souleyez 2.43.28__py3-none-any.whl → 2.43.32__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (356) hide show
  1. souleyez/__init__.py +1 -2
  2. souleyez/ai/__init__.py +21 -15
  3. souleyez/ai/action_mapper.py +249 -150
  4. souleyez/ai/chain_advisor.py +116 -100
  5. souleyez/ai/claude_provider.py +29 -28
  6. souleyez/ai/context_builder.py +80 -62
  7. souleyez/ai/executor.py +158 -117
  8. souleyez/ai/feedback_handler.py +136 -121
  9. souleyez/ai/llm_factory.py +27 -20
  10. souleyez/ai/llm_provider.py +4 -2
  11. souleyez/ai/ollama_provider.py +6 -9
  12. souleyez/ai/ollama_service.py +44 -37
  13. souleyez/ai/path_scorer.py +91 -76
  14. souleyez/ai/recommender.py +176 -144
  15. souleyez/ai/report_context.py +74 -73
  16. souleyez/ai/report_service.py +84 -66
  17. souleyez/ai/result_parser.py +222 -229
  18. souleyez/ai/safety.py +67 -44
  19. souleyez/auth/__init__.py +23 -22
  20. souleyez/auth/audit.py +36 -26
  21. souleyez/auth/engagement_access.py +65 -48
  22. souleyez/auth/permissions.py +14 -3
  23. souleyez/auth/session_manager.py +54 -37
  24. souleyez/auth/user_manager.py +109 -64
  25. souleyez/commands/audit.py +40 -43
  26. souleyez/commands/auth.py +35 -15
  27. souleyez/commands/deliverables.py +55 -50
  28. souleyez/commands/engagement.py +47 -28
  29. souleyez/commands/license.py +32 -23
  30. souleyez/commands/screenshots.py +36 -32
  31. souleyez/commands/user.py +82 -36
  32. souleyez/config.py +52 -44
  33. souleyez/core/credential_tester.py +87 -81
  34. souleyez/core/cve_mappings.py +179 -192
  35. souleyez/core/cve_matcher.py +162 -148
  36. souleyez/core/msf_auto_mapper.py +100 -83
  37. souleyez/core/msf_chain_engine.py +294 -256
  38. souleyez/core/msf_database.py +153 -70
  39. souleyez/core/msf_integration.py +679 -673
  40. souleyez/core/msf_rpc_client.py +40 -42
  41. souleyez/core/msf_rpc_manager.py +77 -79
  42. souleyez/core/msf_sync_manager.py +241 -181
  43. souleyez/core/network_utils.py +22 -15
  44. souleyez/core/parser_handler.py +34 -25
  45. souleyez/core/pending_chains.py +114 -63
  46. souleyez/core/templates.py +158 -107
  47. souleyez/core/tool_chaining.py +9592 -2879
  48. souleyez/core/version_utils.py +79 -94
  49. souleyez/core/vuln_correlation.py +136 -89
  50. souleyez/core/web_utils.py +33 -32
  51. souleyez/data/wordlists/ad_users.txt +378 -0
  52. souleyez/data/wordlists/api_endpoints_large.txt +769 -0
  53. souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
  54. souleyez/data/wordlists/lfi_payloads.txt +82 -0
  55. souleyez/data/wordlists/passwords_brute.txt +1548 -0
  56. souleyez/data/wordlists/passwords_crack.txt +2479 -0
  57. souleyez/data/wordlists/passwords_spray.txt +386 -0
  58. souleyez/data/wordlists/subdomains_large.txt +5057 -0
  59. souleyez/data/wordlists/usernames_common.txt +694 -0
  60. souleyez/data/wordlists/web_dirs_large.txt +4769 -0
  61. souleyez/detection/__init__.py +1 -1
  62. souleyez/detection/attack_signatures.py +12 -17
  63. souleyez/detection/mitre_mappings.py +61 -55
  64. souleyez/detection/validator.py +97 -86
  65. souleyez/devtools.py +23 -10
  66. souleyez/docs/README.md +4 -4
  67. souleyez/docs/api-reference/cli-commands.md +2 -2
  68. souleyez/docs/developer-guide/adding-new-tools.md +562 -0
  69. souleyez/docs/user-guide/auto-chaining.md +30 -8
  70. souleyez/docs/user-guide/getting-started.md +1 -1
  71. souleyez/docs/user-guide/installation.md +26 -3
  72. souleyez/docs/user-guide/metasploit-integration.md +2 -2
  73. souleyez/docs/user-guide/rbac.md +1 -1
  74. souleyez/docs/user-guide/scope-management.md +1 -1
  75. souleyez/docs/user-guide/siem-integration.md +1 -1
  76. souleyez/docs/user-guide/tools-reference.md +1 -8
  77. souleyez/docs/user-guide/worker-management.md +1 -1
  78. souleyez/engine/background.py +1238 -535
  79. souleyez/engine/base.py +4 -1
  80. souleyez/engine/job_status.py +17 -49
  81. souleyez/engine/log_sanitizer.py +103 -77
  82. souleyez/engine/manager.py +38 -7
  83. souleyez/engine/result_handler.py +2198 -1550
  84. souleyez/engine/worker_manager.py +50 -41
  85. souleyez/export/evidence_bundle.py +72 -62
  86. souleyez/feature_flags/features.py +16 -20
  87. souleyez/feature_flags.py +5 -9
  88. souleyez/handlers/__init__.py +11 -0
  89. souleyez/handlers/base.py +188 -0
  90. souleyez/handlers/bash_handler.py +277 -0
  91. souleyez/handlers/bloodhound_handler.py +243 -0
  92. souleyez/handlers/certipy_handler.py +311 -0
  93. souleyez/handlers/crackmapexec_handler.py +486 -0
  94. souleyez/handlers/dnsrecon_handler.py +344 -0
  95. souleyez/handlers/enum4linux_handler.py +400 -0
  96. souleyez/handlers/evil_winrm_handler.py +493 -0
  97. souleyez/handlers/ffuf_handler.py +815 -0
  98. souleyez/handlers/gobuster_handler.py +1114 -0
  99. souleyez/handlers/gpp_extract_handler.py +334 -0
  100. souleyez/handlers/hashcat_handler.py +444 -0
  101. souleyez/handlers/hydra_handler.py +563 -0
  102. souleyez/handlers/impacket_getuserspns_handler.py +343 -0
  103. souleyez/handlers/impacket_psexec_handler.py +222 -0
  104. souleyez/handlers/impacket_secretsdump_handler.py +426 -0
  105. souleyez/handlers/john_handler.py +286 -0
  106. souleyez/handlers/katana_handler.py +425 -0
  107. souleyez/handlers/kerbrute_handler.py +298 -0
  108. souleyez/handlers/ldapsearch_handler.py +636 -0
  109. souleyez/handlers/lfi_extract_handler.py +464 -0
  110. souleyez/handlers/msf_auxiliary_handler.py +408 -0
  111. souleyez/handlers/msf_exploit_handler.py +380 -0
  112. souleyez/handlers/nikto_handler.py +413 -0
  113. souleyez/handlers/nmap_handler.py +821 -0
  114. souleyez/handlers/nuclei_handler.py +359 -0
  115. souleyez/handlers/nxc_handler.py +371 -0
  116. souleyez/handlers/rdp_sec_check_handler.py +353 -0
  117. souleyez/handlers/registry.py +288 -0
  118. souleyez/handlers/responder_handler.py +232 -0
  119. souleyez/handlers/service_explorer_handler.py +434 -0
  120. souleyez/handlers/smbclient_handler.py +344 -0
  121. souleyez/handlers/smbmap_handler.py +510 -0
  122. souleyez/handlers/smbpasswd_handler.py +296 -0
  123. souleyez/handlers/sqlmap_handler.py +1116 -0
  124. souleyez/handlers/theharvester_handler.py +601 -0
  125. souleyez/handlers/whois_handler.py +277 -0
  126. souleyez/handlers/wpscan_handler.py +554 -0
  127. souleyez/history.py +32 -16
  128. souleyez/importers/msf_importer.py +106 -75
  129. souleyez/importers/smart_importer.py +208 -147
  130. souleyez/integrations/siem/__init__.py +10 -10
  131. souleyez/integrations/siem/base.py +17 -18
  132. souleyez/integrations/siem/elastic.py +108 -122
  133. souleyez/integrations/siem/factory.py +207 -80
  134. souleyez/integrations/siem/googlesecops.py +146 -154
  135. souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
  136. souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
  137. souleyez/integrations/siem/sentinel.py +107 -109
  138. souleyez/integrations/siem/splunk.py +246 -212
  139. souleyez/integrations/siem/wazuh.py +65 -71
  140. souleyez/integrations/wazuh/__init__.py +5 -5
  141. souleyez/integrations/wazuh/client.py +70 -93
  142. souleyez/integrations/wazuh/config.py +85 -57
  143. souleyez/integrations/wazuh/host_mapper.py +28 -36
  144. souleyez/integrations/wazuh/sync.py +78 -68
  145. souleyez/intelligence/__init__.py +4 -5
  146. souleyez/intelligence/correlation_analyzer.py +309 -295
  147. souleyez/intelligence/exploit_knowledge.py +661 -623
  148. souleyez/intelligence/exploit_suggestions.py +159 -139
  149. souleyez/intelligence/gap_analyzer.py +132 -97
  150. souleyez/intelligence/gap_detector.py +251 -214
  151. souleyez/intelligence/sensitive_tables.py +266 -129
  152. souleyez/intelligence/service_parser.py +137 -123
  153. souleyez/intelligence/surface_analyzer.py +407 -268
  154. souleyez/intelligence/target_parser.py +159 -162
  155. souleyez/licensing/__init__.py +6 -6
  156. souleyez/licensing/validator.py +17 -19
  157. souleyez/log_config.py +79 -54
  158. souleyez/main.py +1505 -687
  159. souleyez/migrations/fix_job_counter.py +16 -14
  160. souleyez/parsers/bloodhound_parser.py +41 -39
  161. souleyez/parsers/crackmapexec_parser.py +178 -111
  162. souleyez/parsers/dalfox_parser.py +72 -77
  163. souleyez/parsers/dnsrecon_parser.py +103 -91
  164. souleyez/parsers/enum4linux_parser.py +183 -153
  165. souleyez/parsers/ffuf_parser.py +29 -25
  166. souleyez/parsers/gobuster_parser.py +301 -41
  167. souleyez/parsers/hashcat_parser.py +324 -79
  168. souleyez/parsers/http_fingerprint_parser.py +350 -103
  169. souleyez/parsers/hydra_parser.py +131 -111
  170. souleyez/parsers/impacket_parser.py +231 -178
  171. souleyez/parsers/john_parser.py +98 -86
  172. souleyez/parsers/katana_parser.py +316 -0
  173. souleyez/parsers/msf_parser.py +943 -498
  174. souleyez/parsers/nikto_parser.py +346 -65
  175. souleyez/parsers/nmap_parser.py +262 -174
  176. souleyez/parsers/nuclei_parser.py +40 -44
  177. souleyez/parsers/responder_parser.py +26 -26
  178. souleyez/parsers/searchsploit_parser.py +74 -74
  179. souleyez/parsers/service_explorer_parser.py +279 -0
  180. souleyez/parsers/smbmap_parser.py +180 -124
  181. souleyez/parsers/sqlmap_parser.py +434 -308
  182. souleyez/parsers/theharvester_parser.py +75 -57
  183. souleyez/parsers/whois_parser.py +135 -94
  184. souleyez/parsers/wpscan_parser.py +278 -190
  185. souleyez/plugins/afp.py +44 -36
  186. souleyez/plugins/afp_brute.py +114 -46
  187. souleyez/plugins/ard.py +48 -37
  188. souleyez/plugins/bloodhound.py +95 -61
  189. souleyez/plugins/certipy.py +303 -0
  190. souleyez/plugins/crackmapexec.py +186 -85
  191. souleyez/plugins/dalfox.py +120 -59
  192. souleyez/plugins/dns_hijack.py +146 -41
  193. souleyez/plugins/dnsrecon.py +97 -61
  194. souleyez/plugins/enum4linux.py +91 -66
  195. souleyez/plugins/evil_winrm.py +291 -0
  196. souleyez/plugins/ffuf.py +166 -90
  197. souleyez/plugins/firmware_extract.py +133 -29
  198. souleyez/plugins/gobuster.py +387 -190
  199. souleyez/plugins/gpp_extract.py +393 -0
  200. souleyez/plugins/hashcat.py +100 -73
  201. souleyez/plugins/http_fingerprint.py +854 -267
  202. souleyez/plugins/hydra.py +566 -200
  203. souleyez/plugins/impacket_getnpusers.py +117 -69
  204. souleyez/plugins/impacket_psexec.py +84 -64
  205. souleyez/plugins/impacket_secretsdump.py +103 -69
  206. souleyez/plugins/impacket_smbclient.py +89 -75
  207. souleyez/plugins/john.py +86 -69
  208. souleyez/plugins/katana.py +313 -0
  209. souleyez/plugins/kerbrute.py +237 -0
  210. souleyez/plugins/lfi_extract.py +541 -0
  211. souleyez/plugins/macos_ssh.py +117 -48
  212. souleyez/plugins/mdns.py +35 -30
  213. souleyez/plugins/msf_auxiliary.py +253 -130
  214. souleyez/plugins/msf_exploit.py +239 -161
  215. souleyez/plugins/nikto.py +134 -78
  216. souleyez/plugins/nmap.py +275 -91
  217. souleyez/plugins/nuclei.py +180 -89
  218. souleyez/plugins/nxc.py +285 -0
  219. souleyez/plugins/plugin_base.py +35 -36
  220. souleyez/plugins/plugin_template.py +13 -5
  221. souleyez/plugins/rdp_sec_check.py +130 -0
  222. souleyez/plugins/responder.py +112 -71
  223. souleyez/plugins/router_http_brute.py +76 -65
  224. souleyez/plugins/router_ssh_brute.py +118 -41
  225. souleyez/plugins/router_telnet_brute.py +124 -42
  226. souleyez/plugins/routersploit.py +91 -59
  227. souleyez/plugins/routersploit_exploit.py +77 -55
  228. souleyez/plugins/searchsploit.py +91 -77
  229. souleyez/plugins/service_explorer.py +1160 -0
  230. souleyez/plugins/smbmap.py +122 -72
  231. souleyez/plugins/smbpasswd.py +215 -0
  232. souleyez/plugins/sqlmap.py +301 -113
  233. souleyez/plugins/theharvester.py +127 -75
  234. souleyez/plugins/tr069.py +79 -57
  235. souleyez/plugins/upnp.py +65 -47
  236. souleyez/plugins/upnp_abuse.py +73 -55
  237. souleyez/plugins/vnc_access.py +129 -42
  238. souleyez/plugins/vnc_brute.py +109 -38
  239. souleyez/plugins/whois.py +77 -58
  240. souleyez/plugins/wpscan.py +173 -69
  241. souleyez/reporting/__init__.py +2 -1
  242. souleyez/reporting/attack_chain.py +411 -346
  243. souleyez/reporting/charts.py +436 -501
  244. souleyez/reporting/compliance_mappings.py +334 -201
  245. souleyez/reporting/detection_report.py +126 -125
  246. souleyez/reporting/formatters.py +828 -591
  247. souleyez/reporting/generator.py +386 -302
  248. souleyez/reporting/metrics.py +72 -75
  249. souleyez/scanner.py +35 -29
  250. souleyez/security/__init__.py +37 -11
  251. souleyez/security/scope_validator.py +175 -106
  252. souleyez/security/validation.py +223 -149
  253. souleyez/security.py +22 -6
  254. souleyez/storage/credentials.py +247 -186
  255. souleyez/storage/crypto.py +296 -129
  256. souleyez/storage/database.py +73 -50
  257. souleyez/storage/db.py +58 -36
  258. souleyez/storage/deliverable_evidence.py +177 -128
  259. souleyez/storage/deliverable_exporter.py +282 -246
  260. souleyez/storage/deliverable_templates.py +134 -116
  261. souleyez/storage/deliverables.py +135 -130
  262. souleyez/storage/engagements.py +109 -56
  263. souleyez/storage/evidence.py +181 -152
  264. souleyez/storage/execution_log.py +31 -17
  265. souleyez/storage/exploit_attempts.py +93 -57
  266. souleyez/storage/exploits.py +67 -36
  267. souleyez/storage/findings.py +48 -61
  268. souleyez/storage/hosts.py +176 -144
  269. souleyez/storage/migrate_to_engagements.py +43 -19
  270. souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
  271. souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
  272. souleyez/storage/migrations/_003_add_execution_log.py +14 -8
  273. souleyez/storage/migrations/_005_screenshots.py +13 -5
  274. souleyez/storage/migrations/_006_deliverables.py +13 -5
  275. souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
  276. souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
  277. souleyez/storage/migrations/_010_evidence_linking.py +17 -10
  278. souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
  279. souleyez/storage/migrations/_012_team_collaboration.py +34 -21
  280. souleyez/storage/migrations/_013_add_host_tags.py +12 -6
  281. souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
  282. souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
  283. souleyez/storage/migrations/_016_add_domain_field.py +10 -4
  284. souleyez/storage/migrations/_017_msf_sessions.py +16 -8
  285. souleyez/storage/migrations/_018_add_osint_target.py +10 -6
  286. souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
  287. souleyez/storage/migrations/_020_add_rbac.py +36 -15
  288. souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
  289. souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
  290. souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
  291. souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
  292. souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
  293. souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
  294. souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
  295. souleyez/storage/migrations/__init__.py +26 -26
  296. souleyez/storage/migrations/migration_manager.py +19 -19
  297. souleyez/storage/msf_sessions.py +100 -65
  298. souleyez/storage/osint.py +17 -24
  299. souleyez/storage/recommendation_engine.py +269 -235
  300. souleyez/storage/screenshots.py +33 -32
  301. souleyez/storage/smb_shares.py +136 -92
  302. souleyez/storage/sqlmap_data.py +183 -128
  303. souleyez/storage/team_collaboration.py +135 -141
  304. souleyez/storage/timeline_tracker.py +122 -94
  305. souleyez/storage/wazuh_vulns.py +64 -66
  306. souleyez/storage/web_paths.py +33 -37
  307. souleyez/testing/credential_tester.py +221 -205
  308. souleyez/ui/__init__.py +1 -1
  309. souleyez/ui/ai_quotes.py +12 -12
  310. souleyez/ui/attack_surface.py +2439 -1516
  311. souleyez/ui/chain_rules_view.py +914 -382
  312. souleyez/ui/correlation_view.py +312 -230
  313. souleyez/ui/dashboard.py +2382 -1130
  314. souleyez/ui/deliverables_view.py +148 -62
  315. souleyez/ui/design_system.py +13 -13
  316. souleyez/ui/errors.py +49 -49
  317. souleyez/ui/evidence_linking_view.py +284 -179
  318. souleyez/ui/evidence_vault.py +393 -285
  319. souleyez/ui/exploit_suggestions_view.py +555 -349
  320. souleyez/ui/export_view.py +100 -66
  321. souleyez/ui/gap_analysis_view.py +315 -171
  322. souleyez/ui/help_system.py +105 -97
  323. souleyez/ui/intelligence_view.py +436 -293
  324. souleyez/ui/interactive.py +23142 -10430
  325. souleyez/ui/interactive_selector.py +75 -68
  326. souleyez/ui/log_formatter.py +47 -39
  327. souleyez/ui/menu_components.py +22 -13
  328. souleyez/ui/msf_auxiliary_menu.py +184 -133
  329. souleyez/ui/pending_chains_view.py +336 -172
  330. souleyez/ui/progress_indicators.py +5 -3
  331. souleyez/ui/recommendations_view.py +195 -137
  332. souleyez/ui/rule_builder.py +343 -225
  333. souleyez/ui/setup_wizard.py +678 -284
  334. souleyez/ui/shortcuts.py +217 -165
  335. souleyez/ui/splunk_gap_analysis_view.py +452 -270
  336. souleyez/ui/splunk_vulns_view.py +139 -86
  337. souleyez/ui/team_dashboard.py +498 -335
  338. souleyez/ui/template_selector.py +196 -105
  339. souleyez/ui/terminal.py +6 -6
  340. souleyez/ui/timeline_view.py +198 -127
  341. souleyez/ui/tool_setup.py +264 -164
  342. souleyez/ui/tutorial.py +202 -72
  343. souleyez/ui/tutorial_state.py +40 -40
  344. souleyez/ui/wazuh_vulns_view.py +235 -141
  345. souleyez/ui/wordlist_browser.py +260 -107
  346. souleyez/ui.py +464 -312
  347. souleyez/utils/tool_checker.py +427 -367
  348. souleyez/utils.py +33 -29
  349. souleyez/wordlists.py +134 -167
  350. {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/METADATA +1 -1
  351. souleyez-2.43.32.dist-info/RECORD +441 -0
  352. {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/WHEEL +1 -1
  353. souleyez-2.43.28.dist-info/RECORD +0 -379
  354. {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/entry_points.txt +0 -0
  355. {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/licenses/LICENSE +0 -0
  356. {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/top_level.txt +0 -0
souleyez/plugins/macos_ssh.py CHANGED
@@ -30,7 +30,7 @@ HELP = {
30
30
  "usage": "souleyez jobs enqueue macos_ssh <target>",
31
31
  "examples": [
32
32
  "souleyez jobs enqueue macos_ssh 192.168.1.100",
33
- "souleyez jobs enqueue macos_ssh 192.168.1.100 --args \"-l admin\"",
33
+ 'souleyez jobs enqueue macos_ssh 192.168.1.100 --args "-l admin"',
34
34
  ],
35
35
  "flags": [
36
36
  ["-l USER", "Single username to test"],
@@ -39,7 +39,79 @@ HELP = {
39
39
  ],
40
40
  "presets": [
41
41
  {"name": "Common Users", "args": [], "desc": "Test common macOS usernames"},
42
- {"name": "Admin Only", "args": ["-l", "admin"], "desc": "Test 'admin' user only"},
42
+ {
43
+ "name": "Admin Only",
44
+ "args": ["-l", "admin"],
45
+ "desc": "Test 'admin' user only",
46
+ },
47
+ ],
48
+ "help_sections": [
49
+ {
50
+ "title": "What is macOS SSH Brute Force?",
51
+ "color": "cyan",
52
+ "content": [
53
+ (
54
+ "Overview",
55
+ [
56
+ "Brute forces SSH (Remote Login) on macOS systems",
57
+ "Uses Hydra with macOS-specific username wordlists",
58
+ "Targets local user accounts on the Mac",
59
+ ],
60
+ ),
61
+ (
62
+ "Why macOS is Targeted",
63
+ [
64
+ "Many users use simple, memorable passwords",
65
+ "Often same password as their Apple ID/iCloud",
66
+ "Short usernames like 'admin', 'user', first names",
67
+ "Remote Login often left enabled after initial setup",
68
+ ],
69
+ ),
70
+ ],
71
+ },
72
+ {
73
+ "title": "Usage & Examples",
74
+ "color": "green",
75
+ "content": [
76
+ (
77
+ "Basic Usage",
78
+ [
79
+ "souleyez jobs enqueue macos_ssh 192.168.1.100",
80
+ " → Tests common macOS users with common passwords",
81
+ ],
82
+ ),
83
+ (
84
+ "Target Specific User",
85
+ [
86
+ 'souleyez jobs enqueue macos_ssh 192.168.1.100 --args "-l john"',
87
+ " → Only tests the 'john' user account",
88
+ ],
89
+ ),
90
+ ],
91
+ },
92
+ {
93
+ "title": "Tips & Best Practices",
94
+ "color": "yellow",
95
+ "content": [
96
+ (
97
+ "Before Attacking",
98
+ [
99
+ "Verify SSH is enabled (port 22 open in nmap scan)",
100
+ "Check for mDNS discovery results for usernames",
101
+ "Low thread count (-t 2) to avoid lockouts",
102
+ ],
103
+ ),
104
+ (
105
+ "After Success",
106
+ [
107
+ "Full shell access to macOS system",
108
+ "Can access user files, keychains, browser data",
109
+ "May be able to sudo if user is admin",
110
+ "Pivot to other systems on the network",
111
+ ],
112
+ ),
113
+ ],
114
+ },
43
115
  ],
44
116
  }
45
117
 
@@ -52,18 +124,13 @@ class MacOSSSHPlugin(PluginBase):
52
124
 
53
125
  def _get_wordlist_path(self, filename: str) -> str:
54
126
  """Get path to wordlist file."""
55
- import os
56
- locations = [
57
- os.path.join(os.path.dirname(__file__), '..', 'data', 'wordlists', filename),
58
- os.path.expanduser(f'~/.souleyez/wordlists/{filename}'),
59
- f'/usr/share/seclists/Passwords/{filename}',
60
- ]
61
- for loc in locations:
62
- if os.path.exists(loc):
63
- return os.path.abspath(loc)
64
- return filename
65
-
66
- def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
127
+ from souleyez.wordlists import resolve_wordlist_path
128
+
129
+ return resolve_wordlist_path(f"data/wordlists/{filename}")
130
+
131
+ def build_command(
132
+ self, target: str, args: List[str] = None, label: str = "", log_path: str = None
133
+ ):
67
134
  """Build Hydra command for macOS SSH brute force."""
68
135
  args = args or []
69
136
 
@@ -71,80 +138,82 @@ class MacOSSSHPlugin(PluginBase):
71
138
  target = validate_target(target)
72
139
  except ValidationError as e:
73
140
  if log_path:
74
- with open(log_path, 'w') as f:
141
+ with open(log_path, "w") as f:
75
142
  f.write(f"ERROR: Invalid target: {e}\n")
76
143
  return None
77
144
 
78
145
  # Parse args
79
- has_user = '-l' in args or '-L' in args
80
- port = '22'
146
+ has_user = "-l" in args or "-L" in args
147
+ port = "22"
81
148
 
82
149
  clean_args = []
83
150
  i = 0
84
151
  while i < len(args):
85
- if args[i] == '--port' and i + 1 < len(args):
152
+ if args[i] == "--port" and i + 1 < len(args):
86
153
  port = args[i + 1]
87
154
  i += 2
88
155
  else:
89
156
  clean_args.append(args[i])
90
157
  i += 1
91
158
 
92
- users = self._get_wordlist_path('macos_users.txt')
93
- passwords = self._get_wordlist_path('top100.txt')
159
+ users = self._get_wordlist_path("macos_users.txt")
160
+ passwords = self._get_wordlist_path("top100.txt")
94
161
 
95
- cmd = ['hydra']
162
+ cmd = ["hydra"]
96
163
 
97
164
  if not has_user:
98
- cmd.extend(['-L', users])
165
+ cmd.extend(["-L", users])
99
166
 
100
167
  cmd.extend(clean_args)
101
- cmd.extend([
102
- '-P', passwords,
103
- '-s', port,
104
- '-t', '1', # Single thread for SSH
105
- '-w', '5', # 5 second delay
106
- '-vV',
107
- '-f',
108
- target,
109
- 'ssh'
110
- ])
111
-
112
- return {
113
- 'cmd': cmd,
114
- 'timeout': 3600
115
- }
116
-
117
- def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
168
+ cmd.extend(
169
+ [
170
+ "-P",
171
+ passwords,
172
+ "-s",
173
+ port,
174
+ "-t",
175
+ "1", # Single thread for SSH
176
+ "-w",
177
+ "5", # 5 second delay
178
+ "-vV",
179
+ "-f",
180
+ target,
181
+ "ssh",
182
+ ]
183
+ )
184
+
185
+ return {"cmd": cmd, "timeout": 3600}
186
+
187
+ def run(
188
+ self, target: str, args: List[str] = None, label: str = "", log_path: str = None
189
+ ) -> int:
118
190
  """Execute macOS SSH brute force."""
119
191
  cmd_spec = self.build_command(target, args, label, log_path)
120
192
  if cmd_spec is None:
121
193
  return 1
122
194
 
123
- cmd = cmd_spec['cmd']
195
+ cmd = cmd_spec["cmd"]
124
196
 
125
197
  if log_path:
126
- with open(log_path, 'w') as f:
198
+ with open(log_path, "w") as f:
127
199
  f.write(f"# macOS SSH Brute Force on {target}\n")
128
200
  f.write(f"# Command: {' '.join(cmd)}\n")
129
201
  f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
130
202
 
131
203
  try:
132
- with open(log_path, 'a') as f:
204
+ with open(log_path, "a") as f:
133
205
  result = subprocess.run(
134
- cmd,
135
- stdout=f,
136
- stderr=subprocess.STDOUT,
137
- timeout=cmd_spec['timeout']
206
+ cmd, stdout=f, stderr=subprocess.STDOUT, timeout=cmd_spec["timeout"]
138
207
  )
139
208
  return result.returncode
140
209
  except subprocess.TimeoutExpired:
141
210
  if log_path:
142
- with open(log_path, 'a') as f:
211
+ with open(log_path, "a") as f:
143
212
  f.write("\n\n# ERROR: Brute force timed out\n")
144
213
  return 124
145
214
  except Exception as e:
146
215
  if log_path:
147
- with open(log_path, 'a') as f:
216
+ with open(log_path, "a") as f:
148
217
  f.write(f"\n\n# ERROR: {e}\n")
149
218
  return 1
150
219
 
souleyez/plugins/mdns.py CHANGED
@@ -40,7 +40,11 @@ HELP = {
40
40
  ],
41
41
  "presets": [
42
42
  {"name": "Quick Discovery", "args": [], "desc": "Basic mDNS discovery"},
43
- {"name": "Service Query", "args": ["--services"], "desc": "Query specific services"},
43
+ {
44
+ "name": "Service Query",
45
+ "args": ["--services"],
46
+ "desc": "Query specific services",
47
+ },
44
48
  ],
45
49
  "help_sections": [
46
50
  {
@@ -53,9 +57,9 @@ HELP = {
53
57
  {"title": "_smb._tcp", "desc": "SMB file sharing"},
54
58
  {"title": "_ssh._tcp", "desc": "SSH remote access"},
55
59
  {"title": "_printer._tcp", "desc": "Network printers"},
56
- ]
60
+ ],
57
61
  }
58
- ]
62
+ ],
59
63
  }
60
64
 
61
65
 
@@ -65,7 +69,9 @@ class MDNSPlugin(PluginBase):
65
69
  category = "scanning"
66
70
  HELP = HELP
67
71
 
68
- def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
72
+ def build_command(
73
+ self, target: str, args: List[str] = None, label: str = "", log_path: str = None
74
+ ):
69
75
  """Build nmap command for mDNS discovery."""
70
76
  args = args or []
71
77
 
@@ -73,63 +79,62 @@ class MDNSPlugin(PluginBase):
73
79
  target = validate_target(target)
74
80
  except ValidationError as e:
75
81
  if log_path:
76
- with open(log_path, 'w') as f:
82
+ with open(log_path, "w") as f:
77
83
  f.write(f"ERROR: Invalid target: {e}\n")
78
84
  return None
79
85
 
80
86
  # Use broadcast-dns-service-discovery for mDNS
81
- if '--services' in args:
82
- scripts = 'dns-service-discovery,broadcast-dns-service-discovery'
87
+ if "--services" in args:
88
+ scripts = "dns-service-discovery,broadcast-dns-service-discovery"
83
89
  else:
84
- scripts = 'dns-service-discovery'
90
+ scripts = "dns-service-discovery"
85
91
 
86
92
  cmd = [
87
- 'nmap',
88
- '-sU',
89
- '-p', '5353',
90
- '--script', scripts,
91
- '-oN', '-',
92
- '--open',
93
- '-T4',
94
- target
93
+ "nmap",
94
+ "-sU",
95
+ "-p",
96
+ "5353",
97
+ "--script",
98
+ scripts,
99
+ "-oN",
100
+ "-",
101
+ "--open",
102
+ "-T4",
103
+ target,
95
104
  ]
96
105
 
97
- return {
98
- 'cmd': cmd,
99
- 'timeout': 300
100
- }
106
+ return {"cmd": cmd, "timeout": 300}
101
107
 
102
- def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
108
+ def run(
109
+ self, target: str, args: List[str] = None, label: str = "", log_path: str = None
110
+ ) -> int:
103
111
  """Execute mDNS discovery."""
104
112
  cmd_spec = self.build_command(target, args, label, log_path)
105
113
  if cmd_spec is None:
106
114
  return 1
107
115
 
108
- cmd = cmd_spec['cmd']
116
+ cmd = cmd_spec["cmd"]
109
117
 
110
118
  if log_path:
111
- with open(log_path, 'w') as f:
119
+ with open(log_path, "w") as f:
112
120
  f.write(f"# mDNS/Bonjour Discovery on {target}\n")
113
121
  f.write(f"# Command: {' '.join(cmd)}\n")
114
122
  f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
115
123
 
116
124
  try:
117
- with open(log_path, 'a') as f:
125
+ with open(log_path, "a") as f:
118
126
  result = subprocess.run(
119
- cmd,
120
- stdout=f,
121
- stderr=subprocess.STDOUT,
122
- timeout=cmd_spec['timeout']
127
+ cmd, stdout=f, stderr=subprocess.STDOUT, timeout=cmd_spec["timeout"]
123
128
  )
124
129
  return result.returncode
125
130
  except subprocess.TimeoutExpired:
126
131
  if log_path:
127
- with open(log_path, 'a') as f:
132
+ with open(log_path, "a") as f:
128
133
  f.write("\n\n# ERROR: Scan timed out\n")
129
134
  return 124
130
135
  except Exception as e:
131
136
  if log_path:
132
- with open(log_path, 'a') as f:
137
+ with open(log_path, "a") as f:
133
138
  f.write(f"\n\n# ERROR: {e}\n")
134
139
  return 1
135
140