-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix external module crash for att open proxy scanner #17792
Fix external module crash for att open proxy scanner #17792
Conversation
@@ -5,11 +5,6 @@ module Msf::Module::External | |||
|
|||
def execute_module(path, method: :run, args: datastore, fail_on_exit: true) | |||
mod = Msf::Modules::External.new(path, framework: framework) | |||
if args.is_a?(Msf::DataStore) || args.is_a?(Msf::DataStoreWithFallbacks) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I originally added this in #17490 - but I believe this PR is a cleaner solution
The real issue is the external python modules use a datastore that doesn't have the same semantics as the Ruby version; i.e. i.e. RHOST/RHOSTS aliasing support, plus case insensitive lookups
@@ -27,6 +27,7 @@ class MetasploitModule < Msf::Auxiliary | |||
|
|||
def run_batch(ips) | |||
datastore.delete('RHOSTS') | |||
datastore.remove_option('RHOSTS') if self.datastore.is_a?(Msf::DataStoreWithFallbacks) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Required because the original datastore had a delete
method that also removed data options (Which had other bugs associated with it)
Release NotesFix external module crash for when running the auxiliary/scanner/wproxy/att_open_proxy module |
Fix external module crash for when running the
auxiliary/scanner/wproxy/att_open_proxy
moduleVerification
Before
The att_open_proxy module iterated over an RHOST string, instead of an array of RHOST ips
After
Verifying the at&t open proxy scanner now works:
Also verifying get user spns still works - which was originally updated to work in #17490