Land #10570, AKA Metadata Refactor

rapid7 · Sep 18, 2018 · 6126a62 · 6126a62
2 parents a814899 + 011c25e
commit 6126a62
Show file tree

Hide file tree

Showing 37 changed files with 214 additions and 87 deletions.
diff --git a/modules/auxiliary/admin/smb/ms17_010_command.rb b/modules/auxiliary/admin/smb/ms17_010_command.rb
@@ -32,10 +32,6 @@ def initialize(info = {})
 
       'License'        => MSF_LICENSE,
       'References'     => [
-        [ 'AKA', 'ETERNALSYNERGY' ],
-        [ 'AKA', 'ETERNALROMANCE' ],
-        [ 'AKA', 'ETERNALCHAMPION' ],
-        [ 'AKA', 'ETERNALBLUE'],  # does not use any CVE from Blue, but Search should show this, it is preferred
         [ 'MSB', 'MS17-010' ],
         [ 'CVE', '2017-0143'], # EternalRomance/EternalSynergy - Type confusion between WriteAndX and Transaction requests
         [ 'CVE', '2017-0146'], # EternalChampion/EternalSynergy - Race condition with Transaction requests
@@ -44,7 +40,16 @@ def initialize(info = {})
         [ 'URL', 'https://hitcon.org/2017/CMT/slide-files/d2_s2_r0.pdf' ],
         [ 'URL', 'https://blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis/' ],
       ],
-      'DisclosureDate' => 'Mar 14 2017'
+      'DisclosureDate' => 'Mar 14 2017',
+      'Notes' =>
+          {
+              'AKA' => [
+                  'ETERNALSYNERGY',
+                  'ETERNALROMANCE',
+                  'ETERNALCHAMPION',
+                  'ETERNALBLUE'      # does not use any CVE from Blue, but Search should show this, it is preferred
+              ]
+          }
     ))
 
     register_options([

diff --git a/modules/auxiliary/admin/teradata/teradata_odbc_sql.py b/modules/auxiliary/admin/teradata/teradata_odbc_sql.py
@@ -32,8 +32,7 @@
     'license': 'MSF_LICENSE',
     'references': [
         {'type': 'url', 'ref': 'https://developer.teradata.com/tools/reference/teradata-python-module'},
-        {'type': 'url', 'ref': 'https://downloads.teradata.com/download/connectivity/odbc-driver/linux'},
-        {'type': 'aka', 'ref': 'Teradata ODBC Authentication Scanner'}
+        {'type': 'url', 'ref': 'https://downloads.teradata.com/download/connectivity/odbc-driver/linux'}
     ],
     'type': 'single_scanner',
     'options': {
@@ -42,6 +41,9 @@
         'username': {'type': 'string', 'description': 'Username', 'required': True, 'default': 'dbc'},
         'password': {'type': 'string', 'description': 'Password', 'required': True, 'default': 'dbc'},
         'sql': {'type': 'string', 'description': 'SQL query to perform', 'required': True, 'default': 'SELECT DATABASENAME FROM DBC.DATABASES'},
+    },
+    'notes': {
+        'AKA': ['Teradata ODBC Authentication Scanner']
     }
 }
 

diff --git a/modules/auxiliary/gather/get_user_spns.py b/modules/auxiliary/gather/get_user_spns.py
@@ -43,16 +43,20 @@
     'license': 'CORE_LICENSE',
     'references': [
         {'type': 'url', 'ref': 'https://github.com/CoreSecurity/impacket/blob/master/examples/GetUserSPNs.py'},
-        {'type': 'url', 'ref': 'https://files.sans.org/summit/hackfest2014/PDFs/Kicking%20the%20Guard%20Dog%20of%20Hades%20-%20Attacking%20Microsoft%20Kerberos%20%20-%20Tim%20Medin(1).pdf'},
-        {'type': 'aka', 'ref': 'GetUserSPNs.py'},
-        {'type': 'aka', 'ref': 'Kerberoast'}
+        {'type': 'url', 'ref': 'https://files.sans.org/summit/hackfest2014/PDFs/Kicking%20the%20Guard%20Dog%20of%20Hades%20-%20Attacking%20Microsoft%20Kerberos%20%20-%20Tim%20Medin(1).pdf'}
     ],
     'type': 'single_scanner',
     'options': {
         'rhost': {'type': 'address', 'description': 'The target address', 'required': True, 'default': None},
         'domain': {'type': 'string', 'description': 'The target Active Directory domain', 'required': True, 'default': None},
         'user': {'type': 'string', 'description': 'Username for a domain account', 'required': True, 'default': None},
         'pass': {'type': 'string', 'description': 'Password for the domain user account', 'required': True, 'default': None}
+    },
+    'notes': {
+        'AKA': [
+            'GetUserSPNs.py',
+            'Kerberoast'
+        ]
     }}
 
 class GetUserSPNs:

diff --git a/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb b/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb
@@ -31,7 +31,6 @@ def initialize(info = {})
         'lcamtuf' # CVE-2014-6278
       ],
       'References' => [
-        [ 'AKA', 'Shellshock' ],
         [ 'CVE', '2014-6271' ],
         [ 'CVE', '2014-6278' ],
         [ 'OSVDB', '112004' ],
@@ -40,7 +39,11 @@ def initialize(info = {})
         [ 'URL', 'https://seclists.org/oss-sec/2014/q3/649' ]
       ],
       'DisclosureDate' => 'Sep 24 2014',
-      'License' => MSF_LICENSE
+      'License' => MSF_LICENSE,
+      'Notes' =>
+          {
+            'AKA' => ['Shellshock']
+          }
     ))
 
     register_options([

diff --git a/modules/auxiliary/scanner/http/apache_optionsbleed.rb b/modules/auxiliary/scanner/http/apache_optionsbleed.rb
@@ -21,14 +21,17 @@ def initialize(info = {})
         'h00die', # Metasploit module
       ],
       'References' => [
-        [ 'AKA', 'Optionsbleed' ],
         [ 'CVE', '2017-9798' ],
         [ 'EDB', '42745' ],
         [ 'URL', 'https://github.com/hannob/optionsbleed' ],
         [ 'URL', 'https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html' ]
       ],
       'DisclosureDate' => 'Sep 18 2017',
-      'License' => MSF_LICENSE
+      'License' => MSF_LICENSE,
+      'Notes' =>
+          {
+              'AKA' => ['Optionsbleed']
+          }
     ))
 
     register_options([

diff --git a/modules/auxiliary/scanner/smb/impacket/dcomexec.py b/modules/auxiliary/scanner/smb/impacket/dcomexec.py
@@ -44,8 +44,7 @@
     'references': [
         {'type': 'url', 'ref': 'https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/'},
         {'type': 'url', 'ref': 'https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/'},
-        {'type': 'url', 'ref': 'https://github.com/CoreSecurity/impacket/blob/master/examples/dcomexec.py'},
-        {'type': 'aka', 'ref': 'dcomexec.py'},
+        {'type': 'url', 'ref': 'https://github.com/CoreSecurity/impacket/blob/master/examples/dcomexec.py'}
      ],
     'type': 'single_scanner',
     'options': {
@@ -55,6 +54,9 @@
         'SMBDomain':  {'type': 'string', 'description': 'The Windows domain to use for authentication', 'required': False, 'default': '.'},
         'SMBPass':    {'type': 'string', 'description': 'The password for the specified username', 'required': True, 'default': None},
         'SMBUser':    {'type': 'string', 'description': 'The username to authenticate as', 'required': True, 'default': None},
+    },
+    'notes': {
+        'AKA': ['dcomexec.py']
     }
 }
 

diff --git a/modules/auxiliary/scanner/smb/impacket/secretsdump.py b/modules/auxiliary/scanner/smb/impacket/secretsdump.py
@@ -51,8 +51,7 @@
         {'type': 'url', 'ref': 'http://www.beginningtoseethelight.org/ntsecurity/index.htm'},
         {'type': 'url', 'ref': 'http://www.ntdsxtract.com/downloads/ActiveDirectoryOfflineHashDumpAndForensics.pdf'},
         {'type': 'url', 'ref': 'http://www.passcape.com/index.php?section=blog&cmd=details&id=15'},
-        {'type': 'url', 'ref': 'https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py'},
-        {'type': 'aka', 'ref': 'secretsdump.py'},
+        {'type': 'url', 'ref': 'https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py'}
      ],
     'type': 'single_scanner',
     'options': {
@@ -61,6 +60,9 @@
         'SMBDomain':  {'type': 'string', 'description': 'The Windows domain to use for authentication', 'required': False, 'default': '.'},
         'SMBPass':    {'type': 'string', 'description': 'The password for the specified username', 'required': True, 'default': None},
         'SMBUser':    {'type': 'string', 'description': 'The username to authenticate as', 'required': True, 'default': None},
+    },
+    'notes': {
+        'AKA': ['secretsdump.py']
     }
 }
 

diff --git a/modules/auxiliary/scanner/smb/impacket/wmiexec.py b/modules/auxiliary/scanner/smb/impacket/wmiexec.py
@@ -34,8 +34,7 @@
     'date': '2018-03-19',
     'license': 'CORE_LICENSE',
     'references': [
-        {'type': 'url', 'ref': 'https://github.com/CoreSecurity/impacket/blob/master/examples/wmiexec.py'},
-        {'type': 'aka', 'ref': 'wmiexec.py'},
+        {'type': 'url', 'ref': 'https://github.com/CoreSecurity/impacket/blob/master/examples/wmiexec.py'}
      ],
     'type': 'single_scanner',
     'options': {
@@ -44,6 +43,9 @@
         'SMBDomain':  {'type': 'string', 'description': 'The Windows domain to use for authentication', 'required': False, 'default': '.'},
         'SMBPass':    {'type': 'string', 'description': 'The password for the specified username', 'required': True, 'default': None},
         'SMBUser':    {'type': 'string', 'description': 'The username to authenticate as', 'required': True, 'default': None},
+    },
+    'notes': {
+        'AKA': ['wmiexec.py']
     }
 }
 

diff --git a/modules/auxiliary/scanner/smb/smb_ms17_010.rb b/modules/auxiliary/scanner/smb/smb_ms17_010.rb
@@ -34,8 +34,6 @@ def initialize(info = {})
           ],
       'References'     =>
         [
-          [ 'AKA', 'DOUBLEPULSAR' ],
-          [ 'AKA', 'ETERNALBLUE' ],
           [ 'CVE', '2017-0143'],
           [ 'CVE', '2017-0144'],
           [ 'CVE', '2017-0145'],
@@ -47,7 +45,14 @@ def initialize(info = {})
           [ 'URL', 'https://github.com/countercept/doublepulsar-detection-script'],
           [ 'URL', 'https://technet.microsoft.com/en-us/library/security/ms17-010.aspx']
         ],
-      'License'        => MSF_LICENSE
+      'License'        => MSF_LICENSE,
+      'Notes' =>
+          {
+              'AKA' => [
+                  'DOUBLEPULSAR',
+                  'ETERNALBLUE'
+              ]
+          }
     ))
 
     register_options(

diff --git a/modules/auxiliary/scanner/ssl/bleichenbacher_oracle.py b/modules/auxiliary/scanner/ssl/bleichenbacher_oracle.py
@@ -56,16 +56,20 @@
         {'type': 'cve', 'ref': '2012-5081'}, # Oracle Java
         {'type': 'url', 'ref': 'https://robotattack.org'},
         {'type': 'url', 'ref': 'https://eprint.iacr.org/2017/1189'},
-        {'type': 'url', 'ref': 'https://github.com/robotattackorg/robot-detect'}, # Original PoC
-        {'type': 'aka', 'ref': 'ROBOT'},
-        {'type': 'aka', 'ref': 'Adaptive chosen-ciphertext attack'}
+        {'type': 'url', 'ref': 'https://github.com/robotattackorg/robot-detect'} # Original PoC
      ],
     'type': 'single_scanner',
     'options': {
         'rhost': {'type': 'address', 'description': 'The target address', 'required': True, 'default': None},
         'rport': {'type': 'port', 'description': 'The target port', 'required': True, 'default': 443},
         'cipher_group': {'type': 'enum', 'description': 'Use TLS_RSA ciphers with AES and 3DES ciphers, or only TLS_RSA_WITH_AES_128_CBC_SHA or TLS-RSA-WITH-AES-128-GCM-SHA256', 'required': True, 'default': 'all', 'values': ['all', 'cbc', 'gcm']},
         'timeout': {'type': 'int', 'description': 'The delay to wait for TLS responses', 'required': True, 'default': 5}
+     },
+     'notes': {
+         'AKA': [
+            'ROBOT',
+            'Adaptive chosen-ciphertext attack'
+         ]
      }}
 
 cipher_handshakes = {

diff --git a/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb b/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb
@@ -129,7 +129,6 @@ def initialize
       ],
       'References'     =>
         [
-          [ 'AKA', 'Heartbleed' ],
           [ 'CVE', '2014-0160' ],
           [ 'US-CERT-VU', '720951' ],
           [ 'URL', 'https://www.us-cert.gov/ncas/alerts/TA14-098A' ],
@@ -146,7 +145,11 @@ def initialize
           ['DUMP',  {'Description' => 'Dump memory contents'}],
           ['KEYS',  {'Description' => 'Recover private keys from memory'}]
         ],
-      'DefaultAction' => 'SCAN'
+      'DefaultAction' => 'SCAN',
+      'Notes' =>
+          {
+              'AKA' => ['Heartbleed']
+          }
     )
 
     register_options(

diff --git a/modules/auxiliary/scanner/teradata/teradata_odbc_login.py b/modules/auxiliary/scanner/teradata/teradata_odbc_login.py
@@ -34,8 +34,7 @@
     'license': 'MSF_LICENSE',
     'references': [
         {'type': 'url', 'ref': 'https://developer.teradata.com/tools/reference/teradata-python-module'},
-        {'type': 'url', 'ref': 'https://downloads.teradata.com/download/connectivity/odbc-driver/linux'},
-        {'type': 'aka', 'ref': 'Teradata ODBC Login Scanner'}
+        {'type': 'url', 'ref': 'https://downloads.teradata.com/download/connectivity/odbc-driver/linux'}
     ],
     'type': 'single_host_login_scanner',
     'options': {
@@ -44,7 +43,10 @@
         'userpass': {'type': 'string', 'description': 'A list of username/password combinations to try', 'required': False},
         'sleep_interval': {'type': 'float', 'description': 'Time in seconds to wait between login attempts', 'required': False}
     },
-    'service_name': 'teradata'
+    'service_name': 'teradata',
+    'notes': {
+        'AKA': ['Teradata ODBC Login Scanner']
+    }
 }
 
 

diff --git a/modules/auxiliary/scanner/wproxy/att_open_proxy.py b/modules/auxiliary/scanner/wproxy/att_open_proxy.py
@@ -19,15 +19,19 @@
     'references': [
         {'type': 'cve', 'ref': '2017-14117'},
         {'type': 'url', 'ref': 'https://www.nomotion.net/blog/sharknatto/'},
-        {'type': 'url', 'ref': 'https://blog.rapid7.com/2017/09/07/measuring-sharknat-to-exposures/#vulnerability5port49152tcpexposure'},
-        {'type': 'aka', 'ref': 'SharknAT&To'},
-        {'type': 'aka', 'ref': 'sharknatto'}
+        {'type': 'url', 'ref': 'https://blog.rapid7.com/2017/09/07/measuring-sharknat-to-exposures/#vulnerability5port49152tcpexposure'}
      ],
     'type': 'multi_scanner',
     'options': {
         'rhosts': {'type': 'address_range', 'description': 'The target address', 'required': True, 'default': None},
         'rport': {'type': 'port', 'description': 'The target port', 'required': True, 'default': 49152},
      },
+     'notes': {
+         'AKA': [
+            'SharknAT&To',
+            'sharknatto'
+         ]
+     }
     }
 
 

diff --git a/modules/auxiliary/server/dhclient_bash_env.rb b/modules/auxiliary/server/dhclient_bash_env.rb
@@ -35,7 +35,6 @@ def initialize
         ],
       'DefaultAction'  => 'Service',
       'References' => [
-        [ 'AKA', 'Shellshock' ],
         [ 'CVE', '2014-6271' ],
         [ 'CWE', '94' ],
         [ 'OSVDB', '112004' ],
@@ -44,7 +43,11 @@ def initialize
         [ 'URL', 'https://seclists.org/oss-sec/2014/q3/649' ],
         [ 'URL', 'https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/' ]
       ],
-      'DisclosureDate' => 'Sep 24 2014'
+      'DisclosureDate' => 'Sep 24 2014',
+      'Notes' =>
+          {
+              'AKA' => ['Shellshock']
+          }
     )
 
     register_options(

diff --git a/modules/auxiliary/server/openssl_heartbeat_client_memory.rb b/modules/auxiliary/server/openssl_heartbeat_client_memory.rb
@@ -29,13 +29,17 @@ def initialize
       'DefaultAction'  => 'Capture',
       'References'     =>
         [
-          [ 'AKA', 'Heartbleed' ],
           [ 'CVE', '2014-0160' ],
           [ 'US-CERT-VU', '720951' ],
           [ 'URL', 'https://www.us-cert.gov/ncas/alerts/TA14-098A' ],
           [ 'URL', 'http://heartbleed.com/' ]
         ],
-      'DisclosureDate' => 'Apr 07 2014'
+      'DisclosureDate' => 'Apr 07 2014',
+      'Notes' =>
+          {
+              'AKA' => ['Heartbleed']
+          }
+
     )
 
     register_options(

diff --git a/modules/exploits/android/browser/stagefright_mp4_tx3g_64bit.rb b/modules/exploits/android/browser/stagefright_mp4_tx3g_64bit.rb
@@ -50,7 +50,6 @@ def initialize(info={})
         ],
       'References'     =>
         [
-          [ 'AKA', 'stagefright' ],
           [ 'CVE', '2015-3864' ],
           [ 'URL', 'https://blog.exodusintel.com/2015/08/13/stagefright-mission-accomplished/' ],
           [ 'URL', 'http://googleprojectzero.blogspot.com/2015/09/stagefrightened.html' ],
@@ -347,7 +346,12 @@ def initialize(info={})
         ],
       'Privileged'     => true,
       'DisclosureDate' => "Aug 13 2015",
-      'DefaultTarget'  => 0))
+      'DefaultTarget'  => 0,
+      'Notes' =>
+          {
+              'AKA' => ['stagefright']
+          }
+      ))
 
 =begin
     register_options(

diff --git a/modules/exploits/linux/http/advantech_switch_bash_env_exec.rb b/modules/exploits/linux/http/advantech_switch_bash_env_exec.rb
@@ -18,7 +18,6 @@ def initialize(info = {})
       },
       'Author' => 'hdm',
       'References' => [
-        [ 'AKA', 'Shellshock' ],
         [ 'CVE', '2014-6271' ],
         [ 'CWE', '94' ],
         [ 'OSVDB', '112004' ],
@@ -44,7 +43,11 @@ def initialize(info = {})
       'Targets' =>  [[ 'Automatic Targeting', { 'auto' => true } ]],
       'DefaultTarget' => 0,
       'License' => MSF_LICENSE,
-      'DisclosureDate' => 'Dec 01 2015'
+      'DisclosureDate' => 'Dec 01 2015',
+      'Notes' =>
+          {
+              'AKA' => ['Shellshock']
+          }
     ))
     register_options([
       Opt::RPORT(80)

diff --git a/modules/exploits/linux/http/ipfire_bashbug_exec.rb b/modules/exploits/linux/http/ipfire_bashbug_exec.rb
@@ -24,7 +24,6 @@ def initialize(info = {})
           ],
         'References'     =>
           [
-            [ 'AKA', 'Shellshock' ],
             [ 'EDB', '34839' ],
             [ 'CVE', '2014-6271']
           ],
@@ -50,7 +49,11 @@ def initialize(info = {})
             [ 'Automatic Target', {}]
           ],
         'DefaultTarget'  => 0,
-        'DisclosureDate' => 'Sep 29 2014'
+        'DisclosureDate' => 'Sep 29 2014',
+        'Notes' =>
+            {
+                'AKA' => ['Shellshock']
+            }
       )
     )