From 62d67469da176aad932816b1e0d6e866a61586c8 Mon Sep 17 00:00:00 2001 From: Stuart Morgan Date: Mon, 11 May 2015 19:34:23 +0100 Subject: [PATCH] Updated code style as per @hmoore-r7's instructions --- modules/auxiliary/scanner/http/title.rb | 60 ++++++++++++++----------- 1 file changed, 35 insertions(+), 25 deletions(-) diff --git a/modules/auxiliary/scanner/http/title.rb b/modules/auxiliary/scanner/http/title.rb index d4818973aa..4a3f310491 100644 --- a/modules/auxiliary/scanner/http/title.rb +++ b/modules/auxiliary/scanner/http/title.rb @@ -40,12 +40,18 @@ class Metasploit3 < Msf::Auxiliary def run_host(target_host) begin - res = send_request_cgi('uri' => '/', - 'method' => 'GET') + # Send a normal GET request + res = send_request_cgi('uri' => '/', + 'method' => 'GET') - if res.nil? - print_error("No response from #{target_host}:#{rport}") if datastore['SHOW_ERRORS'] == true - else + # If no response, quit now + if res.nil? + print_error("[#{target_host}:#{rport}] No response") if datastore['SHOW_ERRORS'] == true + return + end + + # Retrieve the headers to capture the Location and Server header + # Note that they are case-insensitive but stored in a hash server_header = nil location_header = nil if !res.headers.nil? @@ -54,34 +60,38 @@ class Metasploit3 < Msf::Auxiliary server_header = val if key.downcase == 'server' end else - print_error("No headers from #{target_host}:#{rport}") if datastore['SHOW_ERRORS'] == true + print_error("[#{target_host}:#{rport}] No HTTP headers") if datastore['SHOW_ERRORS'] == true end - if !res.body.nil? - # Very basic, just match the first title tag we come to. - rx = %r{[\n\t\s]*(?<title>.+?)[\s\n\t]*}im.match(res.body.to_s) - if rx - rx[:title].strip! - if rx[:title] != '' - rx_title = CGI.unescapeHTML(rx[:title]) - print_status("[#{target_host}:#{rport}] [C:#{res.code}] [R:#{location_header}] [S:#{server_header}] #{rx_title}") if datastore['SHOW_TITLES'] == true - if datastore['STORE_NOTES'] == true - notedata = { code: res.code, port: rport, server: server_header, title: rx_title, redirect: location_header } - report_note(host: target_host, type: "http.title", data: notedata) - end - else - print_error("No webpage title from #{target_host}:#{rport}") if datastore['SHOW_ERRORS'] == true - end - else - print_error("No webpage title from #{target_host}:#{rport}") if datastore['SHOW_ERRORS'] == true + # If the body is blank, just stop now as there is no chance of a title + if res.body.nil? + print_error("[#{target_host}:#{rport}] No webpage body") if datastore['SHOW_ERRORS'] == true + return + end + + # Very basic, just match the first title tag we come to. If the match fails, + # there is no chance that we will have a title + rx = %r{[\n\t\s]*(?<title>.+?)[\s\n\t]*}im.match(res.body.to_s) + unless rx + print_error("[#{target_host}:#{rport}] No webpage title") if datastore['SHOW_ERRORS'] == true + return + end + + # Last bit of logic to capture the title + rx[:title].strip! + if rx[:title] != '' + rx_title = CGI.unescapeHTML(rx[:title]) + print_status("[#{target_host}:#{rport}] [C:#{res.code}] [R:#{location_header}] [S:#{server_header}] #{rx_title}") if datastore['SHOW_TITLES'] == true + if datastore['STORE_NOTES'] == true + notedata = { code: res.code, port: rport, server: server_header, title: rx_title, redirect: location_header } + report_note(host: target_host, type: "http.title", data: notedata) end else - print_error("No webpage body from #{target_host}:#{rport}") if datastore['SHOW_ERRORS'] == true + print_error("[#{target_host}:#{rport}] No webpage title") if datastore['SHOW_ERRORS'] == true end end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout rescue ::Timeout::Error, ::Errno::EPIPE - end end end