Solve conflict

modules/auxiliary/scanner/ssl/openssl_heartbleed.rb

@@ -102,7 +102,7 @@ class Metasploit3 < Msf::Auxiliary
     register_options(
       [
         Opt::RPORT(443),
-        OptBool.new('STARTTLS', [ true, "Use STARTTLS", false])
+        OptEnum.new('PROTOCOL', [true, 'Protocol to use with SSL', 'WEB', [ 'WEB', 'SMTP', 'IMAP', 'JABBER', 'POP3' ]])
       ], self.class)
   end
 
@@ -110,10 +110,12 @@ class Metasploit3 < Msf::Auxiliary
     "#{rhost}:#{rport}"
   end
 
-  def start_ttls
+  def tls_smtp
+    # https://tools.ietf.org/html/rfc3207
     sock.get_once
-    sock.put("EHLO starttlstest\n")
+    sock.put("EHLO #{rand_text_alpha(10)}\n")
     res = sock.get_once
+
     unless res && res =~ /STARTTLS/
       return nil
     end
@@ -121,16 +123,86 @@ class Metasploit3 < Msf::Auxiliary
     sock.get_once
   end
 
+  def tls_imap
+    # http://tools.ietf.org/html/rfc2595
+    sock.get_once
+    sock.put("a001 CAPABILITY\r\n")
+    res = sock.get_once
+    unless res and res =~ /STARTTLS/i
+      return nil
+    end
+    sock.put("a002 STARTTLS\r\n")
+    sock.get_once
+  end
+
+  def tls_pop3
+    # http://tools.ietf.org/html/rfc2595
+    sock.get_once
+    sock.put("CAPA\r\n")
+    res = sock.get_once
+    if !res or res =~ /^-/
+      return nil
+    end
+    sock.put("STLS\r\n")
+    res = sock.get_once
+    if !res or res =~ /^-/
+      return nil
+    end
+  end
+
+  def tls_jabber
+    # http://xmpp.org/extensions/xep-0035.html
+    msg = "<?xml version='1.0' ?>"
+    msg << "<stream:stream xmlns='jabber:client' "
+    msg << "xmlns:stream='http://etherx.jabber.org/streams' "
+    msg << "xmlns:tls='http://www.ietf.org/rfc/rfc2595.txt' "
+    msg << "to='#{rhost}'>"
+    sock.put(msg)
+    res = sock.get_once
+    return nil if res.nil? # SSL not supported
+    return nil if res =~ /stream:error/ or res !~ /starttls/i
+    msg = "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"
+    sock.put(msg)
+    sock.get_once
+  end
+
   def run_host(ip)
     connect
 
-    if datastore['STARTTLS']
+    case datastore['PROTOCOL']
-      print_status("#{peer} - Trying to STARTTLS...")
+      when "WEB"
-      res = start_ttls
+        # no STARTTLS needed
-      if res.nil?
+      when "SMTP"
-        print_error("#{peer} - STARTTLS failed...")
+        print_status("Trying to start SSL via SMTP")
+        res = tls_smtp
+        if res.nil?
+          print_error("#{peer} - STARTTLS failed...")
+          return
+        end
+      when "IMAP"
+        print_status("Trying to start SSL via IMAP")
+        res = tls_imap
+        if res.nil?
+          print_error("#{peer} - STARTTLS failed...")
+          return
+        end
+      when "JABBER"
+        print_status("Trying to start SSL via JABBER")
+        res = tls_jabber
+        if res.nil?
+          print_error("#{peer} - STARTTLS failed...")
+          return
+        end
+      when "POP3"
+        print_status("Trying to start SSL via POP3")
+        res = tls_pop3
+        if res.nil?
+          print_error("#{peer} - STARTTLS failed...")
+          return
+        end
+      else
+        print_error("Unknown protocol #{datastore['PROTOCOL']}")
         return
-      end
     end
 
     print_status("#{peer} - Sending Client Hello...")