souleyez 2.43.28__py3-none-any.whl → 2.43.32__py3-none-any.whl

souleyez/core/credential_tester.py

@@ -22,7 +22,9 @@ class CredentialTester:
         self.fm = FindingsManager()
         self.em = EngagementManager()
 
-    def test_ssh_credential(self, host: str, username: str, password: str = None, timeout: int = 10) -> Tuple[bool, str]:
+    def test_ssh_credential(
+        self, host: str, username: str, password: str = None, timeout: int = 10
+    ) -> Tuple[bool, str]:
         """
         Test SSH credential against a host.
 
@@ -37,22 +39,26 @@ class CredentialTester:
             # Use sshpass to test credentials non-interactively
             # Add legacy crypto support for old SSH servers (like metasploitable)
             cmd = [
-                'sshpass', '-p', password,
-                'ssh', '-o', 'StrictHostKeyChecking=no',
-                '-o', 'ConnectTimeout=5',
-                '-o', 'HostKeyAlgorithms=+ssh-rsa',
-                f'{username}@{host}',
-                'echo', 'SUCCESS'
+                "sshpass",
+                "-p",
+                password,
+                "ssh",
+                "-o",
+                "StrictHostKeyChecking=no",
+                "-o",
+                "ConnectTimeout=5",
+                "-o",
+                "HostKeyAlgorithms=+ssh-rsa",
+                f"{username}@{host}",
+                "echo",
+                "SUCCESS",
             ]
 
             result = subprocess.run(
-                cmd,
-                capture_output=True,
-                text=True,
-                timeout=timeout
+                cmd, capture_output=True, text=True, timeout=timeout
             )
 
-            if result.returncode == 0 and 'SUCCESS' in result.stdout:
+            if result.returncode == 0 and "SUCCESS" in result.stdout:
                 return (True, "SSH authentication successful")
             else:
                 return (False, f"Authentication failed (rc={result.returncode})")
@@ -64,7 +70,9 @@ class CredentialTester:
         except Exception as e:
             return (False, f"Error: {str(e)}")
 
-    def test_smb_credential(self, host: str, username: str, password: str = None, timeout: int = 10) -> Tuple[bool, str]:
+    def test_smb_credential(
+        self, host: str, username: str, password: str = None, timeout: int = 10
+    ) -> Tuple[bool, str]:
         """
         Test SMB credential against a host.
 
@@ -77,17 +85,16 @@ class CredentialTester:
         try:
             # Use smbclient to test credentials
             cmd = [
-                'smbclient',
-                f'//{host}/IPC$',
-                '-U', f'{username}%{password}',
-                '-c', 'exit'
+                "smbclient",
+                f"//{host}/IPC$",
+                "-U",
+                f"{username}%{password}",
+                "-c",
+                "exit",
             ]
 
             result = subprocess.run(
-                cmd,
-                capture_output=True,
-                text=True,
-                timeout=timeout
+                cmd, capture_output=True, text=True, timeout=timeout
             )
 
             # smbclient returns 0 on success
@@ -96,9 +103,9 @@ class CredentialTester:
             else:
                 # Check for specific error messages
                 stderr = result.stderr.lower()
-                if 'logon failure' in stderr or 'access denied' in stderr:
+                if "logon failure" in stderr or "access denied" in stderr:
                     return (False, "Invalid credentials")
-                elif 'connection refused' in stderr:
+                elif "connection refused" in stderr:
                     return (False, "SMB service not available")
                 else:
                     return (False, f"Authentication failed (rc={result.returncode})")
@@ -124,30 +131,30 @@ class CredentialTester:
                 'tested_at': str
             }
         """
-        service = cred.get('service', '').lower()
-        username = cred.get('username')
-        password = cred.get('password')
-        host_ip = host.get('ip_address')
+        service = cred.get("service", "").lower()
+        username = cred.get("username")
+        password = cred.get("password")
+        host_ip = host.get("ip_address")
 
         result = {
-            'credential_id': cred.get('id'),
-            'host_id': host.get('id'),
-            'service': service,
-            'success': False,
-            'message': 'Unknown service',
-            'tested_at': time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())
+            "credential_id": cred.get("id"),
+            "host_id": host.get("id"),
+            "service": service,
+            "success": False,
+            "message": "Unknown service",
+            "tested_at": time.strftime("%Y-%m-%d %H:%M:%S UTC", time.gmtime()),
         }
 
-        if service == 'ssh':
+        if service == "ssh":
             success, message = self.test_ssh_credential(host_ip, username, password)
-            result['success'] = success
-            result['message'] = message
-        elif service == 'smb':
+            result["success"] = success
+            result["message"] = message
+        elif service == "smb":
             success, message = self.test_smb_credential(host_ip, username, password)
-            result['success'] = success
-            result['message'] = message
+            result["success"] = success
+            result["message"] = message
         else:
-            result['message'] = f"Testing not implemented for service: {service}"
+            result["message"] = f"Testing not implemented for service: {service}"
 
         return result
 
@@ -169,79 +176,78 @@ class CredentialTester:
         hosts = self.hm.list_hosts(engagement_id)
 
         # Filter to only active hosts
-        active_hosts = [h for h in hosts if h.get('status') == 'up']
+        active_hosts = [h for h in hosts if h.get("status") == "up"]
 
         results = {
-            'total_tests': 0,
-            'successful': 0,
-            'failed': 0,
-            'findings_created': 0,
-            'results': []
+            "total_tests": 0,
+            "successful": 0,
+            "failed": 0,
+            "findings_created": 0,
+            "results": [],
         }
 
         # Test each credential against each host
         for cred in credentials:
             # Skip username-only credentials for now (need password to test)
-            if not cred.get('password'):
+            if not cred.get("password"):
                 continue
 
-            service = cred.get('service', '').lower()
+            service = cred.get("service", "").lower()
 
             for host in active_hosts:
                 # Only test if host has the service running
                 if not self._host_has_service(host, service, engagement_id):
                     continue
 
-                results['total_tests'] += 1
+                results["total_tests"] += 1
 
                 # Test the credential
                 test_result = self.test_credential_against_host(cred, host)
-                results['results'].append(test_result)
+                results["results"].append(test_result)
 
-                if test_result['success']:
-                    results['successful'] += 1
+                if test_result["success"]:
+                    results["successful"] += 1
 
                     # Create a finding for successful authentication
                     finding = self._create_finding_for_success(
-                        engagement_id,
-                        host,
-                        cred,
-                        test_result
+                        engagement_id, host, cred, test_result
                     )
                     if finding:
-                        results['findings_created'] += 1
+                        results["findings_created"] += 1
                 else:
-                    results['failed'] += 1
+                    results["failed"] += 1
 
         return results
 
     def _host_has_service(self, host: Dict, service: str, engagement_id: int) -> bool:
         """Check if a host has a specific service running."""
         # Get services for this host from HostManager
-        services = self.hm.get_host_services(host.get('id'))
+        services = self.hm.get_host_services(host.get("id"))
 
         # Check if service type matches
         service_ports = {
-            'ssh': [22],
-            'smb': [139, 445],
-            'rdp': [3389],
-            'ftp': [21],
-            'mysql': [3306],
-            'postgres': [5432]
+            "ssh": [22],
+            "smb": [139, 445],
+            "rdp": [3389],
+            "ftp": [21],
+            "mysql": [3306],
+            "postgres": [5432],
         }
 
         target_ports = service_ports.get(service, [])
         for svc in services:
-            if svc.get('port') in target_ports:
+            if svc.get("port") in target_ports:
                 return True
 
         return False
 
-    def _create_finding_for_success(self, engagement_id: int, host: Dict, cred: Dict, test_result: Dict) -> Optional[Dict]:
+    def _create_finding_for_success(
+        self, engagement_id: int, host: Dict, cred: Dict, test_result: Dict
+    ) -> Optional[Dict]:
         """Create a finding for successful credential test."""
-        service = cred.get('service', 'unknown')
-        username = cred.get('username', 'unknown')
-        host_ip = host.get('ip_address', 'unknown')
+        service = cred.get("service", "unknown")
+        username = cred.get("username", "unknown")
+        host_ip = host.get("ip_address", "unknown")
 
         title = f"Valid {service.upper()} Credentials - {username}@{host_ip}"
         description = f"""
@@ -274,11 +280,11 @@ An attacker with these credentials can:
             finding = self.fm.add_finding(
                 engagement_id,
                 title,
-                'vulnerability',  # finding_type
+                "vulnerability",  # finding_type
                 severity=severity,
                 description=description.strip(),
-                host_id=host.get('id'),
-                tool='credential_tester'
+                host_id=host.get("id"),
+                tool="credential_tester",
             )
             return finding
         except Exception as e:
@@ -287,22 +293,22 @@ An attacker with these credentials can:
 
     def _determine_credential_severity(self, cred: Dict, host: Dict) -> str:
         """Determine severity based on credential and host context."""
-        username = cred.get('username', '').lower()
-        password = cred.get('password', '')
+        username = cred.get("username", "").lower()
+        password = cred.get("password", "")
 
         # High severity for privileged accounts
-        privileged_users = ['root', 'admin', 'administrator', 'sa', 'postgres', 'mysql']
+        privileged_users = ["root", "admin", "administrator", "sa", "postgres", "mysql"]
         if username in privileged_users:
-            return 'high'
+            return "high"
 
         # High severity for weak/default passwords
-        weak_passwords = ['password', 'admin', '123456', 'root', 'toor', 'changeme', '']
+        weak_passwords = ["password", "admin", "123456", "root", "toor", "changeme", ""]
         if password.lower() in weak_passwords:
-            return 'high'
+            return "high"
 
         # High severity for short passwords
         if len(password) < 8:
-            return 'high'
+            return "high"
 
         # Medium severity for standard users
-        return 'medium'
+        return "medium"