souleyez 2.43.29__py3-none-any.whl → 2.43.34__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -2
- souleyez/ai/__init__.py +21 -15
- souleyez/ai/action_mapper.py +249 -150
- souleyez/ai/chain_advisor.py +116 -100
- souleyez/ai/claude_provider.py +29 -28
- souleyez/ai/context_builder.py +80 -62
- souleyez/ai/executor.py +158 -117
- souleyez/ai/feedback_handler.py +136 -121
- souleyez/ai/llm_factory.py +27 -20
- souleyez/ai/llm_provider.py +4 -2
- souleyez/ai/ollama_provider.py +6 -9
- souleyez/ai/ollama_service.py +44 -37
- souleyez/ai/path_scorer.py +91 -76
- souleyez/ai/recommender.py +176 -144
- souleyez/ai/report_context.py +74 -73
- souleyez/ai/report_service.py +84 -66
- souleyez/ai/result_parser.py +222 -229
- souleyez/ai/safety.py +67 -44
- souleyez/auth/__init__.py +23 -22
- souleyez/auth/audit.py +36 -26
- souleyez/auth/engagement_access.py +65 -48
- souleyez/auth/permissions.py +14 -3
- souleyez/auth/session_manager.py +54 -37
- souleyez/auth/user_manager.py +109 -64
- souleyez/commands/audit.py +40 -43
- souleyez/commands/auth.py +35 -15
- souleyez/commands/deliverables.py +55 -50
- souleyez/commands/engagement.py +47 -28
- souleyez/commands/license.py +32 -23
- souleyez/commands/screenshots.py +36 -32
- souleyez/commands/user.py +82 -36
- souleyez/config.py +52 -44
- souleyez/core/credential_tester.py +87 -81
- souleyez/core/cve_mappings.py +179 -192
- souleyez/core/cve_matcher.py +162 -148
- souleyez/core/msf_auto_mapper.py +100 -83
- souleyez/core/msf_chain_engine.py +294 -256
- souleyez/core/msf_database.py +153 -70
- souleyez/core/msf_integration.py +679 -673
- souleyez/core/msf_rpc_client.py +40 -42
- souleyez/core/msf_rpc_manager.py +77 -79
- souleyez/core/msf_sync_manager.py +241 -181
- souleyez/core/network_utils.py +22 -15
- souleyez/core/parser_handler.py +34 -25
- souleyez/core/pending_chains.py +114 -63
- souleyez/core/templates.py +158 -107
- souleyez/core/tool_chaining.py +9526 -2879
- souleyez/core/version_utils.py +79 -94
- souleyez/core/vuln_correlation.py +136 -89
- souleyez/core/web_utils.py +33 -32
- souleyez/data/wordlists/ad_users.txt +378 -0
- souleyez/data/wordlists/api_endpoints_large.txt +769 -0
- souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
- souleyez/data/wordlists/lfi_payloads.txt +82 -0
- souleyez/data/wordlists/passwords_brute.txt +1548 -0
- souleyez/data/wordlists/passwords_crack.txt +2479 -0
- souleyez/data/wordlists/passwords_spray.txt +386 -0
- souleyez/data/wordlists/subdomains_large.txt +5057 -0
- souleyez/data/wordlists/usernames_common.txt +694 -0
- souleyez/data/wordlists/web_dirs_large.txt +4769 -0
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +12 -17
- souleyez/detection/mitre_mappings.py +61 -55
- souleyez/detection/validator.py +97 -86
- souleyez/devtools.py +23 -10
- souleyez/docs/README.md +4 -4
- souleyez/docs/api-reference/cli-commands.md +2 -2
- souleyez/docs/developer-guide/adding-new-tools.md +562 -0
- souleyez/docs/user-guide/auto-chaining.md +30 -8
- souleyez/docs/user-guide/getting-started.md +1 -1
- souleyez/docs/user-guide/installation.md +26 -3
- souleyez/docs/user-guide/metasploit-integration.md +2 -2
- souleyez/docs/user-guide/rbac.md +1 -1
- souleyez/docs/user-guide/scope-management.md +1 -1
- souleyez/docs/user-guide/siem-integration.md +1 -1
- souleyez/docs/user-guide/tools-reference.md +1 -8
- souleyez/docs/user-guide/worker-management.md +1 -1
- souleyez/engine/background.py +1239 -535
- souleyez/engine/base.py +4 -1
- souleyez/engine/job_status.py +17 -49
- souleyez/engine/log_sanitizer.py +103 -77
- souleyez/engine/manager.py +38 -7
- souleyez/engine/result_handler.py +2200 -1550
- souleyez/engine/worker_manager.py +50 -41
- souleyez/export/evidence_bundle.py +72 -62
- souleyez/feature_flags/features.py +16 -20
- souleyez/feature_flags.py +5 -9
- souleyez/handlers/__init__.py +11 -0
- souleyez/handlers/base.py +188 -0
- souleyez/handlers/bash_handler.py +277 -0
- souleyez/handlers/bloodhound_handler.py +243 -0
- souleyez/handlers/certipy_handler.py +311 -0
- souleyez/handlers/crackmapexec_handler.py +486 -0
- souleyez/handlers/dnsrecon_handler.py +344 -0
- souleyez/handlers/enum4linux_handler.py +400 -0
- souleyez/handlers/evil_winrm_handler.py +493 -0
- souleyez/handlers/ffuf_handler.py +815 -0
- souleyez/handlers/gobuster_handler.py +1114 -0
- souleyez/handlers/gpp_extract_handler.py +334 -0
- souleyez/handlers/hashcat_handler.py +444 -0
- souleyez/handlers/hydra_handler.py +563 -0
- souleyez/handlers/impacket_getuserspns_handler.py +343 -0
- souleyez/handlers/impacket_psexec_handler.py +222 -0
- souleyez/handlers/impacket_secretsdump_handler.py +426 -0
- souleyez/handlers/john_handler.py +286 -0
- souleyez/handlers/katana_handler.py +425 -0
- souleyez/handlers/kerbrute_handler.py +298 -0
- souleyez/handlers/ldapsearch_handler.py +636 -0
- souleyez/handlers/lfi_extract_handler.py +464 -0
- souleyez/handlers/msf_auxiliary_handler.py +408 -0
- souleyez/handlers/msf_exploit_handler.py +380 -0
- souleyez/handlers/nikto_handler.py +413 -0
- souleyez/handlers/nmap_handler.py +821 -0
- souleyez/handlers/nuclei_handler.py +359 -0
- souleyez/handlers/nxc_handler.py +371 -0
- souleyez/handlers/rdp_sec_check_handler.py +353 -0
- souleyez/handlers/registry.py +292 -0
- souleyez/handlers/responder_handler.py +232 -0
- souleyez/handlers/service_explorer_handler.py +434 -0
- souleyez/handlers/smbclient_handler.py +344 -0
- souleyez/handlers/smbmap_handler.py +510 -0
- souleyez/handlers/smbpasswd_handler.py +296 -0
- souleyez/handlers/sqlmap_handler.py +1116 -0
- souleyez/handlers/theharvester_handler.py +601 -0
- souleyez/handlers/web_login_test_handler.py +327 -0
- souleyez/handlers/whois_handler.py +277 -0
- souleyez/handlers/wpscan_handler.py +554 -0
- souleyez/history.py +32 -16
- souleyez/importers/msf_importer.py +106 -75
- souleyez/importers/smart_importer.py +208 -147
- souleyez/integrations/siem/__init__.py +10 -10
- souleyez/integrations/siem/base.py +17 -18
- souleyez/integrations/siem/elastic.py +108 -122
- souleyez/integrations/siem/factory.py +207 -80
- souleyez/integrations/siem/googlesecops.py +146 -154
- souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
- souleyez/integrations/siem/sentinel.py +107 -109
- souleyez/integrations/siem/splunk.py +246 -212
- souleyez/integrations/siem/wazuh.py +65 -71
- souleyez/integrations/wazuh/__init__.py +5 -5
- souleyez/integrations/wazuh/client.py +70 -93
- souleyez/integrations/wazuh/config.py +85 -57
- souleyez/integrations/wazuh/host_mapper.py +28 -36
- souleyez/integrations/wazuh/sync.py +78 -68
- souleyez/intelligence/__init__.py +4 -5
- souleyez/intelligence/correlation_analyzer.py +309 -295
- souleyez/intelligence/exploit_knowledge.py +661 -623
- souleyez/intelligence/exploit_suggestions.py +159 -139
- souleyez/intelligence/gap_analyzer.py +132 -97
- souleyez/intelligence/gap_detector.py +251 -214
- souleyez/intelligence/sensitive_tables.py +266 -129
- souleyez/intelligence/service_parser.py +137 -123
- souleyez/intelligence/surface_analyzer.py +407 -268
- souleyez/intelligence/target_parser.py +159 -162
- souleyez/licensing/__init__.py +6 -6
- souleyez/licensing/validator.py +17 -19
- souleyez/log_config.py +79 -54
- souleyez/main.py +1505 -687
- souleyez/migrations/fix_job_counter.py +16 -14
- souleyez/parsers/bloodhound_parser.py +41 -39
- souleyez/parsers/crackmapexec_parser.py +178 -111
- souleyez/parsers/dalfox_parser.py +72 -77
- souleyez/parsers/dnsrecon_parser.py +103 -91
- souleyez/parsers/enum4linux_parser.py +183 -153
- souleyez/parsers/ffuf_parser.py +29 -25
- souleyez/parsers/gobuster_parser.py +301 -41
- souleyez/parsers/hashcat_parser.py +324 -79
- souleyez/parsers/http_fingerprint_parser.py +350 -103
- souleyez/parsers/hydra_parser.py +131 -111
- souleyez/parsers/impacket_parser.py +231 -178
- souleyez/parsers/john_parser.py +98 -86
- souleyez/parsers/katana_parser.py +316 -0
- souleyez/parsers/msf_parser.py +943 -498
- souleyez/parsers/nikto_parser.py +346 -65
- souleyez/parsers/nmap_parser.py +262 -174
- souleyez/parsers/nuclei_parser.py +40 -44
- souleyez/parsers/responder_parser.py +26 -26
- souleyez/parsers/searchsploit_parser.py +74 -74
- souleyez/parsers/service_explorer_parser.py +279 -0
- souleyez/parsers/smbmap_parser.py +180 -124
- souleyez/parsers/sqlmap_parser.py +434 -308
- souleyez/parsers/theharvester_parser.py +75 -57
- souleyez/parsers/whois_parser.py +135 -94
- souleyez/parsers/wpscan_parser.py +278 -190
- souleyez/plugins/afp.py +44 -36
- souleyez/plugins/afp_brute.py +114 -46
- souleyez/plugins/ard.py +48 -37
- souleyez/plugins/bloodhound.py +95 -61
- souleyez/plugins/certipy.py +303 -0
- souleyez/plugins/crackmapexec.py +186 -85
- souleyez/plugins/dalfox.py +120 -59
- souleyez/plugins/dns_hijack.py +146 -41
- souleyez/plugins/dnsrecon.py +97 -61
- souleyez/plugins/enum4linux.py +91 -66
- souleyez/plugins/evil_winrm.py +291 -0
- souleyez/plugins/ffuf.py +166 -90
- souleyez/plugins/firmware_extract.py +133 -29
- souleyez/plugins/gobuster.py +387 -190
- souleyez/plugins/gpp_extract.py +393 -0
- souleyez/plugins/hashcat.py +100 -73
- souleyez/plugins/http_fingerprint.py +854 -267
- souleyez/plugins/hydra.py +566 -200
- souleyez/plugins/impacket_getnpusers.py +117 -69
- souleyez/plugins/impacket_psexec.py +84 -64
- souleyez/plugins/impacket_secretsdump.py +103 -69
- souleyez/plugins/impacket_smbclient.py +89 -75
- souleyez/plugins/john.py +86 -69
- souleyez/plugins/katana.py +313 -0
- souleyez/plugins/kerbrute.py +237 -0
- souleyez/plugins/lfi_extract.py +541 -0
- souleyez/plugins/macos_ssh.py +117 -48
- souleyez/plugins/mdns.py +35 -30
- souleyez/plugins/msf_auxiliary.py +253 -130
- souleyez/plugins/msf_exploit.py +239 -161
- souleyez/plugins/nikto.py +134 -78
- souleyez/plugins/nmap.py +275 -91
- souleyez/plugins/nuclei.py +180 -89
- souleyez/plugins/nxc.py +285 -0
- souleyez/plugins/plugin_base.py +35 -36
- souleyez/plugins/plugin_template.py +13 -5
- souleyez/plugins/rdp_sec_check.py +130 -0
- souleyez/plugins/responder.py +112 -71
- souleyez/plugins/router_http_brute.py +76 -65
- souleyez/plugins/router_ssh_brute.py +118 -41
- souleyez/plugins/router_telnet_brute.py +124 -42
- souleyez/plugins/routersploit.py +91 -59
- souleyez/plugins/routersploit_exploit.py +77 -55
- souleyez/plugins/searchsploit.py +91 -77
- souleyez/plugins/service_explorer.py +1160 -0
- souleyez/plugins/smbmap.py +122 -72
- souleyez/plugins/smbpasswd.py +215 -0
- souleyez/plugins/sqlmap.py +301 -113
- souleyez/plugins/theharvester.py +127 -75
- souleyez/plugins/tr069.py +79 -57
- souleyez/plugins/upnp.py +65 -47
- souleyez/plugins/upnp_abuse.py +73 -55
- souleyez/plugins/vnc_access.py +129 -42
- souleyez/plugins/vnc_brute.py +109 -38
- souleyez/plugins/web_login_test.py +417 -0
- souleyez/plugins/whois.py +77 -58
- souleyez/plugins/wpscan.py +173 -69
- souleyez/reporting/__init__.py +2 -1
- souleyez/reporting/attack_chain.py +411 -346
- souleyez/reporting/charts.py +436 -501
- souleyez/reporting/compliance_mappings.py +334 -201
- souleyez/reporting/detection_report.py +126 -125
- souleyez/reporting/formatters.py +828 -591
- souleyez/reporting/generator.py +386 -302
- souleyez/reporting/metrics.py +72 -75
- souleyez/scanner.py +35 -29
- souleyez/security/__init__.py +37 -11
- souleyez/security/scope_validator.py +175 -106
- souleyez/security/validation.py +223 -149
- souleyez/security.py +22 -6
- souleyez/storage/credentials.py +247 -186
- souleyez/storage/crypto.py +296 -129
- souleyez/storage/database.py +73 -50
- souleyez/storage/db.py +58 -36
- souleyez/storage/deliverable_evidence.py +177 -128
- souleyez/storage/deliverable_exporter.py +282 -246
- souleyez/storage/deliverable_templates.py +134 -116
- souleyez/storage/deliverables.py +135 -130
- souleyez/storage/engagements.py +109 -56
- souleyez/storage/evidence.py +181 -152
- souleyez/storage/execution_log.py +31 -17
- souleyez/storage/exploit_attempts.py +93 -57
- souleyez/storage/exploits.py +67 -36
- souleyez/storage/findings.py +48 -61
- souleyez/storage/hosts.py +176 -144
- souleyez/storage/migrate_to_engagements.py +43 -19
- souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
- souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
- souleyez/storage/migrations/_003_add_execution_log.py +14 -8
- souleyez/storage/migrations/_005_screenshots.py +13 -5
- souleyez/storage/migrations/_006_deliverables.py +13 -5
- souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
- souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
- souleyez/storage/migrations/_010_evidence_linking.py +17 -10
- souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
- souleyez/storage/migrations/_012_team_collaboration.py +34 -21
- souleyez/storage/migrations/_013_add_host_tags.py +12 -6
- souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
- souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
- souleyez/storage/migrations/_016_add_domain_field.py +10 -4
- souleyez/storage/migrations/_017_msf_sessions.py +16 -8
- souleyez/storage/migrations/_018_add_osint_target.py +10 -6
- souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
- souleyez/storage/migrations/_020_add_rbac.py +36 -15
- souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
- souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
- souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
- souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
- souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
- souleyez/storage/migrations/__init__.py +26 -26
- souleyez/storage/migrations/migration_manager.py +19 -19
- souleyez/storage/msf_sessions.py +100 -65
- souleyez/storage/osint.py +17 -24
- souleyez/storage/recommendation_engine.py +269 -235
- souleyez/storage/screenshots.py +33 -32
- souleyez/storage/smb_shares.py +136 -92
- souleyez/storage/sqlmap_data.py +183 -128
- souleyez/storage/team_collaboration.py +135 -141
- souleyez/storage/timeline_tracker.py +122 -94
- souleyez/storage/wazuh_vulns.py +64 -66
- souleyez/storage/web_paths.py +33 -37
- souleyez/testing/credential_tester.py +221 -205
- souleyez/ui/__init__.py +1 -1
- souleyez/ui/ai_quotes.py +12 -12
- souleyez/ui/attack_surface.py +2439 -1516
- souleyez/ui/chain_rules_view.py +914 -382
- souleyez/ui/correlation_view.py +312 -230
- souleyez/ui/dashboard.py +2382 -1130
- souleyez/ui/deliverables_view.py +148 -62
- souleyez/ui/design_system.py +13 -13
- souleyez/ui/errors.py +49 -49
- souleyez/ui/evidence_linking_view.py +284 -179
- souleyez/ui/evidence_vault.py +393 -285
- souleyez/ui/exploit_suggestions_view.py +555 -349
- souleyez/ui/export_view.py +100 -66
- souleyez/ui/gap_analysis_view.py +315 -171
- souleyez/ui/help_system.py +105 -97
- souleyez/ui/intelligence_view.py +436 -293
- souleyez/ui/interactive.py +22827 -10678
- souleyez/ui/interactive_selector.py +75 -68
- souleyez/ui/log_formatter.py +47 -39
- souleyez/ui/menu_components.py +22 -13
- souleyez/ui/msf_auxiliary_menu.py +184 -133
- souleyez/ui/pending_chains_view.py +336 -172
- souleyez/ui/progress_indicators.py +5 -3
- souleyez/ui/recommendations_view.py +195 -137
- souleyez/ui/rule_builder.py +343 -225
- souleyez/ui/setup_wizard.py +678 -284
- souleyez/ui/shortcuts.py +217 -165
- souleyez/ui/splunk_gap_analysis_view.py +452 -270
- souleyez/ui/splunk_vulns_view.py +139 -86
- souleyez/ui/team_dashboard.py +498 -335
- souleyez/ui/template_selector.py +196 -105
- souleyez/ui/terminal.py +6 -6
- souleyez/ui/timeline_view.py +198 -127
- souleyez/ui/tool_setup.py +264 -164
- souleyez/ui/tutorial.py +202 -72
- souleyez/ui/tutorial_state.py +40 -40
- souleyez/ui/wazuh_vulns_view.py +235 -141
- souleyez/ui/wordlist_browser.py +260 -107
- souleyez/ui.py +464 -312
- souleyez/utils/tool_checker.py +427 -367
- souleyez/utils.py +33 -29
- souleyez/wordlists.py +134 -167
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/METADATA +1 -1
- souleyez-2.43.34.dist-info/RECORD +443 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/WHEEL +1 -1
- souleyez-2.43.29.dist-info/RECORD +0 -379
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/top_level.txt +0 -0
souleyez/plugins/nuclei.py
CHANGED
|
@@ -26,11 +26,11 @@ HELP = {
|
|
|
26
26
|
"- Results include CVE IDs that link to SearchSploit for exploit discovery\n"
|
|
27
27
|
"- Fast and concurrent - use -rate-limit to avoid overwhelming targets\n"
|
|
28
28
|
),
|
|
29
|
-
"usage":
|
|
29
|
+
"usage": 'souleyez jobs enqueue nuclei <target> --args "-severity critical,high"',
|
|
30
30
|
"examples": [
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
31
|
+
'souleyez jobs enqueue nuclei http://example.com --args "-severity critical,high"',
|
|
32
|
+
'souleyez jobs enqueue nuclei http://example.com --args "-tags cve,exposure"',
|
|
33
|
+
'souleyez jobs enqueue nuclei http://example.com --args "-tags default-login"',
|
|
34
34
|
],
|
|
35
35
|
"flags": [
|
|
36
36
|
["-severity <level>", "Filter by severity (critical,high,medium,low,info)"],
|
|
@@ -44,143 +44,219 @@ HELP = {
|
|
|
44
44
|
{
|
|
45
45
|
"name": "Critical Only",
|
|
46
46
|
"args": ["-severity", "critical"],
|
|
47
|
-
"desc": "Critical severity vulnerabilities only"
|
|
47
|
+
"desc": "Critical severity vulnerabilities only",
|
|
48
48
|
},
|
|
49
49
|
{
|
|
50
50
|
"name": "High + Critical",
|
|
51
51
|
"args": ["-severity", "critical,high"],
|
|
52
|
-
"desc": "High and critical vulnerabilities (recommended)"
|
|
52
|
+
"desc": "High and critical vulnerabilities (recommended)",
|
|
53
53
|
},
|
|
54
54
|
{
|
|
55
55
|
"name": "Full Scan",
|
|
56
56
|
"args": ["-severity", "critical,high,medium"],
|
|
57
|
-
"desc": "Comprehensive scan (critical, high, medium)"
|
|
58
|
-
}
|
|
57
|
+
"desc": "Comprehensive scan (critical, high, medium)",
|
|
58
|
+
},
|
|
59
59
|
],
|
|
60
60
|
"by_category": [
|
|
61
61
|
{
|
|
62
62
|
"name": "CVE Detection",
|
|
63
63
|
"args": ["-tags", "cve"],
|
|
64
|
-
"desc": "Scan for known CVEs"
|
|
64
|
+
"desc": "Scan for known CVEs",
|
|
65
65
|
},
|
|
66
66
|
{
|
|
67
67
|
"name": "Exposure Detection",
|
|
68
68
|
"args": ["-tags", "exposure"],
|
|
69
|
-
"desc": "Detect sensitive file exposures"
|
|
69
|
+
"desc": "Detect sensitive file exposures",
|
|
70
70
|
},
|
|
71
71
|
{
|
|
72
72
|
"name": "Default Credentials",
|
|
73
73
|
"args": ["-tags", "default-login"],
|
|
74
|
-
"desc": "Check for default login panels"
|
|
74
|
+
"desc": "Check for default login panels",
|
|
75
75
|
},
|
|
76
76
|
{
|
|
77
77
|
"name": "Misconfigurations",
|
|
78
78
|
"args": ["-tags", "misconfiguration"],
|
|
79
|
-
"desc": "Detect common misconfigurations"
|
|
80
|
-
}
|
|
79
|
+
"desc": "Detect common misconfigurations",
|
|
80
|
+
},
|
|
81
81
|
],
|
|
82
82
|
"owasp_injection": [
|
|
83
83
|
{
|
|
84
84
|
"name": "XSS Scan",
|
|
85
85
|
"args": ["-tags", "xss,rxss"],
|
|
86
|
-
"desc": "Reflected/Stored XSS detection"
|
|
86
|
+
"desc": "Reflected/Stored XSS detection",
|
|
87
87
|
},
|
|
88
88
|
{
|
|
89
89
|
"name": "SSTI Scan",
|
|
90
90
|
"args": ["-tags", "ssti"],
|
|
91
|
-
"desc": "Server-Side Template Injection"
|
|
91
|
+
"desc": "Server-Side Template Injection",
|
|
92
92
|
},
|
|
93
93
|
{
|
|
94
94
|
"name": "SSRF Scan",
|
|
95
95
|
"args": ["-tags", "ssrf"],
|
|
96
|
-
"desc": "Server-Side Request Forgery"
|
|
96
|
+
"desc": "Server-Side Request Forgery",
|
|
97
97
|
},
|
|
98
98
|
{
|
|
99
99
|
"name": "Command Injection",
|
|
100
100
|
"args": ["-tags", "rce,cmdi"],
|
|
101
|
-
"desc": "Remote Code/Command Execution"
|
|
101
|
+
"desc": "Remote Code/Command Execution",
|
|
102
102
|
},
|
|
103
103
|
{
|
|
104
104
|
"name": "LFI/RFI Scan",
|
|
105
105
|
"args": ["-tags", "lfi,rfi"],
|
|
106
|
-
"desc": "Local/Remote File Inclusion"
|
|
106
|
+
"desc": "Local/Remote File Inclusion",
|
|
107
107
|
},
|
|
108
108
|
{
|
|
109
109
|
"name": "Open Redirect",
|
|
110
110
|
"args": ["-tags", "redirect"],
|
|
111
|
-
"desc": "Open redirect vulnerabilities"
|
|
111
|
+
"desc": "Open redirect vulnerabilities",
|
|
112
112
|
},
|
|
113
113
|
{
|
|
114
114
|
"name": "Full OWASP",
|
|
115
115
|
"args": ["-severity", "critical,high", "-tags", "owasp"],
|
|
116
|
-
"desc": "All OWASP-tagged templates"
|
|
117
|
-
}
|
|
118
|
-
]
|
|
116
|
+
"desc": "All OWASP-tagged templates",
|
|
117
|
+
},
|
|
118
|
+
],
|
|
119
119
|
},
|
|
120
120
|
"presets": [
|
|
121
|
-
{
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
{
|
|
127
|
-
|
|
121
|
+
{
|
|
122
|
+
"name": "Critical Only",
|
|
123
|
+
"args": ["-severity", "critical"],
|
|
124
|
+
"desc": "Critical severity vulnerabilities only",
|
|
125
|
+
},
|
|
126
|
+
{
|
|
127
|
+
"name": "High + Critical",
|
|
128
|
+
"args": ["-severity", "critical,high"],
|
|
129
|
+
"desc": "High and critical vulnerabilities (recommended)",
|
|
130
|
+
},
|
|
131
|
+
{
|
|
132
|
+
"name": "Full Scan",
|
|
133
|
+
"args": ["-severity", "critical,high,medium"],
|
|
134
|
+
"desc": "Comprehensive scan (critical, high, medium)",
|
|
135
|
+
},
|
|
136
|
+
{
|
|
137
|
+
"name": "CVE Detection",
|
|
138
|
+
"args": ["-tags", "cve"],
|
|
139
|
+
"desc": "Scan for known CVEs",
|
|
140
|
+
},
|
|
141
|
+
{
|
|
142
|
+
"name": "Exposure Detection",
|
|
143
|
+
"args": ["-tags", "exposure"],
|
|
144
|
+
"desc": "Detect sensitive file exposures",
|
|
145
|
+
},
|
|
146
|
+
{
|
|
147
|
+
"name": "Default Credentials",
|
|
148
|
+
"args": ["-tags", "default-login"],
|
|
149
|
+
"desc": "Check for default login panels",
|
|
150
|
+
},
|
|
151
|
+
{
|
|
152
|
+
"name": "Misconfigurations",
|
|
153
|
+
"args": ["-tags", "misconfiguration"],
|
|
154
|
+
"desc": "Detect common misconfigurations",
|
|
155
|
+
},
|
|
128
156
|
# OWASP Injection presets
|
|
129
|
-
{
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
{
|
|
135
|
-
|
|
157
|
+
{
|
|
158
|
+
"name": "XSS Scan",
|
|
159
|
+
"args": ["-tags", "xss,rxss"],
|
|
160
|
+
"desc": "Reflected/Stored XSS detection",
|
|
161
|
+
},
|
|
162
|
+
{
|
|
163
|
+
"name": "SSTI Scan",
|
|
164
|
+
"args": ["-tags", "ssti"],
|
|
165
|
+
"desc": "Server-Side Template Injection",
|
|
166
|
+
},
|
|
167
|
+
{
|
|
168
|
+
"name": "SSRF Scan",
|
|
169
|
+
"args": ["-tags", "ssrf"],
|
|
170
|
+
"desc": "Server-Side Request Forgery",
|
|
171
|
+
},
|
|
172
|
+
{
|
|
173
|
+
"name": "Command Injection",
|
|
174
|
+
"args": ["-tags", "rce,cmdi"],
|
|
175
|
+
"desc": "Remote Code/Command Execution",
|
|
176
|
+
},
|
|
177
|
+
{
|
|
178
|
+
"name": "LFI/RFI Scan",
|
|
179
|
+
"args": ["-tags", "lfi,rfi"],
|
|
180
|
+
"desc": "Local/Remote File Inclusion",
|
|
181
|
+
},
|
|
182
|
+
{
|
|
183
|
+
"name": "Open Redirect",
|
|
184
|
+
"args": ["-tags", "redirect"],
|
|
185
|
+
"desc": "Open redirect vulnerabilities",
|
|
186
|
+
},
|
|
187
|
+
{
|
|
188
|
+
"name": "Full OWASP",
|
|
189
|
+
"args": ["-severity", "critical,high", "-tags", "owasp"],
|
|
190
|
+
"desc": "All OWASP-tagged templates",
|
|
191
|
+
},
|
|
136
192
|
],
|
|
137
193
|
"help_sections": [
|
|
138
194
|
{
|
|
139
195
|
"title": "What is Nuclei?",
|
|
140
196
|
"color": "cyan",
|
|
141
197
|
"content": [
|
|
142
|
-
{
|
|
143
|
-
|
|
144
|
-
"
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
"
|
|
148
|
-
|
|
149
|
-
|
|
198
|
+
{
|
|
199
|
+
"title": "Overview",
|
|
200
|
+
"desc": "Nuclei is the modern, industry-standard vulnerability scanner with 5000+ community-maintained templates updated daily, providing high accuracy and low false positives.",
|
|
201
|
+
},
|
|
202
|
+
{
|
|
203
|
+
"title": "Use Cases",
|
|
204
|
+
"desc": "Essential for web vulnerability detection",
|
|
205
|
+
"tips": [
|
|
206
|
+
"Detect CVEs with daily-updated templates",
|
|
207
|
+
"Find exposed sensitive files and configurations",
|
|
208
|
+
"Check for default credentials and logins",
|
|
209
|
+
"Identify misconfigurations and security issues",
|
|
210
|
+
],
|
|
211
|
+
},
|
|
212
|
+
],
|
|
150
213
|
},
|
|
151
214
|
{
|
|
152
215
|
"title": "How to Use",
|
|
153
216
|
"color": "green",
|
|
154
217
|
"content": [
|
|
155
|
-
{
|
|
156
|
-
|
|
157
|
-
"
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
"
|
|
161
|
-
|
|
162
|
-
|
|
218
|
+
{
|
|
219
|
+
"title": "Basic Workflow",
|
|
220
|
+
"desc": "1. Update templates (nuclei -update-templates)\n 2. Filter by severity (-severity critical,high)\n 3. Use tags for specific categories (-tags cve,exposure)\n 4. Review findings and verify manually",
|
|
221
|
+
},
|
|
222
|
+
{
|
|
223
|
+
"title": "Key Features",
|
|
224
|
+
"desc": "Powerful template-based scanning",
|
|
225
|
+
"tips": [
|
|
226
|
+
"Severity filtering: -severity critical,high",
|
|
227
|
+
"Tag filtering: -tags cve,exposure,misconfiguration",
|
|
228
|
+
"Fast and concurrent with customizable rate limits",
|
|
229
|
+
"Results include CVE IDs and CVSS scores",
|
|
230
|
+
],
|
|
231
|
+
},
|
|
232
|
+
],
|
|
163
233
|
},
|
|
164
234
|
{
|
|
165
235
|
"title": "Tips & Best Practices",
|
|
166
236
|
"color": "yellow",
|
|
167
237
|
"content": [
|
|
168
|
-
(
|
|
169
|
-
"
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
"
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
238
|
+
(
|
|
239
|
+
"Best Practices:",
|
|
240
|
+
[
|
|
241
|
+
"Update templates regularly for latest CVEs",
|
|
242
|
+
"Start with critical/high severity only",
|
|
243
|
+
"Use -rate-limit to avoid overwhelming targets",
|
|
244
|
+
"Verify findings manually before reporting",
|
|
245
|
+
"Link CVE IDs to SearchSploit for exploits",
|
|
246
|
+
],
|
|
247
|
+
),
|
|
248
|
+
(
|
|
249
|
+
"Common Issues:",
|
|
250
|
+
[
|
|
251
|
+
"Too many results: Filter by severity or tags",
|
|
252
|
+
"Rate limiting: Add -rate-limit or reduce concurrency",
|
|
253
|
+
"False positives: Always verify critical findings",
|
|
254
|
+
"Outdated templates: Run -update-templates regularly",
|
|
255
|
+
],
|
|
256
|
+
),
|
|
257
|
+
],
|
|
258
|
+
},
|
|
259
|
+
],
|
|
184
260
|
}
|
|
185
261
|
|
|
186
262
|
|
|
@@ -208,7 +284,9 @@ class NucleiPlugin(PluginBase):
|
|
|
208
284
|
return True
|
|
209
285
|
return False
|
|
210
286
|
|
|
211
|
-
def _normalize_target(
|
|
287
|
+
def _normalize_target(
|
|
288
|
+
self, target: str, args: List[str] = None, log_path: str = None
|
|
289
|
+
) -> str:
|
|
212
290
|
"""
|
|
213
291
|
Normalize target for Nuclei scanning.
|
|
214
292
|
|
|
@@ -221,31 +299,35 @@ class NucleiPlugin(PluginBase):
|
|
|
221
299
|
import re
|
|
222
300
|
|
|
223
301
|
# Already a URL - validate and return
|
|
224
|
-
if target.startswith((
|
|
302
|
+
if target.startswith(("http://", "https://")):
|
|
225
303
|
try:
|
|
226
304
|
return validate_url(target)
|
|
227
305
|
except ValidationError as e:
|
|
228
306
|
if log_path:
|
|
229
|
-
with open(log_path,
|
|
307
|
+
with open(log_path, "w") as f:
|
|
230
308
|
f.write(f"ERROR: Invalid URL: {e}\n")
|
|
231
309
|
return None
|
|
232
310
|
|
|
233
311
|
# Bare IP or domain - prepend http:// for web scanning
|
|
234
312
|
# This is needed because Nuclei web templates require a URL
|
|
235
|
-
ip_pattern = r
|
|
236
|
-
domain_pattern = r
|
|
313
|
+
ip_pattern = r"^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(:\d+)?$"
|
|
314
|
+
domain_pattern = r"^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*$"
|
|
237
315
|
|
|
238
316
|
if re.match(ip_pattern, target) or re.match(domain_pattern, target):
|
|
239
317
|
# Log the conversion
|
|
240
318
|
if log_path:
|
|
241
|
-
with open(log_path,
|
|
242
|
-
f.write(
|
|
319
|
+
with open(log_path, "a") as f:
|
|
320
|
+
f.write(
|
|
321
|
+
f"NOTE: Converting bare target '{target}' to 'http://{target}' for web scanning\n"
|
|
322
|
+
)
|
|
243
323
|
return f"http://{target}"
|
|
244
324
|
|
|
245
325
|
# Unknown format - return as-is
|
|
246
326
|
return target
|
|
247
327
|
|
|
248
|
-
def build_command(
|
|
328
|
+
def build_command(
|
|
329
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
330
|
+
):
|
|
249
331
|
"""Build nuclei command for background execution with PID tracking."""
|
|
250
332
|
args = args or []
|
|
251
333
|
|
|
@@ -260,8 +342,10 @@ class NucleiPlugin(PluginBase):
|
|
|
260
342
|
# Check if templates exist - if not, add -update-templates flag
|
|
261
343
|
if not self._check_templates_exist():
|
|
262
344
|
if log_path:
|
|
263
|
-
with open(log_path,
|
|
264
|
-
f.write(
|
|
345
|
+
with open(log_path, "a") as f:
|
|
346
|
+
f.write(
|
|
347
|
+
"NOTE: Nuclei templates not found. Will attempt to download...\n\n"
|
|
348
|
+
)
|
|
265
349
|
cmd.append("-update-templates")
|
|
266
350
|
|
|
267
351
|
if "-json" not in args and "-jsonl" not in args:
|
|
@@ -278,12 +362,11 @@ class NucleiPlugin(PluginBase):
|
|
|
278
362
|
if "-timeout" not in args:
|
|
279
363
|
cmd.extend(["-timeout", "10"])
|
|
280
364
|
|
|
281
|
-
return {
|
|
282
|
-
'cmd': cmd,
|
|
283
|
-
'timeout': 3600 # 1 hour
|
|
284
|
-
}
|
|
365
|
+
return {"cmd": cmd, "timeout": 3600} # 1 hour
|
|
285
366
|
|
|
286
|
-
def run(
|
|
367
|
+
def run(
|
|
368
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
369
|
+
) -> int:
|
|
287
370
|
"""Execute nuclei scan and write JSON output to log_path."""
|
|
288
371
|
args = args or []
|
|
289
372
|
|
|
@@ -301,8 +384,10 @@ class NucleiPlugin(PluginBase):
|
|
|
301
384
|
# Check if templates exist - if not, add -update-templates flag
|
|
302
385
|
if not self._check_templates_exist():
|
|
303
386
|
if log_path:
|
|
304
|
-
with open(log_path,
|
|
305
|
-
f.write(
|
|
387
|
+
with open(log_path, "a") as f:
|
|
388
|
+
f.write(
|
|
389
|
+
"NOTE: Nuclei templates not found. Will attempt to download...\n\n"
|
|
390
|
+
)
|
|
306
391
|
cmd.append("-update-templates")
|
|
307
392
|
|
|
308
393
|
# Force JSON output for parsing
|
|
@@ -325,7 +410,9 @@ class NucleiPlugin(PluginBase):
|
|
|
325
410
|
|
|
326
411
|
if not log_path:
|
|
327
412
|
try:
|
|
328
|
-
proc = subprocess.run(
|
|
413
|
+
proc = subprocess.run(
|
|
414
|
+
cmd, capture_output=True, timeout=3600, check=False
|
|
415
|
+
)
|
|
329
416
|
return proc.returncode
|
|
330
417
|
except Exception:
|
|
331
418
|
return 1
|
|
@@ -335,7 +422,9 @@ class NucleiPlugin(PluginBase):
|
|
|
335
422
|
with open(log_path, "w", encoding="utf-8", errors="replace") as fh:
|
|
336
423
|
fh.write(f"# Nuclei Scan\n")
|
|
337
424
|
fh.write(f"# Command: {' '.join(cmd)}\n")
|
|
338
|
-
fh.write(
|
|
425
|
+
fh.write(
|
|
426
|
+
f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
|
|
427
|
+
)
|
|
339
428
|
fh.write(f"# Target: {target}\n\n")
|
|
340
429
|
|
|
341
430
|
# Run nuclei (it will append JSONL to the file)
|
|
@@ -345,12 +434,14 @@ class NucleiPlugin(PluginBase):
|
|
|
345
434
|
stderr=subprocess.STDOUT,
|
|
346
435
|
timeout=3600, # 1 hour timeout
|
|
347
436
|
check=False,
|
|
348
|
-
text=True
|
|
437
|
+
text=True,
|
|
349
438
|
)
|
|
350
439
|
|
|
351
440
|
# Append completion metadata
|
|
352
441
|
with open(log_path, "a", encoding="utf-8", errors="replace") as fh:
|
|
353
|
-
fh.write(
|
|
442
|
+
fh.write(
|
|
443
|
+
f"\n\n# Completed: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
|
|
444
|
+
)
|
|
354
445
|
fh.write(f"# Exit Code: {proc.returncode}\n")
|
|
355
446
|
|
|
356
447
|
# Also capture stderr for errors
|