Merge pull request rapid7#3580 from dmaloney-r7/bug/MSP-10869/credential-parent

Credential Parent References

Author: joevennix

lib/metasploit/framework/credential.rb

@@ -12,6 +12,9 @@ class Credential
       #   @return [Boolean] Whether BOTH a public and private are required
       #     (defaults to `true`)
       attr_accessor :paired
+      # @!attribute parent
+      #   @return [Object] the parent object that had .to_credential called on it to create this object
+      attr_accessor :parent
       # @!attribute private
       #   The private credential component (e.g. username)
       #

lib/metasploit/framework/login_scanner/base.rb

@@ -83,6 +83,7 @@ def each_credential
               # This could be a Credential object, or a Credential Core, or an Attempt object
               # so make sure that whatever it is, we end up with a Credential.
               credential = raw_cred.to_credential
+              credential.parent = raw_cred
 
               if credential.realm.present? && self.class::REALM_KEY.present?
                 credential.realm_key = self.class::REALM_KEY
@@ -129,7 +130,14 @@ def scan!
             successful_users = Set.new
 
             each_credential do |credential|
-              next if successful_users.include?(credential.public)
+              # For Pro bruteforce Reuse and Guess we need to note that we skipped an attempt.
+              if successful_users.include?(credential.public)
+                if credential.parent.respond_to?(:skipped)
+                  credential.parent.skipped = true
+                  credential.parent.save!
+                end
+                next
+              end
 
               result = attempt_login(credential)
               result.freeze