From 72f0a5613fecd7c9bf13faa8bc4f203d2c45afb6 Mon Sep 17 00:00:00 2001
From: sinn3r <msfsinn3r@gmail.com>
Date: Mon, 12 Nov 2012 15:40:12 -0600
Subject: [PATCH] Add more improvements

---
 .../scanner/http/drupal_views_user_enum.rb    | 36 +++++++++++++------
 1 file changed, 26 insertions(+), 10 deletions(-)

diff --git a/modules/auxiliary/scanner/http/drupal_views_user_enum.rb b/modules/auxiliary/scanner/http/drupal_views_user_enum.rb
index 59afebe256..c3b366e755 100644
--- a/modules/auxiliary/scanner/http/drupal_views_user_enum.rb
+++ b/modules/auxiliary/scanner/http/drupal_views_user_enum.rb
@@ -25,7 +25,7 @@ class Metasploit3 < Msf::Auxiliary
 				[
 					'Justin Klein Keane', #Original Discovery
 					'Robin Francois <rof[at]navixia.com>',
-					'Brandon McCann "zeknox" <bmccann [at] accuvant.com>'
+					'Brandon McCann "zeknox" <bmccann[at]accuvant.com>'
 				],
 			'License'        => MSF_LICENSE,
 			'References'     =>
@@ -50,7 +50,11 @@ class Metasploit3 < Msf::Auxiliary
 
 		if not res
 			return false
-		elsif res.message != 'OK' or res.body != '[  ]'
+		elsif res and res.body =~ /\<title\>Access denied/
+			# This probably means the Views Module actually isn't installed
+			print_error("#{rhost} - Access denied")
+			return false
+		elsif res and res.message != 'OK' or res.body != '[  ]'
 			return false
 		else
 			return true
@@ -72,7 +76,7 @@ class Metasploit3 < Msf::Auxiliary
 
 		# Check if remote host is available or appears vulnerable
 		if not check(enum_uri)
-			print_status("#{ip} does not appear to be vulnerable, will not continue")
+			print_error("#{ip} does not appear to be vulnerable, will not continue")
 			return
 		end
 
@@ -109,14 +113,26 @@ class Metasploit3 < Msf::Auxiliary
 		final_results.each do |user|
 			print_good("Found User: #{user}")
 
-			store_loot(
-				type,
-				'text/plain',
-				Rex::Socket.getaddress(datastore['RHOST']),
-				user,
-				'drupal_user.txt',
-				user
+			report_auth_info(
+				:host => Rex::Socket.getaddress(datastore['RHOST']),
+				:port => datastore['RPORT'],
+				:user => user,
+				:type => "drupal_user"
 			)
 		end
+
+		# One username per line
+		final_results = final_results * "\n"
+
+		p = store_loot(
+			'drupal_user',
+			'text/plain',
+			Rex::Socket.getaddress(datastore['RHOST']),
+			final_results.to_s,
+			'drupal_user.txt'
+		)
+
+		print_status("Usernames stored in: #{p}")
 	end
+
 end