souleyez 3.0.0__py3-none-any.whl → 3.0.7__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- souleyez/__init__.py +1 -1
- souleyez/ai/__init__.py +7 -7
- souleyez/ai/action_mapper.py +3 -2
- souleyez/ai/chain_advisor.py +2 -1
- souleyez/ai/claude_provider.py +2 -2
- souleyez/ai/context_builder.py +4 -2
- souleyez/ai/executor.py +9 -6
- souleyez/ai/feedback_handler.py +4 -2
- souleyez/ai/llm_provider.py +2 -2
- souleyez/ai/ollama_provider.py +2 -2
- souleyez/ai/ollama_service.py +10 -26
- souleyez/ai/path_scorer.py +2 -1
- souleyez/ai/recommender.py +6 -4
- souleyez/ai/report_context.py +2 -2
- souleyez/ai/report_service.py +5 -5
- souleyez/ai/result_parser.py +3 -2
- souleyez/ai/safety.py +5 -2
- souleyez/auth/__init__.py +6 -6
- souleyez/auth/audit.py +2 -2
- souleyez/auth/engagement_access.py +5 -7
- souleyez/auth/permissions.py +1 -1
- souleyez/auth/session_manager.py +5 -5
- souleyez/auth/user_manager.py +4 -5
- souleyez/commands/audit.py +6 -5
- souleyez/commands/auth.py +6 -5
- souleyez/commands/deliverables.py +2 -3
- souleyez/commands/engagement.py +3 -3
- souleyez/commands/license.py +3 -2
- souleyez/commands/screenshots.py +5 -4
- souleyez/commands/user.py +10 -8
- souleyez/config.py +4 -2
- souleyez/core/credential_tester.py +4 -2
- souleyez/core/cve_mappings.py +2 -1
- souleyez/core/cve_matcher.py +2 -1
- souleyez/core/msf_auto_mapper.py +2 -0
- souleyez/core/msf_chain_engine.py +3 -1
- souleyez/core/msf_database.py +7 -13
- souleyez/core/msf_integration.py +2 -2
- souleyez/core/msf_rpc_client.py +3 -2
- souleyez/core/msf_rpc_manager.py +4 -4
- souleyez/core/msf_sync_manager.py +7 -7
- souleyez/core/network_utils.py +1 -1
- souleyez/core/parser_handler.py +2 -1
- souleyez/core/pending_chains.py +4 -3
- souleyez/core/templates.py +5 -2
- souleyez/core/tool_chaining.py +101 -70
- souleyez/core/version_utils.py +1 -0
- souleyez/core/vuln_correlation.py +3 -2
- souleyez/core/web_utils.py +2 -1
- souleyez/detection/__init__.py +1 -1
- souleyez/detection/attack_signatures.py +1 -1
- souleyez/detection/mitre_mappings.py +1 -2
- souleyez/detection/validator.py +5 -4
- souleyez/devtools.py +4 -2
- souleyez/docs/README.md +2 -2
- souleyez/engine/background.py +168 -7
- souleyez/engine/base.py +2 -1
- souleyez/engine/loader.py +4 -2
- souleyez/engine/log_sanitizer.py +1 -0
- souleyez/engine/manager.py +3 -1
- souleyez/engine/result_handler.py +50 -67
- souleyez/engine/worker_manager.py +6 -4
- souleyez/export/evidence_bundle.py +1 -0
- souleyez/handlers/base.py +1 -0
- souleyez/handlers/bash_handler.py +1 -0
- souleyez/handlers/bloodhound_handler.py +1 -0
- souleyez/handlers/certipy_handler.py +1 -0
- souleyez/handlers/crackmapexec_handler.py +2 -20
- souleyez/handlers/dnsrecon_handler.py +2 -1
- souleyez/handlers/enum4linux_handler.py +65 -37
- souleyez/handlers/evil_winrm_handler.py +1 -0
- souleyez/handlers/ffuf_handler.py +3 -1
- souleyez/handlers/gobuster_handler.py +7 -6
- souleyez/handlers/gpp_extract_handler.py +1 -0
- souleyez/handlers/hashcat_handler.py +1 -0
- souleyez/handlers/hydra_handler.py +5 -2
- souleyez/handlers/impacket_getuserspns_handler.py +1 -0
- souleyez/handlers/impacket_psexec_handler.py +1 -0
- souleyez/handlers/impacket_secretsdump_handler.py +1 -0
- souleyez/handlers/john_handler.py +1 -0
- souleyez/handlers/katana_handler.py +39 -2
- souleyez/handlers/kerbrute_handler.py +1 -0
- souleyez/handlers/ldapsearch_handler.py +90 -17
- souleyez/handlers/lfi_extract_handler.py +1 -0
- souleyez/handlers/msf_auxiliary_handler.py +1 -0
- souleyez/handlers/msf_exploit_handler.py +1 -0
- souleyez/handlers/nikto_handler.py +2 -1
- souleyez/handlers/nmap_handler.py +2 -1
- souleyez/handlers/nuclei_handler.py +2 -1
- souleyez/handlers/nxc_handler.py +3 -18
- souleyez/handlers/rdp_sec_check_handler.py +1 -0
- souleyez/handlers/registry.py +1 -0
- souleyez/handlers/responder_handler.py +1 -0
- souleyez/handlers/service_explorer_handler.py +2 -1
- souleyez/handlers/smbclient_handler.py +1 -0
- souleyez/handlers/smbmap_handler.py +3 -2
- souleyez/handlers/sqlmap_handler.py +6 -4
- souleyez/handlers/theharvester_handler.py +2 -1
- souleyez/handlers/web_login_test_handler.py +1 -0
- souleyez/handlers/whois_handler.py +3 -2
- souleyez/handlers/wpscan_handler.py +2 -1
- souleyez/history.py +4 -3
- souleyez/importers/msf_importer.py +5 -3
- souleyez/importers/smart_importer.py +6 -4
- souleyez/integrations/siem/__init__.py +6 -6
- souleyez/integrations/siem/base.py +1 -1
- souleyez/integrations/siem/elastic.py +3 -3
- souleyez/integrations/siem/factory.py +1 -2
- souleyez/integrations/siem/googlesecops.py +4 -4
- souleyez/integrations/siem/rule_mappings/wazuh_rules.py +1 -1
- souleyez/integrations/siem/sentinel.py +3 -3
- souleyez/integrations/siem/splunk.py +3 -3
- souleyez/integrations/siem/wazuh.py +4 -4
- souleyez/integrations/wazuh/__init__.py +1 -1
- souleyez/integrations/wazuh/client.py +3 -2
- souleyez/integrations/wazuh/config.py +3 -2
- souleyez/integrations/wazuh/host_mapper.py +3 -1
- souleyez/integrations/wazuh/sync.py +4 -1
- souleyez/intelligence/__init__.py +1 -1
- souleyez/intelligence/correlation_analyzer.py +6 -5
- souleyez/intelligence/exploit_knowledge.py +4 -4
- souleyez/intelligence/exploit_suggestions.py +4 -3
- souleyez/intelligence/gap_analyzer.py +5 -3
- souleyez/intelligence/gap_detector.py +2 -0
- souleyez/intelligence/sensitive_tables.py +1 -1
- souleyez/intelligence/service_parser.py +1 -0
- souleyez/intelligence/surface_analyzer.py +9 -9
- souleyez/intelligence/target_parser.py +1 -0
- souleyez/licensing/__init__.py +3 -3
- souleyez/main.py +25 -18
- souleyez/migrations/fix_job_counter.py +2 -1
- souleyez/parsers/bloodhound_parser.py +1 -0
- souleyez/parsers/crackmapexec_parser.py +2 -1
- souleyez/parsers/dalfox_parser.py +3 -2
- souleyez/parsers/dnsrecon_parser.py +2 -1
- souleyez/parsers/enum4linux_parser.py +2 -1
- souleyez/parsers/ffuf_parser.py +2 -1
- souleyez/parsers/gobuster_parser.py +2 -1
- souleyez/parsers/hashcat_parser.py +3 -2
- souleyez/parsers/http_fingerprint_parser.py +2 -1
- souleyez/parsers/hydra_parser.py +2 -1
- souleyez/parsers/impacket_parser.py +2 -1
- souleyez/parsers/john_parser.py +4 -3
- souleyez/parsers/katana_parser.py +134 -2
- souleyez/parsers/msf_parser.py +2 -1
- souleyez/parsers/nikto_parser.py +2 -1
- souleyez/parsers/nmap_parser.py +14 -3
- souleyez/parsers/nuclei_parser.py +3 -2
- souleyez/parsers/responder_parser.py +1 -0
- souleyez/parsers/searchsploit_parser.py +3 -2
- souleyez/parsers/service_explorer_parser.py +1 -0
- souleyez/parsers/smbmap_parser.py +2 -1
- souleyez/parsers/sqlmap_parser.py +36 -2
- souleyez/parsers/theharvester_parser.py +2 -1
- souleyez/parsers/whois_parser.py +2 -1
- souleyez/parsers/wpscan_parser.py +3 -2
- souleyez/plugins/afp.py +3 -1
- souleyez/plugins/afp_brute.py +3 -1
- souleyez/plugins/ard.py +3 -1
- souleyez/plugins/bloodhound.py +3 -2
- souleyez/plugins/certipy.py +1 -0
- souleyez/plugins/crackmapexec.py +11 -7
- souleyez/plugins/dalfox.py +5 -2
- souleyez/plugins/dns_hijack.py +3 -1
- souleyez/plugins/dnsrecon.py +3 -1
- souleyez/plugins/enum4linux.py +3 -1
- souleyez/plugins/evil_winrm.py +1 -0
- souleyez/plugins/ffuf.py +3 -1
- souleyez/plugins/firmware_extract.py +3 -2
- souleyez/plugins/gobuster.py +6 -3
- souleyez/plugins/gpp_extract.py +1 -0
- souleyez/plugins/hashcat.py +2 -1
- souleyez/plugins/http_fingerprint.py +57 -7
- souleyez/plugins/hydra.py +5 -3
- souleyez/plugins/impacket_common.py +40 -0
- souleyez/plugins/impacket_getnpusers.py +19 -2
- souleyez/plugins/impacket_getuserspns.py +158 -0
- souleyez/plugins/impacket_psexec.py +19 -2
- souleyez/plugins/impacket_secretsdump.py +19 -2
- souleyez/plugins/impacket_smbclient.py +19 -2
- souleyez/plugins/john.py +2 -1
- souleyez/plugins/katana.py +48 -6
- souleyez/plugins/kerbrute.py +1 -0
- souleyez/plugins/lfi_extract.py +1 -0
- souleyez/plugins/macos_ssh.py +3 -1
- souleyez/plugins/mdns.py +3 -1
- souleyez/plugins/msf_auxiliary.py +3 -2
- souleyez/plugins/msf_exploit.py +6 -5
- souleyez/plugins/nikto.py +5 -2
- souleyez/plugins/nmap.py +6 -4
- souleyez/plugins/nuclei.py +3 -1
- souleyez/plugins/nxc.py +1 -0
- souleyez/plugins/plugin_base.py +3 -2
- souleyez/plugins/plugin_template.py +3 -2
- souleyez/plugins/rdp_sec_check.py +1 -0
- souleyez/plugins/responder.py +2 -1
- souleyez/plugins/router_http_brute.py +3 -1
- souleyez/plugins/router_ssh_brute.py +3 -1
- souleyez/plugins/router_telnet_brute.py +3 -1
- souleyez/plugins/routersploit.py +5 -3
- souleyez/plugins/routersploit_exploit.py +5 -3
- souleyez/plugins/searchsploit.py +1 -0
- souleyez/plugins/service_explorer.py +2 -1
- souleyez/plugins/smbmap.py +3 -1
- souleyez/plugins/smbpasswd.py +1 -0
- souleyez/plugins/sqlmap.py +3 -1
- souleyez/plugins/theharvester.py +3 -1
- souleyez/plugins/tr069.py +3 -1
- souleyez/plugins/upnp.py +3 -1
- souleyez/plugins/upnp_abuse.py +4 -2
- souleyez/plugins/vnc_access.py +4 -2
- souleyez/plugins/vnc_brute.py +3 -1
- souleyez/plugins/web_login_test.py +1 -0
- souleyez/plugins/whois.py +3 -1
- souleyez/plugins/wpscan.py +3 -1
- souleyez/reporting/attack_chain.py +2 -1
- souleyez/reporting/charts.py +1 -0
- souleyez/reporting/compliance_mappings.py +1 -0
- souleyez/reporting/detection_report.py +10 -10
- souleyez/reporting/formatters.py +7 -12
- souleyez/reporting/generator.py +34 -46
- souleyez/reporting/metrics.py +2 -1
- souleyez/scanner.py +6 -3
- souleyez/security/__init__.py +7 -5
- souleyez/security/scope_validator.py +5 -4
- souleyez/security.py +5 -2
- souleyez/storage/credentials.py +14 -19
- souleyez/storage/crypto.py +7 -4
- souleyez/storage/database.py +6 -6
- souleyez/storage/db.py +8 -8
- souleyez/storage/deliverable_evidence.py +2 -1
- souleyez/storage/deliverable_exporter.py +3 -2
- souleyez/storage/deliverable_templates.py +2 -1
- souleyez/storage/deliverables.py +2 -1
- souleyez/storage/engagements.py +6 -4
- souleyez/storage/evidence.py +5 -4
- souleyez/storage/execution_log.py +4 -2
- souleyez/storage/exploit_attempts.py +3 -2
- souleyez/storage/exploits.py +3 -1
- souleyez/storage/findings.py +3 -1
- souleyez/storage/hosts.py +5 -2
- souleyez/storage/migrate_to_engagements.py +14 -24
- souleyez/storage/migrations/_001_add_credential_enhancements.py +12 -21
- souleyez/storage/migrations/_003_add_execution_log.py +8 -13
- souleyez/storage/migrations/_005_screenshots.py +2 -4
- souleyez/storage/migrations/_006_deliverables.py +2 -4
- souleyez/storage/migrations/_007_deliverable_templates.py +4 -8
- souleyez/storage/migrations/_008_add_nuclei_table.py +2 -4
- souleyez/storage/migrations/_010_evidence_linking.py +6 -12
- souleyez/storage/migrations/_012_team_collaboration.py +12 -24
- souleyez/storage/migrations/_013_add_host_tags.py +2 -4
- souleyez/storage/migrations/_014_exploit_attempts.py +10 -20
- souleyez/storage/migrations/_015_add_mac_os_fields.py +4 -8
- souleyez/storage/migrations/_016_add_domain_field.py +2 -4
- souleyez/storage/migrations/_017_msf_sessions.py +8 -16
- souleyez/storage/migrations/_018_add_osint_target.py +4 -8
- souleyez/storage/migrations/_019_add_engagement_type.py +4 -8
- souleyez/storage/migrations/_020_add_rbac.py +9 -17
- souleyez/storage/migrations/_021_wazuh_integration.py +4 -8
- souleyez/storage/migrations/_023_fix_detection_results_fk.py +2 -4
- souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +4 -8
- souleyez/storage/migrations/_026_add_engagement_scope.py +4 -8
- souleyez/storage/migrations/_027_multi_siem_persistence.py +8 -16
- souleyez/storage/migrations/__init__.py +1 -4
- souleyez/storage/migrations/migration_manager.py +6 -9
- souleyez/storage/msf_sessions.py +1 -1
- souleyez/storage/osint.py +3 -1
- souleyez/storage/recommendation_engine.py +3 -2
- souleyez/storage/screenshots.py +2 -1
- souleyez/storage/smb_shares.py +3 -1
- souleyez/storage/sqlmap_data.py +6 -4
- souleyez/storage/team_collaboration.py +3 -2
- souleyez/storage/timeline_tracker.py +2 -1
- souleyez/storage/wazuh_vulns.py +3 -1
- souleyez/storage/web_paths.py +3 -1
- souleyez/testing/credential_tester.py +2 -0
- souleyez/ui/__init__.py +2 -1
- souleyez/ui/ai_quotes.py +1 -1
- souleyez/ui/attack_surface.py +50 -28
- souleyez/ui/chain_rules_view.py +6 -3
- souleyez/ui/correlation_view.py +3 -2
- souleyez/ui/dashboard.py +85 -139
- souleyez/ui/deliverables_view.py +1 -1
- souleyez/ui/design_system.py +5 -3
- souleyez/ui/errors.py +3 -1
- souleyez/ui/evidence_linking_view.py +2 -1
- souleyez/ui/evidence_vault.py +11 -6
- souleyez/ui/exploit_suggestions_view.py +11 -7
- souleyez/ui/export_view.py +3 -1
- souleyez/ui/gap_analysis_view.py +6 -3
- souleyez/ui/help_system.py +4 -1
- souleyez/ui/intelligence_view.py +7 -3
- souleyez/ui/interactive.py +1280 -558
- souleyez/ui/interactive_selector.py +3 -2
- souleyez/ui/log_formatter.py +1 -0
- souleyez/ui/menu_components.py +3 -1
- souleyez/ui/msf_auxiliary_menu.py +4 -1
- souleyez/ui/pending_chains_view.py +15 -12
- souleyez/ui/progress_indicators.py +5 -2
- souleyez/ui/recommendations_view.py +4 -2
- souleyez/ui/rule_builder.py +4 -1
- souleyez/ui/setup_wizard.py +10 -8
- souleyez/ui/shortcuts.py +1 -1
- souleyez/ui/splunk_gap_analysis_view.py +7 -4
- souleyez/ui/splunk_vulns_view.py +4 -1
- souleyez/ui/team_dashboard.py +7 -5
- souleyez/ui/template_selector.py +2 -1
- souleyez/ui/terminal.py +3 -2
- souleyez/ui/timeline_view.py +2 -1
- souleyez/ui/tool_setup.py +92 -31
- souleyez/ui/tutorial.py +7 -4
- souleyez/ui/tutorial_state.py +3 -2
- souleyez/ui/wazuh_vulns_view.py +5 -2
- souleyez/ui/wordlist_browser.py +4 -3
- souleyez/ui.py +13 -7
- souleyez/utils/tool_checker.py +61 -12
- souleyez/utils.py +4 -4
- souleyez/wordlists.py +1 -0
- {souleyez-3.0.0.dist-info → souleyez-3.0.7.dist-info}/METADATA +1 -1
- souleyez-3.0.7.dist-info/RECORD +445 -0
- souleyez-3.0.0.dist-info/RECORD +0 -443
- {souleyez-3.0.0.dist-info → souleyez-3.0.7.dist-info}/WHEEL +0 -0
- {souleyez-3.0.0.dist-info → souleyez-3.0.7.dist-info}/entry_points.txt +0 -0
- {souleyez-3.0.0.dist-info → souleyez-3.0.7.dist-info}/licenses/LICENSE +0 -0
- {souleyez-3.0.0.dist-info → souleyez-3.0.7.dist-info}/top_level.txt +0 -0
|
@@ -4,6 +4,7 @@ Nikto handler.
|
|
|
4
4
|
|
|
5
5
|
Consolidates parsing and display logic for nikto web scanner jobs.
|
|
6
6
|
"""
|
|
7
|
+
|
|
7
8
|
import logging
|
|
8
9
|
import os
|
|
9
10
|
import re
|
|
@@ -45,8 +46,8 @@ class NiktoHandler(BaseToolHandler):
|
|
|
45
46
|
Extracts web server issues and stores them as findings.
|
|
46
47
|
"""
|
|
47
48
|
try:
|
|
48
|
-
from souleyez.parsers.nikto_parser import parse_nikto_output
|
|
49
49
|
from souleyez.engine.result_handler import detect_tool_error
|
|
50
|
+
from souleyez.parsers.nikto_parser import parse_nikto_output
|
|
50
51
|
|
|
51
52
|
# Import managers if not provided
|
|
52
53
|
if host_manager is None:
|
|
@@ -4,6 +4,7 @@ Nmap handler.
|
|
|
4
4
|
|
|
5
5
|
Consolidates parsing and display logic for nmap and ARD (which uses nmap) jobs.
|
|
6
6
|
"""
|
|
7
|
+
|
|
7
8
|
import logging
|
|
8
9
|
import os
|
|
9
10
|
import re
|
|
@@ -70,9 +71,9 @@ class NmapHandler(BaseToolHandler):
|
|
|
70
71
|
Imports hosts/services into database and creates findings for CVEs.
|
|
71
72
|
"""
|
|
72
73
|
try:
|
|
73
|
-
from souleyez.parsers.nmap_parser import parse_nmap_log
|
|
74
74
|
from souleyez.core.cve_matcher import CVEMatcher
|
|
75
75
|
from souleyez.engine.result_handler import detect_tool_error
|
|
76
|
+
from souleyez.parsers.nmap_parser import parse_nmap_log
|
|
76
77
|
|
|
77
78
|
# Import managers if not provided
|
|
78
79
|
if host_manager is None:
|
|
@@ -4,6 +4,7 @@ Nuclei handler.
|
|
|
4
4
|
|
|
5
5
|
Consolidates parsing and display logic for nuclei vulnerability scanning jobs.
|
|
6
6
|
"""
|
|
7
|
+
|
|
7
8
|
import logging
|
|
8
9
|
import os
|
|
9
10
|
import re
|
|
@@ -48,8 +49,8 @@ class NucleiHandler(BaseToolHandler):
|
|
|
48
49
|
Extracts vulnerabilities and stores them as findings.
|
|
49
50
|
"""
|
|
50
51
|
try:
|
|
51
|
-
from souleyez.parsers.nuclei_parser import parse_nuclei
|
|
52
52
|
from souleyez.engine.result_handler import detect_tool_error
|
|
53
|
+
from souleyez.parsers.nuclei_parser import parse_nuclei
|
|
53
54
|
|
|
54
55
|
# Import managers if not provided
|
|
55
56
|
if host_manager is None:
|
souleyez/handlers/nxc_handler.py
CHANGED
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
Handler for NetExec (nxc) - successor to CrackMapExec.
|
|
4
4
|
Parses shares, credentials, and authentication results.
|
|
5
5
|
"""
|
|
6
|
+
|
|
6
7
|
import logging
|
|
7
8
|
import os
|
|
8
9
|
import re
|
|
@@ -259,17 +260,8 @@ class NxcHandler(BaseToolHandler):
|
|
|
259
260
|
if "WRITE" in perms:
|
|
260
261
|
writable_shares.append(share)
|
|
261
262
|
|
|
262
|
-
# Determine status
|
|
263
|
-
#
|
|
264
|
-
transient_errors = [
|
|
265
|
-
"NetBIOSTimeout",
|
|
266
|
-
"connection timed out",
|
|
267
|
-
"Connection reset",
|
|
268
|
-
]
|
|
269
|
-
has_transient_error = any(
|
|
270
|
-
err.lower() in log_content.lower() for err in transient_errors
|
|
271
|
-
)
|
|
272
|
-
|
|
263
|
+
# Determine status based on results found
|
|
264
|
+
# Retry logic is handled by background.py before parsing
|
|
273
265
|
if credentials:
|
|
274
266
|
status = STATUS_DONE
|
|
275
267
|
elif has_shell_access:
|
|
@@ -278,13 +270,6 @@ class NxcHandler(BaseToolHandler):
|
|
|
278
270
|
status = STATUS_WARNING # Expired creds need attention
|
|
279
271
|
elif shares:
|
|
280
272
|
status = STATUS_DONE
|
|
281
|
-
elif has_transient_error:
|
|
282
|
-
status = STATUS_WARNING # Transient error - may be retried
|
|
283
|
-
elif (
|
|
284
|
-
"STATUS_LOGON_FAILURE" in log_content
|
|
285
|
-
or "STATUS_ACCESS_DENIED" in log_content
|
|
286
|
-
):
|
|
287
|
-
status = STATUS_NO_RESULTS
|
|
288
273
|
else:
|
|
289
274
|
status = STATUS_NO_RESULTS
|
|
290
275
|
|
souleyez/handlers/registry.py
CHANGED
|
@@ -4,6 +4,7 @@ Service Explorer handler.
|
|
|
4
4
|
|
|
5
5
|
Consolidates parsing and display logic for Service Explorer jobs.
|
|
6
6
|
"""
|
|
7
|
+
|
|
7
8
|
import logging
|
|
8
9
|
import os
|
|
9
10
|
import re
|
|
@@ -45,8 +46,8 @@ class ServiceExplorerHandler(BaseToolHandler):
|
|
|
45
46
|
"""
|
|
46
47
|
try:
|
|
47
48
|
from souleyez.parsers.service_explorer_parser import (
|
|
48
|
-
parse_service_explorer_output,
|
|
49
49
|
extract_findings,
|
|
50
|
+
parse_service_explorer_output,
|
|
50
51
|
)
|
|
51
52
|
|
|
52
53
|
# Import managers if not provided
|
|
@@ -4,6 +4,7 @@ SMBMap handler.
|
|
|
4
4
|
|
|
5
5
|
Consolidates parsing and display logic for SMBMap SMB share enumeration jobs.
|
|
6
6
|
"""
|
|
7
|
+
|
|
7
8
|
import logging
|
|
8
9
|
import os
|
|
9
10
|
import re
|
|
@@ -44,12 +45,12 @@ class SMBMapHandler(BaseToolHandler):
|
|
|
44
45
|
Extracts SMB shares and stores them along with findings.
|
|
45
46
|
"""
|
|
46
47
|
try:
|
|
48
|
+
from souleyez.engine.result_handler import detect_tool_error
|
|
47
49
|
from souleyez.parsers.smbmap_parser import (
|
|
48
|
-
parse_smbmap_output,
|
|
49
50
|
extract_findings,
|
|
51
|
+
parse_smbmap_output,
|
|
50
52
|
)
|
|
51
53
|
from souleyez.storage.smb_shares import SMBSharesManager
|
|
52
|
-
from souleyez.engine.result_handler import detect_tool_error
|
|
53
54
|
|
|
54
55
|
# Import managers if not provided
|
|
55
56
|
if host_manager is None:
|
|
@@ -4,6 +4,7 @@ SQLMap handler.
|
|
|
4
4
|
|
|
5
5
|
Consolidates parsing and display logic for SQLMap SQL injection scanner jobs.
|
|
6
6
|
"""
|
|
7
|
+
|
|
7
8
|
import logging
|
|
8
9
|
import os
|
|
9
10
|
import re
|
|
@@ -45,13 +46,14 @@ class SQLMapHandler(BaseToolHandler):
|
|
|
45
46
|
Extracts SQL injection vulnerabilities, databases, tables, and dumped data.
|
|
46
47
|
"""
|
|
47
48
|
try:
|
|
49
|
+
import socket
|
|
50
|
+
|
|
51
|
+
from souleyez.engine.result_handler import detect_tool_error
|
|
48
52
|
from souleyez.parsers.sqlmap_parser import (
|
|
49
|
-
parse_sqlmap_output,
|
|
50
53
|
get_sqli_stats,
|
|
54
|
+
parse_sqlmap_output,
|
|
51
55
|
)
|
|
52
56
|
from souleyez.storage.sqlmap_data import SQLMapDataManager
|
|
53
|
-
from souleyez.engine.result_handler import detect_tool_error
|
|
54
|
-
import socket
|
|
55
57
|
|
|
56
58
|
# Import managers if not provided
|
|
57
59
|
if host_manager is None:
|
|
@@ -833,8 +835,8 @@ class SQLMapHandler(BaseToolHandler):
|
|
|
833
835
|
"""Display successful SQLMap results."""
|
|
834
836
|
try:
|
|
835
837
|
from souleyez.parsers.sqlmap_parser import (
|
|
836
|
-
parse_sqlmap_output,
|
|
837
838
|
get_sqli_stats,
|
|
839
|
+
parse_sqlmap_output,
|
|
838
840
|
)
|
|
839
841
|
|
|
840
842
|
if not log_path or not os.path.exists(log_path):
|
|
@@ -4,6 +4,7 @@ TheHarvester handler.
|
|
|
4
4
|
|
|
5
5
|
Consolidates parsing and display logic for theHarvester OSINT jobs.
|
|
6
6
|
"""
|
|
7
|
+
|
|
7
8
|
import logging
|
|
8
9
|
import os
|
|
9
10
|
import re
|
|
@@ -194,8 +195,8 @@ class TheHarvesterHandler(BaseToolHandler):
|
|
|
194
195
|
"""
|
|
195
196
|
try:
|
|
196
197
|
from souleyez.parsers.theharvester_parser import (
|
|
197
|
-
parse_theharvester_output,
|
|
198
198
|
get_osint_stats,
|
|
199
|
+
parse_theharvester_output,
|
|
199
200
|
)
|
|
200
201
|
|
|
201
202
|
# Import managers if not provided
|
|
@@ -4,6 +4,7 @@ WHOIS handler.
|
|
|
4
4
|
|
|
5
5
|
Consolidates parsing and display logic for WHOIS domain lookup jobs.
|
|
6
6
|
"""
|
|
7
|
+
|
|
7
8
|
import logging
|
|
8
9
|
import os
|
|
9
10
|
from typing import Any, Dict, Optional
|
|
@@ -44,9 +45,9 @@ class WhoisHandler(BaseToolHandler):
|
|
|
44
45
|
"""
|
|
45
46
|
try:
|
|
46
47
|
from souleyez.parsers.whois_parser import (
|
|
47
|
-
parse_whois_output,
|
|
48
|
-
map_to_osint_data,
|
|
49
48
|
extract_emails,
|
|
49
|
+
map_to_osint_data,
|
|
50
|
+
parse_whois_output,
|
|
50
51
|
)
|
|
51
52
|
from souleyez.storage.osint import OsintManager
|
|
52
53
|
|
|
@@ -4,6 +4,7 @@ WPScan handler.
|
|
|
4
4
|
|
|
5
5
|
Consolidates parsing and display logic for WPScan WordPress security scanner jobs.
|
|
6
6
|
"""
|
|
7
|
+
|
|
7
8
|
import logging
|
|
8
9
|
import os
|
|
9
10
|
import re
|
|
@@ -45,8 +46,8 @@ class WPScanHandler(BaseToolHandler):
|
|
|
45
46
|
Extracts WordPress vulnerabilities for plugins, themes, and core.
|
|
46
47
|
"""
|
|
47
48
|
try:
|
|
48
|
-
from souleyez.parsers.wpscan_parser import parse_wpscan_output
|
|
49
49
|
from souleyez.engine.result_handler import detect_tool_error
|
|
50
|
+
from souleyez.parsers.wpscan_parser import parse_wpscan_output
|
|
50
51
|
|
|
51
52
|
# Import managers if not provided
|
|
52
53
|
if host_manager is None:
|
souleyez/history.py
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
#!/usr/bin/env python3
|
|
2
|
-
from pathlib import Path
|
|
3
|
-
from .utils import HISTORY_FILE, ensure_dirs, read_json, write_json, timestamp_str
|
|
4
|
-
import json
|
|
5
2
|
import csv
|
|
3
|
+
import json
|
|
4
|
+
from pathlib import Path
|
|
5
|
+
|
|
6
|
+
from .utils import HISTORY_FILE, ensure_dirs, read_json, timestamp_str, write_json
|
|
6
7
|
|
|
7
8
|
# Export directory for JSON/CSV exports
|
|
8
9
|
EXPORT_DIR = Path.home() / ".souleyez" / "exports"
|
|
@@ -2,10 +2,12 @@
|
|
|
2
2
|
"""
|
|
3
3
|
souleyez.importers.msf_importer - Import data from Metasploit Framework exports
|
|
4
4
|
"""
|
|
5
|
-
|
|
5
|
+
|
|
6
6
|
from pathlib import Path
|
|
7
|
-
from typing import Dict, List, Optional
|
|
7
|
+
from typing import TYPE_CHECKING, Dict, List, Optional
|
|
8
|
+
|
|
8
9
|
import click
|
|
10
|
+
import defusedxml.ElementTree as ET
|
|
9
11
|
|
|
10
12
|
if TYPE_CHECKING:
|
|
11
13
|
from xml.etree.ElementTree import Element
|
|
@@ -19,9 +21,9 @@ class MSFImporter:
|
|
|
19
21
|
def __init__(self, engagement_id: int):
|
|
20
22
|
"""Initialize importer with engagement ID."""
|
|
21
23
|
self.engagement_id = engagement_id
|
|
22
|
-
from souleyez.storage.hosts import HostManager
|
|
23
24
|
from souleyez.storage.credentials import CredentialsManager
|
|
24
25
|
from souleyez.storage.findings import FindingsManager
|
|
26
|
+
from souleyez.storage.hosts import HostManager
|
|
25
27
|
|
|
26
28
|
self.hm = HostManager()
|
|
27
29
|
self.cm = CredentialsManager()
|
|
@@ -2,10 +2,12 @@
|
|
|
2
2
|
"""
|
|
3
3
|
souleyez.importers.smart_importer - Intelligent data import with type detection
|
|
4
4
|
"""
|
|
5
|
-
|
|
6
|
-
from typing import Dict, List, Any, Optional, Tuple
|
|
5
|
+
|
|
7
6
|
import json
|
|
8
7
|
import re
|
|
8
|
+
from typing import Any, Dict, List, Optional, Tuple
|
|
9
|
+
|
|
10
|
+
import defusedxml.ElementTree as ET
|
|
9
11
|
|
|
10
12
|
|
|
11
13
|
class SmartImporter:
|
|
@@ -189,9 +191,9 @@ class SmartImporter:
|
|
|
189
191
|
Returns:
|
|
190
192
|
Dict with counts of imported items per type
|
|
191
193
|
"""
|
|
192
|
-
from souleyez.storage.hosts import HostManager
|
|
193
|
-
from souleyez.storage.findings import FindingsManager
|
|
194
194
|
from souleyez.storage.credentials import CredentialsManager
|
|
195
|
+
from souleyez.storage.findings import FindingsManager
|
|
196
|
+
from souleyez.storage.hosts import HostManager
|
|
195
197
|
|
|
196
198
|
results = {
|
|
197
199
|
"hosts": 0,
|
|
@@ -21,17 +21,17 @@ Usage:
|
|
|
21
21
|
"""
|
|
22
22
|
|
|
23
23
|
from souleyez.integrations.siem.base import (
|
|
24
|
-
SIEMClient,
|
|
25
24
|
SIEMAlert,
|
|
26
|
-
|
|
25
|
+
SIEMClient,
|
|
27
26
|
SIEMConnectionStatus,
|
|
27
|
+
SIEMRule,
|
|
28
28
|
)
|
|
29
|
-
from souleyez.integrations.siem.wazuh import WazuhSIEMClient
|
|
30
|
-
from souleyez.integrations.siem.splunk import SplunkSIEMClient
|
|
31
29
|
from souleyez.integrations.siem.elastic import ElasticSIEMClient
|
|
32
|
-
from souleyez.integrations.siem.sentinel import SentinelSIEMClient
|
|
33
|
-
from souleyez.integrations.siem.googlesecops import GoogleSecOpsSIEMClient
|
|
34
30
|
from souleyez.integrations.siem.factory import SIEMFactory
|
|
31
|
+
from souleyez.integrations.siem.googlesecops import GoogleSecOpsSIEMClient
|
|
32
|
+
from souleyez.integrations.siem.sentinel import SentinelSIEMClient
|
|
33
|
+
from souleyez.integrations.siem.splunk import SplunkSIEMClient
|
|
34
|
+
from souleyez.integrations.siem.wazuh import WazuhSIEMClient
|
|
35
35
|
|
|
36
36
|
__all__ = [
|
|
37
37
|
# Base classes
|
|
@@ -8,7 +8,7 @@ multi-SIEM support (Wazuh, Splunk, Elastic SIEM, Microsoft Sentinel).
|
|
|
8
8
|
from abc import ABC, abstractmethod
|
|
9
9
|
from dataclasses import dataclass, field
|
|
10
10
|
from datetime import datetime
|
|
11
|
-
from typing import Dict, List,
|
|
11
|
+
from typing import Any, Dict, List, Optional
|
|
12
12
|
|
|
13
13
|
|
|
14
14
|
@dataclass
|
|
@@ -6,15 +6,15 @@ Uses the Elasticsearch and Kibana APIs for querying alerts and rules.
|
|
|
6
6
|
"""
|
|
7
7
|
|
|
8
8
|
from datetime import datetime
|
|
9
|
-
from typing import Dict, List, Optional
|
|
9
|
+
from typing import Any, Dict, List, Optional
|
|
10
10
|
|
|
11
11
|
import requests
|
|
12
12
|
|
|
13
13
|
from souleyez.integrations.siem.base import (
|
|
14
|
-
SIEMClient,
|
|
15
14
|
SIEMAlert,
|
|
16
|
-
|
|
15
|
+
SIEMClient,
|
|
17
16
|
SIEMConnectionStatus,
|
|
17
|
+
SIEMRule,
|
|
18
18
|
)
|
|
19
19
|
|
|
20
20
|
|
|
@@ -5,11 +5,10 @@ Creates SIEM clients based on configuration, providing a unified
|
|
|
5
5
|
interface for working with multiple SIEM platforms.
|
|
6
6
|
"""
|
|
7
7
|
|
|
8
|
-
from typing import Dict,
|
|
8
|
+
from typing import Any, Dict, List, Optional
|
|
9
9
|
|
|
10
10
|
from souleyez.integrations.siem.base import SIEMClient, SIEMConnectionStatus
|
|
11
11
|
|
|
12
|
-
|
|
13
12
|
# Registry of available SIEM types
|
|
14
13
|
# Ordered: Open Source first, then Commercial
|
|
15
14
|
SIEM_TYPES = ["wazuh", "elastic", "splunk", "sentinel", "google_secops"]
|
|
@@ -9,15 +9,15 @@ import base64
|
|
|
9
9
|
import json
|
|
10
10
|
import time
|
|
11
11
|
from datetime import datetime, timedelta
|
|
12
|
-
from typing import Dict, List, Optional
|
|
12
|
+
from typing import Any, Dict, List, Optional
|
|
13
13
|
|
|
14
14
|
import requests
|
|
15
15
|
|
|
16
16
|
from souleyez.integrations.siem.base import (
|
|
17
|
-
SIEMClient,
|
|
18
17
|
SIEMAlert,
|
|
19
|
-
|
|
18
|
+
SIEMClient,
|
|
20
19
|
SIEMConnectionStatus,
|
|
20
|
+
SIEMRule,
|
|
21
21
|
)
|
|
22
22
|
|
|
23
23
|
|
|
@@ -104,9 +104,9 @@ class GoogleSecOpsSIEMClient(SIEMClient):
|
|
|
104
104
|
Returns:
|
|
105
105
|
Signed JWT string
|
|
106
106
|
"""
|
|
107
|
+
from cryptography.hazmat.backends import default_backend
|
|
107
108
|
from cryptography.hazmat.primitives import hashes, serialization
|
|
108
109
|
from cryptography.hazmat.primitives.asymmetric import padding
|
|
109
|
-
from cryptography.hazmat.backends import default_backend
|
|
110
110
|
|
|
111
111
|
now = int(time.time())
|
|
112
112
|
expiry = now + 3600 # 1 hour
|
|
@@ -5,7 +5,7 @@ Maps attack types to Wazuh detection rule IDs and provides
|
|
|
5
5
|
rule metadata for detection validation and recommendations.
|
|
6
6
|
"""
|
|
7
7
|
|
|
8
|
-
from typing import Dict, List
|
|
8
|
+
from typing import Any, Dict, List
|
|
9
9
|
|
|
10
10
|
# Wazuh rule mappings by attack type
|
|
11
11
|
# These complement the attack_signatures.py definitions
|
|
@@ -6,15 +6,15 @@ Uses Azure REST APIs for querying alerts and analytics rules.
|
|
|
6
6
|
"""
|
|
7
7
|
|
|
8
8
|
from datetime import datetime, timedelta
|
|
9
|
-
from typing import Dict, List, Optional
|
|
9
|
+
from typing import Any, Dict, List, Optional
|
|
10
10
|
|
|
11
11
|
import requests
|
|
12
12
|
|
|
13
13
|
from souleyez.integrations.siem.base import (
|
|
14
|
-
SIEMClient,
|
|
15
14
|
SIEMAlert,
|
|
16
|
-
|
|
15
|
+
SIEMClient,
|
|
17
16
|
SIEMConnectionStatus,
|
|
17
|
+
SIEMRule,
|
|
18
18
|
)
|
|
19
19
|
|
|
20
20
|
|
|
@@ -7,16 +7,16 @@ Uses the Splunk REST API for querying alerts and search results.
|
|
|
7
7
|
|
|
8
8
|
import time
|
|
9
9
|
from datetime import datetime
|
|
10
|
-
from typing import Dict, List, Optional
|
|
10
|
+
from typing import Any, Dict, List, Optional
|
|
11
11
|
|
|
12
12
|
import requests
|
|
13
13
|
from requests.auth import HTTPBasicAuth
|
|
14
14
|
|
|
15
15
|
from souleyez.integrations.siem.base import (
|
|
16
|
-
SIEMClient,
|
|
17
16
|
SIEMAlert,
|
|
18
|
-
|
|
17
|
+
SIEMClient,
|
|
19
18
|
SIEMConnectionStatus,
|
|
19
|
+
SIEMRule,
|
|
20
20
|
)
|
|
21
21
|
|
|
22
22
|
|
|
@@ -6,17 +6,17 @@ for unified multi-SIEM detection validation.
|
|
|
6
6
|
"""
|
|
7
7
|
|
|
8
8
|
from datetime import datetime
|
|
9
|
-
from typing import Dict, List, Optional
|
|
9
|
+
from typing import Any, Dict, List, Optional
|
|
10
10
|
|
|
11
11
|
from souleyez.integrations.siem.base import (
|
|
12
|
-
SIEMClient,
|
|
13
12
|
SIEMAlert,
|
|
14
|
-
|
|
13
|
+
SIEMClient,
|
|
15
14
|
SIEMConnectionStatus,
|
|
15
|
+
SIEMRule,
|
|
16
16
|
)
|
|
17
17
|
from souleyez.integrations.siem.rule_mappings.wazuh_rules import (
|
|
18
|
-
get_wazuh_rules_for_attack,
|
|
19
18
|
WAZUH_ATTACK_RULES,
|
|
19
|
+
get_wazuh_rules_for_attack,
|
|
20
20
|
)
|
|
21
21
|
|
|
22
22
|
|
|
@@ -5,9 +5,10 @@ Connects to Wazuh Manager API (port 55000) for management operations
|
|
|
5
5
|
and Wazuh Indexer API (port 9200) for querying alerts.
|
|
6
6
|
"""
|
|
7
7
|
|
|
8
|
-
import requests
|
|
9
8
|
from datetime import datetime, timedelta
|
|
10
|
-
from typing import
|
|
9
|
+
from typing import Any, Dict, List, Optional
|
|
10
|
+
|
|
11
|
+
import requests
|
|
11
12
|
from urllib3.exceptions import InsecureRequestWarning
|
|
12
13
|
|
|
13
14
|
# Suppress SSL warnings for self-signed certs (common in Wazuh)
|
|
@@ -6,10 +6,11 @@ Supports multiple SIEM platforms: Wazuh, Splunk, Elastic, Sentinel.
|
|
|
6
6
|
"""
|
|
7
7
|
|
|
8
8
|
import json
|
|
9
|
-
from typing import Optional, Dict, Any, List
|
|
10
9
|
from pathlib import Path
|
|
11
|
-
from
|
|
10
|
+
from typing import Any, Dict, List, Optional
|
|
11
|
+
|
|
12
12
|
from souleyez.storage.crypto import get_crypto_manager
|
|
13
|
+
from souleyez.storage.database import get_db
|
|
13
14
|
|
|
14
15
|
# Supported SIEM types (Open Source first, then Commercial)
|
|
15
16
|
SIEM_TYPES = ["wazuh", "elastic", "splunk", "sentinel", "google_secops"]
|
|
@@ -4,9 +4,11 @@ souleyez.integrations.wazuh.host_mapper - Map Wazuh agents to SoulEyez hosts
|
|
|
4
4
|
|
|
5
5
|
Maps Wazuh agent IPs to SoulEyez hosts for vulnerability correlation.
|
|
6
6
|
"""
|
|
7
|
+
|
|
7
8
|
from typing import Dict, List, Optional, Tuple
|
|
8
|
-
|
|
9
|
+
|
|
9
10
|
from souleyez.log_config import get_logger
|
|
11
|
+
from souleyez.storage.database import get_db
|
|
10
12
|
|
|
11
13
|
logger = get_logger(__name__)
|
|
12
14
|
|
|
@@ -4,14 +4,17 @@ souleyez.integrations.wazuh.sync - Wazuh vulnerability sync
|
|
|
4
4
|
|
|
5
5
|
Syncs vulnerabilities from Wazuh to SoulEyez database.
|
|
6
6
|
"""
|
|
7
|
+
|
|
7
8
|
from dataclasses import dataclass, field
|
|
8
9
|
from datetime import datetime
|
|
9
10
|
from typing import List, Optional
|
|
11
|
+
|
|
10
12
|
from souleyez.log_config import get_logger
|
|
13
|
+
from souleyez.storage.wazuh_vulns import WazuhVulnsManager
|
|
14
|
+
|
|
11
15
|
from .client import WazuhClient
|
|
12
16
|
from .config import WazuhConfig
|
|
13
17
|
from .host_mapper import WazuhHostMapper
|
|
14
|
-
from souleyez.storage.wazuh_vulns import WazuhVulnsManager
|
|
15
18
|
|
|
16
19
|
logger = get_logger(__name__)
|
|
17
20
|
|
|
@@ -7,6 +7,6 @@ __all__ = [
|
|
|
7
7
|
"AttackSurfaceAnalyzer",
|
|
8
8
|
]
|
|
9
9
|
|
|
10
|
-
from souleyez.intelligence.service_parser import ServiceVersionExtractor
|
|
11
10
|
from souleyez.intelligence.exploit_knowledge import ExploitKnowledgeBase
|
|
12
11
|
from souleyez.intelligence.exploit_suggestions import ExploitSuggestionEngine
|
|
12
|
+
from souleyez.intelligence.service_parser import ServiceVersionExtractor
|
|
@@ -3,16 +3,17 @@
|
|
|
3
3
|
Correlation analyzer for tracking exploitation status.
|
|
4
4
|
Links services, findings, jobs, credentials, and evidence together.
|
|
5
5
|
"""
|
|
6
|
+
|
|
6
7
|
import json
|
|
7
8
|
from datetime import datetime, timedelta
|
|
8
|
-
from typing import Dict, List, Optional
|
|
9
9
|
from pathlib import Path
|
|
10
|
+
from typing import Dict, List, Optional
|
|
10
11
|
|
|
11
|
-
from souleyez.
|
|
12
|
-
from souleyez.storage.findings import FindingsManager
|
|
13
|
-
from souleyez.storage.credentials import CredentialsManager
|
|
14
|
-
from souleyez.engine.background import list_jobs, get_job
|
|
12
|
+
from souleyez.engine.background import get_job, list_jobs
|
|
15
13
|
from souleyez.intelligence.target_parser import TargetParser
|
|
14
|
+
from souleyez.storage.credentials import CredentialsManager
|
|
15
|
+
from souleyez.storage.findings import FindingsManager
|
|
16
|
+
from souleyez.storage.hosts import HostManager
|
|
16
17
|
|
|
17
18
|
|
|
18
19
|
class CorrelationAnalyzer:
|
|
@@ -3,13 +3,13 @@
|
|
|
3
3
|
Exploit knowledge base.
|
|
4
4
|
Maps services and versions to known vulnerabilities and MSF modules.
|
|
5
5
|
"""
|
|
6
|
-
|
|
6
|
+
|
|
7
|
+
import json
|
|
8
|
+
import os
|
|
7
9
|
import re
|
|
8
10
|
import subprocess
|
|
9
|
-
import json
|
|
10
11
|
import time
|
|
11
|
-
import
|
|
12
|
-
|
|
12
|
+
from typing import Dict, List, Optional
|
|
13
13
|
|
|
14
14
|
# Exploit database with known vulnerabilities
|
|
15
15
|
EXPLOIT_DATABASE = {
|