From 40b8c93ef89c9a837685c62092b823fbad556cea Mon Sep 17 00:00:00 2001
From: Matt Andreko <mandreko@gmail.com>
Date: Fri, 30 Nov 2012 09:30:11 -0500
Subject: [PATCH 1/3] Added HSTS scanner for HTTPS sites

---
 modules/auxiliary/scanner/http/http_hsts.rb | 45 +++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 modules/auxiliary/scanner/http/http_hsts.rb

diff --git a/modules/auxiliary/scanner/http/http_hsts.rb b/modules/auxiliary/scanner/http/http_hsts.rb
new file mode 100644
index 0000000000..7f402dc578
--- /dev/null
+++ b/modules/auxiliary/scanner/http/http_hsts.rb
@@ -0,0 +1,45 @@
+require 'rex/proto/http'
+require 'msf/core'
+
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Exploit::Remote::HttpClient
+	include Msf::Auxiliary::Scanner
+
+	def initialize
+		super(
+			'Name'        => 'HTTP HSTS Detection',
+			'Version'     => '$Revision$',
+			'Description' => 'Display HTTP Strict Transport Security (HSTS) information about each system.',
+			'Author'      => 'Matt "hostess" Andreko <mandreko@accuvant.com>',
+			'License'     => MSF_LICENSE
+		)
+
+		register_options([
+				OptBool.new('SSL', [ true, "Negotiate SSL for outgoing connections", true]),
+				OptInt.new('RPORT', [true, "The target port", 443]),
+			])
+	end
+
+	def run_host(ip)
+		begin
+			connect
+
+			res = send_request_cgi({
+				'uri'	=>	'/',
+				'method'	=>	'GET',
+				}, 25)
+			return if not res
+
+			if res.headers['Strict-Transport-Security']
+				print_good("#{ip}:#{rport} Strict-Transport-Security:#{res.headers['Strict-Transport-Security']}")
+			else
+				print_error("#{ip}:#{rport} No HSTS found.")
+			end
+
+		rescue ::Timeout::Error, ::Errno::EPIPE
+		end
+	end
+
+end

From a73d8792ee6f2d0a158ab55b4832dc180d6f7b5f Mon Sep 17 00:00:00 2001
From: Matt Andreko <mandreko@gmail.com>
Date: Fri, 30 Nov 2012 13:57:25 -0500
Subject: [PATCH 2/3] Changed RPORT definition per egypt

---
 modules/auxiliary/scanner/http/http_hsts.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/auxiliary/scanner/http/http_hsts.rb b/modules/auxiliary/scanner/http/http_hsts.rb
index 7f402dc578..7c71ebe7df 100644
--- a/modules/auxiliary/scanner/http/http_hsts.rb
+++ b/modules/auxiliary/scanner/http/http_hsts.rb
@@ -18,7 +18,7 @@ class Metasploit3 < Msf::Auxiliary
 
 		register_options([
 				OptBool.new('SSL', [ true, "Negotiate SSL for outgoing connections", true]),
-				OptInt.new('RPORT', [true, "The target port", 443]),
+				Opt::RPORT(443)
 			])
 	end
 

From 61a74bf257947a911a89deb9f211cd691dabd95a Mon Sep 17 00:00:00 2001
From: sinn3r <msfsinn3r@gmail.com>
Date: Fri, 30 Nov 2012 14:24:27 -0600
Subject: [PATCH 3/3] Minor changes here and there

Changes include:
* Some corrections in metadata
* report_note()
* Removes connect(), usually don't need it in modules
---
 modules/auxiliary/scanner/http/http_hsts.rb | 43 +++++++++++++--------
 1 file changed, 27 insertions(+), 16 deletions(-)

diff --git a/modules/auxiliary/scanner/http/http_hsts.rb b/modules/auxiliary/scanner/http/http_hsts.rb
index 7c71ebe7df..9eddcfd390 100644
--- a/modules/auxiliary/scanner/http/http_hsts.rb
+++ b/modules/auxiliary/scanner/http/http_hsts.rb
@@ -1,20 +1,26 @@
-require 'rex/proto/http'
-require 'msf/core'
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+#   http://metasploit.com/framework/
+##
 
+require 'msf/core'
 
 class Metasploit3 < Msf::Auxiliary
 
 	include Msf::Exploit::Remote::HttpClient
 	include Msf::Auxiliary::Scanner
 
-	def initialize
-		super(
-			'Name'        => 'HTTP HSTS Detection',
-			'Version'     => '$Revision$',
-			'Description' => 'Display HTTP Strict Transport Security (HSTS) information about each system.',
-			'Author'      => 'Matt "hostess" Andreko <mandreko@accuvant.com>',
+	def initialize(info={})
+		super(update_info(info,
+			'Name'        => 'HTTP Strict Transport Security (HSTS) Detection',
+			'Description' => %q{
+				Display HTTP Strict Transport Security (HSTS) information about each system.
+			},
+			'Author'      => 'Matt "hostess" Andreko <mandreko[at]accuvant.com>',
 			'License'     => MSF_LICENSE
-		)
+		))
 
 		register_options([
 				OptBool.new('SSL', [ true, "Negotiate SSL for outgoing connections", true]),
@@ -24,16 +30,21 @@ class Metasploit3 < Msf::Auxiliary
 
 	def run_host(ip)
 		begin
-			connect
-
 			res = send_request_cgi({
-				'uri'	=>	'/',
-				'method'	=>	'GET',
+				'uri'    => '/',
+				'method' => 'GET',
 				}, 25)
-			return if not res
 
-			if res.headers['Strict-Transport-Security']
-				print_good("#{ip}:#{rport} Strict-Transport-Security:#{res.headers['Strict-Transport-Security']}")
+			hsts = res.headers['Strict-Transport-Security']
+
+			if res and hsts
+				print_good("#{ip}:#{rport} - Strict-Transport-Security:#{hsts}")
+				report_note({
+					:data => hsts,
+					:type => "hsts_data",
+					:host => ip,
+					:port => rport
+				})
 			else
 				print_error("#{ip}:#{rport} No HSTS found.")
 			end