http_fingerprint reports service info

Service info once again is reported when http_fingerprint is run against
a target, along with http status codes.

lib/msf/core/db.rb

@@ -1475,6 +1475,7 @@ class DBManager
 	#
 	# opts can contain
 	# +:options+:: a hash of options for accessing this particular web site
+	# +:info+:: if present, report the service with this info
 	#
 	# Duplicate records for a given host, port, vhost combination will be overwritten
 	#
@@ -1487,6 +1488,7 @@ class DBManager
 		port = nil
 		name = nil
 		serv = nil
+		info = nil
 
 		if opts[:service] and opts[:service].kind_of?(Service)
 			serv = opts[:service]
@@ -1494,6 +1496,7 @@ class DBManager
 			addr = opts[:host]
 			port = opts[:port]
 			name = opts[:ssl] ? 'https' : 'http'
+			info = opts[:info]
 			if not (addr and port)
 				raise ArgumentError, "report_web_site requires service OR host/port/ssl"
 			end
@@ -1528,8 +1531,12 @@ class DBManager
 		if opts.keys.include?(:ssl) or serv.name.to_s.empty?
 			name = opts[:ssl] ? 'https' : 'http'
 			serv.name = name
-			serv.save!
 		end
+		# Add the info if it's there.
+		unless info.to_s.empty?
+			serv.info = info
+		end
+		serv.save! if serv.changed?
 =begin
 		host.updated_at = host.created_at
 		host.state      = HostState::Alive

lib/msf/core/exploit/http/client.rb

@@ -543,7 +543,7 @@ module Exploit::Remote::HttpClient
 	# Returns the boolean indicating SSL
 	#
 	def ssl
-		((datastore.default?('SSL') and rport.to_i == 443) or datastore['SSL'])
+		((datastore.default?('SSL') and [443,3790].include?(rport.to_i)) or datastore['SSL'])
 	end
 
 	#
@@ -603,22 +603,11 @@ module Exploit::Remote::HttpClient
 
 		# Bail if we don't have anything to fingerprint
 		return if not res
-
+		
 		# From here to the end simply does some pre-canned combining and custom matches
 		# to build a human-readable string to store in service.info
 		extras = []
-
-		case res.code
-		when 301,302
-			extras << "#{res.code}-#{res.headers['Location']}"
-		when 401
-			extras << "#{res.code}-#{res.headers['WWW-Authenticate']}"
-		when 403
-			extras << "#{res.code}-#{res.headers['WWW-Authenticate']||res.message}"
-		when 500 .. 599
-			extras << "#{res.code}-#{res.message}"
-		end
-
+		
 		if res.headers['Set-Cookie'] =~ /^vmware_soap_session/
 			extras << "VMWare Web Services"
 		end
@@ -641,7 +630,7 @@ module Exploit::Remote::HttpClient
 			when /openAboutWindow.*\>DD\-WRT ([^\<]+)\</
 				extras << "DD-WRT #{$1.strip}"
 
-			when /ID_ESX_Welcome/
+			when /ID_ESX_Welcome/, /ID_ESX_VIClientDesc/
 				extras << "VMware ESX Server"
 
 			when /Test Page for.*Fedora/
@@ -661,13 +650,24 @@ module Exploit::Remote::HttpClient
 		end
 
 		if datastore['RPORT'].to_i == 3790
-			if res and res.code == 302 and res.headers and res.headers['Location'] =~ /[\x5c\x2f](login|setup)$/
-				if res['Server'] =~ /^thin.*No Hup$/
+			if res.code == 302 and res.headers and res.headers['Location'] =~ /[\x5c\x2f](login|setup)$/
+				if res['Server'] =~ /^(thin.*No Hup)|(nginx[\x5c\x2f][\d\.]+)$/
 					extras << "Metasploit"
 				end
 			end
 		end
 
+		case res.code
+		when 301,302
+			extras << "#{res.code}-#{res.headers['Location']}"
+		when 401
+			extras << "#{res.code}-#{res.headers['WWW-Authenticate']}"
+		when 403
+			extras << "#{res.code}-#{res.headers['WWW-Authenticate']||res.message}"
+		when 500 .. 599
+			extras << "#{res.code}-#{res.message}"
+		end
+
 		info  = "#{res.headers['Server']}"
 		info << " ( #{extras.join(", ")} )" if extras.length > 0
 		# Report here even if info is empty since the fact that we didn't

modules/auxiliary/scanner/vmware/vmware_http_login.rb

@@ -83,6 +83,7 @@ class Metasploit3 < Msf::Auxiliary
 			if res
 				fp = http_fingerprint({ :response => res })
 				if fp =~ /VMWare/
+					report_service(:host => rhost, :port => rport, :proto => 'tcp', :sname => 'https', :info => fp)
 					return true
 				else
 					vprint_error("http://#{ip}:#{rport} - Could not identify as VMWare")