Merge pull request rapid7#20122 from bcoles/rubocop-modules-auxiliary-vsploit

modules/auxiliary/vsploit: Resolve RuboCop violations

Author: adfoster-r7

modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb

@@ -7,38 +7,43 @@ class MetasploitModule < Msf::Auxiliary
 
   def initialize
     super(
-      'Name'         => 'VSploit Mariposa DNS Query Module',
-      'Description'  => 'This module queries known Mariposa Botnet DNS records.',
-      'Author'       => 'MJC',
-      'License'      => MSF_LICENSE,
-      'References'   =>
-        [
-          [ 'URL', 'http://www.defintel.com/docs/Mariposa_Analysis.pdf']
-        ]
+      'Name' => 'VSploit Mariposa DNS Query Module',
+      'Description' => 'This module queries known Mariposa Botnet DNS records.',
+      'Author' => 'MJC',
+      'License' => MSF_LICENSE,
+      'References' => [
+        [ 'URL', 'http://www.defintel.com/docs/Mariposa_Analysis.pdf']
+      ],
+      'Notes' => {
+        'Stability' => [CRASH_SAFE],
+        'SideEffects' => [IOC_IN_LOGS],
+        'Reliability' => []
+      }
     )
     register_options(
       [
-        OptString.new('DNS_SERVER',[false, "Specifies a DNS Server"]),
-        OptInt.new('COUNT', [false, "Number of intervals to loop",1]),
-        OptInt.new('DELAY', [false, "Delay in seconds between intervals",3])
-    ])
+        OptString.new('DNS_SERVER', [false, 'Specifies a DNS server']),
+        OptInt.new('COUNT', [false, 'Number of intervals to loop', 1]),
+        OptInt.new('DELAY', [false, 'Delay in seconds between intervals', 3])
+      ]
+    )
   end
 
   def run
-    @res = Net::DNS::Resolver.new()
+    @res = Net::DNS::Resolver.new
 
     domain = [
-    "lalundelau.sinip.es","bf2back.sinip.es","thejacksonfive.mobi",
-    "thejacksonfive.us","thejacksonfive.biz","butterfly.BigMoney.biz",
-    "bfisback.sinip.es","bfisback.no-ip.org","qwertasdfg.sinip.es",
-    "shv4b.getmyip.com","shv4.no-ip.biz","butterfly.sinip.es",
-    "defintelsucks.sinip.es","defintelsucks.net","defintelsucks.com",
-    "gusanodeseda.sinip.es","gusanodeseda.net","legion.sinip.es",
-    "booster.estr.es","sexme.in","extraperlo.biz",
-    "legionarios.servecounterstrike.com","thesexydude.com",
-    "yougotissuez.com","gusanodeseda.mobi","tamiflux.org",
-    "tamiflux.net","binaryfeed.in","youare.sexidude.com",
-    "mierda.notengodominio.com",
+      'lalundelau.sinip.es', 'bf2back.sinip.es', 'thejacksonfive.mobi',
+      'thejacksonfive.us', 'thejacksonfive.biz', 'butterfly.BigMoney.biz',
+      'bfisback.sinip.es', 'bfisback.no-ip.org', 'qwertasdfg.sinip.es',
+      'shv4b.getmyip.com', 'shv4.no-ip.biz', 'butterfly.sinip.es',
+      'defintelsucks.sinip.es', 'defintelsucks.net', 'defintelsucks.com',
+      'gusanodeseda.sinip.es', 'gusanodeseda.net', 'legion.sinip.es',
+      'booster.estr.es', 'sexme.in', 'extraperlo.biz',
+      'legionarios.servecounterstrike.com', 'thesexydude.com',
+      'yougotissuez.com', 'gusanodeseda.mobi', 'tamiflux.org',
+      'tamiflux.net', 'binaryfeed.in', 'youare.sexidude.com',
+      'mierda.notengodominio.com',
     ]
 
     if datastore['DNS_SERVER']
@@ -50,11 +55,11 @@ def run
     while count < datastore['COUNT']
 
       domain.each do |name|
-        query = @res.query(name, "A")
+        query = @res.query(name, 'A')
         time = Time.new
-        time = time.strftime("%Y-%m-%d %H:%M:%S")
+        time = time.strftime('%Y-%m-%d %H:%M:%S')
         print_status("#{time} - DNS Query sent for => #{name}")
-        if query.answer.length == 0
+        if query.answer.empty?
           print_error("#{time} - #{name} => No Record Found")
         else
           a = query.answer[0].to_s.split(/[\s,]+/)
@@ -63,7 +68,7 @@ def run
       end
       unless count == (datastore['COUNT'] - 1)
         time = Time.new
-        time = time.strftime("%Y-%m-%d %H:%M:%S")
+        time = time.strftime('%Y-%m-%d %H:%M:%S')
         print_status("#{time} - Waiting #{datastore['DELAY']} seconds to query")
         select(nil, nil, nil, datastore['DELAY'])
       end

modules/auxiliary/vsploit/malware/dns/dns_query.rb

@@ -7,23 +7,29 @@ class MetasploitModule < Msf::Auxiliary
 
   def initialize
     super(
-      'Name'         => 'VSploit DNS Beaconing Emulation',
-      'Description'  => 'This module takes a list and emulates malicious DNS beaconing.',
-      'Author'       => 'MJC',
-      'License'      => MSF_LICENSE
+      'Name' => 'VSploit DNS Beaconing Emulation',
+      'Description' => 'This module takes a list of domains and emulates malicious DNS beaconing.',
+      'Author' => 'MJC',
+      'License' => MSF_LICENSE,
+      'Notes' => {
+        'Stability' => [CRASH_SAFE],
+        'SideEffects' => [IOC_IN_LOGS],
+        'Reliability' => []
+      }
     )
     register_options(
-        [
-          OptString.new('DOMAINS', [ true, "Separate Domains by whitespace"]),
-          OptString.new('DNS_SERVER',[false, "Specifies a DNS Server"]),
-          OptInt.new('COUNT', [false, "Number of intervals to loop",2]),
-          OptInt.new('DELAY', [false, "Delay in seconds between intervals",3])
-        ])
+      [
+        OptString.new('DOMAINS', [ true, 'Separate domains by whitespace']),
+        OptString.new('DNS_SERVER', [false, 'Specifies a DNS Server']),
+        OptInt.new('COUNT', [false, 'Number of intervals to loop', 2]),
+        OptInt.new('DELAY', [false, 'Delay in seconds between intervals', 3])
+      ]
+    )
   end
 
   def run
-    @res = Net::DNS::Resolver.new()
-    #@res.retry = 2
+    @res = Net::DNS::Resolver.new
+    # @res.retry = 2
 
     if datastore['DNS_SERVER']
       @res.nameservers = datastore['DNS_SERVER']
@@ -35,11 +41,11 @@ def run
 
       domain = datastore['DOMAINS'].split(/[\s,]+/)
       domain.each do |name|
-        query = @res.query(name, "A")
+        query = @res.query(name, 'A')
         time = Time.new
-        time = time.strftime("%Y-%m-%d %H:%M:%S")
+        time = time.strftime('%Y-%m-%d %H:%M:%S')
         print_status("#{time} - DNS Query sent for => #{name}")
-        if query.answer.length == 0
+        if query.answer.empty?
           print_error("#{time} - #{name} => No Record Found")
         else
           a = query.answer[0].to_s.split(/[\s,]+/)
@@ -48,7 +54,7 @@ def run
       end
       unless count == (datastore['COUNT'] - 1)
         time = Time.new
-        time = time.strftime("%Y-%m-%d %H:%M:%S")
+        time = time.strftime('%Y-%m-%d %H:%M:%S')
         print_status("#{time} - Waiting #{datastore['DELAY']} seconds to beacon")
         select(nil, nil, nil, datastore['DELAY'])
       end

modules/auxiliary/vsploit/malware/dns/dns_zeus.rb

@@ -7,43 +7,48 @@ class MetasploitModule < Msf::Auxiliary
 
   def initialize
     super(
-      'Name'         => 'VSploit Zeus DNS Query Module',
-      'Description'  => 'This module queries known Zeus Botnet DNS records.',
-      'Author'       => 'MJC',
-      'License'      => MSF_LICENSE,
-      'References'   =>
-        [
-          [ 'URL', 'https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist']
-        ]
+      'Name' => 'VSploit Zeus DNS Query Module',
+      'Description' => 'This module queries known Zeus Botnet DNS records.',
+      'Author' => 'MJC',
+      'License' => MSF_LICENSE,
+      'References' => [
+        [ 'URL', 'https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist']
+      ],
+      'Notes' => {
+        'Stability' => [CRASH_SAFE],
+        'SideEffects' => [IOC_IN_LOGS],
+        'Reliability' => []
+      }
     )
     register_options(
       [
-        OptString.new('DNS_SERVER',[false, "Specifies a DNS Server"]),
-        OptInt.new('COUNT', [false, "Number of intervals to loop",1]),
-        OptInt.new('DELAY', [false, "Delay in seconds between intervals",3])
-    ])
+        OptString.new('DNS_SERVER', [false, 'Specifies a DNS server']),
+        OptInt.new('COUNT', [false, 'Number of intervals to loop', 1]),
+        OptInt.new('DELAY', [false, 'Delay in seconds between intervals', 3])
+      ]
+    )
   end
 
   def run
-    @res = Net::DNS::Resolver.new()
+    @res = Net::DNS::Resolver.new
 
     domain = [
-    "allspring.net","antifoher.biz","asdfasdgqghgsw.cx.cc",
-    "ashnmjjpoljfnl.info","atlaz.net","b3l.org","back.boroborogold.ru",
-    "bandwithcheckstart.com","batmanrobinho.com","bellicbridge.ru",
-    "bestfihteerdr.com","bestprice2you.net","billyd.com.au",
-    "bitschoonerop.com","blackskullbg.sytes.net","botikov.eu.tf",
-    "botnetdown.gicp.net","boutique.vcm-mode.it","brandc.name",
-    "bxkkuskgdjskdn.com","c0re.su","cdvqvnjqqtkqhsoo.info",
-    "christmassuper.com","ciritas.ru","citi-spb.ru","clavn.ru",
-    "client.trackups.org","client.upsclients.net","cnewsus.ru",
-    "cnnus.ru","concapow.in","consoleencydd.com","cqoqgzqmkpkrmlo.com",
-    "ctllutheran.org","currencytradechat.com","cyytmmlxsthywst.com",
-    "damaka.com","datacricketuf.ru","deimingames.com",
-    "dfhhdkdddqjda.start.tl","djerk.info","djpeterblue.com.br",
-    "dlmsonisfzksioqq.org","domio.pwomega.ru","favdstgssdqdsfg.start.tl",
-    "favoritopilodjd.com","favqnornkwvkwfxv.biz","fdhjkfhskas.com",
-    "federalreserve-report.com","federetoktyt.net"
+      'allspring.net', 'antifoher.biz', 'asdfasdgqghgsw.cx.cc',
+      'ashnmjjpoljfnl.info', 'atlaz.net', 'b3l.org', 'back.boroborogold.ru',
+      'bandwithcheckstart.com', 'batmanrobinho.com', 'bellicbridge.ru',
+      'bestfihteerdr.com', 'bestprice2you.net', 'billyd.com.au',
+      'bitschoonerop.com', 'blackskullbg.sytes.net', 'botikov.eu.tf',
+      'botnetdown.gicp.net', 'boutique.vcm-mode.it', 'brandc.name',
+      'bxkkuskgdjskdn.com', 'c0re.su', 'cdvqvnjqqtkqhsoo.info',
+      'christmassuper.com', 'ciritas.ru', 'citi-spb.ru', 'clavn.ru',
+      'client.trackups.org', 'client.upsclients.net', 'cnewsus.ru',
+      'cnnus.ru', 'concapow.in', 'consoleencydd.com', 'cqoqgzqmkpkrmlo.com',
+      'ctllutheran.org', 'currencytradechat.com', 'cyytmmlxsthywst.com',
+      'damaka.com', 'datacricketuf.ru', 'deimingames.com',
+      'dfhhdkdddqjda.start.tl', 'djerk.info', 'djpeterblue.com.br',
+      'dlmsonisfzksioqq.org', 'domio.pwomega.ru', 'favdstgssdqdsfg.start.tl',
+      'favoritopilodjd.com', 'favqnornkwvkwfxv.biz', 'fdhjkfhskas.com',
+      'federalreserve-report.com', 'federetoktyt.net'
     ]
 
     if datastore['DNS_SERVER']
@@ -55,11 +60,11 @@ def run
     while count < datastore['COUNT']
 
       domain.each do |name|
-        query = @res.query(name, "A")
+        query = @res.query(name, 'A')
         time = Time.new
-        time = time.strftime("%Y-%m-%d %H:%M:%S")
+        time = time.strftime('%Y-%m-%d %H:%M:%S')
         print_status("#{time} - DNS Query sent for => #{name}")
-        if query.answer.length == 0
+        if query.answer.empty?
           print_error("#{time} - #{name} => No Record Found")
         else
           a = query.answer[0].to_s.split(/[\s,]+/)
@@ -68,7 +73,7 @@ def run
       end
       unless count == (datastore['COUNT'] - 1)
         time = Time.new
-        time = time.strftime("%Y-%m-%d %H:%M:%S")
+        time = time.strftime('%Y-%m-%d %H:%M:%S')
         print_status("#{time} - Waiting #{datastore['DELAY']} seconds to query")
         select(nil, nil, nil, datastore['DELAY'])
       end

modules/auxiliary/vsploit/pii/email_pii.rb

@@ -12,24 +12,32 @@ class MetasploitModule < Msf::Auxiliary
   include Msf::Auxiliary::PII
 
   def initialize(info = {})
-    super(update_info(info,
-      'Name'           => 'VSploit Email PII',
-      'Description'    => %q{
+    super(
+      update_info(
+        info,
+        'Name' => 'VSploit Email PII',
+        'Description' => %q{
           This auxiliary reads from a file and sends data which
-      should be flagged via an internal or external SMTP server.
-      },
-      'License'        => MSF_LICENSE,
-      'Author'         =>  ['willis']
-    ))
-      register_options(
-        [
-          OptString.new('RHOST', [true, "SMTP server address",'127.0.0.1']),
-          OptPort.new('RPORT', [true, "SMTP server port", 25])
-        ])
+          should be flagged via an internal or external SMTP server.
+        },
+        'License' => MSF_LICENSE,
+        'Author' => ['willis'],
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => []
+        }
+      )
+    )
+    register_options(
+      [
+        OptString.new('RHOST', [true, 'SMTP server address', '127.0.0.1']),
+        OptPort.new('RPORT', [true, 'SMTP server port', 25])
+      ]
+    )
   end
 
   def run
-
     msg = Rex::MIME::Message.new
     msg.mime_defaults
     msg.subject = datastore['SUBJECT']
@@ -38,9 +46,9 @@ def run
 
     data = create_pii
 
-    msg.add_part(data, "text/plain")
+    msg.add_part(data, 'text/plain')
     msg.add_part_attachment(data, rand_text_english(10))
 
-    resp = send_message(msg.to_s)
+    send_message(msg.to_s)
   end
 end