souleyez 2.43.29__py3-none-any.whl → 3.0.0__py3-none-any.whl

souleyez/plugins/theharvester.py

@@ -29,15 +29,18 @@ HELP = {
         "- Respect rate limits and API terms for the public sources you query.\n"
         "- Use findings from theHarvester to feed targeted scans (subdomain -> Nmap -> service checks) or social-engineering risk assessments.\n"
     ),
-    "usage": "souleyez jobs enqueue theharvester <domain> --args \"-b bing\"",
+    "usage": 'souleyez jobs enqueue theharvester <domain> --args "-b bing"',
     "examples": [
-        "souleyez jobs enqueue theharvester example.com --args \"-b bing\"",
-        "souleyez jobs enqueue theharvester example.com --args \"-b certspotter,crtsh\"",
-        "souleyez jobs enqueue theharvester example.com --args \"-b duckduckgo -l 200\"",
-        "souleyez jobs enqueue theharvester example.com --args \"-b hackertarget,virustotal\"",
+        'souleyez jobs enqueue theharvester example.com --args "-b bing"',
+        'souleyez jobs enqueue theharvester example.com --args "-b certspotter,crtsh"',
+        'souleyez jobs enqueue theharvester example.com --args "-b duckduckgo -l 200"',
+        'souleyez jobs enqueue theharvester example.com --args "-b hackertarget,virustotal"',
     ],
     "flags": [
-        ["-b <source>", "Data source (bing, duckduckgo, yahoo, certspotter, crtsh, dnsdumpster, hackertarget, etc.)"],
+        [
+            "-b <source>",
+            "Data source (bing, duckduckgo, yahoo, certspotter, crtsh, dnsdumpster, hackertarget, etc.)",
+        ],
         ["-l <limit>", "Limit results (default 500)"],
         ["-s <start>", "Start at result number X"],
         ["-f <file>", "Save results to HTML/XML file"],
@@ -47,93 +50,140 @@ HELP = {
             {
                 "name": "Bing Search",
                 "args": ["-b", "bing", "-l", "500"],
-                "desc": "Search Bing for emails/subdomains/hosts"
+                "desc": "Search Bing for emails/subdomains/hosts",
             },
             {
                 "name": "DuckDuckGo Search",
                 "args": ["-b", "duckduckgo", "-l", "500"],
-                "desc": "Search DuckDuckGo for emails/subdomains/hosts"
+                "desc": "Search DuckDuckGo for emails/subdomains/hosts",
             },
             {
                 "name": "URLScan Search",
                 "args": ["-b", "urlscan", "-l", "500"],
-                "desc": "Search URLScan.io for URLs/subdomains/hosts"
+                "desc": "Search URLScan.io for URLs/subdomains/hosts",
             },
             {
                 "name": "Quick Search",
                 "args": ["-b", "bing,yahoo", "-l", "100"],
-                "desc": "Quick search engine scan (100 results)"
-            }
+                "desc": "Quick search engine scan (100 results)",
+            },
         ],
         "passive_sources": [
             {
                 "name": "Certificate Logs",
                 "args": ["-b", "certspotter,crtsh"],
-                "desc": "Certificate transparency logs (subdomains)"
+                "desc": "Certificate transparency logs (subdomains)",
             },
             {
                 "name": "Comprehensive Passive",
-                "args": ["-b", "certspotter,crtsh,dnsdumpster,hackertarget,otx,virustotal"],
-                "desc": "All passive sources (no active queries)"
-            }
-        ]
+                "args": [
+                    "-b",
+                    "certspotter,crtsh,dnsdumpster,hackertarget,otx,virustotal",
+                ],
+                "desc": "All passive sources (no active queries)",
+            },
+        ],
     },
     "presets": [
         # Flattened list for backward compatibility
-        {"name": "Bing Search", "args": ["-b", "bing", "-l", "500"], "desc": "Search Bing for emails/subdomains/hosts"},
-        {"name": "DuckDuckGo Search", "args": ["-b", "duckduckgo", "-l", "500"], "desc": "Search DuckDuckGo for emails/subdomains/hosts"},
-        {"name": "URLScan Search", "args": ["-b", "urlscan", "-l", "500"], "desc": "Search URLScan.io for URLs/subdomains/hosts"},
-        {"name": "Quick Search", "args": ["-b", "bing,yahoo", "-l", "100"], "desc": "Quick search engine scan (100 results)"},
-        {"name": "Certificate Logs", "args": ["-b", "certspotter,crtsh"], "desc": "Certificate transparency logs (subdomains)"},
-        {"name": "Comprehensive Passive", "args": ["-b", "certspotter,crtsh,dnsdumpster,hackertarget,otx,virustotal"], "desc": "All passive sources (no active queries)"}
+        {
+            "name": "Bing Search",
+            "args": ["-b", "bing", "-l", "500"],
+            "desc": "Search Bing for emails/subdomains/hosts",
+        },
+        {
+            "name": "DuckDuckGo Search",
+            "args": ["-b", "duckduckgo", "-l", "500"],
+            "desc": "Search DuckDuckGo for emails/subdomains/hosts",
+        },
+        {
+            "name": "URLScan Search",
+            "args": ["-b", "urlscan", "-l", "500"],
+            "desc": "Search URLScan.io for URLs/subdomains/hosts",
+        },
+        {
+            "name": "Quick Search",
+            "args": ["-b", "bing,yahoo", "-l", "100"],
+            "desc": "Quick search engine scan (100 results)",
+        },
+        {
+            "name": "Certificate Logs",
+            "args": ["-b", "certspotter,crtsh"],
+            "desc": "Certificate transparency logs (subdomains)",
+        },
+        {
+            "name": "Comprehensive Passive",
+            "args": ["-b", "certspotter,crtsh,dnsdumpster,hackertarget,otx,virustotal"],
+            "desc": "All passive sources (no active queries)",
+        },
     ],
     "help_sections": [
         {
             "title": "What is theHarvester?",
             "color": "cyan",
             "content": [
-                {"title": "Overview", "desc": "theHarvester aggregates email addresses, subdomains, hostnames, and employee names from public sources to build reconnaissance snapshots for external attack surface mapping."},
-                {"title": "Use Cases", "desc": "Perfect for initial OSINT reconnaissance and collecting leads before deeper testing.", "tips": [
-                    "Email harvesting and subdomain discovery",
-                    "Hostname collection and employee name gathering",
-                    "Combine output with DNS, CT logs, and certificate data for better coverage",
-                    "Save results (CSV/JSON) to job log for importing into Findings or follow-up scans",
-                    "Feed targeted scans (subdomain → Nmap → service checks) or social-engineering assessments",
-                    "Respect rate limits and API terms for public sources you query"
-                ]}
-            ]
+                {
+                    "title": "Overview",
+                    "desc": "theHarvester aggregates email addresses, subdomains, hostnames, and employee names from public sources to build reconnaissance snapshots for external attack surface mapping.",
+                },
+                {
+                    "title": "Use Cases",
+                    "desc": "Perfect for initial OSINT reconnaissance and collecting leads before deeper testing.",
+                    "tips": [
+                        "Email harvesting and subdomain discovery",
+                        "Hostname collection and employee name gathering",
+                        "Combine output with DNS, CT logs, and certificate data for better coverage",
+                        "Save results (CSV/JSON) to job log for importing into Findings or follow-up scans",
+                        "Feed targeted scans (subdomain → Nmap → service checks) or social-engineering assessments",
+                        "Respect rate limits and API terms for public sources you query",
+                    ],
+                },
+            ],
         },
         {
             "title": "How to Use",
             "color": "green",
             "content": [
-                {"title": "Basic Workflow", "desc": "1. Select a domain to investigate\n     2. Choose a data source (active or passive)\n     3. Review results and add to job log\n     4. Import findings into engagement"},
-                {"title": "Data Sources", "desc": "Active sources query search engines directly, passive sources use archived data", "tips": [
-                    "Bing/DuckDuckGo: Good for email addresses",
-                    "Certificate Logs: Best for subdomain discovery",
-                    "Comprehensive Passive: Broadest coverage without active queries"
-                ]}
-            ]
+                {
+                    "title": "Basic Workflow",
+                    "desc": "1. Select a domain to investigate\n     2. Choose a data source (active or passive)\n     3. Review results and add to job log\n     4. Import findings into engagement",
+                },
+                {
+                    "title": "Data Sources",
+                    "desc": "Active sources query search engines directly, passive sources use archived data",
+                    "tips": [
+                        "Bing/DuckDuckGo: Good for email addresses",
+                        "Certificate Logs: Best for subdomain discovery",
+                        "Comprehensive Passive: Broadest coverage without active queries",
+                    ],
+                },
+            ],
         },
         {
             "title": "Tips & Best Practices",
             "color": "yellow",
             "content": [
-                ("Best Practices:", [
-                    "Start with passive sources to avoid detection",
-                    "Use comprehensive passive for maximum subdomain coverage",
-                    "Save results to job log for later analysis",
-                    "Respect rate limits and API terms",
-                    "Combine with DNS enumeration for complete coverage"
-                ]),
-                ("Common Issues:", [
-                    "Rate limiting: Switch to passive sources or reduce query frequency",
-                    "No results: Try different data sources or verify domain is valid",
-                    "API errors: Check internet connectivity and source availability"
-                ])
-            ]
-        }
-    ]
+                (
+                    "Best Practices:",
+                    [
+                        "Start with passive sources to avoid detection",
+                        "Use comprehensive passive for maximum subdomain coverage",
+                        "Save results to job log for later analysis",
+                        "Respect rate limits and API terms",
+                        "Combine with DNS enumeration for complete coverage",
+                    ],
+                ),
+                (
+                    "Common Issues:",
+                    [
+                        "Rate limiting: Switch to passive sources or reduce query frequency",
+                        "No results: Try different data sources or verify domain is valid",
+                        "API errors: Check internet connectivity and source availability",
+                    ],
+                ),
+            ],
+        },
+    ],
 }
 
 
@@ -143,29 +193,29 @@ class TheHarvesterPlugin(PluginBase):
     category = "reconnaissance"
     HELP = HELP
 
-
-    def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
+    def build_command(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ):
         """Build command for background execution with PID tracking."""
         args = args or []
-        
+
         # Validate hostname
         try:
             target = validate_hostname(target)
         except ValidationError as e:
             if log_path:
-                with open(log_path, 'w') as f:
+                with open(log_path, "w") as f:
                     f.write(f"ERROR: Invalid domain: {e}\n")
             return None
-        
+
         # theHarvester uses -d for domain
         cmd = ["theHarvester", "-d", target] + args
-        
-        return {
-            'cmd': cmd,
-            'timeout': 1800
-        }
 
-    def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
+        return {"cmd": cmd, "timeout": 1800}
+
+    def run(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ) -> int:
         """
         Execute theHarvester scan and write output to log_path.
 
@@ -183,11 +233,11 @@ class TheHarvesterPlugin(PluginBase):
             target = validate_hostname(target)
         except ValidationError as e:
             if log_path:
-                with open(log_path, 'w') as f:
+                with open(log_path, "w") as f:
                     f.write(f"ERROR: Invalid domain: {e}\n")
                 return 1
             raise ValueError(f"Invalid domain: {e}")
-        
+
         args = args or []
 
         # Build theHarvester command
@@ -197,7 +247,9 @@ class TheHarvesterPlugin(PluginBase):
         if not log_path:
             # Fallback for direct calls
             try:
-                proc = subprocess.run(cmd, capture_output=True, timeout=300, check=False)
+                proc = subprocess.run(
+                    cmd, capture_output=True, timeout=300, check=False
+                )
                 return proc.returncode
             except Exception:
                 return 1
@@ -206,18 +258,18 @@ class TheHarvesterPlugin(PluginBase):
         try:
             with open(log_path, "a", encoding="utf-8", errors="replace") as fh:
                 fh.write(f"Command: {' '.join(cmd)}\n")
-                fh.write(f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n\n")
+                fh.write(
+                    f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n\n"
+                )
                 fh.flush()
 
                 proc = subprocess.run(
-                    cmd,
-                    stdout=fh,
-                    stderr=subprocess.STDOUT,
-                    timeout=300,
-                    check=False
+                    cmd, stdout=fh, stderr=subprocess.STDOUT, timeout=300, check=False
                 )
 
-                fh.write(f"\nCompleted: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n")
+                fh.write(
+                    f"\nCompleted: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
+                )
                 fh.write(f"Exit Code: {proc.returncode}\n")
 
                 return proc.returncode

souleyez/plugins/tr069.py

@@ -33,7 +33,7 @@ HELP = {
     "examples": [
         "souleyez jobs enqueue tr069 192.168.1.1",
         "souleyez jobs enqueue tr069 192.168.1.0/24",
-        "souleyez jobs enqueue tr069 10.0.0.1 --args \"--deep\"",
+        'souleyez jobs enqueue tr069 10.0.0.1 --args "--deep"',
     ],
     "flags": [
         ["--deep", "Extended enumeration with HTTP probing"],
@@ -41,37 +41,52 @@ HELP = {
     ],
     "presets": [
         {"name": "Quick Detection", "args": [], "desc": "Fast TR-069 port detection"},
-        {"name": "Deep Enumeration", "args": ["--deep"], "desc": "Full HTTP enumeration of TR-069"},
+        {
+            "name": "Deep Enumeration",
+            "args": ["--deep"],
+            "desc": "Full HTTP enumeration of TR-069",
+        },
     ],
     "help_sections": [
         {
             "title": "What is TR-069?",
             "color": "cyan",
             "content": [
-                {"title": "Overview", "desc": "TR-069 lets ISPs remotely manage your router. It's how they push firmware updates and change settings without physical access."},
-                {"title": "Security Risks", "desc": "Why TR-069 can be dangerous", "tips": [
-                    "Often runs as root/admin on the device",
-                    "May have hardcoded credentials",
-                    "ACS server URL can be hijacked",
-                    "Known RCE vulnerabilities in implementations",
-                    "Can be used to exfiltrate data or install backdoors"
-                ]}
-            ]
+                {
+                    "title": "Overview",
+                    "desc": "TR-069 lets ISPs remotely manage your router. It's how they push firmware updates and change settings without physical access.",
+                },
+                {
+                    "title": "Security Risks",
+                    "desc": "Why TR-069 can be dangerous",
+                    "tips": [
+                        "Often runs as root/admin on the device",
+                        "May have hardcoded credentials",
+                        "ACS server URL can be hijacked",
+                        "Known RCE vulnerabilities in implementations",
+                        "Can be used to exfiltrate data or install backdoors",
+                    ],
+                },
+            ],
         },
         {
             "title": "Attack Scenarios",
             "color": "red",
             "content": [
-                {"title": "Common Attacks", "desc": "How TR-069 gets exploited", "tips": [
-                    "MITM attacks on ACS communication",
-                    "Exploit known CVEs (Misfortune Cookie, etc.)",
-                    "Credential bruteforce if auth is weak",
-                    "DNS hijacking via TR-069 config changes",
-                    "Firmware downgrade to vulnerable version"
-                ]}
-            ]
-        }
-    ]
+                {
+                    "title": "Common Attacks",
+                    "desc": "How TR-069 gets exploited",
+                    "tips": [
+                        "MITM attacks on ACS communication",
+                        "Exploit known CVEs (Misfortune Cookie, etc.)",
+                        "Credential bruteforce if auth is weak",
+                        "DNS hijacking via TR-069 config changes",
+                        "Firmware downgrade to vulnerable version",
+                    ],
+                }
+            ],
+        },
+    ],
 }
 
 
@@ -81,7 +96,9 @@ class TR069Plugin(PluginBase):
     category = "scanning"
     HELP = HELP
 
-    def build_command(self, target: str, args: List[str] = None, label: str = "", log_path: str = None):
+    def build_command(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ):
         """Build nmap command for TR-069 detection."""
         args = args or []
 
@@ -90,79 +107,84 @@ class TR069Plugin(PluginBase):
             target = validate_target(target)
         except ValidationError as e:
             if log_path:
-                with open(log_path, 'w') as f:
+                with open(log_path, "w") as f:
                     f.write(f"ERROR: Invalid target: {e}\n")
             return None
 
         # Base TR-069 ports
-        ports = '7547,4567,5555,8089'  # Common CWMP/TR-069 ports
+        ports = "7547,4567,5555,8089"  # Common CWMP/TR-069 ports
 
         # Determine scan depth
-        if '--deep' in args:
+        if "--deep" in args:
             # Deep scan with HTTP enumeration
-            scripts = 'http-title,http-headers,http-methods,http-server-header'
+            scripts = "http-title,http-headers,http-methods,http-server-header"
             cmd = [
-                'nmap',
-                '-sV',
-                '-p', ports,
-                '--script', scripts,
-                '--script-args', 'http.useragent=CWMP Client',
-                '-oN', '-',
-                '--open',
-                '-T4',
-                target
+                "nmap",
+                "-sV",
+                "-p",
+                ports,
+                "--script",
+                scripts,
+                "--script-args",
+                "http.useragent=CWMP Client",
+                "-oN",
+                "-",
+                "--open",
+                "-T4",
+                target,
             ]
         else:
             # Quick detection
             cmd = [
-                'nmap',
-                '-sS', '-sV',
-                '-p', ports,
-                '-oN', '-',
-                '--open',
-                '-T4',
-                target
+                "nmap",
+                "-sS",
+                "-sV",
+                "-p",
+                ports,
+                "-oN",
+                "-",
+                "--open",
+                "-T4",
+                target,
             ]
 
-        return {
-            'cmd': cmd,
-            'timeout': 600  # 10 minute timeout
-        }
+        return {"cmd": cmd, "timeout": 600}  # 10 minute timeout
 
-    def run(self, target: str, args: List[str] = None, label: str = "", log_path: str = None) -> int:
+    def run(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ) -> int:
         """Execute TR-069 detection."""
         cmd_spec = self.build_command(target, args, label, log_path)
         if cmd_spec is None:
             return 1
 
-        cmd = cmd_spec['cmd']
+        cmd = cmd_spec["cmd"]
 
         if log_path:
-            with open(log_path, 'w') as f:
+            with open(log_path, "w") as f:
                 f.write(f"# TR-069/CWMP Detection on {target}\n")
                 f.write(f"# Command: {' '.join(cmd)}\n")
                 f.write(f"# Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\n\n")
-                f.write("# TR-069 (Technical Report 069) is used by ISPs for remote router management\n")
+                f.write(
+                    "# TR-069 (Technical Report 069) is used by ISPs for remote router management\n"
+                )
                 f.write("# Common ports: 7547 (primary), 4567, 5555, 8089\n\n")
 
         try:
-            with open(log_path, 'a') as f:
+            with open(log_path, "a") as f:
                 result = subprocess.run(
-                    cmd,
-                    stdout=f,
-                    stderr=subprocess.STDOUT,
-                    timeout=cmd_spec['timeout']
+                    cmd, stdout=f, stderr=subprocess.STDOUT, timeout=cmd_spec["timeout"]
                 )
             return result.returncode
 
         except subprocess.TimeoutExpired:
             if log_path:
-                with open(log_path, 'a') as f:
+                with open(log_path, "a") as f:
                     f.write("\n\n# ERROR: Scan timed out\n")
             return 124
         except Exception as e:
             if log_path:
-                with open(log_path, 'a') as f:
+                with open(log_path, "a") as f:
                     f.write(f"\n\n# ERROR: {e}\n")
             return 1