rapid7 · gwillcox-r7 · May 17, 2021 · May 13, 2021 · adfoster-r7 · May 13, 2021
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -359,8 +359,7 @@ Layout/EmptyLinesAroundClassBody:
   Description: 'these are used to increase readability'
 
 Layout/EmptyLinesAroundMethodBody:
-  Enabled: false
-  Description: 'these are used to increase readability'
+  Enabled: true
 
 Layout/ExtraSpacingWithBinDataIgnored:
   Description: 'Do not use unnecessary spacing.'
@@ -405,18 +404,7 @@ Style/PercentLiteralDelimiters:
   VersionChanged: '0.48.1'
 
 Style/RedundantBegin:
-  Exclude:
-    # this pattern is very common and somewhat unavoidable
-    # def run_host(ip)
-    #   begin
-    #     ...
-    #   rescue ...
-    #     ...
-    #   ensure
-    #     disconnect
-    #   end
-    # end
-    - 'modules/**/*'
+  Enabled: true
 
 Style/SafeNavigation:
   Description: >-

diff --git a/modules/auxiliary/admin/http/tomcat_ghostcat.rb b/modules/auxiliary/admin/http/tomcat_ghostcat.rb
@@ -146,7 +146,6 @@ def int2byte(data, byte_len = 1)
   end
 
   def make_forward_request_package(method, headers, attributes)
-
     prefix_code_int = 2
     prefix_code_bytes = int2byte(prefix_code_int)
     method_bytes = int2byte(method2code(method))

diff --git a/modules/auxiliary/admin/networking/cisco_asa_extrabacon.rb b/modules/auxiliary/admin/networking/cisco_asa_extrabacon.rb
@@ -170,38 +170,36 @@ def build_payload(vers_string, mode)
   end
 
   def run
-    begin
-      vers_string = retrieve_asa_version
+    vers_string = retrieve_asa_version
 
-      print_status("Building #{action.name} payload for version #{vers_string}...")
-      overflow = build_payload(vers_string, action.name)
-      payload = SNMP::ObjectId.new(overflow)
+    print_status("Building #{action.name} payload for version #{vers_string}...")
+    overflow = build_payload(vers_string, action.name)
+    payload = SNMP::ObjectId.new(overflow)
 
-      print_status('Sending SNMP payload...')
-      response = snmp.get_bulk(0, 1, [SNMP::VarBind.new(payload)])
+    print_status('Sending SNMP payload...')
+    response = snmp.get_bulk(0, 1, [SNMP::VarBind.new(payload)])
 
-      if response.varbind_list
-        print_good('Clean return detected!')
-        if action.name == 'PASS_DISABLE'
-          print_warning("Don't forget to run PASS_ENABLE after logging in!")
-          print_warning('  set ACTION PASS_ENABLE')
-        end
+    if response.varbind_list
+      print_good('Clean return detected!')
+      if action.name == 'PASS_DISABLE'
+        print_warning("Don't forget to run PASS_ENABLE after logging in!")
+        print_warning('  set ACTION PASS_ENABLE')
       end
-    rescue ::Rex::ConnectionError
-      print_error('Connection Error: Is the target up?')
-    rescue ::SNMP::RequestTimeout
-      print_error('SNMP Error: Request Timeout, Cisco ASA may have crashed :/')
-    rescue ::SNMP::UnsupportedVersion
-      print_error('SNMP Error: Version 2c is not supported by target.')
-    rescue ::NoMethodError
-      print_error("Error: No payload available for version #{vers_string}")
-    rescue ::Interrupt
-      raise $ERROR_INFO
-    rescue ::StandardError => e
-      print_error("Error: #{e.class} #{e} #{e.backtrace}")
-    ensure
-      disconnect_snmp
     end
+  rescue ::Rex::ConnectionError
+    print_error('Connection Error: Is the target up?')
+  rescue ::SNMP::RequestTimeout
+    print_error('SNMP Error: Request Timeout, Cisco ASA may have crashed :/')
+  rescue ::SNMP::UnsupportedVersion
+    print_error('SNMP Error: Version 2c is not supported by target.')
+  rescue ::NoMethodError
+    print_error("Error: No payload available for version #{vers_string}")
+  rescue ::Interrupt
+    raise $ERROR_INFO
+  rescue ::StandardError => e
+    print_error("Error: #{e.class} #{e} #{e.backtrace}")
+  ensure
+    disconnect_snmp
   end
 
   def retrieve_asa_version

diff --git a/modules/auxiliary/admin/networking/f5_config.rb b/modules/auxiliary/admin/networking/f5_config.rb
@@ -26,7 +26,6 @@ def initialize(info = {})
         Opt::RPORT(22)
       ]
     )
-
   end
 
   def run

diff --git a/modules/auxiliary/admin/networking/juniper_config.rb b/modules/auxiliary/admin/networking/juniper_config.rb
@@ -34,7 +34,6 @@ def initialize(info = {})
         Opt::RPORT(22)
       ]
     )
-
   end
 
   def run

diff --git a/modules/auxiliary/admin/networking/mikrotik_config.rb b/modules/auxiliary/admin/networking/mikrotik_config.rb
@@ -32,7 +32,6 @@ def initialize(info = {})
         Opt::RPORT(22)
       ]
     )
-
   end
 
   def run

diff --git a/modules/auxiliary/admin/networking/ubiquiti_config.rb b/modules/auxiliary/admin/networking/ubiquiti_config.rb
@@ -32,7 +32,6 @@ def initialize(info = {})
         Opt::RPORT(22)
       ]
     )
-
   end
 
   def i_file

diff --git a/modules/auxiliary/admin/sap/sap_igs_xmlchart_xxe.rb b/modules/auxiliary/admin/sap/sap_igs_xmlchart_xxe.rb
@@ -215,7 +215,6 @@ def analyze_first_response(html_response)
   end
 
   def check
-
     # Set up variables
     os_release = ''
     os_release_file = '/etc/os-release'
@@ -294,7 +293,6 @@ def run
   end
 
   def action_file_read
-
     # Set up XML data for HTTP request
     setup_xml_and_variables
     make_post_data(@file, dos: false)
@@ -349,7 +347,6 @@ def action_file_read
   end
 
   def action_dos
-
     # Set up XML data for HTTP request
     setup_xml_and_variables
     make_post_data(@file, dos: true)
@@ -389,7 +386,6 @@ def action_dos
 
     # Check HTTP response
     fail_with(Failure::NotVulnerable, 'The target responded with a 200 OK response code. The DoS attempt was unsuccessful.') unless dos_response.code != 200
-
   end
 
 end
diff --git a/modules/auxiliary/dos/http/cable_haunt_websocket_dos.rb b/modules/auxiliary/dos/http/cable_haunt_websocket_dos.rb
@@ -75,24 +75,22 @@ def run
         print_status('Opened connection')
 
         EM::Timer.new(1) do
-          begin
-            print_status('Sending payload')
-            payload = Rex::Text.rand_text_alphanumeric(7000..8000)
-            driver.send({
-              jsonrpc: '2.0',
-              method: 'Frontend::GetFrontendSpectrumData',
-              params: {
-                coreID: 0,
-                fStartHz: payload,
-                fStopHz: 1000000000,
-                fftSize: 1024,
-                gain: 1
-              },
-              id: '0'
-            }.to_json)
-          rescue StandardError
-            fail_with(Failure::Unreachable, 'Could not establish websocket connection')
-          end
+          print_status('Sending payload')
+          payload = Rex::Text.rand_text_alphanumeric(7000..8000)
+          driver.send({
+            jsonrpc: '2.0',
+            method: 'Frontend::GetFrontendSpectrumData',
+            params: {
+              coreID: 0,
+              fStartHz: payload,
+              fStopHz: 1000000000,
+              fftSize: 1024,
+              gain: 1
+            },
+            id: '0'
+          }.to_json)
+        rescue StandardError
+          fail_with(Failure::Unreachable, 'Could not establish websocket connection')
         end
       end
 

diff --git a/modules/auxiliary/gather/ldap_hashdump.rb b/modules/auxiliary/gather/ldap_hashdump.rb
@@ -229,7 +229,6 @@ def pillage(ldif, base_dn)
     end
 
     print_good("#{peer} Saved LDAP data to #{ldif_filename}")
-
   end
 
   def decode_pwdhistory(hash)

diff --git a/modules/auxiliary/gather/redis_extractor.rb b/modules/auxiliary/gather/redis_extractor.rb
@@ -68,39 +68,37 @@ def value_for_key(key)
 
   # Connect to Redis and ensure compatibility.
   def redis_connect
-    begin
-      connect
-      # NOTE: Full INFO payload fails occasionally. Using server filter until Redis library can be fixed
-      if (info_data = redis_command('INFO', 'server')) && /redis_version:(?<redis_version>\S+)/ =~ info_data
-        print_good("Connected to Redis version #{redis_version}")
-      end
-
-      # Some connection attempts such as incorrect password set fail silently in the Redis library.
-      if !info_data
-        print_error('Unable to connect to Redis')
-        print_error('Set verbose true to troubleshoot') if !datastore['VERBOSE']
-        return
-      end
-
-      # Ensure version compatability
-      if (Rex::Version.new(redis_version) < Rex::Version.new(MIN_REDIS_VERSION))
-        print_status("Module supports Redis #{MIN_REDIS_VERSION} or higher.")
-        return
-      end
+    connect
+    # NOTE: Full INFO payload fails occasionally. Using server filter until Redis library can be fixed
+    if (info_data = redis_command('INFO', 'server')) && /redis_version:(?<redis_version>\S+)/ =~ info_data
+      print_good("Connected to Redis version #{redis_version}")
+    end
 
-      # Connection was sucessful
-      return info_data
-    rescue Msf::Auxiliary::Failed => e
-      # This error trips when auth is required but password not set
-      print_error('Unable to connect to Redis: ' + e.message)
-      return
-    rescue Rex::ConnectionTimeout
-      print_error('Timed out trying to connect to Redis')
+    # Some connection attempts such as incorrect password set fail silently in the Redis library.
+    if !info_data
+      print_error('Unable to connect to Redis')
+      print_error('Set verbose true to troubleshoot') if !datastore['VERBOSE']
       return
-    rescue StandardError
-      print_error('Unknown error trying to connect to Redis')
+    end
+
+    # Ensure version compatability
+    if (Rex::Version.new(redis_version) < Rex::Version.new(MIN_REDIS_VERSION))
+      print_status("Module supports Redis #{MIN_REDIS_VERSION} or higher.")
       return
     end
+
+    # Connection was sucessful
+    return info_data
+  rescue Msf::Auxiliary::Failed => e
+    # This error trips when auth is required but password not set
+    print_error('Unable to connect to Redis: ' + e.message)
+    return
+  rescue Rex::ConnectionTimeout
+    print_error('Timed out trying to connect to Redis')
+    return
+  rescue StandardError
+    print_error('Unknown error trying to connect to Redis')
+    return
   end
 
   def check_host(_ip)

diff --git a/modules/auxiliary/scanner/http/nagios_xi_scanner.rb b/modules/auxiliary/scanner/http/nagios_xi_scanner.rb
@@ -79,7 +79,6 @@ def parse_version(nagios_version)
     end
 
     return 'unsupported'
-
   end
 
   def rce_check(version, real_target: false)

diff --git a/modules/auxiliary/scanner/http/synology_forget_passwd_user_enum.rb b/modules/auxiliary/scanner/http/synology_forget_passwd_user_enum.rb
@@ -108,48 +108,45 @@ def report_cred(opts)
   end
 
   def do_enum(username)
-    begin
-      vprint_status("Attempting #{username}")
-      res = send_request_cgi({
-        'uri' => normalize_uri(target_uri.path, 'webman', 'forget_passwd.cgi'),
-        'method' => 'GET',
-        'vars_get' => {
-          'user' => username
-        }
-      })
-      unless res
-        print_error('Connection to host refused')
-        fail_with(Failure::Unreachable, 'Connection to host refused')
-      end
-      j = res.get_json_document
-      if j['msg'] == 5
-        fail_with(Failure::Disconnected, 'You have been locked out.  Retry later or increase DELAY')
-      end
-      if j['msg'] == 3
-        fail_with(Failure::UnexpectedReply, 'Device patched or feature disabled')
-      end
-      if j['msg'] == 2 || j['msg'] == 1
-        print_good("#{username} - #{j['info']}")
-        @users_found[username] = :reported
-        report_cred(
-          ip: rhost,
-          port: rport,
-          service_name: (ssl ? 'https' : 'http'),
-          proof: res.body
-        )
-      end
-      # msg 1 means user can login to GUI
-      # msg 2 means user exists but no GUI login
-      # msg 3 means not supported/disabled/patched
-      # msg 4 means no user
-      # msg 5 means auto block is enabled and youre blocked. Default is 10 login attempts, and these
-      #     count as lgin attempts.
-    rescue Rex::ConnectionRefused, Rex::HostUnreachable, Rex::ConnectionTimeout, Rex::ConnectionError
+    vprint_status("Attempting #{username}")
+    res = send_request_cgi({
+      'uri' => normalize_uri(target_uri.path, 'webman', 'forget_passwd.cgi'),
+      'method' => 'GET',
+      'vars_get' => {
+        'user' => username
+      }
+    })
+    unless res
       print_error('Connection to host refused')
       fail_with(Failure::Unreachable, 'Connection to host refused')
-    rescue Timeout::Error, Errno::EPIPE
-      fail_with(Failure::Unreachable, 'Connection issue')
     end
-
+    j = res.get_json_document
+    if j['msg'] == 5
+      fail_with(Failure::Disconnected, 'You have been locked out.  Retry later or increase DELAY')
+    end
+    if j['msg'] == 3
+      fail_with(Failure::UnexpectedReply, 'Device patched or feature disabled')
+    end
+    if j['msg'] == 2 || j['msg'] == 1
+      print_good("#{username} - #{j['info']}")
+      @users_found[username] = :reported
+      report_cred(
+        ip: rhost,
+        port: rport,
+        service_name: (ssl ? 'https' : 'http'),
+        proof: res.body
+      )
+    end
+    # msg 1 means user can login to GUI
+    # msg 2 means user exists but no GUI login
+    # msg 3 means not supported/disabled/patched
+    # msg 4 means no user
+    # msg 5 means auto block is enabled and youre blocked. Default is 10 login attempts, and these
+    #     count as lgin attempts.
+  rescue Rex::ConnectionRefused, Rex::HostUnreachable, Rex::ConnectionTimeout, Rex::ConnectionError
+    print_error('Connection to host refused')
+    fail_with(Failure::Unreachable, 'Connection to host refused')
+  rescue Timeout::Error, Errno::EPIPE
+    fail_with(Failure::Unreachable, 'Connection issue')
   end
 end