souleyez 2.43.34__py3-none-any.whl → 3.0.7__py3-none-any.whl

souleyez/parsers/sqlmap_parser.py

@@ -4,8 +4,9 @@ souleyez.parsers.sqlmap_parser
 
 Parses SQLMap SQL injection detection output into structured findings.
 """
+
 import re
-from typing import Dict, Any
+from typing import Any, Dict
 
 
 def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
@@ -181,6 +182,29 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
                     elif method == "POST" and effective_post_data:
                         result["injectable_post_data"] = effective_post_data
 
+                    # Look ahead for Type: lines to extract techniques
+                    techniques = []
+                    technique_str = None
+                    for m in range(j + 1, min(j + 20, len(lines))):
+                        type_line = lines[m].strip()
+                        if type_line.startswith("Type:"):
+                            tech_type = type_line.replace("Type:", "").strip()
+                            techniques.append(tech_type)
+                            if not technique_str:
+                                technique_str = tech_type
+                        elif type_line.startswith("---") and techniques:
+                            break  # End of technique block
+                        elif type_line.startswith("[") and techniques:
+                            break  # Hit next section
+
+                    # Determine technique string
+                    if len(techniques) > 1:
+                        technique_str = "multiple"
+                    elif techniques:
+                        technique_str = techniques[0]
+                    else:
+                        technique_str = "sqli"
+
                     # Add vulnerability entry
                     result["vulnerabilities"].append(
                         {
@@ -190,6 +214,8 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
                             "injectable": True,
                             "severity": "critical",
                             "description": f"Parameter '{param}' is vulnerable to SQL injection (resumed from session)",
+                            "technique": technique_str,
+                            "dbms": "Unknown",  # Will be updated later if found
                         }
                     )
 
@@ -199,7 +225,7 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
                         "parameter": param,
                         "method": method,
                         "post_data": effective_post_data,
-                        "techniques": [],
+                        "techniques": techniques,
                     }
                     if not any(
                         ip["url"] == injection_point["url"]
@@ -498,6 +524,8 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
                         "injectable": True,
                         "severity": "critical",
                         "description": f"Parameter '{param}' is vulnerable to SQL injection",
+                        "technique": "sqli",
+                        "dbms": result.get("dbms", "Unknown"),
                     }
                 )
 
@@ -829,6 +857,12 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
         if best["post_data"]:
             result["injectable_post_data"] = best["post_data"]
 
+    # POST-PROCESSING: Update vulnerabilities with actual DBMS if it was parsed later
+    if result.get("dbms"):
+        for vuln in result["vulnerabilities"]:
+            if vuln.get("dbms") == "Unknown" or vuln.get("dbms") is None:
+                vuln["dbms"] = result["dbms"]
+
     return result
 
 

souleyez/parsers/theharvester_parser.py

@@ -4,8 +4,9 @@ souleyez.parsers.theharvester_parser
 
 Parses theHarvester OSINT output into structured data.
 """
+
 import re
-from typing import Dict, Any
+from typing import Any, Dict
 
 
 def parse_theharvester_output(output: str, target: str = "") -> Dict[str, Any]:

souleyez/parsers/whois_parser.py

@@ -4,8 +4,9 @@ souleyez.parsers.whois_parser
 
 Parses WHOIS domain information output into structured OSINT data.
 """
+
 import re
-from typing import Dict, List, Any
+from typing import Any, Dict, List
 
 
 def parse_whois_output(output: str, target: str = "") -> Dict[str, Any]:

souleyez/parsers/wpscan_parser.py

@@ -4,9 +4,10 @@ souleyez.parsers.wpscan_parser
 
 Parses WPScan WordPress vulnerability scan output into structured findings.
 """
-import re
+
 import json
-from typing import Dict, List, Any, Optional
+import re
+from typing import Any, Dict, List, Optional
 
 
 def parse_wpscan_output(output: str, target: str = "") -> Dict[str, Any]:

souleyez/plugins/afp.py

@@ -5,12 +5,14 @@ souleyez.plugins.afp
 AFP (Apple Filing Protocol) enumeration plugin.
 Discovers AFP shares on macOS systems.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "AFP — Apple File Sharing Enumeration",

souleyez/plugins/afp_brute.py

@@ -5,12 +5,14 @@ souleyez.plugins.afp_brute
 AFP brute force plugin using Hydra.
 Attacks AFP file sharing on macOS systems.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "AFP Brute — Apple File Sharing Attack",

souleyez/plugins/ard.py

@@ -5,12 +5,14 @@ souleyez.plugins.ard
 ARD/VNC (Apple Remote Desktop) enumeration plugin.
 Discovers VNC/ARD services on macOS systems.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "ARD — Apple Remote Desktop/VNC Enumeration",

souleyez/plugins/bloodhound.py

@@ -2,10 +2,11 @@
 """
 Bloodhound plugin - Active Directory attack path mapping.
 """
-import subprocess
+
 import json
-from pathlib import Path
+import subprocess
 from datetime import datetime
+from pathlib import Path
 
 HELP = {
     "name": "Bloodhound - Active Directory Attack Path Mapping",

souleyez/plugins/certipy.py

@@ -2,6 +2,7 @@
 """
 souleyez.plugins.certipy - Active Directory Certificate Services (ADCS) enumeration
 """
+
 import subprocess
 import time
 from typing import List

souleyez/plugins/crackmapexec.py

@@ -4,12 +4,14 @@ souleyez.plugins.crackmapexec - Swiss army knife for Windows/AD pentesting
 
 Note: Uses NetExec (netexec/nxc), the successor to CrackMapExec
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "CrackMapExec (CME) - Windows/AD Pentesting Tool",
@@ -248,6 +250,8 @@ class CrackMapExecPlugin(PluginBase):
         elif protocol not in args:
             cmd.extend(["--shares"])
 
+        # For anonymous enumeration, use null session with empty domain
+        # netexec 1.5.0 requires -d '' for proper null session (1.4.0 didn't need it)
         has_creds = any(arg in cmd for arg in ["-u", "--username", "-p", "--password"])
         has_enum = any(
             arg in cmd
@@ -267,6 +271,8 @@ class CrackMapExecPlugin(PluginBase):
             cmd.insert(insert_pos + 1, "")
             cmd.insert(insert_pos + 2, "-p")
             cmd.insert(insert_pos + 3, "")
+            cmd.insert(insert_pos + 4, "-d")
+            cmd.insert(insert_pos + 5, "")
 
         return {"cmd": cmd, "timeout": 1800}
 
@@ -341,8 +347,8 @@ class CrackMapExecPlugin(PluginBase):
             # No protocol specified in args, add default behavior
             cmd.extend(["--shares"])
 
-        # Auto-add null credentials for unauthenticated enumeration if no creds specified
-        # Check if -u or --username already in command
+        # For anonymous enumeration, use null session with empty domain
+        # netexec 1.5.0 requires -d '' for proper null session (1.4.0 didn't need it)
         has_creds = any(arg in cmd for arg in ["-u", "--username", "-p", "--password"])
         has_enum = any(
             arg in cmd
@@ -357,15 +363,13 @@ class CrackMapExecPlugin(PluginBase):
         )
 
         if has_enum and not has_creds:
-            # Add null session credentials after ALL targets but before flags
-            # Position: 1 (netexec) + 1 (protocol) + len(target_list)
-            # Example: ['netexec', 'smb', '10.0.0.14', '10.0.0.82', '--shares']
-            # Insert at position 4: ['netexec', 'smb', '10.0.0.14', '10.0.0.82', '-u', '', '-p', '', '--shares']
             insert_pos = 2 + len(target_list)
             cmd.insert(insert_pos, "-u")
             cmd.insert(insert_pos + 1, "")
             cmd.insert(insert_pos + 2, "-p")
             cmd.insert(insert_pos + 3, "")
+            cmd.insert(insert_pos + 4, "-d")
+            cmd.insert(insert_pos + 5, "")
 
         if not log_path:
             try:

souleyez/plugins/dalfox.py

@@ -2,14 +2,17 @@
 """
 souleyez.plugins.dalfox - XSS vulnerability scanner
 """
+
 from __future__ import annotations
+
+import json
 import subprocess
 import time
-import json
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_url
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_url, ValidationError
 
 HELP = {
     "name": "Dalfox - XSS Vulnerability Scanner",

souleyez/plugins/dns_hijack.py

@@ -5,12 +5,14 @@ souleyez.plugins.dns_hijack
 DNS hijacking detection plugin.
 Checks if a router is performing DNS hijacking/redirection.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "DNS Hijack — DNS Manipulation Detection",

souleyez/plugins/dnsrecon.py

@@ -4,12 +4,14 @@ souleyez.plugins.dnsrecon
 
 DNSRecon DNS enumeration and reconnaissance plugin.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "DNSRecon — DNS Enumeration Tool",

souleyez/plugins/enum4linux.py

@@ -4,12 +4,14 @@ souleyez.plugins.enum4linux
 
 Enum4linux SMB enumeration plugin with unified interface.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "enum4linux (SMB Enumeration)",

souleyez/plugins/evil_winrm.py

@@ -4,6 +4,7 @@ souleyez.plugins.evil_winrm
 
 Evil-WinRM - Windows Remote Management Shell plugin.
 """
+
 import subprocess
 import time
 from typing import List

souleyez/plugins/ffuf.py

@@ -2,11 +2,13 @@
 """
 souleyez.plugins.ffuf - Fast web fuzzer
 """
+
 import subprocess
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_url
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_url, ValidationError
 
 HELP = {
     "name": "ffuf - Fast Web Fuzzer",

souleyez/plugins/firmware_extract.py

@@ -5,10 +5,11 @@ souleyez.plugins.firmware_extract
 Firmware extraction and analysis plugin using binwalk.
 Extracts and analyzes router firmware images.
 """
-import subprocess
+
+import os
 import shutil
+import subprocess
 import time
-import os
 from typing import List
 
 from .plugin_base import PluginBase

souleyez/plugins/gobuster.py

@@ -2,18 +2,21 @@
 """
 souleyez.plugins.gobuster
 """
+
 from __future__ import annotations
+
+import re
 import subprocess
 import time
-import re
 import uuid
-from typing import List, Dict, Optional
+from typing import Dict, List, Optional
 from urllib.parse import urlparse
 
 import requests
 
+from souleyez.security.validation import ValidationError, validate_url
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_url, ValidationError
 
 HELP = {
     "name": "Gobuster — Directory, File & DNS/VHost Brute-Force Tool",

souleyez/plugins/gpp_extract.py

@@ -4,6 +4,7 @@ GPP (Group Policy Preferences) credential extraction plugin.
 
 Downloads GPP XML files from SMB shares and extracts/decrypts cPassword values.
 """
+
 import os
 import re
 import subprocess

souleyez/plugins/hashcat.py

@@ -4,9 +4,10 @@ souleyez.plugins.hashcat
 
 Hashcat password cracking plugin.
 """
+
+import os
 import subprocess
 import time
-import os
 from typing import List
 
 from .plugin_base import PluginBase

souleyez/plugins/http_fingerprint.py

@@ -337,50 +337,79 @@ class HttpFingerprintPlugin(PluginBase):
             target = f"http://{target}"
 
         try:
-            # Smart dual-probe: try both HTTP and HTTPS, use the better one
-            result, effective_url = self._smart_probe(target, timeout)
+            # Use thread-based hard timeout to prevent indefinite hangs
+            # urllib timeouts don't always work if server accepts connection but stalls
+            from concurrent.futures import ThreadPoolExecutor
+            from concurrent.futures import TimeoutError as FuturesTimeout
+
+            hard_timeout = timeout * 3  # 30 seconds max for entire probe operation
+
+            with ThreadPoolExecutor(max_workers=1) as executor:
+                future = executor.submit(self._smart_probe, target, timeout)
+                try:
+                    result, effective_url = future.result(timeout=hard_timeout)
+                except FuturesTimeout:
+                    # Hard timeout hit - server is unresponsive
+                    result = {
+                        "error": f"Timeout: server did not respond within {hard_timeout}s",
+                        "status_code": None,
+                        "server": None,
+                        "waf": [],
+                        "cdn": [],
+                        "managed_hosting": None,
+                        "technologies": [],
+                        "headers": {},
+                        "cookies": [],
+                        "tls": None,
+                        "redirect_url": None,
+                    }
+                    effective_url = target
+
             output = self._format_output(effective_url, result, label)
 
             if log_path:
                 with open(log_path, "a", encoding="utf-8", errors="replace") as fh:
                     fh.write(output)
-                    # Fetch robots.txt and sitemap.xml for path discovery
-                    robots_paths, sitemap_paths = self._fetch_robots_sitemap(
-                        effective_url, timeout
-                    )
-                    result["robots_paths"] = robots_paths
-                    result["sitemap_paths"] = sitemap_paths
-
-                    # Quick path probing for CMS, admin panels, API endpoints
-                    quick_probe = self._quick_path_probe(effective_url, timeout)
-                    result["cms_detected"] = quick_probe.get("cms")
-                    result["admin_panels"] = quick_probe.get("admin_panels", [])
-                    result["api_endpoints"] = quick_probe.get("api_endpoints", [])
-
-                    # Write additional detections to log
-                    if quick_probe.get("cms"):
-                        cms = quick_probe["cms"]
-                        fh.write(f"\n{'=' * 40}\n")
-                        fh.write(
-                            f"CMS DETECTED: {cms['name']} ({cms['confidence']} confidence)\n"
-                        )
-                        for p in cms["paths"]:
-                            fh.write(f"  - {p['path']} (HTTP {p['status']})\n")
-                        fh.write(f"{'=' * 40}\n")
 
-                    if quick_probe.get("admin_panels"):
-                        fh.write(f"\nADMIN PANELS FOUND:\n")
-                        for panel in quick_probe["admin_panels"]:
+                    # Skip additional probing if initial fingerprint failed
+                    if not result.get("error"):
+                        # Fetch robots.txt and sitemap.xml for path discovery
+                        robots_paths, sitemap_paths = self._fetch_robots_sitemap(
+                            effective_url, timeout
+                        )
+                        result["robots_paths"] = robots_paths
+                        result["sitemap_paths"] = sitemap_paths
+
+                        # Quick path probing for CMS, admin panels, API endpoints
+                        quick_probe = self._quick_path_probe(effective_url, timeout)
+                        result["cms_detected"] = quick_probe.get("cms")
+                        result["admin_panels"] = quick_probe.get("admin_panels", [])
+                        result["api_endpoints"] = quick_probe.get("api_endpoints", [])
+
+                        # Write additional detections to log
+                        if quick_probe.get("cms"):
+                            cms = quick_probe["cms"]
+                            fh.write(f"\n{'=' * 40}\n")
                             fh.write(
-                                f"  - {panel['name']}: {panel['url']} (HTTP {panel['status']})\n"
+                                f"CMS DETECTED: {cms['name']} ({cms['confidence']} confidence)\n"
                             )
+                            for p in cms["paths"]:
+                                fh.write(f"  - {p['path']} (HTTP {p['status']})\n")
+                            fh.write(f"{'=' * 40}\n")
+
+                        if quick_probe.get("admin_panels"):
+                            fh.write(f"\nADMIN PANELS FOUND:\n")
+                            for panel in quick_probe["admin_panels"]:
+                                fh.write(
+                                    f"  - {panel['name']}: {panel['url']} (HTTP {panel['status']})\n"
+                                )
 
-                    if quick_probe.get("api_endpoints"):
-                        fh.write(f"\nAPI ENDPOINTS FOUND:\n")
-                        for api in quick_probe["api_endpoints"]:
-                            fh.write(
-                                f"  - {api['type']}: {api['url']} (HTTP {api['status']})\n"
-                            )
+                        if quick_probe.get("api_endpoints"):
+                            fh.write(f"\nAPI ENDPOINTS FOUND:\n")
+                            for api in quick_probe["api_endpoints"]:
+                                fh.write(
+                                    f"  - {api['type']}: {api['url']} (HTTP {api['status']})\n"
+                                )
 
                     # Write JSON result for parsing
                     fh.write("\n\n=== JSON_RESULT ===\n")
@@ -413,8 +442,32 @@ class HttpFingerprintPlugin(PluginBase):
             tuple: (result_dict, effective_url)
         """
         parsed = urlparse(target)
+
+        # Quick connectivity check - fail fast if port isn't responding
         host = parsed.hostname
         port = parsed.port or (443 if parsed.scheme == "https" else 80)
+        try:
+            with socket.create_connection(
+                (host, port), timeout=min(timeout, 5)
+            ) as sock:
+                pass  # Just checking if we can connect
+        except (socket.timeout, socket.error, OSError) as e:
+            # Port not responding - return error result immediately
+            return {
+                "error": f"Connection failed: {e}",
+                "status_code": None,
+                "server": None,
+                "waf": [],
+                "cdn": [],
+                "managed_hosting": None,
+                "technologies": [],
+                "headers": {},
+                "cookies": [],
+                "tls": None,
+                "redirect_url": None,
+                "protocol_detection": "failed",
+                "effective_url": target,
+            }, target
 
         # Build both URL variants
         http_url = (
@@ -564,6 +617,11 @@ class HttpFingerprintPlugin(PluginBase):
         import urllib.error
         import urllib.request
 
+        # Set global socket timeout to prevent hanging on slow/unresponsive servers
+        # This is a safety net - individual requests also have timeouts
+        old_timeout = socket.getdefaulttimeout()
+        socket.setdefaulttimeout(timeout + 5)  # Slightly longer than request timeout
+
         result = {
             "server": None,
             "server_version": None,
@@ -700,6 +758,10 @@ class HttpFingerprintPlugin(PluginBase):
         except Exception as e:
             result["error"] = f"{type(e).__name__}: {e}"
 
+        finally:
+            # Restore original socket timeout
+            socket.setdefaulttimeout(old_timeout)
+
         return result
 
     def _detect_waf(self, headers: Dict[str, str], cookies: List[str]) -> List[str]:
@@ -1021,9 +1083,60 @@ class HttpFingerprintPlugin(PluginBase):
         # Track CMS detections to avoid duplicates
         cms_detected = {}
 
+        # CMS-specific content markers to verify detection (prevents SPA false positives)
+        cms_content_markers = {
+            "WordPress": [
+                b"wp-login",
+                b"wp-includes",
+                b"wp-content",
+                b"wordpress",
+                b"wlwmanifest",
+                b"xmlrpc.php",
+            ],
+            "Joomla": [b"joomla", b"com_content", b"/administrator/"],
+            "Drupal": [b"drupal", b"sites/default", b"sites/all"],
+            "TYPO3": [b"typo3", b"typo3conf"],
+            "Sitecore": [b"sitecore"],
+        }
+
         for path, category, subtype in paths_to_check:
             try:
                 url = base.rstrip("/") + path
+
+                # For CMS detection, use GET to verify content (prevents SPA false positives)
+                # SPAs return 200 for all routes but with same content
+                if category == "cms":
+                    req = urllib.request.Request(
+                        url,
+                        method="GET",
+                        headers={
+                            "User-Agent": "Mozilla/5.0 (compatible; SoulEyez/1.0)"
+                        },
+                    )
+                    try:
+                        with urllib.request.urlopen(
+                            req, timeout=timeout, context=ctx
+                        ) as response:
+                            status = response.getcode()
+                            # Read first 4KB to check for CMS markers
+                            content = response.read(4096).lower()
+                    except urllib.error.HTTPError as e:
+                        status = e.code
+                        content = b""
+
+                    # Verify response contains CMS-specific content
+                    if status in (200, 301, 302, 401, 403):
+                        markers = cms_content_markers.get(subtype, [])
+                        has_cms_content = any(marker in content for marker in markers)
+                        if has_cms_content:
+                            if subtype not in cms_detected:
+                                cms_detected[subtype] = []
+                            cms_detected[subtype].append(
+                                {"path": path, "status": status}
+                            )
+                    continue
+
+                # For admin/API detection, HEAD is fine (just checking existence)
                 req = urllib.request.Request(
                     url,
                     method="HEAD",
@@ -1040,11 +1153,7 @@ class HttpFingerprintPlugin(PluginBase):
 
                 # Consider 2xx, 3xx, 401, 403 as "exists"
                 if status in (200, 201, 204, 301, 302, 303, 307, 308, 401, 403):
-                    if category == "cms":
-                        if subtype not in cms_detected:
-                            cms_detected[subtype] = []
-                        cms_detected[subtype].append({"path": path, "status": status})
-                    elif category == "admin":
+                    if category == "admin":
                         result["admin_panels"].append(
                             {
                                 "path": path,