souleyez 2.43.28__py3-none-any.whl → 2.43.32__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -2
- souleyez/ai/__init__.py +21 -15
- souleyez/ai/action_mapper.py +249 -150
- souleyez/ai/chain_advisor.py +116 -100
- souleyez/ai/claude_provider.py +29 -28
- souleyez/ai/context_builder.py +80 -62
- souleyez/ai/executor.py +158 -117
- souleyez/ai/feedback_handler.py +136 -121
- souleyez/ai/llm_factory.py +27 -20
- souleyez/ai/llm_provider.py +4 -2
- souleyez/ai/ollama_provider.py +6 -9
- souleyez/ai/ollama_service.py +44 -37
- souleyez/ai/path_scorer.py +91 -76
- souleyez/ai/recommender.py +176 -144
- souleyez/ai/report_context.py +74 -73
- souleyez/ai/report_service.py +84 -66
- souleyez/ai/result_parser.py +222 -229
- souleyez/ai/safety.py +67 -44
- souleyez/auth/__init__.py +23 -22
- souleyez/auth/audit.py +36 -26
- souleyez/auth/engagement_access.py +65 -48
- souleyez/auth/permissions.py +14 -3
- souleyez/auth/session_manager.py +54 -37
- souleyez/auth/user_manager.py +109 -64
- souleyez/commands/audit.py +40 -43
- souleyez/commands/auth.py +35 -15
- souleyez/commands/deliverables.py +55 -50
- souleyez/commands/engagement.py +47 -28
- souleyez/commands/license.py +32 -23
- souleyez/commands/screenshots.py +36 -32
- souleyez/commands/user.py +82 -36
- souleyez/config.py +52 -44
- souleyez/core/credential_tester.py +87 -81
- souleyez/core/cve_mappings.py +179 -192
- souleyez/core/cve_matcher.py +162 -148
- souleyez/core/msf_auto_mapper.py +100 -83
- souleyez/core/msf_chain_engine.py +294 -256
- souleyez/core/msf_database.py +153 -70
- souleyez/core/msf_integration.py +679 -673
- souleyez/core/msf_rpc_client.py +40 -42
- souleyez/core/msf_rpc_manager.py +77 -79
- souleyez/core/msf_sync_manager.py +241 -181
- souleyez/core/network_utils.py +22 -15
- souleyez/core/parser_handler.py +34 -25
- souleyez/core/pending_chains.py +114 -63
- souleyez/core/templates.py +158 -107
- souleyez/core/tool_chaining.py +9592 -2879
- souleyez/core/version_utils.py +79 -94
- souleyez/core/vuln_correlation.py +136 -89
- souleyez/core/web_utils.py +33 -32
- souleyez/data/wordlists/ad_users.txt +378 -0
- souleyez/data/wordlists/api_endpoints_large.txt +769 -0
- souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
- souleyez/data/wordlists/lfi_payloads.txt +82 -0
- souleyez/data/wordlists/passwords_brute.txt +1548 -0
- souleyez/data/wordlists/passwords_crack.txt +2479 -0
- souleyez/data/wordlists/passwords_spray.txt +386 -0
- souleyez/data/wordlists/subdomains_large.txt +5057 -0
- souleyez/data/wordlists/usernames_common.txt +694 -0
- souleyez/data/wordlists/web_dirs_large.txt +4769 -0
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +12 -17
- souleyez/detection/mitre_mappings.py +61 -55
- souleyez/detection/validator.py +97 -86
- souleyez/devtools.py +23 -10
- souleyez/docs/README.md +4 -4
- souleyez/docs/api-reference/cli-commands.md +2 -2
- souleyez/docs/developer-guide/adding-new-tools.md +562 -0
- souleyez/docs/user-guide/auto-chaining.md +30 -8
- souleyez/docs/user-guide/getting-started.md +1 -1
- souleyez/docs/user-guide/installation.md +26 -3
- souleyez/docs/user-guide/metasploit-integration.md +2 -2
- souleyez/docs/user-guide/rbac.md +1 -1
- souleyez/docs/user-guide/scope-management.md +1 -1
- souleyez/docs/user-guide/siem-integration.md +1 -1
- souleyez/docs/user-guide/tools-reference.md +1 -8
- souleyez/docs/user-guide/worker-management.md +1 -1
- souleyez/engine/background.py +1238 -535
- souleyez/engine/base.py +4 -1
- souleyez/engine/job_status.py +17 -49
- souleyez/engine/log_sanitizer.py +103 -77
- souleyez/engine/manager.py +38 -7
- souleyez/engine/result_handler.py +2198 -1550
- souleyez/engine/worker_manager.py +50 -41
- souleyez/export/evidence_bundle.py +72 -62
- souleyez/feature_flags/features.py +16 -20
- souleyez/feature_flags.py +5 -9
- souleyez/handlers/__init__.py +11 -0
- souleyez/handlers/base.py +188 -0
- souleyez/handlers/bash_handler.py +277 -0
- souleyez/handlers/bloodhound_handler.py +243 -0
- souleyez/handlers/certipy_handler.py +311 -0
- souleyez/handlers/crackmapexec_handler.py +486 -0
- souleyez/handlers/dnsrecon_handler.py +344 -0
- souleyez/handlers/enum4linux_handler.py +400 -0
- souleyez/handlers/evil_winrm_handler.py +493 -0
- souleyez/handlers/ffuf_handler.py +815 -0
- souleyez/handlers/gobuster_handler.py +1114 -0
- souleyez/handlers/gpp_extract_handler.py +334 -0
- souleyez/handlers/hashcat_handler.py +444 -0
- souleyez/handlers/hydra_handler.py +563 -0
- souleyez/handlers/impacket_getuserspns_handler.py +343 -0
- souleyez/handlers/impacket_psexec_handler.py +222 -0
- souleyez/handlers/impacket_secretsdump_handler.py +426 -0
- souleyez/handlers/john_handler.py +286 -0
- souleyez/handlers/katana_handler.py +425 -0
- souleyez/handlers/kerbrute_handler.py +298 -0
- souleyez/handlers/ldapsearch_handler.py +636 -0
- souleyez/handlers/lfi_extract_handler.py +464 -0
- souleyez/handlers/msf_auxiliary_handler.py +408 -0
- souleyez/handlers/msf_exploit_handler.py +380 -0
- souleyez/handlers/nikto_handler.py +413 -0
- souleyez/handlers/nmap_handler.py +821 -0
- souleyez/handlers/nuclei_handler.py +359 -0
- souleyez/handlers/nxc_handler.py +371 -0
- souleyez/handlers/rdp_sec_check_handler.py +353 -0
- souleyez/handlers/registry.py +288 -0
- souleyez/handlers/responder_handler.py +232 -0
- souleyez/handlers/service_explorer_handler.py +434 -0
- souleyez/handlers/smbclient_handler.py +344 -0
- souleyez/handlers/smbmap_handler.py +510 -0
- souleyez/handlers/smbpasswd_handler.py +296 -0
- souleyez/handlers/sqlmap_handler.py +1116 -0
- souleyez/handlers/theharvester_handler.py +601 -0
- souleyez/handlers/whois_handler.py +277 -0
- souleyez/handlers/wpscan_handler.py +554 -0
- souleyez/history.py +32 -16
- souleyez/importers/msf_importer.py +106 -75
- souleyez/importers/smart_importer.py +208 -147
- souleyez/integrations/siem/__init__.py +10 -10
- souleyez/integrations/siem/base.py +17 -18
- souleyez/integrations/siem/elastic.py +108 -122
- souleyez/integrations/siem/factory.py +207 -80
- souleyez/integrations/siem/googlesecops.py +146 -154
- souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
- souleyez/integrations/siem/sentinel.py +107 -109
- souleyez/integrations/siem/splunk.py +246 -212
- souleyez/integrations/siem/wazuh.py +65 -71
- souleyez/integrations/wazuh/__init__.py +5 -5
- souleyez/integrations/wazuh/client.py +70 -93
- souleyez/integrations/wazuh/config.py +85 -57
- souleyez/integrations/wazuh/host_mapper.py +28 -36
- souleyez/integrations/wazuh/sync.py +78 -68
- souleyez/intelligence/__init__.py +4 -5
- souleyez/intelligence/correlation_analyzer.py +309 -295
- souleyez/intelligence/exploit_knowledge.py +661 -623
- souleyez/intelligence/exploit_suggestions.py +159 -139
- souleyez/intelligence/gap_analyzer.py +132 -97
- souleyez/intelligence/gap_detector.py +251 -214
- souleyez/intelligence/sensitive_tables.py +266 -129
- souleyez/intelligence/service_parser.py +137 -123
- souleyez/intelligence/surface_analyzer.py +407 -268
- souleyez/intelligence/target_parser.py +159 -162
- souleyez/licensing/__init__.py +6 -6
- souleyez/licensing/validator.py +17 -19
- souleyez/log_config.py +79 -54
- souleyez/main.py +1505 -687
- souleyez/migrations/fix_job_counter.py +16 -14
- souleyez/parsers/bloodhound_parser.py +41 -39
- souleyez/parsers/crackmapexec_parser.py +178 -111
- souleyez/parsers/dalfox_parser.py +72 -77
- souleyez/parsers/dnsrecon_parser.py +103 -91
- souleyez/parsers/enum4linux_parser.py +183 -153
- souleyez/parsers/ffuf_parser.py +29 -25
- souleyez/parsers/gobuster_parser.py +301 -41
- souleyez/parsers/hashcat_parser.py +324 -79
- souleyez/parsers/http_fingerprint_parser.py +350 -103
- souleyez/parsers/hydra_parser.py +131 -111
- souleyez/parsers/impacket_parser.py +231 -178
- souleyez/parsers/john_parser.py +98 -86
- souleyez/parsers/katana_parser.py +316 -0
- souleyez/parsers/msf_parser.py +943 -498
- souleyez/parsers/nikto_parser.py +346 -65
- souleyez/parsers/nmap_parser.py +262 -174
- souleyez/parsers/nuclei_parser.py +40 -44
- souleyez/parsers/responder_parser.py +26 -26
- souleyez/parsers/searchsploit_parser.py +74 -74
- souleyez/parsers/service_explorer_parser.py +279 -0
- souleyez/parsers/smbmap_parser.py +180 -124
- souleyez/parsers/sqlmap_parser.py +434 -308
- souleyez/parsers/theharvester_parser.py +75 -57
- souleyez/parsers/whois_parser.py +135 -94
- souleyez/parsers/wpscan_parser.py +278 -190
- souleyez/plugins/afp.py +44 -36
- souleyez/plugins/afp_brute.py +114 -46
- souleyez/plugins/ard.py +48 -37
- souleyez/plugins/bloodhound.py +95 -61
- souleyez/plugins/certipy.py +303 -0
- souleyez/plugins/crackmapexec.py +186 -85
- souleyez/plugins/dalfox.py +120 -59
- souleyez/plugins/dns_hijack.py +146 -41
- souleyez/plugins/dnsrecon.py +97 -61
- souleyez/plugins/enum4linux.py +91 -66
- souleyez/plugins/evil_winrm.py +291 -0
- souleyez/plugins/ffuf.py +166 -90
- souleyez/plugins/firmware_extract.py +133 -29
- souleyez/plugins/gobuster.py +387 -190
- souleyez/plugins/gpp_extract.py +393 -0
- souleyez/plugins/hashcat.py +100 -73
- souleyez/plugins/http_fingerprint.py +854 -267
- souleyez/plugins/hydra.py +566 -200
- souleyez/plugins/impacket_getnpusers.py +117 -69
- souleyez/plugins/impacket_psexec.py +84 -64
- souleyez/plugins/impacket_secretsdump.py +103 -69
- souleyez/plugins/impacket_smbclient.py +89 -75
- souleyez/plugins/john.py +86 -69
- souleyez/plugins/katana.py +313 -0
- souleyez/plugins/kerbrute.py +237 -0
- souleyez/plugins/lfi_extract.py +541 -0
- souleyez/plugins/macos_ssh.py +117 -48
- souleyez/plugins/mdns.py +35 -30
- souleyez/plugins/msf_auxiliary.py +253 -130
- souleyez/plugins/msf_exploit.py +239 -161
- souleyez/plugins/nikto.py +134 -78
- souleyez/plugins/nmap.py +275 -91
- souleyez/plugins/nuclei.py +180 -89
- souleyez/plugins/nxc.py +285 -0
- souleyez/plugins/plugin_base.py +35 -36
- souleyez/plugins/plugin_template.py +13 -5
- souleyez/plugins/rdp_sec_check.py +130 -0
- souleyez/plugins/responder.py +112 -71
- souleyez/plugins/router_http_brute.py +76 -65
- souleyez/plugins/router_ssh_brute.py +118 -41
- souleyez/plugins/router_telnet_brute.py +124 -42
- souleyez/plugins/routersploit.py +91 -59
- souleyez/plugins/routersploit_exploit.py +77 -55
- souleyez/plugins/searchsploit.py +91 -77
- souleyez/plugins/service_explorer.py +1160 -0
- souleyez/plugins/smbmap.py +122 -72
- souleyez/plugins/smbpasswd.py +215 -0
- souleyez/plugins/sqlmap.py +301 -113
- souleyez/plugins/theharvester.py +127 -75
- souleyez/plugins/tr069.py +79 -57
- souleyez/plugins/upnp.py +65 -47
- souleyez/plugins/upnp_abuse.py +73 -55
- souleyez/plugins/vnc_access.py +129 -42
- souleyez/plugins/vnc_brute.py +109 -38
- souleyez/plugins/whois.py +77 -58
- souleyez/plugins/wpscan.py +173 -69
- souleyez/reporting/__init__.py +2 -1
- souleyez/reporting/attack_chain.py +411 -346
- souleyez/reporting/charts.py +436 -501
- souleyez/reporting/compliance_mappings.py +334 -201
- souleyez/reporting/detection_report.py +126 -125
- souleyez/reporting/formatters.py +828 -591
- souleyez/reporting/generator.py +386 -302
- souleyez/reporting/metrics.py +72 -75
- souleyez/scanner.py +35 -29
- souleyez/security/__init__.py +37 -11
- souleyez/security/scope_validator.py +175 -106
- souleyez/security/validation.py +223 -149
- souleyez/security.py +22 -6
- souleyez/storage/credentials.py +247 -186
- souleyez/storage/crypto.py +296 -129
- souleyez/storage/database.py +73 -50
- souleyez/storage/db.py +58 -36
- souleyez/storage/deliverable_evidence.py +177 -128
- souleyez/storage/deliverable_exporter.py +282 -246
- souleyez/storage/deliverable_templates.py +134 -116
- souleyez/storage/deliverables.py +135 -130
- souleyez/storage/engagements.py +109 -56
- souleyez/storage/evidence.py +181 -152
- souleyez/storage/execution_log.py +31 -17
- souleyez/storage/exploit_attempts.py +93 -57
- souleyez/storage/exploits.py +67 -36
- souleyez/storage/findings.py +48 -61
- souleyez/storage/hosts.py +176 -144
- souleyez/storage/migrate_to_engagements.py +43 -19
- souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
- souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
- souleyez/storage/migrations/_003_add_execution_log.py +14 -8
- souleyez/storage/migrations/_005_screenshots.py +13 -5
- souleyez/storage/migrations/_006_deliverables.py +13 -5
- souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
- souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
- souleyez/storage/migrations/_010_evidence_linking.py +17 -10
- souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
- souleyez/storage/migrations/_012_team_collaboration.py +34 -21
- souleyez/storage/migrations/_013_add_host_tags.py +12 -6
- souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
- souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
- souleyez/storage/migrations/_016_add_domain_field.py +10 -4
- souleyez/storage/migrations/_017_msf_sessions.py +16 -8
- souleyez/storage/migrations/_018_add_osint_target.py +10 -6
- souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
- souleyez/storage/migrations/_020_add_rbac.py +36 -15
- souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
- souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
- souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
- souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
- souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
- souleyez/storage/migrations/__init__.py +26 -26
- souleyez/storage/migrations/migration_manager.py +19 -19
- souleyez/storage/msf_sessions.py +100 -65
- souleyez/storage/osint.py +17 -24
- souleyez/storage/recommendation_engine.py +269 -235
- souleyez/storage/screenshots.py +33 -32
- souleyez/storage/smb_shares.py +136 -92
- souleyez/storage/sqlmap_data.py +183 -128
- souleyez/storage/team_collaboration.py +135 -141
- souleyez/storage/timeline_tracker.py +122 -94
- souleyez/storage/wazuh_vulns.py +64 -66
- souleyez/storage/web_paths.py +33 -37
- souleyez/testing/credential_tester.py +221 -205
- souleyez/ui/__init__.py +1 -1
- souleyez/ui/ai_quotes.py +12 -12
- souleyez/ui/attack_surface.py +2439 -1516
- souleyez/ui/chain_rules_view.py +914 -382
- souleyez/ui/correlation_view.py +312 -230
- souleyez/ui/dashboard.py +2382 -1130
- souleyez/ui/deliverables_view.py +148 -62
- souleyez/ui/design_system.py +13 -13
- souleyez/ui/errors.py +49 -49
- souleyez/ui/evidence_linking_view.py +284 -179
- souleyez/ui/evidence_vault.py +393 -285
- souleyez/ui/exploit_suggestions_view.py +555 -349
- souleyez/ui/export_view.py +100 -66
- souleyez/ui/gap_analysis_view.py +315 -171
- souleyez/ui/help_system.py +105 -97
- souleyez/ui/intelligence_view.py +436 -293
- souleyez/ui/interactive.py +23142 -10430
- souleyez/ui/interactive_selector.py +75 -68
- souleyez/ui/log_formatter.py +47 -39
- souleyez/ui/menu_components.py +22 -13
- souleyez/ui/msf_auxiliary_menu.py +184 -133
- souleyez/ui/pending_chains_view.py +336 -172
- souleyez/ui/progress_indicators.py +5 -3
- souleyez/ui/recommendations_view.py +195 -137
- souleyez/ui/rule_builder.py +343 -225
- souleyez/ui/setup_wizard.py +678 -284
- souleyez/ui/shortcuts.py +217 -165
- souleyez/ui/splunk_gap_analysis_view.py +452 -270
- souleyez/ui/splunk_vulns_view.py +139 -86
- souleyez/ui/team_dashboard.py +498 -335
- souleyez/ui/template_selector.py +196 -105
- souleyez/ui/terminal.py +6 -6
- souleyez/ui/timeline_view.py +198 -127
- souleyez/ui/tool_setup.py +264 -164
- souleyez/ui/tutorial.py +202 -72
- souleyez/ui/tutorial_state.py +40 -40
- souleyez/ui/wazuh_vulns_view.py +235 -141
- souleyez/ui/wordlist_browser.py +260 -107
- souleyez/ui.py +464 -312
- souleyez/utils/tool_checker.py +427 -367
- souleyez/utils.py +33 -29
- souleyez/wordlists.py +134 -167
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/METADATA +1 -1
- souleyez-2.43.32.dist-info/RECORD +441 -0
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/WHEEL +1 -1
- souleyez-2.43.28.dist-info/RECORD +0 -379
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/top_level.txt +0 -0
|
@@ -0,0 +1,464 @@
|
|
|
1
|
+
#!/usr/bin/env python3
|
|
2
|
+
"""
|
|
3
|
+
souleyez.handlers.lfi_extract_handler - Handler for LFI credential extraction
|
|
4
|
+
|
|
5
|
+
Parses LFI extract results and stores discovered credentials in the database.
|
|
6
|
+
"""
|
|
7
|
+
import json
|
|
8
|
+
import logging
|
|
9
|
+
import os
|
|
10
|
+
import re
|
|
11
|
+
from typing import Any, Dict, List, Optional
|
|
12
|
+
|
|
13
|
+
import click
|
|
14
|
+
|
|
15
|
+
from souleyez.engine.job_status import STATUS_DONE, STATUS_ERROR, STATUS_NO_RESULTS
|
|
16
|
+
from souleyez.handlers.base import BaseToolHandler
|
|
17
|
+
|
|
18
|
+
logger = logging.getLogger(__name__)
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
class LfiExtractHandler(BaseToolHandler):
|
|
22
|
+
"""Handler for LFI Extract custom tool."""
|
|
23
|
+
|
|
24
|
+
tool_name = "lfi_extract"
|
|
25
|
+
display_name = "LFI Extract"
|
|
26
|
+
|
|
27
|
+
# All handlers enabled
|
|
28
|
+
has_error_handler = True
|
|
29
|
+
has_warning_handler = True
|
|
30
|
+
has_no_results_handler = True
|
|
31
|
+
has_done_handler = True
|
|
32
|
+
|
|
33
|
+
def parse_job(
|
|
34
|
+
self,
|
|
35
|
+
engagement_id: int,
|
|
36
|
+
log_path: str,
|
|
37
|
+
job: Dict[str, Any],
|
|
38
|
+
host_manager: Optional[Any] = None,
|
|
39
|
+
findings_manager: Optional[Any] = None,
|
|
40
|
+
credentials_manager: Optional[Any] = None,
|
|
41
|
+
) -> Dict[str, Any]:
|
|
42
|
+
"""
|
|
43
|
+
Parse LFI extract job results.
|
|
44
|
+
|
|
45
|
+
Extracts credentials from the JSON result and stores them in the database.
|
|
46
|
+
"""
|
|
47
|
+
try:
|
|
48
|
+
# Import managers if not provided
|
|
49
|
+
if host_manager is None:
|
|
50
|
+
from souleyez.storage.hosts import HostManager
|
|
51
|
+
|
|
52
|
+
host_manager = HostManager()
|
|
53
|
+
if findings_manager is None:
|
|
54
|
+
from souleyez.storage.findings import FindingsManager
|
|
55
|
+
|
|
56
|
+
findings_manager = FindingsManager()
|
|
57
|
+
if credentials_manager is None:
|
|
58
|
+
from souleyez.storage.credentials import CredentialsManager
|
|
59
|
+
|
|
60
|
+
credentials_manager = CredentialsManager()
|
|
61
|
+
|
|
62
|
+
# Read log file
|
|
63
|
+
if not log_path or not os.path.exists(log_path):
|
|
64
|
+
return {
|
|
65
|
+
"error": "Log file not found",
|
|
66
|
+
"status": STATUS_ERROR,
|
|
67
|
+
"summary": "Log file not found",
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
with open(log_path, "r", encoding="utf-8", errors="replace") as f:
|
|
71
|
+
log_content = f.read()
|
|
72
|
+
|
|
73
|
+
# Extract JSON result
|
|
74
|
+
json_match = re.search(
|
|
75
|
+
r"=== JSON_RESULT ===\s*\n(.*?)\n=== END_JSON_RESULT ===",
|
|
76
|
+
log_content,
|
|
77
|
+
re.DOTALL,
|
|
78
|
+
)
|
|
79
|
+
|
|
80
|
+
if not json_match:
|
|
81
|
+
return {
|
|
82
|
+
"error": "No JSON result found in log",
|
|
83
|
+
"status": STATUS_ERROR,
|
|
84
|
+
"summary": "Failed to parse output",
|
|
85
|
+
}
|
|
86
|
+
|
|
87
|
+
try:
|
|
88
|
+
result = json.loads(json_match.group(1))
|
|
89
|
+
except json.JSONDecodeError as e:
|
|
90
|
+
return {
|
|
91
|
+
"error": f"Failed to parse JSON result: {e}",
|
|
92
|
+
"status": STATUS_ERROR,
|
|
93
|
+
"summary": "Failed to parse output",
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
credentials = result.get("credentials", [])
|
|
97
|
+
|
|
98
|
+
if not credentials:
|
|
99
|
+
files_decoded = result.get("decoded_files", [])
|
|
100
|
+
if files_decoded:
|
|
101
|
+
summary = f"Decoded {len(files_decoded)} file{'s' if len(files_decoded) != 1 else ''}, no credentials found"
|
|
102
|
+
else:
|
|
103
|
+
summary = "No files decoded, no credentials found"
|
|
104
|
+
return {
|
|
105
|
+
"tool": "lfi_extract",
|
|
106
|
+
"status": STATUS_NO_RESULTS,
|
|
107
|
+
"sources_processed": result.get("sources_processed", 0),
|
|
108
|
+
"sources_failed": result.get("sources_failed", 0),
|
|
109
|
+
"credentials_found": 0,
|
|
110
|
+
"decoded_files": files_decoded,
|
|
111
|
+
"summary": summary,
|
|
112
|
+
}
|
|
113
|
+
|
|
114
|
+
# Get or create host from target URL
|
|
115
|
+
target = job.get("target", "")
|
|
116
|
+
host_id = None
|
|
117
|
+
|
|
118
|
+
if target:
|
|
119
|
+
from urllib.parse import urlparse
|
|
120
|
+
|
|
121
|
+
parsed_url = urlparse(target)
|
|
122
|
+
target_host = parsed_url.hostname or target
|
|
123
|
+
|
|
124
|
+
host_result = host_manager.add_or_update_host(
|
|
125
|
+
engagement_id, {"ip": target_host, "status": "up"}
|
|
126
|
+
)
|
|
127
|
+
if isinstance(host_result, dict):
|
|
128
|
+
host_id = host_result.get("id")
|
|
129
|
+
else:
|
|
130
|
+
host_id = host_result
|
|
131
|
+
|
|
132
|
+
# Store credentials and create findings
|
|
133
|
+
stored_credentials = []
|
|
134
|
+
|
|
135
|
+
for cred in credentials:
|
|
136
|
+
cred_type = cred.get("credential_type", "unknown")
|
|
137
|
+
|
|
138
|
+
if cred_type == "database":
|
|
139
|
+
# Store database credential
|
|
140
|
+
try:
|
|
141
|
+
cred_id = credentials_manager.add_credential(
|
|
142
|
+
engagement_id=engagement_id,
|
|
143
|
+
host_id=host_id,
|
|
144
|
+
username=cred.get("username"),
|
|
145
|
+
password=cred.get("password"),
|
|
146
|
+
service=cred.get("database", "mysql"),
|
|
147
|
+
credential_type="database",
|
|
148
|
+
status="untested",
|
|
149
|
+
tool="lfi_extract",
|
|
150
|
+
)
|
|
151
|
+
stored_credentials.append(
|
|
152
|
+
{
|
|
153
|
+
"id": cred_id,
|
|
154
|
+
"type": "database",
|
|
155
|
+
"username": cred.get("username"),
|
|
156
|
+
"password": cred.get("password"),
|
|
157
|
+
"credential_type": "database",
|
|
158
|
+
}
|
|
159
|
+
)
|
|
160
|
+
|
|
161
|
+
# Create critical finding
|
|
162
|
+
findings_manager.add_finding(
|
|
163
|
+
engagement_id=engagement_id,
|
|
164
|
+
host_id=host_id,
|
|
165
|
+
title=f"LFI Credential Extraction: {cred.get('username')}@{cred.get('database', 'database')}",
|
|
166
|
+
finding_type="credential",
|
|
167
|
+
severity="critical",
|
|
168
|
+
description=(
|
|
169
|
+
f"Database credentials extracted via LFI vulnerability:\n\n"
|
|
170
|
+
f"**Username:** {cred.get('username')}\n"
|
|
171
|
+
f"**Database:** {cred.get('database', 'unknown')}\n"
|
|
172
|
+
f"**Host:** {cred.get('host', 'localhost')}\n\n"
|
|
173
|
+
f"**Source File:** {cred.get('source_file', 'unknown')}\n"
|
|
174
|
+
f"**Source URL:** {cred.get('source_url', 'unknown')}\n\n"
|
|
175
|
+
f"This indicates a critical LFI vulnerability that exposes database credentials. "
|
|
176
|
+
f"The attacker can now attempt to access the database directly."
|
|
177
|
+
),
|
|
178
|
+
tool="lfi_extract",
|
|
179
|
+
)
|
|
180
|
+
logger.info(
|
|
181
|
+
f"Stored database credential: {cred.get('username')}@{cred.get('database')}"
|
|
182
|
+
)
|
|
183
|
+
|
|
184
|
+
except Exception as e:
|
|
185
|
+
logger.warning(f"Failed to store credential: {e}")
|
|
186
|
+
|
|
187
|
+
elif cred_type in ("api_key", "secret_key"):
|
|
188
|
+
# Store API key as credential
|
|
189
|
+
try:
|
|
190
|
+
api_key = cred.get("api_key", "")
|
|
191
|
+
cred_id = credentials_manager.add_credential(
|
|
192
|
+
engagement_id=engagement_id,
|
|
193
|
+
host_id=host_id,
|
|
194
|
+
username=cred_type,
|
|
195
|
+
password=api_key,
|
|
196
|
+
service="api",
|
|
197
|
+
credential_type=cred_type,
|
|
198
|
+
status="untested",
|
|
199
|
+
tool="lfi_extract",
|
|
200
|
+
)
|
|
201
|
+
stored_credentials.append(
|
|
202
|
+
{
|
|
203
|
+
"id": cred_id,
|
|
204
|
+
"type": cred_type,
|
|
205
|
+
"credential_type": cred_type,
|
|
206
|
+
}
|
|
207
|
+
)
|
|
208
|
+
|
|
209
|
+
# Create finding for API key
|
|
210
|
+
findings_manager.add_finding(
|
|
211
|
+
engagement_id=engagement_id,
|
|
212
|
+
host_id=host_id,
|
|
213
|
+
title=f"LFI Exposed {cred_type.replace('_', ' ').title()}",
|
|
214
|
+
finding_type="credential",
|
|
215
|
+
severity="high",
|
|
216
|
+
description=(
|
|
217
|
+
f"API key/secret extracted via LFI vulnerability:\n\n"
|
|
218
|
+
f"**Type:** {cred_type}\n"
|
|
219
|
+
f"**Key (truncated):** {api_key[:20]}...{api_key[-10:] if len(api_key) > 30 else ''}\n\n"
|
|
220
|
+
f"**Source File:** {cred.get('source_file', 'unknown')}\n"
|
|
221
|
+
f"**Source URL:** {cred.get('source_url', 'unknown')}\n\n"
|
|
222
|
+
f"This key may provide access to external services or APIs."
|
|
223
|
+
),
|
|
224
|
+
tool="lfi_extract",
|
|
225
|
+
)
|
|
226
|
+
logger.info(f"Stored {cred_type}")
|
|
227
|
+
|
|
228
|
+
except Exception as e:
|
|
229
|
+
logger.warning(f"Failed to store API key: {e}")
|
|
230
|
+
|
|
231
|
+
# Build summary for UI display
|
|
232
|
+
cred_count = len(stored_credentials)
|
|
233
|
+
files_decoded = result.get("decoded_files", [])
|
|
234
|
+
if cred_count > 0:
|
|
235
|
+
summary = f"Extracted {cred_count} credential{'s' if cred_count != 1 else ''} from {len(files_decoded)} file{'s' if len(files_decoded) != 1 else ''}"
|
|
236
|
+
elif files_decoded:
|
|
237
|
+
summary = f"Decoded {len(files_decoded)} file{'s' if len(files_decoded) != 1 else ''}, no credentials found"
|
|
238
|
+
else:
|
|
239
|
+
summary = "No files decoded"
|
|
240
|
+
|
|
241
|
+
return {
|
|
242
|
+
"tool": "lfi_extract",
|
|
243
|
+
"status": STATUS_DONE,
|
|
244
|
+
"sources_processed": result.get("sources_processed", 0),
|
|
245
|
+
"sources_failed": result.get("sources_failed", 0),
|
|
246
|
+
"credentials_found": cred_count,
|
|
247
|
+
"credentials": stored_credentials,
|
|
248
|
+
"decoded_files": files_decoded,
|
|
249
|
+
"summary": summary,
|
|
250
|
+
}
|
|
251
|
+
|
|
252
|
+
except Exception as e:
|
|
253
|
+
logger.error(f"Error parsing lfi_extract job: {e}")
|
|
254
|
+
return {"error": str(e), "status": STATUS_ERROR, "summary": f"Error: {e}"}
|
|
255
|
+
|
|
256
|
+
def display_done(
|
|
257
|
+
self,
|
|
258
|
+
job: Dict[str, Any],
|
|
259
|
+
log_path: str,
|
|
260
|
+
show_all: bool = False,
|
|
261
|
+
show_passwords: bool = False,
|
|
262
|
+
) -> None:
|
|
263
|
+
"""Display successful LFI extract results."""
|
|
264
|
+
try:
|
|
265
|
+
if not log_path or not os.path.exists(log_path):
|
|
266
|
+
return
|
|
267
|
+
|
|
268
|
+
with open(log_path, "r", encoding="utf-8", errors="replace") as f:
|
|
269
|
+
log_content = f.read()
|
|
270
|
+
|
|
271
|
+
# Extract JSON result
|
|
272
|
+
json_match = re.search(
|
|
273
|
+
r"=== JSON_RESULT ===\s*\n(.*?)\n=== END_JSON_RESULT ===",
|
|
274
|
+
log_content,
|
|
275
|
+
re.DOTALL,
|
|
276
|
+
)
|
|
277
|
+
|
|
278
|
+
if not json_match:
|
|
279
|
+
click.echo("No results to display.")
|
|
280
|
+
return
|
|
281
|
+
|
|
282
|
+
result = json.loads(json_match.group(1))
|
|
283
|
+
credentials = result.get("credentials", [])
|
|
284
|
+
|
|
285
|
+
click.echo(click.style("=" * 70, fg="green"))
|
|
286
|
+
click.echo(
|
|
287
|
+
click.style("LFI EXTRACT - CREDENTIALS FOUND", bold=True, fg="green")
|
|
288
|
+
)
|
|
289
|
+
click.echo(click.style("=" * 70, fg="green"))
|
|
290
|
+
click.echo()
|
|
291
|
+
click.echo(f" Sources processed: {result.get('sources_processed', 0)}")
|
|
292
|
+
click.echo(
|
|
293
|
+
f" Files decoded: {', '.join(result.get('decoded_files', [])) or 'None'}"
|
|
294
|
+
)
|
|
295
|
+
click.echo()
|
|
296
|
+
|
|
297
|
+
if credentials:
|
|
298
|
+
click.echo(click.style("-" * 40, fg="green"))
|
|
299
|
+
click.echo(click.style("EXTRACTED CREDENTIALS:", bold=True, fg="green"))
|
|
300
|
+
click.echo(click.style("-" * 40, fg="green"))
|
|
301
|
+
click.echo()
|
|
302
|
+
|
|
303
|
+
for i, cred in enumerate(credentials, 1):
|
|
304
|
+
cred_type = cred.get("credential_type", "unknown")
|
|
305
|
+
|
|
306
|
+
if cred_type == "database":
|
|
307
|
+
click.echo(
|
|
308
|
+
click.style(
|
|
309
|
+
f" [{i}] DATABASE CREDENTIALS", bold=True, fg="yellow"
|
|
310
|
+
)
|
|
311
|
+
)
|
|
312
|
+
click.echo(f" Username: {cred.get('username')}")
|
|
313
|
+
if show_passwords:
|
|
314
|
+
click.echo(f" Password: {cred.get('password')}")
|
|
315
|
+
else:
|
|
316
|
+
click.echo(
|
|
317
|
+
f" Password: {'*' * 8} (use --show-passwords to reveal)"
|
|
318
|
+
)
|
|
319
|
+
click.echo(f" Database: {cred.get('database', 'unknown')}")
|
|
320
|
+
click.echo(f" Host: {cred.get('host', 'localhost')}")
|
|
321
|
+
click.echo(
|
|
322
|
+
f" Source: {cred.get('source_file', 'unknown')}"
|
|
323
|
+
)
|
|
324
|
+
|
|
325
|
+
elif cred_type in ("api_key", "secret_key"):
|
|
326
|
+
click.echo(
|
|
327
|
+
click.style(
|
|
328
|
+
f" [{i}] {cred_type.upper()}", bold=True, fg="yellow"
|
|
329
|
+
)
|
|
330
|
+
)
|
|
331
|
+
api_key = cred.get("api_key", "")
|
|
332
|
+
if show_passwords:
|
|
333
|
+
click.echo(f" Key: {api_key}")
|
|
334
|
+
else:
|
|
335
|
+
click.echo(
|
|
336
|
+
f" Key: {api_key[:10]}...{api_key[-5:] if len(api_key) > 15 else ''}"
|
|
337
|
+
)
|
|
338
|
+
click.echo(
|
|
339
|
+
f" Source: {cred.get('source_file', 'unknown')}"
|
|
340
|
+
)
|
|
341
|
+
|
|
342
|
+
click.echo()
|
|
343
|
+
|
|
344
|
+
click.echo(click.style("-" * 40, fg="cyan"))
|
|
345
|
+
click.echo(click.style("NEXT STEPS:", bold=True, fg="cyan"))
|
|
346
|
+
click.echo(click.style("-" * 40, fg="cyan"))
|
|
347
|
+
click.echo(" 1. Test database credentials against MySQL/PostgreSQL")
|
|
348
|
+
click.echo(
|
|
349
|
+
" 2. Check if credentials work on other services (SSH, FTP)"
|
|
350
|
+
)
|
|
351
|
+
click.echo(" 3. Use 'souleyez creds list' to view all credentials")
|
|
352
|
+
click.echo(" 4. Chain to Hydra for credential spraying")
|
|
353
|
+
click.echo()
|
|
354
|
+
|
|
355
|
+
click.echo(click.style("=" * 70, fg="green"))
|
|
356
|
+
click.echo()
|
|
357
|
+
|
|
358
|
+
except Exception as e:
|
|
359
|
+
logger.debug(f"Error in display_done: {e}")
|
|
360
|
+
|
|
361
|
+
def display_error(
|
|
362
|
+
self,
|
|
363
|
+
job: Dict[str, Any],
|
|
364
|
+
log_path: str,
|
|
365
|
+
log_content: Optional[str] = None,
|
|
366
|
+
) -> None:
|
|
367
|
+
"""Display error status for LFI extract."""
|
|
368
|
+
click.echo(click.style("=" * 70, fg="red"))
|
|
369
|
+
click.echo(click.style("[ERROR] LFI EXTRACT FAILED", bold=True, fg="red"))
|
|
370
|
+
click.echo(click.style("=" * 70, fg="red"))
|
|
371
|
+
click.echo()
|
|
372
|
+
|
|
373
|
+
if log_content is None and log_path and os.path.exists(log_path):
|
|
374
|
+
try:
|
|
375
|
+
with open(log_path, "r", encoding="utf-8", errors="replace") as f:
|
|
376
|
+
log_content = f.read()
|
|
377
|
+
except Exception:
|
|
378
|
+
log_content = ""
|
|
379
|
+
|
|
380
|
+
if log_content:
|
|
381
|
+
# Look for error messages
|
|
382
|
+
if "Error:" in log_content:
|
|
383
|
+
match = re.search(r"Error:\s*(.+?)(?:\n|$)", log_content)
|
|
384
|
+
if match:
|
|
385
|
+
click.echo(f" Error: {match.group(1)}")
|
|
386
|
+
elif "No PHP filter URLs" in log_content:
|
|
387
|
+
click.echo(" No PHP filter URLs were provided to extract from.")
|
|
388
|
+
click.echo()
|
|
389
|
+
click.echo(
|
|
390
|
+
click.style(" This tool expects URLs like:", fg="bright_black")
|
|
391
|
+
)
|
|
392
|
+
click.echo(
|
|
393
|
+
click.style(
|
|
394
|
+
" http://target/?page=php://filter/convert.base64-encode/resource=config",
|
|
395
|
+
fg="bright_black",
|
|
396
|
+
)
|
|
397
|
+
)
|
|
398
|
+
else:
|
|
399
|
+
click.echo(" Extraction failed - see raw logs for details.")
|
|
400
|
+
click.echo(" Press [r] to view raw logs.")
|
|
401
|
+
|
|
402
|
+
click.echo()
|
|
403
|
+
click.echo(click.style("=" * 70, fg="red"))
|
|
404
|
+
click.echo()
|
|
405
|
+
|
|
406
|
+
def display_no_results(
|
|
407
|
+
self,
|
|
408
|
+
job: Dict[str, Any],
|
|
409
|
+
log_path: str,
|
|
410
|
+
) -> None:
|
|
411
|
+
"""Display no_results status for LFI extract."""
|
|
412
|
+
click.echo(click.style("=" * 70, fg="cyan"))
|
|
413
|
+
click.echo(
|
|
414
|
+
click.style("LFI EXTRACT - NO CREDENTIALS FOUND", bold=True, fg="cyan")
|
|
415
|
+
)
|
|
416
|
+
click.echo(click.style("=" * 70, fg="cyan"))
|
|
417
|
+
click.echo()
|
|
418
|
+
click.echo(" The PHP source code was decoded but no credentials were found.")
|
|
419
|
+
click.echo()
|
|
420
|
+
click.echo(click.style(" This could mean:", fg="bright_black"))
|
|
421
|
+
click.echo(
|
|
422
|
+
click.style(
|
|
423
|
+
" - Config file doesn't contain database credentials",
|
|
424
|
+
fg="bright_black",
|
|
425
|
+
)
|
|
426
|
+
)
|
|
427
|
+
click.echo(
|
|
428
|
+
click.style(
|
|
429
|
+
" - Credentials use a format not recognized by the parser",
|
|
430
|
+
fg="bright_black",
|
|
431
|
+
)
|
|
432
|
+
)
|
|
433
|
+
click.echo(
|
|
434
|
+
click.style(
|
|
435
|
+
" - Try targeting different config files (wp-config.php, .env, etc.)",
|
|
436
|
+
fg="bright_black",
|
|
437
|
+
)
|
|
438
|
+
)
|
|
439
|
+
click.echo()
|
|
440
|
+
click.echo(
|
|
441
|
+
click.style(
|
|
442
|
+
" Check the raw logs for the decoded source code.", fg="bright_black"
|
|
443
|
+
)
|
|
444
|
+
)
|
|
445
|
+
click.echo()
|
|
446
|
+
click.echo(click.style("=" * 70, fg="cyan"))
|
|
447
|
+
click.echo()
|
|
448
|
+
|
|
449
|
+
def display_warning(
|
|
450
|
+
self,
|
|
451
|
+
job: Dict[str, Any],
|
|
452
|
+
log_path: str,
|
|
453
|
+
log_content: Optional[str] = None,
|
|
454
|
+
) -> None:
|
|
455
|
+
"""Display warning status for LFI extract."""
|
|
456
|
+
click.echo(click.style("=" * 70, fg="yellow"))
|
|
457
|
+
click.echo(click.style("[WARNING] LFI EXTRACT", bold=True, fg="yellow"))
|
|
458
|
+
click.echo(click.style("=" * 70, fg="yellow"))
|
|
459
|
+
click.echo()
|
|
460
|
+
click.echo(" Extraction completed with warnings. Some URLs may have failed.")
|
|
461
|
+
click.echo(" Press [r] to view raw logs for details.")
|
|
462
|
+
click.echo()
|
|
463
|
+
click.echo(click.style("=" * 70, fg="yellow"))
|
|
464
|
+
click.echo()
|