souleyez 2.43.34__py3-none-any.whl → 3.0.7__py3-none-any.whl

souleyez/handlers/hashcat_handler.py

@@ -4,6 +4,7 @@ Hashcat handler.
 
 Consolidates parsing and display logic for Hashcat password cracking jobs.
 """
+
 import logging
 import os
 from typing import Any, Dict, Optional

souleyez/handlers/hydra_handler.py

@@ -4,6 +4,7 @@ Hydra handler.
 
 Consolidates parsing and display logic for Hydra brute-force jobs.
 """
+
 import logging
 import os
 import re
@@ -58,8 +59,8 @@ class HydraHandler(BaseToolHandler):
         Extracts credentials and usernames from the output.
         """
         try:
-            from souleyez.parsers.hydra_parser import parse_hydra_output
             from souleyez.engine.result_handler import detect_tool_error
+            from souleyez.parsers.hydra_parser import parse_hydra_output
 
             # Import managers if not provided
             if host_manager is None:
@@ -261,6 +262,9 @@ class HydraHandler(BaseToolHandler):
                 "port": parsed.get("port"),
                 "credentials_found": len(parsed.get("credentials", [])),
                 "credentials_added": creds_added,
+                "credentials": parsed.get(
+                    "credentials", []
+                ),  # Include actual creds for smart chains
                 "usernames_found": len(parsed.get("usernames", [])),
                 "usernames": parsed.get("usernames", []),
                 "usernames_added": usernames_added,

souleyez/handlers/impacket_getuserspns_handler.py

@@ -4,6 +4,7 @@ Impacket GetUserSPNs handler.
 
 Handles parsing and display for Kerberoasting results.
 """
+
 import logging
 import os
 import re

souleyez/handlers/impacket_psexec_handler.py

@@ -4,6 +4,7 @@ Impacket psexec handler.
 
 Consolidates parsing and display logic for Impacket psexec remote execution jobs.
 """
+
 import logging
 import os
 import re

souleyez/handlers/impacket_secretsdump_handler.py

@@ -4,6 +4,7 @@ Impacket secretsdump handler.
 
 Consolidates parsing and display logic for Impacket secretsdump credential extraction jobs.
 """
+
 import logging
 import os
 import re

souleyez/handlers/john_handler.py

@@ -4,6 +4,7 @@ John the Ripper handler.
 
 Consolidates parsing and display logic for John the Ripper password cracking jobs.
 """
+
 import logging
 import os
 from typing import Any, Dict, Optional

souleyez/handlers/katana_handler.py

@@ -4,6 +4,7 @@ Katana handler.
 
 Consolidates parsing and display logic for katana web crawling jobs.
 """
+
 import logging
 import os
 from typing import Any, Dict, List, Optional
@@ -49,11 +50,11 @@ class KatanaHandler(BaseToolHandler):
         Extracts discovered URLs, parameters, forms, and JS endpoints.
         """
         try:
+            from souleyez.engine.result_handler import detect_tool_error
             from souleyez.parsers.katana_parser import (
-                parse_katana_output,
                 extract_injectable_urls,
+                parse_katana_output,
             )
-            from souleyez.engine.result_handler import detect_tool_error
 
             # Import managers if not provided
             if host_manager is None:
@@ -134,6 +135,42 @@ class KatanaHandler(BaseToolHandler):
 
             lfi_urls = extract_lfi_urls(parsed)
 
+            # ARM64/headless workaround: If we have JS files but few parameterized URLs,
+            # extract endpoints directly from JavaScript source code
+            js_files = [u for u in parsed.get("urls", []) if u.endswith(".js")]
+            urls_with_params_list = parsed.get("urls_with_params", [])
+            sqli_candidates = parsed.get("sqli_candidate_urls", [])
+
+            if js_files and len(urls_with_params_list) < 10:
+                try:
+                    from souleyez.parsers.katana_parser import (
+                        fetch_and_extract_js_endpoints,
+                    )
+
+                    logger.info(
+                        f"Extracting endpoints from {len(js_files)} JavaScript files..."
+                    )
+                    js_endpoints = fetch_and_extract_js_endpoints(target, js_files)
+
+                    if js_endpoints:
+                        logger.info(
+                            f"Found {len(js_endpoints)} additional endpoints from JavaScript"
+                        )
+                        # Add to parsed results
+                        for ep in js_endpoints:
+                            if ep not in urls_with_params_list:
+                                urls_with_params_list.append(ep)
+                            if ep not in sqli_candidates:
+                                sqli_candidates.append(ep)
+                            if ep not in injectable_urls:
+                                injectable_urls.append(ep)
+
+                        # Update parsed dict for display
+                        parsed["urls_with_params"] = urls_with_params_list
+                        parsed["sqli_candidate_urls"] = sqli_candidates
+                except Exception as e:
+                    logger.warning(f"JavaScript endpoint extraction failed: {e}")
+
             # Determine status
             urls_list = parsed.get("urls", [])
             urls_with_params_list = parsed.get("urls_with_params", [])

souleyez/handlers/kerbrute_handler.py

@@ -2,6 +2,7 @@
 """
 Handler for kerbrute Kerberos enumeration tool.
 """
+
 import logging
 import os
 import re

souleyez/handlers/ldapsearch_handler.py

@@ -2,6 +2,7 @@
 """
 Handler for ldapsearch LDAP enumeration tool.
 """
+
 import logging
 import os
 import re
@@ -177,8 +178,8 @@ class LdapsearchHandler(BaseToolHandler):
                                 f"{user.get('sAMAccountName')} - check description field"
                             )
 
-                # Store credentials if found
-                if credentials_found and credentials_manager:
+                # Store credentials if found AND store enumerated users
+                if (credentials_found or usernames) and credentials_manager:
                     if host_manager is None:
                         from souleyez.storage.hosts import HostManager
 
@@ -186,6 +187,7 @@ class LdapsearchHandler(BaseToolHandler):
 
                     host = host_manager.get_host_by_ip(engagement_id, target)
                     if host:
+                        # Store passwords found in descriptions
                         for cred in credentials_found:
                             credentials_manager.add_credential(
                                 engagement_id=engagement_id,
@@ -199,6 +201,31 @@ class LdapsearchHandler(BaseToolHandler):
                                 notes="Found in LDAP user description field",
                             )
 
+                        # Store enumerated usernames (without passwords)
+                        usernames_stored = 0
+                        for username in usernames:
+                            # Skip if already stored with a password
+                            already_has_cred = any(
+                                c["username"] == username for c in credentials_found
+                            )
+                            if not already_has_cred:
+                                credentials_manager.add_credential(
+                                    engagement_id=engagement_id,
+                                    host_id=host["id"],
+                                    username=username,
+                                    password="",
+                                    service="ldap",
+                                    credential_type="ldap_user",
+                                    tool="ldapsearch",
+                                    status="enumerated",
+                                    notes="Enumerated via LDAP",
+                                )
+                                usernames_stored += 1
+                        if usernames_stored > 0:
+                            logger.info(
+                                f"Stored {usernames_stored} enumerated LDAP usernames"
+                            )
+
                 logger.info(
                     f"ldapsearch parse complete: {len(naming_contexts)} naming contexts, "
                     f"{len(domains)} domains, {len(users)} users, {len(credentials_found)} creds, base_dn={base_dn}"
@@ -420,8 +447,11 @@ class LdapsearchHandler(BaseToolHandler):
 
             # New entry starts with "dn:"
             if line.startswith("dn:"):
+                # Save previous entry if it's not explicitly a group
+                # Default to including (is_group=False) if no objectClass info
                 if current_user and current_user.get("sAMAccountName"):
-                    users.append(current_user)
+                    if not current_user.get("is_group", False):
+                        users.append(current_user)
                 current_user = {}
                 # Extract OU from DN
                 ou_match = re.search(r"OU=([^,]+)", line, re.IGNORECASE)
@@ -448,12 +478,43 @@ class LdapsearchHandler(BaseToolHandler):
                             "key ",
                             "dns",
                             "ras ",
+                            "cloneable ",
                         )
                     ):
                         current_user["cn_username"] = cn_name.replace(" ", ".")
 
+            elif line.startswith("objectClass:"):
+                obj_class = line.split(":", 1)[1].strip().lower()
+                # Mark as group if objectClass is group (blacklist approach)
+                if obj_class == "group":
+                    current_user["is_group"] = True
+
             elif line.startswith("sAMAccountName:"):
-                current_user["sAMAccountName"] = line.split(":", 1)[1].strip()
+                sam = line.split(":", 1)[1].strip()
+                current_user["sAMAccountName"] = sam
+                # Filter out obvious group names by sAMAccountName pattern
+                sam_lower = sam.lower()
+                if sam_lower in (
+                    "guest",
+                    "domain users",
+                    "domain computers",
+                    "domain guests",
+                    "domain admins",
+                    "enterprise admins",
+                    "schema admins",
+                    "cert publishers",
+                    "group policy creator owners",
+                    "ras and ias servers",
+                    "allowed rodc password replication group",
+                    "denied rodc password replication group",
+                    "read-only domain controllers",
+                    "enterprise read-only domain controllers",
+                    "cloneable domain controllers",
+                    "protected users",
+                    "dnsadmins",
+                    "dnsupdateproxy",
+                ):
+                    current_user["is_group"] = True
 
             elif line.startswith("description:"):
                 current_user["description"] = line.split(":", 1)[1].strip()
@@ -466,9 +527,10 @@ class LdapsearchHandler(BaseToolHandler):
                 if cn_match:
                     current_user["memberOf"].append(cn_match.group(1))
 
-        # Don't forget last user
+        # Don't forget last user - only if it's not a group
         if current_user and current_user.get("sAMAccountName"):
-            users.append(current_user)
+            if not current_user.get("is_group", False):
+                users.append(current_user)
 
         # Second pass: add users found only via CN (no sAMAccountName returned)
         # This catches users from broader queries like (objectClass=*)
@@ -476,9 +538,11 @@ class LdapsearchHandler(BaseToolHandler):
         for line in log_content.split("\n"):
             line = line.strip()
             if line.startswith("dn:"):
-                if current_user.get("cn_username") and not current_user.get(
-                    "sAMAccountName"
-                ):
+                if (
+                    current_user.get("cn_username")
+                    and not current_user.get("sAMAccountName")
+                    and not current_user.get("is_group", False)
+                ):  # Default to user if no objectClass
                     # Check if we already have this user
                     existing = [
                         u
@@ -507,24 +571,33 @@ class LdapsearchHandler(BaseToolHandler):
                             "key ",
                             "dns",
                             "ras ",
+                            "cloneable ",
                         )
                     ):
                         current_user["cn_username"] = cn_name.replace(" ", ".")
                 if ou_match:
                     current_user["ou"] = ou_match.group(1)
+            elif line.startswith("objectClass:"):
+                obj_class = line.split(":", 1)[1].strip().lower()
+                # Blacklist groups - mark as group if objectClass is group
+                if obj_class == "group":
+                    current_user["is_group"] = True
             elif line.startswith("sAMAccountName:"):
                 current_user["sAMAccountName"] = line.split(":", 1)[1].strip()
 
         # Last entry from second pass
         if current_user.get("cn_username") and not current_user.get("sAMAccountName"):
-            existing = [
-                u
-                for u in users
-                if u.get("sAMAccountName") == current_user.get("cn_username")
-            ]
-            if not existing:
-                current_user["sAMAccountName"] = current_user["cn_username"]
-                users.append(current_user)
+            if not current_user.get(
+                "is_group", False
+            ):  # Default to user if no objectClass
+                existing = [
+                    u
+                    for u in users
+                    if u.get("sAMAccountName") == current_user.get("cn_username")
+                ]
+                if not existing:
+                    current_user["sAMAccountName"] = current_user["cn_username"]
+                    users.append(current_user)
 
         return users
 

souleyez/handlers/lfi_extract_handler.py

@@ -4,6 +4,7 @@ souleyez.handlers.lfi_extract_handler - Handler for LFI credential extraction
 
 Parses LFI extract results and stores discovered credentials in the database.
 """
+
 import json
 import logging
 import os

souleyez/handlers/msf_auxiliary_handler.py

@@ -4,6 +4,7 @@ Metasploit auxiliary handler.
 
 Consolidates parsing and display logic for msf_auxiliary jobs.
 """
+
 import logging
 import os
 import re
@@ -165,6 +166,7 @@ class MsfAuxiliaryHandler(BaseToolHandler):
                 credential_summaries.append(
                     {
                         "username": cred.get("username", ""),
+                        "password": cred.get("password", ""),
                         "service": cred.get("service", "unknown"),
                         "port": cred.get("port"),
                     }

souleyez/handlers/msf_exploit_handler.py

@@ -4,6 +4,7 @@ Metasploit exploit handler.
 
 Consolidates parsing and display logic for msf_exploit jobs.
 """
+
 import logging
 import os
 import re

souleyez/handlers/nikto_handler.py

@@ -4,6 +4,7 @@ Nikto handler.
 
 Consolidates parsing and display logic for nikto web scanner jobs.
 """
+
 import logging
 import os
 import re
@@ -45,8 +46,8 @@ class NiktoHandler(BaseToolHandler):
         Extracts web server issues and stores them as findings.
         """
         try:
-            from souleyez.parsers.nikto_parser import parse_nikto_output
             from souleyez.engine.result_handler import detect_tool_error
+            from souleyez.parsers.nikto_parser import parse_nikto_output
 
             # Import managers if not provided
             if host_manager is None:

souleyez/handlers/nmap_handler.py

@@ -4,6 +4,7 @@ Nmap handler.
 
 Consolidates parsing and display logic for nmap and ARD (which uses nmap) jobs.
 """
+
 import logging
 import os
 import re
@@ -70,9 +71,9 @@ class NmapHandler(BaseToolHandler):
         Imports hosts/services into database and creates findings for CVEs.
         """
         try:
-            from souleyez.parsers.nmap_parser import parse_nmap_log
             from souleyez.core.cve_matcher import CVEMatcher
             from souleyez.engine.result_handler import detect_tool_error
+            from souleyez.parsers.nmap_parser import parse_nmap_log
 
             # Import managers if not provided
             if host_manager is None:

souleyez/handlers/nuclei_handler.py

@@ -4,6 +4,7 @@ Nuclei handler.
 
 Consolidates parsing and display logic for nuclei vulnerability scanning jobs.
 """
+
 import logging
 import os
 import re
@@ -48,8 +49,8 @@ class NucleiHandler(BaseToolHandler):
         Extracts vulnerabilities and stores them as findings.
         """
         try:
-            from souleyez.parsers.nuclei_parser import parse_nuclei
             from souleyez.engine.result_handler import detect_tool_error
+            from souleyez.parsers.nuclei_parser import parse_nuclei
 
             # Import managers if not provided
             if host_manager is None:

souleyez/handlers/nxc_handler.py

@@ -3,6 +3,7 @@
 Handler for NetExec (nxc) - successor to CrackMapExec.
 Parses shares, credentials, and authentication results.
 """
+
 import logging
 import os
 import re
@@ -77,10 +78,51 @@ class NxcHandler(BaseToolHandler):
                 hostname = banner_match.group(1)
                 domain = banner_match.group(2)
 
-            # Check for Pwn3d
+            # Check for Pwn3d (SMB admin access)
             if re.search(self.PWNED_PATTERN, log_content):
                 is_pwned = True
 
+            # Check for SSH Shell access (Linux)
+            # Format: [+] leia_organa:help_me_obiwan  Linux - Shell access!
+            has_shell_access = False
+            if "Shell access!" in log_content:
+                has_shell_access = True
+                # Parse SSH credentials
+                ssh_cred_pattern = r"\[\+\]\s+([^:\s]+):(\S+)\s+.*Shell access!"
+                for match in re.finditer(ssh_cred_pattern, log_content):
+                    username = match.group(1)
+                    password = match.group(2)
+                    cred = {
+                        "username": username,
+                        "password": password,
+                        "domain": "",
+                        "service": "ssh",
+                        "status": "valid",
+                    }
+                    credentials.append(cred)
+
+                    # Store in database
+                    if credentials_manager and host_manager:
+                        try:
+                            host = host_manager.get_host_by_ip(engagement_id, target)
+                            if host:
+                                credentials_manager.add_credential(
+                                    engagement_id=engagement_id,
+                                    host_id=host["id"],
+                                    username=username,
+                                    password=password,
+                                    service="ssh",
+                                    port=22,
+                                    credential_type="password",
+                                    tool="nxc",
+                                    status="valid",
+                                )
+                                logger.warning(
+                                    f"SSH SHELL ACCESS: {username}:{password} on {target}"
+                                )
+                        except Exception as e:
+                            logger.debug(f"Could not store SSH credential: {e}")
+
             # Parse valid credentials
             # Format: [+] baby2.vl\Carl.Moore:Carl.Moore
             for match in re.finditer(self.VALID_CRED_PATTERN, log_content):
@@ -218,30 +260,16 @@ class NxcHandler(BaseToolHandler):
                         if "WRITE" in perms:
                             writable_shares.append(share)
 
-            # Determine status
-            # Check for transient errors first (should trigger retry)
-            transient_errors = [
-                "NetBIOSTimeout",
-                "connection timed out",
-                "Connection reset",
-            ]
-            has_transient_error = any(
-                err.lower() in log_content.lower() for err in transient_errors
-            )
-
+            # Determine status based on results found
+            # Retry logic is handled by background.py before parsing
             if credentials:
                 status = STATUS_DONE
+            elif has_shell_access:
+                status = STATUS_DONE  # SSH shell access without parsed creds
             elif expired_credentials:
                 status = STATUS_WARNING  # Expired creds need attention
             elif shares:
                 status = STATUS_DONE
-            elif has_transient_error:
-                status = STATUS_WARNING  # Transient error - may be retried
-            elif (
-                "STATUS_LOGON_FAILURE" in log_content
-                or "STATUS_ACCESS_DENIED" in log_content
-            ):
-                status = STATUS_NO_RESULTS
             else:
                 status = STATUS_NO_RESULTS
 
@@ -255,6 +283,8 @@ class NxcHandler(BaseToolHandler):
                 )
             if is_pwned:
                 summary_parts.append("PWNED!")
+            if has_shell_access:
+                summary_parts.append("SHELL ACCESS!")
             if shares:
                 summary_parts.append(
                     f"{len(shares)} shares ({len(readable_shares)} readable, {len(writable_shares)} writable)"
@@ -273,6 +303,7 @@ class NxcHandler(BaseToolHandler):
                 "credentials": credentials,
                 "expired_credentials": expired_credentials,
                 "is_pwned": is_pwned,
+                "has_shell_access": has_shell_access,
                 "summary": summary,
             }
 

souleyez/handlers/rdp_sec_check_handler.py

@@ -2,6 +2,7 @@
 """
 Handler for rdp-sec-check RDP security scanner.
 """
+
 import logging
 import os
 import re

souleyez/handlers/registry.py

@@ -7,6 +7,7 @@ Provides a central registry for tool handlers that:
 - Provides capability queries (has_warning_handler, etc.)
 - Returns None for unmigrated tools (fallback to legacy code)
 """
+
 import logging
 from typing import Dict, List, Optional
 

souleyez/handlers/responder_handler.py

@@ -4,6 +4,7 @@ Responder handler.
 
 Consolidates parsing and display logic for Responder credential capture jobs.
 """
+
 import logging
 import os
 from typing import Any, Dict, Optional

souleyez/handlers/service_explorer_handler.py

@@ -4,6 +4,7 @@ Service Explorer handler.
 
 Consolidates parsing and display logic for Service Explorer jobs.
 """
+
 import logging
 import os
 import re
@@ -45,8 +46,8 @@ class ServiceExplorerHandler(BaseToolHandler):
         """
         try:
             from souleyez.parsers.service_explorer_parser import (
-                parse_service_explorer_output,
                 extract_findings,
+                parse_service_explorer_output,
             )
 
             # Import managers if not provided

souleyez/handlers/smbclient_handler.py

@@ -2,6 +2,7 @@
 """
 Handler for smbclient share browsing and file listing.
 """
+
 import logging
 import os
 import re

souleyez/handlers/smbmap_handler.py

@@ -4,6 +4,7 @@ SMBMap handler.
 
 Consolidates parsing and display logic for SMBMap SMB share enumeration jobs.
 """
+
 import logging
 import os
 import re
@@ -44,12 +45,12 @@ class SMBMapHandler(BaseToolHandler):
         Extracts SMB shares and stores them along with findings.
         """
         try:
+            from souleyez.engine.result_handler import detect_tool_error
             from souleyez.parsers.smbmap_parser import (
-                parse_smbmap_output,
                 extract_findings,
+                parse_smbmap_output,
             )
             from souleyez.storage.smb_shares import SMBSharesManager
-            from souleyez.engine.result_handler import detect_tool_error
 
             # Import managers if not provided
             if host_manager is None:

souleyez/handlers/sqlmap_handler.py

@@ -4,6 +4,7 @@ SQLMap handler.
 
 Consolidates parsing and display logic for SQLMap SQL injection scanner jobs.
 """
+
 import logging
 import os
 import re
@@ -45,13 +46,14 @@ class SQLMapHandler(BaseToolHandler):
         Extracts SQL injection vulnerabilities, databases, tables, and dumped data.
         """
         try:
+            import socket
+
+            from souleyez.engine.result_handler import detect_tool_error
             from souleyez.parsers.sqlmap_parser import (
-                parse_sqlmap_output,
                 get_sqli_stats,
+                parse_sqlmap_output,
             )
             from souleyez.storage.sqlmap_data import SQLMapDataManager
-            from souleyez.engine.result_handler import detect_tool_error
-            import socket
 
             # Import managers if not provided
             if host_manager is None:
@@ -833,8 +835,8 @@ class SQLMapHandler(BaseToolHandler):
         """Display successful SQLMap results."""
         try:
             from souleyez.parsers.sqlmap_parser import (
-                parse_sqlmap_output,
                 get_sqli_stats,
+                parse_sqlmap_output,
             )
 
             if not log_path or not os.path.exists(log_path):

souleyez/handlers/theharvester_handler.py

@@ -4,6 +4,7 @@ TheHarvester handler.
 
 Consolidates parsing and display logic for theHarvester OSINT jobs.
 """
+
 import logging
 import os
 import re
@@ -194,8 +195,8 @@ class TheHarvesterHandler(BaseToolHandler):
         """
         try:
             from souleyez.parsers.theharvester_parser import (
-                parse_theharvester_output,
                 get_osint_stats,
+                parse_theharvester_output,
             )
 
             # Import managers if not provided