souleyez 2.43.28__py3-none-any.whl → 2.43.32__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (356) hide show
  1. souleyez/__init__.py +1 -2
  2. souleyez/ai/__init__.py +21 -15
  3. souleyez/ai/action_mapper.py +249 -150
  4. souleyez/ai/chain_advisor.py +116 -100
  5. souleyez/ai/claude_provider.py +29 -28
  6. souleyez/ai/context_builder.py +80 -62
  7. souleyez/ai/executor.py +158 -117
  8. souleyez/ai/feedback_handler.py +136 -121
  9. souleyez/ai/llm_factory.py +27 -20
  10. souleyez/ai/llm_provider.py +4 -2
  11. souleyez/ai/ollama_provider.py +6 -9
  12. souleyez/ai/ollama_service.py +44 -37
  13. souleyez/ai/path_scorer.py +91 -76
  14. souleyez/ai/recommender.py +176 -144
  15. souleyez/ai/report_context.py +74 -73
  16. souleyez/ai/report_service.py +84 -66
  17. souleyez/ai/result_parser.py +222 -229
  18. souleyez/ai/safety.py +67 -44
  19. souleyez/auth/__init__.py +23 -22
  20. souleyez/auth/audit.py +36 -26
  21. souleyez/auth/engagement_access.py +65 -48
  22. souleyez/auth/permissions.py +14 -3
  23. souleyez/auth/session_manager.py +54 -37
  24. souleyez/auth/user_manager.py +109 -64
  25. souleyez/commands/audit.py +40 -43
  26. souleyez/commands/auth.py +35 -15
  27. souleyez/commands/deliverables.py +55 -50
  28. souleyez/commands/engagement.py +47 -28
  29. souleyez/commands/license.py +32 -23
  30. souleyez/commands/screenshots.py +36 -32
  31. souleyez/commands/user.py +82 -36
  32. souleyez/config.py +52 -44
  33. souleyez/core/credential_tester.py +87 -81
  34. souleyez/core/cve_mappings.py +179 -192
  35. souleyez/core/cve_matcher.py +162 -148
  36. souleyez/core/msf_auto_mapper.py +100 -83
  37. souleyez/core/msf_chain_engine.py +294 -256
  38. souleyez/core/msf_database.py +153 -70
  39. souleyez/core/msf_integration.py +679 -673
  40. souleyez/core/msf_rpc_client.py +40 -42
  41. souleyez/core/msf_rpc_manager.py +77 -79
  42. souleyez/core/msf_sync_manager.py +241 -181
  43. souleyez/core/network_utils.py +22 -15
  44. souleyez/core/parser_handler.py +34 -25
  45. souleyez/core/pending_chains.py +114 -63
  46. souleyez/core/templates.py +158 -107
  47. souleyez/core/tool_chaining.py +9592 -2879
  48. souleyez/core/version_utils.py +79 -94
  49. souleyez/core/vuln_correlation.py +136 -89
  50. souleyez/core/web_utils.py +33 -32
  51. souleyez/data/wordlists/ad_users.txt +378 -0
  52. souleyez/data/wordlists/api_endpoints_large.txt +769 -0
  53. souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
  54. souleyez/data/wordlists/lfi_payloads.txt +82 -0
  55. souleyez/data/wordlists/passwords_brute.txt +1548 -0
  56. souleyez/data/wordlists/passwords_crack.txt +2479 -0
  57. souleyez/data/wordlists/passwords_spray.txt +386 -0
  58. souleyez/data/wordlists/subdomains_large.txt +5057 -0
  59. souleyez/data/wordlists/usernames_common.txt +694 -0
  60. souleyez/data/wordlists/web_dirs_large.txt +4769 -0
  61. souleyez/detection/__init__.py +1 -1
  62. souleyez/detection/attack_signatures.py +12 -17
  63. souleyez/detection/mitre_mappings.py +61 -55
  64. souleyez/detection/validator.py +97 -86
  65. souleyez/devtools.py +23 -10
  66. souleyez/docs/README.md +4 -4
  67. souleyez/docs/api-reference/cli-commands.md +2 -2
  68. souleyez/docs/developer-guide/adding-new-tools.md +562 -0
  69. souleyez/docs/user-guide/auto-chaining.md +30 -8
  70. souleyez/docs/user-guide/getting-started.md +1 -1
  71. souleyez/docs/user-guide/installation.md +26 -3
  72. souleyez/docs/user-guide/metasploit-integration.md +2 -2
  73. souleyez/docs/user-guide/rbac.md +1 -1
  74. souleyez/docs/user-guide/scope-management.md +1 -1
  75. souleyez/docs/user-guide/siem-integration.md +1 -1
  76. souleyez/docs/user-guide/tools-reference.md +1 -8
  77. souleyez/docs/user-guide/worker-management.md +1 -1
  78. souleyez/engine/background.py +1238 -535
  79. souleyez/engine/base.py +4 -1
  80. souleyez/engine/job_status.py +17 -49
  81. souleyez/engine/log_sanitizer.py +103 -77
  82. souleyez/engine/manager.py +38 -7
  83. souleyez/engine/result_handler.py +2198 -1550
  84. souleyez/engine/worker_manager.py +50 -41
  85. souleyez/export/evidence_bundle.py +72 -62
  86. souleyez/feature_flags/features.py +16 -20
  87. souleyez/feature_flags.py +5 -9
  88. souleyez/handlers/__init__.py +11 -0
  89. souleyez/handlers/base.py +188 -0
  90. souleyez/handlers/bash_handler.py +277 -0
  91. souleyez/handlers/bloodhound_handler.py +243 -0
  92. souleyez/handlers/certipy_handler.py +311 -0
  93. souleyez/handlers/crackmapexec_handler.py +486 -0
  94. souleyez/handlers/dnsrecon_handler.py +344 -0
  95. souleyez/handlers/enum4linux_handler.py +400 -0
  96. souleyez/handlers/evil_winrm_handler.py +493 -0
  97. souleyez/handlers/ffuf_handler.py +815 -0
  98. souleyez/handlers/gobuster_handler.py +1114 -0
  99. souleyez/handlers/gpp_extract_handler.py +334 -0
  100. souleyez/handlers/hashcat_handler.py +444 -0
  101. souleyez/handlers/hydra_handler.py +563 -0
  102. souleyez/handlers/impacket_getuserspns_handler.py +343 -0
  103. souleyez/handlers/impacket_psexec_handler.py +222 -0
  104. souleyez/handlers/impacket_secretsdump_handler.py +426 -0
  105. souleyez/handlers/john_handler.py +286 -0
  106. souleyez/handlers/katana_handler.py +425 -0
  107. souleyez/handlers/kerbrute_handler.py +298 -0
  108. souleyez/handlers/ldapsearch_handler.py +636 -0
  109. souleyez/handlers/lfi_extract_handler.py +464 -0
  110. souleyez/handlers/msf_auxiliary_handler.py +408 -0
  111. souleyez/handlers/msf_exploit_handler.py +380 -0
  112. souleyez/handlers/nikto_handler.py +413 -0
  113. souleyez/handlers/nmap_handler.py +821 -0
  114. souleyez/handlers/nuclei_handler.py +359 -0
  115. souleyez/handlers/nxc_handler.py +371 -0
  116. souleyez/handlers/rdp_sec_check_handler.py +353 -0
  117. souleyez/handlers/registry.py +288 -0
  118. souleyez/handlers/responder_handler.py +232 -0
  119. souleyez/handlers/service_explorer_handler.py +434 -0
  120. souleyez/handlers/smbclient_handler.py +344 -0
  121. souleyez/handlers/smbmap_handler.py +510 -0
  122. souleyez/handlers/smbpasswd_handler.py +296 -0
  123. souleyez/handlers/sqlmap_handler.py +1116 -0
  124. souleyez/handlers/theharvester_handler.py +601 -0
  125. souleyez/handlers/whois_handler.py +277 -0
  126. souleyez/handlers/wpscan_handler.py +554 -0
  127. souleyez/history.py +32 -16
  128. souleyez/importers/msf_importer.py +106 -75
  129. souleyez/importers/smart_importer.py +208 -147
  130. souleyez/integrations/siem/__init__.py +10 -10
  131. souleyez/integrations/siem/base.py +17 -18
  132. souleyez/integrations/siem/elastic.py +108 -122
  133. souleyez/integrations/siem/factory.py +207 -80
  134. souleyez/integrations/siem/googlesecops.py +146 -154
  135. souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
  136. souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
  137. souleyez/integrations/siem/sentinel.py +107 -109
  138. souleyez/integrations/siem/splunk.py +246 -212
  139. souleyez/integrations/siem/wazuh.py +65 -71
  140. souleyez/integrations/wazuh/__init__.py +5 -5
  141. souleyez/integrations/wazuh/client.py +70 -93
  142. souleyez/integrations/wazuh/config.py +85 -57
  143. souleyez/integrations/wazuh/host_mapper.py +28 -36
  144. souleyez/integrations/wazuh/sync.py +78 -68
  145. souleyez/intelligence/__init__.py +4 -5
  146. souleyez/intelligence/correlation_analyzer.py +309 -295
  147. souleyez/intelligence/exploit_knowledge.py +661 -623
  148. souleyez/intelligence/exploit_suggestions.py +159 -139
  149. souleyez/intelligence/gap_analyzer.py +132 -97
  150. souleyez/intelligence/gap_detector.py +251 -214
  151. souleyez/intelligence/sensitive_tables.py +266 -129
  152. souleyez/intelligence/service_parser.py +137 -123
  153. souleyez/intelligence/surface_analyzer.py +407 -268
  154. souleyez/intelligence/target_parser.py +159 -162
  155. souleyez/licensing/__init__.py +6 -6
  156. souleyez/licensing/validator.py +17 -19
  157. souleyez/log_config.py +79 -54
  158. souleyez/main.py +1505 -687
  159. souleyez/migrations/fix_job_counter.py +16 -14
  160. souleyez/parsers/bloodhound_parser.py +41 -39
  161. souleyez/parsers/crackmapexec_parser.py +178 -111
  162. souleyez/parsers/dalfox_parser.py +72 -77
  163. souleyez/parsers/dnsrecon_parser.py +103 -91
  164. souleyez/parsers/enum4linux_parser.py +183 -153
  165. souleyez/parsers/ffuf_parser.py +29 -25
  166. souleyez/parsers/gobuster_parser.py +301 -41
  167. souleyez/parsers/hashcat_parser.py +324 -79
  168. souleyez/parsers/http_fingerprint_parser.py +350 -103
  169. souleyez/parsers/hydra_parser.py +131 -111
  170. souleyez/parsers/impacket_parser.py +231 -178
  171. souleyez/parsers/john_parser.py +98 -86
  172. souleyez/parsers/katana_parser.py +316 -0
  173. souleyez/parsers/msf_parser.py +943 -498
  174. souleyez/parsers/nikto_parser.py +346 -65
  175. souleyez/parsers/nmap_parser.py +262 -174
  176. souleyez/parsers/nuclei_parser.py +40 -44
  177. souleyez/parsers/responder_parser.py +26 -26
  178. souleyez/parsers/searchsploit_parser.py +74 -74
  179. souleyez/parsers/service_explorer_parser.py +279 -0
  180. souleyez/parsers/smbmap_parser.py +180 -124
  181. souleyez/parsers/sqlmap_parser.py +434 -308
  182. souleyez/parsers/theharvester_parser.py +75 -57
  183. souleyez/parsers/whois_parser.py +135 -94
  184. souleyez/parsers/wpscan_parser.py +278 -190
  185. souleyez/plugins/afp.py +44 -36
  186. souleyez/plugins/afp_brute.py +114 -46
  187. souleyez/plugins/ard.py +48 -37
  188. souleyez/plugins/bloodhound.py +95 -61
  189. souleyez/plugins/certipy.py +303 -0
  190. souleyez/plugins/crackmapexec.py +186 -85
  191. souleyez/plugins/dalfox.py +120 -59
  192. souleyez/plugins/dns_hijack.py +146 -41
  193. souleyez/plugins/dnsrecon.py +97 -61
  194. souleyez/plugins/enum4linux.py +91 -66
  195. souleyez/plugins/evil_winrm.py +291 -0
  196. souleyez/plugins/ffuf.py +166 -90
  197. souleyez/plugins/firmware_extract.py +133 -29
  198. souleyez/plugins/gobuster.py +387 -190
  199. souleyez/plugins/gpp_extract.py +393 -0
  200. souleyez/plugins/hashcat.py +100 -73
  201. souleyez/plugins/http_fingerprint.py +854 -267
  202. souleyez/plugins/hydra.py +566 -200
  203. souleyez/plugins/impacket_getnpusers.py +117 -69
  204. souleyez/plugins/impacket_psexec.py +84 -64
  205. souleyez/plugins/impacket_secretsdump.py +103 -69
  206. souleyez/plugins/impacket_smbclient.py +89 -75
  207. souleyez/plugins/john.py +86 -69
  208. souleyez/plugins/katana.py +313 -0
  209. souleyez/plugins/kerbrute.py +237 -0
  210. souleyez/plugins/lfi_extract.py +541 -0
  211. souleyez/plugins/macos_ssh.py +117 -48
  212. souleyez/plugins/mdns.py +35 -30
  213. souleyez/plugins/msf_auxiliary.py +253 -130
  214. souleyez/plugins/msf_exploit.py +239 -161
  215. souleyez/plugins/nikto.py +134 -78
  216. souleyez/plugins/nmap.py +275 -91
  217. souleyez/plugins/nuclei.py +180 -89
  218. souleyez/plugins/nxc.py +285 -0
  219. souleyez/plugins/plugin_base.py +35 -36
  220. souleyez/plugins/plugin_template.py +13 -5
  221. souleyez/plugins/rdp_sec_check.py +130 -0
  222. souleyez/plugins/responder.py +112 -71
  223. souleyez/plugins/router_http_brute.py +76 -65
  224. souleyez/plugins/router_ssh_brute.py +118 -41
  225. souleyez/plugins/router_telnet_brute.py +124 -42
  226. souleyez/plugins/routersploit.py +91 -59
  227. souleyez/plugins/routersploit_exploit.py +77 -55
  228. souleyez/plugins/searchsploit.py +91 -77
  229. souleyez/plugins/service_explorer.py +1160 -0
  230. souleyez/plugins/smbmap.py +122 -72
  231. souleyez/plugins/smbpasswd.py +215 -0
  232. souleyez/plugins/sqlmap.py +301 -113
  233. souleyez/plugins/theharvester.py +127 -75
  234. souleyez/plugins/tr069.py +79 -57
  235. souleyez/plugins/upnp.py +65 -47
  236. souleyez/plugins/upnp_abuse.py +73 -55
  237. souleyez/plugins/vnc_access.py +129 -42
  238. souleyez/plugins/vnc_brute.py +109 -38
  239. souleyez/plugins/whois.py +77 -58
  240. souleyez/plugins/wpscan.py +173 -69
  241. souleyez/reporting/__init__.py +2 -1
  242. souleyez/reporting/attack_chain.py +411 -346
  243. souleyez/reporting/charts.py +436 -501
  244. souleyez/reporting/compliance_mappings.py +334 -201
  245. souleyez/reporting/detection_report.py +126 -125
  246. souleyez/reporting/formatters.py +828 -591
  247. souleyez/reporting/generator.py +386 -302
  248. souleyez/reporting/metrics.py +72 -75
  249. souleyez/scanner.py +35 -29
  250. souleyez/security/__init__.py +37 -11
  251. souleyez/security/scope_validator.py +175 -106
  252. souleyez/security/validation.py +223 -149
  253. souleyez/security.py +22 -6
  254. souleyez/storage/credentials.py +247 -186
  255. souleyez/storage/crypto.py +296 -129
  256. souleyez/storage/database.py +73 -50
  257. souleyez/storage/db.py +58 -36
  258. souleyez/storage/deliverable_evidence.py +177 -128
  259. souleyez/storage/deliverable_exporter.py +282 -246
  260. souleyez/storage/deliverable_templates.py +134 -116
  261. souleyez/storage/deliverables.py +135 -130
  262. souleyez/storage/engagements.py +109 -56
  263. souleyez/storage/evidence.py +181 -152
  264. souleyez/storage/execution_log.py +31 -17
  265. souleyez/storage/exploit_attempts.py +93 -57
  266. souleyez/storage/exploits.py +67 -36
  267. souleyez/storage/findings.py +48 -61
  268. souleyez/storage/hosts.py +176 -144
  269. souleyez/storage/migrate_to_engagements.py +43 -19
  270. souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
  271. souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
  272. souleyez/storage/migrations/_003_add_execution_log.py +14 -8
  273. souleyez/storage/migrations/_005_screenshots.py +13 -5
  274. souleyez/storage/migrations/_006_deliverables.py +13 -5
  275. souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
  276. souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
  277. souleyez/storage/migrations/_010_evidence_linking.py +17 -10
  278. souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
  279. souleyez/storage/migrations/_012_team_collaboration.py +34 -21
  280. souleyez/storage/migrations/_013_add_host_tags.py +12 -6
  281. souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
  282. souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
  283. souleyez/storage/migrations/_016_add_domain_field.py +10 -4
  284. souleyez/storage/migrations/_017_msf_sessions.py +16 -8
  285. souleyez/storage/migrations/_018_add_osint_target.py +10 -6
  286. souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
  287. souleyez/storage/migrations/_020_add_rbac.py +36 -15
  288. souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
  289. souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
  290. souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
  291. souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
  292. souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
  293. souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
  294. souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
  295. souleyez/storage/migrations/__init__.py +26 -26
  296. souleyez/storage/migrations/migration_manager.py +19 -19
  297. souleyez/storage/msf_sessions.py +100 -65
  298. souleyez/storage/osint.py +17 -24
  299. souleyez/storage/recommendation_engine.py +269 -235
  300. souleyez/storage/screenshots.py +33 -32
  301. souleyez/storage/smb_shares.py +136 -92
  302. souleyez/storage/sqlmap_data.py +183 -128
  303. souleyez/storage/team_collaboration.py +135 -141
  304. souleyez/storage/timeline_tracker.py +122 -94
  305. souleyez/storage/wazuh_vulns.py +64 -66
  306. souleyez/storage/web_paths.py +33 -37
  307. souleyez/testing/credential_tester.py +221 -205
  308. souleyez/ui/__init__.py +1 -1
  309. souleyez/ui/ai_quotes.py +12 -12
  310. souleyez/ui/attack_surface.py +2439 -1516
  311. souleyez/ui/chain_rules_view.py +914 -382
  312. souleyez/ui/correlation_view.py +312 -230
  313. souleyez/ui/dashboard.py +2382 -1130
  314. souleyez/ui/deliverables_view.py +148 -62
  315. souleyez/ui/design_system.py +13 -13
  316. souleyez/ui/errors.py +49 -49
  317. souleyez/ui/evidence_linking_view.py +284 -179
  318. souleyez/ui/evidence_vault.py +393 -285
  319. souleyez/ui/exploit_suggestions_view.py +555 -349
  320. souleyez/ui/export_view.py +100 -66
  321. souleyez/ui/gap_analysis_view.py +315 -171
  322. souleyez/ui/help_system.py +105 -97
  323. souleyez/ui/intelligence_view.py +436 -293
  324. souleyez/ui/interactive.py +23142 -10430
  325. souleyez/ui/interactive_selector.py +75 -68
  326. souleyez/ui/log_formatter.py +47 -39
  327. souleyez/ui/menu_components.py +22 -13
  328. souleyez/ui/msf_auxiliary_menu.py +184 -133
  329. souleyez/ui/pending_chains_view.py +336 -172
  330. souleyez/ui/progress_indicators.py +5 -3
  331. souleyez/ui/recommendations_view.py +195 -137
  332. souleyez/ui/rule_builder.py +343 -225
  333. souleyez/ui/setup_wizard.py +678 -284
  334. souleyez/ui/shortcuts.py +217 -165
  335. souleyez/ui/splunk_gap_analysis_view.py +452 -270
  336. souleyez/ui/splunk_vulns_view.py +139 -86
  337. souleyez/ui/team_dashboard.py +498 -335
  338. souleyez/ui/template_selector.py +196 -105
  339. souleyez/ui/terminal.py +6 -6
  340. souleyez/ui/timeline_view.py +198 -127
  341. souleyez/ui/tool_setup.py +264 -164
  342. souleyez/ui/tutorial.py +202 -72
  343. souleyez/ui/tutorial_state.py +40 -40
  344. souleyez/ui/wazuh_vulns_view.py +235 -141
  345. souleyez/ui/wordlist_browser.py +260 -107
  346. souleyez/ui.py +464 -312
  347. souleyez/utils/tool_checker.py +427 -367
  348. souleyez/utils.py +33 -29
  349. souleyez/wordlists.py +134 -167
  350. {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/METADATA +1 -1
  351. souleyez-2.43.32.dist-info/RECORD +441 -0
  352. {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/WHEEL +1 -1
  353. souleyez-2.43.28.dist-info/RECORD +0 -379
  354. {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/entry_points.txt +0 -0
  355. {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/licenses/LICENSE +0 -0
  356. {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/top_level.txt +0 -0
souleyez/plugins/router_ssh_brute.py CHANGED
@@ -30,14 +30,95 @@ HELP = {
30
30
  "usage": "souleyez jobs enqueue router_ssh_brute <target>",
31
31
  "examples": [
32
32
  "souleyez jobs enqueue router_ssh_brute 192.168.1.1",
33
- "souleyez jobs enqueue router_ssh_brute 192.168.1.1 --args \"--port 2222\"",
33
+ 'souleyez jobs enqueue router_ssh_brute 192.168.1.1 --args "--port 2222"',
34
34
  ],
35
35
  "flags": [
36
36
  ["--port PORT", "SSH port (default: 22)"],
37
37
  ],
38
38
  "presets": [
39
39
  {"name": "Standard SSH", "args": [], "desc": "Port 22 with router credentials"},
40
- {"name": "Alternate Port", "args": ["--port", "2222"], "desc": "Non-standard SSH port"},
40
+ {
41
+ "name": "Alternate Port",
42
+ "args": ["--port", "2222"],
43
+ "desc": "Non-standard SSH port",
44
+ },
45
+ ],
46
+ "help_sections": [
47
+ {
48
+ "title": "What is Router SSH Brute Force?",
49
+ "color": "cyan",
50
+ "content": [
51
+ (
52
+ "Overview",
53
+ [
54
+ "Brute forces SSH login on routers and network devices",
55
+ "Uses Hydra with router-specific credential lists",
56
+ "Targets management interface for full device control",
57
+ ],
58
+ ),
59
+ (
60
+ "Common Targets",
61
+ [
62
+ "MikroTik, Ubiquiti, Cisco, Juniper devices",
63
+ "Consumer routers with SSH (Asus, Netgear with custom FW)",
64
+ "DD-WRT, OpenWRT, Tomato firmware",
65
+ "Managed switches with SSH enabled",
66
+ ],
67
+ ),
68
+ ],
69
+ },
70
+ {
71
+ "title": "Usage & Examples",
72
+ "color": "green",
73
+ "content": [
74
+ (
75
+ "Basic Usage",
76
+ [
77
+ "souleyez jobs enqueue router_ssh_brute 192.168.1.1",
78
+ " → Tests default router credentials on port 22",
79
+ ],
80
+ ),
81
+ (
82
+ "Alternate Port",
83
+ [
84
+ 'souleyez jobs enqueue router_ssh_brute 192.168.1.1 --args "--port 2222"',
85
+ " → Tests on custom SSH port",
86
+ ],
87
+ ),
88
+ ],
89
+ },
90
+ {
91
+ "title": "Tips & Common Defaults",
92
+ "color": "yellow",
93
+ "content": [
94
+ (
95
+ "Common Router Credentials",
96
+ [
97
+ "admin:admin, root:root, ubnt:ubnt",
98
+ "admin:password, admin:1234, cisco:cisco",
99
+ "admin:<blank>, root:<blank>",
100
+ ],
101
+ ),
102
+ (
103
+ "Before Attacking",
104
+ [
105
+ "Use low threads (-t 1 or -t 2) to avoid lockouts",
106
+ "Many routers block after 3-5 failed attempts",
107
+ "Check for key-only auth first (wastes time otherwise)",
108
+ "Some routers use non-standard ports (2222, 22222)",
109
+ ],
110
+ ),
111
+ (
112
+ "After Success",
113
+ [
114
+ "Full command-line access to router",
115
+ "Can modify routing, DNS, firewall rules",
116
+ "Intercept/redirect traffic, add backdoors",
117
+ "Pivot to internal network segments",
118
+ ],
119
+ ),
120
+ ],
121
+ },
41
122
  ],
42
123
  }
43
124
 
@@ -50,18 +131,13 @@ class RouterSSHBrutePlugin(PluginBase):
50
131
 
51
132
  def _get_wordlist_path(self, filename: str) -> str:
52
133
  """Get path to wordlist file."""
53
- import os
54
- locations = [
55
- os.path.join(os.path.dirname(__file__), '..', 'data', 'wordlists', filename),
56
- os.path.expanduser(f'~/.souleyez/wordlists/{filename}'),
57
- f'/usr/share/seclists/Passwords/{filename}',
58
- ]
59
- for loc in locations:
60
- if os.path.exists(loc):
61
- return os.path.abspath(loc)
62
- return filename
134
+ from souleyez.wordlists import resolve_wordlist_path
135
+
136
+ return resolve_wordlist_path(f"data/wordlists/{filename}")
63
137
 
64
- def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
138
+ def build_command(
139
+ self, target: str, args: List[str] = None, label: str = "", log_path: str = None
140
+ ):
65
141
  """Build Hydra command for router SSH brute force."""
66
142
  args = args or []
67
143
 
@@ -69,71 +145,72 @@ class RouterSSHBrutePlugin(PluginBase):
69
145
  target = validate_target(target)
70
146
  except ValidationError as e:
71
147
  if log_path:
72
- with open(log_path, 'w') as f:
148
+ with open(log_path, "w") as f:
73
149
  f.write(f"ERROR: Invalid target: {e}\n")
74
150
  return None
75
151
 
76
- port = '22'
152
+ port = "22"
77
153
  i = 0
78
154
  while i < len(args):
79
- if args[i] == '--port' and i + 1 < len(args):
155
+ if args[i] == "--port" and i + 1 < len(args):
80
156
  port = args[i + 1]
81
157
  i += 2
82
158
  else:
83
159
  i += 1
84
160
 
85
- users = self._get_wordlist_path('router_users.txt')
86
- passwords = self._get_wordlist_path('router_passwords.txt')
161
+ users = self._get_wordlist_path("router_users.txt")
162
+ passwords = self._get_wordlist_path("router_passwords.txt")
87
163
 
88
164
  cmd = [
89
- 'hydra',
90
- '-L', users,
91
- '-P', passwords,
92
- '-s', port,
93
- '-t', '1', # Single thread for SSH
94
- '-w', '5', # 5 second delay
95
- '-vV',
96
- '-f',
165
+ "hydra",
166
+ "-L",
167
+ users,
168
+ "-P",
169
+ passwords,
170
+ "-s",
171
+ port,
172
+ "-t",
173
+ "1", # Single thread for SSH
174
+ "-w",
175
+ "5", # 5 second delay
176
+ "-vV",
177
+ "-f",
97
178
  target,
98
- 'ssh'
179
+ "ssh",
99
180
  ]
100
181
 
101
- return {
102
- 'cmd': cmd,
103
- 'timeout': 3600
104
- }
182
+ return {"cmd": cmd, "timeout": 3600}
105
183
 
106
- def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
184
+ def run(
185
+ self, target: str, args: List[str] = None, label: str = "", log_path: str = None
186
+ ) -> int:
107
187
  """Execute router SSH brute force."""
108
188
  cmd_spec = self.build_command(target, args, label, log_path)
109
189
  if cmd_spec is None:
110
190
  return 1
111
191
 
112
- cmd = cmd_spec['cmd']
192
+ cmd = cmd_spec["cmd"]
113
193
 
114
194
  if log_path:
115
- with open(log_path, 'w') as f:
195
+ with open(log_path, "w") as f:
116
196
  f.write(f"# Router SSH Brute Force on {target}\n")
117
197
  f.write(f"# Command: {' '.join(cmd)}\n")
118
198
  f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
119
199
 
120
200
  try:
121
- with open(log_path, 'a') as f:
201
+ with open(log_path, "a") as f:
122
202
  result = subprocess.run(
123
- cmd,
124
- stdout=f,
125
- stderr=subprocess.STDOUT,
126
- timeout=cmd_spec['timeout']
203
+ cmd, stdout=f, stderr=subprocess.STDOUT, timeout=cmd_spec["timeout"]
127
204
  )
128
205
  return result.returncode
129
206
  except subprocess.TimeoutExpired:
130
207
  if log_path:
131
- with open(log_path, 'a') as f:
208
+ with open(log_path, "a") as f:
132
209
  f.write("\n\n# ERROR: Brute force timed out\n")
133
210
  return 124
134
211
  except Exception as e:
135
212
  if log_path:
136
- with open(log_path, 'a') as f:
213
+ with open(log_path, "a") as f:
137
214
  f.write(f"\n\n# ERROR: {e}\n")
138
215
  return 1
139
216
 
souleyez/plugins/router_telnet_brute.py CHANGED
@@ -32,14 +32,100 @@ HELP = {
32
32
  "usage": "souleyez jobs enqueue router_telnet_brute <target>",
33
33
  "examples": [
34
34
  "souleyez jobs enqueue router_telnet_brute 192.168.1.1",
35
- "souleyez jobs enqueue router_telnet_brute 192.168.1.1 --args \"--port 2323\"",
35
+ 'souleyez jobs enqueue router_telnet_brute 192.168.1.1 --args "--port 2323"',
36
36
  ],
37
37
  "flags": [
38
38
  ["--port PORT", "Telnet port (default: 23)"],
39
39
  ],
40
40
  "presets": [
41
- {"name": "Standard Telnet", "args": [], "desc": "Port 23 with router credentials"},
42
- {"name": "Alt Port 2323", "args": ["--port", "2323"], "desc": "Common alternate Telnet port"},
41
+ {
42
+ "name": "Standard Telnet",
43
+ "args": [],
44
+ "desc": "Port 23 with router credentials",
45
+ },
46
+ {
47
+ "name": "Alt Port 2323",
48
+ "args": ["--port", "2323"],
49
+ "desc": "Common alternate Telnet port",
50
+ },
51
+ ],
52
+ "help_sections": [
53
+ {
54
+ "title": "What is Router Telnet Brute Force?",
55
+ "color": "cyan",
56
+ "content": [
57
+ (
58
+ "Overview",
59
+ [
60
+ "Brute forces Telnet login on routers and IoT devices",
61
+ "Telnet transmits credentials in PLAINTEXT!",
62
+ "Still common on older and budget network devices",
63
+ ],
64
+ ),
65
+ (
66
+ "Common Targets",
67
+ [
68
+ "Older consumer routers (Linksys, Netgear, D-Link)",
69
+ "ISP-provided modems and gateways",
70
+ "IP cameras and NVR systems",
71
+ "Industrial/SCADA equipment",
72
+ "IoT devices (smart home, printers)",
73
+ ],
74
+ ),
75
+ ],
76
+ },
77
+ {
78
+ "title": "Usage & Examples",
79
+ "color": "green",
80
+ "content": [
81
+ (
82
+ "Basic Usage",
83
+ [
84
+ "souleyez jobs enqueue router_telnet_brute 192.168.1.1",
85
+ " → Tests default router credentials on port 23",
86
+ ],
87
+ ),
88
+ (
89
+ "Alternate Port",
90
+ [
91
+ 'souleyez jobs enqueue router_telnet_brute 192.168.1.1 --args "--port 2323"',
92
+ " → Tests on alternate Telnet port (common for IoT)",
93
+ ],
94
+ ),
95
+ ],
96
+ },
97
+ {
98
+ "title": "Tips & Security Notes",
99
+ "color": "yellow",
100
+ "content": [
101
+ (
102
+ "Telnet Security Issues",
103
+ [
104
+ "PLAINTEXT protocol - can sniff credentials on network",
105
+ "Consider MITM attack instead of brute force",
106
+ "Many devices have hardcoded backdoor accounts",
107
+ "Mirai botnet exploited default Telnet credentials",
108
+ ],
109
+ ),
110
+ (
111
+ "Common Telnet Defaults",
112
+ [
113
+ "admin:admin, root:root, admin:password",
114
+ "admin:<blank>, root:<blank>",
115
+ "user:user, support:support",
116
+ "Device-specific defaults (check online)",
117
+ ],
118
+ ),
119
+ (
120
+ "After Success",
121
+ [
122
+ "Full command-line access to device",
123
+ "Often same access level as SSH",
124
+ "Can modify configs, add users, pivot",
125
+ ],
126
+ ),
127
+ ],
128
+ },
43
129
  ],
44
130
  }
45
131
 
@@ -52,18 +138,13 @@ class RouterTelnetBrutePlugin(PluginBase):
52
138
 
53
139
  def _get_wordlist_path(self, filename: str) -> str:
54
140
  """Get path to wordlist file."""
55
- import os
56
- locations = [
57
- os.path.join(os.path.dirname(__file__), '..', 'data', 'wordlists', filename),
58
- os.path.expanduser(f'~/.souleyez/wordlists/{filename}'),
59
- f'/usr/share/seclists/Passwords/{filename}',
60
- ]
61
- for loc in locations:
62
- if os.path.exists(loc):
63
- return os.path.abspath(loc)
64
- return filename
141
+ from souleyez.wordlists import resolve_wordlist_path
142
+
143
+ return resolve_wordlist_path(f"data/wordlists/{filename}")
65
144
 
66
- def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
145
+ def build_command(
146
+ self, target: str, args: List[str] = None, label: str = "", log_path: str = None
147
+ ):
67
148
  """Build Hydra command for router Telnet brute force."""
68
149
  args = args or []
69
150
 
@@ -71,71 +152,72 @@ class RouterTelnetBrutePlugin(PluginBase):
71
152
  target = validate_target(target)
72
153
  except ValidationError as e:
73
154
  if log_path:
74
- with open(log_path, 'w') as f:
155
+ with open(log_path, "w") as f:
75
156
  f.write(f"ERROR: Invalid target: {e}\n")
76
157
  return None
77
158
 
78
- port = '23'
159
+ port = "23"
79
160
  i = 0
80
161
  while i < len(args):
81
- if args[i] == '--port' and i + 1 < len(args):
162
+ if args[i] == "--port" and i + 1 < len(args):
82
163
  port = args[i + 1]
83
164
  i += 2
84
165
  else:
85
166
  i += 1
86
167
 
87
- users = self._get_wordlist_path('router_users.txt')
88
- passwords = self._get_wordlist_path('router_passwords.txt')
168
+ users = self._get_wordlist_path("router_users.txt")
169
+ passwords = self._get_wordlist_path("router_passwords.txt")
89
170
 
90
171
  cmd = [
91
- 'hydra',
92
- '-L', users,
93
- '-P', passwords,
94
- '-s', port,
95
- '-t', '2',
96
- '-w', '3',
97
- '-vV',
98
- '-f',
172
+ "hydra",
173
+ "-L",
174
+ users,
175
+ "-P",
176
+ passwords,
177
+ "-s",
178
+ port,
179
+ "-t",
180
+ "2",
181
+ "-w",
182
+ "3",
183
+ "-vV",
184
+ "-f",
99
185
  target,
100
- 'telnet'
186
+ "telnet",
101
187
  ]
102
188
 
103
- return {
104
- 'cmd': cmd,
105
- 'timeout': 1800
106
- }
189
+ return {"cmd": cmd, "timeout": 1800}
107
190
 
108
- def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
191
+ def run(
192
+ self, target: str, args: List[str] = None, label: str = "", log_path: str = None
193
+ ) -> int:
109
194
  """Execute router Telnet brute force."""
110
195
  cmd_spec = self.build_command(target, args, label, log_path)
111
196
  if cmd_spec is None:
112
197
  return 1
113
198
 
114
- cmd = cmd_spec['cmd']
199
+ cmd = cmd_spec["cmd"]
115
200
 
116
201
  if log_path:
117
- with open(log_path, 'w') as f:
202
+ with open(log_path, "w") as f:
118
203
  f.write(f"# Router Telnet Brute Force on {target}\n")
119
204
  f.write(f"# Command: {' '.join(cmd)}\n")
120
205
  f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
121
206
 
122
207
  try:
123
- with open(log_path, 'a') as f:
208
+ with open(log_path, "a") as f:
124
209
  result = subprocess.run(
125
- cmd,
126
- stdout=f,
127
- stderr=subprocess.STDOUT,
128
- timeout=cmd_spec['timeout']
210
+ cmd, stdout=f, stderr=subprocess.STDOUT, timeout=cmd_spec["timeout"]
129
211
  )
130
212
  return result.returncode
131
213
  except subprocess.TimeoutExpired:
132
214
  if log_path:
133
- with open(log_path, 'a') as f:
215
+ with open(log_path, "a") as f:
134
216
  f.write("\n\n# ERROR: Brute force timed out\n")
135
217
  return 124
136
218
  except Exception as e:
137
219
  if log_path:
138
- with open(log_path, 'a') as f:
220
+ with open(log_path, "a") as f:
139
221
  f.write(f"\n\n# ERROR: {e}\n")
140
222
  return 1
141
223