souleyez 2.43.29__py3-none-any.whl → 3.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (358) hide show
  1. souleyez/__init__.py +1 -2
  2. souleyez/ai/__init__.py +21 -15
  3. souleyez/ai/action_mapper.py +249 -150
  4. souleyez/ai/chain_advisor.py +116 -100
  5. souleyez/ai/claude_provider.py +29 -28
  6. souleyez/ai/context_builder.py +80 -62
  7. souleyez/ai/executor.py +158 -117
  8. souleyez/ai/feedback_handler.py +136 -121
  9. souleyez/ai/llm_factory.py +27 -20
  10. souleyez/ai/llm_provider.py +4 -2
  11. souleyez/ai/ollama_provider.py +6 -9
  12. souleyez/ai/ollama_service.py +44 -37
  13. souleyez/ai/path_scorer.py +91 -76
  14. souleyez/ai/recommender.py +176 -144
  15. souleyez/ai/report_context.py +74 -73
  16. souleyez/ai/report_service.py +84 -66
  17. souleyez/ai/result_parser.py +222 -229
  18. souleyez/ai/safety.py +67 -44
  19. souleyez/auth/__init__.py +23 -22
  20. souleyez/auth/audit.py +36 -26
  21. souleyez/auth/engagement_access.py +65 -48
  22. souleyez/auth/permissions.py +14 -3
  23. souleyez/auth/session_manager.py +54 -37
  24. souleyez/auth/user_manager.py +109 -64
  25. souleyez/commands/audit.py +40 -43
  26. souleyez/commands/auth.py +35 -15
  27. souleyez/commands/deliverables.py +55 -50
  28. souleyez/commands/engagement.py +47 -28
  29. souleyez/commands/license.py +32 -23
  30. souleyez/commands/screenshots.py +36 -32
  31. souleyez/commands/user.py +82 -36
  32. souleyez/config.py +52 -44
  33. souleyez/core/credential_tester.py +87 -81
  34. souleyez/core/cve_mappings.py +179 -192
  35. souleyez/core/cve_matcher.py +162 -148
  36. souleyez/core/msf_auto_mapper.py +100 -83
  37. souleyez/core/msf_chain_engine.py +294 -256
  38. souleyez/core/msf_database.py +153 -70
  39. souleyez/core/msf_integration.py +679 -673
  40. souleyez/core/msf_rpc_client.py +40 -42
  41. souleyez/core/msf_rpc_manager.py +77 -79
  42. souleyez/core/msf_sync_manager.py +241 -181
  43. souleyez/core/network_utils.py +22 -15
  44. souleyez/core/parser_handler.py +34 -25
  45. souleyez/core/pending_chains.py +114 -63
  46. souleyez/core/templates.py +158 -107
  47. souleyez/core/tool_chaining.py +9564 -2881
  48. souleyez/core/version_utils.py +79 -94
  49. souleyez/core/vuln_correlation.py +136 -89
  50. souleyez/core/web_utils.py +33 -32
  51. souleyez/data/wordlists/ad_users.txt +378 -0
  52. souleyez/data/wordlists/api_endpoints_large.txt +769 -0
  53. souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
  54. souleyez/data/wordlists/lfi_payloads.txt +82 -0
  55. souleyez/data/wordlists/passwords_brute.txt +1548 -0
  56. souleyez/data/wordlists/passwords_crack.txt +2479 -0
  57. souleyez/data/wordlists/passwords_spray.txt +386 -0
  58. souleyez/data/wordlists/subdomains_large.txt +5057 -0
  59. souleyez/data/wordlists/usernames_common.txt +694 -0
  60. souleyez/data/wordlists/web_dirs_large.txt +4769 -0
  61. souleyez/detection/__init__.py +1 -1
  62. souleyez/detection/attack_signatures.py +12 -17
  63. souleyez/detection/mitre_mappings.py +61 -55
  64. souleyez/detection/validator.py +97 -86
  65. souleyez/devtools.py +23 -10
  66. souleyez/docs/README.md +4 -4
  67. souleyez/docs/api-reference/cli-commands.md +2 -2
  68. souleyez/docs/developer-guide/adding-new-tools.md +562 -0
  69. souleyez/docs/user-guide/auto-chaining.md +30 -8
  70. souleyez/docs/user-guide/getting-started.md +1 -1
  71. souleyez/docs/user-guide/installation.md +26 -3
  72. souleyez/docs/user-guide/metasploit-integration.md +2 -2
  73. souleyez/docs/user-guide/rbac.md +1 -1
  74. souleyez/docs/user-guide/scope-management.md +1 -1
  75. souleyez/docs/user-guide/siem-integration.md +1 -1
  76. souleyez/docs/user-guide/tools-reference.md +1 -8
  77. souleyez/docs/user-guide/worker-management.md +1 -1
  78. souleyez/engine/background.py +1239 -535
  79. souleyez/engine/base.py +4 -1
  80. souleyez/engine/job_status.py +17 -49
  81. souleyez/engine/log_sanitizer.py +103 -77
  82. souleyez/engine/manager.py +38 -7
  83. souleyez/engine/result_handler.py +2200 -1550
  84. souleyez/engine/worker_manager.py +50 -41
  85. souleyez/export/evidence_bundle.py +72 -62
  86. souleyez/feature_flags/features.py +16 -20
  87. souleyez/feature_flags.py +5 -9
  88. souleyez/handlers/__init__.py +11 -0
  89. souleyez/handlers/base.py +188 -0
  90. souleyez/handlers/bash_handler.py +277 -0
  91. souleyez/handlers/bloodhound_handler.py +243 -0
  92. souleyez/handlers/certipy_handler.py +311 -0
  93. souleyez/handlers/crackmapexec_handler.py +486 -0
  94. souleyez/handlers/dnsrecon_handler.py +344 -0
  95. souleyez/handlers/enum4linux_handler.py +400 -0
  96. souleyez/handlers/evil_winrm_handler.py +493 -0
  97. souleyez/handlers/ffuf_handler.py +815 -0
  98. souleyez/handlers/gobuster_handler.py +1114 -0
  99. souleyez/handlers/gpp_extract_handler.py +334 -0
  100. souleyez/handlers/hashcat_handler.py +444 -0
  101. souleyez/handlers/hydra_handler.py +564 -0
  102. souleyez/handlers/impacket_getuserspns_handler.py +343 -0
  103. souleyez/handlers/impacket_psexec_handler.py +222 -0
  104. souleyez/handlers/impacket_secretsdump_handler.py +426 -0
  105. souleyez/handlers/john_handler.py +286 -0
  106. souleyez/handlers/katana_handler.py +425 -0
  107. souleyez/handlers/kerbrute_handler.py +298 -0
  108. souleyez/handlers/ldapsearch_handler.py +636 -0
  109. souleyez/handlers/lfi_extract_handler.py +464 -0
  110. souleyez/handlers/msf_auxiliary_handler.py +409 -0
  111. souleyez/handlers/msf_exploit_handler.py +380 -0
  112. souleyez/handlers/nikto_handler.py +413 -0
  113. souleyez/handlers/nmap_handler.py +821 -0
  114. souleyez/handlers/nuclei_handler.py +359 -0
  115. souleyez/handlers/nxc_handler.py +417 -0
  116. souleyez/handlers/rdp_sec_check_handler.py +353 -0
  117. souleyez/handlers/registry.py +292 -0
  118. souleyez/handlers/responder_handler.py +232 -0
  119. souleyez/handlers/service_explorer_handler.py +434 -0
  120. souleyez/handlers/smbclient_handler.py +344 -0
  121. souleyez/handlers/smbmap_handler.py +510 -0
  122. souleyez/handlers/smbpasswd_handler.py +296 -0
  123. souleyez/handlers/sqlmap_handler.py +1116 -0
  124. souleyez/handlers/theharvester_handler.py +601 -0
  125. souleyez/handlers/web_login_test_handler.py +327 -0
  126. souleyez/handlers/whois_handler.py +277 -0
  127. souleyez/handlers/wpscan_handler.py +554 -0
  128. souleyez/history.py +32 -16
  129. souleyez/importers/msf_importer.py +106 -75
  130. souleyez/importers/smart_importer.py +208 -147
  131. souleyez/integrations/siem/__init__.py +10 -10
  132. souleyez/integrations/siem/base.py +17 -18
  133. souleyez/integrations/siem/elastic.py +108 -122
  134. souleyez/integrations/siem/factory.py +207 -80
  135. souleyez/integrations/siem/googlesecops.py +146 -154
  136. souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
  137. souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
  138. souleyez/integrations/siem/sentinel.py +107 -109
  139. souleyez/integrations/siem/splunk.py +246 -212
  140. souleyez/integrations/siem/wazuh.py +65 -71
  141. souleyez/integrations/wazuh/__init__.py +5 -5
  142. souleyez/integrations/wazuh/client.py +70 -93
  143. souleyez/integrations/wazuh/config.py +85 -57
  144. souleyez/integrations/wazuh/host_mapper.py +28 -36
  145. souleyez/integrations/wazuh/sync.py +78 -68
  146. souleyez/intelligence/__init__.py +4 -5
  147. souleyez/intelligence/correlation_analyzer.py +309 -295
  148. souleyez/intelligence/exploit_knowledge.py +661 -623
  149. souleyez/intelligence/exploit_suggestions.py +159 -139
  150. souleyez/intelligence/gap_analyzer.py +132 -97
  151. souleyez/intelligence/gap_detector.py +251 -214
  152. souleyez/intelligence/sensitive_tables.py +266 -129
  153. souleyez/intelligence/service_parser.py +137 -123
  154. souleyez/intelligence/surface_analyzer.py +407 -268
  155. souleyez/intelligence/target_parser.py +159 -162
  156. souleyez/licensing/__init__.py +6 -6
  157. souleyez/licensing/validator.py +17 -19
  158. souleyez/log_config.py +79 -54
  159. souleyez/main.py +1505 -687
  160. souleyez/migrations/fix_job_counter.py +16 -14
  161. souleyez/parsers/bloodhound_parser.py +41 -39
  162. souleyez/parsers/crackmapexec_parser.py +178 -111
  163. souleyez/parsers/dalfox_parser.py +72 -77
  164. souleyez/parsers/dnsrecon_parser.py +103 -91
  165. souleyez/parsers/enum4linux_parser.py +183 -153
  166. souleyez/parsers/ffuf_parser.py +29 -25
  167. souleyez/parsers/gobuster_parser.py +301 -41
  168. souleyez/parsers/hashcat_parser.py +324 -79
  169. souleyez/parsers/http_fingerprint_parser.py +350 -103
  170. souleyez/parsers/hydra_parser.py +131 -111
  171. souleyez/parsers/impacket_parser.py +231 -178
  172. souleyez/parsers/john_parser.py +98 -86
  173. souleyez/parsers/katana_parser.py +316 -0
  174. souleyez/parsers/msf_parser.py +943 -498
  175. souleyez/parsers/nikto_parser.py +346 -65
  176. souleyez/parsers/nmap_parser.py +262 -174
  177. souleyez/parsers/nuclei_parser.py +40 -44
  178. souleyez/parsers/responder_parser.py +26 -26
  179. souleyez/parsers/searchsploit_parser.py +74 -74
  180. souleyez/parsers/service_explorer_parser.py +279 -0
  181. souleyez/parsers/smbmap_parser.py +180 -124
  182. souleyez/parsers/sqlmap_parser.py +434 -308
  183. souleyez/parsers/theharvester_parser.py +75 -57
  184. souleyez/parsers/whois_parser.py +135 -94
  185. souleyez/parsers/wpscan_parser.py +278 -190
  186. souleyez/plugins/afp.py +44 -36
  187. souleyez/plugins/afp_brute.py +114 -46
  188. souleyez/plugins/ard.py +48 -37
  189. souleyez/plugins/bloodhound.py +95 -61
  190. souleyez/plugins/certipy.py +303 -0
  191. souleyez/plugins/crackmapexec.py +186 -85
  192. souleyez/plugins/dalfox.py +120 -59
  193. souleyez/plugins/dns_hijack.py +146 -41
  194. souleyez/plugins/dnsrecon.py +97 -61
  195. souleyez/plugins/enum4linux.py +91 -66
  196. souleyez/plugins/evil_winrm.py +291 -0
  197. souleyez/plugins/ffuf.py +166 -90
  198. souleyez/plugins/firmware_extract.py +133 -29
  199. souleyez/plugins/gobuster.py +387 -190
  200. souleyez/plugins/gpp_extract.py +393 -0
  201. souleyez/plugins/hashcat.py +100 -73
  202. souleyez/plugins/http_fingerprint.py +913 -267
  203. souleyez/plugins/hydra.py +566 -200
  204. souleyez/plugins/impacket_getnpusers.py +117 -69
  205. souleyez/plugins/impacket_psexec.py +84 -64
  206. souleyez/plugins/impacket_secretsdump.py +103 -69
  207. souleyez/plugins/impacket_smbclient.py +89 -75
  208. souleyez/plugins/john.py +86 -69
  209. souleyez/plugins/katana.py +313 -0
  210. souleyez/plugins/kerbrute.py +237 -0
  211. souleyez/plugins/lfi_extract.py +541 -0
  212. souleyez/plugins/macos_ssh.py +117 -48
  213. souleyez/plugins/mdns.py +35 -30
  214. souleyez/plugins/msf_auxiliary.py +253 -130
  215. souleyez/plugins/msf_exploit.py +239 -161
  216. souleyez/plugins/nikto.py +134 -78
  217. souleyez/plugins/nmap.py +275 -91
  218. souleyez/plugins/nuclei.py +180 -89
  219. souleyez/plugins/nxc.py +285 -0
  220. souleyez/plugins/plugin_base.py +35 -36
  221. souleyez/plugins/plugin_template.py +13 -5
  222. souleyez/plugins/rdp_sec_check.py +130 -0
  223. souleyez/plugins/responder.py +112 -71
  224. souleyez/plugins/router_http_brute.py +76 -65
  225. souleyez/plugins/router_ssh_brute.py +118 -41
  226. souleyez/plugins/router_telnet_brute.py +124 -42
  227. souleyez/plugins/routersploit.py +91 -59
  228. souleyez/plugins/routersploit_exploit.py +77 -55
  229. souleyez/plugins/searchsploit.py +91 -77
  230. souleyez/plugins/service_explorer.py +1160 -0
  231. souleyez/plugins/smbmap.py +122 -72
  232. souleyez/plugins/smbpasswd.py +215 -0
  233. souleyez/plugins/sqlmap.py +301 -113
  234. souleyez/plugins/theharvester.py +127 -75
  235. souleyez/plugins/tr069.py +79 -57
  236. souleyez/plugins/upnp.py +65 -47
  237. souleyez/plugins/upnp_abuse.py +73 -55
  238. souleyez/plugins/vnc_access.py +129 -42
  239. souleyez/plugins/vnc_brute.py +109 -38
  240. souleyez/plugins/web_login_test.py +417 -0
  241. souleyez/plugins/whois.py +77 -58
  242. souleyez/plugins/wpscan.py +219 -69
  243. souleyez/reporting/__init__.py +2 -1
  244. souleyez/reporting/attack_chain.py +411 -346
  245. souleyez/reporting/charts.py +436 -501
  246. souleyez/reporting/compliance_mappings.py +334 -201
  247. souleyez/reporting/detection_report.py +126 -125
  248. souleyez/reporting/formatters.py +828 -591
  249. souleyez/reporting/generator.py +386 -302
  250. souleyez/reporting/metrics.py +72 -75
  251. souleyez/scanner.py +35 -29
  252. souleyez/security/__init__.py +37 -11
  253. souleyez/security/scope_validator.py +175 -106
  254. souleyez/security/validation.py +237 -149
  255. souleyez/security.py +22 -6
  256. souleyez/storage/credentials.py +247 -186
  257. souleyez/storage/crypto.py +296 -129
  258. souleyez/storage/database.py +73 -50
  259. souleyez/storage/db.py +58 -36
  260. souleyez/storage/deliverable_evidence.py +177 -128
  261. souleyez/storage/deliverable_exporter.py +282 -246
  262. souleyez/storage/deliverable_templates.py +134 -116
  263. souleyez/storage/deliverables.py +135 -130
  264. souleyez/storage/engagements.py +109 -56
  265. souleyez/storage/evidence.py +181 -152
  266. souleyez/storage/execution_log.py +31 -17
  267. souleyez/storage/exploit_attempts.py +93 -57
  268. souleyez/storage/exploits.py +67 -36
  269. souleyez/storage/findings.py +48 -61
  270. souleyez/storage/hosts.py +176 -144
  271. souleyez/storage/migrate_to_engagements.py +43 -19
  272. souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
  273. souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
  274. souleyez/storage/migrations/_003_add_execution_log.py +14 -8
  275. souleyez/storage/migrations/_005_screenshots.py +13 -5
  276. souleyez/storage/migrations/_006_deliverables.py +13 -5
  277. souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
  278. souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
  279. souleyez/storage/migrations/_010_evidence_linking.py +17 -10
  280. souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
  281. souleyez/storage/migrations/_012_team_collaboration.py +34 -21
  282. souleyez/storage/migrations/_013_add_host_tags.py +12 -6
  283. souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
  284. souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
  285. souleyez/storage/migrations/_016_add_domain_field.py +10 -4
  286. souleyez/storage/migrations/_017_msf_sessions.py +16 -8
  287. souleyez/storage/migrations/_018_add_osint_target.py +10 -6
  288. souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
  289. souleyez/storage/migrations/_020_add_rbac.py +36 -15
  290. souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
  291. souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
  292. souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
  293. souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
  294. souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
  295. souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
  296. souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
  297. souleyez/storage/migrations/__init__.py +26 -26
  298. souleyez/storage/migrations/migration_manager.py +19 -19
  299. souleyez/storage/msf_sessions.py +100 -65
  300. souleyez/storage/osint.py +17 -24
  301. souleyez/storage/recommendation_engine.py +269 -235
  302. souleyez/storage/screenshots.py +33 -32
  303. souleyez/storage/smb_shares.py +136 -92
  304. souleyez/storage/sqlmap_data.py +183 -128
  305. souleyez/storage/team_collaboration.py +135 -141
  306. souleyez/storage/timeline_tracker.py +122 -94
  307. souleyez/storage/wazuh_vulns.py +64 -66
  308. souleyez/storage/web_paths.py +33 -37
  309. souleyez/testing/credential_tester.py +221 -205
  310. souleyez/ui/__init__.py +1 -1
  311. souleyez/ui/ai_quotes.py +12 -12
  312. souleyez/ui/attack_surface.py +2439 -1516
  313. souleyez/ui/chain_rules_view.py +914 -382
  314. souleyez/ui/correlation_view.py +312 -230
  315. souleyez/ui/dashboard.py +2382 -1130
  316. souleyez/ui/deliverables_view.py +148 -62
  317. souleyez/ui/design_system.py +13 -13
  318. souleyez/ui/errors.py +49 -49
  319. souleyez/ui/evidence_linking_view.py +284 -179
  320. souleyez/ui/evidence_vault.py +393 -285
  321. souleyez/ui/exploit_suggestions_view.py +555 -349
  322. souleyez/ui/export_view.py +100 -66
  323. souleyez/ui/gap_analysis_view.py +315 -171
  324. souleyez/ui/help_system.py +105 -97
  325. souleyez/ui/intelligence_view.py +436 -293
  326. souleyez/ui/interactive.py +23034 -10679
  327. souleyez/ui/interactive_selector.py +75 -68
  328. souleyez/ui/log_formatter.py +47 -39
  329. souleyez/ui/menu_components.py +22 -13
  330. souleyez/ui/msf_auxiliary_menu.py +184 -133
  331. souleyez/ui/pending_chains_view.py +336 -172
  332. souleyez/ui/progress_indicators.py +5 -3
  333. souleyez/ui/recommendations_view.py +195 -137
  334. souleyez/ui/rule_builder.py +343 -225
  335. souleyez/ui/setup_wizard.py +678 -284
  336. souleyez/ui/shortcuts.py +217 -165
  337. souleyez/ui/splunk_gap_analysis_view.py +452 -270
  338. souleyez/ui/splunk_vulns_view.py +139 -86
  339. souleyez/ui/team_dashboard.py +498 -335
  340. souleyez/ui/template_selector.py +196 -105
  341. souleyez/ui/terminal.py +6 -6
  342. souleyez/ui/timeline_view.py +198 -127
  343. souleyez/ui/tool_setup.py +264 -164
  344. souleyez/ui/tutorial.py +202 -72
  345. souleyez/ui/tutorial_state.py +40 -40
  346. souleyez/ui/wazuh_vulns_view.py +235 -141
  347. souleyez/ui/wordlist_browser.py +260 -107
  348. souleyez/ui.py +464 -312
  349. souleyez/utils/tool_checker.py +427 -367
  350. souleyez/utils.py +33 -29
  351. souleyez/wordlists.py +134 -167
  352. {souleyez-2.43.29.dist-info → souleyez-3.0.0.dist-info}/METADATA +2 -2
  353. souleyez-3.0.0.dist-info/RECORD +443 -0
  354. {souleyez-2.43.29.dist-info → souleyez-3.0.0.dist-info}/WHEEL +1 -1
  355. souleyez-2.43.29.dist-info/RECORD +0 -379
  356. {souleyez-2.43.29.dist-info → souleyez-3.0.0.dist-info}/entry_points.txt +0 -0
  357. {souleyez-2.43.29.dist-info → souleyez-3.0.0.dist-info}/licenses/LICENSE +0 -0
  358. {souleyez-2.43.29.dist-info → souleyez-3.0.0.dist-info}/top_level.txt +0 -0
souleyez/parsers/service_explorer_parser.py ADDED
@@ -0,0 +1,279 @@
1
+ #!/usr/bin/env python3
2
+ """
3
+ souleyez.parsers.service_explorer_parser
4
+
5
+ Parses Service Explorer JSON output into structured data for display and findings.
6
+ """
7
+ import json
8
+ import re
9
+ from typing import Any, Dict, List
10
+
11
+
12
+ def parse_service_explorer_output(output: str, target: str = "") -> Dict[str, Any]:
13
+ """
14
+ Parse Service Explorer JSON output.
15
+
16
+ Service Explorer outputs JSON with this structure:
17
+ {
18
+ "protocol": "ftp",
19
+ "target": "192.168.1.100",
20
+ "port": 21,
21
+ "username": "anonymous",
22
+ "files_found": 15,
23
+ "interesting_files": 3,
24
+ "downloaded": 2,
25
+ "files": [...],
26
+ "interesting": [...],
27
+ "downloaded_files": [...],
28
+ "errors": [...]
29
+ }
30
+
31
+ Args:
32
+ output: Raw JSON output from Service Explorer
33
+ target: Target IP/hostname from job
34
+
35
+ Returns:
36
+ Dict with parsed data
37
+ """
38
+ result = {
39
+ "target": target,
40
+ "protocol": None,
41
+ "port": None,
42
+ "username": None,
43
+ "files_found": 0,
44
+ "interesting_count": 0,
45
+ "downloaded_count": 0,
46
+ "files": [],
47
+ "interesting_files": [],
48
+ "downloaded_files": [],
49
+ "errors": [],
50
+ "server_info": None,
51
+ "error": None,
52
+ }
53
+
54
+ # Try to parse as JSON first
55
+ try:
56
+ # Handle log file format (may have header lines)
57
+ json_start = output.find("{")
58
+ if json_start >= 0:
59
+ json_str = output[json_start:]
60
+ data = json.loads(json_str)
61
+
62
+ result["protocol"] = data.get("protocol")
63
+ result["port"] = data.get("port")
64
+ result["username"] = data.get("username")
65
+ result["target"] = data.get("target") or target
66
+ result["files_found"] = data.get("files_found", 0)
67
+ result["interesting_count"] = data.get("interesting_files", 0)
68
+ result["downloaded_count"] = data.get("downloaded", 0)
69
+ result["files"] = data.get("files", [])
70
+ result["interesting_files"] = data.get("interesting", [])
71
+ result["downloaded_files"] = data.get("downloaded_files", [])
72
+ result["errors"] = data.get("errors", [])
73
+
74
+ # Check for connection error
75
+ if data.get("error"):
76
+ result["error"] = data.get("error")
77
+
78
+ # Extract server info if present (Redis/MongoDB)
79
+ for item in result["files"]:
80
+ if item.get("name") == "__SERVER_INFO__":
81
+ result["server_info"] = item.get("data", {})
82
+ result["files"].remove(item)
83
+ break
84
+
85
+ return result
86
+
87
+ except json.JSONDecodeError:
88
+ pass
89
+
90
+ # Fallback: try to extract info from non-JSON output
91
+ if "Connection failed" in output or "connection failed" in output:
92
+ result["error"] = "Connection failed"
93
+ elif "not installed" in output:
94
+ error_match = re.search(r"(\w+) not installed", output)
95
+ if error_match:
96
+ result["error"] = f"{error_match.group(1)} not installed"
97
+
98
+ return result
99
+
100
+
101
+ def extract_findings(parsed_data: Dict[str, Any]) -> List[Dict[str, Any]]:
102
+ """
103
+ Extract security findings from parsed Service Explorer data.
104
+
105
+ Returns:
106
+ List of finding dictionaries with:
107
+ {
108
+ 'title': str,
109
+ 'severity': str, # high, medium, low, info
110
+ 'description': str,
111
+ 'evidence': str
112
+ }
113
+ """
114
+ findings = []
115
+ protocol = parsed_data.get("protocol", "unknown").upper()
116
+ target = parsed_data.get("target", "unknown")
117
+ username = parsed_data.get("username", "")
118
+
119
+ # Finding: Sensitive files discovered
120
+ sensitive_files = []
121
+ for f in parsed_data.get("interesting_files", []):
122
+ filename = f.get("name", "")
123
+ # Categorize sensitivity
124
+ if any(
125
+ p in filename.lower()
126
+ for p in ["passwd", "shadow", "password", "credential", "secret"]
127
+ ):
128
+ sensitive_files.append((f, "critical"))
129
+ elif any(
130
+ p in filename.lower() for p in ["id_rsa", "id_dsa", ".pem", ".key", ".pfx"]
131
+ ):
132
+ sensitive_files.append((f, "critical"))
133
+ elif any(p in filename.lower() for p in [".sql", ".db", ".sqlite", ".mdb"]):
134
+ sensitive_files.append((f, "high"))
135
+ elif any(p in filename.lower() for p in [".conf", ".config", ".ini", ".env"]):
136
+ sensitive_files.append((f, "medium"))
137
+ elif any(
138
+ p in filename.lower() for p in ["flag", "proof", "root.txt", "user.txt"]
139
+ ):
140
+ sensitive_files.append((f, "high")) # CTF flags
141
+ elif any(p in filename.lower() for p in [".bak", ".backup", ".old"]):
142
+ sensitive_files.append((f, "medium"))
143
+ else:
144
+ sensitive_files.append((f, "low"))
145
+
146
+ # Critical files
147
+ critical_files = [(f, s) for f, s in sensitive_files if s == "critical"]
148
+ if critical_files:
149
+ findings.append(
150
+ {
151
+ "title": f"{protocol} Critical Sensitive Files Exposed",
152
+ "severity": "high",
153
+ "description": f"Found {len(critical_files)} critical sensitive file(s) on {protocol} service. "
154
+ "These files may contain credentials, private keys, or other highly sensitive data.",
155
+ "evidence": "\n".join(
156
+ [
157
+ f"- {f.get('full_path', f.get('name'))} ({f.get('size', 0)} bytes)"
158
+ for f, _ in critical_files[:10]
159
+ ]
160
+ ),
161
+ }
162
+ )
163
+
164
+ # High severity files
165
+ high_files = [(f, s) for f, s in sensitive_files if s == "high"]
166
+ if high_files:
167
+ findings.append(
168
+ {
169
+ "title": f"{protocol} Database/Flag Files Found",
170
+ "severity": "medium",
171
+ "description": f"Found {len(high_files)} database or flag file(s) on {protocol} service.",
172
+ "evidence": "\n".join(
173
+ [
174
+ f"- {f.get('full_path', f.get('name'))} ({f.get('size', 0)} bytes)"
175
+ for f, _ in high_files[:10]
176
+ ]
177
+ ),
178
+ }
179
+ )
180
+
181
+ # Finding: Anonymous/null session access
182
+ if (
183
+ username in ["anonymous", "guest", "", None]
184
+ and parsed_data.get("files_found", 0) > 0
185
+ ):
186
+ findings.append(
187
+ {
188
+ "title": f"{protocol} Anonymous Access Allowed",
189
+ "severity": "medium",
190
+ "description": f"Anonymous/guest access is permitted on {protocol} service at {target}. "
191
+ f"Found {parsed_data.get('files_found')} files accessible without authentication.",
192
+ "evidence": f"Protocol: {protocol}\nTarget: {target}\nUsername: {username or 'anonymous'}\n"
193
+ f"Files Found: {parsed_data.get('files_found')}\n"
194
+ f"Interesting Files: {parsed_data.get('interesting_count')}",
195
+ }
196
+ )
197
+
198
+ # Finding: Files downloaded
199
+ if parsed_data.get("downloaded_count", 0) > 0:
200
+ findings.append(
201
+ {
202
+ "title": f"{protocol} Files Downloaded",
203
+ "severity": "info",
204
+ "description": f"Successfully downloaded {parsed_data.get('downloaded_count')} file(s) "
205
+ f"from {protocol} service for analysis.",
206
+ "evidence": "\n".join(
207
+ [f"- {f}" for f in parsed_data.get("downloaded_files", [])[:10]]
208
+ ),
209
+ }
210
+ )
211
+
212
+ # Finding: Redis server info
213
+ if protocol == "REDIS" and parsed_data.get("server_info"):
214
+ info = parsed_data["server_info"]
215
+ findings.append(
216
+ {
217
+ "title": "Redis Server Information Exposed",
218
+ "severity": "medium",
219
+ "description": "Redis server is accessible and exposes detailed configuration information. "
220
+ "This may allow attackers to gather intelligence for further attacks.",
221
+ "evidence": "\n".join(
222
+ [f"- {k}: {v}" for k, v in info.items() if v is not None]
223
+ ),
224
+ }
225
+ )
226
+
227
+ # Check for dangerous Redis config
228
+ if info.get("total_keys", 0) > 0:
229
+ findings.append(
230
+ {
231
+ "title": "Redis Database Contains Data",
232
+ "severity": "medium",
233
+ "description": f"Redis database contains {info.get('total_keys')} keys. "
234
+ "May contain cached credentials, session tokens, or sensitive application data.",
235
+ "evidence": f"Total keys: {info.get('total_keys')}",
236
+ }
237
+ )
238
+
239
+ # Finding: MongoDB server info
240
+ if protocol in ["MONGO", "MONGODB"] and parsed_data.get("server_info"):
241
+ info = parsed_data["server_info"]
242
+ findings.append(
243
+ {
244
+ "title": "MongoDB Server Information Exposed",
245
+ "severity": "medium",
246
+ "description": "MongoDB server is accessible without authentication. "
247
+ "This is a critical security misconfiguration.",
248
+ "evidence": "\n".join(
249
+ [f"- {k}: {v}" for k, v in info.items() if v is not None]
250
+ ),
251
+ }
252
+ )
253
+
254
+ # Finding: General enumeration success
255
+ if parsed_data.get("files_found", 0) > 0 and not findings:
256
+ findings.append(
257
+ {
258
+ "title": f"{protocol} Service Enumeration Successful",
259
+ "severity": "info",
260
+ "description": f"Successfully enumerated {protocol} service and found "
261
+ f"{parsed_data.get('files_found')} items.",
262
+ "evidence": f"Protocol: {protocol}\nTarget: {target}\n"
263
+ f"Files Found: {parsed_data.get('files_found')}\n"
264
+ f"Interesting Files: {parsed_data.get('interesting_count')}",
265
+ }
266
+ )
267
+
268
+ # Finding: Connection errors
269
+ if parsed_data.get("errors"):
270
+ findings.append(
271
+ {
272
+ "title": f"{protocol} Enumeration Errors",
273
+ "severity": "info",
274
+ "description": f"Encountered {len(parsed_data['errors'])} error(s) during enumeration.",
275
+ "evidence": "\n".join([f"- {e}" for e in parsed_data["errors"][:5]]),
276
+ }
277
+ )
278
+
279
+ return findings