Minor changes here and there

Changes include: * Some corrections in metadata * report_note() * Removes connect(), usually don't need it in modules
2012-11-30 14:24:27 -06:00 · 2012-11-30 14:24:27 -06:00 · 61a74bf257
parent a73d8792ee
commit 61a74bf257
1 changed files with 27 additions and 16 deletions
--- a/modules/auxiliary/scanner/http/http_hsts.rb
+++ b/modules/auxiliary/scanner/http/http_hsts.rb
@ -1,20 +1,26 @@
-require 'rex/proto/http'
-require 'msf/core'
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+#   http://metasploit.com/framework/
+##

+require 'msf/core'

 class Metasploit3 < Msf::Auxiliary

 	include Msf::Exploit::Remote::HttpClient
 	include Msf::Auxiliary::Scanner

-	def initialize
-		super(
-			'Name'        => 'HTTP HSTS Detection',
-			'Version'     => '$Revision$',
-			'Description' => 'Display HTTP Strict Transport Security (HSTS) information about each system.',
-			'Author'      => 'Matt "hostess" Andreko <mandreko@accuvant.com>',
+	def initialize(info={})
+		super(update_info(info,
+			'Name'        => 'HTTP Strict Transport Security (HSTS) Detection',
+			'Description' => %q{
+				Display HTTP Strict Transport Security (HSTS) information about each system.
+			},
+			'Author'      => 'Matt "hostess" Andreko <mandreko[at]accuvant.com>',
 			'License'     => MSF_LICENSE
-		)
+		))

 		register_options([
 				OptBool.new('SSL', [ true, "Negotiate SSL for outgoing connections", true]),
@ -24,16 +30,21 @@ class Metasploit3 < Msf::Auxiliary

 	def run_host(ip)
 		begin
-			connect
-
 			res = send_request_cgi({
-				'uri'	=>	'/',
-				'method'	=>	'GET',
+				'uri'    => '/',
+				'method' => 'GET',
 				}, 25)
-			return if not res

-			if res.headers['Strict-Transport-Security']
-				print_good("#{ip}:#{rport} Strict-Transport-Security:#{res.headers['Strict-Transport-Security']}")
+			hsts = res.headers['Strict-Transport-Security']
+
+			if res and hsts
+				print_good("#{ip}:#{rport} - Strict-Transport-Security:#{hsts}")
+				report_note({
+					:data => hsts,
+					:type => "hsts_data",
+					:host => ip,
+					:port => rport
+				})
 			else
 				print_error("#{ip}:#{rport} No HSTS found.")
 			end