souleyez 3.0.0__py3-none-any.whl → 3.0.7__py3-none-any.whl

souleyez/core/tool_chaining.py

@@ -4,12 +4,12 @@ souleyez.core.tool_chaining - Intelligent tool chaining and workflow automation
 
 Automatically triggers follow-up scans based on discovered services and findings.
 """
-from typing import List, Dict, Any, Optional
+
 from dataclasses import dataclass, field
 from datetime import datetime
+from typing import Any, Dict, List, Optional
 from urllib.parse import urlparse
 
-
 # Category constants for chain rules
 CATEGORY_CTF = "ctf"  # Lab/learning scenarios - vulnerable by design
 CATEGORY_ENTERPRISE = "enterprise"  # Real-world enterprise testing
@@ -58,7 +58,8 @@ CATEGORY_ICONS = {
 SERVICE_GROUPS = {
     "http": {
         "services": ["http", "https", "http-alt", "http-proxy", "https-alt"],
-        "ports": [80, 443, 8080, 8000, 8443, 3000, 5000, 8888, 9000, 9090],
+        # Port 11434 is Ollama API - runs HTTP but nmap often identifies as "unknown"
+        "ports": [80, 443, 8080, 8000, 8443, 3000, 5000, 8888, 9000, 9090, 11434],
     },
     "smb": {
         "services": ["microsoft-ds", "netbios-ssn", "smb"],
@@ -150,8 +151,8 @@ def should_test_url_for_sqli(endpoint_url: str) -> bool:
     if has_params:
         # Even with params, skip known non-injectable applications
         hard_skip = [
-            "/phpmyadmin/",   # phpMyAdmin - DB admin tool, not a target
-            "/phpmyadmin?",   # phpMyAdmin with params
+            "/phpmyadmin/",  # phpMyAdmin - DB admin tool, not a target
+            "/phpmyadmin?",  # phpMyAdmin with params
         ]
         if any(pattern in path_lower for pattern in hard_skip):
             return False
@@ -165,13 +166,13 @@ def should_test_url_for_sqli(endpoint_url: str) -> bool:
     # No query params - apply stricter filtering
     # Skip known non-injectable paths (only when no params)
     skip_patterns = [
-        "/twiki/",        # TWiki wiki - not SQLi vulnerable
-        "/phpmyadmin/",   # phpMyAdmin - DB admin, not SQLi target
-        "/phpmyadmin.",   # phpMyAdmin CSS/JS files
-        "/phpinfo",       # phpinfo() output - no injection
-        "/cgi-bin/",      # Base CGI dir without script - no injection
-        "/misc/",         # Drupal/CMS static assets directory
-        "/modules/",      # Drupal modules directory (static files)
+        "/twiki/",  # TWiki wiki - not SQLi vulnerable
+        "/phpmyadmin/",  # phpMyAdmin - DB admin, not SQLi target
+        "/phpmyadmin.",  # phpMyAdmin CSS/JS files
+        "/phpinfo",  # phpinfo() output - no injection
+        "/cgi-bin/",  # Base CGI dir without script - no injection
+        "/misc/",  # Drupal/CMS static assets directory
+        "/modules/",  # Drupal modules directory (static files)
     ]
     if any(pattern in path_lower for pattern in skip_patterns):
         return False
@@ -186,10 +187,17 @@ def should_test_url_for_sqli(endpoint_url: str) -> bool:
 
     # Skip common default/utility pages that rarely have injectable forms
     useless_dynamic_pages = [
-        "/index.php", "/index.asp", "/index.aspx", "/index.jsp",
-        "/default.php", "/default.asp", "/default.aspx",
-        "/home.php", "/home.asp",
-        "/info.php", "/test.php",
+        "/index.php",
+        "/index.asp",
+        "/index.aspx",
+        "/index.jsp",
+        "/default.php",
+        "/default.asp",
+        "/default.aspx",
+        "/home.php",
+        "/home.asp",
+        "/info.php",
+        "/test.php",
     ]
     if not has_params:
         # Only check this list for pages without params
@@ -361,8 +369,8 @@ def get_managed_hosting_platform(
 # These patterns identify URLs/paths that should be skipped for specific tools
 # to reduce noise and wasted scans.
 
-import re
 import logging
+import re
 
 logger = logging.getLogger(__name__)
 
@@ -867,9 +875,9 @@ class ChainRule:
                 # Check product version (e.g., 'version:nginx:<1.19', 'version:apache:>=2.4.49,<=2.4.50')
                 # cond_value format: 'product:version_conditions'
                 from souleyez.core.version_utils import (
-                    parse_version_spec,
                     matches_version,
                     normalize_product_name,
+                    parse_version_spec,
                 )
 
                 target_product, version_conditions = parse_version_spec(cond_value)
@@ -1006,7 +1014,7 @@ class ChainRule:
             # For has:services condition, extract port from the services array
             # Prioritize HTTP services for web tools (gobuster, nuclei, etc.)
             services = context.get("services", [])
-            http_ports = {80, 443, 8080, 8443, 8000, 8888, 3000, 5000}
+            http_ports = {80, 443, 8080, 8443, 8000, 8888, 3000, 5000, 11434}
 
             # First pass: look for HTTP service by name or common HTTP ports
             for svc in services:
@@ -4579,8 +4587,8 @@ class ToolChaining:
         """Generate ChainRules from CVE database for version-aware chaining."""
         try:
             from souleyez.core.cve_mappings import (
-                get_all_cves,
                 generate_version_condition,
+                get_all_cves,
             )
         except ImportError:
             return  # CVE mappings not available
@@ -4711,8 +4719,8 @@ class ToolChaining:
 
         # Verify license allows auto-chaining
         try:
+            from souleyez.feature_flags.features import Feature, FeatureFlags
             from souleyez.licensing import get_active_license
-            from souleyez.feature_flags.features import Features, Feature
 
             license_info = get_active_license()
             # Check tier directly - if license exists with PRO tier, allow it
@@ -4724,7 +4732,7 @@ class ToolChaining:
                 elif license_info.is_valid and license_info.tier:
                     user_tier = license_info.tier
 
-            if not Features.is_enabled(Feature.AUTO_CHAINING, user_tier):
+            if not FeatureFlags.is_enabled(Feature.AUTO_CHAINING, user_tier):
                 # User doesn't have PRO - disable auto-chaining
                 from souleyez.log_config import get_logger
 
@@ -4752,9 +4760,9 @@ class ToolChaining:
         try:
             from souleyez import config
 
-            return config.get("ai.chain_mode", "suggest")
+            return config.get("ai.chain_mode", "off")
         except Exception:
-            return "suggest"  # Default to suggest mode
+            return "off"  # Default to off - AI advisor is opt-in
 
     def get_ai_recommendations(
         self,
@@ -5327,9 +5335,9 @@ class ToolChaining:
                 ...
             ]
         """
-        from souleyez.log_config import get_logger
         from souleyez.core.web_utils import check_http_redirect
         from souleyez.engine.background import get_job
+        from souleyez.log_config import get_logger
 
         logger = get_logger(__name__)
 
@@ -6000,9 +6008,9 @@ class ToolChaining:
                         if is_wordlist:
                             logger.info(f"Discovered potential wordlist: {path_url}")
                             try:
-                                import urllib.request
-                                import ssl
                                 import os as os_module
+                                import ssl
+                                import urllib.request
 
                                 # Create discovered wordlists directory
                                 wordlist_dir = os_module.path.join(
@@ -6092,8 +6100,14 @@ class ToolChaining:
                         f"http_fingerprint detected CMS: {cms_detected.get('name')} ({cms_confidence} confidence)"
                     )
 
-                    # Trigger appropriate CMS scanner
-                    if "wordpress" in cms_name:
+                    # Only trigger CMS scanners with high confidence detection
+                    # Medium/low confidence often means false positives (e.g., SPAs returning
+                    # non-404 for /wp-admin/ paths). Require 2+ paths matched for high confidence.
+                    if cms_confidence != "high":
+                        logger.info(
+                            f"Skipping CMS scanner - {cms_confidence} confidence is insufficient (need 'high')"
+                        )
+                    elif "wordpress" in cms_name:
                         try:
                             enqueue_job(
                                 tool="wpscan",
@@ -6390,10 +6404,10 @@ class ToolChaining:
                 if is_tables_phase and not is_dump_phase and tables and len(tables) > 0:
                     # Just finished --tables phase, use hybrid approach
                     from souleyez.intelligence.sensitive_tables import (
-                        prioritize_tables,
+                        is_sensitive_table_name,
                         is_system_database,
                         is_system_table,
-                        is_sensitive_table_name,
+                        prioritize_tables,
                     )
                     from souleyez.log_config import get_logger
 
@@ -6693,8 +6707,8 @@ class ToolChaining:
                 if is_dump_phase:
                     # === Chain to Hydra for credential reuse testing ===
                     from souleyez.engine.background import enqueue_job
-                    from souleyez.storage.hosts import HostManager
                     from souleyez.log_config import get_logger
+                    from souleyez.storage.hosts import HostManager
 
                     logger = get_logger(__name__)
 
@@ -6838,8 +6852,8 @@ class ToolChaining:
                             hash_groups[hash_type].append(cred)
 
                     if hash_groups:
-                        import tempfile
                         import os
+                        import tempfile
 
                         # Map hash types to hashcat modes
                         hashcat_modes = {
@@ -6988,10 +7002,11 @@ class ToolChaining:
                 # Check if databases were enumerated (trigger --tables per database)
                 elif databases and len(databases) > 0:
                     # Filter out system databases (zero pentest value)
+                    import re
+
                     from souleyez.intelligence.sensitive_tables import (
                         is_system_database,
                     )
-                    import re
 
                     def is_garbage_db_name(name: str) -> bool:
                         """Detect SQLMap marker strings or broken extraction results."""
@@ -8764,8 +8779,8 @@ class ToolChaining:
                         lfi_extract_args = ["--max-urls", "10"]
 
                         # Write URLs to temp file for batch processing
-                        import tempfile
                         import os as os_module
+                        import tempfile
 
                         tmp_dir = os_module.path.join(
                             os_module.path.expanduser("~"), ".souleyez", "tmp"
@@ -9008,8 +9023,8 @@ class ToolChaining:
                         path = ""
 
                     # Create temp file with usernames
-                    import tempfile
                     import os as os_module
+                    import tempfile
 
                     tmp_dir = os_module.path.join(
                         os_module.path.expanduser("~"), ".souleyez", "tmp"
@@ -9259,10 +9274,14 @@ class ToolChaining:
                         # Skip external URLs - only test URLs on the original target host
                         try:
                             from urllib.parse import urlparse
+
                             parsed_url = urlparse(url)
                             parsed_target = urlparse(target)
                             if parsed_url.netloc and parsed_target.netloc:
-                                if parsed_url.netloc.lower() != parsed_target.netloc.lower():
+                                if (
+                                    parsed_url.netloc.lower()
+                                    != parsed_target.netloc.lower()
+                                ):
                                     logger.debug(f"  Skipping external URL: {url}")
                                     continue
                         except Exception:
@@ -9270,19 +9289,26 @@ class ToolChaining:
 
                         # Skip non-injectable paths (TWiki, phpMyAdmin, Apache dir params)
                         skip_patterns = [
-                            "/twiki/",        # TWiki wiki - not SQLi vulnerable
-                            "/phpmyadmin/",   # phpMyAdmin - DB admin, not SQLi
-                            "/phpmyadmin.",   # phpMyAdmin CSS/JS files
-                            "?c=d", "?c=s", "?c=m", "?c=n",  # Apache dir listing sort params
-                            "?o=a", "?o=d",   # Apache dir listing order params
-                            ";o=a", ";o=d",   # Apache dir listing (semicolon variant)
-                            "/misc/",         # Drupal/CMS static assets directory
-                            "/modules/",      # Drupal modules directory (static files)
+                            "/twiki/",  # TWiki wiki - not SQLi vulnerable
+                            "/phpmyadmin/",  # phpMyAdmin - DB admin, not SQLi
+                            "/phpmyadmin.",  # phpMyAdmin CSS/JS files
+                            "?c=d",
+                            "?c=s",
+                            "?c=m",
+                            "?c=n",  # Apache dir listing sort params
+                            "?o=a",
+                            "?o=d",  # Apache dir listing order params
+                            ";o=a",
+                            ";o=d",  # Apache dir listing (semicolon variant)
+                            "/misc/",  # Drupal/CMS static assets directory
+                            "/modules/",  # Drupal modules directory (static files)
                         ]
                         # Also skip static files with version/cache-busting params
                         # These are not injectable: /jquery.js?v=1.2.3, /style.css?ver=5.0
                         if ".js?" in path_lower or ".css?" in path_lower:
-                            logger.debug(f"  Skipping static file with cache param: {url}")
+                            logger.debug(
+                                f"  Skipping static file with cache param: {url}"
+                            )
                             continue
                         if any(pattern in path_lower for pattern in skip_patterns):
                             logger.debug(f"  Skipping non-injectable path: {url}")
@@ -9696,8 +9722,8 @@ class ToolChaining:
 
                 if asrep_hashes:
                     # Create temp file with AS-REP hashes for hashcat
-                    import tempfile
                     import os
+                    import tempfile
 
                     # Create hash file (uses secure tempdir)
                     hash_file = tempfile.NamedTemporaryFile(
@@ -9746,8 +9772,8 @@ class ToolChaining:
 
                 if hashes:
                     # Create temp file with NTLM hashes for hashcat
-                    import tempfile
                     import os
+                    import tempfile
 
                     # Create hash file in format: username:hash (uses secure tempdir)
                     hash_file = tempfile.NamedTemporaryFile(
@@ -9934,7 +9960,8 @@ class ToolChaining:
                             stored_creds = cred_mgr.list_credentials(
                                 engagement_id, host_id=host["id"]
                             )
-                            # Find SMB/Windows credentials
+                            # Find SMB/Windows credentials - prefer passwords over hashes
+                            # Hashes require different auth flags and may be from later chain stages
                             for cred in stored_creds:
                                 if cred.get("service") in [
                                     "smb",
@@ -9942,8 +9969,12 @@ class ToolChaining:
                                     "ldap",
                                     "windows",
                                 ]:
-                                    smb_creds = cred
-                                    break
+                                    # Only use password-type creds, not hashes
+                                    # Hashes need --hash flag and may be stale from previous runs
+                                    cred_type = cred.get("credential_type", "password")
+                                    if cred_type in ["password", "plaintext"]:
+                                        smb_creds = cred
+                                        break
                     except Exception as e:
                         logger.debug(f"Could not get stored credentials: {e}")
 
@@ -9980,14 +10011,10 @@ class ToolChaining:
                                 f"Using stored credentials ({username}) for share access"
                             )
                         else:
-                            # Use null session - smbmap handles this with empty creds
+                            # Use null session - smbmap defaults to anonymous without -u/-p
                             smbmap_args = [
                                 "-H",
                                 target,
-                                "-u",
-                                "",
-                                "-p",
-                                "",
                                 "-r",
                                 share_name,
                                 "--depth",
@@ -10094,8 +10121,9 @@ class ToolChaining:
 
                 if password_changed and username and new_password:
                     # Check for existing evil-winrm job for same user to avoid duplicates
+                    from datetime import datetime, timedelta, timezone
+
                     from souleyez.engine.background import list_jobs
-                    from datetime import datetime, timezone, timedelta
 
                     try:
                         all_jobs = list_jobs(limit=500)
@@ -10180,9 +10208,10 @@ class ToolChaining:
                         f"Secretsdump extracted {hashes_count} NTLM hash(es), chaining to hashcat"
                     )
 
-                    from souleyez.engine.background import enqueue_job
-                    import tempfile
                     import os
+                    import tempfile
+
+                    from souleyez.engine.background import enqueue_job
 
                     # Create a temporary hash file for hashcat
                     # Format: username:rid:lm:nt::: (but hashcat mode 1000 just needs NT hash)
@@ -10242,9 +10271,10 @@ class ToolChaining:
                         f"GetNPUsers extracted {hashes_count} AS-REP hash(es), chaining to hashcat"
                     )
 
-                    from souleyez.engine.background import enqueue_job
                     import os
 
+                    from souleyez.engine.background import enqueue_job
+
                     # Create a hash file for hashcat
                     hash_dir = os.path.join(
                         os.path.expanduser("~"), ".souleyez", "hashes"
@@ -10433,10 +10463,11 @@ class ToolChaining:
                 hashes = parse_results.get("hashes", [])
 
                 if hashes:
+                    import os
+                    import tempfile
+
                     from souleyez.engine.background import enqueue_job
                     from souleyez.log_config import get_logger
-                    import tempfile
-                    import os
 
                     logger = get_logger(__name__)
                     logger.info(
@@ -10485,9 +10516,9 @@ class ToolChaining:
 
                 if users:
                     # Create temp file with enumerated WordPress usernames
-                    import tempfile
                     import os
                     import re
+                    import tempfile
 
                     fd, usernames_file = tempfile.mkstemp(
                         suffix=".txt", prefix="wpscan_users_"
@@ -10549,8 +10580,8 @@ class ToolChaining:
 
                 if usernames:
                     # Create temp file with validated usernames
-                    import tempfile
                     import os
+                    import tempfile
 
                     fd, usernames_file = tempfile.mkstemp(
                         suffix=".txt", prefix="hydra_users_"
@@ -10599,8 +10630,8 @@ class ToolChaining:
                 credentials = parse_results.get("credentials", [])
                 if credentials:
                     from souleyez.engine.background import enqueue_job
-                    from souleyez.storage.hosts import HostManager
                     from souleyez.log_config import get_logger
+                    from souleyez.storage.hosts import HostManager
 
                     logger = get_logger(__name__)
 
@@ -10681,8 +10712,8 @@ class ToolChaining:
             # === NetExec (nxc) credential chain: valid creds → evil_winrm, Kerberoasting, secretsdump ===
             elif tool == "nxc":
                 from souleyez.engine.background import enqueue_job
-                from souleyez.storage.hosts import HostManager
                 from souleyez.log_config import get_logger
+                from souleyez.storage.hosts import HostManager
 
                 logger = get_logger(__name__)
                 logger.info(
@@ -11406,8 +11437,8 @@ class ToolChaining:
                 host_manager = None
                 credentials_manager = None
                 try:
-                    from souleyez.storage.hosts import HostManager
                     from souleyez.storage.credentials import CredentialsManager
+                    from souleyez.storage.hosts import HostManager
 
                     host_manager = HostManager()
                     credentials_manager = CredentialsManager()
@@ -11668,8 +11699,8 @@ class ToolChaining:
                             spray_password = credentials_found[0].get("password", "")
                             if spray_password and len(all_users) > 1:
                                 # Create temporary user list file
-                                import tempfile
                                 import os
+                                import tempfile
 
                                 # Write users to temp file
                                 users_file = os.path.join(
@@ -11760,8 +11791,8 @@ class ToolChaining:
 
                         if domain:
                             # Create temp file with discovered users
-                            import tempfile
                             import os as os_module
+                            import tempfile
 
                             users_file = os_module.path.join(
                                 tempfile.gettempdir(),
@@ -12112,7 +12143,7 @@ class ToolChaining:
         # === END PRE-DEDUPLICATION ===
 
         try:
-            from souleyez.engine.background import enqueue_job, list_jobs, _lock
+            from souleyez.engine.background import _lock, enqueue_job, list_jobs
 
             for cmd in commands:
                 cmd_target = cmd.get("target", "")

souleyez/core/version_utils.py

@@ -5,6 +5,7 @@ souleyez.core.version_utils
 Semantic version parsing and comparison for version-aware tool chaining.
 Supports conditions like: version:nginx:<1.19, version:apache:>=2.4.49,<=2.4.50
 """
+
 import re
 from dataclasses import dataclass
 from enum import Enum

souleyez/core/vuln_correlation.py

@@ -8,9 +8,10 @@ Analyzes findings from multiple tools to:
 3. Prioritize findings based on correlation
 4. Suggest exploit paths
 """
-from typing import List, Dict, Any, Optional
-from dataclasses import dataclass, field
+
 import re
+from dataclasses import dataclass, field
+from typing import Any, Dict, List, Optional
 
 
 @dataclass

souleyez/core/web_utils.py

@@ -4,10 +4,11 @@ Web utility functions for SoulEyez.
 Includes HTTP redirect detection and other web-related helpers.
 """
 
-import requests
 from typing import Dict, Optional
 from urllib.parse import urlparse
 
+import requests
+
 
 def check_http_redirect(ip: str, port: int = 80, timeout: int = 3) -> Dict[str, any]:
     """

souleyez/detection/__init__.py

@@ -1,7 +1,7 @@
 # SoulEyez Detection Validation
 # Correlates attacks with SIEM detections
 
-from .validator import DetectionValidator
 from .attack_signatures import ATTACK_SIGNATURES
+from .validator import DetectionValidator
 
 __all__ = ["DetectionValidator", "ATTACK_SIGNATURES"]

souleyez/detection/attack_signatures.py

@@ -5,7 +5,7 @@ Maps SoulEyez tool names to expected Wazuh detection rules and search patterns.
 Used for correlating attacks with SIEM alerts.
 """
 
-from typing import Dict, Any, List
+from typing import Any, Dict, List
 
 # Detection window in seconds after attack completes
 DEFAULT_DETECTION_WINDOW = 300  # 5 minutes

souleyez/detection/mitre_mappings.py

@@ -5,9 +5,8 @@ Maps SoulEyez attack tools to MITRE ATT&CK techniques and tactics.
 Used for generating detection coverage reports with ATT&CK heatmaps.
 """
 
-from typing import Dict, List, Any, Optional
 from dataclasses import dataclass, field
-
+from typing import Any, Dict, List, Optional
 
 # MITRE ATT&CK Tactics (Enterprise Matrix)
 # Reference: https://attack.mitre.org/tactics/enterprise/

souleyez/detection/validator.py

@@ -9,13 +9,14 @@ Supports multiple SIEM platforms: Wazuh, Splunk, Elastic, Sentinel.
 
 import json
 import os
+from dataclasses import asdict, dataclass, field
 from datetime import datetime, timedelta
-from dataclasses import dataclass, field, asdict
-from typing import List, Dict, Any, Optional
+from typing import Any, Dict, List, Optional
 
+from souleyez.integrations.siem import SIEMClient, SIEMFactory
 from souleyez.storage.database import get_db
-from souleyez.integrations.siem import SIEMFactory, SIEMClient
-from .attack_signatures import get_signature, DEFAULT_DETECTION_WINDOW
+
+from .attack_signatures import DEFAULT_DETECTION_WINDOW, get_signature
 
 # Job queue file location (same as background.py)
 DATA_DIR = os.path.join(os.path.expanduser("~"), ".souleyez", "data")

souleyez/devtools.py

@@ -9,11 +9,13 @@ Command: souleyez dev repair
 - Verifies installed version and import path
 - Prints helpful guidance (no destructive data ops)
 """
+
 from __future__ import annotations
+
 import os
-import sys
-import subprocess
 import shutil
+import subprocess
+import sys
 from pathlib import Path
 
 CSI = "\033["

souleyez/docs/README.md

@@ -1,7 +1,7 @@
 # SoulEyez Documentation
 
-**Version:** 3.0.0
-**Last Updated:** January 29, 2026
+**Version:** 3.0.7
+**Last Updated:** January 31, 2026
 **Organization:** CyberSoul Security
 
 Welcome to the SoulEyez documentation! This documentation covers architecture, development, user guides, and operational information for the SoulEyez penetration testing platform.