Land rapid7#8822, optional DOPU check for smb_ms17_010

Author: wvu

modules/auxiliary/scanner/smb/smb_ms17_010.rb

@@ -47,6 +47,11 @@ def initialize(info = {})
         ],
       'License'        => MSF_LICENSE
     ))
+
+    register_options(
+      [
+        OptBool.new('CHECK_DOPU', [true, 'Check for DOUBLEPULSAR on vulnerable hosts', true])
+      ])
   end
 
   # algorithm to calculate the XOR Key for DoublePulsar knocks
@@ -80,18 +85,20 @@ def run_host(ip)
         )
 
         # vulnerable to MS17-010, check for DoublePulsar infection
-        code, signature1, signature2 = do_smb_doublepulsar_probe(tree_id)
-
-        if code == 0x51
-          xor_key = calculate_doublepulsar_xor_key(signature1).to_s(16).upcase
-          arch = calculate_doublepulsar_arch(signature2)
-          print_warning("Host is likely INFECTED with DoublePulsar! - Arch: #{arch}, XOR Key: 0x#{xor_key}")
-          report_vuln(
-            host: ip,
-            name: "MS17-010 DoublePulsar Infection",
-            refs: self.references,
-            info: "MultiPlexID += 0x10 on Trans2 request - Arch: #{arch}, XOR Key: 0x#{xor_key}"
-          )
+        if datastore['CHECK_DOPU']
+          code, signature1, signature2 = do_smb_doublepulsar_probe(tree_id)
+
+          if code == 0x51
+            xor_key = calculate_doublepulsar_xor_key(signature1).to_s(16).upcase
+            arch = calculate_doublepulsar_arch(signature2)
+            print_warning("Host is likely INFECTED with DoublePulsar! - Arch: #{arch}, XOR Key: 0x#{xor_key}")
+            report_vuln(
+              host: ip,
+              name: "MS17-010 DoublePulsar Infection",
+              refs: self.references,
+              info: "MultiPlexID += 0x10 on Trans2 request - Arch: #{arch}, XOR Key: 0x#{xor_key}"
+            )
+          end
         end
       elsif status == "STATUS_ACCESS_DENIED" or status == "STATUS_INVALID_HANDLE"
         # STATUS_ACCESS_DENIED (Windows 10) and STATUS_INVALID_HANDLE (others)