From f3a2d6663f6752b7ff06bfc94a9e73aaebb9f907 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Fri, 23 Jan 2015 02:38:26 -0600 Subject: [PATCH] Fix #4616 and Fix #3798 - Correctly use OptRegexp This patch fixes a problem with OptRegexp. The OptRegexp class is always forcing the value to be converted to a string first, which causes the EXCLUDE option in browser_autopwn to kick in and match every found autopwn module, so it ignores all of them and you load nothing (#4616). It is important to understand that nil actually represents an option not being set, which is a completely different behavior than having an empty value (technically "" is still a value, and if there's a value, it means the option is set). We need to watcher for these scenarios. I am restoring the #default method to avoid forcing a to_s, which should fix the browser autopwn loading problem. And then I changed scraper.rb's default value for datastore option PATTERN to a string, because still fixes #3798. The way I see it, #3798 is actually a module-specific issue. Fix #4616 Fix #3798 --- lib/msf/core/option_container.rb | 2 +- modules/auxiliary/scanner/http/scraper.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/msf/core/option_container.rb b/lib/msf/core/option_container.rb index 09cf7b61ff..932c57bf29 100644 --- a/lib/msf/core/option_container.rb +++ b/lib/msf/core/option_container.rb @@ -528,7 +528,7 @@ class OptRegexp < OptBase end def default - @default.to_s + @default end def display_value(value) diff --git a/modules/auxiliary/scanner/http/scraper.rb b/modules/auxiliary/scanner/http/scraper.rb index 539b6ec736..e57ac40ac2 100644 --- a/modules/auxiliary/scanner/http/scraper.rb +++ b/modules/auxiliary/scanner/http/scraper.rb @@ -27,7 +27,7 @@ class Metasploit3 < Msf::Auxiliary register_options( [ OptString.new('PATH', [ true, "The test path to the page to analize", '/']), - OptRegexp.new('PATTERN', [ true, "The regex to use (default regex is a sample to grab page title)", %r{(.*)}i]) + OptRegexp.new('PATTERN', [ true, "The regex to use (default regex is a sample to grab page title)", '(.*)']) ], self.class)