medium",
246
+ "description": "MongoDB server is accessible without authentication. "
247
+ "This is a critical security misconfiguration.",
248
+ "evidence": "\n".join(
249
+ [f"- {k}: {v}" for k, v in info.items() if v is not None]
250
+ ),
251
+ }
252
+ )
253
+
254
+ # Finding: General enumeration success
255
+ if parsed_data.get("files_found", 0) > 0 and not findings:
256
+ findings.append(
257
+ {
258
+ "title": f"{protocol} Service Enumeration Successful",
259
+ "severity": "info",
260
+ "description": f"Successfully enumerated {protocol} service and found "
261
+ f"{parsed_data.get('files_found')} items.",
262
+ "evidence": f"Protocol: {protocol}\nTarget: {target}\n"
263
+ f"Files Found: {parsed_data.get('files_found')}\n"
264
+ f"Interesting Files: {parsed_data.get('interesting_count')}",
265
+ }
266
+ )
267
+
268
+ # Finding: Connection errors
269
+ if parsed_data.get("errors"):
270
+ findings.append(
271
+ {
272
+ "title": f"{protocol} Enumeration Errors",
273
+ "severity": "info",
274
+ "description": f"Encountered {len(parsed_data['errors'])} error(s) during enumeration.",
275
+ "evidence": "\n".join([f"- {e}" for e in parsed_data["errors"][:5]]),
276
+ }
277
+ )
278
+
279
+ return findings