Fix typos and add dig for safe navigation

rapid7 · May 31, 2023 · 1fd2d41 · 1fd2d41
1 parent cf2ca43
commit 1fd2d41
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/documentation/modules/auxiliary/scanner/http/apache_nifi_login.md b/documentation/modules/auxiliary/scanner/http/apache_nifi_login.md
@@ -1,6 +1,7 @@
 ## Vulnerable Application
 
-This attempts to login to Apache NiFi websites.
+This module attempts to take login details for Apache NiFi websites
+and identify if they are valid or not.
 
 Tested against NiFi major releases 1.14.0 - 1.21.0, and 1.13.0
 Also works against NiFi <= 1.13.0, but the module needs to be adjusted:
@@ -45,7 +46,7 @@ docker log <container> | grep Generated
 
 ## Scenarios
 
-### Docker image 1.18.0 and 1.13.0
+### Docker image of Apache NiFi 1.18.0
 
 ```
 msf6 > use auxiliary/scanner/http/nifi_login
@@ -71,6 +72,7 @@ msf6 auxiliary(scanner/http/nifi_login) > run
 [*] Auxiliary module execution completed
 ```
 
+### Docker image of Apache NiFi 1.13.0
 ```
 msf6 > use auxiliary/scanner/http/nifi_login
 msf6 auxiliary(scanner/http/nifi_login) > set rhosts 127.0.0.1

diff --git a/modules/auxiliary/scanner/http/apache_nifi_login.rb b/modules/auxiliary/scanner/http/apache_nifi_login.rb
@@ -15,7 +15,8 @@ def initialize(info = {})
         info,
         'Name' => 'Apache NiFi Login Scanner',
         'Description' => %q{
-          This attempts to login to Apache NiFi websites.
+          This module attempts to take login details for Apache NiFi websites
+          and identify if they are valid or not.
 
           Tested against NiFi major releases 1.14.0 - 1.21.0, and 1.13.0
           Also works against NiFi <= 1.13.0, but the module needs to be adjusted:
@@ -78,20 +79,20 @@ def run_host(ip)
     )
 
     fail_with(Failure::Unreachable, "#{peer} - Could not connect to web service - no response") if res.nil?
-    fail_with(Failure::UnexpectedReply, "#{peer} - Unexpected Respones Code (response code: #{res.code})") unless res.code == 200
+    fail_with(Failure::UnexpectedReply, "#{peer} - Unexpected response code (#{res.code})") unless res.code == 200
 
-    fail_with(Failure::UnexpectedReply, "Apache NiFi not detected on #{ip}") unless res.body =~ %r{js/nf/nf-namespace\.js\?([\d.]*)">}
+    fail_with(Failure::NotVulnerable, "Apache NiFi not detected on #{ip}") unless res.body =~ %r{js/nf/nf-namespace\.js\?([\d.]*)">}
 
     res = send_request_cgi!(
       'uri' => normalize_uri(target_uri.path, 'nifi-api', 'access', 'config')
     )
     fail_with(Failure::Unreachable, "#{peer} - Could not connect to web service - no response") if res.nil?
-    fail_with(Failure::UnexpectedReply, "#{peer} - Unexpected Respones Code (response code: #{res.code})") unless res.code == 200
+    fail_with(Failure::UnexpectedReply, "#{peer} - Unexpected response code (#{res.code})") unless res.code == 200
 
     res_json = res.get_json_document
 
-    unless res_json['config']['supportsLogin']
-      print_good("#{peer} - User login not supported, try visiting /nifi to gain access")
+    unless res_json.dig('config', 'supportsLogin')
+      print_error("#{peer} - User login not supported, try visiting /nifi to gain access")
       return
     end