souleyez 2.43.34__py3-none-any.whl → 3.0.7__py3-none-any.whl

souleyez/plugins/hydra.py

@@ -4,13 +4,15 @@ souleyez.plugins.hydra
 
 Hydra network login brute-forcer plugin.
 """
+
 import subprocess
 import time
 from typing import List
 from urllib.parse import urlparse
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "Hydra — Network Login Brute-Forcer",
@@ -840,8 +842,8 @@ class HydraPlugin(PluginBase):
             return None
 
         # If multiple targets, create a temporary file and use -M flag
-        import tempfile
         import os
+        import tempfile
 
         # Hydra syntax: hydra [OPTIONS] target service [SERVICE-OPTIONS]
         # Need to split args into: global options, service type, and service options
@@ -983,8 +985,8 @@ class HydraPlugin(PluginBase):
             raise ValueError(f"Invalid target: {e}")
 
         # If multiple targets, create a temporary file and use -M flag
-        import tempfile
         import os
+        import tempfile
 
         if len(validated_targets) > 1:
             # Create temp file with targets

souleyez/plugins/impacket_common.py

@@ -0,0 +1,40 @@
+#!/usr/bin/env python3
+"""
+souleyez.plugins.impacket_common - Shared utilities for Impacket plugins
+
+Handles differences between Kali (apt) and Ubuntu (pipx) installations.
+"""
+
+import shutil
+from typing import Optional
+
+
+def find_impacket_command(tool_name: str) -> Optional[str]:
+    """
+    Find the correct Impacket command (varies by install method).
+
+    On Kali (apt install python3-impacket):
+        - Commands are: impacket-GetNPUsers, impacket-secretsdump, etc.
+
+    On Ubuntu (pipx install impacket):
+        - Commands are: GetNPUsers.py, secretsdump.py, etc.
+        - Or without .py: GetNPUsers, secretsdump
+
+    Args:
+        tool_name: Base tool name like "GetNPUsers", "secretsdump", "psexec"
+
+    Returns:
+        The actual command that exists on the system, or None if not found
+    """
+    # Possible command names in order of preference
+    candidates = [
+        f"impacket-{tool_name}",  # Kali apt style
+        f"{tool_name}.py",  # Ubuntu pipx style
+        tool_name,  # Direct name
+    ]
+
+    for cmd in candidates:
+        if shutil.which(cmd):
+            return cmd
+
+    return None

souleyez/plugins/impacket_getnpusers.py

@@ -2,10 +2,12 @@
 """
 souleyez.plugins.impacket_getnpusers - AS-REP Roasting attack
 """
+
 import subprocess
 import time
 from typing import List
 
+from .impacket_common import find_impacket_command
 from .plugin_base import PluginBase
 
 HELP = {
@@ -164,9 +166,14 @@ class ImpacketGetNPUsersPlugin(PluginBase):
         # Replace <target> placeholder
         args = [arg.replace("<target>", target) for arg in args]
 
+        # Find the correct command (varies by install: apt vs pipx)
+        getnpusers_cmd = find_impacket_command("GetNPUsers")
+        if not getnpusers_cmd:
+            return None  # Tool not installed
+
         # Build command - GetNPUsers expects: domain/ -dc-ip <ip> [options]
         # Check if first arg is a domain (contains / or looks like domain.tld)
-        cmd = ["impacket-GetNPUsers"]
+        cmd = [getnpusers_cmd]
 
         # If args starts with domain/, use that as positional arg (not target IP)
         if args and ("/" in args[0] or args[0].count(".") >= 1):
@@ -191,8 +198,18 @@ class ImpacketGetNPUsersPlugin(PluginBase):
         # Replace <target> placeholder
         args = [arg.replace("<target>", target) for arg in args]
 
+        # Find the correct command (varies by install: apt vs pipx)
+        getnpusers_cmd = find_impacket_command("GetNPUsers")
+        if not getnpusers_cmd:
+            if log_path:
+                with open(log_path, "w", encoding="utf-8") as fh:
+                    fh.write("ERROR: GetNPUsers not found. Install with:\n")
+                    fh.write("  Kali: sudo apt install python3-impacket\n")
+                    fh.write("  Ubuntu: pipx install impacket\n")
+            return 1
+
         # Build command - GetNPUsers expects: domain/ -dc-ip <ip> [options]
-        cmd = ["impacket-GetNPUsers"]
+        cmd = [getnpusers_cmd]
 
         # If args starts with domain/, use that as positional arg (not target IP)
         if args and ("/" in args[0] or args[0].count(".") >= 1):

souleyez/plugins/impacket_getuserspns.py

@@ -0,0 +1,158 @@
+#!/usr/bin/env python3
+"""
+souleyez.plugins.impacket_getuserspns - Kerberoasting attack (GetUserSPNs)
+"""
+
+import subprocess
+import time
+from typing import List
+
+from .impacket_common import find_impacket_command
+from .plugin_base import PluginBase
+
+HELP = {
+    "name": "Impacket GetUserSPNs - Kerberoasting",
+    "description": (
+        "Need to extract Kerberos TGS hashes for offline cracking?\n\n"
+        "GetUserSPNs performs Kerberoasting, extracting TGS tickets for service accounts "
+        "that can be cracked offline with hashcat or john.\n\n"
+        "Use GetUserSPNs after getting domain credentials to:\n"
+        "- Find service accounts with SPNs (Service Principal Names)\n"
+        "- Extract TGS tickets/hashes for offline cracking\n"
+        "- Identify weak service account passwords\n"
+        "- Escalate privileges via cracked service accounts\n\n"
+        "Quick tips:\n"
+        "- Requires valid domain credentials (from GPP, password spray, etc.)\n"
+        "- Output format compatible with hashcat mode 13100\n"
+        "- Use -request to actually request TGS tickets\n"
+    ),
+    "usage": 'souleyez jobs enqueue impacket-getuserspns <domain>/<user>:<pass>@<dc> --args "-request"',
+    "examples": [
+        'souleyez jobs enqueue impacket-getuserspns "active.htb/svc_tgs:GPPstillStandingStrong2k18@10.129.5.167" --args "-request"',
+        'souleyez jobs enqueue impacket-getuserspns "corp.local/admin:Password1@dc01.corp.local" --args "-dc-ip 192.168.1.10 -request"',
+    ],
+    "flags": [
+        ["-dc-ip <ip>", "IP address of the domain controller"],
+        ["-request", "Request TGS tickets (required for cracking)"],
+        ["-outputfile <file>", "Save TGS hashes to file"],
+    ],
+}
+
+
+class ImpacketGetUserSPNsPlugin(PluginBase):
+    name = "Impacket GetUserSPNs"
+    tool = "impacket-getuserspns"
+    category = "credential_access"
+    HELP = HELP
+
+    def build_command(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ):
+        """Build command for background execution with PID tracking."""
+        args = args or []
+
+        # Replace <target> placeholder
+        args = [arg.replace("<target>", target) for arg in args]
+
+        # Find the correct command (varies by install: apt vs pipx)
+        getuserspns_cmd = find_impacket_command("GetUserSPNs")
+        if not getuserspns_cmd:
+            return None  # Tool not installed
+
+        # Build command - GetUserSPNs expects: domain/user:pass@host [options]
+        cmd = [getuserspns_cmd]
+
+        # If first arg looks like credentials (contains / and @), use it as positional
+        if args and "/" in args[0]:
+            cmd.append(args[0])
+            args = args[1:]
+        else:
+            cmd.append(target)
+
+        cmd.extend(args)
+
+        return {"cmd": cmd, "timeout": 1800}
+
+    def run(
+        self, target: str, args: List[str] = None, label: str = "", log_path: str = None
+    ) -> int:
+        """Execute impacket-GetUserSPNs and write output to log_path."""
+
+        args = args or []
+
+        # Replace <target> placeholder
+        args = [arg.replace("<target>", target) for arg in args]
+
+        # Find the correct command (varies by install: apt vs pipx)
+        getuserspns_cmd = find_impacket_command("GetUserSPNs")
+        if not getuserspns_cmd:
+            if log_path:
+                with open(log_path, "w", encoding="utf-8") as fh:
+                    fh.write("ERROR: GetUserSPNs not found. Install with:\n")
+                    fh.write("  Kali: sudo apt install python3-impacket\n")
+                    fh.write("  Ubuntu: pipx install impacket\n")
+            return 1
+
+        # Build command
+        cmd = [getuserspns_cmd]
+
+        # If first arg looks like credentials, use it as positional
+        if args and "/" in args[0]:
+            cmd.append(args[0])
+            args = args[1:]
+        else:
+            cmd.append(target)
+
+        cmd.extend(args)
+
+        if not log_path:
+            try:
+                proc = subprocess.run(
+                    cmd, capture_output=True, timeout=300, check=False
+                )
+                return proc.returncode
+            except Exception:
+                return 1
+
+        try:
+            # Create metadata header
+            with open(log_path, "w", encoding="utf-8", errors="replace") as fh:
+                fh.write(f"=== Plugin: Impacket GetUserSPNs ===\n")
+                fh.write(f"Target: {target}\n")
+                fh.write(f"Args: {args}\n")
+                fh.write(f"Label: {label}\n")
+                fh.write(
+                    f"Started: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())}\n"
+                )
+                fh.write(f"Command: {' '.join(cmd)}\n\n")
+
+            # Run GetUserSPNs
+            proc = subprocess.run(
+                cmd, capture_output=True, timeout=300, check=False, text=True
+            )
+
+            # Write output
+            with open(log_path, "a", encoding="utf-8", errors="replace") as fh:
+                if proc.stdout:
+                    fh.write(proc.stdout)
+                if proc.stderr:
+                    fh.write(proc.stderr)
+                fh.write(
+                    f"\n=== Completed: {time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime())} ===\n"
+                )
+                fh.write(f"Exit Code: {proc.returncode}\n")
+
+            return proc.returncode
+
+        except subprocess.TimeoutExpired:
+            with open(log_path, "a", encoding="utf-8", errors="replace") as fh:
+                fh.write("\n\nERROR: GetUserSPNs timed out after 300 seconds\n")
+            return 124
+
+        except Exception as e:
+            with open(log_path, "a", encoding="utf-8", errors="replace") as fh:
+                fh.write(f"\n\nERROR: {str(e)}\n")
+            return 1
+
+
+plugin = ImpacketGetUserSPNsPlugin()

souleyez/plugins/impacket_psexec.py

@@ -2,10 +2,12 @@
 """
 souleyez.plugins.impacket_psexec - Remote command execution via SMB
 """
+
 import subprocess
 import time
 from typing import List
 
+from .impacket_common import find_impacket_command
 from .plugin_base import PluginBase
 
 HELP = {
@@ -166,8 +168,13 @@ class ImpacketPsexecPlugin(PluginBase):
         # Replace <target> placeholder
         args = [arg.replace("<target>", target) for arg in args]
 
+        # Find the correct command (varies by install: apt vs pipx)
+        psexec_cmd = find_impacket_command("psexec")
+        if not psexec_cmd:
+            return None  # Tool not installed
+
         # Build command (args should include credentials)
-        cmd = ["impacket-psexec"] + args
+        cmd = [psexec_cmd] + args
 
         return {"cmd": cmd, "timeout": 1800}
 
@@ -181,8 +188,18 @@ class ImpacketPsexecPlugin(PluginBase):
         # Replace <target> placeholder
         args = [arg.replace("<target>", target) for arg in args]
 
+        # Find the correct command (varies by install: apt vs pipx)
+        psexec_cmd = find_impacket_command("psexec")
+        if not psexec_cmd:
+            if log_path:
+                with open(log_path, "w", encoding="utf-8") as fh:
+                    fh.write("ERROR: psexec not found. Install with:\n")
+                    fh.write("  Kali: sudo apt install python3-impacket\n")
+                    fh.write("  Ubuntu: pipx install impacket\n")
+            return 1
+
         # Build command
-        cmd = ["impacket-psexec"]
+        cmd = [psexec_cmd]
 
         # Add args (should include credentials like "DOMAIN/user:pass@host")
         cmd.extend(args)

souleyez/plugins/impacket_secretsdump.py

@@ -2,10 +2,12 @@
 """
 souleyez.plugins.impacket_secretsdump - Dump credentials from SAM/NTDS/LSA
 """
+
 import subprocess
 import time
 from typing import List
 
+from .impacket_common import find_impacket_command
 from .plugin_base import PluginBase
 
 HELP = {
@@ -190,8 +192,13 @@ class ImpacketSecretsdumpPlugin(PluginBase):
         # Replace <target> placeholder
         args = [arg.replace("<target>", target) for arg in args]
 
+        # Find the correct command (varies by install: apt vs pipx)
+        secretsdump_cmd = find_impacket_command("secretsdump")
+        if not secretsdump_cmd:
+            return None  # Tool not installed
+
         # Build command (args should include credentials)
-        cmd = ["impacket-secretsdump"] + args
+        cmd = [secretsdump_cmd] + args
 
         return {"cmd": cmd, "timeout": 1800}
 
@@ -205,8 +212,18 @@ class ImpacketSecretsdumpPlugin(PluginBase):
         # Replace <target> placeholder
         args = [arg.replace("<target>", target) for arg in args]
 
+        # Find the correct command (varies by install: apt vs pipx)
+        secretsdump_cmd = find_impacket_command("secretsdump")
+        if not secretsdump_cmd:
+            if log_path:
+                with open(log_path, "w", encoding="utf-8") as fh:
+                    fh.write("ERROR: secretsdump not found. Install with:\n")
+                    fh.write("  Kali: sudo apt install python3-impacket\n")
+                    fh.write("  Ubuntu: pipx install impacket\n")
+            return 1
+
         # Build command
-        cmd = ["impacket-secretsdump"]
+        cmd = [secretsdump_cmd]
 
         # Add target/credentials (should be in args like "DOMAIN/user:pass@host")
         cmd.extend(args)

souleyez/plugins/impacket_smbclient.py

@@ -2,10 +2,12 @@
 """
 souleyez.plugins.impacket_smbclient - SMB client for file operations
 """
+
 import subprocess
 import time
 from typing import List
 
+from .impacket_common import find_impacket_command
 from .plugin_base import PluginBase
 
 HELP = {
@@ -161,8 +163,13 @@ class ImpacketSmbclientPlugin(PluginBase):
         # Replace <target> placeholder
         args = [arg.replace("<target>", target) for arg in args]
 
+        # Find the correct command (varies by install: apt vs pipx)
+        smbclient_cmd = find_impacket_command("smbclient")
+        if not smbclient_cmd:
+            return None  # Tool not installed
+
         # Build command (args should include credentials)
-        cmd = ["impacket-smbclient"] + args
+        cmd = [smbclient_cmd] + args
 
         return {"cmd": cmd, "timeout": 1800}
 
@@ -176,8 +183,18 @@ class ImpacketSmbclientPlugin(PluginBase):
         # Replace <target> placeholder
         args = [arg.replace("<target>", target) for arg in args]
 
+        # Find the correct command (varies by install: apt vs pipx)
+        smbclient_cmd = find_impacket_command("smbclient")
+        if not smbclient_cmd:
+            if log_path:
+                with open(log_path, "w", encoding="utf-8") as fh:
+                    fh.write("ERROR: smbclient not found. Install with:\n")
+                    fh.write("  Kali: sudo apt install python3-impacket\n")
+                    fh.write("  Ubuntu: pipx install impacket\n")
+            return 1
+
         # Build command
-        cmd = ["impacket-smbclient"]
+        cmd = [smbclient_cmd]
 
         # Add args (should include credentials like "DOMAIN/user:pass@host")
         cmd.extend(args)

souleyez/plugins/john.py

@@ -4,9 +4,10 @@ souleyez.plugins.john
 
 John the Ripper password cracking plugin.
 """
+
+import os
 import subprocess
 import time
-import os
 from typing import List
 
 from .plugin_base import PluginBase

souleyez/plugins/katana.py

@@ -5,12 +5,14 @@ souleyez.plugins.katana - Web crawling and spidering for parameter discovery
 Katana is a next-generation crawling and spidering framework from ProjectDiscovery.
 It discovers endpoints, parameters, forms, and JavaScript-rendered routes.
 """
-import subprocess
+
 import shutil
-from typing import List, Optional, Dict, Any
+import subprocess
+from typing import Any, Dict, List, Optional
+
+from souleyez.security.validation import ValidationError, validate_url
 
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_url, ValidationError
 
 HELP = {
     "name": "Katana - Web Crawler & Spider",
@@ -126,6 +128,34 @@ class KatanaPlugin(PluginBase):
     category = "vulnerability_analysis"
     HELP = HELP
 
+    def _is_snap_chromium(self) -> bool:
+        """
+        Check if chromium is installed via snap.
+
+        Snap chromium has sandboxing that breaks headless mode with katana.
+        Returns True if chromium path contains 'snap'.
+        """
+        chromium_binaries = ["chromium", "chromium-browser", "google-chrome", "chrome"]
+        for binary in chromium_binaries:
+            path = shutil.which(binary)
+            if path and "snap" in path:
+                return True
+        return False
+
+    def _is_arm64_linux(self) -> bool:
+        """
+        Check if running on ARM64 Linux.
+
+        go-rod (katana's headless library) doesn't have ARM64 chromium binaries
+        available for download, so headless mode fails silently on ARM64.
+        """
+        import platform
+
+        return platform.system() == "Linux" and platform.machine() in (
+            "aarch64",
+            "arm64",
+        )
+
     def check_tool_available(self) -> tuple:
         """
         Check if katana and chromium are installed.
@@ -221,9 +251,21 @@ class KatanaPlugin(PluginBase):
         cmd.extend(args)
 
         # Set defaults if not specified
-        # Headless mode by default (unless -no-headless specified)
-        if "-headless" not in args and "-no-headless" not in args:
-            cmd.append("-headless")
+        # Headless mode by default - required for proper JavaScript execution
+        # However, ARM64 Linux doesn't have go-rod chromium binaries available,
+        # so we skip headless mode and rely on JavaScript endpoint extraction instead
+        if "-headless" not in args:
+            if self._is_arm64_linux():
+                # ARM64: go-rod can't find chromium binary, headless silently fails
+                # Skip headless mode - the handler will extract endpoints from JS files
+                if log_path:
+                    with open(log_path, "a") as f:
+                        f.write(
+                            "NOTE: ARM64 Linux detected, using standard crawl mode. "
+                            "API endpoints will be extracted from JavaScript files.\n"
+                        )
+            else:
+                cmd.append("-headless")
 
         # JavaScript crawling by default
         if "-jc" not in args:

souleyez/plugins/kerbrute.py

@@ -2,6 +2,7 @@
 """
 souleyez.plugins.kerbrute - Kerberos username enumeration and password spraying
 """
+
 import subprocess
 import time
 from typing import List

souleyez/plugins/lfi_extract.py

@@ -11,6 +11,7 @@ A custom SoulEyez tool that:
 This is "glue" tooling - it bridges the gap between LFI discovery and
 credential exploitation.
 """
+
 import base64
 import json
 import re

souleyez/plugins/macos_ssh.py

@@ -5,12 +5,14 @@ souleyez.plugins.macos_ssh
 macOS SSH brute force plugin using Hydra.
 Attacks SSH on macOS systems with common credentials.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "macOS SSH Brute — Remote Login Attack",

souleyez/plugins/mdns.py

@@ -5,12 +5,14 @@ souleyez.plugins.mdns
 mDNS/Bonjour discovery plugin.
 Discovers Apple devices and services via multicast DNS.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "mDNS — Bonjour Service Discovery",

souleyez/plugins/msf_auxiliary.py

@@ -2,10 +2,11 @@
 """
 souleyez.plugins.msf_auxiliary - Metasploit Framework auxiliary scanner wrapper
 """
-from typing import List
-from pathlib import Path
+
 import subprocess
 import time
+from pathlib import Path
+from typing import List
 
 from .plugin_base import PluginBase
 

souleyez/plugins/msf_exploit.py

@@ -6,12 +6,13 @@ Supports two execution modes:
 1. RPC Mode (Pro only): Uses msfrpcd for persistent sessions
 2. Console Mode: Uses msfconsole subprocess (sessions die on job completion)
 """
-from typing import List, Dict, Any, Optional
-import subprocess
-import time
-import socket
+
 import logging
 import re
+import socket
+import subprocess
+import time
+from typing import Any, Dict, List, Optional
 
 from .plugin_base import PluginBase
 
@@ -155,8 +156,8 @@ class MsfExploitPlugin(PluginBase):
         3. msfrpcd is running and accessible
         """
         try:
-            from souleyez.core.msf_rpc_manager import is_pro_enabled
             from souleyez import config
+            from souleyez.core.msf_rpc_manager import is_pro_enabled
 
             # Must have Pro license
             if not is_pro_enabled():

souleyez/plugins/nikto.py

@@ -2,14 +2,17 @@
 """
 souleyez.plugins.nikto - Web server vulnerability scanner
 """
+
 from __future__ import annotations
+
+import re
 import subprocess
 import time
-import re
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_url
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_url, ValidationError
 
 HELP = {
     "name": "Nikto - Web Server Vulnerability Scanner",

souleyez/plugins/nmap.py

@@ -2,17 +2,19 @@
 """
 souleyez.plugins.nmap
 """
-from typing import List
+
 import subprocess
 import time
+from typing import List
 
-from .plugin_base import PluginBase
 from souleyez.security.validation import (
-    validate_target,
-    validate_nmap_args,
     ValidationError,
+    validate_nmap_args,
+    validate_target,
 )
 
+from .plugin_base import PluginBase
+
 HELP = {
     "name": "Nmap — Network Scanner",
     "description": (

souleyez/plugins/nuclei.py

@@ -2,12 +2,14 @@
 """
 souleyez.plugins.nuclei - Modern vulnerability scanner with 5000+ templates
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_url
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_url, ValidationError
 
 HELP = {
     "name": "Nuclei - Modern Vulnerability Scanner",