souleyez 2.43.29__py3-none-any.whl → 2.43.32__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -2
- souleyez/ai/__init__.py +21 -15
- souleyez/ai/action_mapper.py +249 -150
- souleyez/ai/chain_advisor.py +116 -100
- souleyez/ai/claude_provider.py +29 -28
- souleyez/ai/context_builder.py +80 -62
- souleyez/ai/executor.py +158 -117
- souleyez/ai/feedback_handler.py +136 -121
- souleyez/ai/llm_factory.py +27 -20
- souleyez/ai/llm_provider.py +4 -2
- souleyez/ai/ollama_provider.py +6 -9
- souleyez/ai/ollama_service.py +44 -37
- souleyez/ai/path_scorer.py +91 -76
- souleyez/ai/recommender.py +176 -144
- souleyez/ai/report_context.py +74 -73
- souleyez/ai/report_service.py +84 -66
- souleyez/ai/result_parser.py +222 -229
- souleyez/ai/safety.py +67 -44
- souleyez/auth/__init__.py +23 -22
- souleyez/auth/audit.py +36 -26
- souleyez/auth/engagement_access.py +65 -48
- souleyez/auth/permissions.py +14 -3
- souleyez/auth/session_manager.py +54 -37
- souleyez/auth/user_manager.py +109 -64
- souleyez/commands/audit.py +40 -43
- souleyez/commands/auth.py +35 -15
- souleyez/commands/deliverables.py +55 -50
- souleyez/commands/engagement.py +47 -28
- souleyez/commands/license.py +32 -23
- souleyez/commands/screenshots.py +36 -32
- souleyez/commands/user.py +82 -36
- souleyez/config.py +52 -44
- souleyez/core/credential_tester.py +87 -81
- souleyez/core/cve_mappings.py +179 -192
- souleyez/core/cve_matcher.py +162 -148
- souleyez/core/msf_auto_mapper.py +100 -83
- souleyez/core/msf_chain_engine.py +294 -256
- souleyez/core/msf_database.py +153 -70
- souleyez/core/msf_integration.py +679 -673
- souleyez/core/msf_rpc_client.py +40 -42
- souleyez/core/msf_rpc_manager.py +77 -79
- souleyez/core/msf_sync_manager.py +241 -181
- souleyez/core/network_utils.py +22 -15
- souleyez/core/parser_handler.py +34 -25
- souleyez/core/pending_chains.py +114 -63
- souleyez/core/templates.py +158 -107
- souleyez/core/tool_chaining.py +9592 -2879
- souleyez/core/version_utils.py +79 -94
- souleyez/core/vuln_correlation.py +136 -89
- souleyez/core/web_utils.py +33 -32
- souleyez/data/wordlists/ad_users.txt +378 -0
- souleyez/data/wordlists/api_endpoints_large.txt +769 -0
- souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
- souleyez/data/wordlists/lfi_payloads.txt +82 -0
- souleyez/data/wordlists/passwords_brute.txt +1548 -0
- souleyez/data/wordlists/passwords_crack.txt +2479 -0
- souleyez/data/wordlists/passwords_spray.txt +386 -0
- souleyez/data/wordlists/subdomains_large.txt +5057 -0
- souleyez/data/wordlists/usernames_common.txt +694 -0
- souleyez/data/wordlists/web_dirs_large.txt +4769 -0
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +12 -17
- souleyez/detection/mitre_mappings.py +61 -55
- souleyez/detection/validator.py +97 -86
- souleyez/devtools.py +23 -10
- souleyez/docs/README.md +4 -4
- souleyez/docs/api-reference/cli-commands.md +2 -2
- souleyez/docs/developer-guide/adding-new-tools.md +562 -0
- souleyez/docs/user-guide/auto-chaining.md +30 -8
- souleyez/docs/user-guide/getting-started.md +1 -1
- souleyez/docs/user-guide/installation.md +26 -3
- souleyez/docs/user-guide/metasploit-integration.md +2 -2
- souleyez/docs/user-guide/rbac.md +1 -1
- souleyez/docs/user-guide/scope-management.md +1 -1
- souleyez/docs/user-guide/siem-integration.md +1 -1
- souleyez/docs/user-guide/tools-reference.md +1 -8
- souleyez/docs/user-guide/worker-management.md +1 -1
- souleyez/engine/background.py +1238 -535
- souleyez/engine/base.py +4 -1
- souleyez/engine/job_status.py +17 -49
- souleyez/engine/log_sanitizer.py +103 -77
- souleyez/engine/manager.py +38 -7
- souleyez/engine/result_handler.py +2198 -1550
- souleyez/engine/worker_manager.py +50 -41
- souleyez/export/evidence_bundle.py +72 -62
- souleyez/feature_flags/features.py +16 -20
- souleyez/feature_flags.py +5 -9
- souleyez/handlers/__init__.py +11 -0
- souleyez/handlers/base.py +188 -0
- souleyez/handlers/bash_handler.py +277 -0
- souleyez/handlers/bloodhound_handler.py +243 -0
- souleyez/handlers/certipy_handler.py +311 -0
- souleyez/handlers/crackmapexec_handler.py +486 -0
- souleyez/handlers/dnsrecon_handler.py +344 -0
- souleyez/handlers/enum4linux_handler.py +400 -0
- souleyez/handlers/evil_winrm_handler.py +493 -0
- souleyez/handlers/ffuf_handler.py +815 -0
- souleyez/handlers/gobuster_handler.py +1114 -0
- souleyez/handlers/gpp_extract_handler.py +334 -0
- souleyez/handlers/hashcat_handler.py +444 -0
- souleyez/handlers/hydra_handler.py +563 -0
- souleyez/handlers/impacket_getuserspns_handler.py +343 -0
- souleyez/handlers/impacket_psexec_handler.py +222 -0
- souleyez/handlers/impacket_secretsdump_handler.py +426 -0
- souleyez/handlers/john_handler.py +286 -0
- souleyez/handlers/katana_handler.py +425 -0
- souleyez/handlers/kerbrute_handler.py +298 -0
- souleyez/handlers/ldapsearch_handler.py +636 -0
- souleyez/handlers/lfi_extract_handler.py +464 -0
- souleyez/handlers/msf_auxiliary_handler.py +408 -0
- souleyez/handlers/msf_exploit_handler.py +380 -0
- souleyez/handlers/nikto_handler.py +413 -0
- souleyez/handlers/nmap_handler.py +821 -0
- souleyez/handlers/nuclei_handler.py +359 -0
- souleyez/handlers/nxc_handler.py +371 -0
- souleyez/handlers/rdp_sec_check_handler.py +353 -0
- souleyez/handlers/registry.py +288 -0
- souleyez/handlers/responder_handler.py +232 -0
- souleyez/handlers/service_explorer_handler.py +434 -0
- souleyez/handlers/smbclient_handler.py +344 -0
- souleyez/handlers/smbmap_handler.py +510 -0
- souleyez/handlers/smbpasswd_handler.py +296 -0
- souleyez/handlers/sqlmap_handler.py +1116 -0
- souleyez/handlers/theharvester_handler.py +601 -0
- souleyez/handlers/whois_handler.py +277 -0
- souleyez/handlers/wpscan_handler.py +554 -0
- souleyez/history.py +32 -16
- souleyez/importers/msf_importer.py +106 -75
- souleyez/importers/smart_importer.py +208 -147
- souleyez/integrations/siem/__init__.py +10 -10
- souleyez/integrations/siem/base.py +17 -18
- souleyez/integrations/siem/elastic.py +108 -122
- souleyez/integrations/siem/factory.py +207 -80
- souleyez/integrations/siem/googlesecops.py +146 -154
- souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
- souleyez/integrations/siem/sentinel.py +107 -109
- souleyez/integrations/siem/splunk.py +246 -212
- souleyez/integrations/siem/wazuh.py +65 -71
- souleyez/integrations/wazuh/__init__.py +5 -5
- souleyez/integrations/wazuh/client.py +70 -93
- souleyez/integrations/wazuh/config.py +85 -57
- souleyez/integrations/wazuh/host_mapper.py +28 -36
- souleyez/integrations/wazuh/sync.py +78 -68
- souleyez/intelligence/__init__.py +4 -5
- souleyez/intelligence/correlation_analyzer.py +309 -295
- souleyez/intelligence/exploit_knowledge.py +661 -623
- souleyez/intelligence/exploit_suggestions.py +159 -139
- souleyez/intelligence/gap_analyzer.py +132 -97
- souleyez/intelligence/gap_detector.py +251 -214
- souleyez/intelligence/sensitive_tables.py +266 -129
- souleyez/intelligence/service_parser.py +137 -123
- souleyez/intelligence/surface_analyzer.py +407 -268
- souleyez/intelligence/target_parser.py +159 -162
- souleyez/licensing/__init__.py +6 -6
- souleyez/licensing/validator.py +17 -19
- souleyez/log_config.py +79 -54
- souleyez/main.py +1505 -687
- souleyez/migrations/fix_job_counter.py +16 -14
- souleyez/parsers/bloodhound_parser.py +41 -39
- souleyez/parsers/crackmapexec_parser.py +178 -111
- souleyez/parsers/dalfox_parser.py +72 -77
- souleyez/parsers/dnsrecon_parser.py +103 -91
- souleyez/parsers/enum4linux_parser.py +183 -153
- souleyez/parsers/ffuf_parser.py +29 -25
- souleyez/parsers/gobuster_parser.py +301 -41
- souleyez/parsers/hashcat_parser.py +324 -79
- souleyez/parsers/http_fingerprint_parser.py +350 -103
- souleyez/parsers/hydra_parser.py +131 -111
- souleyez/parsers/impacket_parser.py +231 -178
- souleyez/parsers/john_parser.py +98 -86
- souleyez/parsers/katana_parser.py +316 -0
- souleyez/parsers/msf_parser.py +943 -498
- souleyez/parsers/nikto_parser.py +346 -65
- souleyez/parsers/nmap_parser.py +262 -174
- souleyez/parsers/nuclei_parser.py +40 -44
- souleyez/parsers/responder_parser.py +26 -26
- souleyez/parsers/searchsploit_parser.py +74 -74
- souleyez/parsers/service_explorer_parser.py +279 -0
- souleyez/parsers/smbmap_parser.py +180 -124
- souleyez/parsers/sqlmap_parser.py +434 -308
- souleyez/parsers/theharvester_parser.py +75 -57
- souleyez/parsers/whois_parser.py +135 -94
- souleyez/parsers/wpscan_parser.py +278 -190
- souleyez/plugins/afp.py +44 -36
- souleyez/plugins/afp_brute.py +114 -46
- souleyez/plugins/ard.py +48 -37
- souleyez/plugins/bloodhound.py +95 -61
- souleyez/plugins/certipy.py +303 -0
- souleyez/plugins/crackmapexec.py +186 -85
- souleyez/plugins/dalfox.py +120 -59
- souleyez/plugins/dns_hijack.py +146 -41
- souleyez/plugins/dnsrecon.py +97 -61
- souleyez/plugins/enum4linux.py +91 -66
- souleyez/plugins/evil_winrm.py +291 -0
- souleyez/plugins/ffuf.py +166 -90
- souleyez/plugins/firmware_extract.py +133 -29
- souleyez/plugins/gobuster.py +387 -190
- souleyez/plugins/gpp_extract.py +393 -0
- souleyez/plugins/hashcat.py +100 -73
- souleyez/plugins/http_fingerprint.py +854 -267
- souleyez/plugins/hydra.py +566 -200
- souleyez/plugins/impacket_getnpusers.py +117 -69
- souleyez/plugins/impacket_psexec.py +84 -64
- souleyez/plugins/impacket_secretsdump.py +103 -69
- souleyez/plugins/impacket_smbclient.py +89 -75
- souleyez/plugins/john.py +86 -69
- souleyez/plugins/katana.py +313 -0
- souleyez/plugins/kerbrute.py +237 -0
- souleyez/plugins/lfi_extract.py +541 -0
- souleyez/plugins/macos_ssh.py +117 -48
- souleyez/plugins/mdns.py +35 -30
- souleyez/plugins/msf_auxiliary.py +253 -130
- souleyez/plugins/msf_exploit.py +239 -161
- souleyez/plugins/nikto.py +134 -78
- souleyez/plugins/nmap.py +275 -91
- souleyez/plugins/nuclei.py +180 -89
- souleyez/plugins/nxc.py +285 -0
- souleyez/plugins/plugin_base.py +35 -36
- souleyez/plugins/plugin_template.py +13 -5
- souleyez/plugins/rdp_sec_check.py +130 -0
- souleyez/plugins/responder.py +112 -71
- souleyez/plugins/router_http_brute.py +76 -65
- souleyez/plugins/router_ssh_brute.py +118 -41
- souleyez/plugins/router_telnet_brute.py +124 -42
- souleyez/plugins/routersploit.py +91 -59
- souleyez/plugins/routersploit_exploit.py +77 -55
- souleyez/plugins/searchsploit.py +91 -77
- souleyez/plugins/service_explorer.py +1160 -0
- souleyez/plugins/smbmap.py +122 -72
- souleyez/plugins/smbpasswd.py +215 -0
- souleyez/plugins/sqlmap.py +301 -113
- souleyez/plugins/theharvester.py +127 -75
- souleyez/plugins/tr069.py +79 -57
- souleyez/plugins/upnp.py +65 -47
- souleyez/plugins/upnp_abuse.py +73 -55
- souleyez/plugins/vnc_access.py +129 -42
- souleyez/plugins/vnc_brute.py +109 -38
- souleyez/plugins/whois.py +77 -58
- souleyez/plugins/wpscan.py +173 -69
- souleyez/reporting/__init__.py +2 -1
- souleyez/reporting/attack_chain.py +411 -346
- souleyez/reporting/charts.py +436 -501
- souleyez/reporting/compliance_mappings.py +334 -201
- souleyez/reporting/detection_report.py +126 -125
- souleyez/reporting/formatters.py +828 -591
- souleyez/reporting/generator.py +386 -302
- souleyez/reporting/metrics.py +72 -75
- souleyez/scanner.py +35 -29
- souleyez/security/__init__.py +37 -11
- souleyez/security/scope_validator.py +175 -106
- souleyez/security/validation.py +223 -149
- souleyez/security.py +22 -6
- souleyez/storage/credentials.py +247 -186
- souleyez/storage/crypto.py +296 -129
- souleyez/storage/database.py +73 -50
- souleyez/storage/db.py +58 -36
- souleyez/storage/deliverable_evidence.py +177 -128
- souleyez/storage/deliverable_exporter.py +282 -246
- souleyez/storage/deliverable_templates.py +134 -116
- souleyez/storage/deliverables.py +135 -130
- souleyez/storage/engagements.py +109 -56
- souleyez/storage/evidence.py +181 -152
- souleyez/storage/execution_log.py +31 -17
- souleyez/storage/exploit_attempts.py +93 -57
- souleyez/storage/exploits.py +67 -36
- souleyez/storage/findings.py +48 -61
- souleyez/storage/hosts.py +176 -144
- souleyez/storage/migrate_to_engagements.py +43 -19
- souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
- souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
- souleyez/storage/migrations/_003_add_execution_log.py +14 -8
- souleyez/storage/migrations/_005_screenshots.py +13 -5
- souleyez/storage/migrations/_006_deliverables.py +13 -5
- souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
- souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
- souleyez/storage/migrations/_010_evidence_linking.py +17 -10
- souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
- souleyez/storage/migrations/_012_team_collaboration.py +34 -21
- souleyez/storage/migrations/_013_add_host_tags.py +12 -6
- souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
- souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
- souleyez/storage/migrations/_016_add_domain_field.py +10 -4
- souleyez/storage/migrations/_017_msf_sessions.py +16 -8
- souleyez/storage/migrations/_018_add_osint_target.py +10 -6
- souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
- souleyez/storage/migrations/_020_add_rbac.py +36 -15
- souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
- souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
- souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
- souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
- souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
- souleyez/storage/migrations/__init__.py +26 -26
- souleyez/storage/migrations/migration_manager.py +19 -19
- souleyez/storage/msf_sessions.py +100 -65
- souleyez/storage/osint.py +17 -24
- souleyez/storage/recommendation_engine.py +269 -235
- souleyez/storage/screenshots.py +33 -32
- souleyez/storage/smb_shares.py +136 -92
- souleyez/storage/sqlmap_data.py +183 -128
- souleyez/storage/team_collaboration.py +135 -141
- souleyez/storage/timeline_tracker.py +122 -94
- souleyez/storage/wazuh_vulns.py +64 -66
- souleyez/storage/web_paths.py +33 -37
- souleyez/testing/credential_tester.py +221 -205
- souleyez/ui/__init__.py +1 -1
- souleyez/ui/ai_quotes.py +12 -12
- souleyez/ui/attack_surface.py +2439 -1516
- souleyez/ui/chain_rules_view.py +914 -382
- souleyez/ui/correlation_view.py +312 -230
- souleyez/ui/dashboard.py +2382 -1130
- souleyez/ui/deliverables_view.py +148 -62
- souleyez/ui/design_system.py +13 -13
- souleyez/ui/errors.py +49 -49
- souleyez/ui/evidence_linking_view.py +284 -179
- souleyez/ui/evidence_vault.py +393 -285
- souleyez/ui/exploit_suggestions_view.py +555 -349
- souleyez/ui/export_view.py +100 -66
- souleyez/ui/gap_analysis_view.py +315 -171
- souleyez/ui/help_system.py +105 -97
- souleyez/ui/intelligence_view.py +436 -293
- souleyez/ui/interactive.py +22783 -10678
- souleyez/ui/interactive_selector.py +75 -68
- souleyez/ui/log_formatter.py +47 -39
- souleyez/ui/menu_components.py +22 -13
- souleyez/ui/msf_auxiliary_menu.py +184 -133
- souleyez/ui/pending_chains_view.py +336 -172
- souleyez/ui/progress_indicators.py +5 -3
- souleyez/ui/recommendations_view.py +195 -137
- souleyez/ui/rule_builder.py +343 -225
- souleyez/ui/setup_wizard.py +678 -284
- souleyez/ui/shortcuts.py +217 -165
- souleyez/ui/splunk_gap_analysis_view.py +452 -270
- souleyez/ui/splunk_vulns_view.py +139 -86
- souleyez/ui/team_dashboard.py +498 -335
- souleyez/ui/template_selector.py +196 -105
- souleyez/ui/terminal.py +6 -6
- souleyez/ui/timeline_view.py +198 -127
- souleyez/ui/tool_setup.py +264 -164
- souleyez/ui/tutorial.py +202 -72
- souleyez/ui/tutorial_state.py +40 -40
- souleyez/ui/wazuh_vulns_view.py +235 -141
- souleyez/ui/wordlist_browser.py +260 -107
- souleyez/ui.py +464 -312
- souleyez/utils/tool_checker.py +427 -367
- souleyez/utils.py +33 -29
- souleyez/wordlists.py +134 -167
- {souleyez-2.43.29.dist-info → souleyez-2.43.32.dist-info}/METADATA +1 -1
- souleyez-2.43.32.dist-info/RECORD +441 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.32.dist-info}/WHEEL +1 -1
- souleyez-2.43.29.dist-info/RECORD +0 -379
- {souleyez-2.43.29.dist-info → souleyez-2.43.32.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.32.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.32.dist-info}/top_level.txt +0 -0
souleyez/plugins/crackmapexec.py
CHANGED
|
@@ -30,12 +30,12 @@ HELP = {
|
|
|
30
30
|
"- Check for MS17-010 (EternalBlue) on all SMB hosts\n"
|
|
31
31
|
"- Results link to Impacket for follow-up attacks\n"
|
|
32
32
|
),
|
|
33
|
-
"usage":
|
|
33
|
+
"usage": 'souleyez jobs enqueue crackmapexec <target> --args "smb --shares"',
|
|
34
34
|
"examples": [
|
|
35
|
-
|
|
36
|
-
|
|
35
|
+
'souleyez jobs enqueue crackmapexec 10.0.0.82 --args "smb --shares"',
|
|
36
|
+
'souleyez jobs enqueue crackmapexec 10.0.0.82 --args "smb -u admin -p password"',
|
|
37
37
|
"souleyez jobs enqueue crackmapexec 10.0.0.82 --args \"smb -u '' -p '' -M ms17-010\"",
|
|
38
|
-
|
|
38
|
+
'souleyez jobs enqueue crackmapexec 10.0.0.0/24 --args "smb --users"',
|
|
39
39
|
],
|
|
40
40
|
"flags": [
|
|
41
41
|
["smb", "SMB protocol"],
|
|
@@ -55,90 +55,134 @@ HELP = {
|
|
|
55
55
|
{
|
|
56
56
|
"name": "Basic SMB Enum",
|
|
57
57
|
"args": ["smb", "--shares"],
|
|
58
|
-
"desc": "Enumerate shares (no credentials)"
|
|
58
|
+
"desc": "Enumerate shares (no credentials)",
|
|
59
59
|
},
|
|
60
60
|
{
|
|
61
61
|
"name": "Vulnerability Check",
|
|
62
62
|
"args": ["smb", "-u", "", "-p", "", "-M", "ms17-010"],
|
|
63
|
-
"desc": "Check for MS17-010 (EternalBlue)"
|
|
63
|
+
"desc": "Check for MS17-010 (EternalBlue)",
|
|
64
64
|
},
|
|
65
65
|
{
|
|
66
66
|
"name": "User Enumeration",
|
|
67
67
|
"args": ["smb", "--users"],
|
|
68
|
-
"desc": "Enumerate domain users"
|
|
69
|
-
}
|
|
68
|
+
"desc": "Enumerate domain users",
|
|
69
|
+
},
|
|
70
70
|
],
|
|
71
71
|
"authenticated": [
|
|
72
72
|
{
|
|
73
73
|
"name": "With Credentials",
|
|
74
74
|
"args": ["smb", "-u", "<username>", "-p", "<password>", "--shares"],
|
|
75
|
-
"desc": "Authenticated share enumeration"
|
|
75
|
+
"desc": "Authenticated share enumeration",
|
|
76
76
|
},
|
|
77
77
|
{
|
|
78
78
|
"name": "Domain Auth",
|
|
79
|
-
"args": [
|
|
80
|
-
|
|
79
|
+
"args": [
|
|
80
|
+
"smb",
|
|
81
|
+
"-u",
|
|
82
|
+
"<username>",
|
|
83
|
+
"-p",
|
|
84
|
+
"<password>",
|
|
85
|
+
"-d",
|
|
86
|
+
"<domain>",
|
|
87
|
+
],
|
|
88
|
+
"desc": "Domain authentication",
|
|
81
89
|
},
|
|
82
90
|
{
|
|
83
91
|
"name": "Password Spray",
|
|
84
92
|
"args": ["smb", "-u", "users.txt", "-p", "password", "--no-bruteforce"],
|
|
85
|
-
"desc": "Spray single password across user list"
|
|
86
|
-
}
|
|
87
|
-
]
|
|
93
|
+
"desc": "Spray single password across user list",
|
|
94
|
+
},
|
|
95
|
+
],
|
|
88
96
|
},
|
|
89
97
|
"presets": [
|
|
90
|
-
{
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
98
|
+
{
|
|
99
|
+
"name": "Basic SMB Enum",
|
|
100
|
+
"args": ["smb", "--shares"],
|
|
101
|
+
"desc": "Enumerate shares (no credentials)",
|
|
102
|
+
},
|
|
103
|
+
{
|
|
104
|
+
"name": "Vulnerability Check",
|
|
105
|
+
"args": ["smb", "-u", "", "-p", "", "-M", "ms17-010"],
|
|
106
|
+
"desc": "Check for MS17-010 (EternalBlue)",
|
|
107
|
+
},
|
|
108
|
+
{
|
|
109
|
+
"name": "User Enumeration",
|
|
110
|
+
"args": ["smb", "--users"],
|
|
111
|
+
"desc": "Enumerate domain users",
|
|
112
|
+
},
|
|
113
|
+
{
|
|
114
|
+
"name": "With Credentials",
|
|
115
|
+
"args": ["smb", "-u", "<username>", "-p", "<password>", "--shares"],
|
|
116
|
+
"desc": "Authenticated share enumeration",
|
|
117
|
+
},
|
|
94
118
|
],
|
|
95
119
|
"help_sections": [
|
|
96
120
|
{
|
|
97
121
|
"title": "What is CrackMapExec?",
|
|
98
122
|
"color": "cyan",
|
|
99
123
|
"content": [
|
|
100
|
-
{
|
|
101
|
-
|
|
102
|
-
"
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
"
|
|
106
|
-
|
|
107
|
-
|
|
124
|
+
{
|
|
125
|
+
"title": "Overview",
|
|
126
|
+
"desc": "CrackMapExec (now NetExec) is the Swiss army knife for Windows and Active Directory pentesting, supporting SMB, WinRM, MSSQL, LDAP, and RDP protocols.",
|
|
127
|
+
},
|
|
128
|
+
{
|
|
129
|
+
"title": "Use Cases",
|
|
130
|
+
"desc": "Industry-standard tool for Windows/AD enumeration and exploitation",
|
|
131
|
+
"tips": [
|
|
132
|
+
"Enumerate SMB shares without credentials",
|
|
133
|
+
"Validate credentials across multiple hosts",
|
|
134
|
+
"Check for critical vulnerabilities (MS17-010, ZeroLogon)",
|
|
135
|
+
"Execute commands and dump hashes with valid creds",
|
|
136
|
+
],
|
|
137
|
+
},
|
|
138
|
+
],
|
|
108
139
|
},
|
|
109
140
|
{
|
|
110
141
|
"title": "How to Use",
|
|
111
142
|
"color": "green",
|
|
112
143
|
"content": [
|
|
113
|
-
{
|
|
114
|
-
|
|
115
|
-
"
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
"
|
|
119
|
-
|
|
120
|
-
|
|
144
|
+
{
|
|
145
|
+
"title": "Basic Workflow",
|
|
146
|
+
"desc": "1. Start with unauthenticated scans (--shares)\n 2. Check for vulnerabilities (-M ms17-010)\n 3. Use found credentials to enumerate further\n 4. Pivot across network with credential spraying",
|
|
147
|
+
},
|
|
148
|
+
{
|
|
149
|
+
"title": "Common Tasks",
|
|
150
|
+
"desc": "Key enumeration and validation features",
|
|
151
|
+
"tips": [
|
|
152
|
+
"Share enumeration: netexec smb <target> --shares",
|
|
153
|
+
"User enumeration: netexec smb <target> --users",
|
|
154
|
+
"Credential validation: netexec smb <target> -u user -p pass",
|
|
155
|
+
"Vulnerability check: netexec smb <target> -M ms17-010",
|
|
156
|
+
],
|
|
157
|
+
},
|
|
158
|
+
],
|
|
121
159
|
},
|
|
122
160
|
{
|
|
123
161
|
"title": "Tips & Best Practices",
|
|
124
162
|
"color": "yellow",
|
|
125
163
|
"content": [
|
|
126
|
-
(
|
|
127
|
-
"
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
"
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
164
|
+
(
|
|
165
|
+
"Best Practices:",
|
|
166
|
+
[
|
|
167
|
+
"Start with unauthenticated enumeration",
|
|
168
|
+
"Check MS17-010 on all SMB hosts",
|
|
169
|
+
"Use found credentials for lateral movement",
|
|
170
|
+
"Save results for Impacket follow-up attacks",
|
|
171
|
+
"Test one credential at a time to avoid lockouts",
|
|
172
|
+
],
|
|
173
|
+
),
|
|
174
|
+
(
|
|
175
|
+
"Common Issues:",
|
|
176
|
+
[
|
|
177
|
+
"Access denied: Try null session (-u '' -p '')",
|
|
178
|
+
"No output: Verify SMB is open (port 445)",
|
|
179
|
+
"Credential errors: Check domain name format (DOMAIN/user)",
|
|
180
|
+
"Module not found: Update NetExec to latest version",
|
|
181
|
+
],
|
|
182
|
+
),
|
|
183
|
+
],
|
|
184
|
+
},
|
|
185
|
+
],
|
|
142
186
|
}
|
|
143
187
|
|
|
144
188
|
|
|
@@ -148,11 +192,13 @@ class CrackMapExecPlugin(PluginBase):
|
|
|
148
192
|
category = "scanning"
|
|
149
193
|
HELP = HELP
|
|
150
194
|
|
|
151
|
-
def build_command(
|
|
195
|
+
def build_command(
|
|
196
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
197
|
+
):
|
|
152
198
|
"""Build CrackMapExec command for background execution with PID tracking."""
|
|
153
199
|
# Handle multiple space-separated IPs
|
|
154
200
|
target_list = []
|
|
155
|
-
if
|
|
201
|
+
if " " in target:
|
|
156
202
|
for ip in target.split():
|
|
157
203
|
ip = ip.strip()
|
|
158
204
|
if ip:
|
|
@@ -161,7 +207,7 @@ class CrackMapExecPlugin(PluginBase):
|
|
|
161
207
|
target_list.append(validated)
|
|
162
208
|
except ValidationError as e:
|
|
163
209
|
if log_path:
|
|
164
|
-
with open(log_path,
|
|
210
|
+
with open(log_path, "w") as f:
|
|
165
211
|
f.write(f"ERROR: Invalid target '{ip}': {e}\n")
|
|
166
212
|
return None
|
|
167
213
|
else:
|
|
@@ -170,14 +216,31 @@ class CrackMapExecPlugin(PluginBase):
|
|
|
170
216
|
target_list = [target]
|
|
171
217
|
except ValidationError as e:
|
|
172
218
|
if log_path:
|
|
173
|
-
with open(log_path,
|
|
219
|
+
with open(log_path, "w") as f:
|
|
174
220
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
175
221
|
return None
|
|
176
222
|
|
|
177
223
|
args = args or ["smb", "--shares"]
|
|
178
224
|
args = [arg.replace("<target>", target_list[0]) for arg in args]
|
|
179
225
|
|
|
180
|
-
protocol =
|
|
226
|
+
protocol = (
|
|
227
|
+
args[0]
|
|
228
|
+
if args
|
|
229
|
+
and args[0]
|
|
230
|
+
in [
|
|
231
|
+
"smb",
|
|
232
|
+
"winrm",
|
|
233
|
+
"mssql",
|
|
234
|
+
"ldap",
|
|
235
|
+
"ssh",
|
|
236
|
+
"rdp",
|
|
237
|
+
"ftp",
|
|
238
|
+
"vnc",
|
|
239
|
+
"nfs",
|
|
240
|
+
"wmi",
|
|
241
|
+
]
|
|
242
|
+
else "smb"
|
|
243
|
+
)
|
|
181
244
|
cmd = ["netexec", protocol] + target_list
|
|
182
245
|
|
|
183
246
|
if len(args) > 1:
|
|
@@ -185,28 +248,37 @@ class CrackMapExecPlugin(PluginBase):
|
|
|
185
248
|
elif protocol not in args:
|
|
186
249
|
cmd.extend(["--shares"])
|
|
187
250
|
|
|
188
|
-
has_creds = any(arg in cmd for arg in [
|
|
189
|
-
has_enum = any(
|
|
251
|
+
has_creds = any(arg in cmd for arg in ["-u", "--username", "-p", "--password"])
|
|
252
|
+
has_enum = any(
|
|
253
|
+
arg in cmd
|
|
254
|
+
for arg in [
|
|
255
|
+
"--shares",
|
|
256
|
+
"--users",
|
|
257
|
+
"--groups",
|
|
258
|
+
"--sessions",
|
|
259
|
+
"--disks",
|
|
260
|
+
"--loggedon-users",
|
|
261
|
+
]
|
|
262
|
+
)
|
|
190
263
|
|
|
191
264
|
if has_enum and not has_creds:
|
|
192
265
|
insert_pos = 2 + len(target_list)
|
|
193
|
-
cmd.insert(insert_pos,
|
|
194
|
-
cmd.insert(insert_pos + 1,
|
|
195
|
-
cmd.insert(insert_pos + 2,
|
|
196
|
-
cmd.insert(insert_pos + 3,
|
|
266
|
+
cmd.insert(insert_pos, "-u")
|
|
267
|
+
cmd.insert(insert_pos + 1, "")
|
|
268
|
+
cmd.insert(insert_pos + 2, "-p")
|
|
269
|
+
cmd.insert(insert_pos + 3, "")
|
|
197
270
|
|
|
198
|
-
return {
|
|
199
|
-
'cmd': cmd,
|
|
200
|
-
'timeout': 1800
|
|
201
|
-
}
|
|
271
|
+
return {"cmd": cmd, "timeout": 1800}
|
|
202
272
|
|
|
203
|
-
def run(
|
|
273
|
+
def run(
|
|
274
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
275
|
+
) -> int:
|
|
204
276
|
"""Execute CrackMapExec (NetExec) and write output to log_path."""
|
|
205
277
|
|
|
206
278
|
# Handle multiple space-separated IPs (from multi-host selection)
|
|
207
279
|
# NetExec needs them as separate arguments, not a single string
|
|
208
280
|
target_list = []
|
|
209
|
-
if
|
|
281
|
+
if " " in target:
|
|
210
282
|
# Multiple IPs separated by spaces
|
|
211
283
|
for ip in target.split():
|
|
212
284
|
ip = ip.strip()
|
|
@@ -217,7 +289,7 @@ class CrackMapExecPlugin(PluginBase):
|
|
|
217
289
|
target_list.append(validated)
|
|
218
290
|
except ValidationError as e:
|
|
219
291
|
if log_path:
|
|
220
|
-
with open(log_path,
|
|
292
|
+
with open(log_path, "w") as f:
|
|
221
293
|
f.write(f"ERROR: Invalid target '{ip}': {e}\n")
|
|
222
294
|
return 1
|
|
223
295
|
raise ValueError(f"Invalid target '{ip}': {e}")
|
|
@@ -228,7 +300,7 @@ class CrackMapExecPlugin(PluginBase):
|
|
|
228
300
|
target_list = [target]
|
|
229
301
|
except ValidationError as e:
|
|
230
302
|
if log_path:
|
|
231
|
-
with open(log_path,
|
|
303
|
+
with open(log_path, "w") as f:
|
|
232
304
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
233
305
|
return 1
|
|
234
306
|
raise ValueError(f"Invalid target: {e}")
|
|
@@ -239,7 +311,24 @@ class CrackMapExecPlugin(PluginBase):
|
|
|
239
311
|
args = [arg.replace("<target>", target_list[0]) for arg in args]
|
|
240
312
|
|
|
241
313
|
# Detect protocol (first arg should be protocol)
|
|
242
|
-
protocol =
|
|
314
|
+
protocol = (
|
|
315
|
+
args[0]
|
|
316
|
+
if args
|
|
317
|
+
and args[0]
|
|
318
|
+
in [
|
|
319
|
+
"smb",
|
|
320
|
+
"winrm",
|
|
321
|
+
"mssql",
|
|
322
|
+
"ldap",
|
|
323
|
+
"ssh",
|
|
324
|
+
"rdp",
|
|
325
|
+
"ftp",
|
|
326
|
+
"vnc",
|
|
327
|
+
"nfs",
|
|
328
|
+
"wmi",
|
|
329
|
+
]
|
|
330
|
+
else "smb"
|
|
331
|
+
)
|
|
243
332
|
|
|
244
333
|
# Use netexec (successor to crackmapexec)
|
|
245
334
|
# Add all targets as separate arguments (NetExec supports multiple targets)
|
|
@@ -251,11 +340,21 @@ class CrackMapExecPlugin(PluginBase):
|
|
|
251
340
|
elif protocol not in args:
|
|
252
341
|
# No protocol specified in args, add default behavior
|
|
253
342
|
cmd.extend(["--shares"])
|
|
254
|
-
|
|
343
|
+
|
|
255
344
|
# Auto-add null credentials for unauthenticated enumeration if no creds specified
|
|
256
345
|
# Check if -u or --username already in command
|
|
257
|
-
has_creds = any(arg in cmd for arg in [
|
|
258
|
-
has_enum = any(
|
|
346
|
+
has_creds = any(arg in cmd for arg in ["-u", "--username", "-p", "--password"])
|
|
347
|
+
has_enum = any(
|
|
348
|
+
arg in cmd
|
|
349
|
+
for arg in [
|
|
350
|
+
"--shares",
|
|
351
|
+
"--users",
|
|
352
|
+
"--groups",
|
|
353
|
+
"--sessions",
|
|
354
|
+
"--disks",
|
|
355
|
+
"--loggedon-users",
|
|
356
|
+
]
|
|
357
|
+
)
|
|
259
358
|
|
|
260
359
|
if has_enum and not has_creds:
|
|
261
360
|
# Add null session credentials after ALL targets but before flags
|
|
@@ -263,14 +362,16 @@ class CrackMapExecPlugin(PluginBase):
|
|
|
263
362
|
# Example: ['netexec', 'smb', '10.0.0.14', '10.0.0.82', '--shares']
|
|
264
363
|
# Insert at position 4: ['netexec', 'smb', '10.0.0.14', '10.0.0.82', '-u', '', '-p', '', '--shares']
|
|
265
364
|
insert_pos = 2 + len(target_list)
|
|
266
|
-
cmd.insert(insert_pos,
|
|
267
|
-
cmd.insert(insert_pos + 1,
|
|
268
|
-
cmd.insert(insert_pos + 2,
|
|
269
|
-
cmd.insert(insert_pos + 3,
|
|
365
|
+
cmd.insert(insert_pos, "-u")
|
|
366
|
+
cmd.insert(insert_pos + 1, "")
|
|
367
|
+
cmd.insert(insert_pos + 2, "-p")
|
|
368
|
+
cmd.insert(insert_pos + 3, "")
|
|
270
369
|
|
|
271
370
|
if not log_path:
|
|
272
371
|
try:
|
|
273
|
-
proc = subprocess.run(
|
|
372
|
+
proc = subprocess.run(
|
|
373
|
+
cmd, capture_output=True, timeout=300, check=False
|
|
374
|
+
)
|
|
274
375
|
return proc.returncode
|
|
275
376
|
except Exception:
|
|
276
377
|
return 1
|
|
@@ -281,18 +382,18 @@ class CrackMapExecPlugin(PluginBase):
|
|
|
281
382
|
fh.write(f"Target(s): {' '.join(target_list)}\n")
|
|
282
383
|
fh.write(f"Protocol: {protocol}\n")
|
|
283
384
|
fh.write(f"Command: {' '.join(cmd)}\n")
|
|
284
|
-
fh.write(
|
|
385
|
+
fh.write(
|
|
386
|
+
f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n\n"
|
|
387
|
+
)
|
|
285
388
|
fh.flush()
|
|
286
389
|
|
|
287
390
|
proc = subprocess.run(
|
|
288
|
-
cmd,
|
|
289
|
-
stdout=fh,
|
|
290
|
-
stderr=subprocess.STDOUT,
|
|
291
|
-
timeout=300,
|
|
292
|
-
check=False
|
|
391
|
+
cmd, stdout=fh, stderr=subprocess.STDOUT, timeout=300, check=False
|
|
293
392
|
)
|
|
294
393
|
|
|
295
|
-
fh.write(
|
|
394
|
+
fh.write(
|
|
395
|
+
f"\n\nCompleted: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
|
|
396
|
+
)
|
|
296
397
|
fh.write(f"Exit Code: {proc.returncode}\n")
|
|
297
398
|
|
|
298
399
|
return proc.returncode
|