diff --git a/modules/auxiliary/admin/officescan/tmlisten_traversal.rb b/modules/auxiliary/admin/officescan/tmlisten_traversal.rb index 46da0d97fd..edc05e66b0 100644 --- a/modules/auxiliary/admin/officescan/tmlisten_traversal.rb +++ b/modules/auxiliary/admin/officescan/tmlisten_traversal.rb @@ -51,6 +51,11 @@ class Metasploit3 < Msf::Auxiliary 'method' => 'GET', }, 20) + if not res + print_error("No response from server") + return + end + http_fingerprint({ :response => res }) if (res.code >= 200) diff --git a/modules/auxiliary/dos/http/sonicwall_ssl_format.rb b/modules/auxiliary/dos/http/sonicwall_ssl_format.rb index 49d141a235..7cbe47c42a 100644 --- a/modules/auxiliary/dos/http/sonicwall_ssl_format.rb +++ b/modules/auxiliary/dos/http/sonicwall_ssl_format.rb @@ -58,7 +58,7 @@ class Metasploit3 < Msf::Auxiliary 'uri' => datastore['URI'] + fmt, }) - if res.code == 200 + if res and res.code == 200 res.body.scan(/\(.+)XX/ism) print_status("Information leaked: #{$1}") end diff --git a/modules/auxiliary/scanner/http/ektron_cms400net.rb b/modules/auxiliary/scanner/http/ektron_cms400net.rb index 9ed7d41267..4f9c0c22d1 100644 --- a/modules/auxiliary/scanner/http/ektron_cms400net.rb +++ b/modules/auxiliary/scanner/http/ektron_cms400net.rb @@ -67,7 +67,7 @@ class Metasploit3 < Msf::Auxiliary #Check for HTTP 200 response. #Numerous versions and configs make if difficult to further fingerprint. - if (res.code == 200) + if (res and res.code == 200) print_status("Ektron CMS400.NET install found at #{target_url} [HTTP 200]") #Gather __VIEWSTATE and __EVENTVALIDATION from HTTP response. diff --git a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb index 51accf67d5..526adfc1c5 100644 --- a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb +++ b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb @@ -89,8 +89,8 @@ class Metasploit3 < Msf::Auxiliary 'Content-Type' => 'text/xml; charset=UTF-8', } }, 45) - return :abort if (res.code == 404) - success = true if(res.body.match(/SessionInfo/i)) + return :abort if (!res or (res and res.code == 404)) + success = true if(res and res.body.match(/SessionInfo/i)) success rescue ::Rex::ConnectionError diff --git a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb index e7c35ce747..37a9d4e42b 100644 --- a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb +++ b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb @@ -75,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary 'Accept-Encoding' => "gzip,deflate", }, }, 45) - return :abort if (res.code != 200) + return :abort if (!res or (res and res.code != 200)) if(res.body.match(/Account Information/i)) success = false else diff --git a/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb b/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb index 3d97d8c46f..93bbc821c5 100644 --- a/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb +++ b/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb @@ -93,8 +93,8 @@ class Metasploit3 < Msf::Auxiliary }, 45) if res - return :abort if (res.code == 404) - success = true if(res.body.match(/Invalid password/i)) + return :abort if (!res or (res and res.code == 404)) + success = true if(res and res.body.match(/Invalid password/i)) success else vprint_error("[SAP BusinessObjects] No response") diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb index d3972a086c..25fd8950e2 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb @@ -126,6 +126,8 @@ class Metasploit4 < Msf::Auxiliary } }, 45) + return if not res + if (res.code != 500 and res.code != 200) return else diff --git a/modules/exploits/unix/webapp/dogfood_spell_exec.rb b/modules/exploits/unix/webapp/dogfood_spell_exec.rb index 1f0d91ae35..abe79ede7d 100644 --- a/modules/exploits/unix/webapp/dogfood_spell_exec.rb +++ b/modules/exploits/unix/webapp/dogfood_spell_exec.rb @@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote 'uri' => datastore['URIPATH'], }, 1) - if (res.body =~ /Spell Check complete/) + if (res and res.body =~ /Spell Check complete/) return Exploit::CheckCode::Detected end return Exploit::CheckCode::Safe