souleyez 2.43.29__py3-none-any.whl → 2.43.32__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -2
- souleyez/ai/__init__.py +21 -15
- souleyez/ai/action_mapper.py +249 -150
- souleyez/ai/chain_advisor.py +116 -100
- souleyez/ai/claude_provider.py +29 -28
- souleyez/ai/context_builder.py +80 -62
- souleyez/ai/executor.py +158 -117
- souleyez/ai/feedback_handler.py +136 -121
- souleyez/ai/llm_factory.py +27 -20
- souleyez/ai/llm_provider.py +4 -2
- souleyez/ai/ollama_provider.py +6 -9
- souleyez/ai/ollama_service.py +44 -37
- souleyez/ai/path_scorer.py +91 -76
- souleyez/ai/recommender.py +176 -144
- souleyez/ai/report_context.py +74 -73
- souleyez/ai/report_service.py +84 -66
- souleyez/ai/result_parser.py +222 -229
- souleyez/ai/safety.py +67 -44
- souleyez/auth/__init__.py +23 -22
- souleyez/auth/audit.py +36 -26
- souleyez/auth/engagement_access.py +65 -48
- souleyez/auth/permissions.py +14 -3
- souleyez/auth/session_manager.py +54 -37
- souleyez/auth/user_manager.py +109 -64
- souleyez/commands/audit.py +40 -43
- souleyez/commands/auth.py +35 -15
- souleyez/commands/deliverables.py +55 -50
- souleyez/commands/engagement.py +47 -28
- souleyez/commands/license.py +32 -23
- souleyez/commands/screenshots.py +36 -32
- souleyez/commands/user.py +82 -36
- souleyez/config.py +52 -44
- souleyez/core/credential_tester.py +87 -81
- souleyez/core/cve_mappings.py +179 -192
- souleyez/core/cve_matcher.py +162 -148
- souleyez/core/msf_auto_mapper.py +100 -83
- souleyez/core/msf_chain_engine.py +294 -256
- souleyez/core/msf_database.py +153 -70
- souleyez/core/msf_integration.py +679 -673
- souleyez/core/msf_rpc_client.py +40 -42
- souleyez/core/msf_rpc_manager.py +77 -79
- souleyez/core/msf_sync_manager.py +241 -181
- souleyez/core/network_utils.py +22 -15
- souleyez/core/parser_handler.py +34 -25
- souleyez/core/pending_chains.py +114 -63
- souleyez/core/templates.py +158 -107
- souleyez/core/tool_chaining.py +9592 -2879
- souleyez/core/version_utils.py +79 -94
- souleyez/core/vuln_correlation.py +136 -89
- souleyez/core/web_utils.py +33 -32
- souleyez/data/wordlists/ad_users.txt +378 -0
- souleyez/data/wordlists/api_endpoints_large.txt +769 -0
- souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
- souleyez/data/wordlists/lfi_payloads.txt +82 -0
- souleyez/data/wordlists/passwords_brute.txt +1548 -0
- souleyez/data/wordlists/passwords_crack.txt +2479 -0
- souleyez/data/wordlists/passwords_spray.txt +386 -0
- souleyez/data/wordlists/subdomains_large.txt +5057 -0
- souleyez/data/wordlists/usernames_common.txt +694 -0
- souleyez/data/wordlists/web_dirs_large.txt +4769 -0
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +12 -17
- souleyez/detection/mitre_mappings.py +61 -55
- souleyez/detection/validator.py +97 -86
- souleyez/devtools.py +23 -10
- souleyez/docs/README.md +4 -4
- souleyez/docs/api-reference/cli-commands.md +2 -2
- souleyez/docs/developer-guide/adding-new-tools.md +562 -0
- souleyez/docs/user-guide/auto-chaining.md +30 -8
- souleyez/docs/user-guide/getting-started.md +1 -1
- souleyez/docs/user-guide/installation.md +26 -3
- souleyez/docs/user-guide/metasploit-integration.md +2 -2
- souleyez/docs/user-guide/rbac.md +1 -1
- souleyez/docs/user-guide/scope-management.md +1 -1
- souleyez/docs/user-guide/siem-integration.md +1 -1
- souleyez/docs/user-guide/tools-reference.md +1 -8
- souleyez/docs/user-guide/worker-management.md +1 -1
- souleyez/engine/background.py +1238 -535
- souleyez/engine/base.py +4 -1
- souleyez/engine/job_status.py +17 -49
- souleyez/engine/log_sanitizer.py +103 -77
- souleyez/engine/manager.py +38 -7
- souleyez/engine/result_handler.py +2198 -1550
- souleyez/engine/worker_manager.py +50 -41
- souleyez/export/evidence_bundle.py +72 -62
- souleyez/feature_flags/features.py +16 -20
- souleyez/feature_flags.py +5 -9
- souleyez/handlers/__init__.py +11 -0
- souleyez/handlers/base.py +188 -0
- souleyez/handlers/bash_handler.py +277 -0
- souleyez/handlers/bloodhound_handler.py +243 -0
- souleyez/handlers/certipy_handler.py +311 -0
- souleyez/handlers/crackmapexec_handler.py +486 -0
- souleyez/handlers/dnsrecon_handler.py +344 -0
- souleyez/handlers/enum4linux_handler.py +400 -0
- souleyez/handlers/evil_winrm_handler.py +493 -0
- souleyez/handlers/ffuf_handler.py +815 -0
- souleyez/handlers/gobuster_handler.py +1114 -0
- souleyez/handlers/gpp_extract_handler.py +334 -0
- souleyez/handlers/hashcat_handler.py +444 -0
- souleyez/handlers/hydra_handler.py +563 -0
- souleyez/handlers/impacket_getuserspns_handler.py +343 -0
- souleyez/handlers/impacket_psexec_handler.py +222 -0
- souleyez/handlers/impacket_secretsdump_handler.py +426 -0
- souleyez/handlers/john_handler.py +286 -0
- souleyez/handlers/katana_handler.py +425 -0
- souleyez/handlers/kerbrute_handler.py +298 -0
- souleyez/handlers/ldapsearch_handler.py +636 -0
- souleyez/handlers/lfi_extract_handler.py +464 -0
- souleyez/handlers/msf_auxiliary_handler.py +408 -0
- souleyez/handlers/msf_exploit_handler.py +380 -0
- souleyez/handlers/nikto_handler.py +413 -0
- souleyez/handlers/nmap_handler.py +821 -0
- souleyez/handlers/nuclei_handler.py +359 -0
- souleyez/handlers/nxc_handler.py +371 -0
- souleyez/handlers/rdp_sec_check_handler.py +353 -0
- souleyez/handlers/registry.py +288 -0
- souleyez/handlers/responder_handler.py +232 -0
- souleyez/handlers/service_explorer_handler.py +434 -0
- souleyez/handlers/smbclient_handler.py +344 -0
- souleyez/handlers/smbmap_handler.py +510 -0
- souleyez/handlers/smbpasswd_handler.py +296 -0
- souleyez/handlers/sqlmap_handler.py +1116 -0
- souleyez/handlers/theharvester_handler.py +601 -0
- souleyez/handlers/whois_handler.py +277 -0
- souleyez/handlers/wpscan_handler.py +554 -0
- souleyez/history.py +32 -16
- souleyez/importers/msf_importer.py +106 -75
- souleyez/importers/smart_importer.py +208 -147
- souleyez/integrations/siem/__init__.py +10 -10
- souleyez/integrations/siem/base.py +17 -18
- souleyez/integrations/siem/elastic.py +108 -122
- souleyez/integrations/siem/factory.py +207 -80
- souleyez/integrations/siem/googlesecops.py +146 -154
- souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
- souleyez/integrations/siem/sentinel.py +107 -109
- souleyez/integrations/siem/splunk.py +246 -212
- souleyez/integrations/siem/wazuh.py +65 -71
- souleyez/integrations/wazuh/__init__.py +5 -5
- souleyez/integrations/wazuh/client.py +70 -93
- souleyez/integrations/wazuh/config.py +85 -57
- souleyez/integrations/wazuh/host_mapper.py +28 -36
- souleyez/integrations/wazuh/sync.py +78 -68
- souleyez/intelligence/__init__.py +4 -5
- souleyez/intelligence/correlation_analyzer.py +309 -295
- souleyez/intelligence/exploit_knowledge.py +661 -623
- souleyez/intelligence/exploit_suggestions.py +159 -139
- souleyez/intelligence/gap_analyzer.py +132 -97
- souleyez/intelligence/gap_detector.py +251 -214
- souleyez/intelligence/sensitive_tables.py +266 -129
- souleyez/intelligence/service_parser.py +137 -123
- souleyez/intelligence/surface_analyzer.py +407 -268
- souleyez/intelligence/target_parser.py +159 -162
- souleyez/licensing/__init__.py +6 -6
- souleyez/licensing/validator.py +17 -19
- souleyez/log_config.py +79 -54
- souleyez/main.py +1505 -687
- souleyez/migrations/fix_job_counter.py +16 -14
- souleyez/parsers/bloodhound_parser.py +41 -39
- souleyez/parsers/crackmapexec_parser.py +178 -111
- souleyez/parsers/dalfox_parser.py +72 -77
- souleyez/parsers/dnsrecon_parser.py +103 -91
- souleyez/parsers/enum4linux_parser.py +183 -153
- souleyez/parsers/ffuf_parser.py +29 -25
- souleyez/parsers/gobuster_parser.py +301 -41
- souleyez/parsers/hashcat_parser.py +324 -79
- souleyez/parsers/http_fingerprint_parser.py +350 -103
- souleyez/parsers/hydra_parser.py +131 -111
- souleyez/parsers/impacket_parser.py +231 -178
- souleyez/parsers/john_parser.py +98 -86
- souleyez/parsers/katana_parser.py +316 -0
- souleyez/parsers/msf_parser.py +943 -498
- souleyez/parsers/nikto_parser.py +346 -65
- souleyez/parsers/nmap_parser.py +262 -174
- souleyez/parsers/nuclei_parser.py +40 -44
- souleyez/parsers/responder_parser.py +26 -26
- souleyez/parsers/searchsploit_parser.py +74 -74
- souleyez/parsers/service_explorer_parser.py +279 -0
- souleyez/parsers/smbmap_parser.py +180 -124
- souleyez/parsers/sqlmap_parser.py +434 -308
- souleyez/parsers/theharvester_parser.py +75 -57
- souleyez/parsers/whois_parser.py +135 -94
- souleyez/parsers/wpscan_parser.py +278 -190
- souleyez/plugins/afp.py +44 -36
- souleyez/plugins/afp_brute.py +114 -46
- souleyez/plugins/ard.py +48 -37
- souleyez/plugins/bloodhound.py +95 -61
- souleyez/plugins/certipy.py +303 -0
- souleyez/plugins/crackmapexec.py +186 -85
- souleyez/plugins/dalfox.py +120 -59
- souleyez/plugins/dns_hijack.py +146 -41
- souleyez/plugins/dnsrecon.py +97 -61
- souleyez/plugins/enum4linux.py +91 -66
- souleyez/plugins/evil_winrm.py +291 -0
- souleyez/plugins/ffuf.py +166 -90
- souleyez/plugins/firmware_extract.py +133 -29
- souleyez/plugins/gobuster.py +387 -190
- souleyez/plugins/gpp_extract.py +393 -0
- souleyez/plugins/hashcat.py +100 -73
- souleyez/plugins/http_fingerprint.py +854 -267
- souleyez/plugins/hydra.py +566 -200
- souleyez/plugins/impacket_getnpusers.py +117 -69
- souleyez/plugins/impacket_psexec.py +84 -64
- souleyez/plugins/impacket_secretsdump.py +103 -69
- souleyez/plugins/impacket_smbclient.py +89 -75
- souleyez/plugins/john.py +86 -69
- souleyez/plugins/katana.py +313 -0
- souleyez/plugins/kerbrute.py +237 -0
- souleyez/plugins/lfi_extract.py +541 -0
- souleyez/plugins/macos_ssh.py +117 -48
- souleyez/plugins/mdns.py +35 -30
- souleyez/plugins/msf_auxiliary.py +253 -130
- souleyez/plugins/msf_exploit.py +239 -161
- souleyez/plugins/nikto.py +134 -78
- souleyez/plugins/nmap.py +275 -91
- souleyez/plugins/nuclei.py +180 -89
- souleyez/plugins/nxc.py +285 -0
- souleyez/plugins/plugin_base.py +35 -36
- souleyez/plugins/plugin_template.py +13 -5
- souleyez/plugins/rdp_sec_check.py +130 -0
- souleyez/plugins/responder.py +112 -71
- souleyez/plugins/router_http_brute.py +76 -65
- souleyez/plugins/router_ssh_brute.py +118 -41
- souleyez/plugins/router_telnet_brute.py +124 -42
- souleyez/plugins/routersploit.py +91 -59
- souleyez/plugins/routersploit_exploit.py +77 -55
- souleyez/plugins/searchsploit.py +91 -77
- souleyez/plugins/service_explorer.py +1160 -0
- souleyez/plugins/smbmap.py +122 -72
- souleyez/plugins/smbpasswd.py +215 -0
- souleyez/plugins/sqlmap.py +301 -113
- souleyez/plugins/theharvester.py +127 -75
- souleyez/plugins/tr069.py +79 -57
- souleyez/plugins/upnp.py +65 -47
- souleyez/plugins/upnp_abuse.py +73 -55
- souleyez/plugins/vnc_access.py +129 -42
- souleyez/plugins/vnc_brute.py +109 -38
- souleyez/plugins/whois.py +77 -58
- souleyez/plugins/wpscan.py +173 -69
- souleyez/reporting/__init__.py +2 -1
- souleyez/reporting/attack_chain.py +411 -346
- souleyez/reporting/charts.py +436 -501
- souleyez/reporting/compliance_mappings.py +334 -201
- souleyez/reporting/detection_report.py +126 -125
- souleyez/reporting/formatters.py +828 -591
- souleyez/reporting/generator.py +386 -302
- souleyez/reporting/metrics.py +72 -75
- souleyez/scanner.py +35 -29
- souleyez/security/__init__.py +37 -11
- souleyez/security/scope_validator.py +175 -106
- souleyez/security/validation.py +223 -149
- souleyez/security.py +22 -6
- souleyez/storage/credentials.py +247 -186
- souleyez/storage/crypto.py +296 -129
- souleyez/storage/database.py +73 -50
- souleyez/storage/db.py +58 -36
- souleyez/storage/deliverable_evidence.py +177 -128
- souleyez/storage/deliverable_exporter.py +282 -246
- souleyez/storage/deliverable_templates.py +134 -116
- souleyez/storage/deliverables.py +135 -130
- souleyez/storage/engagements.py +109 -56
- souleyez/storage/evidence.py +181 -152
- souleyez/storage/execution_log.py +31 -17
- souleyez/storage/exploit_attempts.py +93 -57
- souleyez/storage/exploits.py +67 -36
- souleyez/storage/findings.py +48 -61
- souleyez/storage/hosts.py +176 -144
- souleyez/storage/migrate_to_engagements.py +43 -19
- souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
- souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
- souleyez/storage/migrations/_003_add_execution_log.py +14 -8
- souleyez/storage/migrations/_005_screenshots.py +13 -5
- souleyez/storage/migrations/_006_deliverables.py +13 -5
- souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
- souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
- souleyez/storage/migrations/_010_evidence_linking.py +17 -10
- souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
- souleyez/storage/migrations/_012_team_collaboration.py +34 -21
- souleyez/storage/migrations/_013_add_host_tags.py +12 -6
- souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
- souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
- souleyez/storage/migrations/_016_add_domain_field.py +10 -4
- souleyez/storage/migrations/_017_msf_sessions.py +16 -8
- souleyez/storage/migrations/_018_add_osint_target.py +10 -6
- souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
- souleyez/storage/migrations/_020_add_rbac.py +36 -15
- souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
- souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
- souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
- souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
- souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
- souleyez/storage/migrations/__init__.py +26 -26
- souleyez/storage/migrations/migration_manager.py +19 -19
- souleyez/storage/msf_sessions.py +100 -65
- souleyez/storage/osint.py +17 -24
- souleyez/storage/recommendation_engine.py +269 -235
- souleyez/storage/screenshots.py +33 -32
- souleyez/storage/smb_shares.py +136 -92
- souleyez/storage/sqlmap_data.py +183 -128
- souleyez/storage/team_collaboration.py +135 -141
- souleyez/storage/timeline_tracker.py +122 -94
- souleyez/storage/wazuh_vulns.py +64 -66
- souleyez/storage/web_paths.py +33 -37
- souleyez/testing/credential_tester.py +221 -205
- souleyez/ui/__init__.py +1 -1
- souleyez/ui/ai_quotes.py +12 -12
- souleyez/ui/attack_surface.py +2439 -1516
- souleyez/ui/chain_rules_view.py +914 -382
- souleyez/ui/correlation_view.py +312 -230
- souleyez/ui/dashboard.py +2382 -1130
- souleyez/ui/deliverables_view.py +148 -62
- souleyez/ui/design_system.py +13 -13
- souleyez/ui/errors.py +49 -49
- souleyez/ui/evidence_linking_view.py +284 -179
- souleyez/ui/evidence_vault.py +393 -285
- souleyez/ui/exploit_suggestions_view.py +555 -349
- souleyez/ui/export_view.py +100 -66
- souleyez/ui/gap_analysis_view.py +315 -171
- souleyez/ui/help_system.py +105 -97
- souleyez/ui/intelligence_view.py +436 -293
- souleyez/ui/interactive.py +22783 -10678
- souleyez/ui/interactive_selector.py +75 -68
- souleyez/ui/log_formatter.py +47 -39
- souleyez/ui/menu_components.py +22 -13
- souleyez/ui/msf_auxiliary_menu.py +184 -133
- souleyez/ui/pending_chains_view.py +336 -172
- souleyez/ui/progress_indicators.py +5 -3
- souleyez/ui/recommendations_view.py +195 -137
- souleyez/ui/rule_builder.py +343 -225
- souleyez/ui/setup_wizard.py +678 -284
- souleyez/ui/shortcuts.py +217 -165
- souleyez/ui/splunk_gap_analysis_view.py +452 -270
- souleyez/ui/splunk_vulns_view.py +139 -86
- souleyez/ui/team_dashboard.py +498 -335
- souleyez/ui/template_selector.py +196 -105
- souleyez/ui/terminal.py +6 -6
- souleyez/ui/timeline_view.py +198 -127
- souleyez/ui/tool_setup.py +264 -164
- souleyez/ui/tutorial.py +202 -72
- souleyez/ui/tutorial_state.py +40 -40
- souleyez/ui/wazuh_vulns_view.py +235 -141
- souleyez/ui/wordlist_browser.py +260 -107
- souleyez/ui.py +464 -312
- souleyez/utils/tool_checker.py +427 -367
- souleyez/utils.py +33 -29
- souleyez/wordlists.py +134 -167
- {souleyez-2.43.29.dist-info → souleyez-2.43.32.dist-info}/METADATA +1 -1
- souleyez-2.43.32.dist-info/RECORD +441 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.32.dist-info}/WHEEL +1 -1
- souleyez-2.43.29.dist-info/RECORD +0 -379
- {souleyez-2.43.29.dist-info → souleyez-2.43.32.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.32.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.32.dist-info}/top_level.txt +0 -0
|
@@ -26,15 +26,15 @@ HELP = {
|
|
|
26
26
|
"- Convert interesting output into Findings so nothing gets lost.\n\n"
|
|
27
27
|
"💡 Tip: For MSF import/export/console, see Main Menu → [i] MSF Integration\n"
|
|
28
28
|
),
|
|
29
|
-
"usage":
|
|
29
|
+
"usage": 'souleyez jobs enqueue msf_auxiliary <target> --args "<module_path>"',
|
|
30
30
|
"examples": [
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
31
|
+
'souleyez jobs enqueue msf_auxiliary 10.0.0.82 --args "auxiliary/scanner/ssh/ssh_enumusers"',
|
|
32
|
+
'souleyez jobs enqueue msf_auxiliary 10.0.0.82 --args "auxiliary/scanner/smtp/smtp_enum"',
|
|
33
|
+
'souleyez jobs enqueue msf_auxiliary 10.0.0.82 --args "auxiliary/scanner/nfs/nfsmount"',
|
|
34
|
+
'souleyez jobs enqueue msf_auxiliary 10.0.0.82 --args "auxiliary/scanner/smb/smb_enumshares"',
|
|
35
|
+
'souleyez jobs enqueue msf_auxiliary 10.0.0.82 --args "auxiliary/scanner/ssh/ssh_login USERNAME=root PASSWORD=toor"',
|
|
36
|
+
'souleyez jobs enqueue msf_auxiliary 10.0.0.1/24 --args "auxiliary/scanner/ssh/ssh_login USER_FILE=data/wordlists/all_users.txt PASS_FILE=data/wordlists/msf_passwords.txt"',
|
|
37
|
+
'souleyez jobs enqueue msf_auxiliary 10.0.0.82 --args "auxiliary/scanner/mysql/mysql_login USERNAME=root PASS_FILE=data/wordlists/msf_passwords.txt THREADS=5"',
|
|
38
38
|
],
|
|
39
39
|
"preset_categories": {
|
|
40
40
|
"enumeration": [
|
|
@@ -43,127 +43,130 @@ HELP = {
|
|
|
43
43
|
"args": ["auxiliary/scanner/smb/smb_enumshares"],
|
|
44
44
|
"desc": "Enumerate SMB shares",
|
|
45
45
|
"services": ["smb", "microsoft-ds", "netbios-ssn"],
|
|
46
|
-
"ports": [139, 445]
|
|
46
|
+
"ports": [139, 445],
|
|
47
47
|
},
|
|
48
48
|
{
|
|
49
49
|
"name": "SMB Users",
|
|
50
50
|
"args": ["auxiliary/scanner/smb/smb_enumusers"],
|
|
51
51
|
"desc": "Enumerate SMB users via RID cycling",
|
|
52
52
|
"services": ["smb", "microsoft-ds", "netbios-ssn"],
|
|
53
|
-
"ports": [139, 445]
|
|
53
|
+
"ports": [139, 445],
|
|
54
54
|
},
|
|
55
55
|
{
|
|
56
56
|
"name": "SMB Version Detection",
|
|
57
57
|
"args": ["auxiliary/scanner/smb/smb_version"],
|
|
58
58
|
"desc": "Detect SMB version and OS info",
|
|
59
59
|
"services": ["smb", "microsoft-ds", "netbios-ssn"],
|
|
60
|
-
"ports": [139, 445]
|
|
60
|
+
"ports": [139, 445],
|
|
61
61
|
},
|
|
62
62
|
{
|
|
63
63
|
"name": "SSH Version Detection",
|
|
64
64
|
"args": ["auxiliary/scanner/ssh/ssh_version"],
|
|
65
65
|
"desc": "Detect SSH version and fingerprint",
|
|
66
66
|
"services": ["ssh"],
|
|
67
|
-
"ports": [22]
|
|
67
|
+
"ports": [22],
|
|
68
68
|
},
|
|
69
69
|
{
|
|
70
70
|
"name": "SSH Users",
|
|
71
|
-
"args": [
|
|
71
|
+
"args": [
|
|
72
|
+
"auxiliary/scanner/ssh/ssh_enumusers",
|
|
73
|
+
"USER_FILE=data/wordlists/soul_users.txt",
|
|
74
|
+
],
|
|
72
75
|
"desc": "Enumerate SSH users via timing attack",
|
|
73
76
|
"services": ["ssh"],
|
|
74
|
-
"ports": [22]
|
|
77
|
+
"ports": [22],
|
|
75
78
|
},
|
|
76
79
|
{
|
|
77
80
|
"name": "FTP Anonymous Check",
|
|
78
81
|
"args": ["auxiliary/scanner/ftp/anonymous"],
|
|
79
82
|
"desc": "Check for anonymous FTP access",
|
|
80
83
|
"services": ["ftp"],
|
|
81
|
-
"ports": [21]
|
|
84
|
+
"ports": [21],
|
|
82
85
|
},
|
|
83
86
|
{
|
|
84
87
|
"name": "FTP Version Detection",
|
|
85
88
|
"args": ["auxiliary/scanner/ftp/ftp_version"],
|
|
86
89
|
"desc": "Detect FTP server version",
|
|
87
90
|
"services": ["ftp"],
|
|
88
|
-
"ports": [21]
|
|
91
|
+
"ports": [21],
|
|
89
92
|
},
|
|
90
93
|
{
|
|
91
94
|
"name": "SMTP Users",
|
|
92
95
|
"args": ["auxiliary/scanner/smtp/smtp_enum"],
|
|
93
96
|
"desc": "Enumerate SMTP users via VRFY/EXPN/RCPT",
|
|
94
97
|
"services": ["smtp"],
|
|
95
|
-
"ports": [25, 465, 587]
|
|
98
|
+
"ports": [25, 465, 587],
|
|
96
99
|
},
|
|
97
100
|
{
|
|
98
101
|
"name": "SMTP Version",
|
|
99
102
|
"args": ["auxiliary/scanner/smtp/smtp_version"],
|
|
100
103
|
"desc": "Detect SMTP server version",
|
|
101
104
|
"services": ["smtp"],
|
|
102
|
-
"ports": [25, 465, 587]
|
|
105
|
+
"ports": [25, 465, 587],
|
|
103
106
|
},
|
|
104
107
|
{
|
|
105
108
|
"name": "SNMP Community Scanner",
|
|
106
109
|
"args": ["auxiliary/scanner/snmp/snmp_login"],
|
|
107
110
|
"desc": "Test SNMP community strings",
|
|
108
111
|
"services": ["snmp"],
|
|
109
|
-
"ports": [161]
|
|
112
|
+
"ports": [161],
|
|
110
113
|
},
|
|
111
114
|
{
|
|
112
115
|
"name": "SNMP Enumeration",
|
|
113
116
|
"args": ["auxiliary/scanner/snmp/snmp_enum"],
|
|
114
117
|
"desc": "Extract system info via SNMP",
|
|
115
118
|
"services": ["snmp"],
|
|
116
|
-
"ports": [161]
|
|
119
|
+
"ports": [161],
|
|
117
120
|
},
|
|
118
121
|
{
|
|
119
122
|
"name": "NFS Shares",
|
|
120
123
|
"args": ["auxiliary/scanner/nfs/nfsmount"],
|
|
121
124
|
"desc": "Enumerate NFS mounts",
|
|
122
125
|
"services": ["nfs", "nfsd", "rpcbind"],
|
|
123
|
-
"ports": [111, 2049]
|
|
126
|
+
"ports": [111, 2049],
|
|
124
127
|
},
|
|
125
128
|
{
|
|
126
129
|
"name": "VNC None Auth Scanner",
|
|
127
130
|
"args": ["auxiliary/scanner/vnc/vnc_none_auth"],
|
|
128
131
|
"desc": "Find VNC servers with no authentication",
|
|
129
132
|
"services": ["vnc"],
|
|
130
|
-
"ports": [5900, 5901, 5902]
|
|
133
|
+
"ports": [5900, 5901, 5902],
|
|
131
134
|
},
|
|
132
135
|
{
|
|
133
136
|
"name": "RDP Scanner",
|
|
134
137
|
"args": ["auxiliary/scanner/rdp/rdp_scanner"],
|
|
135
138
|
"desc": "Detect RDP and check NLA settings",
|
|
136
139
|
"services": ["rdp", "ms-wbt-server"],
|
|
137
|
-
"ports": [3389]
|
|
140
|
+
"ports": [3389],
|
|
138
141
|
},
|
|
139
142
|
{
|
|
140
143
|
"name": "HTTP Version Detection",
|
|
141
144
|
"args": ["auxiliary/scanner/http/http_version"],
|
|
142
145
|
"desc": "Detect HTTP server version and headers",
|
|
143
146
|
"services": ["http", "https", "http-proxy"],
|
|
144
|
-
"ports": [80, 443, 8080, 8443]
|
|
147
|
+
"ports": [80, 443, 8080, 8443],
|
|
145
148
|
},
|
|
146
149
|
{
|
|
147
150
|
"name": "HTTP Robots.txt Scanner",
|
|
148
151
|
"args": ["auxiliary/scanner/http/robots_txt"],
|
|
149
152
|
"desc": "Check for robots.txt and parse entries",
|
|
150
153
|
"services": ["http", "https"],
|
|
151
|
-
"ports": [80, 443, 8080, 8443]
|
|
154
|
+
"ports": [80, 443, 8080, 8443],
|
|
152
155
|
},
|
|
153
156
|
{
|
|
154
157
|
"name": "HTTP Directory Scanner",
|
|
155
158
|
"args": ["auxiliary/scanner/http/dir_scanner"],
|
|
156
159
|
"desc": "Brute force common web directories",
|
|
157
160
|
"services": ["http", "https"],
|
|
158
|
-
"ports": [80, 443, 8080, 8443]
|
|
161
|
+
"ports": [80, 443, 8080, 8443],
|
|
159
162
|
},
|
|
160
163
|
{
|
|
161
164
|
"name": "LDAP Query",
|
|
162
165
|
"args": ["auxiliary/gather/ldap_query"],
|
|
163
166
|
"desc": "Query LDAP for users, groups, computers",
|
|
164
167
|
"services": ["ldap", "ldaps"],
|
|
165
|
-
"ports": [389, 636]
|
|
166
|
-
}
|
|
168
|
+
"ports": [389, 636],
|
|
169
|
+
},
|
|
167
170
|
],
|
|
168
171
|
"vulnerability_scanning": [
|
|
169
172
|
{
|
|
@@ -172,29 +175,29 @@ HELP = {
|
|
|
172
175
|
"desc": "Check for MS17-010 (EternalBlue) vulnerability",
|
|
173
176
|
"services": ["smb", "microsoft-ds"],
|
|
174
177
|
"ports": [445],
|
|
175
|
-
"priority_trigger": "smb"
|
|
178
|
+
"priority_trigger": "smb",
|
|
176
179
|
},
|
|
177
180
|
{
|
|
178
181
|
"name": "SSL/TLS Version Scanner",
|
|
179
182
|
"args": ["auxiliary/scanner/ssl/ssl_version"],
|
|
180
183
|
"desc": "Detect SSL/TLS versions and ciphers",
|
|
181
184
|
"services": ["https", "ssl", "tls"],
|
|
182
|
-
"ports": [443, 8443, 993, 995]
|
|
185
|
+
"ports": [443, 8443, 993, 995],
|
|
183
186
|
},
|
|
184
187
|
{
|
|
185
188
|
"name": "SSH Weak Algorithms",
|
|
186
189
|
"args": ["auxiliary/scanner/ssh/ssh_identify_pubkeys"],
|
|
187
190
|
"desc": "Identify SSH public keys and weak algorithms",
|
|
188
191
|
"services": ["ssh"],
|
|
189
|
-
"ports": [22]
|
|
192
|
+
"ports": [22],
|
|
190
193
|
},
|
|
191
194
|
{
|
|
192
195
|
"name": "HTTP PUT/DELETE Check",
|
|
193
196
|
"args": ["auxiliary/scanner/http/http_put"],
|
|
194
197
|
"desc": "Check for dangerous HTTP methods",
|
|
195
198
|
"services": ["http", "https"],
|
|
196
|
-
"ports": [80, 443]
|
|
197
|
-
}
|
|
199
|
+
"ports": [80, 443],
|
|
200
|
+
},
|
|
198
201
|
],
|
|
199
202
|
"login_bruteforce": [
|
|
200
203
|
{
|
|
@@ -202,64 +205,64 @@ HELP = {
|
|
|
202
205
|
"args": ["auxiliary/scanner/ssh/ssh_login"],
|
|
203
206
|
"desc": "Brute force SSH authentication",
|
|
204
207
|
"services": ["ssh"],
|
|
205
|
-
"ports": [22]
|
|
208
|
+
"ports": [22],
|
|
206
209
|
},
|
|
207
210
|
{
|
|
208
211
|
"name": "RDP Brute Force",
|
|
209
212
|
"args": ["auxiliary/scanner/rdp/rdp_login"],
|
|
210
213
|
"desc": "Brute force RDP authentication",
|
|
211
214
|
"services": ["rdp", "ms-wbt-server"],
|
|
212
|
-
"ports": [3389]
|
|
215
|
+
"ports": [3389],
|
|
213
216
|
},
|
|
214
217
|
{
|
|
215
218
|
"name": "SMB Brute Force",
|
|
216
219
|
"args": ["auxiliary/scanner/smb/smb_login"],
|
|
217
220
|
"desc": "Brute force SMB/Windows authentication",
|
|
218
221
|
"services": ["smb", "microsoft-ds"],
|
|
219
|
-
"ports": [445]
|
|
222
|
+
"ports": [445],
|
|
220
223
|
},
|
|
221
224
|
{
|
|
222
225
|
"name": "MySQL Brute Force",
|
|
223
226
|
"args": ["auxiliary/scanner/mysql/mysql_login"],
|
|
224
227
|
"desc": "Brute force MySQL authentication",
|
|
225
228
|
"services": ["mysql"],
|
|
226
|
-
"ports": [3306]
|
|
229
|
+
"ports": [3306],
|
|
227
230
|
},
|
|
228
231
|
{
|
|
229
232
|
"name": "PostgreSQL Brute Force",
|
|
230
233
|
"args": ["auxiliary/scanner/postgres/postgres_login"],
|
|
231
234
|
"desc": "Brute force PostgreSQL authentication",
|
|
232
235
|
"services": ["postgresql", "postgres"],
|
|
233
|
-
"ports": [5432]
|
|
236
|
+
"ports": [5432],
|
|
234
237
|
},
|
|
235
238
|
{
|
|
236
239
|
"name": "FTP Brute Force",
|
|
237
240
|
"args": ["auxiliary/scanner/ftp/ftp_login"],
|
|
238
241
|
"desc": "Brute force FTP authentication",
|
|
239
242
|
"services": ["ftp"],
|
|
240
|
-
"ports": [21]
|
|
243
|
+
"ports": [21],
|
|
241
244
|
},
|
|
242
245
|
{
|
|
243
246
|
"name": "Telnet Brute Force",
|
|
244
247
|
"args": ["auxiliary/scanner/telnet/telnet_login"],
|
|
245
248
|
"desc": "Brute force Telnet authentication",
|
|
246
249
|
"services": ["telnet"],
|
|
247
|
-
"ports": [23]
|
|
250
|
+
"ports": [23],
|
|
248
251
|
},
|
|
249
252
|
{
|
|
250
253
|
"name": "VNC Brute Force",
|
|
251
254
|
"args": ["auxiliary/scanner/vnc/vnc_login"],
|
|
252
255
|
"desc": "Brute force VNC authentication",
|
|
253
256
|
"services": ["vnc"],
|
|
254
|
-
"ports": [5900, 5901]
|
|
257
|
+
"ports": [5900, 5901],
|
|
255
258
|
},
|
|
256
259
|
{
|
|
257
260
|
"name": "HTTP Basic Auth",
|
|
258
261
|
"args": ["auxiliary/scanner/http/http_login"],
|
|
259
262
|
"desc": "Brute force HTTP Basic authentication",
|
|
260
263
|
"services": ["http", "https"],
|
|
261
|
-
"ports": [80, 443, 8080]
|
|
262
|
-
}
|
|
264
|
+
"ports": [80, 443, 8080],
|
|
265
|
+
},
|
|
263
266
|
],
|
|
264
267
|
"database_scanning": [
|
|
265
268
|
{
|
|
@@ -267,37 +270,37 @@ HELP = {
|
|
|
267
270
|
"args": ["auxiliary/scanner/mysql/mysql_version"],
|
|
268
271
|
"desc": "Detect MySQL version",
|
|
269
272
|
"services": ["mysql"],
|
|
270
|
-
"ports": [3306]
|
|
273
|
+
"ports": [3306],
|
|
271
274
|
},
|
|
272
275
|
{
|
|
273
276
|
"name": "PostgreSQL Version",
|
|
274
277
|
"args": ["auxiliary/scanner/postgres/postgres_version"],
|
|
275
278
|
"desc": "Detect PostgreSQL version",
|
|
276
279
|
"services": ["postgresql", "postgres"],
|
|
277
|
-
"ports": [5432]
|
|
280
|
+
"ports": [5432],
|
|
278
281
|
},
|
|
279
282
|
{
|
|
280
283
|
"name": "MSSQL Ping",
|
|
281
284
|
"args": ["auxiliary/scanner/mssql/mssql_ping"],
|
|
282
285
|
"desc": "Discover MSSQL instances",
|
|
283
286
|
"services": ["mssql", "ms-sql-s"],
|
|
284
|
-
"ports": [1433, 1434]
|
|
287
|
+
"ports": [1433, 1434],
|
|
285
288
|
},
|
|
286
289
|
{
|
|
287
290
|
"name": "MongoDB Scanner",
|
|
288
291
|
"args": ["auxiliary/scanner/mongodb/mongodb_login"],
|
|
289
292
|
"desc": "Check MongoDB authentication",
|
|
290
293
|
"services": ["mongodb"],
|
|
291
|
-
"ports": [27017]
|
|
294
|
+
"ports": [27017],
|
|
292
295
|
},
|
|
293
296
|
{
|
|
294
297
|
"name": "Redis Scanner",
|
|
295
298
|
"args": ["auxiliary/scanner/redis/redis_server"],
|
|
296
299
|
"desc": "Detect Redis server info",
|
|
297
300
|
"services": ["redis"],
|
|
298
|
-
"ports": [6379]
|
|
299
|
-
}
|
|
300
|
-
]
|
|
301
|
+
"ports": [6379],
|
|
302
|
+
},
|
|
303
|
+
],
|
|
301
304
|
},
|
|
302
305
|
"presets": [],
|
|
303
306
|
"common_options": {
|
|
@@ -312,66 +315,86 @@ HELP = {
|
|
|
312
315
|
"BLANK_PASSWORDS": "Try blank password for each user (true/false)",
|
|
313
316
|
"USER_AS_PASS": "Try username as password (true/false)",
|
|
314
317
|
"STOP_ON_SUCCESS": "Stop on first successful login (true/false)",
|
|
315
|
-
"VERBOSE": "Enable verbose output (true/false)"
|
|
318
|
+
"VERBOSE": "Enable verbose output (true/false)",
|
|
316
319
|
},
|
|
317
320
|
"notes": [
|
|
318
321
|
"Requires Metasploit Framework installed (msfconsole)",
|
|
319
322
|
"Runs modules non-interactively (-q -x flags)",
|
|
320
323
|
"Only works with auxiliary scanner modules",
|
|
321
|
-
"Cannot maintain sessions or run exploits"
|
|
324
|
+
"Cannot maintain sessions or run exploits",
|
|
322
325
|
],
|
|
323
326
|
"help_sections": [
|
|
324
327
|
{
|
|
325
328
|
"title": "What is MSF Auxiliary?",
|
|
326
329
|
"color": "cyan",
|
|
327
330
|
"content": [
|
|
328
|
-
{
|
|
329
|
-
|
|
330
|
-
"
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
"
|
|
334
|
-
|
|
335
|
-
|
|
331
|
+
{
|
|
332
|
+
"title": "Overview",
|
|
333
|
+
"desc": "MSF Auxiliary runs Metasploit Framework's auxiliary modules non-interactively for scanning, enumeration, and reconnaissance without spawning shells.",
|
|
334
|
+
},
|
|
335
|
+
{
|
|
336
|
+
"title": "Use Cases",
|
|
337
|
+
"desc": "Leverage Metasploit for recon and validation",
|
|
338
|
+
"tips": [
|
|
339
|
+
"Banner grabbing and service detection",
|
|
340
|
+
"Protocol probes and version checks",
|
|
341
|
+
"Credential validation and brute-forcing",
|
|
342
|
+
"Vulnerability scanning (MS17-010, etc.)",
|
|
343
|
+
],
|
|
344
|
+
},
|
|
345
|
+
],
|
|
336
346
|
},
|
|
337
347
|
{
|
|
338
348
|
"title": "How to Use",
|
|
339
349
|
"color": "green",
|
|
340
350
|
"content": [
|
|
341
|
-
{
|
|
342
|
-
|
|
343
|
-
"
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
"
|
|
347
|
-
|
|
348
|
-
|
|
351
|
+
{
|
|
352
|
+
"title": "Basic Workflow",
|
|
353
|
+
"desc": "1. Select appropriate auxiliary module\n 2. Set target (RHOSTS) and options\n 3. Run non-interactively and capture output\n 4. Convert results to findings",
|
|
354
|
+
},
|
|
355
|
+
{
|
|
356
|
+
"title": "Module Categories",
|
|
357
|
+
"desc": "Common auxiliary module types",
|
|
358
|
+
"tips": [
|
|
359
|
+
"Enumeration: SMB shares, users, SSH keys",
|
|
360
|
+
"Vulnerability: MS17-010, SSL/TLS checks",
|
|
361
|
+
"Login: SSH, RDP, SMB, MySQL brute-force",
|
|
362
|
+
"Database: MySQL, PostgreSQL, MSSQL scanning",
|
|
363
|
+
],
|
|
364
|
+
},
|
|
365
|
+
],
|
|
349
366
|
},
|
|
350
367
|
{
|
|
351
368
|
"title": "Tips & Best Practices",
|
|
352
369
|
"color": "yellow",
|
|
353
370
|
"content": [
|
|
354
|
-
(
|
|
355
|
-
"
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
"
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
371
|
+
(
|
|
372
|
+
"Best Practices:",
|
|
373
|
+
[
|
|
374
|
+
"Use enumeration modules before login attempts",
|
|
375
|
+
"Set THREADS wisely to avoid lockouts",
|
|
376
|
+
"Use USER_FILE and PASS_FILE for wordlists",
|
|
377
|
+
"Save results to job log for documentation",
|
|
378
|
+
"Check module options with 'show options' first",
|
|
379
|
+
],
|
|
380
|
+
),
|
|
381
|
+
(
|
|
382
|
+
"Common Issues:",
|
|
383
|
+
[
|
|
384
|
+
"Module not found: Update Metasploit (msfupdate)",
|
|
385
|
+
"No output: Check RHOSTS and module options",
|
|
386
|
+
"Timeout errors: Increase timeout or reduce THREADS",
|
|
387
|
+
"Session warnings: Normal for auxiliary modules",
|
|
388
|
+
],
|
|
389
|
+
),
|
|
390
|
+
],
|
|
391
|
+
},
|
|
392
|
+
],
|
|
370
393
|
}
|
|
371
394
|
|
|
372
395
|
# Flatten presets from categories
|
|
373
|
-
for category_presets in HELP[
|
|
374
|
-
HELP[
|
|
396
|
+
for category_presets in HELP["preset_categories"].values():
|
|
397
|
+
HELP["presets"].extend(category_presets)
|
|
375
398
|
|
|
376
399
|
|
|
377
400
|
class MsfAuxiliaryPlugin(PluginBase):
|
|
@@ -381,11 +404,11 @@ class MsfAuxiliaryPlugin(PluginBase):
|
|
|
381
404
|
HELP = HELP
|
|
382
405
|
|
|
383
406
|
# Keys that contain file paths which may need resolution
|
|
384
|
-
FILE_PATH_KEYS = {
|
|
407
|
+
FILE_PATH_KEYS = {"USER_FILE", "PASS_FILE", "USERPASS_FILE"}
|
|
385
408
|
|
|
386
409
|
def _resolve_path(self, value: str) -> str:
|
|
387
410
|
"""Convert relative paths to absolute paths for MSF."""
|
|
388
|
-
if not value or value.startswith(
|
|
411
|
+
if not value or value.startswith("/"):
|
|
389
412
|
return value
|
|
390
413
|
|
|
391
414
|
# Get project root (souleyez/)
|
|
@@ -398,8 +421,8 @@ class MsfAuxiliaryPlugin(PluginBase):
|
|
|
398
421
|
|
|
399
422
|
# Fallback: check MSF default wordlists
|
|
400
423
|
msf_paths = [
|
|
401
|
-
Path(
|
|
402
|
-
Path(
|
|
424
|
+
Path("/usr/share/metasploit-framework") / value,
|
|
425
|
+
Path("/usr/share/metasploit-framework/data/wordlists") / Path(value).name,
|
|
403
426
|
]
|
|
404
427
|
for msf_path in msf_paths:
|
|
405
428
|
if msf_path.exists():
|
|
@@ -408,53 +431,92 @@ class MsfAuxiliaryPlugin(PluginBase):
|
|
|
408
431
|
# Return original if nothing found (will fail, but with better error)
|
|
409
432
|
return value
|
|
410
433
|
|
|
411
|
-
|
|
434
|
+
# SMB modules that need SMBDirect=false for SMB1 compatibility
|
|
435
|
+
SMB_MODULES = [
|
|
436
|
+
"smb_enumshares",
|
|
437
|
+
"smb_enumusers",
|
|
438
|
+
"smb_login",
|
|
439
|
+
"smb_version",
|
|
440
|
+
"smb_ms17_010",
|
|
441
|
+
"smb_lookupsid",
|
|
442
|
+
]
|
|
443
|
+
|
|
444
|
+
def _is_smb_module(self, module_path: str) -> bool:
|
|
445
|
+
"""Check if module is an SMB scanner that needs legacy support."""
|
|
446
|
+
return any(smb_mod in module_path for smb_mod in self.SMB_MODULES)
|
|
447
|
+
|
|
448
|
+
def build_command(
|
|
449
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
450
|
+
):
|
|
412
451
|
"""Build command for background execution with PID tracking."""
|
|
413
452
|
args = args or []
|
|
414
|
-
|
|
453
|
+
|
|
415
454
|
# First arg should be the module path
|
|
416
455
|
if not args:
|
|
417
456
|
return None
|
|
418
|
-
|
|
457
|
+
|
|
419
458
|
module_path = args[0]
|
|
420
459
|
extra_opts = args[1:] if len(args) > 1 else []
|
|
421
|
-
|
|
460
|
+
|
|
461
|
+
# Check if user already specified SMBDirect
|
|
462
|
+
has_smbdirect = any("SMBDIRECT" in opt.upper() for opt in extra_opts)
|
|
463
|
+
|
|
422
464
|
# Build msfconsole command
|
|
423
465
|
msf_commands = [
|
|
424
466
|
f"use {module_path}",
|
|
425
467
|
f"set RHOSTS {target}",
|
|
426
468
|
]
|
|
427
|
-
|
|
469
|
+
|
|
470
|
+
# Add SMBDirect=false for SMB modules to support SMB1 legacy systems
|
|
471
|
+
# (like Metasploitable2) unless user explicitly set it
|
|
472
|
+
if self._is_smb_module(module_path) and not has_smbdirect:
|
|
473
|
+
msf_commands.append("set SMBDirect false")
|
|
474
|
+
|
|
428
475
|
# Add any extra options (e.g., "RPORT=445", "USERNAME=postgres PASSWORD=password")
|
|
429
476
|
for opt in extra_opts:
|
|
430
|
-
if
|
|
431
|
-
key, value = opt.split(
|
|
477
|
+
if "=" in opt:
|
|
478
|
+
key, value = opt.split("=", 1)
|
|
432
479
|
# Resolve relative file paths to absolute
|
|
433
480
|
if key in self.FILE_PATH_KEYS:
|
|
434
481
|
value = self._resolve_path(value)
|
|
435
482
|
msf_commands.append(f"set {key} {value}")
|
|
436
483
|
else:
|
|
437
484
|
msf_commands.append(opt)
|
|
438
|
-
|
|
485
|
+
|
|
439
486
|
msf_commands.append("run")
|
|
487
|
+
|
|
488
|
+
# For login modules, dump credentials after run
|
|
489
|
+
# This captures any found credentials in the output
|
|
490
|
+
# Use -a to filter by target host so we don't show all stored creds
|
|
491
|
+
login_modules = [
|
|
492
|
+
"_login",
|
|
493
|
+
"_auth",
|
|
494
|
+
"mysql_login",
|
|
495
|
+
"ssh_login",
|
|
496
|
+
"ftp_login",
|
|
497
|
+
"smb_login",
|
|
498
|
+
"vnc_login",
|
|
499
|
+
"postgres_login",
|
|
500
|
+
"telnet_login",
|
|
501
|
+
"rdp_login",
|
|
502
|
+
"http_login",
|
|
503
|
+
"snmp_login",
|
|
504
|
+
]
|
|
505
|
+
if any(lm in module_path.lower() for lm in login_modules):
|
|
506
|
+
msf_commands.append(f"creds -a {target}")
|
|
507
|
+
|
|
440
508
|
msf_commands.append("exit -y") # Force exit even with active sessions
|
|
441
|
-
|
|
509
|
+
|
|
442
510
|
command_string = "; ".join(msf_commands)
|
|
443
|
-
|
|
444
|
-
cmd = [
|
|
445
|
-
"msfconsole",
|
|
446
|
-
"-q",
|
|
447
|
-
"-n",
|
|
448
|
-
"-x",
|
|
449
|
-
command_string
|
|
450
|
-
]
|
|
451
|
-
|
|
452
|
-
return {
|
|
453
|
-
'cmd': cmd,
|
|
454
|
-
'timeout': 3600
|
|
455
|
-
}
|
|
456
511
|
|
|
457
|
-
|
|
512
|
+
# Note: Removed -n flag to enable database (required for creds command)
|
|
513
|
+
cmd = ["msfconsole", "-q", "-x", command_string]
|
|
514
|
+
|
|
515
|
+
return {"cmd": cmd, "timeout": 3600}
|
|
516
|
+
|
|
517
|
+
def run(
|
|
518
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
519
|
+
) -> int:
|
|
458
520
|
"""Execute MSF auxiliary module non-interactively."""
|
|
459
521
|
args = args or []
|
|
460
522
|
|
|
@@ -462,7 +524,9 @@ class MsfAuxiliaryPlugin(PluginBase):
|
|
|
462
524
|
if not args:
|
|
463
525
|
if log_path:
|
|
464
526
|
with open(log_path, "w") as f:
|
|
465
|
-
f.write(
|
|
527
|
+
f.write(
|
|
528
|
+
"ERROR: No module specified. Example: auxiliary/scanner/smb/smb_version\n"
|
|
529
|
+
)
|
|
466
530
|
return 1
|
|
467
531
|
|
|
468
532
|
module_path = args[0]
|
|
@@ -475,9 +539,14 @@ class MsfAuxiliaryPlugin(PluginBase):
|
|
|
475
539
|
|
|
476
540
|
return self._run_legacy(module_path, target, extra_opts)
|
|
477
541
|
|
|
478
|
-
def _run_with_logpath(
|
|
542
|
+
def _run_with_logpath(
|
|
543
|
+
self, module_path: str, target: str, extra_opts: List[str], log_path: str
|
|
544
|
+
) -> int:
|
|
479
545
|
"""Run MSF module and write output to log_path."""
|
|
480
546
|
try:
|
|
547
|
+
# Check if user already specified SMBDirect
|
|
548
|
+
has_smbdirect = any("SMBDIRECT" in opt.upper() for opt in extra_opts)
|
|
549
|
+
|
|
481
550
|
# Build msfconsole command
|
|
482
551
|
# Use -q (quiet), -x (execute commands), -n (no database)
|
|
483
552
|
msf_commands = [
|
|
@@ -485,11 +554,15 @@ class MsfAuxiliaryPlugin(PluginBase):
|
|
|
485
554
|
f"set RHOSTS {target}",
|
|
486
555
|
]
|
|
487
556
|
|
|
557
|
+
# Add SMBDirect=false for SMB modules to support SMB1 legacy systems
|
|
558
|
+
if self._is_smb_module(module_path) and not has_smbdirect:
|
|
559
|
+
msf_commands.append("set SMBDirect false")
|
|
560
|
+
|
|
488
561
|
# Add any extra options (e.g., "RPORT=445", "USERNAME=postgres PASSWORD=password")
|
|
489
562
|
for opt in extra_opts:
|
|
490
563
|
# Handle KEY=VALUE format - split and use "set KEY VALUE"
|
|
491
|
-
if
|
|
492
|
-
key, value = opt.split(
|
|
564
|
+
if "=" in opt:
|
|
565
|
+
key, value = opt.split("=", 1)
|
|
493
566
|
# Resolve relative file paths to absolute
|
|
494
567
|
if key in self.FILE_PATH_KEYS:
|
|
495
568
|
value = self._resolve_path(value)
|
|
@@ -498,28 +571,53 @@ class MsfAuxiliaryPlugin(PluginBase):
|
|
|
498
571
|
# Plain option, just append as-is
|
|
499
572
|
msf_commands.append(opt)
|
|
500
573
|
|
|
501
|
-
# Add run
|
|
574
|
+
# Add run command
|
|
502
575
|
msf_commands.append("run")
|
|
576
|
+
|
|
577
|
+
# For login modules, dump credentials after run
|
|
578
|
+
# This captures any found credentials in the output
|
|
579
|
+
# Use -a to filter by target host so we don't show all stored creds
|
|
580
|
+
login_modules = [
|
|
581
|
+
"_login",
|
|
582
|
+
"_auth",
|
|
583
|
+
"mysql_login",
|
|
584
|
+
"ssh_login",
|
|
585
|
+
"ftp_login",
|
|
586
|
+
"smb_login",
|
|
587
|
+
"vnc_login",
|
|
588
|
+
"postgres_login",
|
|
589
|
+
"telnet_login",
|
|
590
|
+
"rdp_login",
|
|
591
|
+
"http_login",
|
|
592
|
+
"snmp_login",
|
|
593
|
+
]
|
|
594
|
+
if any(lm in module_path.lower() for lm in login_modules):
|
|
595
|
+
msf_commands.append(f"creds -a {target}")
|
|
596
|
+
|
|
503
597
|
msf_commands.append("exit -y") # Force exit even with active sessions
|
|
504
598
|
|
|
505
599
|
# Join commands with semicolons
|
|
506
600
|
command_string = "; ".join(msf_commands)
|
|
507
601
|
|
|
508
602
|
# Build full command
|
|
603
|
+
# Note: Removed -n flag to enable database (required for creds command)
|
|
509
604
|
cmd = [
|
|
510
605
|
"msfconsole",
|
|
511
|
-
"-q",
|
|
512
|
-
"-
|
|
513
|
-
|
|
514
|
-
command_string
|
|
606
|
+
"-q", # Quiet mode (no banner)
|
|
607
|
+
"-x", # Execute commands
|
|
608
|
+
command_string,
|
|
515
609
|
]
|
|
516
610
|
|
|
517
611
|
with open(log_path, "w", encoding="utf-8", errors="replace") as fh:
|
|
518
612
|
fh.write("=== Metasploit Auxiliary Module ===\n")
|
|
519
613
|
fh.write(f"Module: {module_path}\n")
|
|
520
614
|
fh.write(f"Target: {target}\n")
|
|
521
|
-
fh.write(
|
|
522
|
-
|
|
615
|
+
fh.write(
|
|
616
|
+
f"Options: {', '.join(extra_opts) if extra_opts else 'None'}\n"
|
|
617
|
+
)
|
|
618
|
+
fh.write(
|
|
619
|
+
f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n\n"
|
|
620
|
+
)
|
|
523
621
|
fh.write(f"Command: {' '.join(cmd)}\n\n")
|
|
524
622
|
fh.flush()
|
|
525
623
|
|
|
@@ -529,10 +627,12 @@ class MsfAuxiliaryPlugin(PluginBase):
|
|
|
529
627
|
stdout=fh,
|
|
530
628
|
stderr=subprocess.STDOUT,
|
|
531
629
|
timeout=3600, # 1 hour - MSF modules can be slow
|
|
532
|
-
check=False
|
|
630
|
+
check=False,
|
|
533
631
|
)
|
|
534
632
|
|
|
535
|
-
fh.write(
|
|
633
|
+
fh.write(
|
|
634
|
+
f"\n\nCompleted: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
|
|
635
|
+
)
|
|
536
636
|
fh.write(f"Exit Code: {proc.returncode}\n")
|
|
537
637
|
|
|
538
638
|
return proc.returncode
|
|
@@ -562,8 +662,8 @@ class MsfAuxiliaryPlugin(PluginBase):
|
|
|
562
662
|
|
|
563
663
|
for opt in extra_opts:
|
|
564
664
|
# Handle KEY=VALUE format
|
|
565
|
-
if
|
|
566
|
-
key, value = opt.split(
|
|
665
|
+
if "=" in opt:
|
|
666
|
+
key, value = opt.split("=", 1)
|
|
567
667
|
# Resolve relative file paths to absolute
|
|
568
668
|
if key in self.FILE_PATH_KEYS:
|
|
569
669
|
value = self._resolve_path(value)
|
|
@@ -572,14 +672,37 @@ class MsfAuxiliaryPlugin(PluginBase):
|
|
|
572
672
|
msf_commands.append(opt)
|
|
573
673
|
|
|
574
674
|
msf_commands.append("run")
|
|
675
|
+
|
|
676
|
+
# For login modules, dump credentials after run
|
|
677
|
+
# Use -a to filter by target host so we don't show all stored creds
|
|
678
|
+
login_modules = [
|
|
679
|
+
"_login",
|
|
680
|
+
"_auth",
|
|
681
|
+
"mysql_login",
|
|
682
|
+
"ssh_login",
|
|
683
|
+
"ftp_login",
|
|
684
|
+
"smb_login",
|
|
685
|
+
"vnc_login",
|
|
686
|
+
"postgres_login",
|
|
687
|
+
"telnet_login",
|
|
688
|
+
"rdp_login",
|
|
689
|
+
"http_login",
|
|
690
|
+
"snmp_login",
|
|
691
|
+
]
|
|
692
|
+
if any(lm in module_path.lower() for lm in login_modules):
|
|
693
|
+
msf_commands.append(f"creds -a {target}")
|
|
694
|
+
|
|
575
695
|
msf_commands.append("exit -y") # Force exit even with active sessions
|
|
576
696
|
|
|
577
697
|
command_string = "; ".join(msf_commands)
|
|
578
698
|
|
|
579
|
-
|
|
699
|
+
# Note: Removed -n flag to enable database (required for creds command)
|
|
700
|
+
cmd = ["msfconsole", "-q", "-x", command_string]
|
|
580
701
|
|
|
581
702
|
try:
|
|
582
|
-
proc = subprocess.run(
|
|
703
|
+
proc = subprocess.run(
|
|
704
|
+
cmd, capture_output=True, timeout=3600, check=False
|
|
705
|
+
) # 1 hour
|
|
583
706
|
return proc.returncode
|
|
584
707
|
except Exception:
|
|
585
708
|
return 1
|