souleyez 2.43.29__py3-none-any.whl → 2.43.32__py3-none-any.whl

souleyez/plugins/nxc.py

@@ -0,0 +1,285 @@
+#!/usr/bin/env python3
+"""
+souleyez.plugins.nxc - NetExec (successor to CrackMapExec) for SMB/WinRM/etc
+"""
+import subprocess
+import time
+from typing import List
+
+from .plugin_base import PluginBase
+
+HELP = {
+    "name": "NetExec - Network Service Exploitation",
+    "description": (
+        "NetExec (nxc) is the successor to CrackMapExec.\n\n"
+        "Use it for:\n"
+        "- SMB share enumeration\n"
+        "- Credential validation and spraying\n"
+        "- WinRM/RDP/MSSQL/LDAP attacks\n"
+        "- Pass-the-hash/Pass-the-ticket\n"
+        "- Command execution on compromised hosts\n\n"
+        "Quick tips:\n"
+        "- Use --shares to enumerate shares\n"
+        "- Use --users to enumerate users\n"
+        "- Use -x to execute commands\n"
+        "- (Pwn3d!) means admin access achieved\n"
+    ),
+    "usage": 'souleyez jobs enqueue nxc <target> --args "smb <target> -u <user> -p <pass> --shares"',
+    "examples": [
+        "souleyez jobs enqueue nxc 10.0.0.82 --args \"smb 10.0.0.82 -u guest -p '' --shares\"",
+        'souleyez jobs enqueue nxc 10.0.0.82 --args "smb 10.0.0.82 -u admin -p Password1 --shares"',
+        'souleyez jobs enqueue nxc 10.0.0.82 --args "smb 10.0.0.82 -u users.txt -p passwords.txt --no-bruteforce"',
+        'souleyez jobs enqueue nxc 10.0.0.82 --args "smb 10.0.0.82 -u admin -H <nthash> --shares"',
+        'souleyez jobs enqueue nxc 10.0.0.82 --args "winrm 10.0.0.82 -u admin -p Password1"',
+    ],
+    "flags": [
+        ["smb", "Target SMB service (port 445)"],
+        ["winrm", "Target WinRM service (port 5985/5986)"],
+        ["rdp", "Target RDP service (port 3389)"],
+        ["ldap", "Target LDAP service (port 389/636)"],
+        ["mssql", "Target MSSQL service (port 1433)"],
+        ["-u <user>", "Username or file with usernames"],
+        ["-p <pass>", "Password or file with passwords"],
+        ["-H <hash>", "NTLM hash for pass-the-hash"],
+        ["--shares", "Enumerate SMB shares"],
+        ["--users", "Enumerate domain users"],
+        ["--groups", "Enumerate domain groups"],
+        ["--pass-pol", "Get password policy"],
+        ["-x <cmd>", "Execute command on target"],
+        ["--no-bruteforce", "Test user:pass pairs only (not combinations)"],
+        ["--continue-on-success", "Continue after finding valid creds"],
+    ],
+    "preset_categories": {
+        "enumeration": [
+            {
+                "name": "Guest Share Enum",
+                "args": ["smb", "<target>", "-u", "guest", "-p", "", "--shares"],
+                "desc": "Enumerate shares with guest account",
+            },
+            {
+                "name": "Null Session Shares",
+                "args": ["smb", "<target>", "-u", "", "-p", "", "--shares"],
+                "desc": "Enumerate shares with null session",
+            },
+            {
+                "name": "User Enumeration",
+                "args": ["smb", "<target>", "-u", "<user>", "-p", "<pass>", "--users"],
+                "desc": "Enumerate domain users",
+            },
+            {
+                "name": "Password Policy",
+                "args": [
+                    "smb",
+                    "<target>",
+                    "-u",
+                    "<user>",
+                    "-p",
+                    "<pass>",
+                    "--pass-pol",
+                ],
+                "desc": "Get domain password policy",
+            },
+        ],
+        "credential_attacks": [
+            {
+                "name": "Username=Password Spray",
+                "args": [
+                    "smb",
+                    "<target>",
+                    "-u",
+                    "users.txt",
+                    "-p",
+                    "users.txt",
+                    "--no-bruteforce",
+                    "--continue-on-success",
+                ],
+                "desc": "Test username as password",
+            },
+            {
+                "name": "Password Spray",
+                "args": [
+                    "smb",
+                    "<target>",
+                    "-u",
+                    "users.txt",
+                    "-p",
+                    "<password>",
+                    "--continue-on-success",
+                ],
+                "desc": "Spray single password",
+            },
+            {
+                "name": "Pass-the-Hash",
+                "args": ["smb", "<target>", "-u", "<user>", "-H", "<nthash>"],
+                "desc": "Authenticate with NTLM hash",
+            },
+        ],
+        "execution": [
+            {
+                "name": "WinRM Check",
+                "args": ["winrm", "<target>", "-u", "<user>", "-p", "<pass>"],
+                "desc": "Check WinRM access",
+            },
+            {
+                "name": "Command Execution",
+                "args": [
+                    "smb",
+                    "<target>",
+                    "-u",
+                    "<user>",
+                    "-p",
+                    "<pass>",
+                    "-x",
+                    "whoami",
+                ],
+                "desc": "Execute command via SMB",
+            },
+        ],
+    },
+    "presets": [],
+}
+
+# Flatten presets
+for category_presets in HELP["preset_categories"].values():
+    HELP["presets"].extend(category_presets)
+
+HELP["help_sections"] = [
+    {
+        "title": "What is NetExec?",
+        "color": "cyan",
+        "content": [
+            {
+                "title": "Overview",
+                "desc": "NetExec (nxc) is a network service exploitation tool that supports SMB, WinRM, RDP, LDAP, MSSQL and more.",
+            },
+            {
+                "title": "Key Features",
+                "desc": "Multi-protocol support",
+                "tips": [
+                    "SMB share enumeration and access",
+                    "Credential spraying and validation",
+                    "Pass-the-hash and pass-the-ticket",
+                    "Command execution on compromised hosts",
+                    "Domain enumeration (users, groups, policies)",
+                ],
+            },
+        ],
+    },
+    {
+        "title": "How to Use",
+        "color": "green",
+        "content": [
+            {
+                "title": "Basic Workflow",
+                "desc": "1. Enumerate shares with guest/null session\n     2. Test credentials (spray or PTH)\n     3. Enumerate domain with valid creds\n     4. Execute commands if admin",
+            },
+            {
+                "title": "Success Indicators",
+                "desc": "What to look for",
+                "tips": [
+                    "(Pwn3d!) = Admin access achieved",
+                    "[+] = Successful operation",
+                    "READ,WRITE = Share permissions",
+                    "STATUS_LOGON_FAILURE = Invalid creds",
+                ],
+            },
+        ],
+    },
+]
+
+
+class NxcPlugin(PluginBase):
+    name = "NetExec"
+    tool = "nxc"
+    category = "credential_access"
+    HELP = HELP
+
+    def build_command(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ):
+        """Build command for background execution with PID tracking."""
+        args = args or []
+
+        # Replace placeholders
+        args = [arg.replace("<target>", target) for arg in args]
+
+        # Build command
+        cmd = ["nxc"]
+        cmd.extend(args)
+
+        return {"cmd": cmd, "timeout": 1800}
+
+    def run(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ) -> int:
+        """Execute nxc and write output to log_path."""
+
+        args = args or []
+
+        # Replace placeholders
+        args = [arg.replace("<target>", target) for arg in args]
+
+        # Build command
+        cmd = ["nxc"]
+        cmd.extend(args)
+
+        if not log_path:
+            try:
+                proc = subprocess.run(
+                    cmd, capture_output=True, timeout=600, check=False
+                )
+                return proc.returncode
+            except Exception:
+                return 1
+
+        try:
+            # Create metadata header
+            with open(log_path, "w", encoding="utf-8", errors="replace") as fh:
+                fh.write(f"=== Plugin: NetExec (nxc) ===\n")
+                fh.write(f"Target: {target}\n")
+                fh.write(f"Args: {args}\n")
+                fh.write(f"Label: {label}\n")
+                fh.write(
+                    f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
+                )
+                fh.write(f"Command: {' '.join(cmd)}\n\n")
+
+            # Run nxc
+            proc = subprocess.run(
+                cmd, capture_output=True, timeout=1800, check=False, text=True
+            )
+
+            # Write output
+            with open(log_path, "a", encoding="utf-8", errors="replace") as fh:
+                if proc.stdout:
+                    fh.write(proc.stdout)
+
+                if proc.stderr:
+                    fh.write(f"\n{proc.stderr}")
+
+                fh.write(
+                    f"\n\n=== Completed: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())} ===\n"
+                )
+                fh.write(f"Exit Code: {proc.returncode}\n")
+
+            return proc.returncode
+
+        except subprocess.TimeoutExpired:
+            with open(log_path, "a", encoding="utf-8", errors="replace") as fh:
+                fh.write("\n\nERROR: nxc timed out after 1800 seconds\n")
+            return 124
+
+        except FileNotFoundError:
+            with open(log_path, "w", encoding="utf-8", errors="replace") as fh:
+                fh.write("ERROR: nxc not found in PATH\n")
+                fh.write("Install: pipx install netexec\n")
+                fh.write("Or: sudo apt install netexec\n")
+            return 127
+
+        except Exception as e:
+            with open(log_path, "a", encoding="utf-8", errors="replace") as fh:
+                fh.write(f"\n\nERROR: {type(e).__name__}: {e}\n")
+            return 1
+
+
+plugin = NxcPlugin()

souleyez/plugins/plugin_base.py

@@ -36,23 +36,20 @@ class PluginBase:
         # Check if tool exists in PATH
         tool_path = shutil.which(self.tool)
         if not tool_path:
-            return False, f"{self.tool} not found in PATH. Install with: sudo apt install {self.tool}"
+            return (
+                False,
+                f"{self.tool} not found in PATH. Install with: sudo apt install {self.tool}",
+            )
 
         # Try running with --version or --help to check if it works
         try:
             result = subprocess.run(
-                [self.tool, '--version'],
-                capture_output=True,
-                timeout=10,
-                text=True
+                [self.tool, "--version"], capture_output=True, timeout=10, text=True
             )
             # Some tools don't support --version, try --help
             if result.returncode != 0:
                 result = subprocess.run(
-                    [self.tool, '--help'],
-                    capture_output=True,
-                    timeout=10,
-                    text=True
+                    [self.tool, "--help"], capture_output=True, timeout=10, text=True
                 )
             return True, None
         except subprocess.TimeoutExpired:
@@ -62,23 +59,25 @@ class PluginBase:
         except Exception as e:
             # Tool might have Python import issues (like impacket pickle error)
             error_str = str(e)
-            if 'pickle' in error_str.lower() or 'import' in error_str.lower():
+            if "pickle" in error_str.lower() or "import" in error_str.lower():
                 return False, f"{self.tool} has Python dependency issues: {error_str}"
             return True, None  # Assume available if error is unexpected
 
-    def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> Optional[Dict[str, Any]]:
+    def build_command(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ) -> Optional[Dict[str, Any]]:
         """
         Build command specification for background execution.
-        
+
         This method should be implemented by plugins instead of run() to enable
         proper PID tracking, status updates, and kill handling.
-        
+
         Args:
             target: Target host/URL/file to scan
             args: Additional command-line arguments
             label: Optional job label
             log_path: Path where logs should be written
-            
+
         Returns:
             Dictionary with command specification:
             {
@@ -88,9 +87,9 @@ class PluginBase:
                 'cwd': str,                 # Working directory (optional)
                 'needs_shell': bool         # Use shell=True (optional, default: False)
             }
-            
+
             Return None to indicate command cannot be built (validation failure, etc.)
-            
+
         Example:
             return {
                 'cmd': ['nmap', '-sV', '-p', '1-1000', target],
@@ -99,13 +98,15 @@ class PluginBase:
         """
         return None
 
-    def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
+    def run(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ) -> int:
         """
         Execute the plugin action synchronously.
-        
+
         DEPRECATED: New plugins should implement build_command() instead.
         This method is maintained for backward compatibility.
-        
+
         If build_command() is implemented, run() will use it automatically.
         """
         # Try to use build_command() if available
@@ -114,25 +115,25 @@ class PluginBase:
             # build_command() is implemented, execute via subprocess
             import subprocess
             import os
-            
-            cmd = cmd_spec.get('cmd')
+
+            cmd = cmd_spec.get("cmd")
             if not cmd:
                 return 1
-                
-            timeout = cmd_spec.get('timeout', 3600)
-            env = cmd_spec.get('env')
-            cwd = cmd_spec.get('cwd')
-            needs_shell = cmd_spec.get('needs_shell', False)
-            
+
+            timeout = cmd_spec.get("timeout", 3600)
+            env = cmd_spec.get("env")
+            cwd = cmd_spec.get("cwd")
+            needs_shell = cmd_spec.get("needs_shell", False)
+
             # Prepare environment
             proc_env = os.environ.copy()
             if env:
                 proc_env.update(env)
-            
+
             # Execute command
             try:
                 if log_path:
-                    with open(log_path, 'a', encoding='utf-8', errors='replace') as fh:
+                    with open(log_path, "a", encoding="utf-8", errors="replace") as fh:
                         result = subprocess.run(
                             cmd,
                             stdout=fh,
@@ -140,7 +141,7 @@ class PluginBase:
                             timeout=timeout,
                             env=proc_env if env else None,
                             cwd=cwd,
-                            shell=needs_shell
+                            shell=needs_shell,
                         )
                         return result.returncode
                 else:
@@ -150,14 +151,14 @@ class PluginBase:
                         env=proc_env if env else None,
                         cwd=cwd,
                         shell=needs_shell,
-                        capture_output=True
+                        capture_output=True,
                     )
                     return result.returncode
             except subprocess.TimeoutExpired:
                 return 124
             except Exception:
                 return 1
-        
+
         # build_command() not implemented, require subclass implementation
         raise NotImplementedError(f"{self.__class__.__name__}.run() not implemented")
 
@@ -165,11 +166,9 @@ class PluginBase:
         """Enqueue the plugin action for background processing."""
         try:
             from ..engine.background import enqueue_job
+
             job_id = enqueue_job(
-                tool=self.tool,
-                target=target,
-                args=args or [],
-                label=label or ""
+                tool=self.tool, target=target, args=args or [], label=label or ""
             )
             return job_id
         except ImportError:

souleyez/plugins/plugin_template.py

@@ -22,15 +22,23 @@ def _now_ts():
 class Plugin(ScannerPlugin):
     name = "template"
 
-    def prepare(self, target: str, args: List[str], label: Optional[str] = None) -> Dict[str, Any]:
-        outdir = Path.home() / ".souleyez" / "artifacts" / f"{self.name}_{int(time.time())}"
+    def prepare(
+        self, target: str, args: List[str], label: Optional[str] = None
+    ) -> Dict[str, Any]:
+        outdir = (
+            Path.home() / ".souleyez" / "artifacts" / f"{self.name}_{int(time.time())}"
+        )
         outdir.mkdir(parents=True, exist_ok=True)
         return {"target": target, "args": args, "label": label, "outdir": str(outdir)}
 
     def run(self, prepared: Dict[str, Any]) -> ScanResult:
         # Example minimal command (safe)
-        cmd = ["echo", "placeholder", str(prepared.get("target"))] + (prepared.get("args") or [])
-        p = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True)
+        cmd = ["echo", "placeholder", str(prepared.get("target"))] + (
+            prepared.get("args") or []
+        )
+        p = subprocess.run(
+            cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True
+        )
         rawfile = Path(prepared["outdir"]) / f"{self.name}.txt"
         rawfile.write_text(p.stdout or "")
         return {
@@ -44,5 +52,5 @@ class Plugin(ScannerPlugin):
             "summary": {"note": "template run"},
             "per_host": [],
             "status": "done",
-            "rc": p.returncode
+            "rc": p.returncode,
         }

souleyez/plugins/rdp_sec_check.py

@@ -0,0 +1,130 @@
+#!/usr/bin/env python3
+"""
+souleyez.plugins.rdp_sec_check - RDP security configuration checker
+"""
+import subprocess
+import time
+from typing import List
+
+from .plugin_base import PluginBase
+
+HELP = {
+    "name": "RDP Security Check",
+    "description": (
+        "Check RDP security configuration and identify misconfigurations.\n\n"
+        "rdp-sec-check tests Remote Desktop Protocol security settings:\n"
+        "- Network Level Authentication (NLA) requirements\n"
+        "- Encryption levels (None/Low/Client/High/FIPS)\n"
+        "- Supported protocols (RDP/TLS/CredSSP)\n\n"
+        "Use when:\n"
+        "- RDP (port 3389) is detected on a target\n"
+        "- Assessing Windows server security posture\n"
+        "- Checking for BlueKeep/MITM vulnerability prerequisites\n"
+    ),
+    "usage": 'souleyez jobs enqueue rdp-sec-check <target> --args "<target>"',
+    "examples": [
+        'souleyez jobs enqueue rdp-sec-check 10.0.0.1 --args "10.0.0.1"',
+        'souleyez jobs enqueue rdp-sec-check 10.0.0.1 --args "10.0.0.1:3389"',
+    ],
+    "flags": [
+        ["<target>", "Target IP or IP:port (default port 3389)"],
+    ],
+    "preset_categories": {
+        "scanning": [
+            {
+                "name": "RDP Security Scan",
+                "args": ["<target>"],
+                "desc": "Check RDP security configuration",
+            },
+        ]
+    },
+    "presets": [],
+}
+
+# Flatten presets
+for category_presets in HELP["preset_categories"].values():
+    HELP["presets"].extend(category_presets)
+
+
+class RdpSecCheckPlugin(PluginBase):
+    name = "RDP Security Check"
+    tool = "rdp-sec-check"
+    category = "scanning"
+    HELP = HELP
+
+    def build_command(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ):
+        """Build command for background execution."""
+        args = args or [target]
+        args = [arg.replace("<target>", target) for arg in args]
+
+        cmd = ["rdp-sec-check"]
+        cmd.extend(args)
+
+        return {"cmd": cmd, "timeout": 300}  # 5 minutes should be plenty
+
+    def run(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ) -> int:
+        """Execute rdp-sec-check and write output to log_path."""
+        args = args or [target]
+        args = [arg.replace("<target>", target) for arg in args]
+
+        cmd = ["rdp-sec-check"]
+        cmd.extend(args)
+
+        if not log_path:
+            try:
+                proc = subprocess.run(
+                    cmd, capture_output=True, timeout=300, check=False
+                )
+                return proc.returncode
+            except Exception:
+                return 1
+
+        try:
+            with open(log_path, "w", encoding="utf-8", errors="replace") as fh:
+                fh.write(f"=== Plugin: RDP Security Check ===\n")
+                fh.write(f"Target: {target}\n")
+                fh.write(f"Args: {args}\n")
+                fh.write(
+                    f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
+                )
+                fh.write(f"Command: {' '.join(cmd)}\n\n")
+
+            proc = subprocess.run(
+                cmd, capture_output=True, timeout=300, check=False, text=True
+            )
+
+            with open(log_path, "a", encoding="utf-8", errors="replace") as fh:
+                if proc.stdout:
+                    fh.write(proc.stdout)
+                if proc.stderr:
+                    fh.write(f"\n{proc.stderr}")
+                fh.write(
+                    f"\n\n=== Completed: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())} ===\n"
+                )
+                fh.write(f"Exit Code: {proc.returncode}\n")
+
+            return proc.returncode
+
+        except subprocess.TimeoutExpired:
+            with open(log_path, "a", encoding="utf-8", errors="replace") as fh:
+                fh.write("\n\nERROR: rdp-sec-check timed out after 300 seconds\n")
+            return 124
+
+        except FileNotFoundError:
+            with open(log_path, "w", encoding="utf-8", errors="replace") as fh:
+                fh.write("ERROR: rdp-sec-check not found in PATH\n")
+                fh.write("Install on Kali: sudo apt install rdp-sec-check\n")
+                fh.write("Install on Ubuntu: See docs for manual installation\n")
+            return 127
+
+        except Exception as e:
+            with open(log_path, "a", encoding="utf-8", errors="replace") as fh:
+                fh.write(f"\n\nERROR: {type(e).__name__}: {e}\n")
+            return 1
+
+
+plugin = RdpSecCheckPlugin()