souleyez 2.43.29__py3-none-any.whl → 2.43.34__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -2
- souleyez/ai/__init__.py +21 -15
- souleyez/ai/action_mapper.py +249 -150
- souleyez/ai/chain_advisor.py +116 -100
- souleyez/ai/claude_provider.py +29 -28
- souleyez/ai/context_builder.py +80 -62
- souleyez/ai/executor.py +158 -117
- souleyez/ai/feedback_handler.py +136 -121
- souleyez/ai/llm_factory.py +27 -20
- souleyez/ai/llm_provider.py +4 -2
- souleyez/ai/ollama_provider.py +6 -9
- souleyez/ai/ollama_service.py +44 -37
- souleyez/ai/path_scorer.py +91 -76
- souleyez/ai/recommender.py +176 -144
- souleyez/ai/report_context.py +74 -73
- souleyez/ai/report_service.py +84 -66
- souleyez/ai/result_parser.py +222 -229
- souleyez/ai/safety.py +67 -44
- souleyez/auth/__init__.py +23 -22
- souleyez/auth/audit.py +36 -26
- souleyez/auth/engagement_access.py +65 -48
- souleyez/auth/permissions.py +14 -3
- souleyez/auth/session_manager.py +54 -37
- souleyez/auth/user_manager.py +109 -64
- souleyez/commands/audit.py +40 -43
- souleyez/commands/auth.py +35 -15
- souleyez/commands/deliverables.py +55 -50
- souleyez/commands/engagement.py +47 -28
- souleyez/commands/license.py +32 -23
- souleyez/commands/screenshots.py +36 -32
- souleyez/commands/user.py +82 -36
- souleyez/config.py +52 -44
- souleyez/core/credential_tester.py +87 -81
- souleyez/core/cve_mappings.py +179 -192
- souleyez/core/cve_matcher.py +162 -148
- souleyez/core/msf_auto_mapper.py +100 -83
- souleyez/core/msf_chain_engine.py +294 -256
- souleyez/core/msf_database.py +153 -70
- souleyez/core/msf_integration.py +679 -673
- souleyez/core/msf_rpc_client.py +40 -42
- souleyez/core/msf_rpc_manager.py +77 -79
- souleyez/core/msf_sync_manager.py +241 -181
- souleyez/core/network_utils.py +22 -15
- souleyez/core/parser_handler.py +34 -25
- souleyez/core/pending_chains.py +114 -63
- souleyez/core/templates.py +158 -107
- souleyez/core/tool_chaining.py +9526 -2879
- souleyez/core/version_utils.py +79 -94
- souleyez/core/vuln_correlation.py +136 -89
- souleyez/core/web_utils.py +33 -32
- souleyez/data/wordlists/ad_users.txt +378 -0
- souleyez/data/wordlists/api_endpoints_large.txt +769 -0
- souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
- souleyez/data/wordlists/lfi_payloads.txt +82 -0
- souleyez/data/wordlists/passwords_brute.txt +1548 -0
- souleyez/data/wordlists/passwords_crack.txt +2479 -0
- souleyez/data/wordlists/passwords_spray.txt +386 -0
- souleyez/data/wordlists/subdomains_large.txt +5057 -0
- souleyez/data/wordlists/usernames_common.txt +694 -0
- souleyez/data/wordlists/web_dirs_large.txt +4769 -0
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +12 -17
- souleyez/detection/mitre_mappings.py +61 -55
- souleyez/detection/validator.py +97 -86
- souleyez/devtools.py +23 -10
- souleyez/docs/README.md +4 -4
- souleyez/docs/api-reference/cli-commands.md +2 -2
- souleyez/docs/developer-guide/adding-new-tools.md +562 -0
- souleyez/docs/user-guide/auto-chaining.md +30 -8
- souleyez/docs/user-guide/getting-started.md +1 -1
- souleyez/docs/user-guide/installation.md +26 -3
- souleyez/docs/user-guide/metasploit-integration.md +2 -2
- souleyez/docs/user-guide/rbac.md +1 -1
- souleyez/docs/user-guide/scope-management.md +1 -1
- souleyez/docs/user-guide/siem-integration.md +1 -1
- souleyez/docs/user-guide/tools-reference.md +1 -8
- souleyez/docs/user-guide/worker-management.md +1 -1
- souleyez/engine/background.py +1239 -535
- souleyez/engine/base.py +4 -1
- souleyez/engine/job_status.py +17 -49
- souleyez/engine/log_sanitizer.py +103 -77
- souleyez/engine/manager.py +38 -7
- souleyez/engine/result_handler.py +2200 -1550
- souleyez/engine/worker_manager.py +50 -41
- souleyez/export/evidence_bundle.py +72 -62
- souleyez/feature_flags/features.py +16 -20
- souleyez/feature_flags.py +5 -9
- souleyez/handlers/__init__.py +11 -0
- souleyez/handlers/base.py +188 -0
- souleyez/handlers/bash_handler.py +277 -0
- souleyez/handlers/bloodhound_handler.py +243 -0
- souleyez/handlers/certipy_handler.py +311 -0
- souleyez/handlers/crackmapexec_handler.py +486 -0
- souleyez/handlers/dnsrecon_handler.py +344 -0
- souleyez/handlers/enum4linux_handler.py +400 -0
- souleyez/handlers/evil_winrm_handler.py +493 -0
- souleyez/handlers/ffuf_handler.py +815 -0
- souleyez/handlers/gobuster_handler.py +1114 -0
- souleyez/handlers/gpp_extract_handler.py +334 -0
- souleyez/handlers/hashcat_handler.py +444 -0
- souleyez/handlers/hydra_handler.py +563 -0
- souleyez/handlers/impacket_getuserspns_handler.py +343 -0
- souleyez/handlers/impacket_psexec_handler.py +222 -0
- souleyez/handlers/impacket_secretsdump_handler.py +426 -0
- souleyez/handlers/john_handler.py +286 -0
- souleyez/handlers/katana_handler.py +425 -0
- souleyez/handlers/kerbrute_handler.py +298 -0
- souleyez/handlers/ldapsearch_handler.py +636 -0
- souleyez/handlers/lfi_extract_handler.py +464 -0
- souleyez/handlers/msf_auxiliary_handler.py +408 -0
- souleyez/handlers/msf_exploit_handler.py +380 -0
- souleyez/handlers/nikto_handler.py +413 -0
- souleyez/handlers/nmap_handler.py +821 -0
- souleyez/handlers/nuclei_handler.py +359 -0
- souleyez/handlers/nxc_handler.py +371 -0
- souleyez/handlers/rdp_sec_check_handler.py +353 -0
- souleyez/handlers/registry.py +292 -0
- souleyez/handlers/responder_handler.py +232 -0
- souleyez/handlers/service_explorer_handler.py +434 -0
- souleyez/handlers/smbclient_handler.py +344 -0
- souleyez/handlers/smbmap_handler.py +510 -0
- souleyez/handlers/smbpasswd_handler.py +296 -0
- souleyez/handlers/sqlmap_handler.py +1116 -0
- souleyez/handlers/theharvester_handler.py +601 -0
- souleyez/handlers/web_login_test_handler.py +327 -0
- souleyez/handlers/whois_handler.py +277 -0
- souleyez/handlers/wpscan_handler.py +554 -0
- souleyez/history.py +32 -16
- souleyez/importers/msf_importer.py +106 -75
- souleyez/importers/smart_importer.py +208 -147
- souleyez/integrations/siem/__init__.py +10 -10
- souleyez/integrations/siem/base.py +17 -18
- souleyez/integrations/siem/elastic.py +108 -122
- souleyez/integrations/siem/factory.py +207 -80
- souleyez/integrations/siem/googlesecops.py +146 -154
- souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
- souleyez/integrations/siem/sentinel.py +107 -109
- souleyez/integrations/siem/splunk.py +246 -212
- souleyez/integrations/siem/wazuh.py +65 -71
- souleyez/integrations/wazuh/__init__.py +5 -5
- souleyez/integrations/wazuh/client.py +70 -93
- souleyez/integrations/wazuh/config.py +85 -57
- souleyez/integrations/wazuh/host_mapper.py +28 -36
- souleyez/integrations/wazuh/sync.py +78 -68
- souleyez/intelligence/__init__.py +4 -5
- souleyez/intelligence/correlation_analyzer.py +309 -295
- souleyez/intelligence/exploit_knowledge.py +661 -623
- souleyez/intelligence/exploit_suggestions.py +159 -139
- souleyez/intelligence/gap_analyzer.py +132 -97
- souleyez/intelligence/gap_detector.py +251 -214
- souleyez/intelligence/sensitive_tables.py +266 -129
- souleyez/intelligence/service_parser.py +137 -123
- souleyez/intelligence/surface_analyzer.py +407 -268
- souleyez/intelligence/target_parser.py +159 -162
- souleyez/licensing/__init__.py +6 -6
- souleyez/licensing/validator.py +17 -19
- souleyez/log_config.py +79 -54
- souleyez/main.py +1505 -687
- souleyez/migrations/fix_job_counter.py +16 -14
- souleyez/parsers/bloodhound_parser.py +41 -39
- souleyez/parsers/crackmapexec_parser.py +178 -111
- souleyez/parsers/dalfox_parser.py +72 -77
- souleyez/parsers/dnsrecon_parser.py +103 -91
- souleyez/parsers/enum4linux_parser.py +183 -153
- souleyez/parsers/ffuf_parser.py +29 -25
- souleyez/parsers/gobuster_parser.py +301 -41
- souleyez/parsers/hashcat_parser.py +324 -79
- souleyez/parsers/http_fingerprint_parser.py +350 -103
- souleyez/parsers/hydra_parser.py +131 -111
- souleyez/parsers/impacket_parser.py +231 -178
- souleyez/parsers/john_parser.py +98 -86
- souleyez/parsers/katana_parser.py +316 -0
- souleyez/parsers/msf_parser.py +943 -498
- souleyez/parsers/nikto_parser.py +346 -65
- souleyez/parsers/nmap_parser.py +262 -174
- souleyez/parsers/nuclei_parser.py +40 -44
- souleyez/parsers/responder_parser.py +26 -26
- souleyez/parsers/searchsploit_parser.py +74 -74
- souleyez/parsers/service_explorer_parser.py +279 -0
- souleyez/parsers/smbmap_parser.py +180 -124
- souleyez/parsers/sqlmap_parser.py +434 -308
- souleyez/parsers/theharvester_parser.py +75 -57
- souleyez/parsers/whois_parser.py +135 -94
- souleyez/parsers/wpscan_parser.py +278 -190
- souleyez/plugins/afp.py +44 -36
- souleyez/plugins/afp_brute.py +114 -46
- souleyez/plugins/ard.py +48 -37
- souleyez/plugins/bloodhound.py +95 -61
- souleyez/plugins/certipy.py +303 -0
- souleyez/plugins/crackmapexec.py +186 -85
- souleyez/plugins/dalfox.py +120 -59
- souleyez/plugins/dns_hijack.py +146 -41
- souleyez/plugins/dnsrecon.py +97 -61
- souleyez/plugins/enum4linux.py +91 -66
- souleyez/plugins/evil_winrm.py +291 -0
- souleyez/plugins/ffuf.py +166 -90
- souleyez/plugins/firmware_extract.py +133 -29
- souleyez/plugins/gobuster.py +387 -190
- souleyez/plugins/gpp_extract.py +393 -0
- souleyez/plugins/hashcat.py +100 -73
- souleyez/plugins/http_fingerprint.py +854 -267
- souleyez/plugins/hydra.py +566 -200
- souleyez/plugins/impacket_getnpusers.py +117 -69
- souleyez/plugins/impacket_psexec.py +84 -64
- souleyez/plugins/impacket_secretsdump.py +103 -69
- souleyez/plugins/impacket_smbclient.py +89 -75
- souleyez/plugins/john.py +86 -69
- souleyez/plugins/katana.py +313 -0
- souleyez/plugins/kerbrute.py +237 -0
- souleyez/plugins/lfi_extract.py +541 -0
- souleyez/plugins/macos_ssh.py +117 -48
- souleyez/plugins/mdns.py +35 -30
- souleyez/plugins/msf_auxiliary.py +253 -130
- souleyez/plugins/msf_exploit.py +239 -161
- souleyez/plugins/nikto.py +134 -78
- souleyez/plugins/nmap.py +275 -91
- souleyez/plugins/nuclei.py +180 -89
- souleyez/plugins/nxc.py +285 -0
- souleyez/plugins/plugin_base.py +35 -36
- souleyez/plugins/plugin_template.py +13 -5
- souleyez/plugins/rdp_sec_check.py +130 -0
- souleyez/plugins/responder.py +112 -71
- souleyez/plugins/router_http_brute.py +76 -65
- souleyez/plugins/router_ssh_brute.py +118 -41
- souleyez/plugins/router_telnet_brute.py +124 -42
- souleyez/plugins/routersploit.py +91 -59
- souleyez/plugins/routersploit_exploit.py +77 -55
- souleyez/plugins/searchsploit.py +91 -77
- souleyez/plugins/service_explorer.py +1160 -0
- souleyez/plugins/smbmap.py +122 -72
- souleyez/plugins/smbpasswd.py +215 -0
- souleyez/plugins/sqlmap.py +301 -113
- souleyez/plugins/theharvester.py +127 -75
- souleyez/plugins/tr069.py +79 -57
- souleyez/plugins/upnp.py +65 -47
- souleyez/plugins/upnp_abuse.py +73 -55
- souleyez/plugins/vnc_access.py +129 -42
- souleyez/plugins/vnc_brute.py +109 -38
- souleyez/plugins/web_login_test.py +417 -0
- souleyez/plugins/whois.py +77 -58
- souleyez/plugins/wpscan.py +173 -69
- souleyez/reporting/__init__.py +2 -1
- souleyez/reporting/attack_chain.py +411 -346
- souleyez/reporting/charts.py +436 -501
- souleyez/reporting/compliance_mappings.py +334 -201
- souleyez/reporting/detection_report.py +126 -125
- souleyez/reporting/formatters.py +828 -591
- souleyez/reporting/generator.py +386 -302
- souleyez/reporting/metrics.py +72 -75
- souleyez/scanner.py +35 -29
- souleyez/security/__init__.py +37 -11
- souleyez/security/scope_validator.py +175 -106
- souleyez/security/validation.py +223 -149
- souleyez/security.py +22 -6
- souleyez/storage/credentials.py +247 -186
- souleyez/storage/crypto.py +296 -129
- souleyez/storage/database.py +73 -50
- souleyez/storage/db.py +58 -36
- souleyez/storage/deliverable_evidence.py +177 -128
- souleyez/storage/deliverable_exporter.py +282 -246
- souleyez/storage/deliverable_templates.py +134 -116
- souleyez/storage/deliverables.py +135 -130
- souleyez/storage/engagements.py +109 -56
- souleyez/storage/evidence.py +181 -152
- souleyez/storage/execution_log.py +31 -17
- souleyez/storage/exploit_attempts.py +93 -57
- souleyez/storage/exploits.py +67 -36
- souleyez/storage/findings.py +48 -61
- souleyez/storage/hosts.py +176 -144
- souleyez/storage/migrate_to_engagements.py +43 -19
- souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
- souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
- souleyez/storage/migrations/_003_add_execution_log.py +14 -8
- souleyez/storage/migrations/_005_screenshots.py +13 -5
- souleyez/storage/migrations/_006_deliverables.py +13 -5
- souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
- souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
- souleyez/storage/migrations/_010_evidence_linking.py +17 -10
- souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
- souleyez/storage/migrations/_012_team_collaboration.py +34 -21
- souleyez/storage/migrations/_013_add_host_tags.py +12 -6
- souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
- souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
- souleyez/storage/migrations/_016_add_domain_field.py +10 -4
- souleyez/storage/migrations/_017_msf_sessions.py +16 -8
- souleyez/storage/migrations/_018_add_osint_target.py +10 -6
- souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
- souleyez/storage/migrations/_020_add_rbac.py +36 -15
- souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
- souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
- souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
- souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
- souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
- souleyez/storage/migrations/__init__.py +26 -26
- souleyez/storage/migrations/migration_manager.py +19 -19
- souleyez/storage/msf_sessions.py +100 -65
- souleyez/storage/osint.py +17 -24
- souleyez/storage/recommendation_engine.py +269 -235
- souleyez/storage/screenshots.py +33 -32
- souleyez/storage/smb_shares.py +136 -92
- souleyez/storage/sqlmap_data.py +183 -128
- souleyez/storage/team_collaboration.py +135 -141
- souleyez/storage/timeline_tracker.py +122 -94
- souleyez/storage/wazuh_vulns.py +64 -66
- souleyez/storage/web_paths.py +33 -37
- souleyez/testing/credential_tester.py +221 -205
- souleyez/ui/__init__.py +1 -1
- souleyez/ui/ai_quotes.py +12 -12
- souleyez/ui/attack_surface.py +2439 -1516
- souleyez/ui/chain_rules_view.py +914 -382
- souleyez/ui/correlation_view.py +312 -230
- souleyez/ui/dashboard.py +2382 -1130
- souleyez/ui/deliverables_view.py +148 -62
- souleyez/ui/design_system.py +13 -13
- souleyez/ui/errors.py +49 -49
- souleyez/ui/evidence_linking_view.py +284 -179
- souleyez/ui/evidence_vault.py +393 -285
- souleyez/ui/exploit_suggestions_view.py +555 -349
- souleyez/ui/export_view.py +100 -66
- souleyez/ui/gap_analysis_view.py +315 -171
- souleyez/ui/help_system.py +105 -97
- souleyez/ui/intelligence_view.py +436 -293
- souleyez/ui/interactive.py +22827 -10678
- souleyez/ui/interactive_selector.py +75 -68
- souleyez/ui/log_formatter.py +47 -39
- souleyez/ui/menu_components.py +22 -13
- souleyez/ui/msf_auxiliary_menu.py +184 -133
- souleyez/ui/pending_chains_view.py +336 -172
- souleyez/ui/progress_indicators.py +5 -3
- souleyez/ui/recommendations_view.py +195 -137
- souleyez/ui/rule_builder.py +343 -225
- souleyez/ui/setup_wizard.py +678 -284
- souleyez/ui/shortcuts.py +217 -165
- souleyez/ui/splunk_gap_analysis_view.py +452 -270
- souleyez/ui/splunk_vulns_view.py +139 -86
- souleyez/ui/team_dashboard.py +498 -335
- souleyez/ui/template_selector.py +196 -105
- souleyez/ui/terminal.py +6 -6
- souleyez/ui/timeline_view.py +198 -127
- souleyez/ui/tool_setup.py +264 -164
- souleyez/ui/tutorial.py +202 -72
- souleyez/ui/tutorial_state.py +40 -40
- souleyez/ui/wazuh_vulns_view.py +235 -141
- souleyez/ui/wordlist_browser.py +260 -107
- souleyez/ui.py +464 -312
- souleyez/utils/tool_checker.py +427 -367
- souleyez/utils.py +33 -29
- souleyez/wordlists.py +134 -167
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/METADATA +1 -1
- souleyez-2.43.34.dist-info/RECORD +443 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/WHEEL +1 -1
- souleyez-2.43.29.dist-info/RECORD +0 -379
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/top_level.txt +0 -0
souleyez/plugins/vnc_access.py
CHANGED
|
@@ -25,10 +25,10 @@ HELP = {
|
|
|
25
25
|
"- VNC gives full mouse/keyboard control\n"
|
|
26
26
|
"- Some viewers support file transfer\n"
|
|
27
27
|
),
|
|
28
|
-
"usage":
|
|
28
|
+
"usage": 'souleyez jobs enqueue vnc_access <target> --args "--password <pass>"',
|
|
29
29
|
"examples": [
|
|
30
|
-
|
|
31
|
-
|
|
30
|
+
'souleyez jobs enqueue vnc_access 192.168.1.100 --args "--password secret"',
|
|
31
|
+
'souleyez jobs enqueue vnc_access 192.168.1.100:5901 --args "--password secret"',
|
|
32
32
|
],
|
|
33
33
|
"flags": [
|
|
34
34
|
["--password PASS", "VNC password"],
|
|
@@ -37,7 +37,87 @@ HELP = {
|
|
|
37
37
|
],
|
|
38
38
|
"presets": [
|
|
39
39
|
{"name": "Connect", "args": [], "desc": "Interactive VNC session"},
|
|
40
|
-
{
|
|
40
|
+
{
|
|
41
|
+
"name": "Screenshot",
|
|
42
|
+
"args": ["--screenshot"],
|
|
43
|
+
"desc": "Capture screenshot only",
|
|
44
|
+
},
|
|
45
|
+
],
|
|
46
|
+
"help_sections": [
|
|
47
|
+
{
|
|
48
|
+
"title": "What is VNC Access?",
|
|
49
|
+
"color": "cyan",
|
|
50
|
+
"content": [
|
|
51
|
+
(
|
|
52
|
+
"Overview",
|
|
53
|
+
[
|
|
54
|
+
"Connects to VNC servers after obtaining credentials",
|
|
55
|
+
"Provides full graphical remote desktop access",
|
|
56
|
+
"Can take screenshots for headless/automated operation",
|
|
57
|
+
],
|
|
58
|
+
),
|
|
59
|
+
(
|
|
60
|
+
"When to Use",
|
|
61
|
+
[
|
|
62
|
+
"After VNC brute force discovers valid password",
|
|
63
|
+
"When you need GUI access (no command line available)",
|
|
64
|
+
"For accessing macOS Screen Sharing (port 5900)",
|
|
65
|
+
"To capture screenshots for documentation/evidence",
|
|
66
|
+
],
|
|
67
|
+
),
|
|
68
|
+
],
|
|
69
|
+
},
|
|
70
|
+
{
|
|
71
|
+
"title": "Usage & Examples",
|
|
72
|
+
"color": "green",
|
|
73
|
+
"content": [
|
|
74
|
+
(
|
|
75
|
+
"Interactive Session",
|
|
76
|
+
[
|
|
77
|
+
'souleyez jobs enqueue vnc_access 192.168.1.100 --args "--password secret"',
|
|
78
|
+
" → Opens VNC viewer for interactive control",
|
|
79
|
+
],
|
|
80
|
+
),
|
|
81
|
+
(
|
|
82
|
+
"Custom Port",
|
|
83
|
+
[
|
|
84
|
+
'souleyez jobs enqueue vnc_access 192.168.1.100:5901 --args "--password secret"',
|
|
85
|
+
" → Connects to VNC on non-standard port",
|
|
86
|
+
],
|
|
87
|
+
),
|
|
88
|
+
(
|
|
89
|
+
"Screenshot Mode",
|
|
90
|
+
[
|
|
91
|
+
'souleyez jobs enqueue vnc_access 192.168.1.100 --args "--password secret --screenshot"',
|
|
92
|
+
" → Captures screenshot without interactive session",
|
|
93
|
+
],
|
|
94
|
+
),
|
|
95
|
+
],
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
"title": "VNC Ports & Tips",
|
|
99
|
+
"color": "yellow",
|
|
100
|
+
"content": [
|
|
101
|
+
(
|
|
102
|
+
"Common VNC Ports",
|
|
103
|
+
[
|
|
104
|
+
"5900 - Standard VNC / macOS Screen Sharing",
|
|
105
|
+
"5901 - VNC display :1",
|
|
106
|
+
"5902 - VNC display :2",
|
|
107
|
+
"5800 - Java VNC (web-based)",
|
|
108
|
+
],
|
|
109
|
+
),
|
|
110
|
+
(
|
|
111
|
+
"Access Capabilities",
|
|
112
|
+
[
|
|
113
|
+
"Full mouse and keyboard control",
|
|
114
|
+
"View running applications and files",
|
|
115
|
+
"Some viewers support file transfer",
|
|
116
|
+
"Can be used for credential harvesting (watch user type)",
|
|
117
|
+
],
|
|
118
|
+
),
|
|
119
|
+
],
|
|
120
|
+
},
|
|
41
121
|
],
|
|
42
122
|
}
|
|
43
123
|
|
|
@@ -50,54 +130,59 @@ class VNCAccessPlugin(PluginBase):
|
|
|
50
130
|
|
|
51
131
|
def check_tool_available(self) -> tuple:
|
|
52
132
|
"""Check if a VNC viewer is available."""
|
|
53
|
-
viewers = [
|
|
133
|
+
viewers = ["vncviewer", "vinagre", "remmina", "xtightvncviewer"]
|
|
54
134
|
for viewer in viewers:
|
|
55
135
|
if shutil.which(viewer):
|
|
56
136
|
return True, None
|
|
57
|
-
return
|
|
137
|
+
return (
|
|
138
|
+
False,
|
|
139
|
+
"VNC viewer not found. Install with: sudo apt install tigervnc-viewer",
|
|
140
|
+
)
|
|
58
141
|
|
|
59
142
|
def _find_viewer(self) -> str:
|
|
60
143
|
"""Find an available VNC viewer."""
|
|
61
|
-
viewers = [
|
|
144
|
+
viewers = ["vncviewer", "xtightvncviewer", "vinagre", "remmina"]
|
|
62
145
|
for viewer in viewers:
|
|
63
146
|
if shutil.which(viewer):
|
|
64
147
|
return viewer
|
|
65
|
-
return
|
|
148
|
+
return "vncviewer"
|
|
66
149
|
|
|
67
|
-
def build_command(
|
|
150
|
+
def build_command(
|
|
151
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
152
|
+
):
|
|
68
153
|
"""Build VNC viewer command."""
|
|
69
154
|
args = args or []
|
|
70
155
|
|
|
71
156
|
try:
|
|
72
157
|
# Allow target:port format
|
|
73
|
-
if
|
|
74
|
-
host, port = target.rsplit(
|
|
158
|
+
if ":" in target and target.count(":") == 1:
|
|
159
|
+
host, port = target.rsplit(":", 1)
|
|
75
160
|
try:
|
|
76
161
|
int(port)
|
|
77
162
|
target = host
|
|
78
|
-
args = [
|
|
163
|
+
args = ["--port", port] + args
|
|
79
164
|
except ValueError:
|
|
80
165
|
pass
|
|
81
166
|
target = validate_target(target)
|
|
82
167
|
except ValidationError as e:
|
|
83
168
|
if log_path:
|
|
84
|
-
with open(log_path,
|
|
169
|
+
with open(log_path, "w") as f:
|
|
85
170
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
86
171
|
return None
|
|
87
172
|
|
|
88
173
|
password = None
|
|
89
|
-
port =
|
|
174
|
+
port = "5900"
|
|
90
175
|
screenshot = False
|
|
91
176
|
|
|
92
177
|
i = 0
|
|
93
178
|
while i < len(args):
|
|
94
|
-
if args[i] ==
|
|
179
|
+
if args[i] == "--password" and i + 1 < len(args):
|
|
95
180
|
password = args[i + 1]
|
|
96
181
|
i += 2
|
|
97
|
-
elif args[i] ==
|
|
182
|
+
elif args[i] == "--port" and i + 1 < len(args):
|
|
98
183
|
port = args[i + 1]
|
|
99
184
|
i += 2
|
|
100
|
-
elif args[i] ==
|
|
185
|
+
elif args[i] == "--screenshot":
|
|
101
186
|
screenshot = True
|
|
102
187
|
i += 1
|
|
103
188
|
else:
|
|
@@ -107,54 +192,51 @@ class VNCAccessPlugin(PluginBase):
|
|
|
107
192
|
|
|
108
193
|
if screenshot:
|
|
109
194
|
# Use vncsnapshot if available, otherwise vncviewer in headless mode
|
|
110
|
-
if shutil.which(
|
|
111
|
-
cmd = [
|
|
195
|
+
if shutil.which("vncsnapshot"):
|
|
196
|
+
cmd = ["vncsnapshot", f"{target}:{port}", "/tmp/vnc_screenshot.jpg"]
|
|
112
197
|
if password:
|
|
113
|
-
cmd.extend([
|
|
198
|
+
cmd.extend(["-passwd", password])
|
|
114
199
|
else:
|
|
115
200
|
if log_path:
|
|
116
|
-
with open(log_path,
|
|
201
|
+
with open(log_path, "w") as f:
|
|
117
202
|
f.write("# Screenshot mode requires vncsnapshot\n")
|
|
118
203
|
f.write("Install with: sudo apt install vncsnapshot\n")
|
|
119
204
|
return None
|
|
120
205
|
else:
|
|
121
206
|
# Interactive session
|
|
122
|
-
cmd = [viewer, f
|
|
207
|
+
cmd = [viewer, f"{target}::{port}"]
|
|
123
208
|
# vncviewer password handling varies by implementation
|
|
124
209
|
# Most accept password via stdin or password file
|
|
125
210
|
|
|
126
211
|
return {
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
212
|
+
"cmd": cmd,
|
|
213
|
+
"timeout": 30, # Just connection timeout, session runs until user closes
|
|
214
|
+
"password": password,
|
|
130
215
|
}
|
|
131
216
|
|
|
132
|
-
def run(
|
|
217
|
+
def run(
|
|
218
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
219
|
+
) -> int:
|
|
133
220
|
"""Execute VNC connection."""
|
|
134
221
|
cmd_spec = self.build_command(target, args, label, log_path)
|
|
135
222
|
if cmd_spec is None:
|
|
136
223
|
return 1
|
|
137
224
|
|
|
138
|
-
cmd = cmd_spec[
|
|
139
|
-
password = cmd_spec.get(
|
|
225
|
+
cmd = cmd_spec["cmd"]
|
|
226
|
+
password = cmd_spec.get("password")
|
|
140
227
|
|
|
141
228
|
if log_path:
|
|
142
|
-
with open(log_path,
|
|
229
|
+
with open(log_path, "w") as f:
|
|
143
230
|
f.write(f"# VNC Access to {target}\n")
|
|
144
231
|
f.write(f"# Command: {' '.join(cmd)}\n")
|
|
145
232
|
f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
|
|
146
233
|
|
|
147
234
|
try:
|
|
148
235
|
# For screenshot mode, capture output
|
|
149
|
-
if
|
|
150
|
-
result = subprocess.run(
|
|
151
|
-
cmd,
|
|
152
|
-
capture_output=True,
|
|
153
|
-
text=True,
|
|
154
|
-
timeout=30
|
|
155
|
-
)
|
|
236
|
+
if "vncsnapshot" in cmd[0]:
|
|
237
|
+
result = subprocess.run(cmd, capture_output=True, text=True, timeout=30)
|
|
156
238
|
if log_path:
|
|
157
|
-
with open(log_path,
|
|
239
|
+
with open(log_path, "a") as f:
|
|
158
240
|
f.write(result.stdout)
|
|
159
241
|
if result.stderr:
|
|
160
242
|
f.write(f"\nStderr: {result.stderr}\n")
|
|
@@ -164,27 +246,32 @@ class VNCAccessPlugin(PluginBase):
|
|
|
164
246
|
else:
|
|
165
247
|
# Interactive mode - just launch and return
|
|
166
248
|
if log_path:
|
|
167
|
-
with open(log_path,
|
|
249
|
+
with open(log_path, "a") as f:
|
|
168
250
|
f.write("Launching VNC viewer...\n")
|
|
169
251
|
f.write("Note: Interactive session - check viewer window\n")
|
|
170
252
|
|
|
171
253
|
# Use Popen for non-blocking launch
|
|
172
|
-
subprocess.Popen(
|
|
254
|
+
subprocess.Popen(
|
|
255
|
+
cmd,
|
|
256
|
+
stdin=subprocess.DEVNULL,
|
|
257
|
+
stdout=subprocess.DEVNULL,
|
|
258
|
+
stderr=subprocess.DEVNULL,
|
|
259
|
+
)
|
|
173
260
|
return 0
|
|
174
261
|
|
|
175
262
|
except subprocess.TimeoutExpired:
|
|
176
263
|
if log_path:
|
|
177
|
-
with open(log_path,
|
|
264
|
+
with open(log_path, "a") as f:
|
|
178
265
|
f.write("\n\n# ERROR: Connection timed out\n")
|
|
179
266
|
return 124
|
|
180
267
|
except FileNotFoundError:
|
|
181
268
|
if log_path:
|
|
182
|
-
with open(log_path,
|
|
269
|
+
with open(log_path, "a") as f:
|
|
183
270
|
f.write("\n\n# ERROR: VNC viewer not found\n")
|
|
184
271
|
return 127
|
|
185
272
|
except Exception as e:
|
|
186
273
|
if log_path:
|
|
187
|
-
with open(log_path,
|
|
274
|
+
with open(log_path, "a") as f:
|
|
188
275
|
f.write(f"\n\n# ERROR: {e}\n")
|
|
189
276
|
return 1
|
|
190
277
|
|
souleyez/plugins/vnc_brute.py
CHANGED
|
@@ -29,7 +29,7 @@ HELP = {
|
|
|
29
29
|
"usage": "souleyez jobs enqueue vnc_brute <target>",
|
|
30
30
|
"examples": [
|
|
31
31
|
"souleyez jobs enqueue vnc_brute 192.168.1.100",
|
|
32
|
-
|
|
32
|
+
'souleyez jobs enqueue vnc_brute 192.168.1.100 --args "--port 5901"',
|
|
33
33
|
],
|
|
34
34
|
"flags": [
|
|
35
35
|
["--port PORT", "VNC port (default: 5900)"],
|
|
@@ -38,6 +38,82 @@ HELP = {
|
|
|
38
38
|
{"name": "Standard VNC", "args": [], "desc": "Port 5900"},
|
|
39
39
|
{"name": "Display :1", "args": ["--port", "5901"], "desc": "Port 5901"},
|
|
40
40
|
],
|
|
41
|
+
"help_sections": [
|
|
42
|
+
{
|
|
43
|
+
"title": "What is VNC Brute Force?",
|
|
44
|
+
"color": "cyan",
|
|
45
|
+
"content": [
|
|
46
|
+
(
|
|
47
|
+
"Overview",
|
|
48
|
+
[
|
|
49
|
+
"Brute forces VNC/Screen Sharing password authentication",
|
|
50
|
+
"Uses Hydra with common VNC passwords",
|
|
51
|
+
"Targets graphical remote access to systems",
|
|
52
|
+
],
|
|
53
|
+
),
|
|
54
|
+
(
|
|
55
|
+
"VNC Authentication Types",
|
|
56
|
+
[
|
|
57
|
+
"VNC-only password (separate from user accounts)",
|
|
58
|
+
"macOS user credentials (Screen Sharing)",
|
|
59
|
+
"No authentication (dangerous but common!)",
|
|
60
|
+
],
|
|
61
|
+
),
|
|
62
|
+
],
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
"title": "Usage & Examples",
|
|
66
|
+
"color": "green",
|
|
67
|
+
"content": [
|
|
68
|
+
(
|
|
69
|
+
"Basic Usage",
|
|
70
|
+
[
|
|
71
|
+
"souleyez jobs enqueue vnc_brute 192.168.1.100",
|
|
72
|
+
" → Tests common VNC passwords on port 5900",
|
|
73
|
+
],
|
|
74
|
+
),
|
|
75
|
+
(
|
|
76
|
+
"Custom Port",
|
|
77
|
+
[
|
|
78
|
+
'souleyez jobs enqueue vnc_brute 192.168.1.100 --args "--port 5901"',
|
|
79
|
+
" → Tests VNC on display :1 (port 5901)",
|
|
80
|
+
],
|
|
81
|
+
),
|
|
82
|
+
],
|
|
83
|
+
},
|
|
84
|
+
{
|
|
85
|
+
"title": "Tips & Common Passwords",
|
|
86
|
+
"color": "yellow",
|
|
87
|
+
"content": [
|
|
88
|
+
(
|
|
89
|
+
"Common VNC Passwords",
|
|
90
|
+
[
|
|
91
|
+
"password, vnc, 123456, admin",
|
|
92
|
+
"Often same as login password",
|
|
93
|
+
"Many systems use blank password (no auth!)",
|
|
94
|
+
"8 character max on traditional VNC",
|
|
95
|
+
],
|
|
96
|
+
),
|
|
97
|
+
(
|
|
98
|
+
"VNC Ports to Check",
|
|
99
|
+
[
|
|
100
|
+
"5900 - Display :0 / macOS Screen Sharing",
|
|
101
|
+
"5901 - Display :1",
|
|
102
|
+
"5800 - Java VNC (browser-based)",
|
|
103
|
+
],
|
|
104
|
+
),
|
|
105
|
+
(
|
|
106
|
+
"After Success",
|
|
107
|
+
[
|
|
108
|
+
"Use vnc_access to connect interactively",
|
|
109
|
+
"Full graphical desktop control",
|
|
110
|
+
"Can view files, run programs, keylog",
|
|
111
|
+
"Watch for open sessions with sensitive data",
|
|
112
|
+
],
|
|
113
|
+
),
|
|
114
|
+
],
|
|
115
|
+
},
|
|
116
|
+
],
|
|
41
117
|
}
|
|
42
118
|
|
|
43
119
|
|
|
@@ -49,18 +125,13 @@ class VNCBrutePlugin(PluginBase):
|
|
|
49
125
|
|
|
50
126
|
def _get_wordlist_path(self, filename: str) -> str:
|
|
51
127
|
"""Get path to wordlist file."""
|
|
52
|
-
import
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
os.path.expanduser(f'~/.souleyez/wordlists/{filename}'),
|
|
56
|
-
f'/usr/share/seclists/Passwords/{filename}',
|
|
57
|
-
]
|
|
58
|
-
for loc in locations:
|
|
59
|
-
if os.path.exists(loc):
|
|
60
|
-
return os.path.abspath(loc)
|
|
61
|
-
return filename
|
|
128
|
+
from souleyez.wordlists import resolve_wordlist_path
|
|
129
|
+
|
|
130
|
+
return resolve_wordlist_path(f"data/wordlists/{filename}")
|
|
62
131
|
|
|
63
|
-
def build_command(
|
|
132
|
+
def build_command(
|
|
133
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
134
|
+
):
|
|
64
135
|
"""Build Hydra command for VNC brute force."""
|
|
65
136
|
args = args or []
|
|
66
137
|
|
|
@@ -68,69 +139,69 @@ class VNCBrutePlugin(PluginBase):
|
|
|
68
139
|
target = validate_target(target)
|
|
69
140
|
except ValidationError as e:
|
|
70
141
|
if log_path:
|
|
71
|
-
with open(log_path,
|
|
142
|
+
with open(log_path, "w") as f:
|
|
72
143
|
f.write(f"ERROR: Invalid target: {e}\n")
|
|
73
144
|
return None
|
|
74
145
|
|
|
75
|
-
port =
|
|
146
|
+
port = "5900"
|
|
76
147
|
i = 0
|
|
77
148
|
while i < len(args):
|
|
78
|
-
if args[i] ==
|
|
149
|
+
if args[i] == "--port" and i + 1 < len(args):
|
|
79
150
|
port = args[i + 1]
|
|
80
151
|
i += 2
|
|
81
152
|
else:
|
|
82
153
|
i += 1
|
|
83
154
|
|
|
84
|
-
passwords = self._get_wordlist_path(
|
|
155
|
+
passwords = self._get_wordlist_path("vnc_passwords.txt")
|
|
85
156
|
|
|
86
157
|
cmd = [
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
158
|
+
"hydra",
|
|
159
|
+
"-P",
|
|
160
|
+
passwords,
|
|
161
|
+
"-s",
|
|
162
|
+
port,
|
|
163
|
+
"-t",
|
|
164
|
+
"2",
|
|
165
|
+
"-w",
|
|
166
|
+
"3",
|
|
167
|
+
"-vV",
|
|
168
|
+
"-f",
|
|
94
169
|
target,
|
|
95
|
-
|
|
170
|
+
"vnc",
|
|
96
171
|
]
|
|
97
172
|
|
|
98
|
-
return {
|
|
99
|
-
'cmd': cmd,
|
|
100
|
-
'timeout': 1800
|
|
101
|
-
}
|
|
173
|
+
return {"cmd": cmd, "timeout": 1800}
|
|
102
174
|
|
|
103
|
-
def run(
|
|
175
|
+
def run(
|
|
176
|
+
self, target: str, args: List[str] = None, label: str = "", log_path: str = None
|
|
177
|
+
) -> int:
|
|
104
178
|
"""Execute VNC brute force."""
|
|
105
179
|
cmd_spec = self.build_command(target, args, label, log_path)
|
|
106
180
|
if cmd_spec is None:
|
|
107
181
|
return 1
|
|
108
182
|
|
|
109
|
-
cmd = cmd_spec[
|
|
183
|
+
cmd = cmd_spec["cmd"]
|
|
110
184
|
|
|
111
185
|
if log_path:
|
|
112
|
-
with open(log_path,
|
|
186
|
+
with open(log_path, "w") as f:
|
|
113
187
|
f.write(f"# VNC Brute Force on {target}\n")
|
|
114
188
|
f.write(f"# Command: {' '.join(cmd)}\n")
|
|
115
189
|
f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
|
|
116
190
|
|
|
117
191
|
try:
|
|
118
|
-
with open(log_path,
|
|
192
|
+
with open(log_path, "a") as f:
|
|
119
193
|
result = subprocess.run(
|
|
120
|
-
cmd,
|
|
121
|
-
stdout=f,
|
|
122
|
-
stderr=subprocess.STDOUT,
|
|
123
|
-
timeout=cmd_spec['timeout']
|
|
194
|
+
cmd, stdout=f, stderr=subprocess.STDOUT, timeout=cmd_spec["timeout"]
|
|
124
195
|
)
|
|
125
196
|
return result.returncode
|
|
126
197
|
except subprocess.TimeoutExpired:
|
|
127
198
|
if log_path:
|
|
128
|
-
with open(log_path,
|
|
199
|
+
with open(log_path, "a") as f:
|
|
129
200
|
f.write("\n\n# ERROR: Brute force timed out\n")
|
|
130
201
|
return 124
|
|
131
202
|
except Exception as e:
|
|
132
203
|
if log_path:
|
|
133
|
-
with open(log_path,
|
|
204
|
+
with open(log_path, "a") as f:
|
|
134
205
|
f.write(f"\n\n# ERROR: {e}\n")
|
|
135
206
|
return 1
|
|
136
207
|
|