Fix VERBOSE flag ignored when set before module load

[SilentSobs]

Fixes #21099

When set VERBOSE false is called before use <module>, the value is stored in the framework datastore as a raw string "false" without going through OptBool#normalize. Ruby treats non-empty strings as truthy, so the verbose condition evaluated "false" (string) as true, causing verbose output to always appear regardless of the flag.

Fix by using .to_s =~ TRUE_REGEX for both module and framework datastore lookups, consistent with how OptBool normalizes boolean values.

Verification

• Start msfconsole
• set VERBOSE false
• setg RHOSTS <target>
• use auxiliary/scanner/smtp/smtp_enum
• set USER_FILE user.txt
• run
• Verify no verbose lines appear (no "Domain Name", no "Trying MAIL FROM")
• Repeat with set VERBOSE true before use
• Verify verbose lines now appear correctly
• Repeat with no set VERBOSE at all
• Verify no verbose lines appear (default behaviour unchanged)

~/Documents/metasploit-framework$ ./msfconsole -q -x 'set VERBOSE false; setg RHOSTS 192.168.28.65; use auxiliary/scanner/smtp/smtp_enum; set USER_FILE user.txt; run; exit;' 2>&1 | grep -v WARN | grep -v stringio | grep -v "gem cleanup" | grep -v "Please report" | grep -v "Available"
      - 3.1.1
      - 3.0.4
VERBOSE => false
RHOSTS => 192.168.28.65
USER_FILE => user.txt
[*] 192.168.28.65:25      - 192.168.28.65:25 Banner: 220 metasploitable.localdomain ESMTP Postfix (Ubuntu)
[*] 192.168.28.65:25      - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

~/Documents/metasploit-framework$ 

~/Documents/metasploit-framework$ ./msfconsole -q -x 'set VERBOSE true; setg RHOSTS 192.168.28.65; use auxiliary/scanner/smtp/smtp_enum; set USER_FILE user.txt; run; exit;' 2>&1 | grep -v WARN | grep -v stringio | grep -v "gem cleanup" | grep -v "Please report" | grep -v "Available"
      - 3.1.1
      - 3.0.4
VERBOSE => true
RHOSTS => 192.168.28.65
USER_FILE => user.txt
[*] 192.168.28.65:25      - 192.168.28.65:25 Banner: 220 metasploitable.localdomain ESMTP Postfix (Ubuntu)
[*] 192.168.28.65:25      - 192.168.28.65:25 Domain Name: metasploitable.localdomain
[*] 192.168.28.65:25      - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

~/Documents/metasploit-framework$ 

~/Documents/metasploit-framework$ ./msfconsole -q -x 'setg RHOSTS 192.168.28.65; use auxiliary/scanner/smtp/smtp_enum; set USER_FILE user.txt; run; exit;' 2>&1 | grep -v WARN | grep -v stringio | grep -v "gem cleanup" | grep -v "Please report" | grep -v "Available"
      - 3.1.1
      - 3.0.4
RHOSTS => 192.168.28.65
USER_FILE => user.txt
[*] 192.168.28.65:25      - 192.168.28.65:25 Banner: 220 metasploitable.localdomain ESMTP Postfix (Ubuntu)
[*] 192.168.28.65:25      - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

~/Documents/metasploit-framework$ 

---

Ramesh | Security Researcher
IoTSec.in - IoT & Embedded Security Research