Skip to content

Add global datastore option configuration#21148

Open
adfoster-r7 wants to merge 1 commit intorapid7:masterfrom
adfoster-r7:add-global-datastore-option-configuration
Open

Add global datastore option configuration#21148
adfoster-r7 wants to merge 1 commit intorapid7:masterfrom
adfoster-r7:add-global-datastore-option-configuration

Conversation

@adfoster-r7
Copy link
Contributor

@adfoster-r7 adfoster-r7 commented Mar 19, 2026

Fixes a bug when setting verbose logging as false globally would still cause verbose logging to occur

Fixes #21099

Verification

diff --git a/modules/auxiliary/scanner/smtp/smtp_enum.rb b/modules/auxiliary/scanner/smtp/smtp_enum.rb
index 37cf107b563..99c4b8dbc5f 100644
--- a/modules/auxiliary/scanner/smtp/smtp_enum.rb
+++ b/modules/auxiliary/scanner/smtp/smtp_enum.rb
@@ -67,6 +67,8 @@ class MetasploitModule < Msf::Auxiliary
   end
 
   def run_host(ip)
+    puts "verbose=#{datastore['VERBOSE'].inspect} #{datastore['VERBOSE'].class} - #{framework.datastore['VERBOSE'].inspect} #{framework.datastore['VERBOSE'].class}"
+
  • Ensure functionality still works when loading config from a file:
msfconsole -q
setg verbose true
save
exit

adfoster-r7
adfoster-r7 commented Mar 19, 2026
View reviewed changes
lib/msf/core/data_store.rb
end
else
other.each do |k, v|
self.store(k, v)
Copy link
Contributor Author

@adfoster-r7 adfoster-r7 Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was bypassing the normalization logic by directly storing the value under the given key

@adfoster-r7 adfoster-r7 force-pushed the add-global-datastore-option-configuration branch 2 times, most recently from 99873f3 to 411a483 Compare March 19, 2026 23:38
@adfoster-r7 adfoster-r7 force-pushed the add-global-datastore-option-configuration branch from 411a483 to f9976dd Compare March 20, 2026 00:10
@cgranleese-r7 cgranleese-r7 self-assigned this Mar 20, 2026
@cgranleese-r7 cgranleese-r7 added the rn-fix release notes fix label Mar 20, 2026
@cgranleese-r7
Copy link
Contributor

cgranleese-r7 commented Mar 20, 2026

Got some unexpected results when testing this. I could be doing something wrong here, so I'll add the steps I took to test this below.

I added some vprint_status statements to modules/auxiliary/scanner/postgres/postgres_login.rb:

diff --git a/modules/auxiliary/scanner/postgres/postgres_login.rb b/modules/auxiliary/scanner/postgres/postgres_login.rb
index c654cf4e748..a92037f9b46 100644
--- a/modules/auxiliary/scanner/postgres/postgres_login.rb
+++ b/modules/auxiliary/scanner/postgres/postgres_login.rb
@@ -98,6 +98,8 @@ class MetasploitModule < Msf::Auxiliary
   # Loops through each host in turn. Note the current IP address is both
   # ip and datastore['RHOST']
   def run_host(ip)
+    puts "verbose=#{datastore['VERBOSE'].inspect} #{datastore['VERBOSE'].class} - #{framework.datastore['VERBOSE'].inspect} #{framework.datastore['VERBOSE'].class}"
+    vprint_status("Starting scan (VERBOSE TESTING)")
     cred_collection = build_credential_collection(
       realm: datastore['DATABASE'],
       username: datastore['USERNAME'],
@@ -154,6 +156,7 @@ class MetasploitModule < Msf::Auxiliary
         vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
       end
     end
+    vprint_status("Finished scan (VERBOSE TESTING)")
     { successful_logins: successful_logins, successful_sessions: successful_sessions }
   end

I added the module options below with the output. I set verbose to false, then ran the module but still got verbose output. I also added the logging you called out and it returns that verbose was set to true.

Console output:

msf auxiliary(scanner/postgres/postgres_login) > options

Module options (auxiliary/scanner/postgres/postgres_login):

   Name                  Current Setting                                                               Required  Description
   ----                  ---------------                                                               --------  -----------
   ANONYMOUS_LOGIN       false                                                                         yes       Attempt to login with a blank username and password
   BLANK_PASSWORDS       false                                                                         no        Try blank passwords for all users
   BRUTEFORCE_SPEED      5                                                                             yes       How fast to bruteforce, from 0 to 5
   CreateSession         false                                                                         no        Create a new session for every successful login
   DATABASE              template1                                                                     yes       The database to authenticate against
   DB_ALL_CREDS          false                                                                         no        Try each user/password couple stored in the current database
   DB_ALL_PASS           false                                                                         no        Add all passwords in the current database to the list
   DB_ALL_USERS          false                                                                         no        Add all users in the current database to the list
   DB_SKIP_EXISTING      none                                                                          no        Skip existing credentials stored in the current database (Accepted: none, user, user&realm)
   PASSWORD                                                                                            no        A specific password to authenticate with
   PASS_FILE             /Users/cgranleese/rapid7/metasploit-framework/data/wordlists/postgres_defaul  no        File containing passwords, one per line
                         t_pass.txt
   Proxies                                                                                             no        A proxy chain of format type:host:port[,type:host:port][...]. Supported proxies: sapni, socks4, socks5, socks5h, http
   RETURN_ROWSET         true                                                                          no        Set to true to see query result sets
   RHOSTS                127.0.0.1                                                                     yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   RPORT                 5432                                                                          yes       The target port (TCP)
   STOP_ON_SUCCESS       false                                                                         yes       Stop guessing when a credential works for a host
   ShowSuccessfulLogins  true                                                                          no        Outputs a table of successful logins
   THREADS               1                                                                             yes       The number of concurrent threads (max one per host)
   USERNAME                                                                                            no        A specific username to authenticate as
   USERPASS_FILE         /Users/cgranleese/rapid7/metasploit-framework/data/wordlists/postgres_defaul  no        File containing (space-separated) users and passwords, one pair per line
                         t_userpass.txt
   USER_AS_PASS          false                                                                         no        Try the username as the password for all users
   USER_FILE             /Users/cgranleese/rapid7/metasploit-framework/data/wordlists/postgres_defaul  no        File containing users, one per line
                         t_user.txt
   VERBOSE               false                                                                         yes       Whether to print output for all attempts


View the full module info with the info, or info -d command.

msf auxiliary(scanner/postgres/postgres_login) > run
verbose=true TrueClass - true TrueClass
[*] 127.0.0.1:5432        - 127.0.0.1:5432        - Starting scan (VERBOSE TESTING)
[-] 127.0.0.1:5432        - 127.0.0.1:5432 - LOGIN FAILED: :@template1 (Incorrect: FATAL        VFATAL  C28000  Mno PostgreSQL user name specified in startup packet    Fpostmaster.c   L2275   RProcessStartupPacket)
...
C28000  Mrole "admin" does not exist    Fmiscinit.c     L755    RInitializeSessionUserId)
[-] 127.0.0.1:5432        - 127.0.0.1:5432 - LOGIN FAILED: admin:password@template1 (Incorrect: FATAL   VFATAL  C28000  Mrole "admin" does not exist    Fmiscinit.c     L755    RInitializeSessionUserId)
[*] 127.0.0.1:5432        - 127.0.0.1:5432        - Finished scan (VERBOSE TESTING)
[*] 127.0.0.1:5432        - Scanned 1 of 1 hosts (100% complete)
[*] 127.0.0.1:5432        - Scan completed, 0 credentials were successful.
[*] 127.0.0.1:5432        - Bruteforce completed, 0 credentials were successful.
[*] 127.0.0.1:5432        - You can open a Postgres session with these credentials and CreateSession set to true
[*] Auxiliary module execution completed
msf auxiliary(scanner/postgres/postgres_login) >

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@cgranleese-r7 cgranleese-r7

Labels

rn-fix release notes fix

Projects

Metasploit Kanban
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

set VERBOSE failing/not working as expected (always giving output)

3 participants

@adfoster-r7 @cgranleese-r7 @smcintyre-r7