souleyez 2.43.34__py3-none-any.whl → 3.0.7__py3-none-any.whl

souleyez/plugins/nxc.py

@@ -2,6 +2,7 @@
 """
 souleyez.plugins.nxc - NetExec (successor to CrackMapExec) for SMB/WinRM/etc
 """
+
 import subprocess
 import time
 from typing import List

souleyez/plugins/plugin_base.py

@@ -7,7 +7,8 @@ Changes in v2.2:
 - Modified run() to support build_command() pattern
 - Backward compatibility maintained
 """
-from typing import Optional, List, Dict, Any
+
+from typing import Any, Dict, List, Optional
 
 
 class PluginBase:
@@ -113,8 +114,8 @@ class PluginBase:
         cmd_spec = self.build_command(target, args, label, log_path)
         if cmd_spec is not None:
             # build_command() is implemented, execute via subprocess
-            import subprocess
             import os
+            import subprocess
 
             cmd = cmd_spec.get("cmd")
             if not cmd:

souleyez/plugins/plugin_template.py

@@ -7,10 +7,11 @@ Guidance:
 - run(prepared): execute tool, write raw output to prepared['outdir'], then return ScanResult dict
 - Keep run side-effectful (it actually invokes tools); keep prepare lightweight.
 """
-from pathlib import Path
+
 import subprocess
 import time
-from typing import Dict, Any, List, Optional
+from pathlib import Path
+from typing import Any, Dict, List, Optional
 
 from ..engine.base import ScannerPlugin, ScanResult
 

souleyez/plugins/rdp_sec_check.py

@@ -2,6 +2,7 @@
 """
 souleyez.plugins.rdp_sec_check - RDP security configuration checker
 """
+
 import subprocess
 import time
 from typing import List

souleyez/plugins/responder.py

@@ -2,8 +2,9 @@
 """
 Responder plugin - LLMNR/NBT-NS poisoning for credential capture.
 """
-import subprocess
+
 import os
+import subprocess
 from pathlib import Path
 
 HELP = {

souleyez/plugins/router_http_brute.py

@@ -5,12 +5,14 @@ souleyez.plugins.router_http_brute
 Router web admin brute force plugin using Hydra.
 Targets common router login pages with default credentials.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "Router HTTP Brute — Web Admin Login Attack",

souleyez/plugins/router_ssh_brute.py

@@ -5,12 +5,14 @@ souleyez.plugins.router_ssh_brute
 Router SSH brute force plugin using Hydra.
 Targets routers with SSH management enabled.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "Router SSH Brute — SSH Login Attack",

souleyez/plugins/router_telnet_brute.py

@@ -5,12 +5,14 @@ souleyez.plugins.router_telnet_brute
 Router Telnet brute force plugin using Hydra.
 Targets routers with Telnet management enabled.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "Router Telnet Brute — Telnet Login Attack",

souleyez/plugins/routersploit.py

@@ -5,13 +5,15 @@ souleyez.plugins.routersploit
 RouterSploit vulnerability scanner plugin.
 Scans routers and embedded devices for known vulnerabilities.
 """
-import subprocess
+
 import shutil
+import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "RouterSploit — Router Vulnerability Scanner",
@@ -205,8 +207,8 @@ exit
 """
 
         # Write resource script and run rsf
-        import tempfile
         import os
+        import tempfile
 
         fd, rc_file = tempfile.mkstemp(suffix=".rsf", prefix="routersploit_")
         try:

souleyez/plugins/routersploit_exploit.py

@@ -5,13 +5,15 @@ souleyez.plugins.routersploit_exploit
 RouterSploit exploit execution plugin.
 Runs specific exploits against vulnerable routers.
 """
-import subprocess
+
 import shutil
+import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "RouterSploit Exploit — Router Exploitation",
@@ -166,8 +168,8 @@ run
 exit
 """
 
-        import tempfile
         import os
+        import tempfile
 
         fd, rc_file = tempfile.mkstemp(suffix=".rsf", prefix="rsf_exploit_")
         try:

souleyez/plugins/searchsploit.py

@@ -2,6 +2,7 @@
 """
 souleyez.plugins.searchsploit - Search Exploit-DB for vulnerabilities and exploits
 """
+
 import subprocess
 import time
 from typing import List

souleyez/plugins/service_explorer.py

@@ -13,6 +13,7 @@ Connects to and explores various services after access is discovered:
 
 This tool is designed to auto-chain from discovery tools when access is found.
 """
+
 import ftplib  # nosec B402 - intentional for pentesting FTP services
 import json
 import os
@@ -792,9 +793,9 @@ class NFSHandler(ProtocolHandler):
 
     def download_file(self, remote_path: str, local_path: str) -> bool:
         """Download file from NFS share."""
+        import shutil
         import subprocess
         import tempfile
-        import shutil
 
         if not self.mount_point:
             self.mount_point = tempfile.mkdtemp(prefix="souleyez_nfs_")

souleyez/plugins/smbmap.py

@@ -2,12 +2,14 @@
 """
 souleyez.plugins.smbmap - SMB share enumeration and permission mapping
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "SMBMap — SMB Share Enumerator",

souleyez/plugins/smbpasswd.py

@@ -4,6 +4,7 @@ souleyez.plugins.smbpasswd
 
 SMB Password Change plugin - changes passwords for users with STATUS_PASSWORD_MUST_CHANGE.
 """
+
 import subprocess
 import time
 from typing import List

souleyez/plugins/sqlmap.py

@@ -4,12 +4,14 @@ souleyez.plugins.sqlmap
 
 SQLMap SQL injection detection and exploitation plugin with unified interface.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_url
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_url, ValidationError
 
 HELP = {
     "name": "SQLMap — Automated SQL Injection Detection & Exploitation Tool",

souleyez/plugins/theharvester.py

@@ -4,12 +4,14 @@ souleyez.plugins.theharvester
 
 theHarvester OSINT plugin with unified interface.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_hostname
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_hostname, ValidationError
 
 HELP = {
     "name": "theHarvester — Public Recon & Harvesting Tool",

souleyez/plugins/tr069.py

@@ -5,12 +5,14 @@ souleyez.plugins.tr069
 TR-069 (CWMP) detection and enumeration plugin.
 Detects ISP remote management protocol on routers.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "TR-069 — ISP Remote Management Detection",

souleyez/plugins/upnp.py

@@ -5,12 +5,14 @@ souleyez.plugins.upnp
 UPnP (Universal Plug and Play) enumeration plugin using nmap scripts.
 Discovers UPnP services, device info, and potential misconfigurations.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "UPnP — Router/IoT Discovery",

souleyez/plugins/upnp_abuse.py

@@ -5,13 +5,15 @@ souleyez.plugins.upnp_abuse
 UPnP abuse plugin for adding/removing port forwards and extracting info.
 Uses miniupnpc library to interact with UPnP-enabled routers.
 """
-import subprocess
+
 import shutil
+import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "UPnP Abuse — Port Forward Manipulation",

souleyez/plugins/vnc_access.py

@@ -5,13 +5,15 @@ souleyez.plugins.vnc_access
 VNC access plugin for connecting to VNC servers.
 Used after successful credential discovery.
 """
-import subprocess
+
 import shutil
+import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "VNC Access — Connect to Screen Sharing",

souleyez/plugins/vnc_brute.py

@@ -5,12 +5,14 @@ souleyez.plugins.vnc_brute
 VNC brute force plugin using Hydra.
 Attacks VNC/Screen Sharing on macOS systems.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "VNC Brute — Screen Sharing Attack",

souleyez/plugins/web_login_test.py

@@ -5,6 +5,7 @@ souleyez.plugins.web_login_test - Web login credential testing
 Tests cracked credentials against web login endpoints.
 Supports both JSON REST APIs and traditional HTML form logins.
 """
+
 import json
 import re
 import ssl

souleyez/plugins/whois.py

@@ -4,12 +4,14 @@ souleyez.plugins.whois
 
 WHOIS domain information lookup plugin.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "WHOIS — Domain Registration Information",

souleyez/plugins/wpscan.py

@@ -4,14 +4,16 @@ souleyez.plugins.wpscan
 
 WPScan WordPress vulnerability scanner plugin.
 """
+
 import os
 import subprocess
 import time
 from typing import List
 from urllib.parse import urlparse, urlunparse
 
+from souleyez.security.validation import ValidationError, validate_url
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_url, ValidationError
 
 HELP = {
     "name": "WPScan — WordPress Security Scanner",
@@ -188,6 +190,44 @@ class WpscanPlugin(PluginBase):
         base = urlunparse((parsed.scheme, parsed.netloc, path, "", "", ""))
         return base
 
+    def _fix_enumerate_args(self, args: List[str]) -> List[str]:
+        """
+        Fix incompatible WPScan enumerate options.
+
+        WPScan has mutually exclusive options:
+        - vp (vulnerable plugins) and ap (all plugins) cannot be used together
+        - vt (vulnerable themes) and at (all themes) cannot be used together
+
+        If both are present, prefer the vulnerable-only option (vp/vt) as it's
+        faster and more focused.
+        """
+        new_args = []
+        i = 0
+        while i < len(args):
+            arg = args[i]
+            if arg == "--enumerate" and i + 1 < len(args):
+                enum_value = args[i + 1]
+                # Parse the enumerate options
+                options = [opt.strip() for opt in enum_value.split(",")]
+
+                # Fix incompatible options
+                # If both vp and ap, remove ap (prefer vulnerable-only)
+                if "vp" in options and "ap" in options:
+                    options.remove("ap")
+                # If both vt and at, remove at (prefer vulnerable-only)
+                if "vt" in options and "at" in options:
+                    options.remove("at")
+
+                # Rebuild enumerate value
+                new_args.append("--enumerate")
+                new_args.append(",".join(options))
+                i += 2
+            else:
+                new_args.append(arg)
+                i += 1
+
+        return new_args
+
     def build_command(
         self, target: str, args: List[str] = None, label: str = "", log_path: str = None
     ):
@@ -217,6 +257,11 @@ class WpscanPlugin(PluginBase):
 
         args = args or []
 
+        # Fix incompatible enumerate options (vp/ap, vt/at are mutually exclusive)
+        # vp = vulnerable plugins, ap = all plugins (can't use both)
+        # vt = vulnerable themes, at = all themes (can't use both)
+        args = self._fix_enumerate_args(args)
+
         # Add --disable-tls-checks for HTTPS targets (handles self-signed certs)
         if target.startswith("https://") and "--disable-tls-checks" not in args:
             args = ["--disable-tls-checks"] + args
@@ -268,6 +313,9 @@ class WpscanPlugin(PluginBase):
         if args is None:
             args = []
 
+        # Fix incompatible enumerate options (vp/ap, vt/at are mutually exclusive)
+        args = self._fix_enumerate_args(args)
+
         # Add --disable-tls-checks for HTTPS targets (handles self-signed certs)
         if target.startswith("https://") and "--disable-tls-checks" not in args:
             args = ["--disable-tls-checks"] + args

souleyez/reporting/attack_chain.py

@@ -3,8 +3,9 @@
 Attack chain analysis and visualization.
 Builds attack graphs from evidence timeline and generates Mermaid.js diagrams.
 """
-from typing import Dict, List, Set, Tuple
+
 from datetime import datetime
+from typing import Dict, List, Set, Tuple
 
 
 class AttackChainAnalyzer:

souleyez/reporting/charts.py

@@ -3,6 +3,7 @@
 Chart generation for pentest reports.
 Creates interactive Chart.js charts for HTML reports.
 """
+
 import json
 from typing import Dict, List
 

souleyez/reporting/compliance_mappings.py

@@ -3,6 +3,7 @@
 Compliance mapping for pentest findings.
 Maps findings to OWASP Top 10 and CWE standards.
 """
+
 from typing import Dict, List, Set
 
 

souleyez/reporting/detection_report.py

@@ -7,22 +7,22 @@ client-ready detection validation reports.
 
 from dataclasses import dataclass, field
 from datetime import datetime
-from typing import Dict, List, Any, Optional
+from typing import Any, Dict, List, Optional
 
-from souleyez.detection.validator import (
-    DetectionValidator,
-    DetectionResult,
-    EngagementDetectionSummary,
-)
+from souleyez.detection.attack_signatures import ATTACK_SIGNATURES, get_signature
 from souleyez.detection.mitre_mappings import (
+    MITRE_TACTICS,
     MITREMappings,
-    TechniqueResult,
     TacticResult,
-    MITRE_TACTICS,
+    TechniqueResult,
+)
+from souleyez.detection.validator import (
+    DetectionResult,
+    DetectionValidator,
+    EngagementDetectionSummary,
 )
-from souleyez.detection.attack_signatures import get_signature, ATTACK_SIGNATURES
-from souleyez.storage.engagements import EngagementManager
 from souleyez.storage.database import get_db
+from souleyez.storage.engagements import EngagementManager
 
 
 @dataclass

souleyez/reporting/formatters.py

@@ -3,6 +3,7 @@
 Report formatting utilities.
 Handles Markdown and HTML output with professional styling.
 """
+
 from datetime import datetime
 from typing import Dict, List
 
@@ -1589,22 +1590,16 @@ All testing was conducted in accordance with the agreed-upon rules of engagement
         sections = []
 
         if business_impact:
-            sections.append(
-                f"""**Business Impact:**
-{business_impact}"""
-            )
+            sections.append(f"""**Business Impact:**
+{business_impact}""")
 
         if attack_scenario:
-            sections.append(
-                f"""**Attack Scenario:**
-{attack_scenario}"""
-            )
+            sections.append(f"""**Attack Scenario:**
+{attack_scenario}""")
 
         if risk_context:
-            sections.append(
-                f"""**Risk Context:**
-{risk_context}"""
-            )
+            sections.append(f"""**Risk Context:**
+{risk_context}""")
 
         if not sections:
             return ""