RHOSTS: accept both "file://<path>" and "file:<path>" syntax

[cnotin]

The RHOSTS option is compatible with file paths to load targets from a hosts file.
Many documentations and examples (example in Metasploit 5.0 release notes) describe its usage with the "file://" syntax, like a URL. However, by reading the code, I noticed it should actually be "file:".

The patch allows to use both syntax for maximum compatibility, and without having to fix all documentations.

Verification

Create the data file:

echo 127.0.0.1 > /root/list.txt
echo 127.0.0.2 >> /root/list.txt

Open msfconsole and load any module which uses RHOSTS and set a few options (for better output):

use auxiliary/scanner/mysql/mysql_version
set verbose true
set showprogress false

Run these variations:

set rhosts file:list.txt
run
set rhosts file:./list.txt
run
set rhosts file:/root/list.txt
run

set rhosts file://list.txt
run
set rhosts file://./list.txt
run
set rhosts file:///root/list.txt
run

Before the patch:

msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file:list.txt
rhosts => file:list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file:./list.txt
rhosts => file:./list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file:/root/list.txt
rhosts => file:/root/list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file://list.txt
rhosts => file://list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: RHOSTS.
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file://./list.txt
rhosts => file://./list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: RHOSTS.
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file:///root/list.txt
rhosts => file:///root/list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 

Failures for "file://list.txt" and "file://./list.txt"...

After the patch:

msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file:./list.txt
rhosts => file:./list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file:/root/list.txt
rhosts => file:/root/list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file://list.txt
rhosts => file://list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file://./list.txt
rhosts => file://./list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file:///root/list.txt
rhosts => file:///root/list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 

[cnotin]

Suggestion too: explain the possibility of using "file:" syntax in the description of RHOSTS (as people re-discover it now and then)

metasploit-framework/lib/msf/core/opt.rb

Lines 43 to 50 in 7695495

	# @return [OptAddressRange]
	def self.RHOSTS(default=nil, required=true, desc="The target address range or CIDR identifier")
	Msf::OptAddressRange.new('RHOSTS', [ required, desc, default ])
	end
	def self.RHOST(default=nil, required=true, desc="The target address range or CIDR identifier")
	Msf::OptAddressRange.new('RHOSTS', [ required, desc, default ], aliases: [ 'RHOST' ])
	end

What do you think?

[busterb]

Yeah, I think describing it in the option definition is a good idea too, thanks.

[cnotin]

Here it is, tell me what you think :)

[busterb]

Yeah, looks good. Moving this one forward...

[busterb]

Noting there are a lot of file:// URLs in the tree still, but wouldn't hold this PR up for it. Maybe something easy for someone to grab later, though there's no real urgency.

git grep "file:\/\/"

On a first pass most of these seem to be legitimate anyway, just as part of exploit descriptions. I think we got to this state in the first place simply because file:// is common in many applications. Thanks for looking into the details here.

[busterb]

Release Notes

This documents the syntax used by the RHOSTS command when a file: parameter is passed. Variously throughout existing Metasploit documentation, this was described as using file:// which happens to work, but the extra slashes were not required.

[jmartin-tech]

Labeled msf5 due to interaction with global RHOSTS support, I may backport to 4.x if conflicts can be quickly resolved.

[fishsticksflafor]

Hey! Thanks for the help I still have a lot to learn... hahaha Do you know anny fun tip's or trick's with Metasploit? GoodLuck :-) Greetz Jeff Op di 24 sep. 2019 16:35 schreef Jeffrey Martin <notifications@github.com>:

…

Labeled msf5 due to interaction with global RHOSTS support, I may backport to 4.x if conflicts can be quickly resolved. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#12314?email_source=notifications&email_token=AHNXGEKGRAXLS73X2AIGCBTQLIQU3A5CNFSM4IVWQ5ZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7OSTNI#issuecomment-534587829>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHNXGEOI66H2MILMW4ZKEZTQLIQU3ANCNFSM4IVWQ5ZA> .