Add missing module notes for stability reliability and side effects

modules/auxiliary/admin/http/ibm_drm_download.rb

@@ -42,7 +42,12 @@ def initialize(info = {})
         'Actions' => [
           ['Download', { 'Description' => 'Download arbitrary file' }]
         ],
-        'DefaultAction' => 'Download'
+        'DefaultAction' => 'Download',
+        'Notes' => {
+          'Reliability' => [ ],
+          'Stability' => [ CRASH_SAFE ],
+          'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS ]
+        }
       )
     )
 
@@ -112,7 +117,7 @@ def free_the_admin(session_id)
       'ctype' => "multipart/form-data; boundary=#{post_data.bound}"
     })
 
-    unless res && (res.code == 200) && res.body[/"data":"([0-9a-f\-]{36})/]
+    unless res && (res.code == 200) && res.body[/"data":"([0-9a-f-]{36})/]
       fail_with(Failure::NoAccess, "#{peer} - Failed to obtain the admin password.")
     end
 
@@ -147,7 +152,7 @@ def login_and_csrf(password)
       'cookie' => cookie
     })
 
-    unless res && (res.code == 200) && res.body =~ /var csrfToken = "([0-9a-f\-]{36})";/
+    unless res && (res.code == 200) && res.body =~ /var csrfToken = "([0-9a-f-]{36})";/
       fail_with(Failure::NoAccess, "#{peer} - Failed to authenticate obtain CSRF cookie.")
     end
     csrf = Regexp.last_match(1)

modules/auxiliary/admin/http/netgear_r6700_pass_reset.rb

@@ -51,7 +51,8 @@ def initialize(info = {})
         'Notes' => {
           'SideEffects' => [ CONFIG_CHANGES ], # This module will change the configuration by
           # resetting the router to the default factory password.
-          'Stability' => [ CRASH_SERVICE_DOWN ] # This module will crash the target service after it is run.
+          'Stability' => [ CRASH_SERVICE_DOWN ], # This module will crash the target service after it is run.
+          'Reliability' => []
         },
         'RelatedModules' => [ 'exploit/linux/telnet/netgear_telnetenable' ], # This module relies on users also running exploit/linux/telnet/netgear_telnetenable to get the shell.
         'DisclosureDate' => '2020-06-15',

modules/auxiliary/admin/networking/arista_config.rb

@@ -15,7 +15,12 @@ def initialize(info = {})
           This module imports an Arista device configuration.
         },
         'License' => MSF_LICENSE,
-        'Author' => [ 'h00die' ]
+        'Author' => [ 'h00die' ],
+        'Notes' => {
+          'Stability' => [],
+          'Reliability' => [],
+          'SideEffects' => []
+        }
       )
     )
 

modules/auxiliary/admin/networking/cisco_vpn_3000_ftp_bypass.rb

@@ -29,7 +29,12 @@ def initialize(info = {})
           [ 'OSVDB', '28139' ],
           [ 'OSVDB', '28138' ]
         ],
-        'DisclosureDate' => '2006-08-23'
+        'DisclosureDate' => '2006-08-23',
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'Reliability' => [],
+          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]
+        }
       )
     )
 

modules/auxiliary/admin/networking/f5_config.rb

@@ -15,7 +15,12 @@ def initialize(info = {})
           This module imports an F5 device configuration.
         },
         'License' => MSF_LICENSE,
-        'Author' => ['h00die']
+        'Author' => ['h00die'],
+        'Notes' => {
+          'Stability' => [],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
 

modules/auxiliary/admin/networking/juniper_config.rb

@@ -22,7 +22,12 @@ def initialize(info = {})
           ['JUNOS', { 'Description' => 'Import JunOS Config File' }],
           ['SCREENOS', { 'Description' => 'Import ScreenOS Config File' }],
         ],
-        'DefaultAction' => 'JUNOS'
+        'DefaultAction' => 'JUNOS',
+        'Notes' => {
+          'Stability' => [],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
 

modules/auxiliary/admin/networking/mikrotik_config.rb

@@ -20,7 +20,12 @@ def initialize(info = {})
           ['ROUTEROS', { 'Description' => 'Import RouterOS Config File' }],
           ['SWOS', { 'Description' => 'Import SwOS Config File' }],
         ],
-        'DefaultAction' => 'ROUTEROS'
+        'DefaultAction' => 'ROUTEROS',
+        'Notes' => {
+          'Stability' => [],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
 

modules/auxiliary/admin/networking/vyos_config.rb

@@ -15,7 +15,12 @@ def initialize(info = {})
           This module imports a VyOS device configuration.
         },
         'License' => MSF_LICENSE,
-        'Author' => [ 'h00die' ]
+        'Author' => [ 'h00die' ],
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => []
+        }
       )
     )
 

modules/auxiliary/admin/sap/cve_2020_6207_solman_rce.rb

@@ -43,7 +43,12 @@ def initialize(info = {})
           ['SECSTORE', { 'Description' => 'Get file with SolMan credentials from connected agent' }]
         ],
         'DefaultAction' => 'LIST',
-        'DisclosureDate' => '2020-10-03'
+        'DisclosureDate' => '2020-10-03',
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [CONFIG_CHANGES, IOC_IN_LOGS],
+          'Reliability' => []
+        }
       )
     )
     register_options(

modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb

@@ -29,7 +29,10 @@ def initialize(info = {})
           [ 'URL', 'https://us-cert.cisa.gov/ncas/alerts/aa20-195a' ]
         ],
         'Notes' => {
-          'AKA' => [ 'RECON' ]
+          'AKA' => [ 'RECON' ],
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [CONFIG_CHANGES, IOC_IN_LOGS],
+          'Reliability' => []
         },
         'Actions' => [
           [ 'ADD', { 'Description' => 'Add the specified user' } ],

modules/auxiliary/admin/sap/sap_igs_xmlchart_xxe.rb

@@ -9,40 +9,45 @@ class MetasploitModule < Msf::Auxiliary
 
   def initialize(info = {})
     super(
-        update_info(
-          info,
-          'Name' => 'SAP Internet Graphics Server (IGS) XMLCHART XXE',
-          'Description' => %q{
-            This module exploits CVE-2018-2392 and CVE-2018-2393, two XXE vulnerabilities within the XMLCHART page
-            of SAP Internet Graphics Servers (IGS) running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53. These
-            vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when
-            submitting a POST request to the XMLCHART page to generate a new chart.
-
-            Successful exploitation will allow unauthenticated remote attackers to read files from the server as the user
-            from which the IGS service is started, which will typically be the SAP admin user. Alternatively attackers
-            can also abuse the XXE vulnerability to conduct a denial of service attack against the vulnerable
-            SAP IGS server.
-          },
-          'Author' => [
-            'Yvan Genuer', # @_1ggy The researcher who originally found this vulnerability
-            'Vladimir Ivanov' # @_generic_human_ This Metasploit module
-          ],
-          'License' => MSF_LICENSE,
-          'References' => [
-            [ 'CVE', '2018-2392' ],
-            [ 'CVE', '2018-2393' ],
-            [ 'URL', 'https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_IGS-The-vulnerable-forgotten-component.pdf' ]
-          ],
-          'Actions' => [
-            [ 'READ', { 'Description' => 'Remote file read' } ],
-            [ 'DOS', { 'Description' => 'Denial Of Service' } ]
-          ],
-          'DefaultAction' => 'READ',
-          'DefaultOptions' => {
-            'SSL' => false # Disable SSL (by default SAP IGS does not use SSL/TLS)
-          },
-          'DisclosureDate' => '2018-03-14'
-        )
+      update_info(
+        info,
+        'Name' => 'SAP Internet Graphics Server (IGS) XMLCHART XXE',
+        'Description' => %q{
+          This module exploits CVE-2018-2392 and CVE-2018-2393, two XXE vulnerabilities within the XMLCHART page
+          of SAP Internet Graphics Servers (IGS) running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53. These
+          vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when
+          submitting a POST request to the XMLCHART page to generate a new chart.
+
+          Successful exploitation will allow unauthenticated remote attackers to read files from the server as the user
+          from which the IGS service is started, which will typically be the SAP admin user. Alternatively attackers
+          can also abuse the XXE vulnerability to conduct a denial of service attack against the vulnerable
+          SAP IGS server.
+        },
+        'Author' => [
+          'Yvan Genuer', # @_1ggy The researcher who originally found this vulnerability
+          'Vladimir Ivanov' # @_generic_human_ This Metasploit module
+        ],
+        'License' => MSF_LICENSE,
+        'References' => [
+          [ 'CVE', '2018-2392' ],
+          [ 'CVE', '2018-2393' ],
+          [ 'URL', 'https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_IGS-The-vulnerable-forgotten-component.pdf' ]
+        ],
+        'Actions' => [
+          [ 'READ', { 'Description' => 'Remote file read' } ],
+          [ 'DOS', { 'Description' => 'Denial Of Service' } ]
+        ],
+        'DefaultAction' => 'READ',
+        'DefaultOptions' => {
+          'SSL' => false # Disable SSL (by default SAP IGS does not use SSL/TLS)
+        },
+        'DisclosureDate' => '2018-03-14',
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => []
+        }
+      )
     )
     register_options(
       [

modules/auxiliary/dos/dns/bind_tsig_badtime.rb

@@ -28,7 +28,12 @@ def initialize(info = {})
         ],
         'DisclosureDate' => '2020-05-19',
         'License' => MSF_LICENSE,
-        'DefaultOptions' => { 'ScannerRecvWindow' => 0 }
+        'DefaultOptions' => { 'ScannerRecvWindow' => 0 },
+        'Notes' => {
+          'Stability' => [CRASH_SERVICE_DOWN],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
 

modules/auxiliary/dos/http/cable_haunt_websocket_dos.rb

@@ -36,7 +36,12 @@ def initialize(info = {})
           ['URL', 'https://github.com/Lyrebirds/sagemcom-fast-3890-exploit']
         ],
         'DisclosureDate' => '2020-01-07',
-        'License' => MSF_LICENSE
+        'License' => MSF_LICENSE,
+        'Notes' => {
+          'Stability' => [CRASH_SERVICE_DOWN],
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => []
+        }
       )
     )
 

modules/auxiliary/gather/peplink_bauth_sqli.rb

@@ -27,7 +27,12 @@ def initialize(info = {})
           [ 'URL', 'https://gist.github.com/red0xff/c4511d2f427efcb8b018534704e9607a' ]
         ],
         'Targets' => [['Wildcard Target', {}]],
-        'DefaultTarget' => 0
+        'DefaultTarget' => 0,
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => []
+        }
       )
     )
     register_options(

modules/auxiliary/gather/redis_extractor.rb

@@ -16,7 +16,12 @@ def initialize(info = {})
         },
         'Author' => ['Geoff Rainville noncenz[at]ultibits.com'],
         'License' => MSF_LICENSE,
-        'References' => [['URL', 'https://redis.io/topics/protocol']]
+        'References' => [['URL', 'https://redis.io/topics/protocol']],
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
     register_options(

modules/auxiliary/gather/saltstack_salt_root_key.rb

@@ -49,7 +49,8 @@ def initialize(info = {})
         'DefaultAction' => 'Dump',
         'Notes' => {
           'Stability' => [CRASH_SAFE],
-          'SideEffects' => [IOC_IN_LOGS]
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => []
         }
       )
     )
@@ -114,7 +115,7 @@ def yeet_prep_auth_info
     vprint_good('Received serialized auth info')
 
     # HACK: Strip assumed ZeroMQ header and leave assumed MessagePack "load"
-    res[4..-1]
+    res[4..]
   end
 
   def extract_root_key(auth_info)

modules/auxiliary/gather/shodan_host.rb

@@ -17,7 +17,12 @@ def initialize(info = {})
         'License' => MSF_LICENSE,
         'References' => [
           [ 'URL', 'https://honeyscore.shodan.io/']
-        ]
+        ],
+        'Notes' => {
+          'Stability' => [],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
     register_options(

modules/auxiliary/gather/vbulletin_getindexablecontent_sqli.rb

@@ -32,7 +32,12 @@ module has been tested successfully on VBulletin Version 5.6.1 on Ubuntu Linux.
           ['DumpAll', { 'Description' => 'Dump all tables used by vbulletin.' }]
         ],
         'DefaultAction' => 'DumpUser',
-        'DisclosureDate' => '2020-03-12'
+        'DisclosureDate' => '2020-03-12',
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => []
+        }
       )
     )
     register_options([

modules/auxiliary/gather/zookeeper_info_disclosure.rb

@@ -24,9 +24,14 @@ def initialize(info = {})
         ],
         'DisclosureDate' => '2020-10-14',
         'License' => MSF_LICENSE,
-        'DefaultOptions' => { 'VERBOSE' => true }
-      )
+        'DefaultOptions' => { 'VERBOSE' => true },
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
+    )
 
     register_options(
       [

modules/auxiliary/scanner/http/limesurvey_zip_traversals.rb

@@ -43,7 +43,12 @@ def initialize(info = {})
           ['URL', 'https://www.secsignal.org/en/news/cve-2019-9960-arbitrary-file-download-in-limesurvey/'],
           ['URL', 'https://github.com/LimeSurvey/LimeSurvey/commit/1ed10d3c423187712b8f6a8cb2bc9d5cc3b2deb8']
         ],
-        'DisclosureDate' => '2020-04-02'
+        'DisclosureDate' => '2020-04-02',
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => []
+        }
       )
     )
 

modules/auxiliary/scanner/http/springcloud_directory_traversal.rb

@@ -30,7 +30,12 @@ def initialize(info = {})
           'Dhiraj Mishra' # Metasploit module
         ],
         'DisclosureDate' => '2020-06-01',
-        'License' => MSF_LICENSE
+        'License' => MSF_LICENSE,
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => []
+        }
       )
     )
 

modules/auxiliary/scanner/http/synology_forget_passwd_user_enum.rb

@@ -36,7 +36,12 @@ def initialize(info = {})
           [ 'CVE', '2017-9554' ],
           [ 'URL', 'https://www.synology.com/en-global/security/advisory/Synology_SA_17_29_DSM' ]
         ],
-        'DisclosureDate' => '2011-01-05'
+        'DisclosureDate' => '2011-01-05',
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [ACCOUNT_LOCKOUTS, IOC_IN_LOGS],
+          'Reliability' => []
+        }
       )
     )