souleyez 2.43.34__py3-none-any.whl → 3.0.7__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -1
- souleyez/ai/__init__.py +7 -7
- souleyez/ai/action_mapper.py +3 -2
- souleyez/ai/chain_advisor.py +2 -1
- souleyez/ai/claude_provider.py +2 -2
- souleyez/ai/context_builder.py +4 -2
- souleyez/ai/executor.py +9 -6
- souleyez/ai/feedback_handler.py +4 -2
- souleyez/ai/llm_provider.py +2 -2
- souleyez/ai/ollama_provider.py +2 -2
- souleyez/ai/ollama_service.py +10 -26
- souleyez/ai/path_scorer.py +2 -1
- souleyez/ai/recommender.py +6 -4
- souleyez/ai/report_context.py +2 -2
- souleyez/ai/report_service.py +5 -5
- souleyez/ai/result_parser.py +3 -2
- souleyez/ai/safety.py +5 -2
- souleyez/auth/__init__.py +6 -6
- souleyez/auth/audit.py +2 -2
- souleyez/auth/engagement_access.py +5 -7
- souleyez/auth/permissions.py +1 -1
- souleyez/auth/session_manager.py +5 -5
- souleyez/auth/user_manager.py +4 -5
- souleyez/commands/audit.py +6 -5
- souleyez/commands/auth.py +6 -5
- souleyez/commands/deliverables.py +2 -3
- souleyez/commands/engagement.py +3 -3
- souleyez/commands/license.py +3 -2
- souleyez/commands/screenshots.py +5 -4
- souleyez/commands/user.py +10 -8
- souleyez/config.py +4 -2
- souleyez/core/credential_tester.py +4 -2
- souleyez/core/cve_mappings.py +2 -1
- souleyez/core/cve_matcher.py +2 -1
- souleyez/core/msf_auto_mapper.py +2 -0
- souleyez/core/msf_chain_engine.py +3 -1
- souleyez/core/msf_database.py +7 -13
- souleyez/core/msf_integration.py +2 -2
- souleyez/core/msf_rpc_client.py +3 -2
- souleyez/core/msf_rpc_manager.py +4 -4
- souleyez/core/msf_sync_manager.py +7 -7
- souleyez/core/network_utils.py +1 -1
- souleyez/core/parser_handler.py +2 -1
- souleyez/core/pending_chains.py +4 -3
- souleyez/core/templates.py +5 -2
- souleyez/core/tool_chaining.py +297 -230
- souleyez/core/version_utils.py +1 -0
- souleyez/core/vuln_correlation.py +3 -2
- souleyez/core/web_utils.py +2 -1
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +1 -1
- souleyez/detection/mitre_mappings.py +1 -2
- souleyez/detection/validator.py +5 -4
- souleyez/devtools.py +4 -2
- souleyez/docs/README.md +2 -2
- souleyez/engine/background.py +168 -7
- souleyez/engine/base.py +2 -1
- souleyez/engine/loader.py +4 -2
- souleyez/engine/log_sanitizer.py +1 -0
- souleyez/engine/manager.py +3 -1
- souleyez/engine/result_handler.py +50 -67
- souleyez/engine/worker_manager.py +6 -4
- souleyez/export/evidence_bundle.py +1 -0
- souleyez/handlers/base.py +1 -0
- souleyez/handlers/bash_handler.py +1 -0
- souleyez/handlers/bloodhound_handler.py +1 -0
- souleyez/handlers/certipy_handler.py +1 -0
- souleyez/handlers/crackmapexec_handler.py +2 -20
- souleyez/handlers/dnsrecon_handler.py +2 -1
- souleyez/handlers/enum4linux_handler.py +65 -37
- souleyez/handlers/evil_winrm_handler.py +1 -0
- souleyez/handlers/ffuf_handler.py +3 -1
- souleyez/handlers/gobuster_handler.py +7 -6
- souleyez/handlers/gpp_extract_handler.py +1 -0
- souleyez/handlers/hashcat_handler.py +1 -0
- souleyez/handlers/hydra_handler.py +5 -1
- souleyez/handlers/impacket_getuserspns_handler.py +1 -0
- souleyez/handlers/impacket_psexec_handler.py +1 -0
- souleyez/handlers/impacket_secretsdump_handler.py +1 -0
- souleyez/handlers/john_handler.py +1 -0
- souleyez/handlers/katana_handler.py +39 -2
- souleyez/handlers/kerbrute_handler.py +1 -0
- souleyez/handlers/ldapsearch_handler.py +90 -17
- souleyez/handlers/lfi_extract_handler.py +1 -0
- souleyez/handlers/msf_auxiliary_handler.py +2 -0
- souleyez/handlers/msf_exploit_handler.py +1 -0
- souleyez/handlers/nikto_handler.py +2 -1
- souleyez/handlers/nmap_handler.py +2 -1
- souleyez/handlers/nuclei_handler.py +2 -1
- souleyez/handlers/nxc_handler.py +50 -19
- souleyez/handlers/rdp_sec_check_handler.py +1 -0
- souleyez/handlers/registry.py +1 -0
- souleyez/handlers/responder_handler.py +1 -0
- souleyez/handlers/service_explorer_handler.py +2 -1
- souleyez/handlers/smbclient_handler.py +1 -0
- souleyez/handlers/smbmap_handler.py +3 -2
- souleyez/handlers/sqlmap_handler.py +6 -4
- souleyez/handlers/theharvester_handler.py +2 -1
- souleyez/handlers/web_login_test_handler.py +1 -0
- souleyez/handlers/whois_handler.py +3 -2
- souleyez/handlers/wpscan_handler.py +2 -1
- souleyez/history.py +4 -3
- souleyez/importers/msf_importer.py +5 -3
- souleyez/importers/smart_importer.py +6 -4
- souleyez/integrations/siem/__init__.py +6 -6
- souleyez/integrations/siem/base.py +1 -1
- souleyez/integrations/siem/elastic.py +3 -3
- souleyez/integrations/siem/factory.py +1 -2
- souleyez/integrations/siem/googlesecops.py +4 -4
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +1 -1
- souleyez/integrations/siem/sentinel.py +3 -3
- souleyez/integrations/siem/splunk.py +3 -3
- souleyez/integrations/siem/wazuh.py +4 -4
- souleyez/integrations/wazuh/__init__.py +1 -1
- souleyez/integrations/wazuh/client.py +3 -2
- souleyez/integrations/wazuh/config.py +3 -2
- souleyez/integrations/wazuh/host_mapper.py +3 -1
- souleyez/integrations/wazuh/sync.py +4 -1
- souleyez/intelligence/__init__.py +1 -1
- souleyez/intelligence/correlation_analyzer.py +6 -5
- souleyez/intelligence/exploit_knowledge.py +4 -4
- souleyez/intelligence/exploit_suggestions.py +4 -3
- souleyez/intelligence/gap_analyzer.py +5 -3
- souleyez/intelligence/gap_detector.py +2 -0
- souleyez/intelligence/sensitive_tables.py +1 -1
- souleyez/intelligence/service_parser.py +1 -0
- souleyez/intelligence/surface_analyzer.py +9 -9
- souleyez/intelligence/target_parser.py +1 -0
- souleyez/licensing/__init__.py +3 -3
- souleyez/main.py +25 -18
- souleyez/migrations/fix_job_counter.py +2 -1
- souleyez/parsers/bloodhound_parser.py +1 -0
- souleyez/parsers/crackmapexec_parser.py +2 -1
- souleyez/parsers/dalfox_parser.py +3 -2
- souleyez/parsers/dnsrecon_parser.py +2 -1
- souleyez/parsers/enum4linux_parser.py +2 -1
- souleyez/parsers/ffuf_parser.py +2 -1
- souleyez/parsers/gobuster_parser.py +2 -1
- souleyez/parsers/hashcat_parser.py +3 -2
- souleyez/parsers/http_fingerprint_parser.py +2 -1
- souleyez/parsers/hydra_parser.py +2 -1
- souleyez/parsers/impacket_parser.py +2 -1
- souleyez/parsers/john_parser.py +4 -3
- souleyez/parsers/katana_parser.py +134 -2
- souleyez/parsers/msf_parser.py +2 -1
- souleyez/parsers/nikto_parser.py +2 -1
- souleyez/parsers/nmap_parser.py +14 -3
- souleyez/parsers/nuclei_parser.py +3 -2
- souleyez/parsers/responder_parser.py +1 -0
- souleyez/parsers/searchsploit_parser.py +3 -2
- souleyez/parsers/service_explorer_parser.py +1 -0
- souleyez/parsers/smbmap_parser.py +2 -1
- souleyez/parsers/sqlmap_parser.py +36 -2
- souleyez/parsers/theharvester_parser.py +2 -1
- souleyez/parsers/whois_parser.py +2 -1
- souleyez/parsers/wpscan_parser.py +3 -2
- souleyez/plugins/afp.py +3 -1
- souleyez/plugins/afp_brute.py +3 -1
- souleyez/plugins/ard.py +3 -1
- souleyez/plugins/bloodhound.py +3 -2
- souleyez/plugins/certipy.py +1 -0
- souleyez/plugins/crackmapexec.py +11 -7
- souleyez/plugins/dalfox.py +5 -2
- souleyez/plugins/dns_hijack.py +3 -1
- souleyez/plugins/dnsrecon.py +3 -1
- souleyez/plugins/enum4linux.py +3 -1
- souleyez/plugins/evil_winrm.py +1 -0
- souleyez/plugins/ffuf.py +3 -1
- souleyez/plugins/firmware_extract.py +3 -2
- souleyez/plugins/gobuster.py +6 -3
- souleyez/plugins/gpp_extract.py +1 -0
- souleyez/plugins/hashcat.py +2 -1
- souleyez/plugins/http_fingerprint.py +149 -40
- souleyez/plugins/hydra.py +5 -3
- souleyez/plugins/impacket_common.py +40 -0
- souleyez/plugins/impacket_getnpusers.py +19 -2
- souleyez/plugins/impacket_getuserspns.py +158 -0
- souleyez/plugins/impacket_psexec.py +19 -2
- souleyez/plugins/impacket_secretsdump.py +19 -2
- souleyez/plugins/impacket_smbclient.py +19 -2
- souleyez/plugins/john.py +2 -1
- souleyez/plugins/katana.py +48 -6
- souleyez/plugins/kerbrute.py +1 -0
- souleyez/plugins/lfi_extract.py +1 -0
- souleyez/plugins/macos_ssh.py +3 -1
- souleyez/plugins/mdns.py +3 -1
- souleyez/plugins/msf_auxiliary.py +3 -2
- souleyez/plugins/msf_exploit.py +6 -5
- souleyez/plugins/nikto.py +5 -2
- souleyez/plugins/nmap.py +6 -4
- souleyez/plugins/nuclei.py +3 -1
- souleyez/plugins/nxc.py +1 -0
- souleyez/plugins/plugin_base.py +3 -2
- souleyez/plugins/plugin_template.py +3 -2
- souleyez/plugins/rdp_sec_check.py +1 -0
- souleyez/plugins/responder.py +2 -1
- souleyez/plugins/router_http_brute.py +3 -1
- souleyez/plugins/router_ssh_brute.py +3 -1
- souleyez/plugins/router_telnet_brute.py +3 -1
- souleyez/plugins/routersploit.py +5 -3
- souleyez/plugins/routersploit_exploit.py +5 -3
- souleyez/plugins/searchsploit.py +1 -0
- souleyez/plugins/service_explorer.py +2 -1
- souleyez/plugins/smbmap.py +3 -1
- souleyez/plugins/smbpasswd.py +1 -0
- souleyez/plugins/sqlmap.py +3 -1
- souleyez/plugins/theharvester.py +3 -1
- souleyez/plugins/tr069.py +3 -1
- souleyez/plugins/upnp.py +3 -1
- souleyez/plugins/upnp_abuse.py +4 -2
- souleyez/plugins/vnc_access.py +4 -2
- souleyez/plugins/vnc_brute.py +3 -1
- souleyez/plugins/web_login_test.py +1 -0
- souleyez/plugins/whois.py +3 -1
- souleyez/plugins/wpscan.py +49 -1
- souleyez/reporting/attack_chain.py +2 -1
- souleyez/reporting/charts.py +1 -0
- souleyez/reporting/compliance_mappings.py +1 -0
- souleyez/reporting/detection_report.py +10 -10
- souleyez/reporting/formatters.py +7 -12
- souleyez/reporting/generator.py +34 -46
- souleyez/reporting/metrics.py +2 -1
- souleyez/scanner.py +6 -3
- souleyez/security/__init__.py +7 -5
- souleyez/security/scope_validator.py +5 -4
- souleyez/security/validation.py +14 -0
- souleyez/security.py +5 -2
- souleyez/storage/credentials.py +14 -19
- souleyez/storage/crypto.py +7 -4
- souleyez/storage/database.py +6 -6
- souleyez/storage/db.py +8 -8
- souleyez/storage/deliverable_evidence.py +2 -1
- souleyez/storage/deliverable_exporter.py +3 -2
- souleyez/storage/deliverable_templates.py +2 -1
- souleyez/storage/deliverables.py +2 -1
- souleyez/storage/engagements.py +6 -4
- souleyez/storage/evidence.py +5 -4
- souleyez/storage/execution_log.py +4 -2
- souleyez/storage/exploit_attempts.py +3 -2
- souleyez/storage/exploits.py +3 -1
- souleyez/storage/findings.py +3 -1
- souleyez/storage/hosts.py +5 -2
- souleyez/storage/migrate_to_engagements.py +14 -24
- souleyez/storage/migrations/_001_add_credential_enhancements.py +12 -21
- souleyez/storage/migrations/_003_add_execution_log.py +8 -13
- souleyez/storage/migrations/_005_screenshots.py +2 -4
- souleyez/storage/migrations/_006_deliverables.py +2 -4
- souleyez/storage/migrations/_007_deliverable_templates.py +4 -8
- souleyez/storage/migrations/_008_add_nuclei_table.py +2 -4
- souleyez/storage/migrations/_010_evidence_linking.py +6 -12
- souleyez/storage/migrations/_012_team_collaboration.py +12 -24
- souleyez/storage/migrations/_013_add_host_tags.py +2 -4
- souleyez/storage/migrations/_014_exploit_attempts.py +10 -20
- souleyez/storage/migrations/_015_add_mac_os_fields.py +4 -8
- souleyez/storage/migrations/_016_add_domain_field.py +2 -4
- souleyez/storage/migrations/_017_msf_sessions.py +8 -16
- souleyez/storage/migrations/_018_add_osint_target.py +4 -8
- souleyez/storage/migrations/_019_add_engagement_type.py +4 -8
- souleyez/storage/migrations/_020_add_rbac.py +9 -17
- souleyez/storage/migrations/_021_wazuh_integration.py +4 -8
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +2 -4
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +4 -8
- souleyez/storage/migrations/_026_add_engagement_scope.py +4 -8
- souleyez/storage/migrations/_027_multi_siem_persistence.py +8 -16
- souleyez/storage/migrations/__init__.py +1 -4
- souleyez/storage/migrations/migration_manager.py +6 -9
- souleyez/storage/msf_sessions.py +1 -1
- souleyez/storage/osint.py +3 -1
- souleyez/storage/recommendation_engine.py +3 -2
- souleyez/storage/screenshots.py +2 -1
- souleyez/storage/smb_shares.py +3 -1
- souleyez/storage/sqlmap_data.py +6 -4
- souleyez/storage/team_collaboration.py +3 -2
- souleyez/storage/timeline_tracker.py +2 -1
- souleyez/storage/wazuh_vulns.py +3 -1
- souleyez/storage/web_paths.py +3 -1
- souleyez/testing/credential_tester.py +2 -0
- souleyez/ui/__init__.py +2 -1
- souleyez/ui/ai_quotes.py +1 -1
- souleyez/ui/attack_surface.py +50 -28
- souleyez/ui/chain_rules_view.py +6 -3
- souleyez/ui/correlation_view.py +3 -2
- souleyez/ui/dashboard.py +85 -139
- souleyez/ui/deliverables_view.py +1 -1
- souleyez/ui/design_system.py +5 -3
- souleyez/ui/errors.py +3 -1
- souleyez/ui/evidence_linking_view.py +2 -1
- souleyez/ui/evidence_vault.py +11 -6
- souleyez/ui/exploit_suggestions_view.py +11 -7
- souleyez/ui/export_view.py +3 -1
- souleyez/ui/gap_analysis_view.py +6 -3
- souleyez/ui/help_system.py +4 -1
- souleyez/ui/intelligence_view.py +7 -3
- souleyez/ui/interactive.py +1512 -584
- souleyez/ui/interactive_selector.py +3 -2
- souleyez/ui/log_formatter.py +1 -0
- souleyez/ui/menu_components.py +3 -1
- souleyez/ui/msf_auxiliary_menu.py +4 -1
- souleyez/ui/pending_chains_view.py +15 -12
- souleyez/ui/progress_indicators.py +5 -2
- souleyez/ui/recommendations_view.py +4 -2
- souleyez/ui/rule_builder.py +4 -1
- souleyez/ui/setup_wizard.py +10 -8
- souleyez/ui/shortcuts.py +1 -1
- souleyez/ui/splunk_gap_analysis_view.py +7 -4
- souleyez/ui/splunk_vulns_view.py +4 -1
- souleyez/ui/team_dashboard.py +7 -5
- souleyez/ui/template_selector.py +2 -1
- souleyez/ui/terminal.py +3 -2
- souleyez/ui/timeline_view.py +2 -1
- souleyez/ui/tool_setup.py +92 -31
- souleyez/ui/tutorial.py +7 -4
- souleyez/ui/tutorial_state.py +3 -2
- souleyez/ui/wazuh_vulns_view.py +5 -2
- souleyez/ui/wordlist_browser.py +4 -3
- souleyez/ui.py +13 -7
- souleyez/utils/tool_checker.py +61 -12
- souleyez/utils.py +4 -4
- souleyez/wordlists.py +1 -0
- {souleyez-2.43.34.dist-info → souleyez-3.0.7.dist-info}/METADATA +2 -2
- souleyez-3.0.7.dist-info/RECORD +445 -0
- souleyez-2.43.34.dist-info/RECORD +0 -443
- {souleyez-2.43.34.dist-info → souleyez-3.0.7.dist-info}/WHEEL +0 -0
- {souleyez-2.43.34.dist-info → souleyez-3.0.7.dist-info}/entry_points.txt +0 -0
- {souleyez-2.43.34.dist-info → souleyez-3.0.7.dist-info}/licenses/LICENSE +0 -0
- {souleyez-2.43.34.dist-info → souleyez-3.0.7.dist-info}/top_level.txt +0 -0
|
@@ -4,6 +4,7 @@ WHOIS handler.
|
|
|
4
4
|
|
|
5
5
|
Consolidates parsing and display logic for WHOIS domain lookup jobs.
|
|
6
6
|
"""
|
|
7
|
+
|
|
7
8
|
import logging
|
|
8
9
|
import os
|
|
9
10
|
from typing import Any, Dict, Optional
|
|
@@ -44,9 +45,9 @@ class WhoisHandler(BaseToolHandler):
|
|
|
44
45
|
"""
|
|
45
46
|
try:
|
|
46
47
|
from souleyez.parsers.whois_parser import (
|
|
47
|
-
parse_whois_output,
|
|
48
|
-
map_to_osint_data,
|
|
49
48
|
extract_emails,
|
|
49
|
+
map_to_osint_data,
|
|
50
|
+
parse_whois_output,
|
|
50
51
|
)
|
|
51
52
|
from souleyez.storage.osint import OsintManager
|
|
52
53
|
|
|
@@ -4,6 +4,7 @@ WPScan handler.
|
|
|
4
4
|
|
|
5
5
|
Consolidates parsing and display logic for WPScan WordPress security scanner jobs.
|
|
6
6
|
"""
|
|
7
|
+
|
|
7
8
|
import logging
|
|
8
9
|
import os
|
|
9
10
|
import re
|
|
@@ -45,8 +46,8 @@ class WPScanHandler(BaseToolHandler):
|
|
|
45
46
|
Extracts WordPress vulnerabilities for plugins, themes, and core.
|
|
46
47
|
"""
|
|
47
48
|
try:
|
|
48
|
-
from souleyez.parsers.wpscan_parser import parse_wpscan_output
|
|
49
49
|
from souleyez.engine.result_handler import detect_tool_error
|
|
50
|
+
from souleyez.parsers.wpscan_parser import parse_wpscan_output
|
|
50
51
|
|
|
51
52
|
# Import managers if not provided
|
|
52
53
|
if host_manager is None:
|
souleyez/history.py
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
#!/usr/bin/env python3
|
|
2
|
-
from pathlib import Path
|
|
3
|
-
from .utils import HISTORY_FILE, ensure_dirs, read_json, write_json, timestamp_str
|
|
4
|
-
import json
|
|
5
2
|
import csv
|
|
3
|
+
import json
|
|
4
|
+
from pathlib import Path
|
|
5
|
+
|
|
6
|
+
from .utils import HISTORY_FILE, ensure_dirs, read_json, timestamp_str, write_json
|
|
6
7
|
|
|
7
8
|
# Export directory for JSON/CSV exports
|
|
8
9
|
EXPORT_DIR = Path.home() / ".souleyez" / "exports"
|
|
@@ -2,10 +2,12 @@
|
|
|
2
2
|
"""
|
|
3
3
|
souleyez.importers.msf_importer - Import data from Metasploit Framework exports
|
|
4
4
|
"""
|
|
5
|
-
|
|
5
|
+
|
|
6
6
|
from pathlib import Path
|
|
7
|
-
from typing import Dict, List, Optional
|
|
7
|
+
from typing import TYPE_CHECKING, Dict, List, Optional
|
|
8
|
+
|
|
8
9
|
import click
|
|
10
|
+
import defusedxml.ElementTree as ET
|
|
9
11
|
|
|
10
12
|
if TYPE_CHECKING:
|
|
11
13
|
from xml.etree.ElementTree import Element
|
|
@@ -19,9 +21,9 @@ class MSFImporter:
|
|
|
19
21
|
def __init__(self, engagement_id: int):
|
|
20
22
|
"""Initialize importer with engagement ID."""
|
|
21
23
|
self.engagement_id = engagement_id
|
|
22
|
-
from souleyez.storage.hosts import HostManager
|
|
23
24
|
from souleyez.storage.credentials import CredentialsManager
|
|
24
25
|
from souleyez.storage.findings import FindingsManager
|
|
26
|
+
from souleyez.storage.hosts import HostManager
|
|
25
27
|
|
|
26
28
|
self.hm = HostManager()
|
|
27
29
|
self.cm = CredentialsManager()
|
|
@@ -2,10 +2,12 @@
|
|
|
2
2
|
"""
|
|
3
3
|
souleyez.importers.smart_importer - Intelligent data import with type detection
|
|
4
4
|
"""
|
|
5
|
-
|
|
6
|
-
from typing import Dict, List, Any, Optional, Tuple
|
|
5
|
+
|
|
7
6
|
import json
|
|
8
7
|
import re
|
|
8
|
+
from typing import Any, Dict, List, Optional, Tuple
|
|
9
|
+
|
|
10
|
+
import defusedxml.ElementTree as ET
|
|
9
11
|
|
|
10
12
|
|
|
11
13
|
class SmartImporter:
|
|
@@ -189,9 +191,9 @@ class SmartImporter:
|
|
|
189
191
|
Returns:
|
|
190
192
|
Dict with counts of imported items per type
|
|
191
193
|
"""
|
|
192
|
-
from souleyez.storage.hosts import HostManager
|
|
193
|
-
from souleyez.storage.findings import FindingsManager
|
|
194
194
|
from souleyez.storage.credentials import CredentialsManager
|
|
195
|
+
from souleyez.storage.findings import FindingsManager
|
|
196
|
+
from souleyez.storage.hosts import HostManager
|
|
195
197
|
|
|
196
198
|
results = {
|
|
197
199
|
"hosts": 0,
|
|
@@ -21,17 +21,17 @@ Usage:
|
|
|
21
21
|
"""
|
|
22
22
|
|
|
23
23
|
from souleyez.integrations.siem.base import (
|
|
24
|
-
SIEMClient,
|
|
25
24
|
SIEMAlert,
|
|
26
|
-
|
|
25
|
+
SIEMClient,
|
|
27
26
|
SIEMConnectionStatus,
|
|
27
|
+
SIEMRule,
|
|
28
28
|
)
|
|
29
|
-
from souleyez.integrations.siem.wazuh import WazuhSIEMClient
|
|
30
|
-
from souleyez.integrations.siem.splunk import SplunkSIEMClient
|
|
31
29
|
from souleyez.integrations.siem.elastic import ElasticSIEMClient
|
|
32
|
-
from souleyez.integrations.siem.sentinel import SentinelSIEMClient
|
|
33
|
-
from souleyez.integrations.siem.googlesecops import GoogleSecOpsSIEMClient
|
|
34
30
|
from souleyez.integrations.siem.factory import SIEMFactory
|
|
31
|
+
from souleyez.integrations.siem.googlesecops import GoogleSecOpsSIEMClient
|
|
32
|
+
from souleyez.integrations.siem.sentinel import SentinelSIEMClient
|
|
33
|
+
from souleyez.integrations.siem.splunk import SplunkSIEMClient
|
|
34
|
+
from souleyez.integrations.siem.wazuh import WazuhSIEMClient
|
|
35
35
|
|
|
36
36
|
__all__ = [
|
|
37
37
|
# Base classes
|
|
@@ -8,7 +8,7 @@ multi-SIEM support (Wazuh, Splunk, Elastic SIEM, Microsoft Sentinel).
|
|
|
8
8
|
from abc import ABC, abstractmethod
|
|
9
9
|
from dataclasses import dataclass, field
|
|
10
10
|
from datetime import datetime
|
|
11
|
-
from typing import Dict, List,
|
|
11
|
+
from typing import Any, Dict, List, Optional
|
|
12
12
|
|
|
13
13
|
|
|
14
14
|
@dataclass
|
|
@@ -6,15 +6,15 @@ Uses the Elasticsearch and Kibana APIs for querying alerts and rules.
|
|
|
6
6
|
"""
|
|
7
7
|
|
|
8
8
|
from datetime import datetime
|
|
9
|
-
from typing import Dict, List, Optional
|
|
9
|
+
from typing import Any, Dict, List, Optional
|
|
10
10
|
|
|
11
11
|
import requests
|
|
12
12
|
|
|
13
13
|
from souleyez.integrations.siem.base import (
|
|
14
|
-
SIEMClient,
|
|
15
14
|
SIEMAlert,
|
|
16
|
-
|
|
15
|
+
SIEMClient,
|
|
17
16
|
SIEMConnectionStatus,
|
|
17
|
+
SIEMRule,
|
|
18
18
|
)
|
|
19
19
|
|
|
20
20
|
|
|
@@ -5,11 +5,10 @@ Creates SIEM clients based on configuration, providing a unified
|
|
|
5
5
|
interface for working with multiple SIEM platforms.
|
|
6
6
|
"""
|
|
7
7
|
|
|
8
|
-
from typing import Dict,
|
|
8
|
+
from typing import Any, Dict, List, Optional
|
|
9
9
|
|
|
10
10
|
from souleyez.integrations.siem.base import SIEMClient, SIEMConnectionStatus
|
|
11
11
|
|
|
12
|
-
|
|
13
12
|
# Registry of available SIEM types
|
|
14
13
|
# Ordered: Open Source first, then Commercial
|
|
15
14
|
SIEM_TYPES = ["wazuh", "elastic", "splunk", "sentinel", "google_secops"]
|
|
@@ -9,15 +9,15 @@ import base64
|
|
|
9
9
|
import json
|
|
10
10
|
import time
|
|
11
11
|
from datetime import datetime, timedelta
|
|
12
|
-
from typing import Dict, List, Optional
|
|
12
|
+
from typing import Any, Dict, List, Optional
|
|
13
13
|
|
|
14
14
|
import requests
|
|
15
15
|
|
|
16
16
|
from souleyez.integrations.siem.base import (
|
|
17
|
-
SIEMClient,
|
|
18
17
|
SIEMAlert,
|
|
19
|
-
|
|
18
|
+
SIEMClient,
|
|
20
19
|
SIEMConnectionStatus,
|
|
20
|
+
SIEMRule,
|
|
21
21
|
)
|
|
22
22
|
|
|
23
23
|
|
|
@@ -104,9 +104,9 @@ class GoogleSecOpsSIEMClient(SIEMClient):
|
|
|
104
104
|
Returns:
|
|
105
105
|
Signed JWT string
|
|
106
106
|
"""
|
|
107
|
+
from cryptography.hazmat.backends import default_backend
|
|
107
108
|
from cryptography.hazmat.primitives import hashes, serialization
|
|
108
109
|
from cryptography.hazmat.primitives.asymmetric import padding
|
|
109
|
-
from cryptography.hazmat.backends import default_backend
|
|
110
110
|
|
|
111
111
|
now = int(time.time())
|
|
112
112
|
expiry = now + 3600 # 1 hour
|
|
@@ -5,7 +5,7 @@ Maps attack types to Wazuh detection rule IDs and provides
|
|
|
5
5
|
rule metadata for detection validation and recommendations.
|
|
6
6
|
"""
|
|
7
7
|
|
|
8
|
-
from typing import Dict, List
|
|
8
|
+
from typing import Any, Dict, List
|
|
9
9
|
|
|
10
10
|
# Wazuh rule mappings by attack type
|
|
11
11
|
# These complement the attack_signatures.py definitions
|
|
@@ -6,15 +6,15 @@ Uses Azure REST APIs for querying alerts and analytics rules.
|
|
|
6
6
|
"""
|
|
7
7
|
|
|
8
8
|
from datetime import datetime, timedelta
|
|
9
|
-
from typing import Dict, List, Optional
|
|
9
|
+
from typing import Any, Dict, List, Optional
|
|
10
10
|
|
|
11
11
|
import requests
|
|
12
12
|
|
|
13
13
|
from souleyez.integrations.siem.base import (
|
|
14
|
-
SIEMClient,
|
|
15
14
|
SIEMAlert,
|
|
16
|
-
|
|
15
|
+
SIEMClient,
|
|
17
16
|
SIEMConnectionStatus,
|
|
17
|
+
SIEMRule,
|
|
18
18
|
)
|
|
19
19
|
|
|
20
20
|
|
|
@@ -7,16 +7,16 @@ Uses the Splunk REST API for querying alerts and search results.
|
|
|
7
7
|
|
|
8
8
|
import time
|
|
9
9
|
from datetime import datetime
|
|
10
|
-
from typing import Dict, List, Optional
|
|
10
|
+
from typing import Any, Dict, List, Optional
|
|
11
11
|
|
|
12
12
|
import requests
|
|
13
13
|
from requests.auth import HTTPBasicAuth
|
|
14
14
|
|
|
15
15
|
from souleyez.integrations.siem.base import (
|
|
16
|
-
SIEMClient,
|
|
17
16
|
SIEMAlert,
|
|
18
|
-
|
|
17
|
+
SIEMClient,
|
|
19
18
|
SIEMConnectionStatus,
|
|
19
|
+
SIEMRule,
|
|
20
20
|
)
|
|
21
21
|
|
|
22
22
|
|
|
@@ -6,17 +6,17 @@ for unified multi-SIEM detection validation.
|
|
|
6
6
|
"""
|
|
7
7
|
|
|
8
8
|
from datetime import datetime
|
|
9
|
-
from typing import Dict, List, Optional
|
|
9
|
+
from typing import Any, Dict, List, Optional
|
|
10
10
|
|
|
11
11
|
from souleyez.integrations.siem.base import (
|
|
12
|
-
SIEMClient,
|
|
13
12
|
SIEMAlert,
|
|
14
|
-
|
|
13
|
+
SIEMClient,
|
|
15
14
|
SIEMConnectionStatus,
|
|
15
|
+
SIEMRule,
|
|
16
16
|
)
|
|
17
17
|
from souleyez.integrations.siem.rule_mappings.wazuh_rules import (
|
|
18
|
-
get_wazuh_rules_for_attack,
|
|
19
18
|
WAZUH_ATTACK_RULES,
|
|
19
|
+
get_wazuh_rules_for_attack,
|
|
20
20
|
)
|
|
21
21
|
|
|
22
22
|
|
|
@@ -5,9 +5,10 @@ Connects to Wazuh Manager API (port 55000) for management operations
|
|
|
5
5
|
and Wazuh Indexer API (port 9200) for querying alerts.
|
|
6
6
|
"""
|
|
7
7
|
|
|
8
|
-
import requests
|
|
9
8
|
from datetime import datetime, timedelta
|
|
10
|
-
from typing import
|
|
9
|
+
from typing import Any, Dict, List, Optional
|
|
10
|
+
|
|
11
|
+
import requests
|
|
11
12
|
from urllib3.exceptions import InsecureRequestWarning
|
|
12
13
|
|
|
13
14
|
# Suppress SSL warnings for self-signed certs (common in Wazuh)
|
|
@@ -6,10 +6,11 @@ Supports multiple SIEM platforms: Wazuh, Splunk, Elastic, Sentinel.
|
|
|
6
6
|
"""
|
|
7
7
|
|
|
8
8
|
import json
|
|
9
|
-
from typing import Optional, Dict, Any, List
|
|
10
9
|
from pathlib import Path
|
|
11
|
-
from
|
|
10
|
+
from typing import Any, Dict, List, Optional
|
|
11
|
+
|
|
12
12
|
from souleyez.storage.crypto import get_crypto_manager
|
|
13
|
+
from souleyez.storage.database import get_db
|
|
13
14
|
|
|
14
15
|
# Supported SIEM types (Open Source first, then Commercial)
|
|
15
16
|
SIEM_TYPES = ["wazuh", "elastic", "splunk", "sentinel", "google_secops"]
|
|
@@ -4,9 +4,11 @@ souleyez.integrations.wazuh.host_mapper - Map Wazuh agents to SoulEyez hosts
|
|
|
4
4
|
|
|
5
5
|
Maps Wazuh agent IPs to SoulEyez hosts for vulnerability correlation.
|
|
6
6
|
"""
|
|
7
|
+
|
|
7
8
|
from typing import Dict, List, Optional, Tuple
|
|
8
|
-
|
|
9
|
+
|
|
9
10
|
from souleyez.log_config import get_logger
|
|
11
|
+
from souleyez.storage.database import get_db
|
|
10
12
|
|
|
11
13
|
logger = get_logger(__name__)
|
|
12
14
|
|
|
@@ -4,14 +4,17 @@ souleyez.integrations.wazuh.sync - Wazuh vulnerability sync
|
|
|
4
4
|
|
|
5
5
|
Syncs vulnerabilities from Wazuh to SoulEyez database.
|
|
6
6
|
"""
|
|
7
|
+
|
|
7
8
|
from dataclasses import dataclass, field
|
|
8
9
|
from datetime import datetime
|
|
9
10
|
from typing import List, Optional
|
|
11
|
+
|
|
10
12
|
from souleyez.log_config import get_logger
|
|
13
|
+
from souleyez.storage.wazuh_vulns import WazuhVulnsManager
|
|
14
|
+
|
|
11
15
|
from .client import WazuhClient
|
|
12
16
|
from .config import WazuhConfig
|
|
13
17
|
from .host_mapper import WazuhHostMapper
|
|
14
|
-
from souleyez.storage.wazuh_vulns import WazuhVulnsManager
|
|
15
18
|
|
|
16
19
|
logger = get_logger(__name__)
|
|
17
20
|
|
|
@@ -7,6 +7,6 @@ __all__ = [
|
|
|
7
7
|
"AttackSurfaceAnalyzer",
|
|
8
8
|
]
|
|
9
9
|
|
|
10
|
-
from souleyez.intelligence.service_parser import ServiceVersionExtractor
|
|
11
10
|
from souleyez.intelligence.exploit_knowledge import ExploitKnowledgeBase
|
|
12
11
|
from souleyez.intelligence.exploit_suggestions import ExploitSuggestionEngine
|
|
12
|
+
from souleyez.intelligence.service_parser import ServiceVersionExtractor
|
|
@@ -3,16 +3,17 @@
|
|
|
3
3
|
Correlation analyzer for tracking exploitation status.
|
|
4
4
|
Links services, findings, jobs, credentials, and evidence together.
|
|
5
5
|
"""
|
|
6
|
+
|
|
6
7
|
import json
|
|
7
8
|
from datetime import datetime, timedelta
|
|
8
|
-
from typing import Dict, List, Optional
|
|
9
9
|
from pathlib import Path
|
|
10
|
+
from typing import Dict, List, Optional
|
|
10
11
|
|
|
11
|
-
from souleyez.
|
|
12
|
-
from souleyez.storage.findings import FindingsManager
|
|
13
|
-
from souleyez.storage.credentials import CredentialsManager
|
|
14
|
-
from souleyez.engine.background import list_jobs, get_job
|
|
12
|
+
from souleyez.engine.background import get_job, list_jobs
|
|
15
13
|
from souleyez.intelligence.target_parser import TargetParser
|
|
14
|
+
from souleyez.storage.credentials import CredentialsManager
|
|
15
|
+
from souleyez.storage.findings import FindingsManager
|
|
16
|
+
from souleyez.storage.hosts import HostManager
|
|
16
17
|
|
|
17
18
|
|
|
18
19
|
class CorrelationAnalyzer:
|
|
@@ -3,13 +3,13 @@
|
|
|
3
3
|
Exploit knowledge base.
|
|
4
4
|
Maps services and versions to known vulnerabilities and MSF modules.
|
|
5
5
|
"""
|
|
6
|
-
|
|
6
|
+
|
|
7
|
+
import json
|
|
8
|
+
import os
|
|
7
9
|
import re
|
|
8
10
|
import subprocess
|
|
9
|
-
import json
|
|
10
11
|
import time
|
|
11
|
-
import
|
|
12
|
-
|
|
12
|
+
from typing import Dict, List, Optional
|
|
13
13
|
|
|
14
14
|
# Exploit database with known vulnerabilities
|
|
15
15
|
EXPLOIT_DATABASE = {
|
|
@@ -3,14 +3,15 @@
|
|
|
3
3
|
Exploit suggestion engine.
|
|
4
4
|
Orchestrates version extraction, exploit matching, and ranking.
|
|
5
5
|
"""
|
|
6
|
+
|
|
6
7
|
import re
|
|
7
8
|
import time
|
|
8
9
|
from typing import Dict, List, Optional
|
|
9
|
-
|
|
10
|
+
|
|
10
11
|
from souleyez.intelligence.exploit_knowledge import ExploitKnowledgeBase
|
|
12
|
+
from souleyez.intelligence.service_parser import ServiceVersionExtractor
|
|
11
13
|
from souleyez.storage import exploit_attempts
|
|
12
14
|
|
|
13
|
-
|
|
14
15
|
# Module-level cache shared across all instances
|
|
15
16
|
_SUGGESTION_CACHE = {}
|
|
16
17
|
_CACHE_TIMEOUT = 30
|
|
@@ -102,8 +103,8 @@ class ExploitSuggestionEngine:
|
|
|
102
103
|
return cached_result
|
|
103
104
|
|
|
104
105
|
# Cache miss or expired - do the analysis
|
|
105
|
-
from souleyez.storage.hosts import HostManager
|
|
106
106
|
from souleyez.storage.findings import FindingsManager
|
|
107
|
+
from souleyez.storage.hosts import HostManager
|
|
107
108
|
from souleyez.storage.wazuh_vulns import WazuhVulnsManager
|
|
108
109
|
|
|
109
110
|
hm = HostManager()
|
|
@@ -5,12 +5,14 @@ souleyez.intelligence.gap_analyzer - Gap analysis between Wazuh and scan finding
|
|
|
5
5
|
Compares vulnerabilities found by Wazuh (passive, agent-based) vs
|
|
6
6
|
SoulEyez scans (active, network-based) to identify detection gaps.
|
|
7
7
|
"""
|
|
8
|
-
|
|
9
|
-
from typing import List, Dict, Any, Optional
|
|
8
|
+
|
|
10
9
|
import re
|
|
10
|
+
from dataclasses import dataclass, field
|
|
11
|
+
from typing import Any, Dict, List, Optional
|
|
12
|
+
|
|
13
|
+
from souleyez.log_config import get_logger
|
|
11
14
|
from souleyez.storage.database import get_db
|
|
12
15
|
from souleyez.storage.wazuh_vulns import WazuhVulnsManager
|
|
13
|
-
from souleyez.log_config import get_logger
|
|
14
16
|
|
|
15
17
|
logger = get_logger(__name__)
|
|
16
18
|
|
|
@@ -2,8 +2,8 @@
|
|
|
2
2
|
"""
|
|
3
3
|
Module for detecting sensitive tables during SQLMap enumeration.
|
|
4
4
|
"""
|
|
5
|
-
from typing import Dict, List, Tuple, Optional
|
|
6
5
|
|
|
6
|
+
from typing import Dict, List, Optional, Tuple
|
|
7
7
|
|
|
8
8
|
# System databases to NEVER dump (true system metadata only)
|
|
9
9
|
# NOTE: Only skip databases that are ALWAYS system/metadata databases
|
|
@@ -3,10 +3,10 @@
|
|
|
3
3
|
Attack surface analysis and scoring.
|
|
4
4
|
Analyzes engagement data to identify high-value targets and exploitation gaps.
|
|
5
5
|
"""
|
|
6
|
-
from typing import List, Dict, Optional
|
|
7
|
-
import time
|
|
8
|
-
import math
|
|
9
6
|
|
|
7
|
+
import math
|
|
8
|
+
import time
|
|
9
|
+
from typing import Dict, List, Optional
|
|
10
10
|
|
|
11
11
|
# Module-level cache shared across all instances
|
|
12
12
|
_ANALYSIS_CACHE = {}
|
|
@@ -17,9 +17,9 @@ class AttackSurfaceAnalyzer:
|
|
|
17
17
|
"""Analyzes and scores attack surface for pentesting engagements."""
|
|
18
18
|
|
|
19
19
|
def __init__(self):
|
|
20
|
-
from souleyez.storage.hosts import HostManager
|
|
21
|
-
from souleyez.storage.findings import FindingsManager
|
|
22
20
|
from souleyez.storage.credentials import CredentialsManager
|
|
21
|
+
from souleyez.storage.findings import FindingsManager
|
|
22
|
+
from souleyez.storage.hosts import HostManager
|
|
23
23
|
from souleyez.storage.wazuh_vulns import WazuhVulnsManager
|
|
24
24
|
|
|
25
25
|
self.hosts_mgr = HostManager()
|
|
@@ -130,8 +130,8 @@ class AttackSurfaceAnalyzer:
|
|
|
130
130
|
f
|
|
131
131
|
for f in findings
|
|
132
132
|
if f.get("ip_address") == host_ip
|
|
133
|
-
or f.get("url"
|
|
134
|
-
or f.get("url"
|
|
133
|
+
or (f.get("url") or "").startswith(f"http://{host_ip}")
|
|
134
|
+
or (f.get("url") or "").startswith(f"https://{host_ip}")
|
|
135
135
|
]
|
|
136
136
|
critical_findings = [
|
|
137
137
|
f for f in host_findings if f.get("severity") == "critical"
|
|
@@ -200,11 +200,11 @@ class AttackSurfaceAnalyzer:
|
|
|
200
200
|
for f in host_findings
|
|
201
201
|
if f.get("port") == service["port"]
|
|
202
202
|
or (
|
|
203
|
-
f.get("path"
|
|
203
|
+
(f.get("path") or "").startswith("https://")
|
|
204
204
|
and service["port"] == 443
|
|
205
205
|
)
|
|
206
206
|
or (
|
|
207
|
-
f.get("path"
|
|
207
|
+
(f.get("path") or "").startswith("http://")
|
|
208
208
|
and service["port"] == 80
|
|
209
209
|
)
|
|
210
210
|
]
|
souleyez/licensing/__init__.py
CHANGED
|
@@ -6,12 +6,12 @@ License keys are signed JSON payloads that can be validated without internet.
|
|
|
6
6
|
"""
|
|
7
7
|
|
|
8
8
|
from souleyez.licensing.validator import (
|
|
9
|
-
LicenseValidator,
|
|
10
9
|
LicenseInfo,
|
|
11
|
-
|
|
10
|
+
LicenseValidator,
|
|
12
11
|
activate_license,
|
|
13
|
-
get_active_license,
|
|
14
12
|
deactivate_license,
|
|
13
|
+
get_active_license,
|
|
14
|
+
validate_license,
|
|
15
15
|
)
|
|
16
16
|
|
|
17
17
|
__all__ = [
|