souleyez 2.43.28__py3-none-any.whl → 2.43.32__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -2
- souleyez/ai/__init__.py +21 -15
- souleyez/ai/action_mapper.py +249 -150
- souleyez/ai/chain_advisor.py +116 -100
- souleyez/ai/claude_provider.py +29 -28
- souleyez/ai/context_builder.py +80 -62
- souleyez/ai/executor.py +158 -117
- souleyez/ai/feedback_handler.py +136 -121
- souleyez/ai/llm_factory.py +27 -20
- souleyez/ai/llm_provider.py +4 -2
- souleyez/ai/ollama_provider.py +6 -9
- souleyez/ai/ollama_service.py +44 -37
- souleyez/ai/path_scorer.py +91 -76
- souleyez/ai/recommender.py +176 -144
- souleyez/ai/report_context.py +74 -73
- souleyez/ai/report_service.py +84 -66
- souleyez/ai/result_parser.py +222 -229
- souleyez/ai/safety.py +67 -44
- souleyez/auth/__init__.py +23 -22
- souleyez/auth/audit.py +36 -26
- souleyez/auth/engagement_access.py +65 -48
- souleyez/auth/permissions.py +14 -3
- souleyez/auth/session_manager.py +54 -37
- souleyez/auth/user_manager.py +109 -64
- souleyez/commands/audit.py +40 -43
- souleyez/commands/auth.py +35 -15
- souleyez/commands/deliverables.py +55 -50
- souleyez/commands/engagement.py +47 -28
- souleyez/commands/license.py +32 -23
- souleyez/commands/screenshots.py +36 -32
- souleyez/commands/user.py +82 -36
- souleyez/config.py +52 -44
- souleyez/core/credential_tester.py +87 -81
- souleyez/core/cve_mappings.py +179 -192
- souleyez/core/cve_matcher.py +162 -148
- souleyez/core/msf_auto_mapper.py +100 -83
- souleyez/core/msf_chain_engine.py +294 -256
- souleyez/core/msf_database.py +153 -70
- souleyez/core/msf_integration.py +679 -673
- souleyez/core/msf_rpc_client.py +40 -42
- souleyez/core/msf_rpc_manager.py +77 -79
- souleyez/core/msf_sync_manager.py +241 -181
- souleyez/core/network_utils.py +22 -15
- souleyez/core/parser_handler.py +34 -25
- souleyez/core/pending_chains.py +114 -63
- souleyez/core/templates.py +158 -107
- souleyez/core/tool_chaining.py +9592 -2879
- souleyez/core/version_utils.py +79 -94
- souleyez/core/vuln_correlation.py +136 -89
- souleyez/core/web_utils.py +33 -32
- souleyez/data/wordlists/ad_users.txt +378 -0
- souleyez/data/wordlists/api_endpoints_large.txt +769 -0
- souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
- souleyez/data/wordlists/lfi_payloads.txt +82 -0
- souleyez/data/wordlists/passwords_brute.txt +1548 -0
- souleyez/data/wordlists/passwords_crack.txt +2479 -0
- souleyez/data/wordlists/passwords_spray.txt +386 -0
- souleyez/data/wordlists/subdomains_large.txt +5057 -0
- souleyez/data/wordlists/usernames_common.txt +694 -0
- souleyez/data/wordlists/web_dirs_large.txt +4769 -0
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +12 -17
- souleyez/detection/mitre_mappings.py +61 -55
- souleyez/detection/validator.py +97 -86
- souleyez/devtools.py +23 -10
- souleyez/docs/README.md +4 -4
- souleyez/docs/api-reference/cli-commands.md +2 -2
- souleyez/docs/developer-guide/adding-new-tools.md +562 -0
- souleyez/docs/user-guide/auto-chaining.md +30 -8
- souleyez/docs/user-guide/getting-started.md +1 -1
- souleyez/docs/user-guide/installation.md +26 -3
- souleyez/docs/user-guide/metasploit-integration.md +2 -2
- souleyez/docs/user-guide/rbac.md +1 -1
- souleyez/docs/user-guide/scope-management.md +1 -1
- souleyez/docs/user-guide/siem-integration.md +1 -1
- souleyez/docs/user-guide/tools-reference.md +1 -8
- souleyez/docs/user-guide/worker-management.md +1 -1
- souleyez/engine/background.py +1238 -535
- souleyez/engine/base.py +4 -1
- souleyez/engine/job_status.py +17 -49
- souleyez/engine/log_sanitizer.py +103 -77
- souleyez/engine/manager.py +38 -7
- souleyez/engine/result_handler.py +2198 -1550
- souleyez/engine/worker_manager.py +50 -41
- souleyez/export/evidence_bundle.py +72 -62
- souleyez/feature_flags/features.py +16 -20
- souleyez/feature_flags.py +5 -9
- souleyez/handlers/__init__.py +11 -0
- souleyez/handlers/base.py +188 -0
- souleyez/handlers/bash_handler.py +277 -0
- souleyez/handlers/bloodhound_handler.py +243 -0
- souleyez/handlers/certipy_handler.py +311 -0
- souleyez/handlers/crackmapexec_handler.py +486 -0
- souleyez/handlers/dnsrecon_handler.py +344 -0
- souleyez/handlers/enum4linux_handler.py +400 -0
- souleyez/handlers/evil_winrm_handler.py +493 -0
- souleyez/handlers/ffuf_handler.py +815 -0
- souleyez/handlers/gobuster_handler.py +1114 -0
- souleyez/handlers/gpp_extract_handler.py +334 -0
- souleyez/handlers/hashcat_handler.py +444 -0
- souleyez/handlers/hydra_handler.py +563 -0
- souleyez/handlers/impacket_getuserspns_handler.py +343 -0
- souleyez/handlers/impacket_psexec_handler.py +222 -0
- souleyez/handlers/impacket_secretsdump_handler.py +426 -0
- souleyez/handlers/john_handler.py +286 -0
- souleyez/handlers/katana_handler.py +425 -0
- souleyez/handlers/kerbrute_handler.py +298 -0
- souleyez/handlers/ldapsearch_handler.py +636 -0
- souleyez/handlers/lfi_extract_handler.py +464 -0
- souleyez/handlers/msf_auxiliary_handler.py +408 -0
- souleyez/handlers/msf_exploit_handler.py +380 -0
- souleyez/handlers/nikto_handler.py +413 -0
- souleyez/handlers/nmap_handler.py +821 -0
- souleyez/handlers/nuclei_handler.py +359 -0
- souleyez/handlers/nxc_handler.py +371 -0
- souleyez/handlers/rdp_sec_check_handler.py +353 -0
- souleyez/handlers/registry.py +288 -0
- souleyez/handlers/responder_handler.py +232 -0
- souleyez/handlers/service_explorer_handler.py +434 -0
- souleyez/handlers/smbclient_handler.py +344 -0
- souleyez/handlers/smbmap_handler.py +510 -0
- souleyez/handlers/smbpasswd_handler.py +296 -0
- souleyez/handlers/sqlmap_handler.py +1116 -0
- souleyez/handlers/theharvester_handler.py +601 -0
- souleyez/handlers/whois_handler.py +277 -0
- souleyez/handlers/wpscan_handler.py +554 -0
- souleyez/history.py +32 -16
- souleyez/importers/msf_importer.py +106 -75
- souleyez/importers/smart_importer.py +208 -147
- souleyez/integrations/siem/__init__.py +10 -10
- souleyez/integrations/siem/base.py +17 -18
- souleyez/integrations/siem/elastic.py +108 -122
- souleyez/integrations/siem/factory.py +207 -80
- souleyez/integrations/siem/googlesecops.py +146 -154
- souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
- souleyez/integrations/siem/sentinel.py +107 -109
- souleyez/integrations/siem/splunk.py +246 -212
- souleyez/integrations/siem/wazuh.py +65 -71
- souleyez/integrations/wazuh/__init__.py +5 -5
- souleyez/integrations/wazuh/client.py +70 -93
- souleyez/integrations/wazuh/config.py +85 -57
- souleyez/integrations/wazuh/host_mapper.py +28 -36
- souleyez/integrations/wazuh/sync.py +78 -68
- souleyez/intelligence/__init__.py +4 -5
- souleyez/intelligence/correlation_analyzer.py +309 -295
- souleyez/intelligence/exploit_knowledge.py +661 -623
- souleyez/intelligence/exploit_suggestions.py +159 -139
- souleyez/intelligence/gap_analyzer.py +132 -97
- souleyez/intelligence/gap_detector.py +251 -214
- souleyez/intelligence/sensitive_tables.py +266 -129
- souleyez/intelligence/service_parser.py +137 -123
- souleyez/intelligence/surface_analyzer.py +407 -268
- souleyez/intelligence/target_parser.py +159 -162
- souleyez/licensing/__init__.py +6 -6
- souleyez/licensing/validator.py +17 -19
- souleyez/log_config.py +79 -54
- souleyez/main.py +1505 -687
- souleyez/migrations/fix_job_counter.py +16 -14
- souleyez/parsers/bloodhound_parser.py +41 -39
- souleyez/parsers/crackmapexec_parser.py +178 -111
- souleyez/parsers/dalfox_parser.py +72 -77
- souleyez/parsers/dnsrecon_parser.py +103 -91
- souleyez/parsers/enum4linux_parser.py +183 -153
- souleyez/parsers/ffuf_parser.py +29 -25
- souleyez/parsers/gobuster_parser.py +301 -41
- souleyez/parsers/hashcat_parser.py +324 -79
- souleyez/parsers/http_fingerprint_parser.py +350 -103
- souleyez/parsers/hydra_parser.py +131 -111
- souleyez/parsers/impacket_parser.py +231 -178
- souleyez/parsers/john_parser.py +98 -86
- souleyez/parsers/katana_parser.py +316 -0
- souleyez/parsers/msf_parser.py +943 -498
- souleyez/parsers/nikto_parser.py +346 -65
- souleyez/parsers/nmap_parser.py +262 -174
- souleyez/parsers/nuclei_parser.py +40 -44
- souleyez/parsers/responder_parser.py +26 -26
- souleyez/parsers/searchsploit_parser.py +74 -74
- souleyez/parsers/service_explorer_parser.py +279 -0
- souleyez/parsers/smbmap_parser.py +180 -124
- souleyez/parsers/sqlmap_parser.py +434 -308
- souleyez/parsers/theharvester_parser.py +75 -57
- souleyez/parsers/whois_parser.py +135 -94
- souleyez/parsers/wpscan_parser.py +278 -190
- souleyez/plugins/afp.py +44 -36
- souleyez/plugins/afp_brute.py +114 -46
- souleyez/plugins/ard.py +48 -37
- souleyez/plugins/bloodhound.py +95 -61
- souleyez/plugins/certipy.py +303 -0
- souleyez/plugins/crackmapexec.py +186 -85
- souleyez/plugins/dalfox.py +120 -59
- souleyez/plugins/dns_hijack.py +146 -41
- souleyez/plugins/dnsrecon.py +97 -61
- souleyez/plugins/enum4linux.py +91 -66
- souleyez/plugins/evil_winrm.py +291 -0
- souleyez/plugins/ffuf.py +166 -90
- souleyez/plugins/firmware_extract.py +133 -29
- souleyez/plugins/gobuster.py +387 -190
- souleyez/plugins/gpp_extract.py +393 -0
- souleyez/plugins/hashcat.py +100 -73
- souleyez/plugins/http_fingerprint.py +854 -267
- souleyez/plugins/hydra.py +566 -200
- souleyez/plugins/impacket_getnpusers.py +117 -69
- souleyez/plugins/impacket_psexec.py +84 -64
- souleyez/plugins/impacket_secretsdump.py +103 -69
- souleyez/plugins/impacket_smbclient.py +89 -75
- souleyez/plugins/john.py +86 -69
- souleyez/plugins/katana.py +313 -0
- souleyez/plugins/kerbrute.py +237 -0
- souleyez/plugins/lfi_extract.py +541 -0
- souleyez/plugins/macos_ssh.py +117 -48
- souleyez/plugins/mdns.py +35 -30
- souleyez/plugins/msf_auxiliary.py +253 -130
- souleyez/plugins/msf_exploit.py +239 -161
- souleyez/plugins/nikto.py +134 -78
- souleyez/plugins/nmap.py +275 -91
- souleyez/plugins/nuclei.py +180 -89
- souleyez/plugins/nxc.py +285 -0
- souleyez/plugins/plugin_base.py +35 -36
- souleyez/plugins/plugin_template.py +13 -5
- souleyez/plugins/rdp_sec_check.py +130 -0
- souleyez/plugins/responder.py +112 -71
- souleyez/plugins/router_http_brute.py +76 -65
- souleyez/plugins/router_ssh_brute.py +118 -41
- souleyez/plugins/router_telnet_brute.py +124 -42
- souleyez/plugins/routersploit.py +91 -59
- souleyez/plugins/routersploit_exploit.py +77 -55
- souleyez/plugins/searchsploit.py +91 -77
- souleyez/plugins/service_explorer.py +1160 -0
- souleyez/plugins/smbmap.py +122 -72
- souleyez/plugins/smbpasswd.py +215 -0
- souleyez/plugins/sqlmap.py +301 -113
- souleyez/plugins/theharvester.py +127 -75
- souleyez/plugins/tr069.py +79 -57
- souleyez/plugins/upnp.py +65 -47
- souleyez/plugins/upnp_abuse.py +73 -55
- souleyez/plugins/vnc_access.py +129 -42
- souleyez/plugins/vnc_brute.py +109 -38
- souleyez/plugins/whois.py +77 -58
- souleyez/plugins/wpscan.py +173 -69
- souleyez/reporting/__init__.py +2 -1
- souleyez/reporting/attack_chain.py +411 -346
- souleyez/reporting/charts.py +436 -501
- souleyez/reporting/compliance_mappings.py +334 -201
- souleyez/reporting/detection_report.py +126 -125
- souleyez/reporting/formatters.py +828 -591
- souleyez/reporting/generator.py +386 -302
- souleyez/reporting/metrics.py +72 -75
- souleyez/scanner.py +35 -29
- souleyez/security/__init__.py +37 -11
- souleyez/security/scope_validator.py +175 -106
- souleyez/security/validation.py +223 -149
- souleyez/security.py +22 -6
- souleyez/storage/credentials.py +247 -186
- souleyez/storage/crypto.py +296 -129
- souleyez/storage/database.py +73 -50
- souleyez/storage/db.py +58 -36
- souleyez/storage/deliverable_evidence.py +177 -128
- souleyez/storage/deliverable_exporter.py +282 -246
- souleyez/storage/deliverable_templates.py +134 -116
- souleyez/storage/deliverables.py +135 -130
- souleyez/storage/engagements.py +109 -56
- souleyez/storage/evidence.py +181 -152
- souleyez/storage/execution_log.py +31 -17
- souleyez/storage/exploit_attempts.py +93 -57
- souleyez/storage/exploits.py +67 -36
- souleyez/storage/findings.py +48 -61
- souleyez/storage/hosts.py +176 -144
- souleyez/storage/migrate_to_engagements.py +43 -19
- souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
- souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
- souleyez/storage/migrations/_003_add_execution_log.py +14 -8
- souleyez/storage/migrations/_005_screenshots.py +13 -5
- souleyez/storage/migrations/_006_deliverables.py +13 -5
- souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
- souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
- souleyez/storage/migrations/_010_evidence_linking.py +17 -10
- souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
- souleyez/storage/migrations/_012_team_collaboration.py +34 -21
- souleyez/storage/migrations/_013_add_host_tags.py +12 -6
- souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
- souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
- souleyez/storage/migrations/_016_add_domain_field.py +10 -4
- souleyez/storage/migrations/_017_msf_sessions.py +16 -8
- souleyez/storage/migrations/_018_add_osint_target.py +10 -6
- souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
- souleyez/storage/migrations/_020_add_rbac.py +36 -15
- souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
- souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
- souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
- souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
- souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
- souleyez/storage/migrations/__init__.py +26 -26
- souleyez/storage/migrations/migration_manager.py +19 -19
- souleyez/storage/msf_sessions.py +100 -65
- souleyez/storage/osint.py +17 -24
- souleyez/storage/recommendation_engine.py +269 -235
- souleyez/storage/screenshots.py +33 -32
- souleyez/storage/smb_shares.py +136 -92
- souleyez/storage/sqlmap_data.py +183 -128
- souleyez/storage/team_collaboration.py +135 -141
- souleyez/storage/timeline_tracker.py +122 -94
- souleyez/storage/wazuh_vulns.py +64 -66
- souleyez/storage/web_paths.py +33 -37
- souleyez/testing/credential_tester.py +221 -205
- souleyez/ui/__init__.py +1 -1
- souleyez/ui/ai_quotes.py +12 -12
- souleyez/ui/attack_surface.py +2439 -1516
- souleyez/ui/chain_rules_view.py +914 -382
- souleyez/ui/correlation_view.py +312 -230
- souleyez/ui/dashboard.py +2382 -1130
- souleyez/ui/deliverables_view.py +148 -62
- souleyez/ui/design_system.py +13 -13
- souleyez/ui/errors.py +49 -49
- souleyez/ui/evidence_linking_view.py +284 -179
- souleyez/ui/evidence_vault.py +393 -285
- souleyez/ui/exploit_suggestions_view.py +555 -349
- souleyez/ui/export_view.py +100 -66
- souleyez/ui/gap_analysis_view.py +315 -171
- souleyez/ui/help_system.py +105 -97
- souleyez/ui/intelligence_view.py +436 -293
- souleyez/ui/interactive.py +23142 -10430
- souleyez/ui/interactive_selector.py +75 -68
- souleyez/ui/log_formatter.py +47 -39
- souleyez/ui/menu_components.py +22 -13
- souleyez/ui/msf_auxiliary_menu.py +184 -133
- souleyez/ui/pending_chains_view.py +336 -172
- souleyez/ui/progress_indicators.py +5 -3
- souleyez/ui/recommendations_view.py +195 -137
- souleyez/ui/rule_builder.py +343 -225
- souleyez/ui/setup_wizard.py +678 -284
- souleyez/ui/shortcuts.py +217 -165
- souleyez/ui/splunk_gap_analysis_view.py +452 -270
- souleyez/ui/splunk_vulns_view.py +139 -86
- souleyez/ui/team_dashboard.py +498 -335
- souleyez/ui/template_selector.py +196 -105
- souleyez/ui/terminal.py +6 -6
- souleyez/ui/timeline_view.py +198 -127
- souleyez/ui/tool_setup.py +264 -164
- souleyez/ui/tutorial.py +202 -72
- souleyez/ui/tutorial_state.py +40 -40
- souleyez/ui/wazuh_vulns_view.py +235 -141
- souleyez/ui/wordlist_browser.py +260 -107
- souleyez/ui.py +464 -312
- souleyez/utils/tool_checker.py +427 -367
- souleyez/utils.py +33 -29
- souleyez/wordlists.py +134 -167
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/METADATA +1 -1
- souleyez-2.43.32.dist-info/RECORD +441 -0
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/WHEEL +1 -1
- souleyez-2.43.28.dist-info/RECORD +0 -379
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/top_level.txt +0 -0
souleyez/plugins/responder.py
CHANGED
|
@@ -27,11 +27,11 @@ HELP = {
|
|
|
27
27
|
"- WPAD poisoning is aggressive - use with caution\n\n"
|
|
28
28
|
"⚠️ Warning: This is an active network attack. Use only with permission!\n"
|
|
29
29
|
),
|
|
30
|
-
"usage":
|
|
30
|
+
"usage": 'souleyez jobs enqueue responder <interface> --args "[options]"',
|
|
31
31
|
"examples": [
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
32
|
+
'souleyez jobs enqueue responder eth0 --args "-v"',
|
|
33
|
+
'souleyez jobs enqueue responder tun0 --args "-w -v" # WPAD poisoning',
|
|
34
|
+
'souleyez jobs enqueue responder wlan0 --args "-f -v" # Fingerprint only',
|
|
35
35
|
],
|
|
36
36
|
"flags": [
|
|
37
37
|
["-I <interface>", "Network interface to bind to (required)"],
|
|
@@ -56,58 +56,94 @@ HELP = {
|
|
|
56
56
|
" - SMB+HTTP Only: Reduced attack surface",
|
|
57
57
|
],
|
|
58
58
|
"presets": [
|
|
59
|
-
{
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
59
|
+
{
|
|
60
|
+
"name": "Standard Poisoning",
|
|
61
|
+
"args": ["-v"],
|
|
62
|
+
"desc": "LLMNR/NBT-NS poisoning (default)",
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
"name": "WPAD Poisoning",
|
|
66
|
+
"args": ["-w", "-v"],
|
|
67
|
+
"desc": "Add WPAD rogue proxy (aggressive)",
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
"name": "Fingerprint Mode",
|
|
71
|
+
"args": ["-f", "-v"],
|
|
72
|
+
"desc": "Passive mode (no poisoning, just fingerprint)",
|
|
73
|
+
},
|
|
74
|
+
{
|
|
75
|
+
"name": "SMB + HTTP Only",
|
|
76
|
+
"args": ["-v", "--lm", "--disable-ess"],
|
|
77
|
+
"desc": "Capture SMB and HTTP only",
|
|
78
|
+
},
|
|
63
79
|
],
|
|
64
80
|
"help_sections": [
|
|
65
81
|
{
|
|
66
82
|
"title": "What is Responder?",
|
|
67
83
|
"color": "cyan",
|
|
68
84
|
"content": [
|
|
69
|
-
{
|
|
70
|
-
|
|
71
|
-
"
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
"
|
|
75
|
-
|
|
76
|
-
|
|
85
|
+
{
|
|
86
|
+
"title": "Overview",
|
|
87
|
+
"desc": "Responder performs LLMNR/NBT-NS/MDNS poisoning to passively capture Windows credentials (NTLMv2 hashes) when clients broadcast authentication requests.",
|
|
88
|
+
},
|
|
89
|
+
{
|
|
90
|
+
"title": "Use Cases",
|
|
91
|
+
"desc": "Passive credential capture on Windows networks",
|
|
92
|
+
"tips": [
|
|
93
|
+
"Capture NetNTLMv2 hashes without touching hosts",
|
|
94
|
+
"Intercept Windows authentication attempts",
|
|
95
|
+
"Identify active users and services",
|
|
96
|
+
"Get initial foothold credentials",
|
|
97
|
+
],
|
|
98
|
+
},
|
|
99
|
+
],
|
|
77
100
|
},
|
|
78
101
|
{
|
|
79
102
|
"title": "How to Use",
|
|
80
103
|
"color": "green",
|
|
81
104
|
"content": [
|
|
82
|
-
{
|
|
83
|
-
|
|
84
|
-
"
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
"
|
|
88
|
-
|
|
89
|
-
|
|
105
|
+
{
|
|
106
|
+
"title": "Basic Workflow",
|
|
107
|
+
"desc": "1. Select network interface to monitor\n 2. Choose poisoning mode (standard or WPAD)\n 3. Run for 15-30 minutes to capture hashes\n 4. Crack captured hashes with hashcat mode 5600",
|
|
108
|
+
},
|
|
109
|
+
{
|
|
110
|
+
"title": "Key Modes",
|
|
111
|
+
"desc": "Different levels of aggressiveness",
|
|
112
|
+
"tips": [
|
|
113
|
+
"Standard: LLMNR/NBT-NS poisoning only (default)",
|
|
114
|
+
"WPAD: Add rogue proxy (very aggressive)",
|
|
115
|
+
"Fingerprint: Passive mode (no poisoning)",
|
|
116
|
+
"SMB+HTTP Only: Reduced attack surface",
|
|
117
|
+
],
|
|
118
|
+
},
|
|
119
|
+
],
|
|
90
120
|
},
|
|
91
121
|
{
|
|
92
122
|
"title": "Tips & Best Practices",
|
|
93
123
|
"color": "yellow",
|
|
94
124
|
"content": [
|
|
95
|
-
(
|
|
96
|
-
"
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
"
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
125
|
+
(
|
|
126
|
+
"Best Practices:",
|
|
127
|
+
[
|
|
128
|
+
"Requires root/sudo for port binding",
|
|
129
|
+
"Run for 15-30 minutes for best results",
|
|
130
|
+
"Works best on switched networks (same subnet)",
|
|
131
|
+
"Captured hashes: hashcat -m 5600 hashes.txt wordlist.txt",
|
|
132
|
+
"Check ~/.souleyez/responder_logs/ for results",
|
|
133
|
+
],
|
|
134
|
+
),
|
|
135
|
+
(
|
|
136
|
+
"Common Issues:",
|
|
137
|
+
[
|
|
138
|
+
"Permission denied: Run with sudo",
|
|
139
|
+
"No hashes captured: May need WPAD mode or longer runtime",
|
|
140
|
+
"Interface not found: Verify interface name (eth0, wlan0)",
|
|
141
|
+
"Too aggressive: Use fingerprint mode (-f) if concerned",
|
|
142
|
+
],
|
|
143
|
+
),
|
|
144
|
+
],
|
|
145
|
+
},
|
|
146
|
+
],
|
|
111
147
|
}
|
|
112
148
|
|
|
113
149
|
|
|
@@ -130,7 +166,7 @@ class ResponderPlugin:
|
|
|
130
166
|
paths = [
|
|
131
167
|
"/usr/share/responder/Responder.py",
|
|
132
168
|
"/opt/Responder/Responder.py",
|
|
133
|
-
Path.home() / "tools/Responder/Responder.py"
|
|
169
|
+
Path.home() / "tools/Responder/Responder.py",
|
|
134
170
|
]
|
|
135
171
|
|
|
136
172
|
for path in paths:
|
|
@@ -159,14 +195,15 @@ class ResponderPlugin:
|
|
|
159
195
|
["ip", "route", "get", target_ip],
|
|
160
196
|
capture_output=True,
|
|
161
197
|
text=True,
|
|
162
|
-
timeout=5
|
|
198
|
+
timeout=5,
|
|
163
199
|
)
|
|
164
200
|
|
|
165
201
|
if result.returncode == 0:
|
|
166
202
|
# Parse output: "10.0.0.73 dev eth0 src 10.0.0.1 uid 1000"
|
|
167
203
|
# Look for "dev <interface>"
|
|
168
204
|
import re
|
|
169
|
-
|
|
205
|
+
|
|
206
|
+
match = re.search(r"dev\s+(\S+)", result.stdout)
|
|
170
207
|
if match:
|
|
171
208
|
return match.group(1)
|
|
172
209
|
|
|
@@ -175,12 +212,13 @@ class ResponderPlugin:
|
|
|
175
212
|
["ip", "route", "show", "default"],
|
|
176
213
|
capture_output=True,
|
|
177
214
|
text=True,
|
|
178
|
-
timeout=5
|
|
215
|
+
timeout=5,
|
|
179
216
|
)
|
|
180
217
|
|
|
181
218
|
if result.returncode == 0:
|
|
182
219
|
import re
|
|
183
|
-
|
|
220
|
+
|
|
221
|
+
match = re.search(r"dev\s+(\S+)", result.stdout)
|
|
184
222
|
if match:
|
|
185
223
|
return match.group(1)
|
|
186
224
|
|
|
@@ -188,13 +226,13 @@ class ResponderPlugin:
|
|
|
188
226
|
pass
|
|
189
227
|
|
|
190
228
|
# Last resort: return common default interfaces
|
|
191
|
-
for iface in [
|
|
229
|
+
for iface in ["eth0", "ens33", "enp0s3", "wlan0"]:
|
|
192
230
|
try:
|
|
193
231
|
result = subprocess.run(
|
|
194
232
|
["ip", "link", "show", iface],
|
|
195
233
|
capture_output=True,
|
|
196
234
|
text=True,
|
|
197
|
-
timeout=2
|
|
235
|
+
timeout=2,
|
|
198
236
|
)
|
|
199
237
|
if result.returncode == 0:
|
|
200
238
|
return iface
|
|
@@ -207,10 +245,7 @@ class ResponderPlugin:
|
|
|
207
245
|
"""Check if the given name is a valid network interface."""
|
|
208
246
|
try:
|
|
209
247
|
result = subprocess.run(
|
|
210
|
-
["ip", "link", "show", name],
|
|
211
|
-
capture_output=True,
|
|
212
|
-
text=True,
|
|
213
|
-
timeout=2
|
|
248
|
+
["ip", "link", "show", name], capture_output=True, text=True, timeout=2
|
|
214
249
|
)
|
|
215
250
|
return result.returncode == 0
|
|
216
251
|
except Exception:
|
|
@@ -235,7 +270,7 @@ class ResponderPlugin:
|
|
|
235
270
|
Command spec dict or None if validation fails
|
|
236
271
|
"""
|
|
237
272
|
if not self.responder_path:
|
|
238
|
-
with open(log_path,
|
|
273
|
+
with open(log_path, "w") as f:
|
|
239
274
|
f.write("ERROR: Responder not found. Install with:\n")
|
|
240
275
|
f.write("git clone https://github.com/lgandx/Responder\n")
|
|
241
276
|
f.write("cd Responder\n")
|
|
@@ -252,14 +287,20 @@ class ResponderPlugin:
|
|
|
252
287
|
# Target is likely an IP address - auto-detect interface
|
|
253
288
|
interface = self._get_interface_for_target(target)
|
|
254
289
|
if not interface:
|
|
255
|
-
with open(log_path,
|
|
256
|
-
f.write(
|
|
257
|
-
|
|
290
|
+
with open(log_path, "w") as f:
|
|
291
|
+
f.write(
|
|
292
|
+
f"ERROR: Could not determine network interface for target {target}\n"
|
|
293
|
+
)
|
|
294
|
+
f.write(
|
|
295
|
+
"Please specify a valid network interface (e.g., eth0, wlan0, tun0)\n"
|
|
296
|
+
)
|
|
258
297
|
f.write("\nAvailable interfaces:\n")
|
|
259
298
|
try:
|
|
260
|
-
result = subprocess.run(
|
|
261
|
-
|
|
262
|
-
|
|
299
|
+
result = subprocess.run(
|
|
300
|
+
["ip", "-o", "link", "show"], capture_output=True, text=True
|
|
301
|
+
)
|
|
302
|
+
for line in result.stdout.strip().split("\n"):
|
|
303
|
+
parts = line.split(":")
|
|
263
304
|
if len(parts) >= 2:
|
|
264
305
|
iface = parts[1].strip()
|
|
265
306
|
f.write(f" - {iface}\n")
|
|
@@ -282,7 +323,7 @@ class ResponderPlugin:
|
|
|
282
323
|
env = {"RESPONDER_LOG_DIR": str(self.log_dir)}
|
|
283
324
|
|
|
284
325
|
# Write initial log content
|
|
285
|
-
with open(log_path,
|
|
326
|
+
with open(log_path, "w") as f:
|
|
286
327
|
f.write(f"Starting Responder...\n")
|
|
287
328
|
f.write(f"Target: {target}\n")
|
|
288
329
|
f.write(f"Interface: {interface}\n")
|
|
@@ -291,34 +332,34 @@ class ResponderPlugin:
|
|
|
291
332
|
f.write("NOTE: Responder requires root/sudo. If this fails, either:\n")
|
|
292
333
|
f.write(" - Run souleyez as root, or\n")
|
|
293
334
|
f.write(" - Configure passwordless sudo for responder\n\n")
|
|
294
|
-
f.write(
|
|
295
|
-
|
|
335
|
+
f.write(
|
|
336
|
+
"NOTE: Responder runs indefinitely. Kill job when done capturing.\n"
|
|
337
|
+
)
|
|
338
|
+
f.write(
|
|
339
|
+
"Captured hashes are automatically stored in credentials database.\n\n"
|
|
340
|
+
)
|
|
296
341
|
|
|
297
|
-
return {
|
|
298
|
-
'cmd': cmd,
|
|
299
|
-
'timeout': 3600, # 1 hour
|
|
300
|
-
'env': env
|
|
301
|
-
}
|
|
342
|
+
return {"cmd": cmd, "timeout": 3600, "env": env} # 1 hour
|
|
302
343
|
|
|
303
344
|
def get_presets(self):
|
|
304
345
|
"""Return Responder presets."""
|
|
305
346
|
return {
|
|
306
347
|
"Standard Poisoning": {
|
|
307
348
|
"description": "LLMNR/NBT-NS poisoning (default)",
|
|
308
|
-
"args": "-v"
|
|
349
|
+
"args": "-v",
|
|
309
350
|
},
|
|
310
351
|
"WPAD Poisoning": {
|
|
311
352
|
"description": "Add WPAD rogue proxy (aggressive)",
|
|
312
|
-
"args": "-w -v"
|
|
353
|
+
"args": "-w -v",
|
|
313
354
|
},
|
|
314
355
|
"Fingerprint Mode": {
|
|
315
356
|
"description": "Passive mode (no poisoning, just fingerprint)",
|
|
316
|
-
"args": "-f -v"
|
|
357
|
+
"args": "-f -v",
|
|
317
358
|
},
|
|
318
359
|
"SMB + HTTP Only": {
|
|
319
360
|
"description": "Capture SMB and HTTP only",
|
|
320
|
-
"args": "-v --lm --disable-ess"
|
|
321
|
-
}
|
|
361
|
+
"args": "-v --lm --disable-ess",
|
|
362
|
+
},
|
|
322
363
|
}
|
|
323
364
|
|
|
324
365
|
|
|
@@ -30,8 +30,8 @@ HELP = {
|
|
|
30
30
|
"usage": "souleyez jobs enqueue router_http_brute <target>",
|
|
31
31
|
"examples": [
|
|
32
32
|
"souleyez jobs enqueue router_http_brute 192.168.1.1",
|
|
33
|
-
|
|
34
|
-
|
|
33
|
+
'souleyez jobs enqueue router_http_brute 192.168.1.1 --args "--port 8080"',
|
|
34
|
+
'souleyez jobs enqueue router_http_brute 192.168.1.1 --args "--basic"',
|
|
35
35
|
],
|
|
36
36
|
"flags": [
|
|
37
37
|
["--port PORT", "Target port (default: 80)"],
|
|
@@ -40,9 +40,21 @@ HELP = {
|
|
|
40
40
|
["--ssl", "Use HTTPS"],
|
|
41
41
|
],
|
|
42
42
|
"presets": [
|
|
43
|
-
{
|
|
44
|
-
|
|
45
|
-
|
|
43
|
+
{
|
|
44
|
+
"name": "Basic Auth",
|
|
45
|
+
"args": ["--basic"],
|
|
46
|
+
"desc": "HTTP Basic Authentication",
|
|
47
|
+
},
|
|
48
|
+
{
|
|
49
|
+
"name": "HTTPS Basic",
|
|
50
|
+
"args": ["--basic", "--ssl"],
|
|
51
|
+
"desc": "HTTPS Basic Auth",
|
|
52
|
+
},
|
|
53
|
+
{
|
|
54
|
+
"name": "Port 8080",
|
|
55
|
+
"args": ["--port", "8080"],
|
|
56
|
+
"desc": "Alternate port 8080",
|
|
57
|
+
},
|
|
46
58
|
],
|
|
47
59
|
"help_sections": [
|
|
48
60
|
{
|
|
@@ -54,9 +66,9 @@ HELP = {
|
|
|
54
66
|
{"title": "D-Link", "desc": "admin / (blank) or admin"},
|
|
55
67
|
{"title": "TP-Link", "desc": "admin / admin"},
|
|
56
68
|
{"title": "ASUS", "desc": "admin / admin"},
|
|
57
|
-
]
|
|
69
|
+
],
|
|
58
70
|
}
|
|
59
|
-
]
|
|
71
|
+
],
|
|
60
72
|
}
|
|
61
73
|
|
|
62
74
|
|
|
@@ -68,20 +80,13 @@ class RouterHTTPBrutePlugin(PluginBase):
|
|
|
68
80
|
|
|
69
81
|
def _get_wordlist_path(self, filename: str) -> str:
|
|
70
82
|
"""Get path to wordlist file."""
|
|
71
|
-
import
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
]
|
|
79
|
-
for loc in locations:
|
|
80
|
-
if os.path.exists(loc):
|
|
81
|
-
return os.path.abspath(loc)
|
|
82
|
-
return filename # Return as-is, let hydra fail if not found
|
|
83
|
-
|
|
84
|
-
def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
|
|
83
|
+
from souleyez.wordlists import resolve_wordlist_path
|
|
84
|
+
|
|
85
|
+
return resolve_wordlist_path(f"data/wordlists/{filename}")
|
|
86
|
+
|
|
87
|
+
def build_command(
|
|
88
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
89
|
+
):
|
|
85
90
|
"""Build Hydra command for router HTTP brute force."""
|
|
86
91
|
args = args or []
|
|
87
92
|
|
|
@@ -90,114 +95,120 @@ class RouterHTTPBrutePlugin(PluginBase):
|
|
|
90
95
|
target = validate_target(target)
|
|
91
96
|
except ValidationError as e:
|
|
92
97
|
if log_path:
|
|
93
|
-
with open(log_path,
|
|
98
|
+
with open(log_path, "w") as f:
|
|
94
99
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
95
100
|
return None
|
|
96
101
|
|
|
97
102
|
# Parse arguments
|
|
98
|
-
port =
|
|
103
|
+
port = "80"
|
|
99
104
|
use_ssl = False
|
|
100
105
|
use_form = False
|
|
101
|
-
form_path =
|
|
106
|
+
form_path = "/login"
|
|
102
107
|
|
|
103
108
|
i = 0
|
|
104
109
|
while i < len(args):
|
|
105
|
-
if args[i] ==
|
|
110
|
+
if args[i] == "--port" and i + 1 < len(args):
|
|
106
111
|
port = args[i + 1]
|
|
107
112
|
i += 2
|
|
108
|
-
elif args[i] ==
|
|
113
|
+
elif args[i] == "--ssl":
|
|
109
114
|
use_ssl = True
|
|
110
|
-
port =
|
|
115
|
+
port = "443" if port == "80" else port
|
|
111
116
|
i += 1
|
|
112
|
-
elif args[i] ==
|
|
117
|
+
elif args[i] == "--form" and i + 1 < len(args):
|
|
113
118
|
use_form = True
|
|
114
119
|
form_path = args[i + 1]
|
|
115
120
|
i += 2
|
|
116
|
-
elif args[i] ==
|
|
121
|
+
elif args[i] == "--basic":
|
|
117
122
|
use_form = False
|
|
118
123
|
i += 1
|
|
119
124
|
else:
|
|
120
125
|
i += 1
|
|
121
126
|
|
|
122
127
|
# Common router credentials
|
|
123
|
-
users = self._get_wordlist_path(
|
|
124
|
-
passwords = self._get_wordlist_path(
|
|
128
|
+
users = self._get_wordlist_path("router_users.txt")
|
|
129
|
+
passwords = self._get_wordlist_path("router_passwords.txt")
|
|
125
130
|
|
|
126
131
|
# Build Hydra command
|
|
127
132
|
if use_form:
|
|
128
|
-
service =
|
|
133
|
+
service = "https-post-form" if use_ssl else "http-post-form"
|
|
129
134
|
# Generic form attack - adjust for specific routers
|
|
130
135
|
form_string = f"{form_path}:username=^USER^&password=^PASS^:F=incorrect"
|
|
131
136
|
cmd = [
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
137
|
+
"hydra",
|
|
138
|
+
"-L",
|
|
139
|
+
users,
|
|
140
|
+
"-P",
|
|
141
|
+
passwords,
|
|
142
|
+
"-s",
|
|
143
|
+
port,
|
|
144
|
+
"-t",
|
|
145
|
+
"2", # Low threads
|
|
146
|
+
"-w",
|
|
147
|
+
"3", # Wait 3 seconds between attempts
|
|
148
|
+
"-vV",
|
|
139
149
|
target,
|
|
140
150
|
service,
|
|
141
|
-
form_string
|
|
151
|
+
form_string,
|
|
142
152
|
]
|
|
143
153
|
else:
|
|
144
|
-
service =
|
|
154
|
+
service = "https-get" if use_ssl else "http-get"
|
|
145
155
|
cmd = [
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
156
|
+
"hydra",
|
|
157
|
+
"-L",
|
|
158
|
+
users,
|
|
159
|
+
"-P",
|
|
160
|
+
passwords,
|
|
161
|
+
"-s",
|
|
162
|
+
port,
|
|
163
|
+
"-t",
|
|
164
|
+
"2",
|
|
165
|
+
"-w",
|
|
166
|
+
"3",
|
|
167
|
+
"-vV",
|
|
168
|
+
"-f", # Stop on first success
|
|
154
169
|
target,
|
|
155
170
|
service,
|
|
156
|
-
|
|
171
|
+
"/",
|
|
157
172
|
]
|
|
158
173
|
|
|
159
|
-
return {
|
|
160
|
-
'cmd': cmd,
|
|
161
|
-
'timeout': 1800 # 30 minute timeout
|
|
162
|
-
}
|
|
174
|
+
return {"cmd": cmd, "timeout": 1800} # 30 minute timeout
|
|
163
175
|
|
|
164
|
-
def run(
|
|
176
|
+
def run(
|
|
177
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
178
|
+
) -> int:
|
|
165
179
|
"""Execute router HTTP brute force."""
|
|
166
180
|
cmd_spec = self.build_command(target, args, label, log_path)
|
|
167
181
|
if cmd_spec is None:
|
|
168
182
|
return 1
|
|
169
183
|
|
|
170
|
-
cmd = cmd_spec[
|
|
184
|
+
cmd = cmd_spec["cmd"]
|
|
171
185
|
|
|
172
186
|
if log_path:
|
|
173
|
-
with open(log_path,
|
|
187
|
+
with open(log_path, "w") as f:
|
|
174
188
|
f.write(f"# Router HTTP Brute Force on {target}\n")
|
|
175
189
|
f.write(f"# Command: {' '.join(cmd)}\n")
|
|
176
190
|
f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
|
|
177
191
|
|
|
178
192
|
try:
|
|
179
|
-
with open(log_path,
|
|
193
|
+
with open(log_path, "a") as f:
|
|
180
194
|
result = subprocess.run(
|
|
181
|
-
cmd,
|
|
182
|
-
stdout=f,
|
|
183
|
-
stderr=subprocess.STDOUT,
|
|
184
|
-
timeout=cmd_spec['timeout']
|
|
195
|
+
cmd, stdout=f, stderr=subprocess.STDOUT, timeout=cmd_spec["timeout"]
|
|
185
196
|
)
|
|
186
197
|
return result.returncode
|
|
187
198
|
|
|
188
199
|
except subprocess.TimeoutExpired:
|
|
189
200
|
if log_path:
|
|
190
|
-
with open(log_path,
|
|
201
|
+
with open(log_path, "a") as f:
|
|
191
202
|
f.write("\n\n# ERROR: Brute force timed out\n")
|
|
192
203
|
return 124
|
|
193
204
|
except FileNotFoundError:
|
|
194
205
|
if log_path:
|
|
195
|
-
with open(log_path,
|
|
206
|
+
with open(log_path, "a") as f:
|
|
196
207
|
f.write("\n\n# ERROR: Hydra not found\n")
|
|
197
208
|
return 127
|
|
198
209
|
except Exception as e:
|
|
199
210
|
if log_path:
|
|
200
|
-
with open(log_path,
|
|
211
|
+
with open(log_path, "a") as f:
|
|
201
212
|
f.write(f"\n\n# ERROR: {e}\n")
|
|
202
213
|
return 1
|
|
203
214
|
|