souleyez 2.43.28__py3-none-any.whl → 2.43.32__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -2
- souleyez/ai/__init__.py +21 -15
- souleyez/ai/action_mapper.py +249 -150
- souleyez/ai/chain_advisor.py +116 -100
- souleyez/ai/claude_provider.py +29 -28
- souleyez/ai/context_builder.py +80 -62
- souleyez/ai/executor.py +158 -117
- souleyez/ai/feedback_handler.py +136 -121
- souleyez/ai/llm_factory.py +27 -20
- souleyez/ai/llm_provider.py +4 -2
- souleyez/ai/ollama_provider.py +6 -9
- souleyez/ai/ollama_service.py +44 -37
- souleyez/ai/path_scorer.py +91 -76
- souleyez/ai/recommender.py +176 -144
- souleyez/ai/report_context.py +74 -73
- souleyez/ai/report_service.py +84 -66
- souleyez/ai/result_parser.py +222 -229
- souleyez/ai/safety.py +67 -44
- souleyez/auth/__init__.py +23 -22
- souleyez/auth/audit.py +36 -26
- souleyez/auth/engagement_access.py +65 -48
- souleyez/auth/permissions.py +14 -3
- souleyez/auth/session_manager.py +54 -37
- souleyez/auth/user_manager.py +109 -64
- souleyez/commands/audit.py +40 -43
- souleyez/commands/auth.py +35 -15
- souleyez/commands/deliverables.py +55 -50
- souleyez/commands/engagement.py +47 -28
- souleyez/commands/license.py +32 -23
- souleyez/commands/screenshots.py +36 -32
- souleyez/commands/user.py +82 -36
- souleyez/config.py +52 -44
- souleyez/core/credential_tester.py +87 -81
- souleyez/core/cve_mappings.py +179 -192
- souleyez/core/cve_matcher.py +162 -148
- souleyez/core/msf_auto_mapper.py +100 -83
- souleyez/core/msf_chain_engine.py +294 -256
- souleyez/core/msf_database.py +153 -70
- souleyez/core/msf_integration.py +679 -673
- souleyez/core/msf_rpc_client.py +40 -42
- souleyez/core/msf_rpc_manager.py +77 -79
- souleyez/core/msf_sync_manager.py +241 -181
- souleyez/core/network_utils.py +22 -15
- souleyez/core/parser_handler.py +34 -25
- souleyez/core/pending_chains.py +114 -63
- souleyez/core/templates.py +158 -107
- souleyez/core/tool_chaining.py +9592 -2879
- souleyez/core/version_utils.py +79 -94
- souleyez/core/vuln_correlation.py +136 -89
- souleyez/core/web_utils.py +33 -32
- souleyez/data/wordlists/ad_users.txt +378 -0
- souleyez/data/wordlists/api_endpoints_large.txt +769 -0
- souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
- souleyez/data/wordlists/lfi_payloads.txt +82 -0
- souleyez/data/wordlists/passwords_brute.txt +1548 -0
- souleyez/data/wordlists/passwords_crack.txt +2479 -0
- souleyez/data/wordlists/passwords_spray.txt +386 -0
- souleyez/data/wordlists/subdomains_large.txt +5057 -0
- souleyez/data/wordlists/usernames_common.txt +694 -0
- souleyez/data/wordlists/web_dirs_large.txt +4769 -0
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +12 -17
- souleyez/detection/mitre_mappings.py +61 -55
- souleyez/detection/validator.py +97 -86
- souleyez/devtools.py +23 -10
- souleyez/docs/README.md +4 -4
- souleyez/docs/api-reference/cli-commands.md +2 -2
- souleyez/docs/developer-guide/adding-new-tools.md +562 -0
- souleyez/docs/user-guide/auto-chaining.md +30 -8
- souleyez/docs/user-guide/getting-started.md +1 -1
- souleyez/docs/user-guide/installation.md +26 -3
- souleyez/docs/user-guide/metasploit-integration.md +2 -2
- souleyez/docs/user-guide/rbac.md +1 -1
- souleyez/docs/user-guide/scope-management.md +1 -1
- souleyez/docs/user-guide/siem-integration.md +1 -1
- souleyez/docs/user-guide/tools-reference.md +1 -8
- souleyez/docs/user-guide/worker-management.md +1 -1
- souleyez/engine/background.py +1238 -535
- souleyez/engine/base.py +4 -1
- souleyez/engine/job_status.py +17 -49
- souleyez/engine/log_sanitizer.py +103 -77
- souleyez/engine/manager.py +38 -7
- souleyez/engine/result_handler.py +2198 -1550
- souleyez/engine/worker_manager.py +50 -41
- souleyez/export/evidence_bundle.py +72 -62
- souleyez/feature_flags/features.py +16 -20
- souleyez/feature_flags.py +5 -9
- souleyez/handlers/__init__.py +11 -0
- souleyez/handlers/base.py +188 -0
- souleyez/handlers/bash_handler.py +277 -0
- souleyez/handlers/bloodhound_handler.py +243 -0
- souleyez/handlers/certipy_handler.py +311 -0
- souleyez/handlers/crackmapexec_handler.py +486 -0
- souleyez/handlers/dnsrecon_handler.py +344 -0
- souleyez/handlers/enum4linux_handler.py +400 -0
- souleyez/handlers/evil_winrm_handler.py +493 -0
- souleyez/handlers/ffuf_handler.py +815 -0
- souleyez/handlers/gobuster_handler.py +1114 -0
- souleyez/handlers/gpp_extract_handler.py +334 -0
- souleyez/handlers/hashcat_handler.py +444 -0
- souleyez/handlers/hydra_handler.py +563 -0
- souleyez/handlers/impacket_getuserspns_handler.py +343 -0
- souleyez/handlers/impacket_psexec_handler.py +222 -0
- souleyez/handlers/impacket_secretsdump_handler.py +426 -0
- souleyez/handlers/john_handler.py +286 -0
- souleyez/handlers/katana_handler.py +425 -0
- souleyez/handlers/kerbrute_handler.py +298 -0
- souleyez/handlers/ldapsearch_handler.py +636 -0
- souleyez/handlers/lfi_extract_handler.py +464 -0
- souleyez/handlers/msf_auxiliary_handler.py +408 -0
- souleyez/handlers/msf_exploit_handler.py +380 -0
- souleyez/handlers/nikto_handler.py +413 -0
- souleyez/handlers/nmap_handler.py +821 -0
- souleyez/handlers/nuclei_handler.py +359 -0
- souleyez/handlers/nxc_handler.py +371 -0
- souleyez/handlers/rdp_sec_check_handler.py +353 -0
- souleyez/handlers/registry.py +288 -0
- souleyez/handlers/responder_handler.py +232 -0
- souleyez/handlers/service_explorer_handler.py +434 -0
- souleyez/handlers/smbclient_handler.py +344 -0
- souleyez/handlers/smbmap_handler.py +510 -0
- souleyez/handlers/smbpasswd_handler.py +296 -0
- souleyez/handlers/sqlmap_handler.py +1116 -0
- souleyez/handlers/theharvester_handler.py +601 -0
- souleyez/handlers/whois_handler.py +277 -0
- souleyez/handlers/wpscan_handler.py +554 -0
- souleyez/history.py +32 -16
- souleyez/importers/msf_importer.py +106 -75
- souleyez/importers/smart_importer.py +208 -147
- souleyez/integrations/siem/__init__.py +10 -10
- souleyez/integrations/siem/base.py +17 -18
- souleyez/integrations/siem/elastic.py +108 -122
- souleyez/integrations/siem/factory.py +207 -80
- souleyez/integrations/siem/googlesecops.py +146 -154
- souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
- souleyez/integrations/siem/sentinel.py +107 -109
- souleyez/integrations/siem/splunk.py +246 -212
- souleyez/integrations/siem/wazuh.py +65 -71
- souleyez/integrations/wazuh/__init__.py +5 -5
- souleyez/integrations/wazuh/client.py +70 -93
- souleyez/integrations/wazuh/config.py +85 -57
- souleyez/integrations/wazuh/host_mapper.py +28 -36
- souleyez/integrations/wazuh/sync.py +78 -68
- souleyez/intelligence/__init__.py +4 -5
- souleyez/intelligence/correlation_analyzer.py +309 -295
- souleyez/intelligence/exploit_knowledge.py +661 -623
- souleyez/intelligence/exploit_suggestions.py +159 -139
- souleyez/intelligence/gap_analyzer.py +132 -97
- souleyez/intelligence/gap_detector.py +251 -214
- souleyez/intelligence/sensitive_tables.py +266 -129
- souleyez/intelligence/service_parser.py +137 -123
- souleyez/intelligence/surface_analyzer.py +407 -268
- souleyez/intelligence/target_parser.py +159 -162
- souleyez/licensing/__init__.py +6 -6
- souleyez/licensing/validator.py +17 -19
- souleyez/log_config.py +79 -54
- souleyez/main.py +1505 -687
- souleyez/migrations/fix_job_counter.py +16 -14
- souleyez/parsers/bloodhound_parser.py +41 -39
- souleyez/parsers/crackmapexec_parser.py +178 -111
- souleyez/parsers/dalfox_parser.py +72 -77
- souleyez/parsers/dnsrecon_parser.py +103 -91
- souleyez/parsers/enum4linux_parser.py +183 -153
- souleyez/parsers/ffuf_parser.py +29 -25
- souleyez/parsers/gobuster_parser.py +301 -41
- souleyez/parsers/hashcat_parser.py +324 -79
- souleyez/parsers/http_fingerprint_parser.py +350 -103
- souleyez/parsers/hydra_parser.py +131 -111
- souleyez/parsers/impacket_parser.py +231 -178
- souleyez/parsers/john_parser.py +98 -86
- souleyez/parsers/katana_parser.py +316 -0
- souleyez/parsers/msf_parser.py +943 -498
- souleyez/parsers/nikto_parser.py +346 -65
- souleyez/parsers/nmap_parser.py +262 -174
- souleyez/parsers/nuclei_parser.py +40 -44
- souleyez/parsers/responder_parser.py +26 -26
- souleyez/parsers/searchsploit_parser.py +74 -74
- souleyez/parsers/service_explorer_parser.py +279 -0
- souleyez/parsers/smbmap_parser.py +180 -124
- souleyez/parsers/sqlmap_parser.py +434 -308
- souleyez/parsers/theharvester_parser.py +75 -57
- souleyez/parsers/whois_parser.py +135 -94
- souleyez/parsers/wpscan_parser.py +278 -190
- souleyez/plugins/afp.py +44 -36
- souleyez/plugins/afp_brute.py +114 -46
- souleyez/plugins/ard.py +48 -37
- souleyez/plugins/bloodhound.py +95 -61
- souleyez/plugins/certipy.py +303 -0
- souleyez/plugins/crackmapexec.py +186 -85
- souleyez/plugins/dalfox.py +120 -59
- souleyez/plugins/dns_hijack.py +146 -41
- souleyez/plugins/dnsrecon.py +97 -61
- souleyez/plugins/enum4linux.py +91 -66
- souleyez/plugins/evil_winrm.py +291 -0
- souleyez/plugins/ffuf.py +166 -90
- souleyez/plugins/firmware_extract.py +133 -29
- souleyez/plugins/gobuster.py +387 -190
- souleyez/plugins/gpp_extract.py +393 -0
- souleyez/plugins/hashcat.py +100 -73
- souleyez/plugins/http_fingerprint.py +854 -267
- souleyez/plugins/hydra.py +566 -200
- souleyez/plugins/impacket_getnpusers.py +117 -69
- souleyez/plugins/impacket_psexec.py +84 -64
- souleyez/plugins/impacket_secretsdump.py +103 -69
- souleyez/plugins/impacket_smbclient.py +89 -75
- souleyez/plugins/john.py +86 -69
- souleyez/plugins/katana.py +313 -0
- souleyez/plugins/kerbrute.py +237 -0
- souleyez/plugins/lfi_extract.py +541 -0
- souleyez/plugins/macos_ssh.py +117 -48
- souleyez/plugins/mdns.py +35 -30
- souleyez/plugins/msf_auxiliary.py +253 -130
- souleyez/plugins/msf_exploit.py +239 -161
- souleyez/plugins/nikto.py +134 -78
- souleyez/plugins/nmap.py +275 -91
- souleyez/plugins/nuclei.py +180 -89
- souleyez/plugins/nxc.py +285 -0
- souleyez/plugins/plugin_base.py +35 -36
- souleyez/plugins/plugin_template.py +13 -5
- souleyez/plugins/rdp_sec_check.py +130 -0
- souleyez/plugins/responder.py +112 -71
- souleyez/plugins/router_http_brute.py +76 -65
- souleyez/plugins/router_ssh_brute.py +118 -41
- souleyez/plugins/router_telnet_brute.py +124 -42
- souleyez/plugins/routersploit.py +91 -59
- souleyez/plugins/routersploit_exploit.py +77 -55
- souleyez/plugins/searchsploit.py +91 -77
- souleyez/plugins/service_explorer.py +1160 -0
- souleyez/plugins/smbmap.py +122 -72
- souleyez/plugins/smbpasswd.py +215 -0
- souleyez/plugins/sqlmap.py +301 -113
- souleyez/plugins/theharvester.py +127 -75
- souleyez/plugins/tr069.py +79 -57
- souleyez/plugins/upnp.py +65 -47
- souleyez/plugins/upnp_abuse.py +73 -55
- souleyez/plugins/vnc_access.py +129 -42
- souleyez/plugins/vnc_brute.py +109 -38
- souleyez/plugins/whois.py +77 -58
- souleyez/plugins/wpscan.py +173 -69
- souleyez/reporting/__init__.py +2 -1
- souleyez/reporting/attack_chain.py +411 -346
- souleyez/reporting/charts.py +436 -501
- souleyez/reporting/compliance_mappings.py +334 -201
- souleyez/reporting/detection_report.py +126 -125
- souleyez/reporting/formatters.py +828 -591
- souleyez/reporting/generator.py +386 -302
- souleyez/reporting/metrics.py +72 -75
- souleyez/scanner.py +35 -29
- souleyez/security/__init__.py +37 -11
- souleyez/security/scope_validator.py +175 -106
- souleyez/security/validation.py +223 -149
- souleyez/security.py +22 -6
- souleyez/storage/credentials.py +247 -186
- souleyez/storage/crypto.py +296 -129
- souleyez/storage/database.py +73 -50
- souleyez/storage/db.py +58 -36
- souleyez/storage/deliverable_evidence.py +177 -128
- souleyez/storage/deliverable_exporter.py +282 -246
- souleyez/storage/deliverable_templates.py +134 -116
- souleyez/storage/deliverables.py +135 -130
- souleyez/storage/engagements.py +109 -56
- souleyez/storage/evidence.py +181 -152
- souleyez/storage/execution_log.py +31 -17
- souleyez/storage/exploit_attempts.py +93 -57
- souleyez/storage/exploits.py +67 -36
- souleyez/storage/findings.py +48 -61
- souleyez/storage/hosts.py +176 -144
- souleyez/storage/migrate_to_engagements.py +43 -19
- souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
- souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
- souleyez/storage/migrations/_003_add_execution_log.py +14 -8
- souleyez/storage/migrations/_005_screenshots.py +13 -5
- souleyez/storage/migrations/_006_deliverables.py +13 -5
- souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
- souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
- souleyez/storage/migrations/_010_evidence_linking.py +17 -10
- souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
- souleyez/storage/migrations/_012_team_collaboration.py +34 -21
- souleyez/storage/migrations/_013_add_host_tags.py +12 -6
- souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
- souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
- souleyez/storage/migrations/_016_add_domain_field.py +10 -4
- souleyez/storage/migrations/_017_msf_sessions.py +16 -8
- souleyez/storage/migrations/_018_add_osint_target.py +10 -6
- souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
- souleyez/storage/migrations/_020_add_rbac.py +36 -15
- souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
- souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
- souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
- souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
- souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
- souleyez/storage/migrations/__init__.py +26 -26
- souleyez/storage/migrations/migration_manager.py +19 -19
- souleyez/storage/msf_sessions.py +100 -65
- souleyez/storage/osint.py +17 -24
- souleyez/storage/recommendation_engine.py +269 -235
- souleyez/storage/screenshots.py +33 -32
- souleyez/storage/smb_shares.py +136 -92
- souleyez/storage/sqlmap_data.py +183 -128
- souleyez/storage/team_collaboration.py +135 -141
- souleyez/storage/timeline_tracker.py +122 -94
- souleyez/storage/wazuh_vulns.py +64 -66
- souleyez/storage/web_paths.py +33 -37
- souleyez/testing/credential_tester.py +221 -205
- souleyez/ui/__init__.py +1 -1
- souleyez/ui/ai_quotes.py +12 -12
- souleyez/ui/attack_surface.py +2439 -1516
- souleyez/ui/chain_rules_view.py +914 -382
- souleyez/ui/correlation_view.py +312 -230
- souleyez/ui/dashboard.py +2382 -1130
- souleyez/ui/deliverables_view.py +148 -62
- souleyez/ui/design_system.py +13 -13
- souleyez/ui/errors.py +49 -49
- souleyez/ui/evidence_linking_view.py +284 -179
- souleyez/ui/evidence_vault.py +393 -285
- souleyez/ui/exploit_suggestions_view.py +555 -349
- souleyez/ui/export_view.py +100 -66
- souleyez/ui/gap_analysis_view.py +315 -171
- souleyez/ui/help_system.py +105 -97
- souleyez/ui/intelligence_view.py +436 -293
- souleyez/ui/interactive.py +23142 -10430
- souleyez/ui/interactive_selector.py +75 -68
- souleyez/ui/log_formatter.py +47 -39
- souleyez/ui/menu_components.py +22 -13
- souleyez/ui/msf_auxiliary_menu.py +184 -133
- souleyez/ui/pending_chains_view.py +336 -172
- souleyez/ui/progress_indicators.py +5 -3
- souleyez/ui/recommendations_view.py +195 -137
- souleyez/ui/rule_builder.py +343 -225
- souleyez/ui/setup_wizard.py +678 -284
- souleyez/ui/shortcuts.py +217 -165
- souleyez/ui/splunk_gap_analysis_view.py +452 -270
- souleyez/ui/splunk_vulns_view.py +139 -86
- souleyez/ui/team_dashboard.py +498 -335
- souleyez/ui/template_selector.py +196 -105
- souleyez/ui/terminal.py +6 -6
- souleyez/ui/timeline_view.py +198 -127
- souleyez/ui/tool_setup.py +264 -164
- souleyez/ui/tutorial.py +202 -72
- souleyez/ui/tutorial_state.py +40 -40
- souleyez/ui/wazuh_vulns_view.py +235 -141
- souleyez/ui/wordlist_browser.py +260 -107
- souleyez/ui.py +464 -312
- souleyez/utils/tool_checker.py +427 -367
- souleyez/utils.py +33 -29
- souleyez/wordlists.py +134 -167
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/METADATA +1 -1
- souleyez-2.43.32.dist-info/RECORD +441 -0
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/WHEEL +1 -1
- souleyez-2.43.28.dist-info/RECORD +0 -379
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/top_level.txt +0 -0
souleyez/plugins/afp.py
CHANGED
|
@@ -44,16 +44,23 @@ HELP = {
|
|
|
44
44
|
"title": "What is AFP?",
|
|
45
45
|
"color": "cyan",
|
|
46
46
|
"content": [
|
|
47
|
-
{
|
|
48
|
-
|
|
49
|
-
"
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
"
|
|
53
|
-
|
|
54
|
-
|
|
47
|
+
{
|
|
48
|
+
"title": "Overview",
|
|
49
|
+
"desc": "AFP (Apple Filing Protocol) is Apple's native file sharing protocol, optimized for macOS features like resource forks and metadata.",
|
|
50
|
+
},
|
|
51
|
+
{
|
|
52
|
+
"title": "Security Notes",
|
|
53
|
+
"desc": "AFP security considerations",
|
|
54
|
+
"tips": [
|
|
55
|
+
"Guest access often enabled by default",
|
|
56
|
+
"Credentials transmitted in cleartext (older versions)",
|
|
57
|
+
"Time Machine backups may contain full disk images",
|
|
58
|
+
"Path traversal vulnerabilities in some versions",
|
|
59
|
+
],
|
|
60
|
+
},
|
|
61
|
+
],
|
|
55
62
|
}
|
|
56
|
-
]
|
|
63
|
+
],
|
|
57
64
|
}
|
|
58
65
|
|
|
59
66
|
|
|
@@ -63,7 +70,9 @@ class AFPPlugin(PluginBase):
|
|
|
63
70
|
category = "scanning"
|
|
64
71
|
HELP = HELP
|
|
65
72
|
|
|
66
|
-
def build_command(
|
|
73
|
+
def build_command(
|
|
74
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
75
|
+
):
|
|
67
76
|
"""Build nmap command for AFP enumeration."""
|
|
68
77
|
args = args or []
|
|
69
78
|
|
|
@@ -71,63 +80,62 @@ class AFPPlugin(PluginBase):
|
|
|
71
80
|
target = validate_target(target)
|
|
72
81
|
except ValidationError as e:
|
|
73
82
|
if log_path:
|
|
74
|
-
with open(log_path,
|
|
83
|
+
with open(log_path, "w") as f:
|
|
75
84
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
76
85
|
return None
|
|
77
86
|
|
|
78
87
|
# Determine scripts
|
|
79
|
-
if
|
|
80
|
-
scripts =
|
|
88
|
+
if "--deep" in args:
|
|
89
|
+
scripts = "afp-serverinfo,afp-showmount,afp-brute,afp-path-vuln"
|
|
81
90
|
else:
|
|
82
|
-
scripts =
|
|
91
|
+
scripts = "afp-serverinfo,afp-showmount"
|
|
83
92
|
|
|
84
93
|
cmd = [
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
94
|
+
"nmap",
|
|
95
|
+
"-sV",
|
|
96
|
+
"-p",
|
|
97
|
+
"548",
|
|
98
|
+
"--script",
|
|
99
|
+
scripts,
|
|
100
|
+
"-oN",
|
|
101
|
+
"-",
|
|
102
|
+
"--open",
|
|
103
|
+
"-T4",
|
|
104
|
+
target,
|
|
93
105
|
]
|
|
94
106
|
|
|
95
|
-
return {
|
|
96
|
-
'cmd': cmd,
|
|
97
|
-
'timeout': 600
|
|
98
|
-
}
|
|
107
|
+
return {"cmd": cmd, "timeout": 600}
|
|
99
108
|
|
|
100
|
-
def run(
|
|
109
|
+
def run(
|
|
110
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
111
|
+
) -> int:
|
|
101
112
|
"""Execute AFP enumeration."""
|
|
102
113
|
cmd_spec = self.build_command(target, args, label, log_path)
|
|
103
114
|
if cmd_spec is None:
|
|
104
115
|
return 1
|
|
105
116
|
|
|
106
|
-
cmd = cmd_spec[
|
|
117
|
+
cmd = cmd_spec["cmd"]
|
|
107
118
|
|
|
108
119
|
if log_path:
|
|
109
|
-
with open(log_path,
|
|
120
|
+
with open(log_path, "w") as f:
|
|
110
121
|
f.write(f"# AFP Enumeration on {target}\n")
|
|
111
122
|
f.write(f"# Command: {' '.join(cmd)}\n")
|
|
112
123
|
f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
|
|
113
124
|
|
|
114
125
|
try:
|
|
115
|
-
with open(log_path,
|
|
126
|
+
with open(log_path, "a") as f:
|
|
116
127
|
result = subprocess.run(
|
|
117
|
-
cmd,
|
|
118
|
-
stdout=f,
|
|
119
|
-
stderr=subprocess.STDOUT,
|
|
120
|
-
timeout=cmd_spec['timeout']
|
|
128
|
+
cmd, stdout=f, stderr=subprocess.STDOUT, timeout=cmd_spec["timeout"]
|
|
121
129
|
)
|
|
122
130
|
return result.returncode
|
|
123
131
|
except subprocess.TimeoutExpired:
|
|
124
132
|
if log_path:
|
|
125
|
-
with open(log_path,
|
|
133
|
+
with open(log_path, "a") as f:
|
|
126
134
|
f.write("\n\n# ERROR: Scan timed out\n")
|
|
127
135
|
return 124
|
|
128
136
|
except Exception as e:
|
|
129
137
|
if log_path:
|
|
130
|
-
with open(log_path,
|
|
138
|
+
with open(log_path, "a") as f:
|
|
131
139
|
f.write(f"\n\n# ERROR: {e}\n")
|
|
132
140
|
return 1
|
|
133
141
|
|
souleyez/plugins/afp_brute.py
CHANGED
|
@@ -26,7 +26,7 @@ HELP = {
|
|
|
26
26
|
"usage": "souleyez jobs enqueue afp_brute <target>",
|
|
27
27
|
"examples": [
|
|
28
28
|
"souleyez jobs enqueue afp_brute 192.168.1.100",
|
|
29
|
-
|
|
29
|
+
'souleyez jobs enqueue afp_brute 192.168.1.100 --args "-l admin"',
|
|
30
30
|
],
|
|
31
31
|
"flags": [
|
|
32
32
|
["-l USER", "Single username to test"],
|
|
@@ -34,7 +34,78 @@ HELP = {
|
|
|
34
34
|
],
|
|
35
35
|
"presets": [
|
|
36
36
|
{"name": "Common Users", "args": [], "desc": "Test common macOS usernames"},
|
|
37
|
-
{
|
|
37
|
+
{
|
|
38
|
+
"name": "Single User",
|
|
39
|
+
"args": ["-l", "admin"],
|
|
40
|
+
"desc": "Test single user 'admin'",
|
|
41
|
+
},
|
|
42
|
+
],
|
|
43
|
+
"help_sections": [
|
|
44
|
+
{
|
|
45
|
+
"title": "What is AFP Brute Force?",
|
|
46
|
+
"color": "cyan",
|
|
47
|
+
"content": [
|
|
48
|
+
(
|
|
49
|
+
"Overview",
|
|
50
|
+
[
|
|
51
|
+
"AFP (Apple Filing Protocol) brute force uses Hydra to test credentials",
|
|
52
|
+
"Targets macOS file sharing on port 548",
|
|
53
|
+
"Uses common macOS usernames and passwords by default",
|
|
54
|
+
],
|
|
55
|
+
),
|
|
56
|
+
(
|
|
57
|
+
"When to Use",
|
|
58
|
+
[
|
|
59
|
+
"After discovering AFP service (port 548) with nmap",
|
|
60
|
+
"When you need to access shared folders on macOS",
|
|
61
|
+
"To test weak password policies on Apple systems",
|
|
62
|
+
],
|
|
63
|
+
),
|
|
64
|
+
],
|
|
65
|
+
},
|
|
66
|
+
{
|
|
67
|
+
"title": "Usage & Examples",
|
|
68
|
+
"color": "green",
|
|
69
|
+
"content": [
|
|
70
|
+
(
|
|
71
|
+
"Basic Usage",
|
|
72
|
+
[
|
|
73
|
+
"souleyez jobs enqueue afp_brute 192.168.1.100",
|
|
74
|
+
" → Tests common macOS users with common passwords",
|
|
75
|
+
],
|
|
76
|
+
),
|
|
77
|
+
(
|
|
78
|
+
"Single User Attack",
|
|
79
|
+
[
|
|
80
|
+
'souleyez jobs enqueue afp_brute 192.168.1.100 --args "-l admin"',
|
|
81
|
+
" → Tests only the 'admin' user",
|
|
82
|
+
],
|
|
83
|
+
),
|
|
84
|
+
],
|
|
85
|
+
},
|
|
86
|
+
{
|
|
87
|
+
"title": "Tips & Best Practices",
|
|
88
|
+
"color": "yellow",
|
|
89
|
+
"content": [
|
|
90
|
+
(
|
|
91
|
+
"Attack Tips",
|
|
92
|
+
[
|
|
93
|
+
"Run AFP enumeration first to identify valid usernames",
|
|
94
|
+
"Check if guest access is enabled (no brute force needed)",
|
|
95
|
+
"Use low thread count (-t 2) to avoid lockouts",
|
|
96
|
+
"macOS uses local accounts, not domain accounts",
|
|
97
|
+
],
|
|
98
|
+
),
|
|
99
|
+
(
|
|
100
|
+
"After Success",
|
|
101
|
+
[
|
|
102
|
+
"Use AFP to browse shared folders",
|
|
103
|
+
"Look for sensitive documents and backups",
|
|
104
|
+
"Time Machine backups may contain full disk images",
|
|
105
|
+
],
|
|
106
|
+
),
|
|
107
|
+
],
|
|
108
|
+
},
|
|
38
109
|
],
|
|
39
110
|
}
|
|
40
111
|
|
|
@@ -47,18 +118,13 @@ class AFPBrutePlugin(PluginBase):
|
|
|
47
118
|
|
|
48
119
|
def _get_wordlist_path(self, filename: str) -> str:
|
|
49
120
|
"""Get path to wordlist file."""
|
|
50
|
-
import
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
]
|
|
56
|
-
|
|
57
|
-
if os.path.exists(loc):
|
|
58
|
-
return os.path.abspath(loc)
|
|
59
|
-
return filename
|
|
60
|
-
|
|
61
|
-
def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
|
|
121
|
+
from souleyez.wordlists import resolve_wordlist_path
|
|
122
|
+
|
|
123
|
+
return resolve_wordlist_path(f"data/wordlists/{filename}")
|
|
124
|
+
|
|
125
|
+
def build_command(
|
|
126
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
127
|
+
):
|
|
62
128
|
"""Build Hydra command for AFP brute force."""
|
|
63
129
|
args = args or []
|
|
64
130
|
|
|
@@ -66,69 +132,71 @@ class AFPBrutePlugin(PluginBase):
|
|
|
66
132
|
target = validate_target(target)
|
|
67
133
|
except ValidationError as e:
|
|
68
134
|
if log_path:
|
|
69
|
-
with open(log_path,
|
|
135
|
+
with open(log_path, "w") as f:
|
|
70
136
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
71
137
|
return None
|
|
72
138
|
|
|
73
139
|
# Check for user specification in args
|
|
74
|
-
has_user =
|
|
140
|
+
has_user = "-l" in args or "-L" in args
|
|
75
141
|
|
|
76
|
-
users = self._get_wordlist_path(
|
|
77
|
-
passwords = self._get_wordlist_path(
|
|
142
|
+
users = self._get_wordlist_path("macos_users.txt")
|
|
143
|
+
passwords = self._get_wordlist_path("top100.txt")
|
|
78
144
|
|
|
79
|
-
cmd = [
|
|
145
|
+
cmd = ["hydra"]
|
|
80
146
|
|
|
81
147
|
if not has_user:
|
|
82
|
-
cmd.extend([
|
|
148
|
+
cmd.extend(["-L", users])
|
|
83
149
|
|
|
84
150
|
cmd.extend(args) # Add any user-specified args
|
|
85
|
-
cmd.extend(
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
151
|
+
cmd.extend(
|
|
152
|
+
[
|
|
153
|
+
"-P",
|
|
154
|
+
passwords,
|
|
155
|
+
"-s",
|
|
156
|
+
"548",
|
|
157
|
+
"-t",
|
|
158
|
+
"2",
|
|
159
|
+
"-w",
|
|
160
|
+
"3",
|
|
161
|
+
"-vV",
|
|
162
|
+
"-f",
|
|
163
|
+
target,
|
|
164
|
+
"afp",
|
|
165
|
+
]
|
|
166
|
+
)
|
|
167
|
+
|
|
168
|
+
return {"cmd": cmd, "timeout": 1800}
|
|
169
|
+
|
|
170
|
+
def run(
|
|
171
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
172
|
+
) -> int:
|
|
102
173
|
"""Execute AFP brute force."""
|
|
103
174
|
cmd_spec = self.build_command(target, args, label, log_path)
|
|
104
175
|
if cmd_spec is None:
|
|
105
176
|
return 1
|
|
106
177
|
|
|
107
|
-
cmd = cmd_spec[
|
|
178
|
+
cmd = cmd_spec["cmd"]
|
|
108
179
|
|
|
109
180
|
if log_path:
|
|
110
|
-
with open(log_path,
|
|
181
|
+
with open(log_path, "w") as f:
|
|
111
182
|
f.write(f"# AFP Brute Force on {target}\n")
|
|
112
183
|
f.write(f"# Command: {' '.join(cmd)}\n")
|
|
113
184
|
f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
|
|
114
185
|
|
|
115
186
|
try:
|
|
116
|
-
with open(log_path,
|
|
187
|
+
with open(log_path, "a") as f:
|
|
117
188
|
result = subprocess.run(
|
|
118
|
-
cmd,
|
|
119
|
-
stdout=f,
|
|
120
|
-
stderr=subprocess.STDOUT,
|
|
121
|
-
timeout=cmd_spec['timeout']
|
|
189
|
+
cmd, stdout=f, stderr=subprocess.STDOUT, timeout=cmd_spec["timeout"]
|
|
122
190
|
)
|
|
123
191
|
return result.returncode
|
|
124
192
|
except subprocess.TimeoutExpired:
|
|
125
193
|
if log_path:
|
|
126
|
-
with open(log_path,
|
|
194
|
+
with open(log_path, "a") as f:
|
|
127
195
|
f.write("\n\n# ERROR: Brute force timed out\n")
|
|
128
196
|
return 124
|
|
129
197
|
except Exception as e:
|
|
130
198
|
if log_path:
|
|
131
|
-
with open(log_path,
|
|
199
|
+
with open(log_path, "a") as f:
|
|
132
200
|
f.write(f"\n\n# ERROR: {e}\n")
|
|
133
201
|
return 1
|
|
134
202
|
|
souleyez/plugins/ard.py
CHANGED
|
@@ -44,17 +44,27 @@ HELP = {
|
|
|
44
44
|
"title": "macOS Remote Access",
|
|
45
45
|
"color": "cyan",
|
|
46
46
|
"content": [
|
|
47
|
-
{
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
"
|
|
53
|
-
"
|
|
54
|
-
|
|
55
|
-
|
|
47
|
+
{
|
|
48
|
+
"title": "Screen Sharing",
|
|
49
|
+
"desc": "Built-in VNC server (port 5900). Uses macOS user credentials or VNC password.",
|
|
50
|
+
},
|
|
51
|
+
{
|
|
52
|
+
"title": "Apple Remote Desktop",
|
|
53
|
+
"desc": "Enterprise management tool (port 3283). Used by IT admins for fleet management.",
|
|
54
|
+
},
|
|
55
|
+
{
|
|
56
|
+
"title": "Security Notes",
|
|
57
|
+
"desc": "VNC vulnerabilities",
|
|
58
|
+
"tips": [
|
|
59
|
+
"Some Macs have VNC with no auth",
|
|
60
|
+
"ARD auth bypass (CVE-2017-13872)",
|
|
61
|
+
"Weak VNC passwords common",
|
|
62
|
+
"Traffic often unencrypted",
|
|
63
|
+
],
|
|
64
|
+
},
|
|
65
|
+
],
|
|
56
66
|
}
|
|
57
|
-
]
|
|
67
|
+
],
|
|
58
68
|
}
|
|
59
69
|
|
|
60
70
|
|
|
@@ -64,7 +74,9 @@ class ARDPlugin(PluginBase):
|
|
|
64
74
|
category = "scanning"
|
|
65
75
|
HELP = HELP
|
|
66
76
|
|
|
67
|
-
def build_command(
|
|
77
|
+
def build_command(
|
|
78
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
79
|
+
):
|
|
68
80
|
"""Build nmap command for VNC/ARD enumeration."""
|
|
69
81
|
args = args or []
|
|
70
82
|
|
|
@@ -72,65 +84,64 @@ class ARDPlugin(PluginBase):
|
|
|
72
84
|
target = validate_target(target)
|
|
73
85
|
except ValidationError as e:
|
|
74
86
|
if log_path:
|
|
75
|
-
with open(log_path,
|
|
87
|
+
with open(log_path, "w") as f:
|
|
76
88
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
77
89
|
return None
|
|
78
90
|
|
|
79
91
|
# Determine scripts
|
|
80
|
-
if
|
|
81
|
-
scripts =
|
|
92
|
+
if "--deep" in args:
|
|
93
|
+
scripts = "vnc-info,vnc-title,realvnc-auth-bypass"
|
|
82
94
|
else:
|
|
83
|
-
scripts =
|
|
95
|
+
scripts = "vnc-info"
|
|
84
96
|
|
|
85
97
|
# VNC = 5900, ARD = 3283
|
|
86
98
|
cmd = [
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
99
|
+
"nmap",
|
|
100
|
+
"-sV",
|
|
101
|
+
"-p",
|
|
102
|
+
"5900,3283,5901,5902,5903",
|
|
103
|
+
"--script",
|
|
104
|
+
scripts,
|
|
105
|
+
"-oN",
|
|
106
|
+
"-",
|
|
107
|
+
"--open",
|
|
108
|
+
"-T4",
|
|
109
|
+
target,
|
|
95
110
|
]
|
|
96
111
|
|
|
97
|
-
return {
|
|
98
|
-
'cmd': cmd,
|
|
99
|
-
'timeout': 600
|
|
100
|
-
}
|
|
112
|
+
return {"cmd": cmd, "timeout": 600}
|
|
101
113
|
|
|
102
|
-
def run(
|
|
114
|
+
def run(
|
|
115
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
116
|
+
) -> int:
|
|
103
117
|
"""Execute VNC/ARD enumeration."""
|
|
104
118
|
cmd_spec = self.build_command(target, args, label, log_path)
|
|
105
119
|
if cmd_spec is None:
|
|
106
120
|
return 1
|
|
107
121
|
|
|
108
|
-
cmd = cmd_spec[
|
|
122
|
+
cmd = cmd_spec["cmd"]
|
|
109
123
|
|
|
110
124
|
if log_path:
|
|
111
|
-
with open(log_path,
|
|
125
|
+
with open(log_path, "w") as f:
|
|
112
126
|
f.write(f"# VNC/ARD Enumeration on {target}\n")
|
|
113
127
|
f.write(f"# Ports: 5900 (VNC), 3283 (ARD)\n")
|
|
114
128
|
f.write(f"# Command: {' '.join(cmd)}\n")
|
|
115
129
|
f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
|
|
116
130
|
|
|
117
131
|
try:
|
|
118
|
-
with open(log_path,
|
|
132
|
+
with open(log_path, "a") as f:
|
|
119
133
|
result = subprocess.run(
|
|
120
|
-
cmd,
|
|
121
|
-
stdout=f,
|
|
122
|
-
stderr=subprocess.STDOUT,
|
|
123
|
-
timeout=cmd_spec['timeout']
|
|
134
|
+
cmd, stdout=f, stderr=subprocess.STDOUT, timeout=cmd_spec["timeout"]
|
|
124
135
|
)
|
|
125
136
|
return result.returncode
|
|
126
137
|
except subprocess.TimeoutExpired:
|
|
127
138
|
if log_path:
|
|
128
|
-
with open(log_path,
|
|
139
|
+
with open(log_path, "a") as f:
|
|
129
140
|
f.write("\n\n# ERROR: Scan timed out\n")
|
|
130
141
|
return 124
|
|
131
142
|
except Exception as e:
|
|
132
143
|
if log_path:
|
|
133
|
-
with open(log_path,
|
|
144
|
+
with open(log_path, "a") as f:
|
|
134
145
|
f.write(f"\n\n# ERROR: {e}\n")
|
|
135
146
|
return 1
|
|
136
147
|
|