Change dump_aka to dump_notes and add field for related modules

lib/msf/base/serializer/readable_text.rb

@@ -286,8 +286,8 @@ def self.dump_exploit_module(mod, indent = '')
     # References
     output << dump_references(mod, indent)
 
-    # AKA
-    output << dump_aka(mod, indent)
+    # Notes
+    output << dump_notes(mod, indent)
 
     return output
 
@@ -341,8 +341,8 @@ def self.dump_auxiliary_module(mod, indent = '')
     # References
     output << dump_references(mod, indent)
 
-    # AKA
-    output << dump_aka(mod, indent)
+    # Notes
+    output << dump_notes(mod, indent)
 
     return output
   end
@@ -401,8 +401,8 @@ def self.dump_post_module(mod, indent = '')
     # References
     output << dump_references(mod, indent)
 
-    # AKA
-    output << dump_aka(mod, indent)
+    # Notes
+    output << dump_notes(mod, indent)
 
     return output
   end
@@ -668,19 +668,28 @@ def self.dump_references(mod, indent = '')
     output
   end
 
-  # Dumps the aka names associated with the supplied module.
+  # Dumps the notes associated with the supplied module.
   #
   # @param mod [Msf::Module] the module.
   # @param indent [String] the indentation to use.
   # @return [String] the string form of the information.
-  def self.dump_aka(mod, indent = '')
+  def self.dump_notes(mod, indent = '')
     output = ''
 
-    if mod.notes['AKA'].present?
-      output << "AKA:\n"
+    mod.notes.each do |name, val|
+      next unless val.present?
 
-      mod.notes['AKA'].each do |aka_name|
-        output << indent + aka_name + "\n"
+      case name
+      when 'AKA'
+        output << "Also known as:\n"
+        val.each { |aka| output << "#{indent}#{aka}\n" }
+      when 'RELATED'
+        output << "Related modules:\n"
+        val.each { |related| output << "#{indent}#{related}\n" }
+      else
+        # Display the raw note
+        output << "#{name}:\n" \
+                  "#{indent}#{val}\n"
       end
 
       output << "\n"

modules/exploits/multi/fileformat/ghostscript_failed_restore.rb

@@ -22,12 +22,7 @@ def initialize(info = {})
         arbitrary commands by handling a failed restore (grestore) in
         PostScript to disable LockSafetyParams and avoid invalidaccess.
 
-        This vulnerability is reachable via libraries such as ImageMagick,
-        and this module provides the latest vector for Ghostscript.
-
-        For previous Ghostscript vectors, please see the following modules:
-          exploit/unix/fileformat/ghostscript_type_confusion
-          exploit/unix/fileformat/imagemagick_delegate
+        This vulnerability is reachable via libraries such as ImageMagick.
       },
       'Author'         => [
         'Tavis Ormandy', # Vuln discovery and exploit
@@ -61,7 +56,13 @@ def initialize(info = {})
           'Type'       => :linux_dropper
         ]
       ],
-      'DefaultTarget'  => 0
+      'DefaultTarget'  => 0,
+      'Notes'          => {
+        'RELATED'      => [
+          'exploit/unix/fileformat/ghostscript_type_confusion',
+          'exploit/unix/fileformat/imagemagick_delegate'
+        ]
+      }
     ))
 
     register_options([

modules/exploits/unix/fileformat/ghostscript_type_confusion.rb

@@ -16,15 +16,12 @@ def initialize(info = {})
         be exploited to obtain arbitrary command execution. This vulnerability affects
         Ghostscript versions 9.21 and earlier and can be exploited through libraries
         such as ImageMagick and Pillow.
-
-        For more recent Ghostscript vectors, please see the following modules:
-          exploit/multi/fileformat/ghostscript_failed_restore
       },
       'Author'         => [
         'Atlassian Security Team', # Vulnerability discovery
         'hdm'                      # Metasploit module
       ],
-      'References'      => [
+      'References'     => [
         %w{CVE 2017-8291},
         %w{URL https://bugs.ghostscript.com/show_bug.cgi?id=697808},
         %w{URL https://seclists.org/oss-sec/2017/q2/148},
@@ -44,7 +41,11 @@ def initialize(info = {})
       ],
       'DefaultTarget'  => 0,
       'Notes'          => {
-        'AKA'          => [ 'ghostbutt' ]
+        'AKA'          => ['ghostbutt'],
+        'RELATED'      => [
+          'exploit/multi/fileformat/ghostscript_failed_restore',
+          'exploit/unix/fileformat/imagemagick_delegate'
+        ]
       }
     ))
 

modules/exploits/unix/fileformat/imagemagick_delegate.rb

@@ -25,10 +25,6 @@ def initialize(info = {})
         Ghostscript versions 9.18 and later are affected. This target is
         provided as is and will not be updated to track additional vulns.
 
-        For more recent Ghostscript vectors, please see the following modules:
-          exploit/multi/fileformat/ghostscript_failed_restore
-          exploit/unix/fileformat/ghostscript_type_confusion
-
         If USE_POPEN is set to true, a |-prefixed command will be used for the
         exploit. No delegates are involved in this exploitation.
       },
@@ -63,7 +59,13 @@ def initialize(info = {})
         ['PS file',  template: 'msf.ps']   # PoC from taviso
       ],
       'DefaultTarget'  => 0,
-      'Notes'          => {'AKA' => ['ImageTragick']}
+      'Notes'          => {
+        'AKA'          => ['ImageTragick'],
+        'RELATED'      => [
+          'exploit/unix/fileformat/ghostscript_type_confusion',
+          'exploit/multi/fileformat/ghostscript_failed_restore'
+        ]
+      }
     ))
 
     register_options([