souleyez 2.43.29__py3-none-any.whl → 2.43.34__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of souleyez might be problematic. Click here for more details.

Files changed (358) hide show
  1. souleyez/__init__.py +1 -2
  2. souleyez/ai/__init__.py +21 -15
  3. souleyez/ai/action_mapper.py +249 -150
  4. souleyez/ai/chain_advisor.py +116 -100
  5. souleyez/ai/claude_provider.py +29 -28
  6. souleyez/ai/context_builder.py +80 -62
  7. souleyez/ai/executor.py +158 -117
  8. souleyez/ai/feedback_handler.py +136 -121
  9. souleyez/ai/llm_factory.py +27 -20
  10. souleyez/ai/llm_provider.py +4 -2
  11. souleyez/ai/ollama_provider.py +6 -9
  12. souleyez/ai/ollama_service.py +44 -37
  13. souleyez/ai/path_scorer.py +91 -76
  14. souleyez/ai/recommender.py +176 -144
  15. souleyez/ai/report_context.py +74 -73
  16. souleyez/ai/report_service.py +84 -66
  17. souleyez/ai/result_parser.py +222 -229
  18. souleyez/ai/safety.py +67 -44
  19. souleyez/auth/__init__.py +23 -22
  20. souleyez/auth/audit.py +36 -26
  21. souleyez/auth/engagement_access.py +65 -48
  22. souleyez/auth/permissions.py +14 -3
  23. souleyez/auth/session_manager.py +54 -37
  24. souleyez/auth/user_manager.py +109 -64
  25. souleyez/commands/audit.py +40 -43
  26. souleyez/commands/auth.py +35 -15
  27. souleyez/commands/deliverables.py +55 -50
  28. souleyez/commands/engagement.py +47 -28
  29. souleyez/commands/license.py +32 -23
  30. souleyez/commands/screenshots.py +36 -32
  31. souleyez/commands/user.py +82 -36
  32. souleyez/config.py +52 -44
  33. souleyez/core/credential_tester.py +87 -81
  34. souleyez/core/cve_mappings.py +179 -192
  35. souleyez/core/cve_matcher.py +162 -148
  36. souleyez/core/msf_auto_mapper.py +100 -83
  37. souleyez/core/msf_chain_engine.py +294 -256
  38. souleyez/core/msf_database.py +153 -70
  39. souleyez/core/msf_integration.py +679 -673
  40. souleyez/core/msf_rpc_client.py +40 -42
  41. souleyez/core/msf_rpc_manager.py +77 -79
  42. souleyez/core/msf_sync_manager.py +241 -181
  43. souleyez/core/network_utils.py +22 -15
  44. souleyez/core/parser_handler.py +34 -25
  45. souleyez/core/pending_chains.py +114 -63
  46. souleyez/core/templates.py +158 -107
  47. souleyez/core/tool_chaining.py +9526 -2879
  48. souleyez/core/version_utils.py +79 -94
  49. souleyez/core/vuln_correlation.py +136 -89
  50. souleyez/core/web_utils.py +33 -32
  51. souleyez/data/wordlists/ad_users.txt +378 -0
  52. souleyez/data/wordlists/api_endpoints_large.txt +769 -0
  53. souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
  54. souleyez/data/wordlists/lfi_payloads.txt +82 -0
  55. souleyez/data/wordlists/passwords_brute.txt +1548 -0
  56. souleyez/data/wordlists/passwords_crack.txt +2479 -0
  57. souleyez/data/wordlists/passwords_spray.txt +386 -0
  58. souleyez/data/wordlists/subdomains_large.txt +5057 -0
  59. souleyez/data/wordlists/usernames_common.txt +694 -0
  60. souleyez/data/wordlists/web_dirs_large.txt +4769 -0
  61. souleyez/detection/__init__.py +1 -1
  62. souleyez/detection/attack_signatures.py +12 -17
  63. souleyez/detection/mitre_mappings.py +61 -55
  64. souleyez/detection/validator.py +97 -86
  65. souleyez/devtools.py +23 -10
  66. souleyez/docs/README.md +4 -4
  67. souleyez/docs/api-reference/cli-commands.md +2 -2
  68. souleyez/docs/developer-guide/adding-new-tools.md +562 -0
  69. souleyez/docs/user-guide/auto-chaining.md +30 -8
  70. souleyez/docs/user-guide/getting-started.md +1 -1
  71. souleyez/docs/user-guide/installation.md +26 -3
  72. souleyez/docs/user-guide/metasploit-integration.md +2 -2
  73. souleyez/docs/user-guide/rbac.md +1 -1
  74. souleyez/docs/user-guide/scope-management.md +1 -1
  75. souleyez/docs/user-guide/siem-integration.md +1 -1
  76. souleyez/docs/user-guide/tools-reference.md +1 -8
  77. souleyez/docs/user-guide/worker-management.md +1 -1
  78. souleyez/engine/background.py +1239 -535
  79. souleyez/engine/base.py +4 -1
  80. souleyez/engine/job_status.py +17 -49
  81. souleyez/engine/log_sanitizer.py +103 -77
  82. souleyez/engine/manager.py +38 -7
  83. souleyez/engine/result_handler.py +2200 -1550
  84. souleyez/engine/worker_manager.py +50 -41
  85. souleyez/export/evidence_bundle.py +72 -62
  86. souleyez/feature_flags/features.py +16 -20
  87. souleyez/feature_flags.py +5 -9
  88. souleyez/handlers/__init__.py +11 -0
  89. souleyez/handlers/base.py +188 -0
  90. souleyez/handlers/bash_handler.py +277 -0
  91. souleyez/handlers/bloodhound_handler.py +243 -0
  92. souleyez/handlers/certipy_handler.py +311 -0
  93. souleyez/handlers/crackmapexec_handler.py +486 -0
  94. souleyez/handlers/dnsrecon_handler.py +344 -0
  95. souleyez/handlers/enum4linux_handler.py +400 -0
  96. souleyez/handlers/evil_winrm_handler.py +493 -0
  97. souleyez/handlers/ffuf_handler.py +815 -0
  98. souleyez/handlers/gobuster_handler.py +1114 -0
  99. souleyez/handlers/gpp_extract_handler.py +334 -0
  100. souleyez/handlers/hashcat_handler.py +444 -0
  101. souleyez/handlers/hydra_handler.py +563 -0
  102. souleyez/handlers/impacket_getuserspns_handler.py +343 -0
  103. souleyez/handlers/impacket_psexec_handler.py +222 -0
  104. souleyez/handlers/impacket_secretsdump_handler.py +426 -0
  105. souleyez/handlers/john_handler.py +286 -0
  106. souleyez/handlers/katana_handler.py +425 -0
  107. souleyez/handlers/kerbrute_handler.py +298 -0
  108. souleyez/handlers/ldapsearch_handler.py +636 -0
  109. souleyez/handlers/lfi_extract_handler.py +464 -0
  110. souleyez/handlers/msf_auxiliary_handler.py +408 -0
  111. souleyez/handlers/msf_exploit_handler.py +380 -0
  112. souleyez/handlers/nikto_handler.py +413 -0
  113. souleyez/handlers/nmap_handler.py +821 -0
  114. souleyez/handlers/nuclei_handler.py +359 -0
  115. souleyez/handlers/nxc_handler.py +371 -0
  116. souleyez/handlers/rdp_sec_check_handler.py +353 -0
  117. souleyez/handlers/registry.py +292 -0
  118. souleyez/handlers/responder_handler.py +232 -0
  119. souleyez/handlers/service_explorer_handler.py +434 -0
  120. souleyez/handlers/smbclient_handler.py +344 -0
  121. souleyez/handlers/smbmap_handler.py +510 -0
  122. souleyez/handlers/smbpasswd_handler.py +296 -0
  123. souleyez/handlers/sqlmap_handler.py +1116 -0
  124. souleyez/handlers/theharvester_handler.py +601 -0
  125. souleyez/handlers/web_login_test_handler.py +327 -0
  126. souleyez/handlers/whois_handler.py +277 -0
  127. souleyez/handlers/wpscan_handler.py +554 -0
  128. souleyez/history.py +32 -16
  129. souleyez/importers/msf_importer.py +106 -75
  130. souleyez/importers/smart_importer.py +208 -147
  131. souleyez/integrations/siem/__init__.py +10 -10
  132. souleyez/integrations/siem/base.py +17 -18
  133. souleyez/integrations/siem/elastic.py +108 -122
  134. souleyez/integrations/siem/factory.py +207 -80
  135. souleyez/integrations/siem/googlesecops.py +146 -154
  136. souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
  137. souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
  138. souleyez/integrations/siem/sentinel.py +107 -109
  139. souleyez/integrations/siem/splunk.py +246 -212
  140. souleyez/integrations/siem/wazuh.py +65 -71
  141. souleyez/integrations/wazuh/__init__.py +5 -5
  142. souleyez/integrations/wazuh/client.py +70 -93
  143. souleyez/integrations/wazuh/config.py +85 -57
  144. souleyez/integrations/wazuh/host_mapper.py +28 -36
  145. souleyez/integrations/wazuh/sync.py +78 -68
  146. souleyez/intelligence/__init__.py +4 -5
  147. souleyez/intelligence/correlation_analyzer.py +309 -295
  148. souleyez/intelligence/exploit_knowledge.py +661 -623
  149. souleyez/intelligence/exploit_suggestions.py +159 -139
  150. souleyez/intelligence/gap_analyzer.py +132 -97
  151. souleyez/intelligence/gap_detector.py +251 -214
  152. souleyez/intelligence/sensitive_tables.py +266 -129
  153. souleyez/intelligence/service_parser.py +137 -123
  154. souleyez/intelligence/surface_analyzer.py +407 -268
  155. souleyez/intelligence/target_parser.py +159 -162
  156. souleyez/licensing/__init__.py +6 -6
  157. souleyez/licensing/validator.py +17 -19
  158. souleyez/log_config.py +79 -54
  159. souleyez/main.py +1505 -687
  160. souleyez/migrations/fix_job_counter.py +16 -14
  161. souleyez/parsers/bloodhound_parser.py +41 -39
  162. souleyez/parsers/crackmapexec_parser.py +178 -111
  163. souleyez/parsers/dalfox_parser.py +72 -77
  164. souleyez/parsers/dnsrecon_parser.py +103 -91
  165. souleyez/parsers/enum4linux_parser.py +183 -153
  166. souleyez/parsers/ffuf_parser.py +29 -25
  167. souleyez/parsers/gobuster_parser.py +301 -41
  168. souleyez/parsers/hashcat_parser.py +324 -79
  169. souleyez/parsers/http_fingerprint_parser.py +350 -103
  170. souleyez/parsers/hydra_parser.py +131 -111
  171. souleyez/parsers/impacket_parser.py +231 -178
  172. souleyez/parsers/john_parser.py +98 -86
  173. souleyez/parsers/katana_parser.py +316 -0
  174. souleyez/parsers/msf_parser.py +943 -498
  175. souleyez/parsers/nikto_parser.py +346 -65
  176. souleyez/parsers/nmap_parser.py +262 -174
  177. souleyez/parsers/nuclei_parser.py +40 -44
  178. souleyez/parsers/responder_parser.py +26 -26
  179. souleyez/parsers/searchsploit_parser.py +74 -74
  180. souleyez/parsers/service_explorer_parser.py +279 -0
  181. souleyez/parsers/smbmap_parser.py +180 -124
  182. souleyez/parsers/sqlmap_parser.py +434 -308
  183. souleyez/parsers/theharvester_parser.py +75 -57
  184. souleyez/parsers/whois_parser.py +135 -94
  185. souleyez/parsers/wpscan_parser.py +278 -190
  186. souleyez/plugins/afp.py +44 -36
  187. souleyez/plugins/afp_brute.py +114 -46
  188. souleyez/plugins/ard.py +48 -37
  189. souleyez/plugins/bloodhound.py +95 -61
  190. souleyez/plugins/certipy.py +303 -0
  191. souleyez/plugins/crackmapexec.py +186 -85
  192. souleyez/plugins/dalfox.py +120 -59
  193. souleyez/plugins/dns_hijack.py +146 -41
  194. souleyez/plugins/dnsrecon.py +97 -61
  195. souleyez/plugins/enum4linux.py +91 -66
  196. souleyez/plugins/evil_winrm.py +291 -0
  197. souleyez/plugins/ffuf.py +166 -90
  198. souleyez/plugins/firmware_extract.py +133 -29
  199. souleyez/plugins/gobuster.py +387 -190
  200. souleyez/plugins/gpp_extract.py +393 -0
  201. souleyez/plugins/hashcat.py +100 -73
  202. souleyez/plugins/http_fingerprint.py +854 -267
  203. souleyez/plugins/hydra.py +566 -200
  204. souleyez/plugins/impacket_getnpusers.py +117 -69
  205. souleyez/plugins/impacket_psexec.py +84 -64
  206. souleyez/plugins/impacket_secretsdump.py +103 -69
  207. souleyez/plugins/impacket_smbclient.py +89 -75
  208. souleyez/plugins/john.py +86 -69
  209. souleyez/plugins/katana.py +313 -0
  210. souleyez/plugins/kerbrute.py +237 -0
  211. souleyez/plugins/lfi_extract.py +541 -0
  212. souleyez/plugins/macos_ssh.py +117 -48
  213. souleyez/plugins/mdns.py +35 -30
  214. souleyez/plugins/msf_auxiliary.py +253 -130
  215. souleyez/plugins/msf_exploit.py +239 -161
  216. souleyez/plugins/nikto.py +134 -78
  217. souleyez/plugins/nmap.py +275 -91
  218. souleyez/plugins/nuclei.py +180 -89
  219. souleyez/plugins/nxc.py +285 -0
  220. souleyez/plugins/plugin_base.py +35 -36
  221. souleyez/plugins/plugin_template.py +13 -5
  222. souleyez/plugins/rdp_sec_check.py +130 -0
  223. souleyez/plugins/responder.py +112 -71
  224. souleyez/plugins/router_http_brute.py +76 -65
  225. souleyez/plugins/router_ssh_brute.py +118 -41
  226. souleyez/plugins/router_telnet_brute.py +124 -42
  227. souleyez/plugins/routersploit.py +91 -59
  228. souleyez/plugins/routersploit_exploit.py +77 -55
  229. souleyez/plugins/searchsploit.py +91 -77
  230. souleyez/plugins/service_explorer.py +1160 -0
  231. souleyez/plugins/smbmap.py +122 -72
  232. souleyez/plugins/smbpasswd.py +215 -0
  233. souleyez/plugins/sqlmap.py +301 -113
  234. souleyez/plugins/theharvester.py +127 -75
  235. souleyez/plugins/tr069.py +79 -57
  236. souleyez/plugins/upnp.py +65 -47
  237. souleyez/plugins/upnp_abuse.py +73 -55
  238. souleyez/plugins/vnc_access.py +129 -42
  239. souleyez/plugins/vnc_brute.py +109 -38
  240. souleyez/plugins/web_login_test.py +417 -0
  241. souleyez/plugins/whois.py +77 -58
  242. souleyez/plugins/wpscan.py +173 -69
  243. souleyez/reporting/__init__.py +2 -1
  244. souleyez/reporting/attack_chain.py +411 -346
  245. souleyez/reporting/charts.py +436 -501
  246. souleyez/reporting/compliance_mappings.py +334 -201
  247. souleyez/reporting/detection_report.py +126 -125
  248. souleyez/reporting/formatters.py +828 -591
  249. souleyez/reporting/generator.py +386 -302
  250. souleyez/reporting/metrics.py +72 -75
  251. souleyez/scanner.py +35 -29
  252. souleyez/security/__init__.py +37 -11
  253. souleyez/security/scope_validator.py +175 -106
  254. souleyez/security/validation.py +223 -149
  255. souleyez/security.py +22 -6
  256. souleyez/storage/credentials.py +247 -186
  257. souleyez/storage/crypto.py +296 -129
  258. souleyez/storage/database.py +73 -50
  259. souleyez/storage/db.py +58 -36
  260. souleyez/storage/deliverable_evidence.py +177 -128
  261. souleyez/storage/deliverable_exporter.py +282 -246
  262. souleyez/storage/deliverable_templates.py +134 -116
  263. souleyez/storage/deliverables.py +135 -130
  264. souleyez/storage/engagements.py +109 -56
  265. souleyez/storage/evidence.py +181 -152
  266. souleyez/storage/execution_log.py +31 -17
  267. souleyez/storage/exploit_attempts.py +93 -57
  268. souleyez/storage/exploits.py +67 -36
  269. souleyez/storage/findings.py +48 -61
  270. souleyez/storage/hosts.py +176 -144
  271. souleyez/storage/migrate_to_engagements.py +43 -19
  272. souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
  273. souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
  274. souleyez/storage/migrations/_003_add_execution_log.py +14 -8
  275. souleyez/storage/migrations/_005_screenshots.py +13 -5
  276. souleyez/storage/migrations/_006_deliverables.py +13 -5
  277. souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
  278. souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
  279. souleyez/storage/migrations/_010_evidence_linking.py +17 -10
  280. souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
  281. souleyez/storage/migrations/_012_team_collaboration.py +34 -21
  282. souleyez/storage/migrations/_013_add_host_tags.py +12 -6
  283. souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
  284. souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
  285. souleyez/storage/migrations/_016_add_domain_field.py +10 -4
  286. souleyez/storage/migrations/_017_msf_sessions.py +16 -8
  287. souleyez/storage/migrations/_018_add_osint_target.py +10 -6
  288. souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
  289. souleyez/storage/migrations/_020_add_rbac.py +36 -15
  290. souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
  291. souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
  292. souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
  293. souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
  294. souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
  295. souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
  296. souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
  297. souleyez/storage/migrations/__init__.py +26 -26
  298. souleyez/storage/migrations/migration_manager.py +19 -19
  299. souleyez/storage/msf_sessions.py +100 -65
  300. souleyez/storage/osint.py +17 -24
  301. souleyez/storage/recommendation_engine.py +269 -235
  302. souleyez/storage/screenshots.py +33 -32
  303. souleyez/storage/smb_shares.py +136 -92
  304. souleyez/storage/sqlmap_data.py +183 -128
  305. souleyez/storage/team_collaboration.py +135 -141
  306. souleyez/storage/timeline_tracker.py +122 -94
  307. souleyez/storage/wazuh_vulns.py +64 -66
  308. souleyez/storage/web_paths.py +33 -37
  309. souleyez/testing/credential_tester.py +221 -205
  310. souleyez/ui/__init__.py +1 -1
  311. souleyez/ui/ai_quotes.py +12 -12
  312. souleyez/ui/attack_surface.py +2439 -1516
  313. souleyez/ui/chain_rules_view.py +914 -382
  314. souleyez/ui/correlation_view.py +312 -230
  315. souleyez/ui/dashboard.py +2382 -1130
  316. souleyez/ui/deliverables_view.py +148 -62
  317. souleyez/ui/design_system.py +13 -13
  318. souleyez/ui/errors.py +49 -49
  319. souleyez/ui/evidence_linking_view.py +284 -179
  320. souleyez/ui/evidence_vault.py +393 -285
  321. souleyez/ui/exploit_suggestions_view.py +555 -349
  322. souleyez/ui/export_view.py +100 -66
  323. souleyez/ui/gap_analysis_view.py +315 -171
  324. souleyez/ui/help_system.py +105 -97
  325. souleyez/ui/intelligence_view.py +436 -293
  326. souleyez/ui/interactive.py +22827 -10678
  327. souleyez/ui/interactive_selector.py +75 -68
  328. souleyez/ui/log_formatter.py +47 -39
  329. souleyez/ui/menu_components.py +22 -13
  330. souleyez/ui/msf_auxiliary_menu.py +184 -133
  331. souleyez/ui/pending_chains_view.py +336 -172
  332. souleyez/ui/progress_indicators.py +5 -3
  333. souleyez/ui/recommendations_view.py +195 -137
  334. souleyez/ui/rule_builder.py +343 -225
  335. souleyez/ui/setup_wizard.py +678 -284
  336. souleyez/ui/shortcuts.py +217 -165
  337. souleyez/ui/splunk_gap_analysis_view.py +452 -270
  338. souleyez/ui/splunk_vulns_view.py +139 -86
  339. souleyez/ui/team_dashboard.py +498 -335
  340. souleyez/ui/template_selector.py +196 -105
  341. souleyez/ui/terminal.py +6 -6
  342. souleyez/ui/timeline_view.py +198 -127
  343. souleyez/ui/tool_setup.py +264 -164
  344. souleyez/ui/tutorial.py +202 -72
  345. souleyez/ui/tutorial_state.py +40 -40
  346. souleyez/ui/wazuh_vulns_view.py +235 -141
  347. souleyez/ui/wordlist_browser.py +260 -107
  348. souleyez/ui.py +464 -312
  349. souleyez/utils/tool_checker.py +427 -367
  350. souleyez/utils.py +33 -29
  351. souleyez/wordlists.py +134 -167
  352. {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/METADATA +1 -1
  353. souleyez-2.43.34.dist-info/RECORD +443 -0
  354. {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/WHEEL +1 -1
  355. souleyez-2.43.29.dist-info/RECORD +0 -379
  356. {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/entry_points.txt +0 -0
  357. {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/licenses/LICENSE +0 -0
  358. {souleyez-2.43.29.dist-info → souleyez-2.43.34.dist-info}/top_level.txt +0 -0
souleyez/handlers/nxc_handler.py ADDED
@@ -0,0 +1,371 @@
1
+ #!/usr/bin/env python3
2
+ """
3
+ Handler for NetExec (nxc) - successor to CrackMapExec.
4
+ Parses shares, credentials, and authentication results.
5
+ """
6
+ import logging
7
+ import os
8
+ import re
9
+ from typing import Any, Dict, Optional
10
+
11
+ from souleyez.handlers.base import BaseToolHandler
12
+
13
+ logger = logging.getLogger(__name__)
14
+
15
+ STATUS_DONE = "done"
16
+ STATUS_ERROR = "error"
17
+ STATUS_WARNING = "warning"
18
+ STATUS_NO_RESULTS = "no_results"
19
+
20
+
21
+ class NxcHandler(BaseToolHandler):
22
+ """Handler for NetExec SMB/WinRM/etc enumeration."""
23
+
24
+ tool_name = "nxc"
25
+ display_name = "NetExec"
26
+
27
+ has_error_handler = True
28
+ has_warning_handler = True
29
+ has_no_results_handler = True
30
+ has_done_handler = True
31
+
32
+ # Patterns for parsing
33
+ SHARE_PATTERN = r"^\s*(\S+)\s+(READ|WRITE|READ,WRITE|NO ACCESS)\s*(.*)$"
34
+ VALID_CRED_PATTERN = r"\[\+\]\s+(\S+)\\([^:]+):([^\s]+)"
35
+ PWNED_PATTERN = r"\(Pwn3d!\)"
36
+
37
+ def parse_job(
38
+ self,
39
+ engagement_id: int,
40
+ log_path: str,
41
+ job: Dict[str, Any],
42
+ host_manager: Optional[Any] = None,
43
+ findings_manager: Optional[Any] = None,
44
+ credentials_manager: Optional[Any] = None,
45
+ ) -> Dict[str, Any]:
46
+ """Parse nxc results."""
47
+ try:
48
+ target = job.get("target", "")
49
+ if not log_path or not os.path.exists(log_path):
50
+ return {
51
+ "tool": "nxc",
52
+ "status": STATUS_ERROR,
53
+ "error": "Log file not found",
54
+ }
55
+
56
+ with open(log_path, "r", encoding="utf-8", errors="replace") as f:
57
+ log_content = f.read()
58
+
59
+ # Strip ANSI codes
60
+ log_content = re.sub(r"\x1b\[[0-9;]*m", "", log_content)
61
+
62
+ shares = []
63
+ readable_shares = []
64
+ writable_shares = []
65
+ credentials = []
66
+ expired_credentials = [] # Credentials that need password change
67
+ is_pwned = False
68
+ domain = ""
69
+ hostname = ""
70
+
71
+ # Parse domain/hostname from banner
72
+ # Format: SMB 10.129.234.72 445 DC [*] Windows Server 2022 (name:DC) (domain:baby2.vl)
73
+ banner_match = re.search(
74
+ r"\(name:([^)]+)\).*\(domain:([^)]+)\)", log_content
75
+ )
76
+ if banner_match:
77
+ hostname = banner_match.group(1)
78
+ domain = banner_match.group(2)
79
+
80
+ # Check for Pwn3d
81
+ if re.search(self.PWNED_PATTERN, log_content):
82
+ is_pwned = True
83
+
84
+ # Parse valid credentials
85
+ # Format: [+] baby2.vl\Carl.Moore:Carl.Moore
86
+ for match in re.finditer(self.VALID_CRED_PATTERN, log_content):
87
+ domain_part = match.group(1)
88
+ username = match.group(2)
89
+ password = match.group(3)
90
+
91
+ cred = {
92
+ "username": username,
93
+ "password": password,
94
+ "domain": domain_part,
95
+ "service": "smb",
96
+ "status": "valid",
97
+ }
98
+ credentials.append(cred)
99
+
100
+ # Store in database
101
+ if credentials_manager and host_manager:
102
+ try:
103
+ host = host_manager.get_host_by_ip(engagement_id, target)
104
+ if host:
105
+ credentials_manager.add_credential(
106
+ engagement_id=engagement_id,
107
+ host_id=host["id"],
108
+ username=username,
109
+ password=password,
110
+ service="smb",
111
+ credential_type="password",
112
+ tool="nxc",
113
+ status="valid",
114
+ )
115
+ logger.warning(
116
+ f"CREDENTIAL FOUND: {domain_part}\\{username}:{password}"
117
+ )
118
+ except Exception as e:
119
+ logger.debug(f"Could not store credential: {e}")
120
+
121
+ # Parse expired credentials (STATUS_PASSWORD_MUST_CHANGE)
122
+ # Format: [-] baby.vl\Caroline.Robinson:BabyStart123! STATUS_PASSWORD_MUST_CHANGE
123
+ expired_pattern = (
124
+ r"\[-\]\s+(\S+)\\([^:]+):(\S+)\s+STATUS_PASSWORD_MUST_CHANGE"
125
+ )
126
+ for match in re.finditer(expired_pattern, log_content):
127
+ domain_part = match.group(1)
128
+ username = match.group(2)
129
+ password = match.group(3)
130
+
131
+ cred = {
132
+ "username": username,
133
+ "password": password,
134
+ "domain": domain_part,
135
+ "service": "smb",
136
+ "status": "expired",
137
+ }
138
+ expired_credentials.append(cred)
139
+
140
+ # Store in database with expired status
141
+ if credentials_manager and host_manager:
142
+ try:
143
+ host = host_manager.get_host_by_ip(engagement_id, target)
144
+ if host:
145
+ credentials_manager.add_credential(
146
+ engagement_id=engagement_id,
147
+ host_id=host["id"],
148
+ username=username,
149
+ password=password,
150
+ service="smb",
151
+ credential_type="password",
152
+ tool="nxc",
153
+ status="expired",
154
+ )
155
+ logger.warning(
156
+ f"EXPIRED CREDENTIAL FOUND: {domain_part}\\{username}:{password} - PASSWORD MUST CHANGE"
157
+ )
158
+ except Exception as e:
159
+ logger.debug(f"Could not store expired credential: {e}")
160
+
161
+ # Parse shares
162
+ # nxc format: SMB IP PORT HOST ShareName Permissions Remark
163
+ # Example: SMB 10.129.234.72 445 DC homes READ,WRITE
164
+ share_section = False
165
+ for line in log_content.split("\n"):
166
+ if "Enumerated shares" in line:
167
+ share_section = True
168
+ continue
169
+ if share_section and line.strip():
170
+ # Skip header and separator lines
171
+ if "Share" in line and "Permissions" in line and "Remark" in line:
172
+ continue
173
+ if "-----" in line:
174
+ continue
175
+ # Stop at completion marker
176
+ if "=== Completed" in line or "Exit Code" in line:
177
+ break
178
+
179
+ # nxc output has: SMB IP PORT HOST ShareName Permissions Comment
180
+ # Parse by splitting on whitespace and extracting after the hostname
181
+ parts = line.split()
182
+ if len(parts) >= 5 and parts[0] == "SMB":
183
+ # Find the share name - it's after the hostname (4th column)
184
+ # Format: SMB IP PORT HOSTNAME SHARENAME [PERMISSIONS] [COMMENT...]
185
+ # Index: 0 1 2 3 4 5 6+
186
+ share_name = parts[4] if len(parts) > 4 else ""
187
+
188
+ # Skip metadata lines
189
+ if not share_name or share_name in [
190
+ "[*]",
191
+ "[+]",
192
+ "[-]",
193
+ "Share",
194
+ ]:
195
+ continue
196
+
197
+ # Permissions (if present) - look for READ, WRITE, READ,WRITE
198
+ perms = ""
199
+ comment = ""
200
+ if len(parts) > 5:
201
+ # Check if 5th element is a permission
202
+ if parts[5] in ["READ", "WRITE", "READ,WRITE"]:
203
+ perms = parts[5]
204
+ comment = " ".join(parts[6:]) if len(parts) > 6 else ""
205
+ else:
206
+ # No permissions, rest is comment
207
+ comment = " ".join(parts[5:])
208
+
209
+ share = {
210
+ "name": share_name,
211
+ "permissions": perms,
212
+ "comment": comment,
213
+ }
214
+ shares.append(share)
215
+
216
+ if "READ" in perms:
217
+ readable_shares.append(share)
218
+ if "WRITE" in perms:
219
+ writable_shares.append(share)
220
+
221
+ # Determine status
222
+ # Check for transient errors first (should trigger retry)
223
+ transient_errors = [
224
+ "NetBIOSTimeout",
225
+ "connection timed out",
226
+ "Connection reset",
227
+ ]
228
+ has_transient_error = any(
229
+ err.lower() in log_content.lower() for err in transient_errors
230
+ )
231
+
232
+ if credentials:
233
+ status = STATUS_DONE
234
+ elif expired_credentials:
235
+ status = STATUS_WARNING # Expired creds need attention
236
+ elif shares:
237
+ status = STATUS_DONE
238
+ elif has_transient_error:
239
+ status = STATUS_WARNING # Transient error - may be retried
240
+ elif (
241
+ "STATUS_LOGON_FAILURE" in log_content
242
+ or "STATUS_ACCESS_DENIED" in log_content
243
+ ):
244
+ status = STATUS_NO_RESULTS
245
+ else:
246
+ status = STATUS_NO_RESULTS
247
+
248
+ # Build summary
249
+ summary_parts = []
250
+ if credentials:
251
+ summary_parts.append(f"{len(credentials)} valid credential(s)")
252
+ if expired_credentials:
253
+ summary_parts.append(
254
+ f"{len(expired_credentials)} expired credential(s)"
255
+ )
256
+ if is_pwned:
257
+ summary_parts.append("PWNED!")
258
+ if shares:
259
+ summary_parts.append(
260
+ f"{len(shares)} shares ({len(readable_shares)} readable, {len(writable_shares)} writable)"
261
+ )
262
+ summary = " | ".join(summary_parts) if summary_parts else "No findings"
263
+
264
+ result = {
265
+ "tool": "nxc",
266
+ "status": status,
267
+ "target": target,
268
+ "domain": domain,
269
+ "hostname": hostname,
270
+ "shares": shares,
271
+ "readable_shares": readable_shares,
272
+ "writable_shares": writable_shares,
273
+ "credentials": credentials,
274
+ "expired_credentials": expired_credentials,
275
+ "is_pwned": is_pwned,
276
+ "summary": summary,
277
+ }
278
+
279
+ if credentials:
280
+ logger.info(f"nxc: Found {len(credentials)} valid credential(s)")
281
+ if expired_credentials:
282
+ logger.warning(
283
+ f"nxc: Found {len(expired_credentials)} EXPIRED credential(s) - password change required!"
284
+ )
285
+ if shares:
286
+ logger.info(
287
+ f"nxc: Found {len(shares)} share(s) ({len(readable_shares)} readable, {len(writable_shares)} writable)"
288
+ )
289
+
290
+ return result
291
+
292
+ except Exception as e:
293
+ logger.error(f"Error parsing nxc job: {e}")
294
+ return {"tool": "nxc", "status": STATUS_ERROR, "error": str(e)}
295
+
296
+ def display_done(
297
+ self,
298
+ job: Dict[str, Any],
299
+ log_path: str,
300
+ show_all: bool = False,
301
+ show_passwords: bool = False,
302
+ ) -> None:
303
+ """Display successful nxc results."""
304
+ import click
305
+
306
+ parse_result = job.get("parse_result", {})
307
+
308
+ domain = parse_result.get("domain", "")
309
+ hostname = parse_result.get("hostname", "")
310
+ shares = parse_result.get("shares", [])
311
+ credentials = parse_result.get("credentials", [])
312
+ expired_credentials = parse_result.get("expired_credentials", [])
313
+ is_pwned = parse_result.get("is_pwned", False)
314
+ target = parse_result.get("target", "")
315
+
316
+ if domain or hostname:
317
+ click.echo(
318
+ f" Target: {hostname}.{domain}" if hostname else f" Domain: {domain}"
319
+ )
320
+
321
+ if is_pwned:
322
+ click.secho(" [!] Pwn3d! - Admin access achieved", fg="red", bold=True)
323
+
324
+ if credentials:
325
+ click.secho(
326
+ f"\n Valid Credentials ({len(credentials)}):", fg="green", bold=True
327
+ )
328
+ for cred in credentials:
329
+ domain_part = cred.get("domain", "")
330
+ username = cred.get("username", "")
331
+ password = cred.get("password", "") if show_passwords else "********"
332
+ click.echo(f" {domain_part}\\{username}:{password}")
333
+
334
+ if expired_credentials:
335
+ click.secho(
336
+ f"\n Expired Credentials ({len(expired_credentials)}):",
337
+ fg="yellow",
338
+ bold=True,
339
+ )
340
+ click.secho(" [!] Password must be changed before use!", fg="yellow")
341
+ for cred in expired_credentials:
342
+ domain_part = cred.get("domain", "")
343
+ username = cred.get("username", "")
344
+ password = cred.get("password", "") if show_passwords else "********"
345
+ click.echo(f" {domain_part}\\{username}:{password}")
346
+ click.secho(f"\n To change password, run:", fg="cyan")
347
+ for cred in expired_credentials:
348
+ domain_part = cred.get("domain", "")
349
+ username = cred.get("username", "")
350
+ click.echo(
351
+ f" smbpasswd -U {domain_part}/{username} -r {target or domain}"
352
+ )
353
+
354
+ if shares:
355
+ click.secho(f"\n Shares ({len(shares)}):", fg="cyan", bold=True)
356
+ for share in shares:
357
+ name = share.get("name", "")
358
+ perms = share.get("permissions", "")
359
+ comment = share.get("comment", "")
360
+
361
+ # Color based on permissions
362
+ if "WRITE" in perms:
363
+ click.secho(f" {name:20} {perms:15} {comment}", fg="yellow")
364
+ elif "READ" in perms:
365
+ click.secho(f" {name:20} {perms:15} {comment}", fg="green")
366
+ else:
367
+ click.echo(f" {name:20} {perms:15} {comment}")
368
+
369
+
370
+ # Register handler
371
+ handler = NxcHandler()