souleyez 2.43.29__py3-none-any.whl → 3.0.0__py3-none-any.whl

souleyez/core/vuln_correlation.py

@@ -16,6 +16,7 @@ import re
 @dataclass
 class CorrelatedFinding:
     """Represents a group of related findings from different tools."""
+
     cve_id: Optional[str] = None
     service: str = ""
     port: int = 0
@@ -29,8 +30,8 @@ class CorrelatedFinding:
 
     def add_finding(self, finding: Dict[str, Any]):
         """Add a finding to this correlation group."""
-        finding_id = finding.get('id')
-        tool = finding.get('tool', '')
+        finding_id = finding.get("id")
+        tool = finding.get("tool", "")
 
         if finding_id and finding_id not in self.finding_ids:
             self.finding_ids.append(finding_id)
@@ -39,9 +40,15 @@ class CorrelatedFinding:
             self.tools.append(tool)
 
         # Update severity to highest
-        severities = ['critical', 'high', 'medium', 'low', 'info']
-        current_idx = severities.index(self.severity) if self.severity in severities else 4
-        new_idx = severities.index(finding.get('severity', 'info')) if finding.get('severity') in severities else 4
+        severities = ["critical", "high", "medium", "low", "info"]
+        current_idx = (
+            severities.index(self.severity) if self.severity in severities else 4
+        )
+        new_idx = (
+            severities.index(finding.get("severity", "info"))
+            if finding.get("severity") in severities
+            else 4
+        )
 
         if new_idx < current_idx:
             self.severity = severities[new_idx]
@@ -49,22 +56,23 @@ class CorrelatedFinding:
     def to_dict(self) -> Dict[str, Any]:
         """Convert to dictionary."""
         return {
-            'cve_id': self.cve_id,
-            'service': self.service,
-            'port': self.port,
-            'host_ip': self.host_ip,
-            'severity': self.severity,
-            'finding_ids': self.finding_ids,
-            'tools': self.tools,
-            'confidence': self.confidence,
-            'description': self.description,
-            'exploit_available': self.exploit_available
+            "cve_id": self.cve_id,
+            "service": self.service,
+            "port": self.port,
+            "host_ip": self.host_ip,
+            "severity": self.severity,
+            "finding_ids": self.finding_ids,
+            "tools": self.tools,
+            "confidence": self.confidence,
+            "description": self.description,
+            "exploit_available": self.exploit_available,
         }
 
 
 @dataclass
 class AttackPath:
     """Represents a potential attack path using multiple findings."""
+
     name: str
     findings: List[Dict[str, Any]] = field(default_factory=list)
     success_probability: float = 0.0
@@ -73,11 +81,11 @@ class AttackPath:
 
     def to_dict(self) -> Dict[str, Any]:
         return {
-            'name': self.name,
-            'finding_ids': [f.get('id') for f in self.findings],
-            'success_probability': self.success_probability,
-            'impact': self.impact,
-            'steps': self.steps
+            "name": self.name,
+            "finding_ids": [f.get("id") for f in self.findings],
+            "success_probability": self.success_probability,
+            "impact": self.impact,
+            "steps": self.steps,
         }
 
 
@@ -87,7 +95,9 @@ class VulnerabilityCorrelator:
     def __init__(self):
         """Initialize correlator."""
 
-    def correlate_by_cve(self, findings: List[Dict[str, Any]]) -> List[CorrelatedFinding]:
+    def correlate_by_cve(
+        self, findings: List[Dict[str, Any]]
+    ) -> List[CorrelatedFinding]:
         """
         Group findings by CVE ID.
 
@@ -97,14 +107,14 @@ class VulnerabilityCorrelator:
 
         for finding in findings:
             # Extract CVE from various fields
-            cve_id = finding.get('cve_id')
+            cve_id = finding.get("cve_id")
             if not cve_id:
                 # Try to extract from refs or description
-                refs = finding.get('refs', '')
-                desc = finding.get('description', '')
+                refs = finding.get("refs", "")
+                desc = finding.get("description", "")
                 text = f"{refs} {desc}"
 
-                cve_matches = re.findall(r'CVE-\d{4}-\d{4,7}', text, re.IGNORECASE)
+                cve_matches = re.findall(r"CVE-\d{4}-\d{4,7}", text, re.IGNORECASE)
                 if cve_matches:
                     cve_id = cve_matches[0].upper()
 
@@ -112,17 +122,19 @@ class VulnerabilityCorrelator:
                 if cve_id not in cve_groups:
                     cve_groups[cve_id] = CorrelatedFinding(
                         cve_id=cve_id,
-                        service=finding.get('service', ''),
-                        port=finding.get('port', 0),
+                        service=finding.get("service", ""),
+                        port=finding.get("port", 0),
                         host_ip=self._extract_host_ip(finding),
-                        confidence=0.95  # High confidence for CVE matching
+                        confidence=0.95,  # High confidence for CVE matching
                     )
 
                 cve_groups[cve_id].add_finding(finding)
 
         return list(cve_groups.values())
 
-    def correlate_by_service(self, findings: List[Dict[str, Any]]) -> List[CorrelatedFinding]:
+    def correlate_by_service(
+        self, findings: List[Dict[str, Any]]
+    ) -> List[CorrelatedFinding]:
         """
         Group findings by service/port combination.
 
@@ -132,7 +144,7 @@ class VulnerabilityCorrelator:
 
         for finding in findings:
             host_ip = self._extract_host_ip(finding)
-            port = finding.get('port', 0)
+            port = finding.get("port", 0)
 
             # Skip findings without port/host
             if not host_ip or not port:
@@ -145,7 +157,7 @@ class VulnerabilityCorrelator:
                     service=self._extract_service_name(finding),
                     port=port,
                     host_ip=host_ip,
-                    confidence=0.7  # Medium-high confidence
+                    confidence=0.7,  # Medium-high confidence
                 )
 
             service_groups[key].add_finding(finding)
@@ -153,24 +165,39 @@ class VulnerabilityCorrelator:
         # Only return groups with multiple findings
         return [g for g in service_groups.values() if len(g.finding_ids) > 1]
 
-    def correlate_by_vulnerability_type(self, findings: List[Dict[str, Any]]) -> List[CorrelatedFinding]:
+    def correlate_by_vulnerability_type(
+        self, findings: List[Dict[str, Any]]
+    ) -> List[CorrelatedFinding]:
         """
         Group findings by vulnerability type (SQL injection, XSS, RCE, etc.).
         """
         vuln_types = {
-            'sqli': ['sql injection', 'sqlmap', 'blind sql'],
-            'xss': ['cross-site scripting', 'xss', 'reflected xss', 'stored xss'],
-            'rce': ['remote code execution', 'command injection', 'shell upload', 'arbitrary code'],
-            'lfi': ['local file inclusion', 'directory traversal', 'path traversal'],
-            'auth_bypass': ['authentication bypass', 'broken authentication', 'default credentials'],
-            'info_disclosure': ['information disclosure', 'sensitive data', 'directory listing']
+            "sqli": ["sql injection", "sqlmap", "blind sql"],
+            "xss": ["cross-site scripting", "xss", "reflected xss", "stored xss"],
+            "rce": [
+                "remote code execution",
+                "command injection",
+                "shell upload",
+                "arbitrary code",
+            ],
+            "lfi": ["local file inclusion", "directory traversal", "path traversal"],
+            "auth_bypass": [
+                "authentication bypass",
+                "broken authentication",
+                "default credentials",
+            ],
+            "info_disclosure": [
+                "information disclosure",
+                "sensitive data",
+                "directory listing",
+            ],
         }
 
         type_groups = {}
 
         for finding in findings:
-            title = finding.get('title', '').lower()
-            desc = finding.get('description', '').lower()
+            title = finding.get("title", "").lower()
+            desc = finding.get("description", "").lower()
             text = f"{title} {desc}"
 
             for vuln_type, keywords in vuln_types.items():
@@ -182,7 +209,7 @@ class VulnerabilityCorrelator:
                         type_groups[key] = CorrelatedFinding(
                             host_ip=host_ip,
                             description=f"Multiple {vuln_type.upper()} vulnerabilities",
-                            confidence=0.6
+                            confidence=0.6,
                         )
 
                     type_groups[key].add_finding(finding)
@@ -194,7 +221,7 @@ class VulnerabilityCorrelator:
         self,
         findings: List[Dict[str, Any]],
         credentials: List[Dict[str, Any]] = None,
-        smb_shares: List[Dict[str, Any]] = None
+        smb_shares: List[Dict[str, Any]] = None,
     ) -> List[AttackPath]:
         """
         Identify potential attack paths by chaining vulnerabilities and access.
@@ -221,7 +248,11 @@ class VulnerabilityCorrelator:
         for host_ip, host_findings in by_host.items():
             # Path 1: RCE + Valid Credentials
             rce_findings = [f for f in host_findings if self._is_rce(f)]
-            host_creds = [c for c in credentials if c.get('ip_address') == host_ip and c.get('status') == 'valid']
+            host_creds = [
+                c
+                for c in credentials
+                if c.get("ip_address") == host_ip and c.get("status") == "valid"
+            ]
 
             if rce_findings and host_creds:
                 path = AttackPath(
@@ -233,13 +264,15 @@ class VulnerabilityCorrelator:
                         f"1. Exploit {rce_findings[0].get('title')} for code execution",
                         f"2. Use valid credentials: {host_creds[0].get('username')} / {host_creds[0].get('password')}",
                         "3. Establish persistent access",
-                        "4. Escalate privileges if needed"
-                    ]
+                        "4. Escalate privileges if needed",
+                    ],
                 )
                 paths.append(path)
 
             # Path 2: SQL Injection + Database
-            sqli_findings = [f for f in host_findings if 'sql' in f.get('title', '').lower()]
+            sqli_findings = [
+                f for f in host_findings if "sql" in f.get("title", "").lower()
+            ]
             if sqli_findings:
                 path = AttackPath(
                     name=f"SQL Injection on {host_ip}",
@@ -250,13 +283,17 @@ class VulnerabilityCorrelator:
                         f"1. Exploit SQL injection: {sqli_findings[0].get('path', '')}",
                         "2. Enumerate database schema",
                         "3. Extract sensitive data (users, passwords, etc.)",
-                        "4. Attempt to read files or execute commands (if possible)"
-                    ]
+                        "4. Attempt to read files or execute commands (if possible)",
+                    ],
                 )
                 paths.append(path)
 
             # Path 3: Writable SMB + Any Access
-            host_shares = [s for s in smb_shares if s.get('ip_address') == host_ip and s.get('writable')]
+            host_shares = [
+                s
+                for s in smb_shares
+                if s.get("ip_address") == host_ip and s.get("writable")
+            ]
             if host_shares:
                 path = AttackPath(
                     name=f"Writable SMB Share on {host_ip}",
@@ -267,13 +304,18 @@ class VulnerabilityCorrelator:
                         f"1. Access writable share: \\\\{host_ip}\\{host_shares[0].get('share_name')}",
                         "2. Upload malicious files (exe, dll, script)",
                         "3. Wait for execution or trigger manually",
-                        "4. Gain code execution on the system"
-                    ]
+                        "4. Gain code execution on the system",
+                    ],
                 )
                 paths.append(path)
 
             # Path 4: Authentication Bypass + Service Access
-            auth_bypass = [f for f in host_findings if 'auth' in f.get('title', '').lower() and 'bypass' in f.get('title', '').lower()]
+            auth_bypass = [
+                f
+                for f in host_findings
+                if "auth" in f.get("title", "").lower()
+                and "bypass" in f.get("title", "").lower()
+            ]
             if auth_bypass:
                 path = AttackPath(
                     name=f"Authentication Bypass on {host_ip}",
@@ -284,28 +326,31 @@ class VulnerabilityCorrelator:
                         f"1. Exploit authentication bypass: {auth_bypass[0].get('title')}",
                         "2. Gain unauthorized access to application",
                         "3. Enumerate accessible functions",
-                        "4. Look for privilege escalation opportunities"
-                    ]
+                        "4. Look for privilege escalation opportunities",
+                    ],
                 )
                 paths.append(path)
 
         # Sort by impact and probability
-        impact_order = {'critical': 0, 'high': 1, 'medium': 2, 'low': 3}
-        paths.sort(key=lambda p: (impact_order.get(p.impact, 3), -p.success_probability))
+        impact_order = {"critical": 0, "high": 1, "medium": 2, "low": 3}
+        paths.sort(
+            key=lambda p: (impact_order.get(p.impact, 3), -p.success_probability)
+        )
 
         return paths
 
     def _extract_host_ip(self, finding: Dict[str, Any]) -> str:
         """Extract host IP from finding."""
         # Direct field
-        if 'ip_address' in finding:
-            return finding['ip_address']
+        if "ip_address" in finding:
+            return finding["ip_address"]
 
         # From target field
-        target = finding.get('target', '')
+        target = finding.get("target", "")
         # Extract IP from URL or plain IP
         import re
-        ip_match = re.search(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', target)
+
+        ip_match = re.search(r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", target)
         if ip_match:
             return ip_match.group(0)
 
@@ -313,30 +358,30 @@ class VulnerabilityCorrelator:
 
     def _extract_service_name(self, finding: Dict[str, Any]) -> str:
         """Extract service name from finding."""
-        if 'service' in finding:
-            return finding['service']
+        if "service" in finding:
+            return finding["service"]
 
         # Try to infer from tool
-        tool = finding.get('tool', '').lower()
-        if tool == 'nuclei':
-            return 'http'
-        elif tool == 'smbmap':
-            return 'smb'
-        elif tool == 'sqlmap':
-            return 'database'
+        tool = finding.get("tool", "").lower()
+        if tool == "nuclei":
+            return "http"
+        elif tool == "smbmap":
+            return "smb"
+        elif tool == "sqlmap":
+            return "database"
 
-        return finding.get('finding_type', 'unknown')
+        return finding.get("finding_type", "unknown")
 
     def _is_rce(self, finding: Dict[str, Any]) -> bool:
         """Check if finding is related to RCE."""
         text = f"{finding.get('title', '')} {finding.get('description', '')}".lower()
         rce_keywords = [
-            'remote code execution',
-            'command injection',
-            'arbitrary code',
-            'shell upload',
-            'code exec',
-            'rce'
+            "remote code execution",
+            "command injection",
+            "arbitrary code",
+            "shell upload",
+            "code exec",
+            "rce",
         ]
         return any(kw in text for kw in rce_keywords)
 
@@ -344,7 +389,7 @@ class VulnerabilityCorrelator:
         self,
         findings: List[Dict[str, Any]],
         credentials: List[Dict[str, Any]] = None,
-        smb_shares: List[Dict[str, Any]] = None
+        smb_shares: List[Dict[str, Any]] = None,
     ) -> Dict[str, Any]:
         """
         Generate a comprehensive correlation report.
@@ -365,18 +410,20 @@ class VulnerabilityCorrelator:
         attack_paths = self.find_attack_paths(findings, credentials, smb_shares)
 
         return {
-            'cve_correlations': [c.to_dict() for c in cve_corr],
-            'service_correlations': [c.to_dict() for c in service_corr],
-            'type_correlations': [c.to_dict() for c in type_corr],
-            'attack_paths': [p.to_dict() for p in attack_paths],
-            'summary': {
-                'total_findings': len(findings),
-                'cve_groups': len(cve_corr),
-                'service_groups': len(service_corr),
-                'type_groups': len(type_corr),
-                'attack_paths': len(attack_paths),
-                'high_confidence_correlations': len([c for c in cve_corr if c.confidence > 0.8])
-            }
+            "cve_correlations": [c.to_dict() for c in cve_corr],
+            "service_correlations": [c.to_dict() for c in service_corr],
+            "type_correlations": [c.to_dict() for c in type_corr],
+            "attack_paths": [p.to_dict() for p in attack_paths],
+            "summary": {
+                "total_findings": len(findings),
+                "cve_groups": len(cve_corr),
+                "service_groups": len(service_corr),
+                "type_groups": len(type_corr),
+                "attack_paths": len(attack_paths),
+                "high_confidence_correlations": len(
+                    [c for c in cve_corr if c.confidence > 0.8]
+                ),
+            },
         }
 
 

souleyez/core/web_utils.py

@@ -38,11 +38,11 @@ def check_http_redirect(ip: str, port: int = 80, timeout: int = 3) -> Dict[str,
          'final_url': 'https://example.com/', 'status_code': 200, 'error': None}
     """
     result = {
-        'redirects_to_https': False,
-        'final_scheme': 'http',
-        'final_url': None,
-        'status_code': None,
-        'error': None
+        "redirects_to_https": False,
+        "final_scheme": "http",
+        "final_url": None,
+        "status_code": None,
+        "error": None,
     }
 
     url = f"http://{ip}:{port}/"
@@ -56,32 +56,32 @@ def check_http_redirect(ip: str, port: int = 80, timeout: int = 3) -> Dict[str,
             timeout=timeout,
             verify=False,  # nosec B501 - pentesting tool needs to handle self-signed certs
             allow_redirects=True,
-            headers={'User-Agent': 'SoulEyez/1.0'}
+            headers={"User-Agent": "SoulEyez/1.0"},
         )
 
         # Get final URL after all redirects
         final_url = response.url
-        result['final_url'] = final_url
-        result['status_code'] = response.status_code
+        result["final_url"] = final_url
+        result["status_code"] = response.status_code
 
         # Parse final URL to get scheme
         parsed = urlparse(final_url)
-        result['final_scheme'] = parsed.scheme
+        result["final_scheme"] = parsed.scheme
 
         # Check if we ended up on HTTPS
-        if parsed.scheme == 'https':
-            result['redirects_to_https'] = True
+        if parsed.scheme == "https":
+            result["redirects_to_https"] = True
 
     except requests.exceptions.Timeout:
-        result['error'] = f'Timeout after {timeout}s'
+        result["error"] = f"Timeout after {timeout}s"
     except requests.exceptions.SSLError as e:
-        result['error'] = f'SSL error: {str(e)[:100]}'
+        result["error"] = f"SSL error: {str(e)[:100]}"
     except requests.exceptions.ConnectionError as e:
-        result['error'] = f'Connection error: {str(e)[:100]}'
+        result["error"] = f"Connection error: {str(e)[:100]}"
     except requests.exceptions.RequestException as e:
-        result['error'] = f'Request error: {str(e)[:100]}'
+        result["error"] = f"Request error: {str(e)[:100]}"
     except Exception as e:
-        result['error'] = f'Unexpected error: {str(e)[:100]}'
+        result["error"] = f"Unexpected error: {str(e)[:100]}"
 
     return result
 
@@ -101,11 +101,11 @@ def check_https_redirect(ip: str, port: int = 443, timeout: int = 3) -> Dict[str
         Dictionary with redirect information (same format as check_http_redirect)
     """
     result = {
-        'redirects_to_http': False,
-        'final_scheme': 'https',
-        'final_url': None,
-        'status_code': None,
-        'error': None
+        "redirects_to_http": False,
+        "final_scheme": "https",
+        "final_url": None,
+        "status_code": None,
+        "error": None,
     }
 
     url = f"https://{ip}:{port}/"
@@ -116,33 +116,34 @@ def check_https_redirect(ip: str, port: int = 443, timeout: int = 3) -> Dict[str
             timeout=timeout,
             verify=False,  # nosec B501 - pentesting tool needs to handle self-signed certs
             allow_redirects=True,
-            headers={'User-Agent': 'SoulEyez/1.0'}
+            headers={"User-Agent": "SoulEyez/1.0"},
         )
 
         final_url = response.url
-        result['final_url'] = final_url
-        result['status_code'] = response.status_code
+        result["final_url"] = final_url
+        result["status_code"] = response.status_code
 
         parsed = urlparse(final_url)
-        result['final_scheme'] = parsed.scheme
+        result["final_scheme"] = parsed.scheme
 
-        if parsed.scheme == 'http':
-            result['redirects_to_http'] = True
+        if parsed.scheme == "http":
+            result["redirects_to_http"] = True
 
     except requests.exceptions.Timeout:
-        result['error'] = f'Timeout after {timeout}s'
+        result["error"] = f"Timeout after {timeout}s"
     except requests.exceptions.SSLError as e:
-        result['error'] = f'SSL error: {str(e)[:100]}'
+        result["error"] = f"SSL error: {str(e)[:100]}"
     except requests.exceptions.ConnectionError as e:
-        result['error'] = f'Connection error: {str(e)[:100]}'
+        result["error"] = f"Connection error: {str(e)[:100]}"
     except requests.exceptions.RequestException as e:
-        result['error'] = f'Request error: {str(e)[:100]}'
+        result["error"] = f"Request error: {str(e)[:100]}"
     except Exception as e:
-        result['error'] = f'Unexpected error: {str(e)[:100]}'
+        result["error"] = f"Unexpected error: {str(e)[:100]}"
 
     return result
 
 
 # Suppress SSL warnings for pentesting context
 import urllib3
+
 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)