souleyez 2.43.28__py3-none-any.whl → 2.43.32__py3-none-any.whl

souleyez/plugins/impacket_secretsdump.py

@@ -26,11 +26,11 @@ HELP = {
         "- Output includes NT hashes for pass-the-hash attacks\n"
         "- Can work with local files or remote connections\n"
     ),
-    "usage": "souleyez jobs enqueue impacket-secretsdump <target> --args \"DOMAIN/user:pass@host\"",
+    "usage": 'souleyez jobs enqueue impacket-secretsdump <target> --args "DOMAIN/user:pass@host"',
     "examples": [
-        "souleyez jobs enqueue impacket-secretsdump 10.0.0.82 --args \"CONTOSO/Administrator:Password123@10.0.0.82\"",
-        "souleyez jobs enqueue impacket-secretsdump 10.0.0.82 --args \"Administrator:Password123@10.0.0.82 -just-dc\"",
-        "souleyez jobs enqueue impacket-secretsdump 10.0.0.82 --args \"Administrator@10.0.0.82 -hashes :8846f7eaee8fb117ad06bdd830b7586c\"",
+        'souleyez jobs enqueue impacket-secretsdump 10.0.0.82 --args "CONTOSO/Administrator:Password123@10.0.0.82"',
+        'souleyez jobs enqueue impacket-secretsdump 10.0.0.82 --args "Administrator:Password123@10.0.0.82 -just-dc"',
+        'souleyez jobs enqueue impacket-secretsdump 10.0.0.82 --args "Administrator@10.0.0.82 -hashes :8846f7eaee8fb117ad06bdd830b7586c"',
     ],
     "flags": [
         ["-just-dc", "Extract only NTDS.DIT data (Domain Controller)"],
@@ -44,102 +44,134 @@ HELP = {
             {
                 "name": "Extract NTDS.dit (All Domain Hashes)",
                 "args": ["-just-dc", "-outputfile", "domain_hashes"],
-                "desc": "Extract all domain password hashes from DC (requires DA)"
+                "desc": "Extract all domain password hashes from DC (requires DA)",
             },
             {
                 "name": "Extract NTDS.dit (NTLM Only)",
                 "args": ["-just-dc-ntlm", "-outputfile", "ntlm_hashes"],
-                "desc": "Extract only NTLM hashes (faster, smaller output)"
+                "desc": "Extract only NTLM hashes (faster, smaller output)",
             },
             {
                 "name": "Extract Specific User",
                 "args": ["-just-dc-user", "administrator", "-outputfile", "admin_hash"],
-                "desc": "Extract credentials for specific domain user"
+                "desc": "Extract credentials for specific domain user",
             },
             {
                 "name": "Extract with Password History",
                 "args": ["-just-dc", "-history", "-outputfile", "hashes_with_history"],
-                "desc": "Extract current and historical password hashes"
-            }
+                "desc": "Extract current and historical password hashes",
+            },
         ],
         "local_sam": [
             {
                 "name": "Dump Local SAM",
                 "args": ["-sam", "-outputfile", "local_hashes"],
-                "desc": "Extract local user password hashes from SAM"
+                "desc": "Extract local user password hashes from SAM",
             },
             {
                 "name": "Dump LSA Secrets",
                 "args": ["-security", "-outputfile", "lsa_secrets"],
-                "desc": "Extract LSA secrets (cached credentials, service passwords)"
+                "desc": "Extract LSA secrets (cached credentials, service passwords)",
             },
             {
                 "name": "Dump Everything (SAM + LSA + Cached)",
-                "args": ["-sam", "-security", "-system", "-outputfile", "all_credentials"],
-                "desc": "Complete local credential extraction"
-            }
+                "args": [
+                    "-sam",
+                    "-security",
+                    "-system",
+                    "-outputfile",
+                    "all_credentials",
+                ],
+                "desc": "Complete local credential extraction",
+            },
         ],
         "pass_the_hash": [
             {
                 "name": "Use Pass-the-Hash (NTLM)",
-                "args": ["-hashes", ":<ntlm_hash>", "-just-dc-ntlm", "-outputfile", "pth_dump"],
-                "desc": "Authenticate with NTLM hash instead of password"
+                "args": [
+                    "-hashes",
+                    ":<ntlm_hash>",
+                    "-just-dc-ntlm",
+                    "-outputfile",
+                    "pth_dump",
+                ],
+                "desc": "Authenticate with NTLM hash instead of password",
             }
-        ]
+        ],
     },
-    "presets": []
+    "presets": [],
 }
 
 # Flatten presets
-for category_presets in HELP['preset_categories'].values():
-    HELP['presets'].extend(category_presets)
+for category_presets in HELP["preset_categories"].values():
+    HELP["presets"].extend(category_presets)
 
 HELP["help_sections"] = [
     {
         "title": "What is secretsdump?",
         "color": "cyan",
         "content": [
-            {"title": "Overview", "desc": "secretsdump extracts password hashes, Kerberos keys, and plaintext passwords from SAM, SECURITY, SYSTEM, and NTDS.dit files on Windows systems."},
-            {"title": "Use Cases", "desc": "Credential extraction after gaining admin access", "tips": [
-                "Dump local SAM database hashes",
-                "Extract Domain Controller NTDS.dit (all domain hashes)",
-                "Retrieve LSA secrets (service passwords)",
-                "Get cached domain credentials"
-            ]}
-        ]
+            {
+                "title": "Overview",
+                "desc": "secretsdump extracts password hashes, Kerberos keys, and plaintext passwords from SAM, SECURITY, SYSTEM, and NTDS.dit files on Windows systems.",
+            },
+            {
+                "title": "Use Cases",
+                "desc": "Credential extraction after gaining admin access",
+                "tips": [
+                    "Dump local SAM database hashes",
+                    "Extract Domain Controller NTDS.dit (all domain hashes)",
+                    "Retrieve LSA secrets (service passwords)",
+                    "Get cached domain credentials",
+                ],
+            },
+        ],
     },
     {
         "title": "How to Use",
         "color": "green",
         "content": [
-            {"title": "Basic Workflow", "desc": "1. Obtain admin/domain admin credentials\n     2. Use -just-dc for DC hash extraction\n     3. Save output with -outputfile\n     4. Crack hashes or use for pass-the-hash"},
-            {"title": "Key Options", "desc": "Essential secretsdump parameters", "tips": [
-                "-just-dc: Extract NTDS.dit only (DC)",
-                "-just-dc-ntlm: NTLM hashes only (faster)",
-                "-just-dc-user <user>: Specific user only",
-                "-hashes: Pass-the-hash authentication"
-            ]}
-        ]
+            {
+                "title": "Basic Workflow",
+                "desc": "1. Obtain admin/domain admin credentials\n     2. Use -just-dc for DC hash extraction\n     3. Save output with -outputfile\n     4. Crack hashes or use for pass-the-hash",
+            },
+            {
+                "title": "Key Options",
+                "desc": "Essential secretsdump parameters",
+                "tips": [
+                    "-just-dc: Extract NTDS.dit only (DC)",
+                    "-just-dc-ntlm: NTLM hashes only (faster)",
+                    "-just-dc-user <user>: Specific user only",
+                    "-hashes: Pass-the-hash authentication",
+                ],
+            },
+        ],
     },
     {
         "title": "Tips & Best Practices",
         "color": "yellow",
         "content": [
-            ("Best Practices:", [
-                "Use -outputfile to save all hashes",
-                "Requires admin (local SAM) or Domain Admin (NTDS)",
-                "Output includes NT hashes for pass-the-hash",
-                "Use -history to get password history",
-                "Crack with hashcat mode 1000 (NTLM)"
-            ]),
-            ("Common Issues:", [
-                "Access denied: Verify admin/DA credentials",
-                "Connection timeout: Check network connectivity to DC",
-                "Empty output: May need different authentication method",
-                "Permission errors: Ensure proper privilege level"
-            ])
-        ]
-    }
+            (
+                "Best Practices:",
+                [
+                    "Use -outputfile to save all hashes",
+                    "Requires admin (local SAM) or Domain Admin (NTDS)",
+                    "Output includes NT hashes for pass-the-hash",
+                    "Use -history to get password history",
+                    "Crack with hashcat mode 1000 (NTLM)",
+                ],
+            ),
+            (
+                "Common Issues:",
+                [
+                    "Access denied: Verify admin/DA credentials",
+                    "Connection timeout: Check network connectivity to DC",
+                    "Empty output: May need different authentication method",
+                    "Permission errors: Ensure proper privilege level",
+                ],
+            ),
+        ],
+    },
 ]
 
 
@@ -149,23 +181,23 @@ class ImpacketSecretsdumpPlugin(PluginBase):
     category = "credential_access"
     HELP = HELP
 
-
-    def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
+    def build_command(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ):
         """Build command for background execution with PID tracking."""
         args = args or []
-        
+
         # Replace <target> placeholder
         args = [arg.replace("<target>", target) for arg in args]
-        
+
         # Build command (args should include credentials)
         cmd = ["impacket-secretsdump"] + args
-        
-        return {
-            'cmd': cmd,
-            'timeout': 1800
-        }
 
-    def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
+        return {"cmd": cmd, "timeout": 1800}
+
+    def run(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ) -> int:
         """Execute impacket-secretsdump and write output to log_path."""
 
         args = args or []
@@ -181,7 +213,9 @@ class ImpacketSecretsdumpPlugin(PluginBase):
 
         if not log_path:
             try:
-                proc = subprocess.run(cmd, capture_output=True, timeout=300, check=False)
+                proc = subprocess.run(
+                    cmd, capture_output=True, timeout=300, check=False
+                )
                 return proc.returncode
             except Exception:
                 return 1
@@ -193,16 +227,14 @@ class ImpacketSecretsdumpPlugin(PluginBase):
                 fh.write(f"Target: {target}\n")
                 fh.write(f"Args: {args}\n")
                 fh.write(f"Label: {label}\n")
-                fh.write(f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n")
+                fh.write(
+                    f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
+                )
                 fh.write(f"Command: {' '.join(cmd)}\n\n")
 
             # Run secretsdump
             proc = subprocess.run(
-                cmd,
-                capture_output=True,
-                timeout=300,
-                check=False,
-                text=True
+                cmd, capture_output=True, timeout=300, check=False, text=True
             )
 
             # Write output
@@ -213,7 +245,9 @@ class ImpacketSecretsdumpPlugin(PluginBase):
                 if proc.stderr:
                     fh.write(f"\n\n# Error output:\n{proc.stderr}\n")
 
-                fh.write(f"\nCompleted: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n")
+                fh.write(
+                    f"\nCompleted: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
+                )
                 fh.write(f"Exit Code: {proc.returncode}\n")
 
             return proc.returncode

souleyez/plugins/impacket_smbclient.py

@@ -25,110 +25,124 @@ HELP = {
         "- Supports wildcards for bulk operations\n"
         "- Can use pass-the-hash authentication\n"
     ),
-    "usage": "souleyez jobs enqueue impacket-smbclient <target> --args \"DOMAIN/user:pass@host\"",
+    "usage": 'souleyez jobs enqueue impacket-smbclient <target> --args "DOMAIN/user:pass@host"',
     "examples": [
-        "souleyez jobs enqueue impacket-smbclient 10.0.0.82 --args \"Administrator:Password123@10.0.0.82\"",
-        "souleyez jobs enqueue impacket-smbclient 10.0.0.82 --args \"guest@10.0.0.82 -no-pass\"",
-        "souleyez jobs enqueue impacket-smbclient 10.0.0.82 --args \"Administrator@10.0.0.82 -hashes :8846f7eaee8fb117ad06bdd830b7586c\"",
+        'souleyez jobs enqueue impacket-smbclient 10.0.0.82 --args "Administrator:Password123@10.0.0.82"',
+        'souleyez jobs enqueue impacket-smbclient 10.0.0.82 --args "guest@10.0.0.82 -no-pass"',
+        'souleyez jobs enqueue impacket-smbclient 10.0.0.82 --args "Administrator@10.0.0.82 -hashes :8846f7eaee8fb117ad06bdd830b7586c"',
     ],
     "flags": [
         ["-hashes <LM:NT>", "Pass-the-hash authentication"],
         ["-no-pass", "Don't ask for password (null session)"],
         ["-k", "Use Kerberos authentication"],
-        ["-file <file>", "Execute commands from file"],
-        ["-share <share>", "Connect directly to specific share"],
+        ["-inputfile <file>", "Execute commands from file"],
     ],
     "preset_categories": {
         "browse": [
             {
                 "name": "Anonymous Login (Null Session)",
-                "args": ["-no-pass", "-share", "ADMIN$"],
-                "desc": "Attempt anonymous SMB connection (try different shares)"
-            },
-            {
-                "name": "Guest Login",
-                "args": ["-no-pass", "-username", "guest", "-share", "C$"],
-                "desc": "Attempt guest account access"
+                "args": ["-no-pass"],
+                "desc": "Attempt anonymous SMB connection",
             },
             {
                 "name": "Browse Shares (Authenticated)",
                 "args": [],
-                "desc": "Connect and list available shares with credentials"
-            }
+                "desc": "Connect and list available shares with credentials",
+            },
         ],
         "download": [
             {
-                "name": "Download Specific File",
-                "args": ["-share", "C$", "-file", "commands.txt"],
-                "desc": "Execute SMB commands from file (e.g., 'get important.txt')"
+                "name": "Execute Commands from File",
+                "args": ["-inputfile", "commands.txt"],
+                "desc": "Execute SMB commands from file (e.g., 'shares', 'use C$', 'ls')",
             }
         ],
         "authentication": [
             {
                 "name": "Pass-the-Hash (NTLM)",
-                "args": ["-hashes", ":<ntlm_hash>", "-share", "C$"],
-                "desc": "Authenticate with NTLM hash and access C$ share"
+                "args": ["-hashes", ":<ntlm_hash>"],
+                "desc": "Authenticate with NTLM hash",
             },
             {
                 "name": "Kerberos Authentication",
-                "args": ["-k", "-no-pass", "-share", "SYSVOL"],
-                "desc": "Use Kerberos ticket for SMB access"
-            }
-        ]
+                "args": ["-k", "-no-pass"],
+                "desc": "Use Kerberos ticket for SMB access",
+            },
+        ],
     },
-    "presets": []
+    "presets": [],
 }
 
 # Flatten presets
-for category_presets in HELP['preset_categories'].values():
-    HELP['presets'].extend(category_presets)
+for category_presets in HELP["preset_categories"].values():
+    HELP["presets"].extend(category_presets)
 
 HELP["help_sections"] = [
     {
         "title": "What is smbclient?",
         "color": "cyan",
         "content": [
-            {"title": "Overview", "desc": "smbclient provides an interactive SMB client for file operations, similar to FTP, allowing you to browse, download, upload, and delete files on remote SMB shares."},
-            {"title": "Use Cases", "desc": "SMB file operations and data collection", "tips": [
-                "Browse share contents recursively",
-                "Download sensitive files and documents",
-                "Upload tools and payloads",
-                "Enumerate accessible data"
-            ]}
-        ]
+            {
+                "title": "Overview",
+                "desc": "smbclient provides an interactive SMB client for file operations, similar to FTP, allowing you to browse, download, upload, and delete files on remote SMB shares.",
+            },
+            {
+                "title": "Use Cases",
+                "desc": "SMB file operations and data collection",
+                "tips": [
+                    "Browse share contents recursively",
+                    "Download sensitive files and documents",
+                    "Upload tools and payloads",
+                    "Enumerate accessible data",
+                ],
+            },
+        ],
     },
     {
         "title": "How to Use",
         "color": "green",
         "content": [
-            {"title": "Basic Workflow", "desc": "1. Connect to target with credentials\n     2. List shares and select target share\n     3. Browse files with ls command\n     4. Download files with get command"},
-            {"title": "Key Commands", "desc": "Common smbclient operations", "tips": [
-                "ls: List files in current directory",
-                "get <file>: Download file",
-                "put <file>: Upload file",
-                "cd <dir>: Change directory"
-            ]}
-        ]
+            {
+                "title": "Basic Workflow",
+                "desc": "1. Connect to target with credentials\n     2. List shares and select target share\n     3. Browse files with ls command\n     4. Download files with get command",
+            },
+            {
+                "title": "Key Commands",
+                "desc": "Common smbclient operations",
+                "tips": [
+                    "ls: List files in current directory",
+                    "get <file>: Download file",
+                    "put <file>: Upload file",
+                    "cd <dir>: Change directory",
+                ],
+            },
+        ],
     },
     {
         "title": "Tips & Best Practices",
         "color": "yellow",
         "content": [
-            ("Best Practices:", [
-                "Can work without authentication (null sessions)",
-                "Use -share to connect directly to specific share",
-                "Supports wildcards for bulk operations",
-                "Can use pass-the-hash authentication",
-                "Save interesting files for analysis"
-            ]),
-            ("Common Issues:", [
-                "Access denied: Try guest or null session",
-                "Share not found: List shares first without -share",
-                "Connection refused: Verify SMB (445) is open",
-                "Timeout errors: Check network connectivity"
-            ])
-        ]
-    }
+            (
+                "Best Practices:",
+                [
+                    "Can work without authentication (null sessions)",
+                    "Use -share to connect directly to specific share",
+                    "Supports wildcards for bulk operations",
+                    "Can use pass-the-hash authentication",
+                    "Save interesting files for analysis",
+                ],
+            ),
+            (
+                "Common Issues:",
+                [
+                    "Access denied: Try guest or null session",
+                    "Share not found: List shares first without -share",
+                    "Connection refused: Verify SMB (445) is open",
+                    "Timeout errors: Check network connectivity",
+                ],
+            ),
+        ],
+    },
 ]
 
 
@@ -138,23 +152,23 @@ class ImpacketSmbclientPlugin(PluginBase):
     category = "discovery_collection"
     HELP = HELP
 
-
-    def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
+    def build_command(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ):
         """Build command for background execution with PID tracking."""
         args = args or []
-        
+
         # Replace <target> placeholder
         args = [arg.replace("<target>", target) for arg in args]
-        
+
         # Build command (args should include credentials)
         cmd = ["impacket-smbclient"] + args
-        
-        return {
-            'cmd': cmd,
-            'timeout': 1800
-        }
 
-    def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
+        return {"cmd": cmd, "timeout": 1800}
+
+    def run(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ) -> int:
         """Execute impacket-smbclient and write output to log_path."""
 
         args = args or []
@@ -182,17 +196,15 @@ class ImpacketSmbclientPlugin(PluginBase):
                 fh.write(f"Target: {target}\n")
                 fh.write(f"Args: {args}\n")
                 fh.write(f"Label: {label}\n")
-                fh.write(f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n")
+                fh.write(
+                    f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
+                )
                 fh.write(f"Command: {' '.join(cmd)}\n\n")
 
             # Run smbclient (non-interactive)
             # Note: For interactive mode, would need special handling
             proc = subprocess.run(
-                cmd,
-                capture_output=True,
-                timeout=60,
-                check=False,
-                text=True
+                cmd, capture_output=True, timeout=60, check=False, text=True
             )
 
             # Write output
@@ -203,7 +215,9 @@ class ImpacketSmbclientPlugin(PluginBase):
                 if proc.stderr:
                     fh.write(f"\n\n# Error output:\n{proc.stderr}\n")
 
-                fh.write(f"\nCompleted: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n")
+                fh.write(
+                    f"\nCompleted: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
+                )
                 fh.write(f"Exit Code: {proc.returncode}\n")
 
             return proc.returncode