souleyez 2.43.29__py3-none-any.whl → 2.43.34__py3-none-any.whl

souleyez/plugins/web_login_test.py

@@ -0,0 +1,417 @@
+#!/usr/bin/env python3
+"""
+souleyez.plugins.web_login_test - Web login credential testing
+
+Tests cracked credentials against web login endpoints.
+Supports both JSON REST APIs and traditional HTML form logins.
+"""
+import json
+import re
+import ssl
+import time
+import urllib.error
+import urllib.parse
+import urllib.request
+from typing import Any, Dict, List, Optional
+
+from .plugin_base import PluginBase
+
+HELP = {
+    "name": "Web Login Test - Credential Validation",
+    "description": (
+        "Tests credentials against web login endpoints to validate "
+        "that cracked passwords actually work.\n\n"
+        "Supports:\n"
+        "- JSON REST APIs (Content-Type: application/json)\n"
+        "- HTML form submissions\n"
+        "- Custom field names via --username-field and --password-field\n"
+    ),
+    "usage": 'souleyez jobs enqueue web_login_test <login_url> --args "--username <user> --password <pass>"',
+    "examples": [
+        'souleyez jobs enqueue web_login_test http://target/api/login --args "--username admin --password secret"',
+        'souleyez jobs enqueue web_login_test http://target/login.php --args "--username admin --password secret --form"',
+    ],
+    "flags": [
+        ["--username <user>", "Username to test"],
+        ["--password <pass>", "Password to test"],
+        ["--form", "Use form POST instead of JSON (default: JSON)"],
+        ["--username-field <name>", "Custom username field name (default: email)"],
+        ["--password-field <name>", "Custom password field name (default: password)"],
+    ],
+    "presets": [
+        {
+            "name": "JSON API Login",
+            "args": ["--username", "<username>", "--password", "<password>"],
+            "desc": "Test JSON API login endpoint",
+        },
+        {
+            "name": "Form Login",
+            "args": ["--username", "<username>", "--password", "<password>", "--form"],
+            "desc": "Test HTML form login",
+        },
+    ],
+    "help_sections": [
+        {
+            "title": "How It Works",
+            "color": "cyan",
+            "content": [
+                (
+                    "Overview",
+                    [
+                        "Sends POST request with credentials to login endpoint",
+                        "Analyzes response for success/failure indicators",
+                        "Supports JSON APIs and form-based authentication",
+                    ],
+                ),
+                (
+                    "Success Detection",
+                    [
+                        "Looks for: token, success, authenticated in response",
+                        "HTTP 200/201 with positive indicators = success",
+                        "HTTP 401/403 or error messages = failure",
+                    ],
+                ),
+            ],
+        },
+        {
+            "title": "Usage & Examples",
+            "color": "green",
+            "content": [
+                (
+                    "JSON API Login (default)",
+                    [
+                        "souleyez jobs enqueue web_login_test http://target/api/login \\",
+                        '  --args "--username admin --password secret"',
+                        '  → Sends JSON: {"email": "admin", "password": "secret"}',
+                    ],
+                ),
+                (
+                    "HTML Form Login",
+                    [
+                        "souleyez jobs enqueue web_login_test http://target/login.php \\",
+                        '  --args "--username admin --password secret --form"',
+                        "  → Sends form data: email=admin&password=secret",
+                    ],
+                ),
+                (
+                    "Custom Field Names",
+                    [
+                        "souleyez jobs enqueue web_login_test http://target/login \\",
+                        '  --args "--username admin --password secret --username-field user --password-field pass"',
+                        "  → Uses custom field names instead of email/password",
+                    ],
+                ),
+            ],
+        },
+        {
+            "title": "Automatic Chaining",
+            "color": "yellow",
+            "content": [
+                (
+                    "When This Tool Runs Automatically",
+                    [
+                        "After hashcat cracks passwords from SQLMap dumps",
+                        "Validates cracked credentials against the original login endpoint",
+                        "Auto-detects JSON vs form format from URL patterns",
+                    ],
+                ),
+                (
+                    "Chain Flow",
+                    [
+                        "SQLMap extracts hashed passwords from database",
+                        "Hashcat cracks the hashes to plaintext",
+                        "Web Login Test validates: do these credentials work?",
+                        "Validated credentials are stored for reporting",
+                    ],
+                ),
+            ],
+        },
+    ],
+}
+
+
+class WebLoginTestPlugin(PluginBase):
+    """Plugin for testing web login credentials."""
+
+    name = "Web Login Test"
+    tool = "web_login_test"
+    category = "credential_access"
+    HELP = HELP
+
+    # Success indicators in response body
+    SUCCESS_INDICATORS = [
+        "token",
+        "access_token",
+        "jwt",
+        "session",
+        "authenticated",
+        "success",
+        "welcome",
+        "dashboard",
+        "logged in",
+    ]
+
+    # Failure indicators in response body
+    FAILURE_INDICATORS = [
+        "invalid",
+        "incorrect",
+        "failed",
+        "error",
+        "unauthorized",
+        "denied",
+        "wrong password",
+        "bad credentials",
+        "authentication failed",
+    ]
+
+    def build_command(
+        self,
+        target: str,
+        args: List[str] = None,
+        label: str = "",
+        log_path: str = None,
+    ) -> Optional[Dict[str, Any]]:
+        """
+        Web login test runs in Python, not via external command.
+        Return None to use run() method instead.
+        """
+        return None
+
+    def run(
+        self,
+        target: str,
+        args: List[str] = None,
+        label: str = "",
+        log_path: str = None,
+    ) -> int:
+        """Execute web login credential test."""
+        args = args or []
+
+        # Parse arguments
+        username = None
+        password = None
+        use_form = False
+        username_field = "email"
+        password_field = "password"
+
+        i = 0
+        while i < len(args):
+            arg = args[i]
+            if arg == "--username" and i + 1 < len(args):
+                username = args[i + 1]
+                i += 2
+            elif arg == "--password" and i + 1 < len(args):
+                password = args[i + 1]
+                i += 2
+            elif arg == "--form":
+                use_form = True
+                i += 1
+            elif arg == "--username-field" and i + 1 < len(args):
+                username_field = args[i + 1]
+                i += 2
+            elif arg == "--password-field" and i + 1 < len(args):
+                password_field = args[i + 1]
+                i += 2
+            else:
+                i += 1
+
+        if not username or not password:
+            self._write_log(
+                log_path,
+                target,
+                username,
+                error="Missing --username or --password argument",
+            )
+            return 1
+
+        # Ensure target has scheme
+        if not target.startswith(("http://", "https://")):
+            target = f"http://{target}"
+
+        try:
+            result = self._test_login(
+                url=target,
+                username=username,
+                password=password,
+                use_form=use_form,
+                username_field=username_field,
+                password_field=password_field,
+            )
+
+            self._write_log(log_path, target, username, result=result)
+
+            # Return 0 for success, 1 for failure
+            return 0 if result.get("success") else 1
+
+        except Exception as e:
+            self._write_log(log_path, target, username, error=str(e))
+            return 1
+
+    def _test_login(
+        self,
+        url: str,
+        username: str,
+        password: str,
+        use_form: bool = False,
+        username_field: str = "email",
+        password_field: str = "password",
+        timeout: int = 15,
+    ) -> Dict[str, Any]:
+        """
+        Test login credentials against a web endpoint.
+
+        Returns dict with:
+        - success: bool
+        - http_code: int
+        - response: str (truncated)
+        - reason: str (why success/failure was determined)
+        """
+        result = {
+            "success": False,
+            "http_code": None,
+            "response": None,
+            "reason": None,
+        }
+
+        # Create SSL context that accepts self-signed certs
+        ctx = ssl.create_default_context()
+        ctx.check_hostname = False
+        ctx.verify_mode = ssl.CERT_NONE
+
+        # Build request data
+        if use_form:
+            # Form-encoded POST
+            data = urllib.parse.urlencode(
+                {username_field: username, password_field: password}
+            ).encode("utf-8")
+            content_type = "application/x-www-form-urlencoded"
+        else:
+            # JSON POST
+            data = json.dumps(
+                {username_field: username, password_field: password}
+            ).encode("utf-8")
+            content_type = "application/json"
+
+        # Create request
+        req = urllib.request.Request(
+            url,
+            data=data,
+            headers={
+                "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
+                "Content-Type": content_type,
+                "Accept": "application/json, text/html, */*",
+            },
+            method="POST",
+        )
+
+        try:
+            response = urllib.request.urlopen(req, timeout=timeout, context=ctx)
+            result["http_code"] = response.getcode()
+            body = response.read().decode("utf-8", errors="replace")
+            result["response"] = body[:500] if body else ""
+
+            # Analyze response
+            body_lower = body.lower()
+
+            # Check for success indicators
+            for indicator in self.SUCCESS_INDICATORS:
+                if indicator in body_lower:
+                    result["success"] = True
+                    result["reason"] = f"Found success indicator: '{indicator}'"
+                    return result
+
+            # HTTP 200/201 without explicit failure = possible success
+            if result["http_code"] in (200, 201):
+                # Check for failure indicators
+                for indicator in self.FAILURE_INDICATORS:
+                    if indicator in body_lower:
+                        result["success"] = False
+                        result["reason"] = f"Found failure indicator: '{indicator}'"
+                        return result
+
+                # No failure indicators, consider it possible success
+                result["success"] = True
+                result["reason"] = (
+                    f"HTTP {result['http_code']} with no failure indicators"
+                )
+                return result
+
+            # Other status codes
+            result["reason"] = f"HTTP {result['http_code']} - unclear result"
+            return result
+
+        except urllib.error.HTTPError as e:
+            result["http_code"] = e.code
+            try:
+                body = e.read().decode("utf-8", errors="replace")
+                result["response"] = body[:500] if body else ""
+            except Exception:
+                result["response"] = ""
+
+            # 401/403 = auth failed
+            if e.code in (401, 403):
+                result["reason"] = f"HTTP {e.code} - Authentication failed"
+            else:
+                result["reason"] = f"HTTP {e.code} - Request failed"
+            return result
+
+        except urllib.error.URLError as e:
+            result["reason"] = f"Connection error: {e.reason}"
+            return result
+
+        except Exception as e:
+            result["reason"] = f"Error: {type(e).__name__}: {e}"
+            return result
+
+    def _write_log(
+        self,
+        log_path: str,
+        target: str,
+        username: str,
+        result: Dict[str, Any] = None,
+        error: str = None,
+    ) -> None:
+        """Write test results to log file."""
+        if not log_path:
+            return
+
+        try:
+            with open(log_path, "w", encoding="utf-8", errors="replace") as fh:
+                fh.write("=== Plugin: Web Login Test ===\n")
+                fh.write(f"Target: {target}\n")
+                fh.write(f"Username: {username}\n")
+                fh.write(
+                    f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
+                )
+                fh.write("=" * 60 + "\n\n")
+
+                if error:
+                    fh.write(f"ERROR: {error}\n")
+                    fh.write("\n=== JSON_RESULT ===\n")
+                    fh.write(json.dumps({"error": error}, indent=2))
+                    fh.write("\n=== END_JSON_RESULT ===\n")
+                    return
+
+                if result:
+                    if result.get("success"):
+                        fh.write("[+] LOGIN SUCCESS\n")
+                    else:
+                        fh.write("[-] LOGIN FAILED\n")
+
+                    fh.write(f"\nHTTP Code: {result.get('http_code', 'N/A')}\n")
+                    fh.write(f"Reason: {result.get('reason', 'Unknown')}\n")
+
+                    if result.get("response"):
+                        fh.write(
+                            f"\nResponse (truncated):\n{result['response'][:200]}\n"
+                        )
+
+                    fh.write("\n=== JSON_RESULT ===\n")
+                    fh.write(json.dumps(result, indent=2))
+                    fh.write("\n=== END_JSON_RESULT ===\n")
+
+        except Exception:
+            pass
+
+
+plugin = WebLoginTestPlugin()

souleyez/plugins/whois.py

@@ -37,56 +37,80 @@ HELP = {
         ["-p <port>", "Connect to specific port (default: 43)"],
     ],
     "presets": [
-        {"name": "Standard Lookup", "args": [], "desc": "Basic WHOIS query for domain information"},
+        {
+            "name": "Standard Lookup",
+            "args": [],
+            "desc": "Basic WHOIS query for domain information",
+        },
     ],
     "help_sections": [
         {
             "title": "What is WHOIS?",
             "color": "cyan",
             "content": [
-                {"title": "Overview", "desc": "WHOIS queries domain registration databases to retrieve registrant information, registrar details, creation/expiration dates, nameservers, and technical contacts."},
-                {"title": "Use Cases", "desc": "Essential for reconnaissance to understand domain ownership and gather contact information.", "tips": [
-                    "Identify domain owner and organization",
-                    "Find registration and expiration dates",
-                    "Discover nameservers and DNS configuration",
-                    "Gather email addresses and phone numbers for social engineering",
-                    "Identify related domains by registrant"
-                ]}
-            ]
+                {
+                    "title": "Overview",
+                    "desc": "WHOIS queries domain registration databases to retrieve registrant information, registrar details, creation/expiration dates, nameservers, and technical contacts.",
+                },
+                {
+                    "title": "Use Cases",
+                    "desc": "Essential for reconnaissance to understand domain ownership and gather contact information.",
+                    "tips": [
+                        "Identify domain owner and organization",
+                        "Find registration and expiration dates",
+                        "Discover nameservers and DNS configuration",
+                        "Gather email addresses and phone numbers for social engineering",
+                        "Identify related domains by registrant",
+                    ],
+                },
+            ],
         },
         {
             "title": "How to Use",
             "color": "green",
             "content": [
-                {"title": "Basic Workflow", "desc": "1. Enter target domain name\n     2. Review registration information\n     3. Note nameservers for DNS enumeration\n     4. Save contact information for later use"},
-                {"title": "What to Look For", "desc": "Key information in WHOIS results", "tips": [
-                    "Registrant name and organization",
-                    "Creation/expiration dates (helps identify abandoned domains)",
-                    "Nameserver configuration",
-                    "Technical/admin contact emails",
-                    "Registrar information"
-                ]}
-            ]
+                {
+                    "title": "Basic Workflow",
+                    "desc": "1. Enter target domain name\n     2. Review registration information\n     3. Note nameservers for DNS enumeration\n     4. Save contact information for later use",
+                },
+                {
+                    "title": "What to Look For",
+                    "desc": "Key information in WHOIS results",
+                    "tips": [
+                        "Registrant name and organization",
+                        "Creation/expiration dates (helps identify abandoned domains)",
+                        "Nameserver configuration",
+                        "Technical/admin contact emails",
+                        "Registrar information",
+                    ],
+                },
+            ],
         },
         {
             "title": "Tips & Best Practices",
             "color": "yellow",
             "content": [
-                ("Best Practices:", [
-                    "Query early in reconnaissance phase",
-                    "Cross-reference with theHarvester results",
-                    "Note privacy-protected domains (limited info)",
-                    "Check related TLDs (.com, .net, .org, etc.)",
-                    "Document contact information for reporting"
-                ]),
-                ("Common Issues:", [
-                    "Privacy protection: Many domains hide owner details",
-                    "Rate limiting: WHOIS servers may throttle queries",
-                    "Different formats: Each TLD registry has different output format"
-                ])
-            ]
-        }
-    ]
+                (
+                    "Best Practices:",
+                    [
+                        "Query early in reconnaissance phase",
+                        "Cross-reference with theHarvester results",
+                        "Note privacy-protected domains (limited info)",
+                        "Check related TLDs (.com, .net, .org, etc.)",
+                        "Document contact information for reporting",
+                    ],
+                ),
+                (
+                    "Common Issues:",
+                    [
+                        "Privacy protection: Many domains hide owner details",
+                        "Rate limiting: WHOIS servers may throttle queries",
+                        "Different formats: Each TLD registry has different output format",
+                    ],
+                ),
+            ],
+        },
+    ],
 }
 
 
@@ -96,35 +120,35 @@ class WhoisPlugin(PluginBase):
     category = "reconnaissance"
     HELP = HELP
 
-
-    def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
+    def build_command(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ):
         """Build command for background execution with PID tracking."""
         if not target:
             if log_path:
-                with open(log_path, 'w') as f:
+                with open(log_path, "w") as f:
                     f.write("ERROR: Target domain is required\n")
             return None
-        
+
         # Validate target
         try:
             target = validate_target(target)
         except ValidationError as e:
             if log_path:
-                with open(log_path, 'w') as f:
+                with open(log_path, "w") as f:
                     f.write(f"ERROR: Invalid target: {e}\n")
             return None
-        
+
         args = args or []
-        
+
         # whois syntax: whois target [args]
         cmd = ["whois", target] + args
-        
-        return {
-            'cmd': cmd,
-            'timeout': 300
-        }
 
-    def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
+        return {"cmd": cmd, "timeout": 300}
+
+    def run(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ) -> int:
         """
         Execute WHOIS lookup and write output to log_path.
         """
@@ -136,7 +160,7 @@ class WhoisPlugin(PluginBase):
             target = validate_target(target)
         except ValidationError as e:
             if log_path:
-                with open(log_path, 'w') as f:
+                with open(log_path, "w") as f:
                     f.write(f"ERROR: Invalid target: {e}\n")
                 return 1
             raise ValueError(f"Invalid target: {e}")
@@ -147,21 +171,16 @@ class WhoisPlugin(PluginBase):
         cmd = ["whois", target] + args
 
         if log_path:
-            with open(log_path, 'w') as f:
+            with open(log_path, "w") as f:
                 f.write(f"# WHOIS Lookup for {target}\n")
                 f.write(f"# Command: {' '.join(cmd)}\n")
                 f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
 
         try:
-            result = subprocess.run(
-                cmd,
-                capture_output=True,
-                text=True,
-                timeout=60
-            )
+            result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)
 
             if log_path:
-                with open(log_path, 'a') as f:
+                with open(log_path, "a") as f:
                     f.write(result.stdout)
                     if result.stderr:
                         f.write(f"\n\n# Errors:\n{result.stderr}\n")
@@ -170,12 +189,12 @@ class WhoisPlugin(PluginBase):
 
         except subprocess.TimeoutExpired:
             if log_path:
-                with open(log_path, 'a') as f:
+                with open(log_path, "a") as f:
                     f.write("\n\n# ERROR: Command timed out after 60 seconds\n")
             return 124
         except Exception as e:
             if log_path:
-                with open(log_path, 'a') as f:
+                with open(log_path, "a") as f:
                     f.write(f"\n\n# ERROR: {str(e)}\n")
             return 1