souleyez 3.0.0__py3-none-any.whl → 3.0.9__py3-none-any.whl

souleyez/parsers/nmap_parser.py

@@ -2,8 +2,9 @@
 """
 souleyez.parsers.nmap_parser - Parse nmap output into structured data
 """
+
 import re
-from typing import Dict, Any, List
+from typing import Any, Dict, List
 
 
 def parse_nmap_vuln_scripts(output: str) -> List[Dict[str, Any]]:
@@ -568,8 +569,18 @@ def parse_nmap_text(output: str) -> Dict[str, Any]:
                 # Fallback: If service is unknown but port is a common web port, assume HTTP
                 # This handles cases where nmap misidentifies or can't fingerprint web apps
                 # Common misidentifications: ppp (port 3000), upnp (port 8000), tcpwrapped
-                common_web_ports = [3000, 8080, 8000, 8888, 9090]
-                misidentified_services = ["unknown", "tcpwrapped", "ppp", "upnp", None]
+                # Note: nmap adds "?" suffix for uncertain matches (e.g., "ppp?")
+                # Port 11434 is Ollama API - runs HTTP but nmap often identifies as "unknown"
+                common_web_ports = [3000, 8080, 8000, 8888, 9090, 11434]
+                misidentified_services = [
+                    "unknown",
+                    "tcpwrapped",
+                    "ppp",
+                    "ppp?",
+                    "upnp",
+                    "upnp?",
+                    None,
+                ]
                 if (
                     service_name in misidentified_services or not service_name
                 ) and port in common_web_ports:

souleyez/parsers/nuclei_parser.py

@@ -2,10 +2,11 @@
 """
 souleyez.parsers.nuclei_parser - Parse Nuclei JSONL output
 """
+
 import json
-import tempfile
 import os
-from typing import Dict, Any
+import tempfile
+from typing import Any, Dict
 
 
 def parse_nuclei(log_path: str, target: str) -> Dict[str, Any]:

souleyez/parsers/responder_parser.py

@@ -2,6 +2,7 @@
 """
 Responder result parser - extracts captured credentials.
 """
+
 import re
 from pathlib import Path
 from typing import Dict, List

souleyez/parsers/searchsploit_parser.py

@@ -2,11 +2,12 @@
 """
 souleyez.parsers.searchsploit_parser - Parse SearchSploit JSON output
 """
-import json
+
 import csv
+import json
 import re
 from pathlib import Path
-from typing import Dict, Any, Optional
+from typing import Any, Dict, Optional
 
 
 def _load_exploitdb_csv() -> Dict[str, Dict[str, str]]:

souleyez/parsers/service_explorer_parser.py

@@ -4,6 +4,7 @@ souleyez.parsers.service_explorer_parser
 
 Parses Service Explorer JSON output into structured data for display and findings.
 """
+
 import json
 import re
 from typing import Any, Dict, List

souleyez/parsers/smbmap_parser.py

@@ -4,8 +4,9 @@ souleyez.parsers.smbmap_parser
 
 Parses smbmap SMB share enumeration output into structured data.
 """
+
 import re
-from typing import Dict, List, Any
+from typing import Any, Dict, List
 
 
 def parse_smbmap_output(output: str, target: str = "") -> Dict[str, Any]:

souleyez/parsers/sqlmap_parser.py

@@ -4,8 +4,9 @@ souleyez.parsers.sqlmap_parser
 
 Parses SQLMap SQL injection detection output into structured findings.
 """
+
 import re
-from typing import Dict, Any
+from typing import Any, Dict
 
 
 def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
@@ -181,6 +182,29 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
                     elif method == "POST" and effective_post_data:
                         result["injectable_post_data"] = effective_post_data
 
+                    # Look ahead for Type: lines to extract techniques
+                    techniques = []
+                    technique_str = None
+                    for m in range(j + 1, min(j + 20, len(lines))):
+                        type_line = lines[m].strip()
+                        if type_line.startswith("Type:"):
+                            tech_type = type_line.replace("Type:", "").strip()
+                            techniques.append(tech_type)
+                            if not technique_str:
+                                technique_str = tech_type
+                        elif type_line.startswith("---") and techniques:
+                            break  # End of technique block
+                        elif type_line.startswith("[") and techniques:
+                            break  # Hit next section
+
+                    # Determine technique string
+                    if len(techniques) > 1:
+                        technique_str = "multiple"
+                    elif techniques:
+                        technique_str = techniques[0]
+                    else:
+                        technique_str = "sqli"
+
                     # Add vulnerability entry
                     result["vulnerabilities"].append(
                         {
@@ -190,6 +214,8 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
                             "injectable": True,
                             "severity": "critical",
                             "description": f"Parameter '{param}' is vulnerable to SQL injection (resumed from session)",
+                            "technique": technique_str,
+                            "dbms": "Unknown",  # Will be updated later if found
                         }
                     )
 
@@ -199,7 +225,7 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
                         "parameter": param,
                         "method": method,
                         "post_data": effective_post_data,
-                        "techniques": [],
+                        "techniques": techniques,
                     }
                     if not any(
                         ip["url"] == injection_point["url"]
@@ -498,6 +524,8 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
                         "injectable": True,
                         "severity": "critical",
                         "description": f"Parameter '{param}' is vulnerable to SQL injection",
+                        "technique": "sqli",
+                        "dbms": result.get("dbms", "Unknown"),
                     }
                 )
 
@@ -829,6 +857,12 @@ def parse_sqlmap_output(output: str, target: str = "") -> Dict[str, Any]:
         if best["post_data"]:
             result["injectable_post_data"] = best["post_data"]
 
+    # POST-PROCESSING: Update vulnerabilities with actual DBMS if it was parsed later
+    if result.get("dbms"):
+        for vuln in result["vulnerabilities"]:
+            if vuln.get("dbms") == "Unknown" or vuln.get("dbms") is None:
+                vuln["dbms"] = result["dbms"]
+
     return result
 
 

souleyez/parsers/theharvester_parser.py

@@ -4,8 +4,9 @@ souleyez.parsers.theharvester_parser
 
 Parses theHarvester OSINT output into structured data.
 """
+
 import re
-from typing import Dict, Any
+from typing import Any, Dict
 
 
 def parse_theharvester_output(output: str, target: str = "") -> Dict[str, Any]:

souleyez/parsers/whois_parser.py

@@ -4,8 +4,9 @@ souleyez.parsers.whois_parser
 
 Parses WHOIS domain information output into structured OSINT data.
 """
+
 import re
-from typing import Dict, List, Any
+from typing import Any, Dict, List
 
 
 def parse_whois_output(output: str, target: str = "") -> Dict[str, Any]:

souleyez/parsers/wpscan_parser.py

@@ -4,9 +4,10 @@ souleyez.parsers.wpscan_parser
 
 Parses WPScan WordPress vulnerability scan output into structured findings.
 """
-import re
+
 import json
-from typing import Dict, List, Any, Optional
+import re
+from typing import Any, Dict, List, Optional
 
 
 def parse_wpscan_output(output: str, target: str = "") -> Dict[str, Any]:

souleyez/plugins/afp.py

@@ -5,12 +5,14 @@ souleyez.plugins.afp
 AFP (Apple Filing Protocol) enumeration plugin.
 Discovers AFP shares on macOS systems.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "AFP — Apple File Sharing Enumeration",

souleyez/plugins/afp_brute.py

@@ -5,12 +5,14 @@ souleyez.plugins.afp_brute
 AFP brute force plugin using Hydra.
 Attacks AFP file sharing on macOS systems.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "AFP Brute — Apple File Sharing Attack",

souleyez/plugins/ard.py

@@ -5,12 +5,14 @@ souleyez.plugins.ard
 ARD/VNC (Apple Remote Desktop) enumeration plugin.
 Discovers VNC/ARD services on macOS systems.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "ARD — Apple Remote Desktop/VNC Enumeration",

souleyez/plugins/bloodhound.py

@@ -2,10 +2,11 @@
 """
 Bloodhound plugin - Active Directory attack path mapping.
 """
-import subprocess
+
 import json
-from pathlib import Path
+import subprocess
 from datetime import datetime
+from pathlib import Path
 
 HELP = {
     "name": "Bloodhound - Active Directory Attack Path Mapping",

souleyez/plugins/certipy.py

@@ -2,6 +2,7 @@
 """
 souleyez.plugins.certipy - Active Directory Certificate Services (ADCS) enumeration
 """
+
 import subprocess
 import time
 from typing import List

souleyez/plugins/crackmapexec.py

@@ -4,12 +4,14 @@ souleyez.plugins.crackmapexec - Swiss army knife for Windows/AD pentesting
 
 Note: Uses NetExec (netexec/nxc), the successor to CrackMapExec
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "CrackMapExec (CME) - Windows/AD Pentesting Tool",
@@ -248,6 +250,8 @@ class CrackMapExecPlugin(PluginBase):
         elif protocol not in args:
             cmd.extend(["--shares"])
 
+        # For anonymous enumeration, use null session with empty domain
+        # netexec 1.5.0 requires -d '' for proper null session (1.4.0 didn't need it)
         has_creds = any(arg in cmd for arg in ["-u", "--username", "-p", "--password"])
         has_enum = any(
             arg in cmd
@@ -267,6 +271,8 @@ class CrackMapExecPlugin(PluginBase):
             cmd.insert(insert_pos + 1, "")
             cmd.insert(insert_pos + 2, "-p")
             cmd.insert(insert_pos + 3, "")
+            cmd.insert(insert_pos + 4, "-d")
+            cmd.insert(insert_pos + 5, "")
 
         return {"cmd": cmd, "timeout": 1800}
 
@@ -341,8 +347,8 @@ class CrackMapExecPlugin(PluginBase):
             # No protocol specified in args, add default behavior
             cmd.extend(["--shares"])
 
-        # Auto-add null credentials for unauthenticated enumeration if no creds specified
-        # Check if -u or --username already in command
+        # For anonymous enumeration, use null session with empty domain
+        # netexec 1.5.0 requires -d '' for proper null session (1.4.0 didn't need it)
         has_creds = any(arg in cmd for arg in ["-u", "--username", "-p", "--password"])
         has_enum = any(
             arg in cmd
@@ -357,15 +363,13 @@ class CrackMapExecPlugin(PluginBase):
         )
 
         if has_enum and not has_creds:
-            # Add null session credentials after ALL targets but before flags
-            # Position: 1 (netexec) + 1 (protocol) + len(target_list)
-            # Example: ['netexec', 'smb', '10.0.0.14', '10.0.0.82', '--shares']
-            # Insert at position 4: ['netexec', 'smb', '10.0.0.14', '10.0.0.82', '-u', '', '-p', '', '--shares']
             insert_pos = 2 + len(target_list)
             cmd.insert(insert_pos, "-u")
             cmd.insert(insert_pos + 1, "")
             cmd.insert(insert_pos + 2, "-p")
             cmd.insert(insert_pos + 3, "")
+            cmd.insert(insert_pos + 4, "-d")
+            cmd.insert(insert_pos + 5, "")
 
         if not log_path:
             try:

souleyez/plugins/dalfox.py

@@ -2,14 +2,17 @@
 """
 souleyez.plugins.dalfox - XSS vulnerability scanner
 """
+
 from __future__ import annotations
+
+import json
 import subprocess
 import time
-import json
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_url
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_url, ValidationError
 
 HELP = {
     "name": "Dalfox - XSS Vulnerability Scanner",

souleyez/plugins/dns_hijack.py

@@ -5,12 +5,14 @@ souleyez.plugins.dns_hijack
 DNS hijacking detection plugin.
 Checks if a router is performing DNS hijacking/redirection.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "DNS Hijack — DNS Manipulation Detection",

souleyez/plugins/dnsrecon.py

@@ -4,12 +4,14 @@ souleyez.plugins.dnsrecon
 
 DNSRecon DNS enumeration and reconnaissance plugin.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "DNSRecon — DNS Enumeration Tool",

souleyez/plugins/enum4linux.py

@@ -4,12 +4,14 @@ souleyez.plugins.enum4linux
 
 Enum4linux SMB enumeration plugin with unified interface.
 """
+
 import subprocess
 import time
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "enum4linux (SMB Enumeration)",

souleyez/plugins/evil_winrm.py

@@ -4,6 +4,7 @@ souleyez.plugins.evil_winrm
 
 Evil-WinRM - Windows Remote Management Shell plugin.
 """
+
 import subprocess
 import time
 from typing import List

souleyez/plugins/ffuf.py

@@ -2,11 +2,13 @@
 """
 souleyez.plugins.ffuf - Fast web fuzzer
 """
+
 import subprocess
 from typing import List
 
+from souleyez.security.validation import ValidationError, validate_url
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_url, ValidationError
 
 HELP = {
     "name": "ffuf - Fast Web Fuzzer",

souleyez/plugins/firmware_extract.py

@@ -5,10 +5,11 @@ souleyez.plugins.firmware_extract
 Firmware extraction and analysis plugin using binwalk.
 Extracts and analyzes router firmware images.
 """
-import subprocess
+
+import os
 import shutil
+import subprocess
 import time
-import os
 from typing import List
 
 from .plugin_base import PluginBase

souleyez/plugins/gobuster.py

@@ -2,18 +2,21 @@
 """
 souleyez.plugins.gobuster
 """
+
 from __future__ import annotations
+
+import re
 import subprocess
 import time
-import re
 import uuid
-from typing import List, Dict, Optional
+from typing import Dict, List, Optional
 from urllib.parse import urlparse
 
 import requests
 
+from souleyez.security.validation import ValidationError, validate_url
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_url, ValidationError
 
 HELP = {
     "name": "Gobuster — Directory, File & DNS/VHost Brute-Force Tool",

souleyez/plugins/gpp_extract.py

@@ -4,6 +4,7 @@ GPP (Group Policy Preferences) credential extraction plugin.
 
 Downloads GPP XML files from SMB shares and extracts/decrypts cPassword values.
 """
+
 import os
 import re
 import subprocess

souleyez/plugins/hashcat.py

@@ -4,9 +4,10 @@ souleyez.plugins.hashcat
 
 Hashcat password cracking plugin.
 """
+
+import os
 import subprocess
 import time
-import os
 from typing import List
 
 from .plugin_base import PluginBase

souleyez/plugins/http_fingerprint.py

@@ -339,7 +339,8 @@ class HttpFingerprintPlugin(PluginBase):
         try:
             # Use thread-based hard timeout to prevent indefinite hangs
             # urllib timeouts don't always work if server accepts connection but stalls
-            from concurrent.futures import ThreadPoolExecutor, TimeoutError as FuturesTimeout
+            from concurrent.futures import ThreadPoolExecutor
+            from concurrent.futures import TimeoutError as FuturesTimeout
 
             hard_timeout = timeout * 3  # 30 seconds max for entire probe operation
 
@@ -446,7 +447,9 @@ class HttpFingerprintPlugin(PluginBase):
         host = parsed.hostname
         port = parsed.port or (443 if parsed.scheme == "https" else 80)
         try:
-            with socket.create_connection((host, port), timeout=min(timeout, 5)) as sock:
+            with socket.create_connection(
+                (host, port), timeout=min(timeout, 5)
+            ) as sock:
                 pass  # Just checking if we can connect
         except (socket.timeout, socket.error, OSError) as e:
             # Port not responding - return error result immediately
@@ -1080,9 +1083,60 @@ class HttpFingerprintPlugin(PluginBase):
         # Track CMS detections to avoid duplicates
         cms_detected = {}
 
+        # CMS-specific content markers to verify detection (prevents SPA false positives)
+        cms_content_markers = {
+            "WordPress": [
+                b"wp-login",
+                b"wp-includes",
+                b"wp-content",
+                b"wordpress",
+                b"wlwmanifest",
+                b"xmlrpc.php",
+            ],
+            "Joomla": [b"joomla", b"com_content", b"/administrator/"],
+            "Drupal": [b"drupal", b"sites/default", b"sites/all"],
+            "TYPO3": [b"typo3", b"typo3conf"],
+            "Sitecore": [b"sitecore"],
+        }
+
         for path, category, subtype in paths_to_check:
             try:
                 url = base.rstrip("/") + path
+
+                # For CMS detection, use GET to verify content (prevents SPA false positives)
+                # SPAs return 200 for all routes but with same content
+                if category == "cms":
+                    req = urllib.request.Request(
+                        url,
+                        method="GET",
+                        headers={
+                            "User-Agent": "Mozilla/5.0 (compatible; SoulEyez/1.0)"
+                        },
+                    )
+                    try:
+                        with urllib.request.urlopen(
+                            req, timeout=timeout, context=ctx
+                        ) as response:
+                            status = response.getcode()
+                            # Read first 4KB to check for CMS markers
+                            content = response.read(4096).lower()
+                    except urllib.error.HTTPError as e:
+                        status = e.code
+                        content = b""
+
+                    # Verify response contains CMS-specific content
+                    if status in (200, 301, 302, 401, 403):
+                        markers = cms_content_markers.get(subtype, [])
+                        has_cms_content = any(marker in content for marker in markers)
+                        if has_cms_content:
+                            if subtype not in cms_detected:
+                                cms_detected[subtype] = []
+                            cms_detected[subtype].append(
+                                {"path": path, "status": status}
+                            )
+                    continue
+
+                # For admin/API detection, HEAD is fine (just checking existence)
                 req = urllib.request.Request(
                     url,
                     method="HEAD",
@@ -1099,11 +1153,7 @@ class HttpFingerprintPlugin(PluginBase):
 
                 # Consider 2xx, 3xx, 401, 403 as "exists"
                 if status in (200, 201, 204, 301, 302, 303, 307, 308, 401, 403):
-                    if category == "cms":
-                        if subtype not in cms_detected:
-                            cms_detected[subtype] = []
-                        cms_detected[subtype].append({"path": path, "status": status})
-                    elif category == "admin":
+                    if category == "admin":
                         result["admin_panels"].append(
                             {
                                 "path": path,

souleyez/plugins/hydra.py

@@ -4,13 +4,15 @@ souleyez.plugins.hydra
 
 Hydra network login brute-forcer plugin.
 """
+
 import subprocess
 import time
 from typing import List
 from urllib.parse import urlparse
 
+from souleyez.security.validation import ValidationError, validate_target
+
 from .plugin_base import PluginBase
-from souleyez.security.validation import validate_target, ValidationError
 
 HELP = {
     "name": "Hydra — Network Login Brute-Forcer",
@@ -840,8 +842,8 @@ class HydraPlugin(PluginBase):
             return None
 
         # If multiple targets, create a temporary file and use -M flag
-        import tempfile
         import os
+        import tempfile
 
         # Hydra syntax: hydra [OPTIONS] target service [SERVICE-OPTIONS]
         # Need to split args into: global options, service type, and service options
@@ -983,8 +985,8 @@ class HydraPlugin(PluginBase):
             raise ValueError(f"Invalid target: {e}")
 
         # If multiple targets, create a temporary file and use -M flag
-        import tempfile
         import os
+        import tempfile
 
         if len(validated_targets) > 1:
             # Create temp file with targets