souleyez 2.43.29__py3-none-any.whl → 2.43.34__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -2
- souleyez/ai/__init__.py +21 -15
- souleyez/ai/action_mapper.py +249 -150
- souleyez/ai/chain_advisor.py +116 -100
- souleyez/ai/claude_provider.py +29 -28
- souleyez/ai/context_builder.py +80 -62
- souleyez/ai/executor.py +158 -117
- souleyez/ai/feedback_handler.py +136 -121
- souleyez/ai/llm_factory.py +27 -20
- souleyez/ai/llm_provider.py +4 -2
- souleyez/ai/ollama_provider.py +6 -9
- souleyez/ai/ollama_service.py +44 -37
- souleyez/ai/path_scorer.py +91 -76
- souleyez/ai/recommender.py +176 -144
- souleyez/ai/report_context.py +74 -73
- souleyez/ai/report_service.py +84 -66
- souleyez/ai/result_parser.py +222 -229
- souleyez/ai/safety.py +67 -44
- souleyez/auth/__init__.py +23 -22
- souleyez/auth/audit.py +36 -26
- souleyez/auth/engagement_access.py +65 -48
- souleyez/auth/permissions.py +14 -3
- souleyez/auth/session_manager.py +54 -37
- souleyez/auth/user_manager.py +109 -64
- souleyez/commands/audit.py +40 -43
- souleyez/commands/auth.py +35 -15
- souleyez/commands/deliverables.py +55 -50
- souleyez/commands/engagement.py +47 -28
- souleyez/commands/license.py +32 -23
- souleyez/commands/screenshots.py +36 -32
- souleyez/commands/user.py +82 -36
- souleyez/config.py +52 -44
- souleyez/core/credential_tester.py +87 -81
- souleyez/core/cve_mappings.py +179 -192
- souleyez/core/cve_matcher.py +162 -148
- souleyez/core/msf_auto_mapper.py +100 -83
- souleyez/core/msf_chain_engine.py +294 -256
- souleyez/core/msf_database.py +153 -70
- souleyez/core/msf_integration.py +679 -673
- souleyez/core/msf_rpc_client.py +40 -42
- souleyez/core/msf_rpc_manager.py +77 -79
- souleyez/core/msf_sync_manager.py +241 -181
- souleyez/core/network_utils.py +22 -15
- souleyez/core/parser_handler.py +34 -25
- souleyez/core/pending_chains.py +114 -63
- souleyez/core/templates.py +158 -107
- souleyez/core/tool_chaining.py +9526 -2879
- souleyez/core/version_utils.py +79 -94
- souleyez/core/vuln_correlation.py +136 -89
- souleyez/core/web_utils.py +33 -32
- souleyez/data/wordlists/ad_users.txt +378 -0
- souleyez/data/wordlists/api_endpoints_large.txt +769 -0
- souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
- souleyez/data/wordlists/lfi_payloads.txt +82 -0
- souleyez/data/wordlists/passwords_brute.txt +1548 -0
- souleyez/data/wordlists/passwords_crack.txt +2479 -0
- souleyez/data/wordlists/passwords_spray.txt +386 -0
- souleyez/data/wordlists/subdomains_large.txt +5057 -0
- souleyez/data/wordlists/usernames_common.txt +694 -0
- souleyez/data/wordlists/web_dirs_large.txt +4769 -0
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +12 -17
- souleyez/detection/mitre_mappings.py +61 -55
- souleyez/detection/validator.py +97 -86
- souleyez/devtools.py +23 -10
- souleyez/docs/README.md +4 -4
- souleyez/docs/api-reference/cli-commands.md +2 -2
- souleyez/docs/developer-guide/adding-new-tools.md +562 -0
- souleyez/docs/user-guide/auto-chaining.md +30 -8
- souleyez/docs/user-guide/getting-started.md +1 -1
- souleyez/docs/user-guide/installation.md +26 -3
- souleyez/docs/user-guide/metasploit-integration.md +2 -2
- souleyez/docs/user-guide/rbac.md +1 -1
- souleyez/docs/user-guide/scope-management.md +1 -1
- souleyez/docs/user-guide/siem-integration.md +1 -1
- souleyez/docs/user-guide/tools-reference.md +1 -8
- souleyez/docs/user-guide/worker-management.md +1 -1
- souleyez/engine/background.py +1239 -535
- souleyez/engine/base.py +4 -1
- souleyez/engine/job_status.py +17 -49
- souleyez/engine/log_sanitizer.py +103 -77
- souleyez/engine/manager.py +38 -7
- souleyez/engine/result_handler.py +2200 -1550
- souleyez/engine/worker_manager.py +50 -41
- souleyez/export/evidence_bundle.py +72 -62
- souleyez/feature_flags/features.py +16 -20
- souleyez/feature_flags.py +5 -9
- souleyez/handlers/__init__.py +11 -0
- souleyez/handlers/base.py +188 -0
- souleyez/handlers/bash_handler.py +277 -0
- souleyez/handlers/bloodhound_handler.py +243 -0
- souleyez/handlers/certipy_handler.py +311 -0
- souleyez/handlers/crackmapexec_handler.py +486 -0
- souleyez/handlers/dnsrecon_handler.py +344 -0
- souleyez/handlers/enum4linux_handler.py +400 -0
- souleyez/handlers/evil_winrm_handler.py +493 -0
- souleyez/handlers/ffuf_handler.py +815 -0
- souleyez/handlers/gobuster_handler.py +1114 -0
- souleyez/handlers/gpp_extract_handler.py +334 -0
- souleyez/handlers/hashcat_handler.py +444 -0
- souleyez/handlers/hydra_handler.py +563 -0
- souleyez/handlers/impacket_getuserspns_handler.py +343 -0
- souleyez/handlers/impacket_psexec_handler.py +222 -0
- souleyez/handlers/impacket_secretsdump_handler.py +426 -0
- souleyez/handlers/john_handler.py +286 -0
- souleyez/handlers/katana_handler.py +425 -0
- souleyez/handlers/kerbrute_handler.py +298 -0
- souleyez/handlers/ldapsearch_handler.py +636 -0
- souleyez/handlers/lfi_extract_handler.py +464 -0
- souleyez/handlers/msf_auxiliary_handler.py +408 -0
- souleyez/handlers/msf_exploit_handler.py +380 -0
- souleyez/handlers/nikto_handler.py +413 -0
- souleyez/handlers/nmap_handler.py +821 -0
- souleyez/handlers/nuclei_handler.py +359 -0
- souleyez/handlers/nxc_handler.py +371 -0
- souleyez/handlers/rdp_sec_check_handler.py +353 -0
- souleyez/handlers/registry.py +292 -0
- souleyez/handlers/responder_handler.py +232 -0
- souleyez/handlers/service_explorer_handler.py +434 -0
- souleyez/handlers/smbclient_handler.py +344 -0
- souleyez/handlers/smbmap_handler.py +510 -0
- souleyez/handlers/smbpasswd_handler.py +296 -0
- souleyez/handlers/sqlmap_handler.py +1116 -0
- souleyez/handlers/theharvester_handler.py +601 -0
- souleyez/handlers/web_login_test_handler.py +327 -0
- souleyez/handlers/whois_handler.py +277 -0
- souleyez/handlers/wpscan_handler.py +554 -0
- souleyez/history.py +32 -16
- souleyez/importers/msf_importer.py +106 -75
- souleyez/importers/smart_importer.py +208 -147
- souleyez/integrations/siem/__init__.py +10 -10
- souleyez/integrations/siem/base.py +17 -18
- souleyez/integrations/siem/elastic.py +108 -122
- souleyez/integrations/siem/factory.py +207 -80
- souleyez/integrations/siem/googlesecops.py +146 -154
- souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
- souleyez/integrations/siem/sentinel.py +107 -109
- souleyez/integrations/siem/splunk.py +246 -212
- souleyez/integrations/siem/wazuh.py +65 -71
- souleyez/integrations/wazuh/__init__.py +5 -5
- souleyez/integrations/wazuh/client.py +70 -93
- souleyez/integrations/wazuh/config.py +85 -57
- souleyez/integrations/wazuh/host_mapper.py +28 -36
- souleyez/integrations/wazuh/sync.py +78 -68
- souleyez/intelligence/__init__.py +4 -5
- souleyez/intelligence/correlation_analyzer.py +309 -295
- souleyez/intelligence/exploit_knowledge.py +661 -623
- souleyez/intelligence/exploit_suggestions.py +159 -139
- souleyez/intelligence/gap_analyzer.py +132 -97
- souleyez/intelligence/gap_detector.py +251 -214
- souleyez/intelligence/sensitive_tables.py +266 -129
- souleyez/intelligence/service_parser.py +137 -123
- souleyez/intelligence/surface_analyzer.py +407 -268
- souleyez/intelligence/target_parser.py +159 -162
- souleyez/licensing/__init__.py +6 -6
- souleyez/licensing/validator.py +17 -19
- souleyez/log_config.py +79 -54
- souleyez/main.py +1505 -687
- souleyez/migrations/fix_job_counter.py +16 -14
- souleyez/parsers/bloodhound_parser.py +41 -39
- souleyez/parsers/crackmapexec_parser.py +178 -111
- souleyez/parsers/dalfox_parser.py +72 -77
- souleyez/parsers/dnsrecon_parser.py +103 -91
- souleyez/parsers/enum4linux_parser.py +183 -153
- souleyez/parsers/ffuf_parser.py +29 -25
- souleyez/parsers/gobuster_parser.py +301 -41
- souleyez/parsers/hashcat_parser.py +324 -79
- souleyez/parsers/http_fingerprint_parser.py +350 -103
- souleyez/parsers/hydra_parser.py +131 -111
- souleyez/parsers/impacket_parser.py +231 -178
- souleyez/parsers/john_parser.py +98 -86
- souleyez/parsers/katana_parser.py +316 -0
- souleyez/parsers/msf_parser.py +943 -498
- souleyez/parsers/nikto_parser.py +346 -65
- souleyez/parsers/nmap_parser.py +262 -174
- souleyez/parsers/nuclei_parser.py +40 -44
- souleyez/parsers/responder_parser.py +26 -26
- souleyez/parsers/searchsploit_parser.py +74 -74
- souleyez/parsers/service_explorer_parser.py +279 -0
- souleyez/parsers/smbmap_parser.py +180 -124
- souleyez/parsers/sqlmap_parser.py +434 -308
- souleyez/parsers/theharvester_parser.py +75 -57
- souleyez/parsers/whois_parser.py +135 -94
- souleyez/parsers/wpscan_parser.py +278 -190
- souleyez/plugins/afp.py +44 -36
- souleyez/plugins/afp_brute.py +114 -46
- souleyez/plugins/ard.py +48 -37
- souleyez/plugins/bloodhound.py +95 -61
- souleyez/plugins/certipy.py +303 -0
- souleyez/plugins/crackmapexec.py +186 -85
- souleyez/plugins/dalfox.py +120 -59
- souleyez/plugins/dns_hijack.py +146 -41
- souleyez/plugins/dnsrecon.py +97 -61
- souleyez/plugins/enum4linux.py +91 -66
- souleyez/plugins/evil_winrm.py +291 -0
- souleyez/plugins/ffuf.py +166 -90
- souleyez/plugins/firmware_extract.py +133 -29
- souleyez/plugins/gobuster.py +387 -190
- souleyez/plugins/gpp_extract.py +393 -0
- souleyez/plugins/hashcat.py +100 -73
- souleyez/plugins/http_fingerprint.py +854 -267
- souleyez/plugins/hydra.py +566 -200
- souleyez/plugins/impacket_getnpusers.py +117 -69
- souleyez/plugins/impacket_psexec.py +84 -64
- souleyez/plugins/impacket_secretsdump.py +103 -69
- souleyez/plugins/impacket_smbclient.py +89 -75
- souleyez/plugins/john.py +86 -69
- souleyez/plugins/katana.py +313 -0
- souleyez/plugins/kerbrute.py +237 -0
- souleyez/plugins/lfi_extract.py +541 -0
- souleyez/plugins/macos_ssh.py +117 -48
- souleyez/plugins/mdns.py +35 -30
- souleyez/plugins/msf_auxiliary.py +253 -130
- souleyez/plugins/msf_exploit.py +239 -161
- souleyez/plugins/nikto.py +134 -78
- souleyez/plugins/nmap.py +275 -91
- souleyez/plugins/nuclei.py +180 -89
- souleyez/plugins/nxc.py +285 -0
- souleyez/plugins/plugin_base.py +35 -36
- souleyez/plugins/plugin_template.py +13 -5
- souleyez/plugins/rdp_sec_check.py +130 -0
- souleyez/plugins/responder.py +112 -71
- souleyez/plugins/router_http_brute.py +76 -65
- souleyez/plugins/router_ssh_brute.py +118 -41
- souleyez/plugins/router_telnet_brute.py +124 -42
- souleyez/plugins/routersploit.py +91 -59
- souleyez/plugins/routersploit_exploit.py +77 -55
- souleyez/plugins/searchsploit.py +91 -77
- souleyez/plugins/service_explorer.py +1160 -0
- souleyez/plugins/smbmap.py +122 -72
- souleyez/plugins/smbpasswd.py +215 -0
- souleyez/plugins/sqlmap.py +301 -113
- souleyez/plugins/theharvester.py +127 -75
- souleyez/plugins/tr069.py +79 -57
- souleyez/plugins/upnp.py +65 -47
- souleyez/plugins/upnp_abuse.py +73 -55
- souleyez/plugins/vnc_access.py +129 -42
- souleyez/plugins/vnc_brute.py +109 -38
- souleyez/plugins/web_login_test.py +417 -0
- souleyez/plugins/whois.py +77 -58
- souleyez/plugins/wpscan.py +173 -69
- souleyez/reporting/__init__.py +2 -1
- souleyez/reporting/attack_chain.py +411 -346
- souleyez/reporting/charts.py +436 -501
- souleyez/reporting/compliance_mappings.py +334 -201
- souleyez/reporting/detection_report.py +126 -125
- souleyez/reporting/formatters.py +828 -591
- souleyez/reporting/generator.py +386 -302
- souleyez/reporting/metrics.py +72 -75
- souleyez/scanner.py +35 -29
- souleyez/security/__init__.py +37 -11
- souleyez/security/scope_validator.py +175 -106
- souleyez/security/validation.py +223 -149
- souleyez/security.py +22 -6
- souleyez/storage/credentials.py +247 -186
- souleyez/storage/crypto.py +296 -129
- souleyez/storage/database.py +73 -50
- souleyez/storage/db.py +58 -36
- souleyez/storage/deliverable_evidence.py +177 -128
- souleyez/storage/deliverable_exporter.py +282 -246
- souleyez/storage/deliverable_templates.py +134 -116
- souleyez/storage/deliverables.py +135 -130
- souleyez/storage/engagements.py +109 -56
- souleyez/storage/evidence.py +181 -152
- souleyez/storage/execution_log.py +31 -17
- souleyez/storage/exploit_attempts.py +93 -57
- souleyez/storage/exploits.py +67 -36
- souleyez/storage/findings.py +48 -61
- souleyez/storage/hosts.py +176 -144
- souleyez/storage/migrate_to_engagements.py +43 -19
- souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
- souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
- souleyez/storage/migrations/_003_add_execution_log.py +14 -8
- souleyez/storage/migrations/_005_screenshots.py +13 -5
- souleyez/storage/migrations/_006_deliverables.py +13 -5
- souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
- souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
- souleyez/storage/migrations/_010_evidence_linking.py +17 -10
- souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
- souleyez/storage/migrations/_012_team_collaboration.py +34 -21
- souleyez/storage/migrations/_013_add_host_tags.py +12 -6
- souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
- souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
- souleyez/storage/migrations/_016_add_domain_field.py +10 -4
- souleyez/storage/migrations/_017_msf_sessions.py +16 -8
- souleyez/storage/migrations/_018_add_osint_target.py +10 -6
- souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
- souleyez/storage/migrations/_020_add_rbac.py +36 -15
- souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
- souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
- souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
- souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
- souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
- souleyez/storage/migrations/__init__.py +26 -26
- souleyez/storage/migrations/migration_manager.py +19 -19
- souleyez/storage/msf_sessions.py +100 -65
- souleyez/storage/osint.py +17 -24
- souleyez/storage/recommendation_engine.py +269 -235
- souleyez/storage/screenshots.py +33 -32
- souleyez/storage/smb_shares.py +136 -92
- souleyez/storage/sqlmap_data.py +183 -128
- souleyez/storage/team_collaboration.py +135 -141
- souleyez/storage/timeline_tracker.py +122 -94
- souleyez/storage/wazuh_vulns.py +64 -66
- souleyez/storage/web_paths.py +33 -37
- souleyez/testing/credential_tester.py +221 -205
- souleyez/ui/__init__.py +1 -1
- souleyez/ui/ai_quotes.py +12 -12
- souleyez/ui/attack_surface.py +2439 -1516
- souleyez/ui/chain_rules_view.py +914 -382
- souleyez/ui/correlation_view.py +312 -230
- souleyez/ui/dashboard.py +2382 -1130
- souleyez/ui/deliverables_view.py +148 -62
- souleyez/ui/design_system.py +13 -13
- souleyez/ui/errors.py +49 -49
- souleyez/ui/evidence_linking_view.py +284 -179
- souleyez/ui/evidence_vault.py +393 -285
- souleyez/ui/exploit_suggestions_view.py +555 -349
- souleyez/ui/export_view.py +100 -66
- souleyez/ui/gap_analysis_view.py +315 -171
- souleyez/ui/help_system.py +105 -97
- souleyez/ui/intelligence_view.py +436 -293
- souleyez/ui/interactive.py +22827 -10678
- souleyez/ui/interactive_selector.py +75 -68
- souleyez/ui/log_formatter.py +47 -39
- souleyez/ui/menu_components.py +22 -13
- souleyez/ui/msf_auxiliary_menu.py +184 -133
- souleyez/ui/pending_chains_view.py +336 -172
- souleyez/ui/progress_indicators.py +5 -3
- souleyez/ui/recommendations_view.py +195 -137
- souleyez/ui/rule_builder.py +343 -225
- souleyez/ui/setup_wizard.py +678 -284
- souleyez/ui/shortcuts.py +217 -165
- souleyez/ui/splunk_gap_analysis_view.py +452 -270
- souleyez/ui/splunk_vulns_view.py +139 -86
- souleyez/ui/team_dashboard.py +498 -335
- souleyez/ui/template_selector.py +196 -105
- souleyez/ui/terminal.py +6 -6
- souleyez/ui/timeline_view.py +198 -127
- souleyez/ui/tool_setup.py +264 -164
- souleyez/ui/tutorial.py +202 -72
- souleyez/ui/tutorial_state.py +40 -40
- souleyez/ui/wazuh_vulns_view.py +235 -141
- souleyez/ui/wordlist_browser.py +260 -107
- souleyez/ui.py +464 -312
- souleyez/utils/tool_checker.py +427 -367
- souleyez/utils.py +33 -29
- souleyez/wordlists.py +134 -167
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/METADATA +1 -1
- souleyez-2.43.34.dist-info/RECORD +443 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/WHEEL +1 -1
- souleyez-2.43.29.dist-info/RECORD +0 -379
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/top_level.txt +0 -0
souleyez/plugins/nmap.py
CHANGED
|
@@ -10,7 +10,7 @@ from .plugin_base import PluginBase
|
|
|
10
10
|
from souleyez.security.validation import (
|
|
11
11
|
validate_target,
|
|
12
12
|
validate_nmap_args,
|
|
13
|
-
ValidationError
|
|
13
|
+
ValidationError,
|
|
14
14
|
)
|
|
15
15
|
|
|
16
16
|
HELP = {
|
|
@@ -33,13 +33,13 @@ HELP = {
|
|
|
33
33
|
"- Combine Nmap output with service-specific checks (banner grabs, vuln scanners) for richer context.\n"
|
|
34
34
|
"- Always scan with permission — loud scans get noticed.\n"
|
|
35
35
|
),
|
|
36
|
-
"usage":
|
|
36
|
+
"usage": 'souleyez jobs enqueue nmap <target> --args "<nmap flags>"',
|
|
37
37
|
"examples": [
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
38
|
+
'souleyez jobs enqueue nmap 10.0.0.0/24 --args "-vv -sn"',
|
|
39
|
+
'souleyez jobs enqueue nmap 10.0.0.82 --args "-v -PS -F"',
|
|
40
|
+
'souleyez jobs enqueue nmap 10.0.0.82 --args "-vv -sV -O -p1-65535"',
|
|
41
|
+
'souleyez jobs enqueue nmap 10.0.0.82 --args "-sU -sV --top-ports 100"',
|
|
42
|
+
'souleyez jobs enqueue nmap 10.0.0.82 --args "--script vuln"',
|
|
43
43
|
],
|
|
44
44
|
"flags": [
|
|
45
45
|
["-sn", "Ping scan (no port scan)"],
|
|
@@ -52,141 +52,304 @@ HELP = {
|
|
|
52
52
|
["-p1-65535", "Scan all TCP ports"],
|
|
53
53
|
["--top-ports N", "Scan N most common ports"],
|
|
54
54
|
["-sC/--script", "Run default/specific NSE scripts"],
|
|
55
|
-
["-T0 to -T5", "Timing template (0=slowest, 5=fastest)"]
|
|
55
|
+
["-T0 to -T5", "Timing template (0=slowest, 5=fastest)"],
|
|
56
56
|
],
|
|
57
57
|
"preset_categories": {
|
|
58
58
|
"discovery": [
|
|
59
59
|
{
|
|
60
60
|
"name": "Ping Sweep",
|
|
61
61
|
"args": ["-vv", "-sn"],
|
|
62
|
-
"desc": "Host discovery (no port scan)"
|
|
62
|
+
"desc": "Host discovery (no port scan)",
|
|
63
63
|
}
|
|
64
64
|
],
|
|
65
65
|
"port_scanning": [
|
|
66
66
|
{
|
|
67
67
|
"name": "Fast Scan",
|
|
68
|
-
"args": ["-v", "-PS", "-F", "-T4", "--host-timeout", "90s"],
|
|
69
|
-
"desc": "Top 100 ports, quick sweep"
|
|
68
|
+
"args": ["-Pn", "-v", "-PS", "-F", "-T4", "--host-timeout", "90s"],
|
|
69
|
+
"desc": "Top 100 ports, quick sweep",
|
|
70
70
|
},
|
|
71
71
|
{
|
|
72
72
|
"name": "Stealth Scan",
|
|
73
|
-
"args": ["-sS", "-T4", "--open"],
|
|
74
|
-
"desc": "SYN scan only (quiet, no version detection)"
|
|
73
|
+
"args": ["-Pn", "-sS", "-T4", "--open"],
|
|
74
|
+
"desc": "SYN scan only (quiet, no version detection)",
|
|
75
75
|
},
|
|
76
76
|
{
|
|
77
77
|
"name": "Full TCP Scan",
|
|
78
|
-
"args": [
|
|
79
|
-
|
|
80
|
-
|
|
78
|
+
"args": [
|
|
79
|
+
"-Pn",
|
|
80
|
+
"-vv",
|
|
81
|
+
"-sS",
|
|
82
|
+
"-sV",
|
|
83
|
+
"-sC",
|
|
84
|
+
"-O",
|
|
85
|
+
"-p-",
|
|
86
|
+
"--script",
|
|
87
|
+
"vuln",
|
|
88
|
+
"-T4",
|
|
89
|
+
"--host-timeout",
|
|
90
|
+
"20m",
|
|
91
|
+
"--open",
|
|
92
|
+
],
|
|
93
|
+
"desc": "All 65535 ports with versions, OS, vulns",
|
|
94
|
+
},
|
|
81
95
|
],
|
|
82
96
|
"service_detection": [
|
|
83
97
|
{
|
|
84
98
|
"name": "Service & Version",
|
|
85
|
-
"args": ["-sV", "-sC", "--open", "-T4"],
|
|
86
|
-
"desc": "Service detection + safe NSE scripts"
|
|
99
|
+
"args": ["-Pn", "-sV", "-sC", "--open", "-T4"],
|
|
100
|
+
"desc": "Service detection + safe NSE scripts",
|
|
87
101
|
},
|
|
88
102
|
{
|
|
89
103
|
"name": "Vulnerability Scan",
|
|
90
|
-
"args": ["-sV", "--script", "vuln", "--open"],
|
|
91
|
-
"desc": "Detect known vulnerabilities (CVEs)"
|
|
92
|
-
}
|
|
104
|
+
"args": ["-Pn", "-sV", "--script", "vuln", "--open"],
|
|
105
|
+
"desc": "Detect known vulnerabilities (CVEs)",
|
|
106
|
+
},
|
|
93
107
|
],
|
|
94
108
|
"udp_scanning": [
|
|
95
109
|
{
|
|
96
110
|
"name": "UDP Quick",
|
|
97
|
-
"args": ["-sU", "-sV", "--top-ports", "100"],
|
|
98
|
-
"desc": "Top 100 UDP ports"
|
|
111
|
+
"args": ["-Pn", "-sU", "-sV", "--top-ports", "100"],
|
|
112
|
+
"desc": "Top 100 UDP ports",
|
|
99
113
|
},
|
|
100
114
|
{
|
|
101
115
|
"name": "UDP Deep",
|
|
102
|
-
"args": [
|
|
103
|
-
|
|
104
|
-
|
|
116
|
+
"args": [
|
|
117
|
+
"-sU",
|
|
118
|
+
"-sV",
|
|
119
|
+
"--top-ports",
|
|
120
|
+
"1000",
|
|
121
|
+
"-T4",
|
|
122
|
+
"--host-timeout",
|
|
123
|
+
"20m",
|
|
124
|
+
"--open",
|
|
125
|
+
],
|
|
126
|
+
"desc": "Top 1000 UDP ports (slow)",
|
|
127
|
+
},
|
|
105
128
|
],
|
|
106
129
|
"protocol_enumeration": [
|
|
107
130
|
{
|
|
108
131
|
"name": "SMB Enumeration",
|
|
109
|
-
"args": [
|
|
110
|
-
|
|
132
|
+
"args": [
|
|
133
|
+
"-p445",
|
|
134
|
+
"--script",
|
|
135
|
+
"smb-enum-shares,smb-enum-users,smb-os-discovery",
|
|
136
|
+
],
|
|
137
|
+
"desc": "Shares, users, OS discovery",
|
|
111
138
|
},
|
|
112
139
|
{
|
|
113
140
|
"name": "HTTP Enumeration",
|
|
114
|
-
"args": [
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
141
|
+
"args": [
|
|
142
|
+
"-p80,443,8080,8443",
|
|
143
|
+
"--script",
|
|
144
|
+
"http-enum,http-headers,http-methods,http-title",
|
|
145
|
+
],
|
|
146
|
+
"desc": "Web server info, directories, headers",
|
|
147
|
+
},
|
|
148
|
+
],
|
|
118
149
|
},
|
|
119
150
|
"presets": [
|
|
120
151
|
# Flattened list for backward compatibility - matches preset_categories order
|
|
121
152
|
# Discovery
|
|
122
|
-
{
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
153
|
+
{
|
|
154
|
+
"name": "Ping Sweep",
|
|
155
|
+
"args": ["-vv", "-sn"],
|
|
156
|
+
"desc": "Host discovery (no port scan)",
|
|
157
|
+
},
|
|
158
|
+
# Port Scanning (all include -Pn to skip host discovery - many targets block ICMP)
|
|
159
|
+
{
|
|
160
|
+
"name": "Fast Scan",
|
|
161
|
+
"args": ["-Pn", "-v", "-PS", "-F", "-T4", "--host-timeout", "90s"],
|
|
162
|
+
"desc": "Top 100 ports, quick sweep",
|
|
163
|
+
},
|
|
164
|
+
{
|
|
165
|
+
"name": "Stealth Scan",
|
|
166
|
+
"args": ["-Pn", "-sS", "-T4", "--open"],
|
|
167
|
+
"desc": "SYN scan only (quiet, no version detection)",
|
|
168
|
+
},
|
|
169
|
+
{
|
|
170
|
+
"name": "Full TCP Scan",
|
|
171
|
+
"args": [
|
|
172
|
+
"-Pn",
|
|
173
|
+
"-vv",
|
|
174
|
+
"-sS",
|
|
175
|
+
"-sV",
|
|
176
|
+
"-sC",
|
|
177
|
+
"-O",
|
|
178
|
+
"-p-",
|
|
179
|
+
"--script",
|
|
180
|
+
"vuln",
|
|
181
|
+
"-T4",
|
|
182
|
+
"--host-timeout",
|
|
183
|
+
"20m",
|
|
184
|
+
"--open",
|
|
185
|
+
],
|
|
186
|
+
"desc": "All 65535 ports with versions, OS, vulns",
|
|
187
|
+
},
|
|
127
188
|
# Service Detection
|
|
128
|
-
{
|
|
129
|
-
|
|
189
|
+
{
|
|
190
|
+
"name": "Service & Version",
|
|
191
|
+
"args": ["-Pn", "-sV", "-sC", "--open", "-T4"],
|
|
192
|
+
"desc": "Service detection + safe NSE scripts",
|
|
193
|
+
},
|
|
194
|
+
{
|
|
195
|
+
"name": "Vulnerability Scan",
|
|
196
|
+
"args": ["-Pn", "-sV", "--script", "vuln", "--open"],
|
|
197
|
+
"desc": "Detect known vulnerabilities (CVEs)",
|
|
198
|
+
},
|
|
130
199
|
# UDP Scanning
|
|
131
|
-
{
|
|
132
|
-
|
|
200
|
+
{
|
|
201
|
+
"name": "UDP Quick",
|
|
202
|
+
"args": ["-Pn", "-sU", "-sV", "--top-ports", "100"],
|
|
203
|
+
"desc": "Top 100 UDP ports",
|
|
204
|
+
},
|
|
205
|
+
{
|
|
206
|
+
"name": "UDP Deep",
|
|
207
|
+
"args": [
|
|
208
|
+
"-sU",
|
|
209
|
+
"-sV",
|
|
210
|
+
"--top-ports",
|
|
211
|
+
"1000",
|
|
212
|
+
"-T4",
|
|
213
|
+
"--host-timeout",
|
|
214
|
+
"20m",
|
|
215
|
+
"--open",
|
|
216
|
+
],
|
|
217
|
+
"desc": "Top 1000 UDP ports (slow)",
|
|
218
|
+
},
|
|
133
219
|
# Protocol Enumeration
|
|
134
|
-
{
|
|
135
|
-
|
|
220
|
+
{
|
|
221
|
+
"name": "SMB Enumeration",
|
|
222
|
+
"args": [
|
|
223
|
+
"-p445",
|
|
224
|
+
"--script",
|
|
225
|
+
"smb-enum-shares,smb-enum-users,smb-os-discovery",
|
|
226
|
+
],
|
|
227
|
+
"desc": "Shares, users, OS discovery",
|
|
228
|
+
},
|
|
229
|
+
{
|
|
230
|
+
"name": "HTTP Enumeration",
|
|
231
|
+
"args": [
|
|
232
|
+
"-p80,443,8080,8443",
|
|
233
|
+
"--script",
|
|
234
|
+
"http-enum,http-headers,http-methods,http-title",
|
|
235
|
+
],
|
|
236
|
+
"desc": "Web server info, directories, headers",
|
|
237
|
+
},
|
|
136
238
|
# Router/IoT Discovery
|
|
137
|
-
{
|
|
138
|
-
|
|
239
|
+
{
|
|
240
|
+
"name": "UPnP Discovery",
|
|
241
|
+
"args": [
|
|
242
|
+
"-sU",
|
|
243
|
+
"-sS",
|
|
244
|
+
"-p",
|
|
245
|
+
"U:1900,T:49152-49156,5000,2869",
|
|
246
|
+
"--script",
|
|
247
|
+
"upnp-info",
|
|
248
|
+
"-T4",
|
|
249
|
+
"--open",
|
|
250
|
+
],
|
|
251
|
+
"desc": "UPnP services on routers/IoT",
|
|
252
|
+
},
|
|
253
|
+
{
|
|
254
|
+
"name": "TR-069 Detection",
|
|
255
|
+
"args": ["-sV", "-p", "7547,4567,5555,8089", "-T4", "--open"],
|
|
256
|
+
"desc": "ISP remote management (CWMP)",
|
|
257
|
+
},
|
|
139
258
|
# macOS Discovery
|
|
140
|
-
{
|
|
141
|
-
|
|
259
|
+
{
|
|
260
|
+
"name": "macOS Services",
|
|
261
|
+
"args": [
|
|
262
|
+
"-sV",
|
|
263
|
+
"-p",
|
|
264
|
+
"548,5900,3283,5353",
|
|
265
|
+
"--script",
|
|
266
|
+
"afp-serverinfo,vnc-info",
|
|
267
|
+
"-T4",
|
|
268
|
+
"--open",
|
|
269
|
+
],
|
|
270
|
+
"desc": "AFP, VNC, ARD, Bonjour",
|
|
271
|
+
},
|
|
272
|
+
{
|
|
273
|
+
"name": "mDNS/Bonjour",
|
|
274
|
+
"args": [
|
|
275
|
+
"-sU",
|
|
276
|
+
"-p",
|
|
277
|
+
"5353",
|
|
278
|
+
"--script",
|
|
279
|
+
"dns-service-discovery,broadcast-dns-service-discovery",
|
|
280
|
+
"-T4",
|
|
281
|
+
"--open",
|
|
282
|
+
],
|
|
283
|
+
"desc": "Discover Apple devices via mDNS",
|
|
284
|
+
},
|
|
142
285
|
],
|
|
143
286
|
"help_sections": [
|
|
144
287
|
{
|
|
145
288
|
"title": "What is Nmap?",
|
|
146
289
|
"color": "cyan",
|
|
147
290
|
"content": [
|
|
148
|
-
{
|
|
149
|
-
|
|
150
|
-
"
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
"
|
|
154
|
-
|
|
155
|
-
|
|
291
|
+
{
|
|
292
|
+
"title": "Overview",
|
|
293
|
+
"desc": "Nmap is the industry-standard network scanner for host discovery, port scanning, service detection, and OS fingerprinting.",
|
|
294
|
+
},
|
|
295
|
+
{
|
|
296
|
+
"title": "Use Cases",
|
|
297
|
+
"desc": "Essential for network reconnaissance and security assessments",
|
|
298
|
+
"tips": [
|
|
299
|
+
"Discover live hosts on the network",
|
|
300
|
+
"Identify open ports and running services",
|
|
301
|
+
"Fingerprint operating systems and service versions",
|
|
302
|
+
"Find potential vulnerabilities with NSE scripts",
|
|
303
|
+
],
|
|
304
|
+
},
|
|
305
|
+
],
|
|
156
306
|
},
|
|
157
307
|
{
|
|
158
308
|
"title": "How to Use",
|
|
159
309
|
"color": "green",
|
|
160
310
|
"content": [
|
|
161
|
-
{
|
|
162
|
-
|
|
163
|
-
"
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
"
|
|
167
|
-
|
|
168
|
-
|
|
311
|
+
{
|
|
312
|
+
"title": "Basic Workflow",
|
|
313
|
+
"desc": "1. Start with discovery sweep (-sn) to find live hosts\n 2. Run fast scan (-F) to identify open ports\n 3. Deep scan with version detection (-sV -O) for detailed info\n 4. Run vulnerability scripts (--script vuln) on targets",
|
|
314
|
+
},
|
|
315
|
+
{
|
|
316
|
+
"title": "Scan Types",
|
|
317
|
+
"desc": "Different scans for different needs",
|
|
318
|
+
"tips": [
|
|
319
|
+
"Discovery: Quick ping sweep (no ports)",
|
|
320
|
+
"Fast Scan: Top 100 ports with 90s timeout",
|
|
321
|
+
"Full Scan: All 65535 ports with OS/version detection",
|
|
322
|
+
"UDP Scan: Check for UDP services (slower)",
|
|
323
|
+
],
|
|
324
|
+
},
|
|
325
|
+
],
|
|
169
326
|
},
|
|
170
327
|
{
|
|
171
328
|
"title": "Tips & Best Practices",
|
|
172
329
|
"color": "yellow",
|
|
173
330
|
"content": [
|
|
174
|
-
(
|
|
175
|
-
"
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
"
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
331
|
+
(
|
|
332
|
+
"Best Practices:",
|
|
333
|
+
[
|
|
334
|
+
"Start with quick discovery before deep scans",
|
|
335
|
+
"Use --host-timeout to skip slow/dead hosts",
|
|
336
|
+
"Save XML output for parsing (-oX output.xml)",
|
|
337
|
+
"Match scan intensity to your authorization level",
|
|
338
|
+
"Combine with service-specific checks for full coverage",
|
|
339
|
+
],
|
|
340
|
+
),
|
|
341
|
+
(
|
|
342
|
+
"Common Issues:",
|
|
343
|
+
[
|
|
344
|
+
"Slow scans: Use -F for fast mode or increase -T timing",
|
|
345
|
+
"UDP timeout: Add --host-timeout 10m for UDP scans",
|
|
346
|
+
"Missed hosts: Try different ping techniques (-PS, -PA, -PU)",
|
|
347
|
+
"Permission denied: Some scan types require root/sudo",
|
|
348
|
+
],
|
|
349
|
+
),
|
|
350
|
+
],
|
|
351
|
+
},
|
|
352
|
+
],
|
|
190
353
|
}
|
|
191
354
|
|
|
192
355
|
|
|
@@ -199,15 +362,28 @@ class NmapPlugin(PluginBase):
|
|
|
199
362
|
def _requires_root(self, args: List[str]) -> bool:
|
|
200
363
|
"""Check if the nmap arguments require root/sudo privileges."""
|
|
201
364
|
# UDP scans (-sU) and some other scan types require root
|
|
202
|
-
root_required_flags = [
|
|
365
|
+
root_required_flags = [
|
|
366
|
+
"-sU",
|
|
367
|
+
"-sS",
|
|
368
|
+
"-sA",
|
|
369
|
+
"-sW",
|
|
370
|
+
"-sM",
|
|
371
|
+
"-sN",
|
|
372
|
+
"-sF",
|
|
373
|
+
"-sX",
|
|
374
|
+
"-O",
|
|
375
|
+
]
|
|
203
376
|
return any(flag in args for flag in root_required_flags)
|
|
204
377
|
|
|
205
378
|
def _is_root(self) -> bool:
|
|
206
379
|
"""Check if running as root."""
|
|
207
380
|
import os
|
|
381
|
+
|
|
208
382
|
return os.geteuid() == 0
|
|
209
383
|
|
|
210
|
-
def build_command(
|
|
384
|
+
def build_command(
|
|
385
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
386
|
+
):
|
|
211
387
|
"""Build nmap command for background execution with PID tracking."""
|
|
212
388
|
args = args or []
|
|
213
389
|
|
|
@@ -241,12 +417,11 @@ class NmapPlugin(PluginBase):
|
|
|
241
417
|
if self._requires_root(args) and not self._is_root():
|
|
242
418
|
cmd = ["sudo", "-n"] + cmd # -n = non-interactive (no password prompt)
|
|
243
419
|
|
|
244
|
-
return {
|
|
245
|
-
'cmd': cmd,
|
|
246
|
-
'timeout': 3600 # 1 hour timeout
|
|
247
|
-
}
|
|
420
|
+
return {"cmd": cmd, "timeout": 3600} # 1 hour timeout
|
|
248
421
|
|
|
249
|
-
def run(
|
|
422
|
+
def run(
|
|
423
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
424
|
+
) -> int:
|
|
250
425
|
"""Execute nmap scan and write output to log_path."""
|
|
251
426
|
args = args or []
|
|
252
427
|
|
|
@@ -293,7 +468,9 @@ class NmapPlugin(PluginBase):
|
|
|
293
468
|
try:
|
|
294
469
|
with open(log_path, "a", encoding="utf-8", errors="replace") as fh:
|
|
295
470
|
fh.write(f"Command: {' '.join(cmd)}\n")
|
|
296
|
-
fh.write(
|
|
471
|
+
fh.write(
|
|
472
|
+
f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n\n"
|
|
473
|
+
)
|
|
297
474
|
fh.flush()
|
|
298
475
|
|
|
299
476
|
proc = subprocess.run(
|
|
@@ -301,10 +478,12 @@ class NmapPlugin(PluginBase):
|
|
|
301
478
|
stdout=fh,
|
|
302
479
|
stderr=subprocess.STDOUT,
|
|
303
480
|
timeout=3600, # 1 hour timeout
|
|
304
|
-
check=False
|
|
481
|
+
check=False,
|
|
305
482
|
)
|
|
306
483
|
|
|
307
|
-
fh.write(
|
|
484
|
+
fh.write(
|
|
485
|
+
f"\nCompleted: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
|
|
486
|
+
)
|
|
308
487
|
fh.write(f"Exit Code: {proc.returncode}\n")
|
|
309
488
|
|
|
310
489
|
return proc.returncode
|
|
@@ -328,14 +507,19 @@ class NmapPlugin(PluginBase):
|
|
|
328
507
|
"""Old-style execution for backward compatibility."""
|
|
329
508
|
try:
|
|
330
509
|
from ..scanner import run_nmap
|
|
331
|
-
|
|
510
|
+
|
|
511
|
+
logpath, rc, xmlpath, summary = run_nmap(
|
|
512
|
+
target, args, label, save_xml=False
|
|
513
|
+
)
|
|
332
514
|
return rc
|
|
333
515
|
except ImportError:
|
|
334
516
|
# Split target on whitespace to handle multiple IPs/hosts
|
|
335
517
|
target_list = target.split()
|
|
336
518
|
cmd = ["nmap"] + (args or []) + target_list
|
|
337
519
|
try:
|
|
338
|
-
proc = subprocess.run(
|
|
520
|
+
proc = subprocess.run(
|
|
521
|
+
cmd, capture_output=True, timeout=3600, check=False
|
|
522
|
+
)
|
|
339
523
|
return proc.returncode
|
|
340
524
|
except Exception:
|
|
341
525
|
return 1
|