Consolidate option dumps

[dwelch-r7]

Consolidating some duplicate code in the dump_*_options and pulling some logic out of PR #18817 since it makes sense to be landed separately and make the other PR easier to review

Validation steps

• CI passes
• run options on a handful of modules check the output is sensible
• repeat for show advanced and show evasion

[cgranleese-r7]

Looks good to me 👍

[cgranleese-r7]

Tested against the new session types and some other modules and everything seems to be working as expected 👍

mssql_login

msf6 auxiliary(scanner/mssql/mssql_login) > options

Module options (auxiliary/scanner/mssql/mssql_login):

   Name                 Current Setting  Required  Description
   ----                 ---------------  --------  -----------
   ANONYMOUS_LOGIN      false            yes       Attempt to login with a blank username and password
   BLANK_PASSWORDS      true             no        Try blank passwords for all users
   BRUTEFORCE_SPEED     5                yes       How fast to bruteforce, from 0 to 5
   CreateSession        false            no        Create a new session for every successful login
   DB_ALL_CREDS         false            no        Try each user/password couple stored in the current database
   DB_ALL_PASS          false            no        Add all passwords in the current database to the list
   DB_ALL_USERS         false            no        Add all users in the current database to the list
   DB_SKIP_EXISTING     none             no        Skip existing credentials stored in the current database (Accepted: none, user, user&realm)
   PASSWORD                              no        A specific password to authenticate with
   PASS_FILE                             no        File containing passwords, one per line
   Proxies                               no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS                                yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   RPORT                1433             yes       The target port (TCP)
   STOP_ON_SUCCESS      false            yes       Stop guessing when a credential works for a host
   TDSENCRYPTION        false            yes       Use TLS/SSL for TDS data "Force Encryption"
   THREADS              1                yes       The number of concurrent threads (max one per host)
   USERNAME             sa               no        A specific username to authenticate as
   USERPASS_FILE                         no        File containing users and passwords separated by space, one pair per line
   USER_AS_PASS         false            no        Try the username as the password for all users
   USER_FILE                             no        File containing usernames, one per line
   USE_WINDOWS_AUTHENT  false            yes       Use windows authentication (requires DOMAIN option set)
   VERBOSE              true             yes       Whether to print output for all attempts


View the full module info with the info, or info -d command.

msf6 auxiliary(scanner/mssql/mssql_login) > show advanced

Module advanced options (auxiliary/scanner/mssql/mssql_login):

   Name                        Current Setting                                            Required  Description
   ----                        ---------------                                            --------  -----------
   AutoRunScript                                                                          no        A script to run automatically on session creation.
   AutoVerifySession           true                                                       yes       Automatically verify and drop invalid sessions
   CHOST                                                                                  no        The local client address
   CPORT                                                                                  no        The local client port
   CommandShellCleanupCommand                                                             no        A command to run before the session is closed
   ConnectTimeout              10                                                         yes       Maximum number of seconds to establish a TCP connection
   DOMAIN                      WORKSTATION                                                yes       The domain to use for windows authentication
   HEX2BINARY                  /Users/cgranleese/code/metasploit-framework/data/exploits  no        The path to the hex2binary script on the disk
                               /mssql/h2b
   InitialAutoRunScript                                                                   no        An initial script to run on session creation (before AutoRunScript)
   MaxGuessesPerService        0                                                          no        Maximum number of credentials to try per service instance. If set to zero or a non-number, this option will
                                                                                                    not be used.
   MaxGuessesPerUser           0                                                          no        Maximum guesses for a particular username for the service instance. Note that users are considered unique am
                                                                                                    ong different services, so a user at 10.1.1.1:22 is different from one at 10.2.2.2:22, and both will be trie
                                                                                                    d up to the MaxGuessesPerUser limit. If set to zero or a non-number, this option will not be used.
   MaxMinutesPerService        0                                                          no        Maximum time in minutes to bruteforce the service instance. If set to zero or a non-number, this option will
                                                                                                     not be used.
   Mssql::Auth                 auto                                                       yes       The Authentication mechanism to use (Accepted: auto, ntlm, kerberos, plaintext)
   NTLM::SendLM                true                                                       yes       Always send the LANMAN response (except when NTLMv2_session is specified)
   NTLM::SendNTLM              true                                                       yes       Activate the 'Negotiate NTLM key' flag, indicating the use of NTLM responses
   NTLM::SendSPN               true                                                       yes       Send an avp of type SPN in the ntlmv2 client blob, this allows authentication on Windows 7+/Server 2008 R2+
                                                                                                    when SPN is required
   NTLM::UseLMKey              false                                                      yes       Activate the 'Negotiate Lan Manager Key' flag, using the LM key when the LM response is sent
   NTLM::UseNTLM2_session      true                                                       yes       Activate the 'Negotiate NTLM2 key' flag, forcing the use of a NTLMv2_session
   NTLM::UseNTLMv2             true                                                       yes       Use NTLMv2 instead of NTLM2_session when 'Negotiate NTLM2' key is true
   REMOVE_PASS_FILE            false                                                      yes       Automatically delete the PASS_FILE on module completion
   REMOVE_USERPASS_FILE        false                                                      yes       Automatically delete the USERPASS_FILE on module completion
   REMOVE_USER_FILE            false                                                      yes       Automatically delete the USER_FILE on module completion
   SSL                         false                                                      no        Negotiate SSL/TLS for outgoing connections
   SSLCipher                                                                              no        String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"
   SSLServerNameIndication                                                                no        SSL/TLS Server Name Indication (SNI)
   SSLVerifyMode               PEER                                                       no        SSL verification method (Accepted: CLIENT_ONCE, FAIL_IF_NO_PEER_CERT, NONE, PEER)
   SSLVersion                  Auto                                                       yes       Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL
                                                                                                    23, SSL3, TLS1, TLS1.1, TLS1.2)
   ShowProgress                true                                                       yes       Display progress messages during a scan
   ShowProgressPercent         10                                                         yes       The interval in percent that progress should be shown
   TRANSITION_DELAY            0                                                          no        Amount of time (in minutes) to delay before transitioning to the next user in the array (or password when PA
                                                                                                    SSWORD_SPRAY=true)
   WORKSPACE                                                                              no        Specify the workspace for this module


   When Mssql::Auth is kerberos:

   Name                              Current Setting                                   Required  Description
   ----                              ---------------                                   --------  -----------
   DomainControllerRhost                                                               no        The resolvable rhost for the Domain Controller
   KrbCacheMode                      read-write                                        yes       Kerberos ticket cache storage mode (Accepted: none, read-only, write-only, read-write)
   Mssql::Krb5Ccname                                                                   no        The ccache file to use for kerberos authentication
   Mssql::KrbOfferedEncryptionTypes  AES256,AES128,RC4-HMAC,DES-CBC-MD5,DES3-CBC-SHA1  yes       Kerberos encryption types to offer
   Mssql::Rhostname                                                                    no        The rhostname which is required for kerberos - the SPN


View the full module info with the info, or info -d command.

msf6 auxiliary(scanner/mssql/mssql_login) > show evasion

Module evasion options:

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   TCP::max_send_size  0                no        Maxiumum tcp segment size.  (0 = disable)
   TCP::send_delay     0                no        Delays inserted before every send.  (0 = disable)

msf6 auxiliary(scanner/mssql/mssql_login) >

eternalblue

msf6 exploit(windows/smb/ms17_010_eternalblue) > options

Module options (exploit/windows/smb/ms17_010_eternalblue):

   Name           Current Setting  Required  Description
   ----           ---------------  --------  -----------
   RHOSTS         192.168.175.141  yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   RPORT          445              yes       The target port (TCP)
   SMBDomain                       no        (Optional) The Windows domain to use for authentication. Only affects Windows Server 2008 R2, Windows 7, Windows Embedded Standard 7 target machines.
   SMBPass        password         no        (Optional) The password for the specified username
   SMBUser        Foo              no        (Optional) The username to authenticate as
   VERIFY_ARCH    true             yes       Check if remote architecture matches exploit Target. Only affects Windows Server 2008 R2, Windows 7, Windows Embedded Standard 7 target machines.
   VERIFY_TARGET  true             yes       Check if remote OS matches exploit Target. Only affects Windows Server 2008 R2, Windows 7, Windows Embedded Standard 7 target machines.


Payload options (windows/x64/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     192.168.8.125    yes       The listen address (an interface may be specified)
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic Target



View the full module info with the info, or info -d command.

msf6 exploit(windows/smb/ms17_010_eternalblue) > show advanced

Module advanced options (exploit/windows/smb/ms17_010_eternalblue):

   Name                     Current Setting                     Required  Description
   ----                     ---------------                     --------  -----------
   CHOST                                                        no        The local client address
   CPORT                                                        no        The local client port
   CheckModule              auxiliary/scanner/smb/smb_ms17_010  yes       Module to check with
   ConnectTimeout           10                                  yes       Maximum number of seconds to establish a TCP connection
   ContextInformationFile                                       no        The information file that contains context information
   DisablePayloadHandler    false                               no        Disable the handler code for the selected payload
   EnableContextEncoding    false                               no        Use transient context when encoding payloads
   GroomAllocations         12                                  yes       Initial number of times to groom the kernel pool.
   GroomDelta               5                                   yes       The amount to increase the groom count by per try. Only affects Windows Server 2008 R2, Windows 7, Windows Embedded Standard 7 target
                                                                          machines.
   MaxExploitAttempts       3                                   yes       The number of times to retry the exploit. Useful as EternalBlue can sometimes require multiple attempts to get a successful execution.
   ProcessName              spoolsv.exe                         yes       Process to inject payload into.
   Proxies                                                      no        A proxy chain of format type:host:port[,type:host:port][...]
   SSL                      false                               no        Negotiate SSL/TLS for outgoing connections
   SSLCipher                                                    no        String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"
   SSLServerNameIndication                                      no        SSL/TLS Server Name Indication (SNI)
   SSLVerifyMode            PEER                                no        SSL verification method (Accepted: CLIENT_ONCE, FAIL_IF_NO_PEER_CERT, NONE, PEER)
   SSLVersion               Auto                                yes       Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TL
                                                                          S1.2)
   VERBOSE                  true                                no        Enable detailed status messages
   WORKSPACE                                                    no        Specify the workspace for this module
   WfsDelay                 5                                   no        Additional delay in seconds to wait for a session


Payload advanced options (windows/x64/meterpreter/reverse_tcp):

   Name                         Current Setting  Required  Description
   ----                         ---------------  --------  -----------
   AutoLoadStdapi               true             yes       Automatically load the Stdapi extension
   AutoRunScript                                 no        A script to run automatically on session creation.
   AutoSystemInfo               true             yes       Automatically capture system information on initialization.
   AutoUnhookProcess            false            yes       Automatically load the unhook extension and unhook the process
   AutoVerifySessionTimeout     30               no        Timeout period to wait for session validation to occur, in seconds
   EnableStageEncoding          false            no        Encode the second stage payload
   EnableUnicodeEncoding        false            yes       Automatically encode UTF-8 strings as hexadecimal
   HandlerSSLCert                                no        Path to a SSL certificate in unified PEM format, ignored for HTTP transports
   InitialAutoRunScript                          no        An initial script to run on session creation (before AutoRunScript)
   MeterpreterDebugBuild        false            no        Use a debug version of Meterpreter
   MeterpreterDebugLogging                       no        The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpr
                                                           eter-sessions.html
   PayloadProcessCommandLine                     no        The displayed command line that will be used by the payload
   PayloadUUIDName                               no        A human-friendly name to reference this unique payload (requires tracking)
   PayloadUUIDRaw                                no        A hex string representing the raw 8-byte PUID value for the UUID
   PayloadUUIDSeed                               no        A string to use when generating the payload UUID (deterministic)
   PayloadUUIDTracking          false            yes       Whether or not to automatically register generated UUIDs
   PingbackRetries              0                yes       How many additional successful pingbacks
   PingbackSleep                30               yes       Time (in seconds) to sleep between pingbacks
   PrependMigrate               false            yes       Spawns and runs shellcode in new process
   PrependMigrateProc                            no        Process to spawn and run shellcode in
   ReverseAllowProxy            false            yes       Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
   ReverseListenerBindAddress                    no        The specific IP address to bind to on the local system
   ReverseListenerBindPort                       no        The port to bind to on the local system if different from LPORT
   ReverseListenerComm                           no        The specific communication channel to use for this listener
   ReverseListenerThreaded      false            yes       Handle every connection in a new thread (experimental)
   SessionCommunicationTimeout  300              no        The number of seconds of no activity before this session should be killed
   SessionExpirationTimeout     604800           no        The number of seconds before this session should be forcibly shut down
   SessionRetryTotal            3600             no        Number of seconds try reconnecting for on network failure
   SessionRetryWait             10               no        Number of seconds to wait between reconnect attempts
   StageEncoder                                  no        Encoder to use if EnableStageEncoding is set
   StageEncoderSaveRegisters                     no        Additional registers to preserve in the staged payload if EnableStageEncoding is set
   StageEncodingFallback        true             no        Fallback to no encoding if the selected StageEncoder is not compatible
   StagerRetryCount             10               no        The number of times the stager should retry if the first connect fails
   StagerRetryWait              5                no        Number of seconds to wait for the stager between reconnect attempts
   VERBOSE                      true             no        Enable detailed status messages
   WORKSPACE                                     no        Specify the workspace for this module


View the full module info with the info, or info -d command.

msf6 exploit(windows/smb/ms17_010_eternalblue) > show evasion

Module evasion options:

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   TCP::max_send_size  0                no        Maxiumum tcp segment size.  (0 = disable)
   TCP::send_delay     0                no        Delays inserted before every send.  (0 = disable)

[adfoster-r7]

Looks sane to me at a glance; just those open questions/suggestions