diff --git a/lib/msf/core/exploit/browserautopwnv2.rb b/lib/msf/core/exploit/browserautopwnv2.rb index 3ede415109..2a29010954 100644 --- a/lib/msf/core/exploit/browserautopwnv2.rb +++ b/lib/msf/core/exploit/browserautopwnv2.rb @@ -35,7 +35,8 @@ module Msf # Returns all the found exploit modules that support BrowserExploitServer by going through all # the exploits from the framework object. # - # @note This method is using framework.exploits and it's one of the reasons why it's so slow. + # @note This method is using framework.exploits and it's one of the reasons why it's so slow, + # and will only get slower. # @todo Maybe look for a different way to get a list of exploits. # @return [Array] A collection of BES modules in this format: [module_fullname, Class]. def init_exploit_paths @@ -48,6 +49,7 @@ module Msf # Initializes the @bap_exploits instance variable with all the found BAP exploits. # + # @note The more BES exploits, the slower this gets. # @see #bap_exploits The read-only attribute. # @return [void] def init_exploits @@ -179,10 +181,11 @@ module Msf # @see #bap_exploits The read-only attribute. # @param [Hash] A grouped module list. # @return [void] - def finalize_sorted_modules(bap_groups) + def finalize_sorted_modules(bap_groups, max=20) @bap_exploits = [] bap_groups.each_pair do |ranking, module_list| module_list.each do |m| + break if @bap_exploits.length >= max @bap_exploits << m end end @@ -315,18 +318,24 @@ module Msf def show_ready_exploits table = Rex::Ui::Text::Table.new( - "Header" => "Exploits", - "Indent" => 1, - "Columns" => ["Rank", "Name", "Path", "Payload"] + 'Header' => 'Exploits', + 'Indent' => 1, + 'Columns' => ['Order', 'Rank', 'Name', 'Path', 'Payload'] ) + # Without the order, sometimes the Rex table messes up even though in the array + # the order looks right. So don't get rid of this. + order = 1 + bap_exploits.each do |m| table << [ + order, parse_rank(m.rank), m.shortname, m.datastore['URIPATH'], "#{m.datastore['PAYLOAD']} on #{m.datastore['LPORT']}" ] + order += 1 end print_line