souleyez 2.43.28__py3-none-any.whl → 2.43.32__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -2
- souleyez/ai/__init__.py +21 -15
- souleyez/ai/action_mapper.py +249 -150
- souleyez/ai/chain_advisor.py +116 -100
- souleyez/ai/claude_provider.py +29 -28
- souleyez/ai/context_builder.py +80 -62
- souleyez/ai/executor.py +158 -117
- souleyez/ai/feedback_handler.py +136 -121
- souleyez/ai/llm_factory.py +27 -20
- souleyez/ai/llm_provider.py +4 -2
- souleyez/ai/ollama_provider.py +6 -9
- souleyez/ai/ollama_service.py +44 -37
- souleyez/ai/path_scorer.py +91 -76
- souleyez/ai/recommender.py +176 -144
- souleyez/ai/report_context.py +74 -73
- souleyez/ai/report_service.py +84 -66
- souleyez/ai/result_parser.py +222 -229
- souleyez/ai/safety.py +67 -44
- souleyez/auth/__init__.py +23 -22
- souleyez/auth/audit.py +36 -26
- souleyez/auth/engagement_access.py +65 -48
- souleyez/auth/permissions.py +14 -3
- souleyez/auth/session_manager.py +54 -37
- souleyez/auth/user_manager.py +109 -64
- souleyez/commands/audit.py +40 -43
- souleyez/commands/auth.py +35 -15
- souleyez/commands/deliverables.py +55 -50
- souleyez/commands/engagement.py +47 -28
- souleyez/commands/license.py +32 -23
- souleyez/commands/screenshots.py +36 -32
- souleyez/commands/user.py +82 -36
- souleyez/config.py +52 -44
- souleyez/core/credential_tester.py +87 -81
- souleyez/core/cve_mappings.py +179 -192
- souleyez/core/cve_matcher.py +162 -148
- souleyez/core/msf_auto_mapper.py +100 -83
- souleyez/core/msf_chain_engine.py +294 -256
- souleyez/core/msf_database.py +153 -70
- souleyez/core/msf_integration.py +679 -673
- souleyez/core/msf_rpc_client.py +40 -42
- souleyez/core/msf_rpc_manager.py +77 -79
- souleyez/core/msf_sync_manager.py +241 -181
- souleyez/core/network_utils.py +22 -15
- souleyez/core/parser_handler.py +34 -25
- souleyez/core/pending_chains.py +114 -63
- souleyez/core/templates.py +158 -107
- souleyez/core/tool_chaining.py +9592 -2879
- souleyez/core/version_utils.py +79 -94
- souleyez/core/vuln_correlation.py +136 -89
- souleyez/core/web_utils.py +33 -32
- souleyez/data/wordlists/ad_users.txt +378 -0
- souleyez/data/wordlists/api_endpoints_large.txt +769 -0
- souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
- souleyez/data/wordlists/lfi_payloads.txt +82 -0
- souleyez/data/wordlists/passwords_brute.txt +1548 -0
- souleyez/data/wordlists/passwords_crack.txt +2479 -0
- souleyez/data/wordlists/passwords_spray.txt +386 -0
- souleyez/data/wordlists/subdomains_large.txt +5057 -0
- souleyez/data/wordlists/usernames_common.txt +694 -0
- souleyez/data/wordlists/web_dirs_large.txt +4769 -0
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +12 -17
- souleyez/detection/mitre_mappings.py +61 -55
- souleyez/detection/validator.py +97 -86
- souleyez/devtools.py +23 -10
- souleyez/docs/README.md +4 -4
- souleyez/docs/api-reference/cli-commands.md +2 -2
- souleyez/docs/developer-guide/adding-new-tools.md +562 -0
- souleyez/docs/user-guide/auto-chaining.md +30 -8
- souleyez/docs/user-guide/getting-started.md +1 -1
- souleyez/docs/user-guide/installation.md +26 -3
- souleyez/docs/user-guide/metasploit-integration.md +2 -2
- souleyez/docs/user-guide/rbac.md +1 -1
- souleyez/docs/user-guide/scope-management.md +1 -1
- souleyez/docs/user-guide/siem-integration.md +1 -1
- souleyez/docs/user-guide/tools-reference.md +1 -8
- souleyez/docs/user-guide/worker-management.md +1 -1
- souleyez/engine/background.py +1238 -535
- souleyez/engine/base.py +4 -1
- souleyez/engine/job_status.py +17 -49
- souleyez/engine/log_sanitizer.py +103 -77
- souleyez/engine/manager.py +38 -7
- souleyez/engine/result_handler.py +2198 -1550
- souleyez/engine/worker_manager.py +50 -41
- souleyez/export/evidence_bundle.py +72 -62
- souleyez/feature_flags/features.py +16 -20
- souleyez/feature_flags.py +5 -9
- souleyez/handlers/__init__.py +11 -0
- souleyez/handlers/base.py +188 -0
- souleyez/handlers/bash_handler.py +277 -0
- souleyez/handlers/bloodhound_handler.py +243 -0
- souleyez/handlers/certipy_handler.py +311 -0
- souleyez/handlers/crackmapexec_handler.py +486 -0
- souleyez/handlers/dnsrecon_handler.py +344 -0
- souleyez/handlers/enum4linux_handler.py +400 -0
- souleyez/handlers/evil_winrm_handler.py +493 -0
- souleyez/handlers/ffuf_handler.py +815 -0
- souleyez/handlers/gobuster_handler.py +1114 -0
- souleyez/handlers/gpp_extract_handler.py +334 -0
- souleyez/handlers/hashcat_handler.py +444 -0
- souleyez/handlers/hydra_handler.py +563 -0
- souleyez/handlers/impacket_getuserspns_handler.py +343 -0
- souleyez/handlers/impacket_psexec_handler.py +222 -0
- souleyez/handlers/impacket_secretsdump_handler.py +426 -0
- souleyez/handlers/john_handler.py +286 -0
- souleyez/handlers/katana_handler.py +425 -0
- souleyez/handlers/kerbrute_handler.py +298 -0
- souleyez/handlers/ldapsearch_handler.py +636 -0
- souleyez/handlers/lfi_extract_handler.py +464 -0
- souleyez/handlers/msf_auxiliary_handler.py +408 -0
- souleyez/handlers/msf_exploit_handler.py +380 -0
- souleyez/handlers/nikto_handler.py +413 -0
- souleyez/handlers/nmap_handler.py +821 -0
- souleyez/handlers/nuclei_handler.py +359 -0
- souleyez/handlers/nxc_handler.py +371 -0
- souleyez/handlers/rdp_sec_check_handler.py +353 -0
- souleyez/handlers/registry.py +288 -0
- souleyez/handlers/responder_handler.py +232 -0
- souleyez/handlers/service_explorer_handler.py +434 -0
- souleyez/handlers/smbclient_handler.py +344 -0
- souleyez/handlers/smbmap_handler.py +510 -0
- souleyez/handlers/smbpasswd_handler.py +296 -0
- souleyez/handlers/sqlmap_handler.py +1116 -0
- souleyez/handlers/theharvester_handler.py +601 -0
- souleyez/handlers/whois_handler.py +277 -0
- souleyez/handlers/wpscan_handler.py +554 -0
- souleyez/history.py +32 -16
- souleyez/importers/msf_importer.py +106 -75
- souleyez/importers/smart_importer.py +208 -147
- souleyez/integrations/siem/__init__.py +10 -10
- souleyez/integrations/siem/base.py +17 -18
- souleyez/integrations/siem/elastic.py +108 -122
- souleyez/integrations/siem/factory.py +207 -80
- souleyez/integrations/siem/googlesecops.py +146 -154
- souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
- souleyez/integrations/siem/sentinel.py +107 -109
- souleyez/integrations/siem/splunk.py +246 -212
- souleyez/integrations/siem/wazuh.py +65 -71
- souleyez/integrations/wazuh/__init__.py +5 -5
- souleyez/integrations/wazuh/client.py +70 -93
- souleyez/integrations/wazuh/config.py +85 -57
- souleyez/integrations/wazuh/host_mapper.py +28 -36
- souleyez/integrations/wazuh/sync.py +78 -68
- souleyez/intelligence/__init__.py +4 -5
- souleyez/intelligence/correlation_analyzer.py +309 -295
- souleyez/intelligence/exploit_knowledge.py +661 -623
- souleyez/intelligence/exploit_suggestions.py +159 -139
- souleyez/intelligence/gap_analyzer.py +132 -97
- souleyez/intelligence/gap_detector.py +251 -214
- souleyez/intelligence/sensitive_tables.py +266 -129
- souleyez/intelligence/service_parser.py +137 -123
- souleyez/intelligence/surface_analyzer.py +407 -268
- souleyez/intelligence/target_parser.py +159 -162
- souleyez/licensing/__init__.py +6 -6
- souleyez/licensing/validator.py +17 -19
- souleyez/log_config.py +79 -54
- souleyez/main.py +1505 -687
- souleyez/migrations/fix_job_counter.py +16 -14
- souleyez/parsers/bloodhound_parser.py +41 -39
- souleyez/parsers/crackmapexec_parser.py +178 -111
- souleyez/parsers/dalfox_parser.py +72 -77
- souleyez/parsers/dnsrecon_parser.py +103 -91
- souleyez/parsers/enum4linux_parser.py +183 -153
- souleyez/parsers/ffuf_parser.py +29 -25
- souleyez/parsers/gobuster_parser.py +301 -41
- souleyez/parsers/hashcat_parser.py +324 -79
- souleyez/parsers/http_fingerprint_parser.py +350 -103
- souleyez/parsers/hydra_parser.py +131 -111
- souleyez/parsers/impacket_parser.py +231 -178
- souleyez/parsers/john_parser.py +98 -86
- souleyez/parsers/katana_parser.py +316 -0
- souleyez/parsers/msf_parser.py +943 -498
- souleyez/parsers/nikto_parser.py +346 -65
- souleyez/parsers/nmap_parser.py +262 -174
- souleyez/parsers/nuclei_parser.py +40 -44
- souleyez/parsers/responder_parser.py +26 -26
- souleyez/parsers/searchsploit_parser.py +74 -74
- souleyez/parsers/service_explorer_parser.py +279 -0
- souleyez/parsers/smbmap_parser.py +180 -124
- souleyez/parsers/sqlmap_parser.py +434 -308
- souleyez/parsers/theharvester_parser.py +75 -57
- souleyez/parsers/whois_parser.py +135 -94
- souleyez/parsers/wpscan_parser.py +278 -190
- souleyez/plugins/afp.py +44 -36
- souleyez/plugins/afp_brute.py +114 -46
- souleyez/plugins/ard.py +48 -37
- souleyez/plugins/bloodhound.py +95 -61
- souleyez/plugins/certipy.py +303 -0
- souleyez/plugins/crackmapexec.py +186 -85
- souleyez/plugins/dalfox.py +120 -59
- souleyez/plugins/dns_hijack.py +146 -41
- souleyez/plugins/dnsrecon.py +97 -61
- souleyez/plugins/enum4linux.py +91 -66
- souleyez/plugins/evil_winrm.py +291 -0
- souleyez/plugins/ffuf.py +166 -90
- souleyez/plugins/firmware_extract.py +133 -29
- souleyez/plugins/gobuster.py +387 -190
- souleyez/plugins/gpp_extract.py +393 -0
- souleyez/plugins/hashcat.py +100 -73
- souleyez/plugins/http_fingerprint.py +854 -267
- souleyez/plugins/hydra.py +566 -200
- souleyez/plugins/impacket_getnpusers.py +117 -69
- souleyez/plugins/impacket_psexec.py +84 -64
- souleyez/plugins/impacket_secretsdump.py +103 -69
- souleyez/plugins/impacket_smbclient.py +89 -75
- souleyez/plugins/john.py +86 -69
- souleyez/plugins/katana.py +313 -0
- souleyez/plugins/kerbrute.py +237 -0
- souleyez/plugins/lfi_extract.py +541 -0
- souleyez/plugins/macos_ssh.py +117 -48
- souleyez/plugins/mdns.py +35 -30
- souleyez/plugins/msf_auxiliary.py +253 -130
- souleyez/plugins/msf_exploit.py +239 -161
- souleyez/plugins/nikto.py +134 -78
- souleyez/plugins/nmap.py +275 -91
- souleyez/plugins/nuclei.py +180 -89
- souleyez/plugins/nxc.py +285 -0
- souleyez/plugins/plugin_base.py +35 -36
- souleyez/plugins/plugin_template.py +13 -5
- souleyez/plugins/rdp_sec_check.py +130 -0
- souleyez/plugins/responder.py +112 -71
- souleyez/plugins/router_http_brute.py +76 -65
- souleyez/plugins/router_ssh_brute.py +118 -41
- souleyez/plugins/router_telnet_brute.py +124 -42
- souleyez/plugins/routersploit.py +91 -59
- souleyez/plugins/routersploit_exploit.py +77 -55
- souleyez/plugins/searchsploit.py +91 -77
- souleyez/plugins/service_explorer.py +1160 -0
- souleyez/plugins/smbmap.py +122 -72
- souleyez/plugins/smbpasswd.py +215 -0
- souleyez/plugins/sqlmap.py +301 -113
- souleyez/plugins/theharvester.py +127 -75
- souleyez/plugins/tr069.py +79 -57
- souleyez/plugins/upnp.py +65 -47
- souleyez/plugins/upnp_abuse.py +73 -55
- souleyez/plugins/vnc_access.py +129 -42
- souleyez/plugins/vnc_brute.py +109 -38
- souleyez/plugins/whois.py +77 -58
- souleyez/plugins/wpscan.py +173 -69
- souleyez/reporting/__init__.py +2 -1
- souleyez/reporting/attack_chain.py +411 -346
- souleyez/reporting/charts.py +436 -501
- souleyez/reporting/compliance_mappings.py +334 -201
- souleyez/reporting/detection_report.py +126 -125
- souleyez/reporting/formatters.py +828 -591
- souleyez/reporting/generator.py +386 -302
- souleyez/reporting/metrics.py +72 -75
- souleyez/scanner.py +35 -29
- souleyez/security/__init__.py +37 -11
- souleyez/security/scope_validator.py +175 -106
- souleyez/security/validation.py +223 -149
- souleyez/security.py +22 -6
- souleyez/storage/credentials.py +247 -186
- souleyez/storage/crypto.py +296 -129
- souleyez/storage/database.py +73 -50
- souleyez/storage/db.py +58 -36
- souleyez/storage/deliverable_evidence.py +177 -128
- souleyez/storage/deliverable_exporter.py +282 -246
- souleyez/storage/deliverable_templates.py +134 -116
- souleyez/storage/deliverables.py +135 -130
- souleyez/storage/engagements.py +109 -56
- souleyez/storage/evidence.py +181 -152
- souleyez/storage/execution_log.py +31 -17
- souleyez/storage/exploit_attempts.py +93 -57
- souleyez/storage/exploits.py +67 -36
- souleyez/storage/findings.py +48 -61
- souleyez/storage/hosts.py +176 -144
- souleyez/storage/migrate_to_engagements.py +43 -19
- souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
- souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
- souleyez/storage/migrations/_003_add_execution_log.py +14 -8
- souleyez/storage/migrations/_005_screenshots.py +13 -5
- souleyez/storage/migrations/_006_deliverables.py +13 -5
- souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
- souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
- souleyez/storage/migrations/_010_evidence_linking.py +17 -10
- souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
- souleyez/storage/migrations/_012_team_collaboration.py +34 -21
- souleyez/storage/migrations/_013_add_host_tags.py +12 -6
- souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
- souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
- souleyez/storage/migrations/_016_add_domain_field.py +10 -4
- souleyez/storage/migrations/_017_msf_sessions.py +16 -8
- souleyez/storage/migrations/_018_add_osint_target.py +10 -6
- souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
- souleyez/storage/migrations/_020_add_rbac.py +36 -15
- souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
- souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
- souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
- souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
- souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
- souleyez/storage/migrations/__init__.py +26 -26
- souleyez/storage/migrations/migration_manager.py +19 -19
- souleyez/storage/msf_sessions.py +100 -65
- souleyez/storage/osint.py +17 -24
- souleyez/storage/recommendation_engine.py +269 -235
- souleyez/storage/screenshots.py +33 -32
- souleyez/storage/smb_shares.py +136 -92
- souleyez/storage/sqlmap_data.py +183 -128
- souleyez/storage/team_collaboration.py +135 -141
- souleyez/storage/timeline_tracker.py +122 -94
- souleyez/storage/wazuh_vulns.py +64 -66
- souleyez/storage/web_paths.py +33 -37
- souleyez/testing/credential_tester.py +221 -205
- souleyez/ui/__init__.py +1 -1
- souleyez/ui/ai_quotes.py +12 -12
- souleyez/ui/attack_surface.py +2439 -1516
- souleyez/ui/chain_rules_view.py +914 -382
- souleyez/ui/correlation_view.py +312 -230
- souleyez/ui/dashboard.py +2382 -1130
- souleyez/ui/deliverables_view.py +148 -62
- souleyez/ui/design_system.py +13 -13
- souleyez/ui/errors.py +49 -49
- souleyez/ui/evidence_linking_view.py +284 -179
- souleyez/ui/evidence_vault.py +393 -285
- souleyez/ui/exploit_suggestions_view.py +555 -349
- souleyez/ui/export_view.py +100 -66
- souleyez/ui/gap_analysis_view.py +315 -171
- souleyez/ui/help_system.py +105 -97
- souleyez/ui/intelligence_view.py +436 -293
- souleyez/ui/interactive.py +23142 -10430
- souleyez/ui/interactive_selector.py +75 -68
- souleyez/ui/log_formatter.py +47 -39
- souleyez/ui/menu_components.py +22 -13
- souleyez/ui/msf_auxiliary_menu.py +184 -133
- souleyez/ui/pending_chains_view.py +336 -172
- souleyez/ui/progress_indicators.py +5 -3
- souleyez/ui/recommendations_view.py +195 -137
- souleyez/ui/rule_builder.py +343 -225
- souleyez/ui/setup_wizard.py +678 -284
- souleyez/ui/shortcuts.py +217 -165
- souleyez/ui/splunk_gap_analysis_view.py +452 -270
- souleyez/ui/splunk_vulns_view.py +139 -86
- souleyez/ui/team_dashboard.py +498 -335
- souleyez/ui/template_selector.py +196 -105
- souleyez/ui/terminal.py +6 -6
- souleyez/ui/timeline_view.py +198 -127
- souleyez/ui/tool_setup.py +264 -164
- souleyez/ui/tutorial.py +202 -72
- souleyez/ui/tutorial_state.py +40 -40
- souleyez/ui/wazuh_vulns_view.py +235 -141
- souleyez/ui/wordlist_browser.py +260 -107
- souleyez/ui.py +464 -312
- souleyez/utils/tool_checker.py +427 -367
- souleyez/utils.py +33 -29
- souleyez/wordlists.py +134 -167
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/METADATA +1 -1
- souleyez-2.43.32.dist-info/RECORD +441 -0
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/WHEEL +1 -1
- souleyez-2.43.28.dist-info/RECORD +0 -379
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/top_level.txt +0 -0
souleyez/detection/__init__.py
CHANGED
|
@@ -22,18 +22,21 @@ ATTACK_SIGNATURES: Dict[str, Dict[str, Any]] = {
|
|
|
22
22
|
"detection_window_seconds": 300,
|
|
23
23
|
"severity": "low",
|
|
24
24
|
},
|
|
25
|
-
|
|
26
25
|
# Brute force attacks
|
|
27
26
|
"hydra": {
|
|
28
27
|
"description": "Brute force authentication",
|
|
29
28
|
"category": "credential_access",
|
|
30
29
|
"wazuh_rules": [5551, 5710, 5712, 5720, 5763, 5764, 5765],
|
|
31
|
-
"search_patterns": [
|
|
30
|
+
"search_patterns": [
|
|
31
|
+
"brute force",
|
|
32
|
+
"authentication failure",
|
|
33
|
+
"failed login",
|
|
34
|
+
"invalid user",
|
|
35
|
+
],
|
|
32
36
|
"expected_fields": ["srcip", "user"],
|
|
33
37
|
"detection_window_seconds": 600,
|
|
34
38
|
"severity": "high",
|
|
35
39
|
},
|
|
36
|
-
|
|
37
40
|
"medusa": {
|
|
38
41
|
"description": "Brute force authentication",
|
|
39
42
|
"category": "credential_access",
|
|
@@ -43,7 +46,6 @@ ATTACK_SIGNATURES: Dict[str, Dict[str, Any]] = {
|
|
|
43
46
|
"detection_window_seconds": 600,
|
|
44
47
|
"severity": "high",
|
|
45
48
|
},
|
|
46
|
-
|
|
47
49
|
# Web application attacks
|
|
48
50
|
"sqlmap": {
|
|
49
51
|
"description": "SQL injection attempts",
|
|
@@ -54,17 +56,20 @@ ATTACK_SIGNATURES: Dict[str, Dict[str, Any]] = {
|
|
|
54
56
|
"detection_window_seconds": 300,
|
|
55
57
|
"severity": "critical",
|
|
56
58
|
},
|
|
57
|
-
|
|
58
59
|
"gobuster": {
|
|
59
60
|
"description": "Directory enumeration / forced browsing",
|
|
60
61
|
"category": "web_attack",
|
|
61
62
|
"wazuh_rules": [31100, 31101, 31120, 31121, 31122],
|
|
62
|
-
"search_patterns": [
|
|
63
|
+
"search_patterns": [
|
|
64
|
+
"web scanner",
|
|
65
|
+
"directory traversal",
|
|
66
|
+
"404",
|
|
67
|
+
"403 forbidden",
|
|
68
|
+
],
|
|
63
69
|
"expected_fields": ["srcip", "url"],
|
|
64
70
|
"detection_window_seconds": 300,
|
|
65
71
|
"severity": "medium",
|
|
66
72
|
},
|
|
67
|
-
|
|
68
73
|
"ffuf": {
|
|
69
74
|
"description": "Fuzzing / directory enumeration",
|
|
70
75
|
"category": "web_attack",
|
|
@@ -74,7 +79,6 @@ ATTACK_SIGNATURES: Dict[str, Dict[str, Any]] = {
|
|
|
74
79
|
"detection_window_seconds": 300,
|
|
75
80
|
"severity": "medium",
|
|
76
81
|
},
|
|
77
|
-
|
|
78
82
|
"dirsearch": {
|
|
79
83
|
"description": "Directory enumeration",
|
|
80
84
|
"category": "web_attack",
|
|
@@ -84,7 +88,6 @@ ATTACK_SIGNATURES: Dict[str, Dict[str, Any]] = {
|
|
|
84
88
|
"detection_window_seconds": 300,
|
|
85
89
|
"severity": "medium",
|
|
86
90
|
},
|
|
87
|
-
|
|
88
91
|
"nikto": {
|
|
89
92
|
"description": "Web vulnerability scanning",
|
|
90
93
|
"category": "web_attack",
|
|
@@ -94,7 +97,6 @@ ATTACK_SIGNATURES: Dict[str, Dict[str, Any]] = {
|
|
|
94
97
|
"detection_window_seconds": 300,
|
|
95
98
|
"severity": "medium",
|
|
96
99
|
},
|
|
97
|
-
|
|
98
100
|
# SMB/Network attacks
|
|
99
101
|
"crackmapexec": {
|
|
100
102
|
"description": "SMB enumeration and lateral movement",
|
|
@@ -105,7 +107,6 @@ ATTACK_SIGNATURES: Dict[str, Dict[str, Any]] = {
|
|
|
105
107
|
"detection_window_seconds": 300,
|
|
106
108
|
"severity": "high",
|
|
107
109
|
},
|
|
108
|
-
|
|
109
110
|
"smbclient": {
|
|
110
111
|
"description": "SMB share enumeration",
|
|
111
112
|
"category": "reconnaissance",
|
|
@@ -115,7 +116,6 @@ ATTACK_SIGNATURES: Dict[str, Dict[str, Any]] = {
|
|
|
115
116
|
"detection_window_seconds": 300,
|
|
116
117
|
"severity": "low",
|
|
117
118
|
},
|
|
118
|
-
|
|
119
119
|
# DNS enumeration
|
|
120
120
|
"dnsrecon": {
|
|
121
121
|
"description": "DNS reconnaissance",
|
|
@@ -126,7 +126,6 @@ ATTACK_SIGNATURES: Dict[str, Dict[str, Any]] = {
|
|
|
126
126
|
"detection_window_seconds": 300,
|
|
127
127
|
"severity": "low",
|
|
128
128
|
},
|
|
129
|
-
|
|
130
129
|
"fierce": {
|
|
131
130
|
"description": "DNS reconnaissance",
|
|
132
131
|
"category": "reconnaissance",
|
|
@@ -136,7 +135,6 @@ ATTACK_SIGNATURES: Dict[str, Dict[str, Any]] = {
|
|
|
136
135
|
"detection_window_seconds": 300,
|
|
137
136
|
"severity": "low",
|
|
138
137
|
},
|
|
139
|
-
|
|
140
138
|
# Password attacks
|
|
141
139
|
"hashcat": {
|
|
142
140
|
"description": "Password cracking (offline)",
|
|
@@ -148,7 +146,6 @@ ATTACK_SIGNATURES: Dict[str, Dict[str, Any]] = {
|
|
|
148
146
|
"severity": "info",
|
|
149
147
|
"offline": True,
|
|
150
148
|
},
|
|
151
|
-
|
|
152
149
|
"john": {
|
|
153
150
|
"description": "Password cracking (offline)",
|
|
154
151
|
"category": "credential_access",
|
|
@@ -159,7 +156,6 @@ ATTACK_SIGNATURES: Dict[str, Dict[str, Any]] = {
|
|
|
159
156
|
"severity": "info",
|
|
160
157
|
"offline": True,
|
|
161
158
|
},
|
|
162
|
-
|
|
163
159
|
# Exploitation
|
|
164
160
|
"metasploit": {
|
|
165
161
|
"description": "Exploitation framework",
|
|
@@ -170,7 +166,6 @@ ATTACK_SIGNATURES: Dict[str, Dict[str, Any]] = {
|
|
|
170
166
|
"detection_window_seconds": 600,
|
|
171
167
|
"severity": "critical",
|
|
172
168
|
},
|
|
173
|
-
|
|
174
169
|
# Generic/fallback
|
|
175
170
|
"custom": {
|
|
176
171
|
"description": "Custom tool execution",
|
|
@@ -127,7 +127,6 @@ MITRE_TECHNIQUES: Dict[str, Dict[str, Any]] = {
|
|
|
127
127
|
"tools": ["nmap", "nikto", "nuclei"],
|
|
128
128
|
"parent": "T1595",
|
|
129
129
|
},
|
|
130
|
-
|
|
131
130
|
# Initial Access techniques
|
|
132
131
|
"T1190": {
|
|
133
132
|
"name": "Exploit Public-Facing Application",
|
|
@@ -143,7 +142,6 @@ MITRE_TECHNIQUES: Dict[str, Dict[str, Any]] = {
|
|
|
143
142
|
"description": "Leverage external-facing remote services",
|
|
144
143
|
"tools": ["hydra", "medusa", "crackmapexec"],
|
|
145
144
|
},
|
|
146
|
-
|
|
147
145
|
# Execution techniques
|
|
148
146
|
"T1059": {
|
|
149
147
|
"name": "Command and Scripting Interpreter",
|
|
@@ -152,7 +150,6 @@ MITRE_TECHNIQUES: Dict[str, Dict[str, Any]] = {
|
|
|
152
150
|
"description": "Abuse command and script interpreters",
|
|
153
151
|
"tools": ["metasploit"],
|
|
154
152
|
},
|
|
155
|
-
|
|
156
153
|
# Credential Access techniques
|
|
157
154
|
"T1110": {
|
|
158
155
|
"name": "Brute Force",
|
|
@@ -194,7 +191,6 @@ MITRE_TECHNIQUES: Dict[str, Dict[str, Any]] = {
|
|
|
194
191
|
"description": "Search for insecurely stored credentials",
|
|
195
192
|
"tools": ["crackmapexec", "smbclient"],
|
|
196
193
|
},
|
|
197
|
-
|
|
198
194
|
# Discovery techniques
|
|
199
195
|
"T1046": {
|
|
200
196
|
"name": "Network Service Discovery",
|
|
@@ -231,7 +227,6 @@ MITRE_TECHNIQUES: Dict[str, Dict[str, Any]] = {
|
|
|
231
227
|
"description": "Get a listing of accounts on a system",
|
|
232
228
|
"tools": ["enum4linux", "crackmapexec"],
|
|
233
229
|
},
|
|
234
|
-
|
|
235
230
|
# Lateral Movement techniques
|
|
236
231
|
"T1021": {
|
|
237
232
|
"name": "Remote Services",
|
|
@@ -282,6 +277,7 @@ CATEGORY_TO_TACTICS: Dict[str, List[str]] = {
|
|
|
282
277
|
@dataclass
|
|
283
278
|
class TechniqueResult:
|
|
284
279
|
"""Result of a technique being tested."""
|
|
280
|
+
|
|
285
281
|
technique_id: str
|
|
286
282
|
technique_name: str
|
|
287
283
|
tactic_id: str
|
|
@@ -297,6 +293,7 @@ class TechniqueResult:
|
|
|
297
293
|
@dataclass
|
|
298
294
|
class TacticResult:
|
|
299
295
|
"""Result of a tactic being tested."""
|
|
296
|
+
|
|
300
297
|
tactic_id: str
|
|
301
298
|
tactic_name: str
|
|
302
299
|
techniques_tested: int = 0
|
|
@@ -347,15 +344,17 @@ class MITREMappings:
|
|
|
347
344
|
techniques = []
|
|
348
345
|
for tech_id in technique_ids:
|
|
349
346
|
tech_data = MITRE_TECHNIQUES.get(tech_id, {})
|
|
350
|
-
techniques.append(
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
347
|
+
techniques.append(
|
|
348
|
+
{
|
|
349
|
+
"id": tech_id,
|
|
350
|
+
"name": tech_data.get("name", "Unknown"),
|
|
351
|
+
"tactic_id": tech_data.get("tactic_id", ""),
|
|
352
|
+
"tactic_name": tech_data.get("tactic_name", ""),
|
|
353
|
+
"description": tech_data.get("description", ""),
|
|
354
|
+
"is_subtechnique": "." in tech_id,
|
|
355
|
+
"offline": tech_data.get("offline", False),
|
|
356
|
+
}
|
|
357
|
+
)
|
|
359
358
|
|
|
360
359
|
return techniques
|
|
361
360
|
|
|
@@ -373,11 +372,13 @@ class MITREMappings:
|
|
|
373
372
|
tactics = []
|
|
374
373
|
for tactic_id in tactic_ids:
|
|
375
374
|
tactic_data = MITRE_TACTICS.get(tactic_id, {})
|
|
376
|
-
tactics.append(
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
375
|
+
tactics.append(
|
|
376
|
+
{
|
|
377
|
+
"id": tactic_id,
|
|
378
|
+
"name": tactic_data.get("name", "Unknown"),
|
|
379
|
+
"phase": tactic_data.get("phase", ""),
|
|
380
|
+
}
|
|
381
|
+
)
|
|
381
382
|
return tactics
|
|
382
383
|
|
|
383
384
|
def get_technique_by_id(self, technique_id: str) -> Optional[Dict[str, Any]]:
|
|
@@ -392,18 +393,19 @@ class MITREMappings:
|
|
|
392
393
|
"""Get all tactics sorted by attack phase order."""
|
|
393
394
|
tactics = []
|
|
394
395
|
for tactic_id, tactic_data in MITRE_TACTICS.items():
|
|
395
|
-
tactics.append(
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
|
|
401
|
-
|
|
396
|
+
tactics.append(
|
|
397
|
+
{
|
|
398
|
+
"id": tactic_id,
|
|
399
|
+
"name": tactic_data["name"],
|
|
400
|
+
"description": tactic_data["description"],
|
|
401
|
+
"phase": tactic_data["phase"],
|
|
402
|
+
"order": tactic_data["order"],
|
|
403
|
+
}
|
|
404
|
+
)
|
|
402
405
|
return sorted(tactics, key=lambda x: x["order"])
|
|
403
406
|
|
|
404
407
|
def build_coverage_matrix(
|
|
405
|
-
self,
|
|
406
|
-
detection_results: List[Any]
|
|
408
|
+
self, detection_results: List[Any]
|
|
407
409
|
) -> Dict[str, TechniqueResult]:
|
|
408
410
|
"""
|
|
409
411
|
Build MITRE ATT&CK coverage matrix from detection results.
|
|
@@ -418,19 +420,23 @@ class MITREMappings:
|
|
|
418
420
|
|
|
419
421
|
for result in detection_results:
|
|
420
422
|
# Get attack_type (tool name) from result
|
|
421
|
-
attack_type = getattr(result,
|
|
423
|
+
attack_type = getattr(result, "attack_type", None)
|
|
422
424
|
if not attack_type:
|
|
423
425
|
# Try dict access for backwards compatibility
|
|
424
|
-
attack_type =
|
|
426
|
+
attack_type = (
|
|
427
|
+
result.get("attack_type") if isinstance(result, dict) else None
|
|
428
|
+
)
|
|
425
429
|
if not attack_type:
|
|
426
430
|
continue
|
|
427
431
|
|
|
428
432
|
# Get detection status
|
|
429
|
-
status = getattr(result,
|
|
433
|
+
status = getattr(result, "status", None)
|
|
430
434
|
if not status:
|
|
431
|
-
status =
|
|
435
|
+
status = (
|
|
436
|
+
result.get("detection_status") if isinstance(result, dict) else None
|
|
437
|
+
)
|
|
432
438
|
if not status:
|
|
433
|
-
status = result.get(
|
|
439
|
+
status = result.get("status") if isinstance(result, dict) else "unknown"
|
|
434
440
|
|
|
435
441
|
# Map tool to techniques
|
|
436
442
|
techniques = self.map_tool_to_techniques(attack_type)
|
|
@@ -461,7 +467,9 @@ class MITREMappings:
|
|
|
461
467
|
|
|
462
468
|
# Calculate detection rates
|
|
463
469
|
for tech_result in matrix.values():
|
|
464
|
-
countable =
|
|
470
|
+
countable = (
|
|
471
|
+
tech_result.detected + tech_result.not_detected + tech_result.partial
|
|
472
|
+
)
|
|
465
473
|
if countable > 0:
|
|
466
474
|
tech_result.detection_rate = round(
|
|
467
475
|
(tech_result.detected / countable) * 100, 1
|
|
@@ -470,8 +478,7 @@ class MITREMappings:
|
|
|
470
478
|
return matrix
|
|
471
479
|
|
|
472
480
|
def build_tactic_summary(
|
|
473
|
-
self,
|
|
474
|
-
technique_matrix: Dict[str, TechniqueResult]
|
|
481
|
+
self, technique_matrix: Dict[str, TechniqueResult]
|
|
475
482
|
) -> Dict[str, TacticResult]:
|
|
476
483
|
"""
|
|
477
484
|
Build tactic-level summary from technique coverage matrix.
|
|
@@ -517,8 +524,7 @@ class MITREMappings:
|
|
|
517
524
|
return tactic_summary
|
|
518
525
|
|
|
519
526
|
def get_coverage_gaps(
|
|
520
|
-
self,
|
|
521
|
-
technique_matrix: Dict[str, TechniqueResult]
|
|
527
|
+
self, technique_matrix: Dict[str, TechniqueResult]
|
|
522
528
|
) -> List[TechniqueResult]:
|
|
523
529
|
"""
|
|
524
530
|
Get techniques that were tested but not detected.
|
|
@@ -536,8 +542,7 @@ class MITREMappings:
|
|
|
536
542
|
return sorted(gaps, key=lambda x: x.not_detected, reverse=True)
|
|
537
543
|
|
|
538
544
|
def get_heatmap_data(
|
|
539
|
-
self,
|
|
540
|
-
technique_matrix: Dict[str, TechniqueResult]
|
|
545
|
+
self, technique_matrix: Dict[str, TechniqueResult]
|
|
541
546
|
) -> List[Dict[str, Any]]:
|
|
542
547
|
"""
|
|
543
548
|
Generate heatmap data for visualization.
|
|
@@ -556,8 +561,7 @@ class MITREMappings:
|
|
|
556
561
|
for tactic in tactics:
|
|
557
562
|
tactic_id = tactic["id"]
|
|
558
563
|
tactic_techniques = [
|
|
559
|
-
t for t in technique_matrix.values()
|
|
560
|
-
if t.tactic_id == tactic_id
|
|
564
|
+
t for t in technique_matrix.values() if t.tactic_id == tactic_id
|
|
561
565
|
]
|
|
562
566
|
|
|
563
567
|
for tech in tactic_techniques:
|
|
@@ -571,19 +575,21 @@ class MITREMappings:
|
|
|
571
575
|
else:
|
|
572
576
|
status = "not_tested"
|
|
573
577
|
|
|
574
|
-
heatmap.append(
|
|
575
|
-
|
|
576
|
-
|
|
577
|
-
|
|
578
|
-
|
|
579
|
-
|
|
580
|
-
|
|
581
|
-
|
|
582
|
-
|
|
583
|
-
|
|
584
|
-
|
|
585
|
-
|
|
586
|
-
|
|
578
|
+
heatmap.append(
|
|
579
|
+
{
|
|
580
|
+
"tactic_id": tactic_id,
|
|
581
|
+
"tactic_name": tactic["name"],
|
|
582
|
+
"tactic_order": tactic["order"],
|
|
583
|
+
"technique_id": tech.technique_id,
|
|
584
|
+
"technique_name": tech.technique_name,
|
|
585
|
+
"status": status,
|
|
586
|
+
"tested": tech.tested,
|
|
587
|
+
"detected": tech.detected,
|
|
588
|
+
"not_detected": tech.not_detected,
|
|
589
|
+
"detection_rate": tech.detection_rate,
|
|
590
|
+
"tools_used": tech.tools_used,
|
|
591
|
+
}
|
|
592
|
+
)
|
|
587
593
|
|
|
588
594
|
return sorted(heatmap, key=lambda x: (x["tactic_order"], x["technique_id"]))
|
|
589
595
|
|