souleyez 2.43.29__py3-none-any.whl → 2.43.34__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of souleyez might be problematic. Click here for more details.
- souleyez/__init__.py +1 -2
- souleyez/ai/__init__.py +21 -15
- souleyez/ai/action_mapper.py +249 -150
- souleyez/ai/chain_advisor.py +116 -100
- souleyez/ai/claude_provider.py +29 -28
- souleyez/ai/context_builder.py +80 -62
- souleyez/ai/executor.py +158 -117
- souleyez/ai/feedback_handler.py +136 -121
- souleyez/ai/llm_factory.py +27 -20
- souleyez/ai/llm_provider.py +4 -2
- souleyez/ai/ollama_provider.py +6 -9
- souleyez/ai/ollama_service.py +44 -37
- souleyez/ai/path_scorer.py +91 -76
- souleyez/ai/recommender.py +176 -144
- souleyez/ai/report_context.py +74 -73
- souleyez/ai/report_service.py +84 -66
- souleyez/ai/result_parser.py +222 -229
- souleyez/ai/safety.py +67 -44
- souleyez/auth/__init__.py +23 -22
- souleyez/auth/audit.py +36 -26
- souleyez/auth/engagement_access.py +65 -48
- souleyez/auth/permissions.py +14 -3
- souleyez/auth/session_manager.py +54 -37
- souleyez/auth/user_manager.py +109 -64
- souleyez/commands/audit.py +40 -43
- souleyez/commands/auth.py +35 -15
- souleyez/commands/deliverables.py +55 -50
- souleyez/commands/engagement.py +47 -28
- souleyez/commands/license.py +32 -23
- souleyez/commands/screenshots.py +36 -32
- souleyez/commands/user.py +82 -36
- souleyez/config.py +52 -44
- souleyez/core/credential_tester.py +87 -81
- souleyez/core/cve_mappings.py +179 -192
- souleyez/core/cve_matcher.py +162 -148
- souleyez/core/msf_auto_mapper.py +100 -83
- souleyez/core/msf_chain_engine.py +294 -256
- souleyez/core/msf_database.py +153 -70
- souleyez/core/msf_integration.py +679 -673
- souleyez/core/msf_rpc_client.py +40 -42
- souleyez/core/msf_rpc_manager.py +77 -79
- souleyez/core/msf_sync_manager.py +241 -181
- souleyez/core/network_utils.py +22 -15
- souleyez/core/parser_handler.py +34 -25
- souleyez/core/pending_chains.py +114 -63
- souleyez/core/templates.py +158 -107
- souleyez/core/tool_chaining.py +9526 -2879
- souleyez/core/version_utils.py +79 -94
- souleyez/core/vuln_correlation.py +136 -89
- souleyez/core/web_utils.py +33 -32
- souleyez/data/wordlists/ad_users.txt +378 -0
- souleyez/data/wordlists/api_endpoints_large.txt +769 -0
- souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
- souleyez/data/wordlists/lfi_payloads.txt +82 -0
- souleyez/data/wordlists/passwords_brute.txt +1548 -0
- souleyez/data/wordlists/passwords_crack.txt +2479 -0
- souleyez/data/wordlists/passwords_spray.txt +386 -0
- souleyez/data/wordlists/subdomains_large.txt +5057 -0
- souleyez/data/wordlists/usernames_common.txt +694 -0
- souleyez/data/wordlists/web_dirs_large.txt +4769 -0
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +12 -17
- souleyez/detection/mitre_mappings.py +61 -55
- souleyez/detection/validator.py +97 -86
- souleyez/devtools.py +23 -10
- souleyez/docs/README.md +4 -4
- souleyez/docs/api-reference/cli-commands.md +2 -2
- souleyez/docs/developer-guide/adding-new-tools.md +562 -0
- souleyez/docs/user-guide/auto-chaining.md +30 -8
- souleyez/docs/user-guide/getting-started.md +1 -1
- souleyez/docs/user-guide/installation.md +26 -3
- souleyez/docs/user-guide/metasploit-integration.md +2 -2
- souleyez/docs/user-guide/rbac.md +1 -1
- souleyez/docs/user-guide/scope-management.md +1 -1
- souleyez/docs/user-guide/siem-integration.md +1 -1
- souleyez/docs/user-guide/tools-reference.md +1 -8
- souleyez/docs/user-guide/worker-management.md +1 -1
- souleyez/engine/background.py +1239 -535
- souleyez/engine/base.py +4 -1
- souleyez/engine/job_status.py +17 -49
- souleyez/engine/log_sanitizer.py +103 -77
- souleyez/engine/manager.py +38 -7
- souleyez/engine/result_handler.py +2200 -1550
- souleyez/engine/worker_manager.py +50 -41
- souleyez/export/evidence_bundle.py +72 -62
- souleyez/feature_flags/features.py +16 -20
- souleyez/feature_flags.py +5 -9
- souleyez/handlers/__init__.py +11 -0
- souleyez/handlers/base.py +188 -0
- souleyez/handlers/bash_handler.py +277 -0
- souleyez/handlers/bloodhound_handler.py +243 -0
- souleyez/handlers/certipy_handler.py +311 -0
- souleyez/handlers/crackmapexec_handler.py +486 -0
- souleyez/handlers/dnsrecon_handler.py +344 -0
- souleyez/handlers/enum4linux_handler.py +400 -0
- souleyez/handlers/evil_winrm_handler.py +493 -0
- souleyez/handlers/ffuf_handler.py +815 -0
- souleyez/handlers/gobuster_handler.py +1114 -0
- souleyez/handlers/gpp_extract_handler.py +334 -0
- souleyez/handlers/hashcat_handler.py +444 -0
- souleyez/handlers/hydra_handler.py +563 -0
- souleyez/handlers/impacket_getuserspns_handler.py +343 -0
- souleyez/handlers/impacket_psexec_handler.py +222 -0
- souleyez/handlers/impacket_secretsdump_handler.py +426 -0
- souleyez/handlers/john_handler.py +286 -0
- souleyez/handlers/katana_handler.py +425 -0
- souleyez/handlers/kerbrute_handler.py +298 -0
- souleyez/handlers/ldapsearch_handler.py +636 -0
- souleyez/handlers/lfi_extract_handler.py +464 -0
- souleyez/handlers/msf_auxiliary_handler.py +408 -0
- souleyez/handlers/msf_exploit_handler.py +380 -0
- souleyez/handlers/nikto_handler.py +413 -0
- souleyez/handlers/nmap_handler.py +821 -0
- souleyez/handlers/nuclei_handler.py +359 -0
- souleyez/handlers/nxc_handler.py +371 -0
- souleyez/handlers/rdp_sec_check_handler.py +353 -0
- souleyez/handlers/registry.py +292 -0
- souleyez/handlers/responder_handler.py +232 -0
- souleyez/handlers/service_explorer_handler.py +434 -0
- souleyez/handlers/smbclient_handler.py +344 -0
- souleyez/handlers/smbmap_handler.py +510 -0
- souleyez/handlers/smbpasswd_handler.py +296 -0
- souleyez/handlers/sqlmap_handler.py +1116 -0
- souleyez/handlers/theharvester_handler.py +601 -0
- souleyez/handlers/web_login_test_handler.py +327 -0
- souleyez/handlers/whois_handler.py +277 -0
- souleyez/handlers/wpscan_handler.py +554 -0
- souleyez/history.py +32 -16
- souleyez/importers/msf_importer.py +106 -75
- souleyez/importers/smart_importer.py +208 -147
- souleyez/integrations/siem/__init__.py +10 -10
- souleyez/integrations/siem/base.py +17 -18
- souleyez/integrations/siem/elastic.py +108 -122
- souleyez/integrations/siem/factory.py +207 -80
- souleyez/integrations/siem/googlesecops.py +146 -154
- souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
- souleyez/integrations/siem/sentinel.py +107 -109
- souleyez/integrations/siem/splunk.py +246 -212
- souleyez/integrations/siem/wazuh.py +65 -71
- souleyez/integrations/wazuh/__init__.py +5 -5
- souleyez/integrations/wazuh/client.py +70 -93
- souleyez/integrations/wazuh/config.py +85 -57
- souleyez/integrations/wazuh/host_mapper.py +28 -36
- souleyez/integrations/wazuh/sync.py +78 -68
- souleyez/intelligence/__init__.py +4 -5
- souleyez/intelligence/correlation_analyzer.py +309 -295
- souleyez/intelligence/exploit_knowledge.py +661 -623
- souleyez/intelligence/exploit_suggestions.py +159 -139
- souleyez/intelligence/gap_analyzer.py +132 -97
- souleyez/intelligence/gap_detector.py +251 -214
- souleyez/intelligence/sensitive_tables.py +266 -129
- souleyez/intelligence/service_parser.py +137 -123
- souleyez/intelligence/surface_analyzer.py +407 -268
- souleyez/intelligence/target_parser.py +159 -162
- souleyez/licensing/__init__.py +6 -6
- souleyez/licensing/validator.py +17 -19
- souleyez/log_config.py +79 -54
- souleyez/main.py +1505 -687
- souleyez/migrations/fix_job_counter.py +16 -14
- souleyez/parsers/bloodhound_parser.py +41 -39
- souleyez/parsers/crackmapexec_parser.py +178 -111
- souleyez/parsers/dalfox_parser.py +72 -77
- souleyez/parsers/dnsrecon_parser.py +103 -91
- souleyez/parsers/enum4linux_parser.py +183 -153
- souleyez/parsers/ffuf_parser.py +29 -25
- souleyez/parsers/gobuster_parser.py +301 -41
- souleyez/parsers/hashcat_parser.py +324 -79
- souleyez/parsers/http_fingerprint_parser.py +350 -103
- souleyez/parsers/hydra_parser.py +131 -111
- souleyez/parsers/impacket_parser.py +231 -178
- souleyez/parsers/john_parser.py +98 -86
- souleyez/parsers/katana_parser.py +316 -0
- souleyez/parsers/msf_parser.py +943 -498
- souleyez/parsers/nikto_parser.py +346 -65
- souleyez/parsers/nmap_parser.py +262 -174
- souleyez/parsers/nuclei_parser.py +40 -44
- souleyez/parsers/responder_parser.py +26 -26
- souleyez/parsers/searchsploit_parser.py +74 -74
- souleyez/parsers/service_explorer_parser.py +279 -0
- souleyez/parsers/smbmap_parser.py +180 -124
- souleyez/parsers/sqlmap_parser.py +434 -308
- souleyez/parsers/theharvester_parser.py +75 -57
- souleyez/parsers/whois_parser.py +135 -94
- souleyez/parsers/wpscan_parser.py +278 -190
- souleyez/plugins/afp.py +44 -36
- souleyez/plugins/afp_brute.py +114 -46
- souleyez/plugins/ard.py +48 -37
- souleyez/plugins/bloodhound.py +95 -61
- souleyez/plugins/certipy.py +303 -0
- souleyez/plugins/crackmapexec.py +186 -85
- souleyez/plugins/dalfox.py +120 -59
- souleyez/plugins/dns_hijack.py +146 -41
- souleyez/plugins/dnsrecon.py +97 -61
- souleyez/plugins/enum4linux.py +91 -66
- souleyez/plugins/evil_winrm.py +291 -0
- souleyez/plugins/ffuf.py +166 -90
- souleyez/plugins/firmware_extract.py +133 -29
- souleyez/plugins/gobuster.py +387 -190
- souleyez/plugins/gpp_extract.py +393 -0
- souleyez/plugins/hashcat.py +100 -73
- souleyez/plugins/http_fingerprint.py +854 -267
- souleyez/plugins/hydra.py +566 -200
- souleyez/plugins/impacket_getnpusers.py +117 -69
- souleyez/plugins/impacket_psexec.py +84 -64
- souleyez/plugins/impacket_secretsdump.py +103 -69
- souleyez/plugins/impacket_smbclient.py +89 -75
- souleyez/plugins/john.py +86 -69
- souleyez/plugins/katana.py +313 -0
- souleyez/plugins/kerbrute.py +237 -0
- souleyez/plugins/lfi_extract.py +541 -0
- souleyez/plugins/macos_ssh.py +117 -48
- souleyez/plugins/mdns.py +35 -30
- souleyez/plugins/msf_auxiliary.py +253 -130
- souleyez/plugins/msf_exploit.py +239 -161
- souleyez/plugins/nikto.py +134 -78
- souleyez/plugins/nmap.py +275 -91
- souleyez/plugins/nuclei.py +180 -89
- souleyez/plugins/nxc.py +285 -0
- souleyez/plugins/plugin_base.py +35 -36
- souleyez/plugins/plugin_template.py +13 -5
- souleyez/plugins/rdp_sec_check.py +130 -0
- souleyez/plugins/responder.py +112 -71
- souleyez/plugins/router_http_brute.py +76 -65
- souleyez/plugins/router_ssh_brute.py +118 -41
- souleyez/plugins/router_telnet_brute.py +124 -42
- souleyez/plugins/routersploit.py +91 -59
- souleyez/plugins/routersploit_exploit.py +77 -55
- souleyez/plugins/searchsploit.py +91 -77
- souleyez/plugins/service_explorer.py +1160 -0
- souleyez/plugins/smbmap.py +122 -72
- souleyez/plugins/smbpasswd.py +215 -0
- souleyez/plugins/sqlmap.py +301 -113
- souleyez/plugins/theharvester.py +127 -75
- souleyez/plugins/tr069.py +79 -57
- souleyez/plugins/upnp.py +65 -47
- souleyez/plugins/upnp_abuse.py +73 -55
- souleyez/plugins/vnc_access.py +129 -42
- souleyez/plugins/vnc_brute.py +109 -38
- souleyez/plugins/web_login_test.py +417 -0
- souleyez/plugins/whois.py +77 -58
- souleyez/plugins/wpscan.py +173 -69
- souleyez/reporting/__init__.py +2 -1
- souleyez/reporting/attack_chain.py +411 -346
- souleyez/reporting/charts.py +436 -501
- souleyez/reporting/compliance_mappings.py +334 -201
- souleyez/reporting/detection_report.py +126 -125
- souleyez/reporting/formatters.py +828 -591
- souleyez/reporting/generator.py +386 -302
- souleyez/reporting/metrics.py +72 -75
- souleyez/scanner.py +35 -29
- souleyez/security/__init__.py +37 -11
- souleyez/security/scope_validator.py +175 -106
- souleyez/security/validation.py +223 -149
- souleyez/security.py +22 -6
- souleyez/storage/credentials.py +247 -186
- souleyez/storage/crypto.py +296 -129
- souleyez/storage/database.py +73 -50
- souleyez/storage/db.py +58 -36
- souleyez/storage/deliverable_evidence.py +177 -128
- souleyez/storage/deliverable_exporter.py +282 -246
- souleyez/storage/deliverable_templates.py +134 -116
- souleyez/storage/deliverables.py +135 -130
- souleyez/storage/engagements.py +109 -56
- souleyez/storage/evidence.py +181 -152
- souleyez/storage/execution_log.py +31 -17
- souleyez/storage/exploit_attempts.py +93 -57
- souleyez/storage/exploits.py +67 -36
- souleyez/storage/findings.py +48 -61
- souleyez/storage/hosts.py +176 -144
- souleyez/storage/migrate_to_engagements.py +43 -19
- souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
- souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
- souleyez/storage/migrations/_003_add_execution_log.py +14 -8
- souleyez/storage/migrations/_005_screenshots.py +13 -5
- souleyez/storage/migrations/_006_deliverables.py +13 -5
- souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
- souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
- souleyez/storage/migrations/_010_evidence_linking.py +17 -10
- souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
- souleyez/storage/migrations/_012_team_collaboration.py +34 -21
- souleyez/storage/migrations/_013_add_host_tags.py +12 -6
- souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
- souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
- souleyez/storage/migrations/_016_add_domain_field.py +10 -4
- souleyez/storage/migrations/_017_msf_sessions.py +16 -8
- souleyez/storage/migrations/_018_add_osint_target.py +10 -6
- souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
- souleyez/storage/migrations/_020_add_rbac.py +36 -15
- souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
- souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
- souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
- souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
- souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
- souleyez/storage/migrations/__init__.py +26 -26
- souleyez/storage/migrations/migration_manager.py +19 -19
- souleyez/storage/msf_sessions.py +100 -65
- souleyez/storage/osint.py +17 -24
- souleyez/storage/recommendation_engine.py +269 -235
- souleyez/storage/screenshots.py +33 -32
- souleyez/storage/smb_shares.py +136 -92
- souleyez/storage/sqlmap_data.py +183 -128
- souleyez/storage/team_collaboration.py +135 -141
- souleyez/storage/timeline_tracker.py +122 -94
- souleyez/storage/wazuh_vulns.py +64 -66
- souleyez/storage/web_paths.py +33 -37
- souleyez/testing/credential_tester.py +221 -205
- souleyez/ui/__init__.py +1 -1
- souleyez/ui/ai_quotes.py +12 -12
- souleyez/ui/attack_surface.py +2439 -1516
- souleyez/ui/chain_rules_view.py +914 -382
- souleyez/ui/correlation_view.py +312 -230
- souleyez/ui/dashboard.py +2382 -1130
- souleyez/ui/deliverables_view.py +148 -62
- souleyez/ui/design_system.py +13 -13
- souleyez/ui/errors.py +49 -49
- souleyez/ui/evidence_linking_view.py +284 -179
- souleyez/ui/evidence_vault.py +393 -285
- souleyez/ui/exploit_suggestions_view.py +555 -349
- souleyez/ui/export_view.py +100 -66
- souleyez/ui/gap_analysis_view.py +315 -171
- souleyez/ui/help_system.py +105 -97
- souleyez/ui/intelligence_view.py +436 -293
- souleyez/ui/interactive.py +22827 -10678
- souleyez/ui/interactive_selector.py +75 -68
- souleyez/ui/log_formatter.py +47 -39
- souleyez/ui/menu_components.py +22 -13
- souleyez/ui/msf_auxiliary_menu.py +184 -133
- souleyez/ui/pending_chains_view.py +336 -172
- souleyez/ui/progress_indicators.py +5 -3
- souleyez/ui/recommendations_view.py +195 -137
- souleyez/ui/rule_builder.py +343 -225
- souleyez/ui/setup_wizard.py +678 -284
- souleyez/ui/shortcuts.py +217 -165
- souleyez/ui/splunk_gap_analysis_view.py +452 -270
- souleyez/ui/splunk_vulns_view.py +139 -86
- souleyez/ui/team_dashboard.py +498 -335
- souleyez/ui/template_selector.py +196 -105
- souleyez/ui/terminal.py +6 -6
- souleyez/ui/timeline_view.py +198 -127
- souleyez/ui/tool_setup.py +264 -164
- souleyez/ui/tutorial.py +202 -72
- souleyez/ui/tutorial_state.py +40 -40
- souleyez/ui/wazuh_vulns_view.py +235 -141
- souleyez/ui/wordlist_browser.py +260 -107
- souleyez/ui.py +464 -312
- souleyez/utils/tool_checker.py +427 -367
- souleyez/utils.py +33 -29
- souleyez/wordlists.py +134 -167
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/METADATA +1 -1
- souleyez-2.43.34.dist-info/RECORD +443 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/WHEEL +1 -1
- souleyez-2.43.29.dist-info/RECORD +0 -379
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/top_level.txt +0 -0
|
@@ -30,14 +30,95 @@ HELP = {
|
|
|
30
30
|
"usage": "souleyez jobs enqueue router_ssh_brute <target>",
|
|
31
31
|
"examples": [
|
|
32
32
|
"souleyez jobs enqueue router_ssh_brute 192.168.1.1",
|
|
33
|
-
|
|
33
|
+
'souleyez jobs enqueue router_ssh_brute 192.168.1.1 --args "--port 2222"',
|
|
34
34
|
],
|
|
35
35
|
"flags": [
|
|
36
36
|
["--port PORT", "SSH port (default: 22)"],
|
|
37
37
|
],
|
|
38
38
|
"presets": [
|
|
39
39
|
{"name": "Standard SSH", "args": [], "desc": "Port 22 with router credentials"},
|
|
40
|
-
{
|
|
40
|
+
{
|
|
41
|
+
"name": "Alternate Port",
|
|
42
|
+
"args": ["--port", "2222"],
|
|
43
|
+
"desc": "Non-standard SSH port",
|
|
44
|
+
},
|
|
45
|
+
],
|
|
46
|
+
"help_sections": [
|
|
47
|
+
{
|
|
48
|
+
"title": "What is Router SSH Brute Force?",
|
|
49
|
+
"color": "cyan",
|
|
50
|
+
"content": [
|
|
51
|
+
(
|
|
52
|
+
"Overview",
|
|
53
|
+
[
|
|
54
|
+
"Brute forces SSH login on routers and network devices",
|
|
55
|
+
"Uses Hydra with router-specific credential lists",
|
|
56
|
+
"Targets management interface for full device control",
|
|
57
|
+
],
|
|
58
|
+
),
|
|
59
|
+
(
|
|
60
|
+
"Common Targets",
|
|
61
|
+
[
|
|
62
|
+
"MikroTik, Ubiquiti, Cisco, Juniper devices",
|
|
63
|
+
"Consumer routers with SSH (Asus, Netgear with custom FW)",
|
|
64
|
+
"DD-WRT, OpenWRT, Tomato firmware",
|
|
65
|
+
"Managed switches with SSH enabled",
|
|
66
|
+
],
|
|
67
|
+
),
|
|
68
|
+
],
|
|
69
|
+
},
|
|
70
|
+
{
|
|
71
|
+
"title": "Usage & Examples",
|
|
72
|
+
"color": "green",
|
|
73
|
+
"content": [
|
|
74
|
+
(
|
|
75
|
+
"Basic Usage",
|
|
76
|
+
[
|
|
77
|
+
"souleyez jobs enqueue router_ssh_brute 192.168.1.1",
|
|
78
|
+
" → Tests default router credentials on port 22",
|
|
79
|
+
],
|
|
80
|
+
),
|
|
81
|
+
(
|
|
82
|
+
"Alternate Port",
|
|
83
|
+
[
|
|
84
|
+
'souleyez jobs enqueue router_ssh_brute 192.168.1.1 --args "--port 2222"',
|
|
85
|
+
" → Tests on custom SSH port",
|
|
86
|
+
],
|
|
87
|
+
),
|
|
88
|
+
],
|
|
89
|
+
},
|
|
90
|
+
{
|
|
91
|
+
"title": "Tips & Common Defaults",
|
|
92
|
+
"color": "yellow",
|
|
93
|
+
"content": [
|
|
94
|
+
(
|
|
95
|
+
"Common Router Credentials",
|
|
96
|
+
[
|
|
97
|
+
"admin:admin, root:root, ubnt:ubnt",
|
|
98
|
+
"admin:password, admin:1234, cisco:cisco",
|
|
99
|
+
"admin:<blank>, root:<blank>",
|
|
100
|
+
],
|
|
101
|
+
),
|
|
102
|
+
(
|
|
103
|
+
"Before Attacking",
|
|
104
|
+
[
|
|
105
|
+
"Use low threads (-t 1 or -t 2) to avoid lockouts",
|
|
106
|
+
"Many routers block after 3-5 failed attempts",
|
|
107
|
+
"Check for key-only auth first (wastes time otherwise)",
|
|
108
|
+
"Some routers use non-standard ports (2222, 22222)",
|
|
109
|
+
],
|
|
110
|
+
),
|
|
111
|
+
(
|
|
112
|
+
"After Success",
|
|
113
|
+
[
|
|
114
|
+
"Full command-line access to router",
|
|
115
|
+
"Can modify routing, DNS, firewall rules",
|
|
116
|
+
"Intercept/redirect traffic, add backdoors",
|
|
117
|
+
"Pivot to internal network segments",
|
|
118
|
+
],
|
|
119
|
+
),
|
|
120
|
+
],
|
|
121
|
+
},
|
|
41
122
|
],
|
|
42
123
|
}
|
|
43
124
|
|
|
@@ -50,18 +131,13 @@ class RouterSSHBrutePlugin(PluginBase):
|
|
|
50
131
|
|
|
51
132
|
def _get_wordlist_path(self, filename: str) -> str:
|
|
52
133
|
"""Get path to wordlist file."""
|
|
53
|
-
import
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
os.path.expanduser(f'~/.souleyez/wordlists/{filename}'),
|
|
57
|
-
f'/usr/share/seclists/Passwords/{filename}',
|
|
58
|
-
]
|
|
59
|
-
for loc in locations:
|
|
60
|
-
if os.path.exists(loc):
|
|
61
|
-
return os.path.abspath(loc)
|
|
62
|
-
return filename
|
|
134
|
+
from souleyez.wordlists import resolve_wordlist_path
|
|
135
|
+
|
|
136
|
+
return resolve_wordlist_path(f"data/wordlists/{filename}")
|
|
63
137
|
|
|
64
|
-
def build_command(
|
|
138
|
+
def build_command(
|
|
139
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
140
|
+
):
|
|
65
141
|
"""Build Hydra command for router SSH brute force."""
|
|
66
142
|
args = args or []
|
|
67
143
|
|
|
@@ -69,71 +145,72 @@ class RouterSSHBrutePlugin(PluginBase):
|
|
|
69
145
|
target = validate_target(target)
|
|
70
146
|
except ValidationError as e:
|
|
71
147
|
if log_path:
|
|
72
|
-
with open(log_path,
|
|
148
|
+
with open(log_path, "w") as f:
|
|
73
149
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
74
150
|
return None
|
|
75
151
|
|
|
76
|
-
port =
|
|
152
|
+
port = "22"
|
|
77
153
|
i = 0
|
|
78
154
|
while i < len(args):
|
|
79
|
-
if args[i] ==
|
|
155
|
+
if args[i] == "--port" and i + 1 < len(args):
|
|
80
156
|
port = args[i + 1]
|
|
81
157
|
i += 2
|
|
82
158
|
else:
|
|
83
159
|
i += 1
|
|
84
160
|
|
|
85
|
-
users = self._get_wordlist_path(
|
|
86
|
-
passwords = self._get_wordlist_path(
|
|
161
|
+
users = self._get_wordlist_path("router_users.txt")
|
|
162
|
+
passwords = self._get_wordlist_path("router_passwords.txt")
|
|
87
163
|
|
|
88
164
|
cmd = [
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
165
|
+
"hydra",
|
|
166
|
+
"-L",
|
|
167
|
+
users,
|
|
168
|
+
"-P",
|
|
169
|
+
passwords,
|
|
170
|
+
"-s",
|
|
171
|
+
port,
|
|
172
|
+
"-t",
|
|
173
|
+
"1", # Single thread for SSH
|
|
174
|
+
"-w",
|
|
175
|
+
"5", # 5 second delay
|
|
176
|
+
"-vV",
|
|
177
|
+
"-f",
|
|
97
178
|
target,
|
|
98
|
-
|
|
179
|
+
"ssh",
|
|
99
180
|
]
|
|
100
181
|
|
|
101
|
-
return {
|
|
102
|
-
'cmd': cmd,
|
|
103
|
-
'timeout': 3600
|
|
104
|
-
}
|
|
182
|
+
return {"cmd": cmd, "timeout": 3600}
|
|
105
183
|
|
|
106
|
-
def run(
|
|
184
|
+
def run(
|
|
185
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
186
|
+
) -> int:
|
|
107
187
|
"""Execute router SSH brute force."""
|
|
108
188
|
cmd_spec = self.build_command(target, args, label, log_path)
|
|
109
189
|
if cmd_spec is None:
|
|
110
190
|
return 1
|
|
111
191
|
|
|
112
|
-
cmd = cmd_spec[
|
|
192
|
+
cmd = cmd_spec["cmd"]
|
|
113
193
|
|
|
114
194
|
if log_path:
|
|
115
|
-
with open(log_path,
|
|
195
|
+
with open(log_path, "w") as f:
|
|
116
196
|
f.write(f"# Router SSH Brute Force on {target}\n")
|
|
117
197
|
f.write(f"# Command: {' '.join(cmd)}\n")
|
|
118
198
|
f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
|
|
119
199
|
|
|
120
200
|
try:
|
|
121
|
-
with open(log_path,
|
|
201
|
+
with open(log_path, "a") as f:
|
|
122
202
|
result = subprocess.run(
|
|
123
|
-
cmd,
|
|
124
|
-
stdout=f,
|
|
125
|
-
stderr=subprocess.STDOUT,
|
|
126
|
-
timeout=cmd_spec['timeout']
|
|
203
|
+
cmd, stdout=f, stderr=subprocess.STDOUT, timeout=cmd_spec["timeout"]
|
|
127
204
|
)
|
|
128
205
|
return result.returncode
|
|
129
206
|
except subprocess.TimeoutExpired:
|
|
130
207
|
if log_path:
|
|
131
|
-
with open(log_path,
|
|
208
|
+
with open(log_path, "a") as f:
|
|
132
209
|
f.write("\n\n# ERROR: Brute force timed out\n")
|
|
133
210
|
return 124
|
|
134
211
|
except Exception as e:
|
|
135
212
|
if log_path:
|
|
136
|
-
with open(log_path,
|
|
213
|
+
with open(log_path, "a") as f:
|
|
137
214
|
f.write(f"\n\n# ERROR: {e}\n")
|
|
138
215
|
return 1
|
|
139
216
|
|
|
@@ -32,14 +32,100 @@ HELP = {
|
|
|
32
32
|
"usage": "souleyez jobs enqueue router_telnet_brute <target>",
|
|
33
33
|
"examples": [
|
|
34
34
|
"souleyez jobs enqueue router_telnet_brute 192.168.1.1",
|
|
35
|
-
|
|
35
|
+
'souleyez jobs enqueue router_telnet_brute 192.168.1.1 --args "--port 2323"',
|
|
36
36
|
],
|
|
37
37
|
"flags": [
|
|
38
38
|
["--port PORT", "Telnet port (default: 23)"],
|
|
39
39
|
],
|
|
40
40
|
"presets": [
|
|
41
|
-
{
|
|
42
|
-
|
|
41
|
+
{
|
|
42
|
+
"name": "Standard Telnet",
|
|
43
|
+
"args": [],
|
|
44
|
+
"desc": "Port 23 with router credentials",
|
|
45
|
+
},
|
|
46
|
+
{
|
|
47
|
+
"name": "Alt Port 2323",
|
|
48
|
+
"args": ["--port", "2323"],
|
|
49
|
+
"desc": "Common alternate Telnet port",
|
|
50
|
+
},
|
|
51
|
+
],
|
|
52
|
+
"help_sections": [
|
|
53
|
+
{
|
|
54
|
+
"title": "What is Router Telnet Brute Force?",
|
|
55
|
+
"color": "cyan",
|
|
56
|
+
"content": [
|
|
57
|
+
(
|
|
58
|
+
"Overview",
|
|
59
|
+
[
|
|
60
|
+
"Brute forces Telnet login on routers and IoT devices",
|
|
61
|
+
"Telnet transmits credentials in PLAINTEXT!",
|
|
62
|
+
"Still common on older and budget network devices",
|
|
63
|
+
],
|
|
64
|
+
),
|
|
65
|
+
(
|
|
66
|
+
"Common Targets",
|
|
67
|
+
[
|
|
68
|
+
"Older consumer routers (Linksys, Netgear, D-Link)",
|
|
69
|
+
"ISP-provided modems and gateways",
|
|
70
|
+
"IP cameras and NVR systems",
|
|
71
|
+
"Industrial/SCADA equipment",
|
|
72
|
+
"IoT devices (smart home, printers)",
|
|
73
|
+
],
|
|
74
|
+
),
|
|
75
|
+
],
|
|
76
|
+
},
|
|
77
|
+
{
|
|
78
|
+
"title": "Usage & Examples",
|
|
79
|
+
"color": "green",
|
|
80
|
+
"content": [
|
|
81
|
+
(
|
|
82
|
+
"Basic Usage",
|
|
83
|
+
[
|
|
84
|
+
"souleyez jobs enqueue router_telnet_brute 192.168.1.1",
|
|
85
|
+
" → Tests default router credentials on port 23",
|
|
86
|
+
],
|
|
87
|
+
),
|
|
88
|
+
(
|
|
89
|
+
"Alternate Port",
|
|
90
|
+
[
|
|
91
|
+
'souleyez jobs enqueue router_telnet_brute 192.168.1.1 --args "--port 2323"',
|
|
92
|
+
" → Tests on alternate Telnet port (common for IoT)",
|
|
93
|
+
],
|
|
94
|
+
),
|
|
95
|
+
],
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
"title": "Tips & Security Notes",
|
|
99
|
+
"color": "yellow",
|
|
100
|
+
"content": [
|
|
101
|
+
(
|
|
102
|
+
"Telnet Security Issues",
|
|
103
|
+
[
|
|
104
|
+
"PLAINTEXT protocol - can sniff credentials on network",
|
|
105
|
+
"Consider MITM attack instead of brute force",
|
|
106
|
+
"Many devices have hardcoded backdoor accounts",
|
|
107
|
+
"Mirai botnet exploited default Telnet credentials",
|
|
108
|
+
],
|
|
109
|
+
),
|
|
110
|
+
(
|
|
111
|
+
"Common Telnet Defaults",
|
|
112
|
+
[
|
|
113
|
+
"admin:admin, root:root, admin:password",
|
|
114
|
+
"admin:<blank>, root:<blank>",
|
|
115
|
+
"user:user, support:support",
|
|
116
|
+
"Device-specific defaults (check online)",
|
|
117
|
+
],
|
|
118
|
+
),
|
|
119
|
+
(
|
|
120
|
+
"After Success",
|
|
121
|
+
[
|
|
122
|
+
"Full command-line access to device",
|
|
123
|
+
"Often same access level as SSH",
|
|
124
|
+
"Can modify configs, add users, pivot",
|
|
125
|
+
],
|
|
126
|
+
),
|
|
127
|
+
],
|
|
128
|
+
},
|
|
43
129
|
],
|
|
44
130
|
}
|
|
45
131
|
|
|
@@ -52,18 +138,13 @@ class RouterTelnetBrutePlugin(PluginBase):
|
|
|
52
138
|
|
|
53
139
|
def _get_wordlist_path(self, filename: str) -> str:
|
|
54
140
|
"""Get path to wordlist file."""
|
|
55
|
-
import
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
os.path.expanduser(f'~/.souleyez/wordlists/{filename}'),
|
|
59
|
-
f'/usr/share/seclists/Passwords/{filename}',
|
|
60
|
-
]
|
|
61
|
-
for loc in locations:
|
|
62
|
-
if os.path.exists(loc):
|
|
63
|
-
return os.path.abspath(loc)
|
|
64
|
-
return filename
|
|
141
|
+
from souleyez.wordlists import resolve_wordlist_path
|
|
142
|
+
|
|
143
|
+
return resolve_wordlist_path(f"data/wordlists/{filename}")
|
|
65
144
|
|
|
66
|
-
def build_command(
|
|
145
|
+
def build_command(
|
|
146
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
147
|
+
):
|
|
67
148
|
"""Build Hydra command for router Telnet brute force."""
|
|
68
149
|
args = args or []
|
|
69
150
|
|
|
@@ -71,71 +152,72 @@ class RouterTelnetBrutePlugin(PluginBase):
|
|
|
71
152
|
target = validate_target(target)
|
|
72
153
|
except ValidationError as e:
|
|
73
154
|
if log_path:
|
|
74
|
-
with open(log_path,
|
|
155
|
+
with open(log_path, "w") as f:
|
|
75
156
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
76
157
|
return None
|
|
77
158
|
|
|
78
|
-
port =
|
|
159
|
+
port = "23"
|
|
79
160
|
i = 0
|
|
80
161
|
while i < len(args):
|
|
81
|
-
if args[i] ==
|
|
162
|
+
if args[i] == "--port" and i + 1 < len(args):
|
|
82
163
|
port = args[i + 1]
|
|
83
164
|
i += 2
|
|
84
165
|
else:
|
|
85
166
|
i += 1
|
|
86
167
|
|
|
87
|
-
users = self._get_wordlist_path(
|
|
88
|
-
passwords = self._get_wordlist_path(
|
|
168
|
+
users = self._get_wordlist_path("router_users.txt")
|
|
169
|
+
passwords = self._get_wordlist_path("router_passwords.txt")
|
|
89
170
|
|
|
90
171
|
cmd = [
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
172
|
+
"hydra",
|
|
173
|
+
"-L",
|
|
174
|
+
users,
|
|
175
|
+
"-P",
|
|
176
|
+
passwords,
|
|
177
|
+
"-s",
|
|
178
|
+
port,
|
|
179
|
+
"-t",
|
|
180
|
+
"2",
|
|
181
|
+
"-w",
|
|
182
|
+
"3",
|
|
183
|
+
"-vV",
|
|
184
|
+
"-f",
|
|
99
185
|
target,
|
|
100
|
-
|
|
186
|
+
"telnet",
|
|
101
187
|
]
|
|
102
188
|
|
|
103
|
-
return {
|
|
104
|
-
'cmd': cmd,
|
|
105
|
-
'timeout': 1800
|
|
106
|
-
}
|
|
189
|
+
return {"cmd": cmd, "timeout": 1800}
|
|
107
190
|
|
|
108
|
-
def run(
|
|
191
|
+
def run(
|
|
192
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
193
|
+
) -> int:
|
|
109
194
|
"""Execute router Telnet brute force."""
|
|
110
195
|
cmd_spec = self.build_command(target, args, label, log_path)
|
|
111
196
|
if cmd_spec is None:
|
|
112
197
|
return 1
|
|
113
198
|
|
|
114
|
-
cmd = cmd_spec[
|
|
199
|
+
cmd = cmd_spec["cmd"]
|
|
115
200
|
|
|
116
201
|
if log_path:
|
|
117
|
-
with open(log_path,
|
|
202
|
+
with open(log_path, "w") as f:
|
|
118
203
|
f.write(f"# Router Telnet Brute Force on {target}\n")
|
|
119
204
|
f.write(f"# Command: {' '.join(cmd)}\n")
|
|
120
205
|
f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
|
|
121
206
|
|
|
122
207
|
try:
|
|
123
|
-
with open(log_path,
|
|
208
|
+
with open(log_path, "a") as f:
|
|
124
209
|
result = subprocess.run(
|
|
125
|
-
cmd,
|
|
126
|
-
stdout=f,
|
|
127
|
-
stderr=subprocess.STDOUT,
|
|
128
|
-
timeout=cmd_spec['timeout']
|
|
210
|
+
cmd, stdout=f, stderr=subprocess.STDOUT, timeout=cmd_spec["timeout"]
|
|
129
211
|
)
|
|
130
212
|
return result.returncode
|
|
131
213
|
except subprocess.TimeoutExpired:
|
|
132
214
|
if log_path:
|
|
133
|
-
with open(log_path,
|
|
215
|
+
with open(log_path, "a") as f:
|
|
134
216
|
f.write("\n\n# ERROR: Brute force timed out\n")
|
|
135
217
|
return 124
|
|
136
218
|
except Exception as e:
|
|
137
219
|
if log_path:
|
|
138
|
-
with open(log_path,
|
|
220
|
+
with open(log_path, "a") as f:
|
|
139
221
|
f.write(f"\n\n# ERROR: {e}\n")
|
|
140
222
|
return 1
|
|
141
223
|
|