-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improves UX for scanner/login modules #19199
Improves UX for scanner/login modules #19199
Conversation
962c015
to
6dd306e
Compare
a067770
to
7eb4ca6
Compare
724f388
to
c50d559
Compare
fbe5f90
to
ede2d6b
Compare
ede2d6b
to
0853965
Compare
a44091c
to
d733f9d
Compare
@report = {} | ||
@report.extend(::Rex::Ref) | ||
rhost_walker = Msf::RhostsWalker.new(datastore['RHOSTS'], datastore).to_enum | ||
conditional_verbose_output(rhost_walker.count) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not a blocker; This might still need opt out functionality, were folk do want a quiet scanner still for 1 target
d733f9d
to
97bfdc4
Compare
logins = report.flat_map { |_k, v| v[:successful_logins] }.compact | ||
sessions = report.flat_map { |_k, v| v[:successful_sessions] }.compact | ||
|
||
print_status("Bruteforce completed, #{logins.size} #{logins.size == 1 ? 'credential was' : 'credentials were'} successful.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might be used in contexts that aren't related to bruteforcing anything; so maybe we need to use different terminology here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Went with scan, let me know if that works, or if you had something else in mind.
print_status("Bruteforce completed, #{logins.size} #{logins.size == 1 ? 'credential was' : 'credentials were'} successful.") | |
print_status("Scan completed, #{logins.size} #{logins.size == 1 ? 'credential was' : 'credentials were'} successful.") |
Just to make testing easier, can we grab in this commit into this PR? #19220 |
97bfdc4
to
48f89a2
Compare
Release NotesUpdates brute force modules to output a summary of the credential discovered. This functionality is currently opt-in with the |
This PR adds support for a summarised output to the end of login/scanner modules within Framework. The idea was that some scanners are either way to quite or way too noisy. So this implementation aims to add a module option that will be enabled by default but is configurable by the user, which will dictate if the table will be output or not.
Example output
When targeting a single host, the scanner is too quiet. Logic was added to check for when a single user is passed and change to verbose mode.
Verification
msfconsole
ShowSuccessLogins
is set tofalse