souleyez 2.43.28__py3-none-any.whl → 2.43.32__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -2
- souleyez/ai/__init__.py +21 -15
- souleyez/ai/action_mapper.py +249 -150
- souleyez/ai/chain_advisor.py +116 -100
- souleyez/ai/claude_provider.py +29 -28
- souleyez/ai/context_builder.py +80 -62
- souleyez/ai/executor.py +158 -117
- souleyez/ai/feedback_handler.py +136 -121
- souleyez/ai/llm_factory.py +27 -20
- souleyez/ai/llm_provider.py +4 -2
- souleyez/ai/ollama_provider.py +6 -9
- souleyez/ai/ollama_service.py +44 -37
- souleyez/ai/path_scorer.py +91 -76
- souleyez/ai/recommender.py +176 -144
- souleyez/ai/report_context.py +74 -73
- souleyez/ai/report_service.py +84 -66
- souleyez/ai/result_parser.py +222 -229
- souleyez/ai/safety.py +67 -44
- souleyez/auth/__init__.py +23 -22
- souleyez/auth/audit.py +36 -26
- souleyez/auth/engagement_access.py +65 -48
- souleyez/auth/permissions.py +14 -3
- souleyez/auth/session_manager.py +54 -37
- souleyez/auth/user_manager.py +109 -64
- souleyez/commands/audit.py +40 -43
- souleyez/commands/auth.py +35 -15
- souleyez/commands/deliverables.py +55 -50
- souleyez/commands/engagement.py +47 -28
- souleyez/commands/license.py +32 -23
- souleyez/commands/screenshots.py +36 -32
- souleyez/commands/user.py +82 -36
- souleyez/config.py +52 -44
- souleyez/core/credential_tester.py +87 -81
- souleyez/core/cve_mappings.py +179 -192
- souleyez/core/cve_matcher.py +162 -148
- souleyez/core/msf_auto_mapper.py +100 -83
- souleyez/core/msf_chain_engine.py +294 -256
- souleyez/core/msf_database.py +153 -70
- souleyez/core/msf_integration.py +679 -673
- souleyez/core/msf_rpc_client.py +40 -42
- souleyez/core/msf_rpc_manager.py +77 -79
- souleyez/core/msf_sync_manager.py +241 -181
- souleyez/core/network_utils.py +22 -15
- souleyez/core/parser_handler.py +34 -25
- souleyez/core/pending_chains.py +114 -63
- souleyez/core/templates.py +158 -107
- souleyez/core/tool_chaining.py +9592 -2879
- souleyez/core/version_utils.py +79 -94
- souleyez/core/vuln_correlation.py +136 -89
- souleyez/core/web_utils.py +33 -32
- souleyez/data/wordlists/ad_users.txt +378 -0
- souleyez/data/wordlists/api_endpoints_large.txt +769 -0
- souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
- souleyez/data/wordlists/lfi_payloads.txt +82 -0
- souleyez/data/wordlists/passwords_brute.txt +1548 -0
- souleyez/data/wordlists/passwords_crack.txt +2479 -0
- souleyez/data/wordlists/passwords_spray.txt +386 -0
- souleyez/data/wordlists/subdomains_large.txt +5057 -0
- souleyez/data/wordlists/usernames_common.txt +694 -0
- souleyez/data/wordlists/web_dirs_large.txt +4769 -0
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +12 -17
- souleyez/detection/mitre_mappings.py +61 -55
- souleyez/detection/validator.py +97 -86
- souleyez/devtools.py +23 -10
- souleyez/docs/README.md +4 -4
- souleyez/docs/api-reference/cli-commands.md +2 -2
- souleyez/docs/developer-guide/adding-new-tools.md +562 -0
- souleyez/docs/user-guide/auto-chaining.md +30 -8
- souleyez/docs/user-guide/getting-started.md +1 -1
- souleyez/docs/user-guide/installation.md +26 -3
- souleyez/docs/user-guide/metasploit-integration.md +2 -2
- souleyez/docs/user-guide/rbac.md +1 -1
- souleyez/docs/user-guide/scope-management.md +1 -1
- souleyez/docs/user-guide/siem-integration.md +1 -1
- souleyez/docs/user-guide/tools-reference.md +1 -8
- souleyez/docs/user-guide/worker-management.md +1 -1
- souleyez/engine/background.py +1238 -535
- souleyez/engine/base.py +4 -1
- souleyez/engine/job_status.py +17 -49
- souleyez/engine/log_sanitizer.py +103 -77
- souleyez/engine/manager.py +38 -7
- souleyez/engine/result_handler.py +2198 -1550
- souleyez/engine/worker_manager.py +50 -41
- souleyez/export/evidence_bundle.py +72 -62
- souleyez/feature_flags/features.py +16 -20
- souleyez/feature_flags.py +5 -9
- souleyez/handlers/__init__.py +11 -0
- souleyez/handlers/base.py +188 -0
- souleyez/handlers/bash_handler.py +277 -0
- souleyez/handlers/bloodhound_handler.py +243 -0
- souleyez/handlers/certipy_handler.py +311 -0
- souleyez/handlers/crackmapexec_handler.py +486 -0
- souleyez/handlers/dnsrecon_handler.py +344 -0
- souleyez/handlers/enum4linux_handler.py +400 -0
- souleyez/handlers/evil_winrm_handler.py +493 -0
- souleyez/handlers/ffuf_handler.py +815 -0
- souleyez/handlers/gobuster_handler.py +1114 -0
- souleyez/handlers/gpp_extract_handler.py +334 -0
- souleyez/handlers/hashcat_handler.py +444 -0
- souleyez/handlers/hydra_handler.py +563 -0
- souleyez/handlers/impacket_getuserspns_handler.py +343 -0
- souleyez/handlers/impacket_psexec_handler.py +222 -0
- souleyez/handlers/impacket_secretsdump_handler.py +426 -0
- souleyez/handlers/john_handler.py +286 -0
- souleyez/handlers/katana_handler.py +425 -0
- souleyez/handlers/kerbrute_handler.py +298 -0
- souleyez/handlers/ldapsearch_handler.py +636 -0
- souleyez/handlers/lfi_extract_handler.py +464 -0
- souleyez/handlers/msf_auxiliary_handler.py +408 -0
- souleyez/handlers/msf_exploit_handler.py +380 -0
- souleyez/handlers/nikto_handler.py +413 -0
- souleyez/handlers/nmap_handler.py +821 -0
- souleyez/handlers/nuclei_handler.py +359 -0
- souleyez/handlers/nxc_handler.py +371 -0
- souleyez/handlers/rdp_sec_check_handler.py +353 -0
- souleyez/handlers/registry.py +288 -0
- souleyez/handlers/responder_handler.py +232 -0
- souleyez/handlers/service_explorer_handler.py +434 -0
- souleyez/handlers/smbclient_handler.py +344 -0
- souleyez/handlers/smbmap_handler.py +510 -0
- souleyez/handlers/smbpasswd_handler.py +296 -0
- souleyez/handlers/sqlmap_handler.py +1116 -0
- souleyez/handlers/theharvester_handler.py +601 -0
- souleyez/handlers/whois_handler.py +277 -0
- souleyez/handlers/wpscan_handler.py +554 -0
- souleyez/history.py +32 -16
- souleyez/importers/msf_importer.py +106 -75
- souleyez/importers/smart_importer.py +208 -147
- souleyez/integrations/siem/__init__.py +10 -10
- souleyez/integrations/siem/base.py +17 -18
- souleyez/integrations/siem/elastic.py +108 -122
- souleyez/integrations/siem/factory.py +207 -80
- souleyez/integrations/siem/googlesecops.py +146 -154
- souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
- souleyez/integrations/siem/sentinel.py +107 -109
- souleyez/integrations/siem/splunk.py +246 -212
- souleyez/integrations/siem/wazuh.py +65 -71
- souleyez/integrations/wazuh/__init__.py +5 -5
- souleyez/integrations/wazuh/client.py +70 -93
- souleyez/integrations/wazuh/config.py +85 -57
- souleyez/integrations/wazuh/host_mapper.py +28 -36
- souleyez/integrations/wazuh/sync.py +78 -68
- souleyez/intelligence/__init__.py +4 -5
- souleyez/intelligence/correlation_analyzer.py +309 -295
- souleyez/intelligence/exploit_knowledge.py +661 -623
- souleyez/intelligence/exploit_suggestions.py +159 -139
- souleyez/intelligence/gap_analyzer.py +132 -97
- souleyez/intelligence/gap_detector.py +251 -214
- souleyez/intelligence/sensitive_tables.py +266 -129
- souleyez/intelligence/service_parser.py +137 -123
- souleyez/intelligence/surface_analyzer.py +407 -268
- souleyez/intelligence/target_parser.py +159 -162
- souleyez/licensing/__init__.py +6 -6
- souleyez/licensing/validator.py +17 -19
- souleyez/log_config.py +79 -54
- souleyez/main.py +1505 -687
- souleyez/migrations/fix_job_counter.py +16 -14
- souleyez/parsers/bloodhound_parser.py +41 -39
- souleyez/parsers/crackmapexec_parser.py +178 -111
- souleyez/parsers/dalfox_parser.py +72 -77
- souleyez/parsers/dnsrecon_parser.py +103 -91
- souleyez/parsers/enum4linux_parser.py +183 -153
- souleyez/parsers/ffuf_parser.py +29 -25
- souleyez/parsers/gobuster_parser.py +301 -41
- souleyez/parsers/hashcat_parser.py +324 -79
- souleyez/parsers/http_fingerprint_parser.py +350 -103
- souleyez/parsers/hydra_parser.py +131 -111
- souleyez/parsers/impacket_parser.py +231 -178
- souleyez/parsers/john_parser.py +98 -86
- souleyez/parsers/katana_parser.py +316 -0
- souleyez/parsers/msf_parser.py +943 -498
- souleyez/parsers/nikto_parser.py +346 -65
- souleyez/parsers/nmap_parser.py +262 -174
- souleyez/parsers/nuclei_parser.py +40 -44
- souleyez/parsers/responder_parser.py +26 -26
- souleyez/parsers/searchsploit_parser.py +74 -74
- souleyez/parsers/service_explorer_parser.py +279 -0
- souleyez/parsers/smbmap_parser.py +180 -124
- souleyez/parsers/sqlmap_parser.py +434 -308
- souleyez/parsers/theharvester_parser.py +75 -57
- souleyez/parsers/whois_parser.py +135 -94
- souleyez/parsers/wpscan_parser.py +278 -190
- souleyez/plugins/afp.py +44 -36
- souleyez/plugins/afp_brute.py +114 -46
- souleyez/plugins/ard.py +48 -37
- souleyez/plugins/bloodhound.py +95 -61
- souleyez/plugins/certipy.py +303 -0
- souleyez/plugins/crackmapexec.py +186 -85
- souleyez/plugins/dalfox.py +120 -59
- souleyez/plugins/dns_hijack.py +146 -41
- souleyez/plugins/dnsrecon.py +97 -61
- souleyez/plugins/enum4linux.py +91 -66
- souleyez/plugins/evil_winrm.py +291 -0
- souleyez/plugins/ffuf.py +166 -90
- souleyez/plugins/firmware_extract.py +133 -29
- souleyez/plugins/gobuster.py +387 -190
- souleyez/plugins/gpp_extract.py +393 -0
- souleyez/plugins/hashcat.py +100 -73
- souleyez/plugins/http_fingerprint.py +854 -267
- souleyez/plugins/hydra.py +566 -200
- souleyez/plugins/impacket_getnpusers.py +117 -69
- souleyez/plugins/impacket_psexec.py +84 -64
- souleyez/plugins/impacket_secretsdump.py +103 -69
- souleyez/plugins/impacket_smbclient.py +89 -75
- souleyez/plugins/john.py +86 -69
- souleyez/plugins/katana.py +313 -0
- souleyez/plugins/kerbrute.py +237 -0
- souleyez/plugins/lfi_extract.py +541 -0
- souleyez/plugins/macos_ssh.py +117 -48
- souleyez/plugins/mdns.py +35 -30
- souleyez/plugins/msf_auxiliary.py +253 -130
- souleyez/plugins/msf_exploit.py +239 -161
- souleyez/plugins/nikto.py +134 -78
- souleyez/plugins/nmap.py +275 -91
- souleyez/plugins/nuclei.py +180 -89
- souleyez/plugins/nxc.py +285 -0
- souleyez/plugins/plugin_base.py +35 -36
- souleyez/plugins/plugin_template.py +13 -5
- souleyez/plugins/rdp_sec_check.py +130 -0
- souleyez/plugins/responder.py +112 -71
- souleyez/plugins/router_http_brute.py +76 -65
- souleyez/plugins/router_ssh_brute.py +118 -41
- souleyez/plugins/router_telnet_brute.py +124 -42
- souleyez/plugins/routersploit.py +91 -59
- souleyez/plugins/routersploit_exploit.py +77 -55
- souleyez/plugins/searchsploit.py +91 -77
- souleyez/plugins/service_explorer.py +1160 -0
- souleyez/plugins/smbmap.py +122 -72
- souleyez/plugins/smbpasswd.py +215 -0
- souleyez/plugins/sqlmap.py +301 -113
- souleyez/plugins/theharvester.py +127 -75
- souleyez/plugins/tr069.py +79 -57
- souleyez/plugins/upnp.py +65 -47
- souleyez/plugins/upnp_abuse.py +73 -55
- souleyez/plugins/vnc_access.py +129 -42
- souleyez/plugins/vnc_brute.py +109 -38
- souleyez/plugins/whois.py +77 -58
- souleyez/plugins/wpscan.py +173 -69
- souleyez/reporting/__init__.py +2 -1
- souleyez/reporting/attack_chain.py +411 -346
- souleyez/reporting/charts.py +436 -501
- souleyez/reporting/compliance_mappings.py +334 -201
- souleyez/reporting/detection_report.py +126 -125
- souleyez/reporting/formatters.py +828 -591
- souleyez/reporting/generator.py +386 -302
- souleyez/reporting/metrics.py +72 -75
- souleyez/scanner.py +35 -29
- souleyez/security/__init__.py +37 -11
- souleyez/security/scope_validator.py +175 -106
- souleyez/security/validation.py +223 -149
- souleyez/security.py +22 -6
- souleyez/storage/credentials.py +247 -186
- souleyez/storage/crypto.py +296 -129
- souleyez/storage/database.py +73 -50
- souleyez/storage/db.py +58 -36
- souleyez/storage/deliverable_evidence.py +177 -128
- souleyez/storage/deliverable_exporter.py +282 -246
- souleyez/storage/deliverable_templates.py +134 -116
- souleyez/storage/deliverables.py +135 -130
- souleyez/storage/engagements.py +109 -56
- souleyez/storage/evidence.py +181 -152
- souleyez/storage/execution_log.py +31 -17
- souleyez/storage/exploit_attempts.py +93 -57
- souleyez/storage/exploits.py +67 -36
- souleyez/storage/findings.py +48 -61
- souleyez/storage/hosts.py +176 -144
- souleyez/storage/migrate_to_engagements.py +43 -19
- souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
- souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
- souleyez/storage/migrations/_003_add_execution_log.py +14 -8
- souleyez/storage/migrations/_005_screenshots.py +13 -5
- souleyez/storage/migrations/_006_deliverables.py +13 -5
- souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
- souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
- souleyez/storage/migrations/_010_evidence_linking.py +17 -10
- souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
- souleyez/storage/migrations/_012_team_collaboration.py +34 -21
- souleyez/storage/migrations/_013_add_host_tags.py +12 -6
- souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
- souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
- souleyez/storage/migrations/_016_add_domain_field.py +10 -4
- souleyez/storage/migrations/_017_msf_sessions.py +16 -8
- souleyez/storage/migrations/_018_add_osint_target.py +10 -6
- souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
- souleyez/storage/migrations/_020_add_rbac.py +36 -15
- souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
- souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
- souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
- souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
- souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
- souleyez/storage/migrations/__init__.py +26 -26
- souleyez/storage/migrations/migration_manager.py +19 -19
- souleyez/storage/msf_sessions.py +100 -65
- souleyez/storage/osint.py +17 -24
- souleyez/storage/recommendation_engine.py +269 -235
- souleyez/storage/screenshots.py +33 -32
- souleyez/storage/smb_shares.py +136 -92
- souleyez/storage/sqlmap_data.py +183 -128
- souleyez/storage/team_collaboration.py +135 -141
- souleyez/storage/timeline_tracker.py +122 -94
- souleyez/storage/wazuh_vulns.py +64 -66
- souleyez/storage/web_paths.py +33 -37
- souleyez/testing/credential_tester.py +221 -205
- souleyez/ui/__init__.py +1 -1
- souleyez/ui/ai_quotes.py +12 -12
- souleyez/ui/attack_surface.py +2439 -1516
- souleyez/ui/chain_rules_view.py +914 -382
- souleyez/ui/correlation_view.py +312 -230
- souleyez/ui/dashboard.py +2382 -1130
- souleyez/ui/deliverables_view.py +148 -62
- souleyez/ui/design_system.py +13 -13
- souleyez/ui/errors.py +49 -49
- souleyez/ui/evidence_linking_view.py +284 -179
- souleyez/ui/evidence_vault.py +393 -285
- souleyez/ui/exploit_suggestions_view.py +555 -349
- souleyez/ui/export_view.py +100 -66
- souleyez/ui/gap_analysis_view.py +315 -171
- souleyez/ui/help_system.py +105 -97
- souleyez/ui/intelligence_view.py +436 -293
- souleyez/ui/interactive.py +23142 -10430
- souleyez/ui/interactive_selector.py +75 -68
- souleyez/ui/log_formatter.py +47 -39
- souleyez/ui/menu_components.py +22 -13
- souleyez/ui/msf_auxiliary_menu.py +184 -133
- souleyez/ui/pending_chains_view.py +336 -172
- souleyez/ui/progress_indicators.py +5 -3
- souleyez/ui/recommendations_view.py +195 -137
- souleyez/ui/rule_builder.py +343 -225
- souleyez/ui/setup_wizard.py +678 -284
- souleyez/ui/shortcuts.py +217 -165
- souleyez/ui/splunk_gap_analysis_view.py +452 -270
- souleyez/ui/splunk_vulns_view.py +139 -86
- souleyez/ui/team_dashboard.py +498 -335
- souleyez/ui/template_selector.py +196 -105
- souleyez/ui/terminal.py +6 -6
- souleyez/ui/timeline_view.py +198 -127
- souleyez/ui/tool_setup.py +264 -164
- souleyez/ui/tutorial.py +202 -72
- souleyez/ui/tutorial_state.py +40 -40
- souleyez/ui/wazuh_vulns_view.py +235 -141
- souleyez/ui/wordlist_browser.py +260 -107
- souleyez/ui.py +464 -312
- souleyez/utils/tool_checker.py +427 -367
- souleyez/utils.py +33 -29
- souleyez/wordlists.py +134 -167
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/METADATA +1 -1
- souleyez-2.43.32.dist-info/RECORD +441 -0
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/WHEEL +1 -1
- souleyez-2.43.28.dist-info/RECORD +0 -379
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/top_level.txt +0 -0
souleyez/plugins/nikto.py
CHANGED
|
@@ -26,11 +26,11 @@ HELP = {
|
|
|
26
26
|
"Nikto is noisy by design - it sends many requests to thoroughly test the server. "
|
|
27
27
|
"Use with caution on production systems.\n"
|
|
28
28
|
),
|
|
29
|
-
"usage":
|
|
29
|
+
"usage": 'souleyez jobs enqueue nikto <target> --args "-h <host> -p <port>"',
|
|
30
30
|
"examples": [
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
31
|
+
'souleyez jobs enqueue nikto http://example.com --args "-h example.com"',
|
|
32
|
+
'souleyez jobs enqueue nikto https://example.com --args "-h example.com -ssl"',
|
|
33
|
+
'souleyez jobs enqueue nikto http://example.com:8080 --args "-h example.com -p 8080"',
|
|
34
34
|
],
|
|
35
35
|
"flags": [
|
|
36
36
|
["-h <host>", "Target host (required)"],
|
|
@@ -47,76 +47,123 @@ HELP = {
|
|
|
47
47
|
{
|
|
48
48
|
"name": "Quick Scan",
|
|
49
49
|
"args": ["-h", "<target>", "-nointeractive", "-timeout", "10"],
|
|
50
|
-
"desc": "Fast scan with default checks"
|
|
50
|
+
"desc": "Fast scan with default checks",
|
|
51
51
|
},
|
|
52
52
|
{
|
|
53
53
|
"name": "Quick Scan (SSL)",
|
|
54
54
|
"args": ["-h", "<target>", "-ssl", "-nointeractive", "-timeout", "10"],
|
|
55
|
-
"desc": "Fast scan for HTTPS sites"
|
|
56
|
-
}
|
|
55
|
+
"desc": "Fast scan for HTTPS sites",
|
|
56
|
+
},
|
|
57
57
|
],
|
|
58
58
|
"comprehensive": [
|
|
59
59
|
{
|
|
60
60
|
"name": "Full Scan",
|
|
61
61
|
"args": ["-h", "<target>", "-nointeractive", "-Tuning", "123456789abc"],
|
|
62
|
-
"desc": "All scan types enabled"
|
|
62
|
+
"desc": "All scan types enabled",
|
|
63
63
|
},
|
|
64
64
|
{
|
|
65
65
|
"name": "CGI Focus",
|
|
66
66
|
"args": ["-h", "<target>", "-nointeractive", "-Tuning", "5"],
|
|
67
|
-
"desc": "Focus on CGI/script vulnerabilities"
|
|
68
|
-
}
|
|
67
|
+
"desc": "Focus on CGI/script vulnerabilities",
|
|
68
|
+
},
|
|
69
69
|
],
|
|
70
70
|
"stealth": [
|
|
71
71
|
{
|
|
72
72
|
"name": "Slow & Quiet",
|
|
73
|
-
"args": [
|
|
74
|
-
|
|
73
|
+
"args": [
|
|
74
|
+
"-h",
|
|
75
|
+
"<target>",
|
|
76
|
+
"-nointeractive",
|
|
77
|
+
"-Pause",
|
|
78
|
+
"3",
|
|
79
|
+
"-timeout",
|
|
80
|
+
"15",
|
|
81
|
+
],
|
|
82
|
+
"desc": "Slower scan to avoid detection",
|
|
75
83
|
}
|
|
76
|
-
]
|
|
84
|
+
],
|
|
77
85
|
},
|
|
78
86
|
"presets": [
|
|
79
|
-
{
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
87
|
+
{
|
|
88
|
+
"name": "Quick Scan",
|
|
89
|
+
"args": ["-h", "<target>", "-nointeractive", "-timeout", "10"],
|
|
90
|
+
"desc": "Fast scan with default checks",
|
|
91
|
+
},
|
|
92
|
+
{
|
|
93
|
+
"name": "Quick Scan (SSL)",
|
|
94
|
+
"args": ["-h", "<target>", "-ssl", "-nointeractive", "-timeout", "10"],
|
|
95
|
+
"desc": "Fast scan for HTTPS sites",
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
"name": "Full Scan",
|
|
99
|
+
"args": ["-h", "<target>", "-nointeractive", "-Tuning", "123456789abc"],
|
|
100
|
+
"desc": "All scan types enabled",
|
|
101
|
+
},
|
|
102
|
+
{
|
|
103
|
+
"name": "CGI Focus",
|
|
104
|
+
"args": ["-h", "<target>", "-nointeractive", "-Tuning", "5"],
|
|
105
|
+
"desc": "Focus on CGI/script vulnerabilities",
|
|
106
|
+
},
|
|
107
|
+
{
|
|
108
|
+
"name": "Slow & Quiet",
|
|
109
|
+
"args": [
|
|
110
|
+
"-h",
|
|
111
|
+
"<target>",
|
|
112
|
+
"-nointeractive",
|
|
113
|
+
"-Pause",
|
|
114
|
+
"3",
|
|
115
|
+
"-timeout",
|
|
116
|
+
"15",
|
|
117
|
+
],
|
|
118
|
+
"desc": "Slower scan to avoid detection",
|
|
119
|
+
},
|
|
84
120
|
],
|
|
85
121
|
"help_sections": [
|
|
86
122
|
{
|
|
87
123
|
"title": "What is Nikto?",
|
|
88
124
|
"color": "cyan",
|
|
89
125
|
"content": [
|
|
90
|
-
{
|
|
91
|
-
|
|
92
|
-
"
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
"
|
|
96
|
-
|
|
97
|
-
|
|
126
|
+
{
|
|
127
|
+
"title": "Overview",
|
|
128
|
+
"desc": "Nikto is a web server scanner that performs comprehensive tests against web servers for multiple items including dangerous files, outdated versions, and configuration problems.",
|
|
129
|
+
},
|
|
130
|
+
{
|
|
131
|
+
"title": "Use Cases",
|
|
132
|
+
"desc": "Best for initial web server assessment",
|
|
133
|
+
"tips": [
|
|
134
|
+
"Find outdated server software",
|
|
135
|
+
"Detect dangerous default files",
|
|
136
|
+
"Identify server misconfigurations",
|
|
137
|
+
"Check for known vulnerable CGI scripts",
|
|
138
|
+
],
|
|
139
|
+
},
|
|
140
|
+
],
|
|
98
141
|
},
|
|
99
142
|
{
|
|
100
143
|
"title": "Tuning Options",
|
|
101
144
|
"color": "green",
|
|
102
145
|
"content": [
|
|
103
|
-
{
|
|
104
|
-
"
|
|
105
|
-
"
|
|
106
|
-
"
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
146
|
+
{
|
|
147
|
+
"title": "Tuning Codes",
|
|
148
|
+
"desc": "Use -Tuning to focus scans:",
|
|
149
|
+
"tips": [
|
|
150
|
+
"1 - Interesting File / Seen in logs",
|
|
151
|
+
"2 - Misconfiguration / Default File",
|
|
152
|
+
"3 - Information Disclosure",
|
|
153
|
+
"4 - Injection (XSS/Script/HTML)",
|
|
154
|
+
"5 - Remote File Retrieval - Inside Web Root",
|
|
155
|
+
"6 - Denial of Service",
|
|
156
|
+
"7 - Remote File Retrieval - Server Wide",
|
|
157
|
+
"8 - Command Execution / Remote Shell",
|
|
158
|
+
"9 - SQL Injection",
|
|
159
|
+
"a - Authentication Bypass",
|
|
160
|
+
"b - Software Identification",
|
|
161
|
+
"c - Remote Source Inclusion",
|
|
162
|
+
],
|
|
163
|
+
}
|
|
164
|
+
],
|
|
165
|
+
},
|
|
166
|
+
],
|
|
120
167
|
}
|
|
121
168
|
|
|
122
169
|
|
|
@@ -126,74 +173,79 @@ class NiktoPlugin(PluginBase):
|
|
|
126
173
|
category = "vulnerability_analysis"
|
|
127
174
|
HELP = HELP
|
|
128
175
|
|
|
129
|
-
def build_command(
|
|
176
|
+
def build_command(
|
|
177
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
178
|
+
):
|
|
130
179
|
"""Build nikto command for background execution."""
|
|
131
180
|
args = args or []
|
|
132
181
|
|
|
133
182
|
# Extract host from target URL if not in args
|
|
134
|
-
if
|
|
183
|
+
if "-h" not in args:
|
|
135
184
|
# Parse target to get host
|
|
136
|
-
if target.startswith((
|
|
185
|
+
if target.startswith(("http://", "https://")):
|
|
137
186
|
from urllib.parse import urlparse
|
|
187
|
+
|
|
138
188
|
parsed = urlparse(target)
|
|
139
189
|
host = parsed.netloc
|
|
140
|
-
if
|
|
141
|
-
host, port = host.rsplit(
|
|
142
|
-
if
|
|
143
|
-
args.extend([
|
|
144
|
-
args.extend([
|
|
190
|
+
if ":" in host:
|
|
191
|
+
host, port = host.rsplit(":", 1)
|
|
192
|
+
if "-p" not in args:
|
|
193
|
+
args.extend(["-p", port])
|
|
194
|
+
args.extend(["-h", host])
|
|
145
195
|
|
|
146
196
|
# Add -ssl if https
|
|
147
|
-
if parsed.scheme ==
|
|
148
|
-
args.append(
|
|
197
|
+
if parsed.scheme == "https" and "-ssl" not in args:
|
|
198
|
+
args.append("-ssl")
|
|
149
199
|
else:
|
|
150
|
-
args.extend([
|
|
200
|
+
args.extend(["-h", target])
|
|
151
201
|
|
|
152
202
|
# Replace <target> placeholder in args
|
|
153
203
|
processed_args = [arg.replace("<target>", target) for arg in args]
|
|
154
204
|
|
|
155
205
|
# Ensure nointeractive mode for background execution
|
|
156
|
-
if
|
|
157
|
-
processed_args.append(
|
|
206
|
+
if "-nointeractive" not in processed_args:
|
|
207
|
+
processed_args.append("-nointeractive")
|
|
158
208
|
|
|
159
209
|
cmd = ["nikto"] + processed_args
|
|
160
210
|
|
|
161
|
-
return {
|
|
162
|
-
'cmd': cmd,
|
|
163
|
-
'timeout': 3600 # 1 hour (nikto can be slow)
|
|
164
|
-
}
|
|
211
|
+
return {"cmd": cmd, "timeout": 3600} # 1 hour (nikto can be slow)
|
|
165
212
|
|
|
166
|
-
def run(
|
|
213
|
+
def run(
|
|
214
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
215
|
+
) -> int:
|
|
167
216
|
"""Execute nikto scan and write output to log_path."""
|
|
168
217
|
args = args or []
|
|
169
218
|
|
|
170
219
|
# Extract host from target URL if not in args
|
|
171
|
-
if
|
|
172
|
-
if target.startswith((
|
|
220
|
+
if "-h" not in args:
|
|
221
|
+
if target.startswith(("http://", "https://")):
|
|
173
222
|
from urllib.parse import urlparse
|
|
223
|
+
|
|
174
224
|
parsed = urlparse(target)
|
|
175
225
|
host = parsed.netloc
|
|
176
|
-
if
|
|
177
|
-
host, port = host.rsplit(
|
|
178
|
-
if
|
|
179
|
-
args.extend([
|
|
180
|
-
args.extend([
|
|
181
|
-
|
|
182
|
-
if parsed.scheme ==
|
|
183
|
-
args.append(
|
|
226
|
+
if ":" in host:
|
|
227
|
+
host, port = host.rsplit(":", 1)
|
|
228
|
+
if "-p" not in args:
|
|
229
|
+
args.extend(["-p", port])
|
|
230
|
+
args.extend(["-h", host])
|
|
231
|
+
|
|
232
|
+
if parsed.scheme == "https" and "-ssl" not in args:
|
|
233
|
+
args.append("-ssl")
|
|
184
234
|
else:
|
|
185
|
-
args.extend([
|
|
235
|
+
args.extend(["-h", target])
|
|
186
236
|
|
|
187
237
|
processed_args = [arg.replace("<target>", target) for arg in args]
|
|
188
238
|
|
|
189
|
-
if
|
|
190
|
-
processed_args.append(
|
|
239
|
+
if "-nointeractive" not in processed_args:
|
|
240
|
+
processed_args.append("-nointeractive")
|
|
191
241
|
|
|
192
242
|
cmd = ["nikto"] + processed_args
|
|
193
243
|
|
|
194
244
|
if not log_path:
|
|
195
245
|
try:
|
|
196
|
-
proc = subprocess.run(
|
|
246
|
+
proc = subprocess.run(
|
|
247
|
+
cmd, capture_output=True, timeout=3600, check=False
|
|
248
|
+
)
|
|
197
249
|
return proc.returncode
|
|
198
250
|
except Exception:
|
|
199
251
|
return 1
|
|
@@ -205,7 +257,9 @@ class NiktoPlugin(PluginBase):
|
|
|
205
257
|
fh.write(f"Args: {processed_args}\n")
|
|
206
258
|
if label:
|
|
207
259
|
fh.write(f"Label: {label}\n")
|
|
208
|
-
fh.write(
|
|
260
|
+
fh.write(
|
|
261
|
+
f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
|
|
262
|
+
)
|
|
209
263
|
fh.write(f"Command: {' '.join(cmd)}\n")
|
|
210
264
|
fh.write("=" * 60 + "\n\n")
|
|
211
265
|
fh.flush()
|
|
@@ -216,11 +270,13 @@ class NiktoPlugin(PluginBase):
|
|
|
216
270
|
stderr=subprocess.STDOUT,
|
|
217
271
|
timeout=3600,
|
|
218
272
|
check=False,
|
|
219
|
-
text=True
|
|
273
|
+
text=True,
|
|
220
274
|
)
|
|
221
275
|
|
|
222
276
|
fh.write(proc.stdout)
|
|
223
|
-
fh.write(
|
|
277
|
+
fh.write(
|
|
278
|
+
f"\n=== Completed: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())} ===\n"
|
|
279
|
+
)
|
|
224
280
|
fh.write(f"Exit Code: {proc.returncode}\n")
|
|
225
281
|
|
|
226
282
|
return proc.returncode
|