Metasploit-framework: msftidy errors on master
Currently we have some errors and infos on the master branch when running msftidy
[firefart@linux metasploit-framework]$ ./tools/dev/msftidy.rb modules/
modules/exploits/firefox/local/exec_shellcode.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/linux/http/dlink_dcs_930l_authenticated_remote_command_execution.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/linux/http/efw_chpasswd_exec.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/linux/http/foreman_openstack_satellite_code_exec.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/linux/http/nginx_chunked_size.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/linux/http/tp_link_sc2020n_authenticated_telnet_injection.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/linux/http/tr064_ntpserver_cmdinject.rb - [INFO] Please use vars_get in send_request_cgi: send_request_cgi({ 'uri' => '/globe' # TODO: Check this? Why not /UD/act?1
modules/exploits/linux/http/trueonline_p660hn_v2_rce.rb - [INFO] Please use vars_get in send_request_cgi: send_request_cgi({ 'uri' => '/cgi-bin/index.asp?' + Rex::Text.encode_base64("#{datastore['USERNAME']
modules/exploits/linux/local/hp_smhstart.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/linux/local/service_persistence.rb:209 - [ERROR] Writes to stdout
modules/exploits/linux/local/service_persistence.rb:211 - [ERROR] Writes to stdout
modules/exploits/linux/local/service_persistence.rb:215 - [ERROR] Writes to stdout
modules/exploits/linux/local/vmware_mount.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/multi/http/movabletype_upgrade_exec.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/multi/http/uptime_file_upload_2.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/multi/http/zpanel_information_disclosure_rce.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/unix/webapp/spip_connect_exec.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/unix/webapp/wp_optimizepress_upload.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/windows/ftp/wing_ftp_admin_exec.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/windows/http/novell_mdm_lfi.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/exploits/windows/local/run_as.rb - [INFO] No Rank specified. The default is NormalRanking. Please add an explicit Rank value.
modules/payloads/stagers/python/reverse_tcp_ssl.rb - [INFO] Invalid URL: # This module requires Metasploit: http//metasploit.com
Looks like there are also false positives so msftidy might need some tweaking
FireFart
All 15 comments
"Now I am become regex, the destroyer of parsers." - msftidy
wvu-r7
on 7 Feb 2017
👍3
the service_persistence ones I wrote, and its a false positive. See https://github.com/rapid7/metasploit-framework/pull/7012#issuecomment-227916946
h00die
on 7 Feb 2017
wvu Oppenheimer. Best quote ever.
On Feb 6, 2017 7:56 PM, "wvu-r7" notifications@github.com wrote:
"Now I am become regex, the destroyer of parsers." - msftidy
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/rapid7/metasploit-framework/issues/7923#issuecomment-277853686,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AWEvg4R9xEQukWyPxnqvlgoj0mxRT4iOks5rZ7MTgaJpZM4L4zJW
.
Nobody83
on 7 Feb 2017
In case the joke was lost, msftidy is a complicated mess of regex trying to "parse" Ruby.
wvu-r7
on 7 Feb 2017
Note, some of these may be trivial fixes, some may need more help. Each error would probably be a separate fix. If in doubt, ask :)
busterb
on 6 Mar 2017
I have solved the INFO message:-
modules/payloads/stagers/python/reverse_tcp_ssl.rb - [INFO] Invalid URL: # This module requires Metasploit: http//metasploit.com
Should I issue a PR?
itsmeroy2012
on 7 Mar 2017
sure - be sure it's from a topic branch as we discussed as well :)
busterb
on 7 Mar 2017
But there isn't any topic branch here. Could you guide me how to issue the pull request to a topic branch?
itsmeroy2012
on 7 Mar 2017
@itsmeroy2012
git checkout master
git checkout -b topic-branch
git commit -m "fix issue"
git push itsmeroy2012 topic-branch
timwr
on 8 Mar 2017
Regarding the unranked exploits? On what basis are they supposed to be ranked?
itsmeroy2012
on 11 Mar 2017
h00die
on 11 Mar 2017
@itsmeroy2012: When you have a question, are you doing a web search for the answer, or are you asking us first?
wvu-r7
on 12 Mar 2017
I do both. But I generally prefer asking you all first.
itsmeroy2012
on 12 Mar 2017
Current output (looks like one more module with errors was added):
modules/auxiliary/admin/http/netgear_wnr2000_pass_recovery.rb - [INFO] Please use vars_get in send_request_cgi: send_request_cgi({ 'uri' => '/apply_noauth.cgi?/unauth.cgi'
modules/auxiliary/admin/http/netgear_wnr2000_pass_recovery.rb - [INFO] Please use vars_get in send_request_cgi: send_request_cgi({ 'uri' => '/apply_noauth.cgi?/securityquestions.cgi'
modules/auxiliary/scanner/http/epmp1000_cmd_exec.rb:153 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: res.headers['Set-Cookie'].include?('sysauth')
modules/auxiliary/scanner/http/epmp1000_cmd_exec.rb:157 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
modules/auxiliary/scanner/http/epmp1000_cmd_exec.rb:185 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: res.headers['Set-Cookie'].include?('stok=')
modules/auxiliary/scanner/http/epmp1000_cmd_exec.rb:199 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: get_stok = res.headers['Set-Cookie'].match(/stok=(.*)/)
modules/auxiliary/scanner/http/epmp1000_cmd_exec.rb:202 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
modules/auxiliary/scanner/http/epmp1000_dump_config.rb:146 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: res.headers['Set-Cookie'].include?('sysauth')
modules/auxiliary/scanner/http/epmp1000_dump_config.rb:150 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
modules/auxiliary/scanner/http/epmp1000_dump_config.rb:177 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: res.headers['Set-Cookie'].include?('stok=')
modules/auxiliary/scanner/http/epmp1000_dump_config.rb:191 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: get_stok = res.headers['Set-Cookie'].match(/stok=(.*)/)
modules/auxiliary/scanner/http/epmp1000_dump_config.rb:194 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
modules/auxiliary/scanner/http/epmp1000_dump_hashes.rb:152 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: res.headers['Set-Cookie'].include?('sysauth')
modules/auxiliary/scanner/http/epmp1000_dump_hashes.rb:156 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
modules/auxiliary/scanner/http/epmp1000_dump_hashes.rb:184 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: res.headers['Set-Cookie'].include?('stok=')
modules/auxiliary/scanner/http/epmp1000_dump_hashes.rb:198 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: get_stok = res.headers['Set-Cookie'].match(/stok=(.*)/)
modules/auxiliary/scanner/http/epmp1000_dump_hashes.rb:201 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
modules/auxiliary/scanner/http/epmp1000_web_login.rb:142 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: res.headers['Set-Cookie'].include?('sysauth')
modules/auxiliary/scanner/http/epmp1000_web_login.rb:146 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
modules/auxiliary/scanner/http/epmp1000_web_login.rb:173 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: res.headers['Set-Cookie'].include?('stok=')
All of these issues are fixed now. Let's just open new PRs for any new ones found. Thanks @FireFart
busterb
on 29 Aug 2017
Was this page helpful?
0 / 5 - 0 ratings
Related issues
Acidical
·
3Comments
ejholmes
·
3Comments
XSecr3t
·
3Comments
BaconBombz
·
3Comments
wvu-r7
·
3Comments
Most helpful comment
"Now I am become regex, the destroyer of parsers." -
msftidy