Land #11493, file: RHOSTS fix for aux modules

Peleus notes that when pulling more than a few RHOSTS targets from the database, MSF writes the intermediate results to a text file instead of leaving them in memory. The aux module check of instantiating a RangeWalker for validation is necessary but insufficient for validating 'file:' RHOSTS specifications.

This clones logic used in the 'check' method in exploit modules to be able to handle file: properly. I suspect this may need to be consolidated and implemented elsewhere tool.

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    metasploit-framework (5.0.8)
+    metasploit-framework (5.0.9)
       actionpack (~> 4.2.6)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)
@@ -154,7 +154,7 @@ GEM
       concurrent-ruby (~> 1.0)
     jsobfu (0.4.2)
       rkelly-remix
-    json (2.1.0)
+    json (2.2.0)
     loofah (2.2.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)

LICENSE_GEMS

@@ -39,12 +39,12 @@ hashery, 2.1.2, "Simplified BSD"
 http_parser.rb, 0.6.0, MIT
 i18n, 0.9.5, MIT
 jsobfu, 0.4.2, "New BSD"
-json, 2.1.0, ruby
+json, 2.2.0, ruby
 loofah, 2.2.3, MIT
 metasm, 1.0.3, LGPL
 metasploit-concern, 2.0.5, "New BSD"
 metasploit-credential, 3.0.3, "New BSD"
-metasploit-framework, 5.0.8, "New BSD"
+metasploit-framework, 5.0.9, "New BSD"
 metasploit-model, 2.0.4, "New BSD"
 metasploit-payloads, 1.3.62, "3-clause (or ""modified"") BSD"
 metasploit_data_models, 3.0.5, "New BSD"

db/modules_metadata_base.json

@@ -22502,7 +22502,7 @@
       "https"
     ],
     "targets": null,
-    "mod_time": "2018-11-23 17:15:33 +0000",
+    "mod_time": "2019-02-22 09:01:11 +0000",
     "path": "/modules/auxiliary/scanner/http/iis_shortname_scanner.rb",
     "is_install_path": true,
     "ref_name": "scanner/http/iis_shortname_scanner",
@@ -31852,7 +31852,7 @@
     "author": [
       "Deral \"Percentx\" Heiland",
       "Pete \"Bokojan\" Arzamendi",
-      "William Vu",
+      "wvu <wvu@metasploit.com>",
       "Dev Mohanty"
     ],
     "description": "This module will extract the passwords from address books on various Canon IR-Adv mfp devices.\n        Tested models:\n        iR-ADV C2030,\n        iR-ADV 4045,\n        iR-ADV C5030,\n        iR-ADV C5235,\n        iR-ADV C5240,\n        iR-ADV 6055,\n        iR-ADV C7065",
@@ -31878,7 +31878,7 @@
       "https"
     ],
     "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2019-02-22 17:01:49 +0000",
     "path": "/modules/auxiliary/scanner/printer/canon_iradv_pwd_extract.rb",
     "is_install_path": true,
     "ref_name": "scanner/printer/canon_iradv_pwd_extract",
@@ -53515,7 +53515,7 @@
       "Steve Breen",
       "Dev Mohanty",
       "Louis Sato",
-      "William Vu",
+      "wvu <wvu@metasploit.com>",
       "juan vazquez <juan.vazquez@metasploit.com>",
       "Wei Chen"
     ],
@@ -53539,7 +53539,7 @@
     "targets": [
       "Jenkins 1.637"
     ],
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2019-02-22 17:01:49 +0000",
     "path": "/modules/exploits/linux/misc/jenkins_java_deserialize.rb",
     "is_install_path": true,
     "ref_name": "linux/misc/jenkins_java_deserialize",
@@ -55208,7 +55208,7 @@
       "Unix In-Memory",
       "Linux Dropper"
     ],
-    "mod_time": "2019-02-19 13:22:38 +0000",
+    "mod_time": "2019-02-22 13:22:54 +0000",
     "path": "/modules/exploits/linux/upnp/belkin_wemo_upnp_exec.rb",
     "is_install_path": true,
     "ref_name": "linux/upnp/belkin_wemo_upnp_exec",
@@ -55221,7 +55221,11 @@
       ],
       "SideEffects": [
         "artifacts-on-disk"
-      ]
+      ],
+      "Reliablity": [
+        "repeatable-session"
+      ],
+      "NOCVE": "Patched in 2.00.8643"
     }
   },
   "exploit_linux/upnp/dlink_upnp_msearch_exec": {
@@ -57990,7 +57994,7 @@
       "Apache Jetspeed <= 2.3.0 (Linux)",
       "Apache Jetspeed <= 2.3.0 (Windows)"
     ],
-    "mod_time": "2018-11-16 12:18:28 +0000",
+    "mod_time": "2019-02-25 11:32:06 +0000",
     "path": "/modules/exploits/multi/http/apache_jetspeed_file_upload.rb",
     "is_install_path": true,
     "ref_name": "multi/http/apache_jetspeed_file_upload",
@@ -62075,7 +62079,7 @@
       "OATS <= 12.4.0.2.0 (Windows)",
       "OATS <= 12.4.0.2.0 (Linux)"
     ],
-    "mod_time": "2018-11-16 12:18:28 +0000",
+    "mod_time": "2019-02-25 11:35:34 +0000",
     "path": "/modules/exploits/multi/http/oracle_ats_file_upload.rb",
     "is_install_path": true,
     "ref_name": "multi/http/oracle_ats_file_upload",
@@ -64503,7 +64507,7 @@
       "Linux (Dropper)",
       "Windows (Dropper)"
     ],
-    "mod_time": "2018-11-16 12:18:28 +0000",
+    "mod_time": "2019-02-25 11:13:41 +0000",
     "path": "/modules/exploits/multi/http/struts2_rest_xstream.rb",
     "is_install_path": true,
     "ref_name": "multi/http/struts2_rest_xstream",
@@ -73603,7 +73607,7 @@
       "Drupal 8.x (Unix In-Memory)",
       "Drupal 8.x (Linux Dropper)"
     ],
-    "mod_time": "2018-11-16 12:18:28 +0000",
+    "mod_time": "2019-02-25 12:19:03 +0000",
     "path": "/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb",
     "is_install_path": true,
     "ref_name": "unix/webapp/drupal_drupalgeddon2",

documentation/modules/auxiliary/scanner/http/http_put.md

@@ -9,19 +9,21 @@ This module can abuse misconfigured web servers to upload and delete web content
 4. Do: ```set PATH [PATH]```
 5. Do: ```set FILENAME [FILNAME]```
 6. Do: ```set FILEDATA [PATH]```
-7. DO: ```run```
+7. Do: ```run```
 
 ## Options 
 
 ### ACTION
 
+Set `ACTION` to either `PUT` or `DELETE`. (Default: `PUT`)
+
 **PUT**
 
 Action is set to PUT to upload files to the server. If `FILENAME` isn't specified, the module will generate a random string as a .txt file.
 
 **DELETE** 
 
-Deletes the file specified in the `FILENAME` option. (default: `msf_http_put_test.txt`)
+Deletes the file specified in the `FILENAME` option (Default: `msf_http_put_test.txt`). `FILENAME` is required when Action is set to DELETE. 
 
 ### PATH
 
@@ -29,16 +31,15 @@ The path at which this module will attempt to either PUT the content or DELETE i
 
 ### FILEDATA
 
-The file whose data is to be uploaded. 
+The content to put in the uploaded file when `ACTION` is set to `PUT`.
+
 
 ## Scenarios
 
-Here Action is set to `PUT`.
+Here `ACTION` is by default set to `PUT`.
 
 ```
 msf > use auxiliary/scanner/http/http_put
-msf auxiliary(scanner/http/http_put) > set ACTION PUT
-ACTION => PUT
 msf auxiliary(scanner/http/http_put) > set RHOSTS 1.1.1.23
 RHOSTS => 1.1.1.23
 msf auxiliary(scanner/http/http_put) > set RPORT 8585

documentation/modules/auxiliary/scanner/http/scraper.md

@@ -7,15 +7,22 @@ This module scrapes data from a specific web page based on a regular expression.
 2. Do: ```set RHOSTS [IP]```
 3. Do: ```run```
 
+## Options
+
+### PATH 
+
+The path from where the data is to be scraped from.
+ 
+### PATTERN
+
+A regular expression to capture data from webpage. Default value:`<title>(.*)</title>` which simply grabs the page title.
+
 ## Scenarios
-By default this module scrapes the `title` of a web page.
 
 ```
 msf > use auxiliary/scanner/http/scraper
 msf auxiliary(scanner/http/scraper) > set RHOSTS 1.1.1.18
 RHOSTS => 1.1.1.18
-msf auxiliary(scanner/http/scraper) > set PATTERN '<title>(.*)</title>'
-PATTERN => (?-mix:<title>(.*)<\/title>)
 msf auxiliary(scanner/http/scraper) > run 
 
 [+] 1.1.1.18 / [Index of /]
@@ -24,3 +31,5 @@ msf auxiliary(scanner/http/scraper) > run
 msf auxiliary(scanner/http/scraper) >
 ```
 
+The title of `1.1.1.18/` page is `Index of /`.
+

documentation/modules/auxiliary/scanner/telnet/telnet_login.md

@@ -1,5 +1,5 @@
 ## Description
-This module will test a telnet login with a list of provided credentials on a range of machines and report successful logins.
+This module will test a telnet login with a list of provided credentials on a range of machines and report successful logins. It allows you to pass credentials in a number of ways. You can specifically set a username and password, you can pass a list of usernames and a list of passwords for it to iterate through, or you can provide a file that contains usernames and passwords separated by a space.
 
 ## Verification Steps
 
@@ -7,12 +7,11 @@ This module will test a telnet login with a list of provided credentials on a ra
 2. Do: ```set RHOSTS [IP]```
 3. Do: ```set THREADS [NUMBER OF THREADS]```
 4. Do: ```set USER_FILE [USERNAME FILE]```
-5. Do: ```set PASS_FILE[PASSWORD FILE]```
+5. Do: ```set PASS_FILE [PASSWORD FILE]```
 6. Do: ```run```
 
 ## Options
 
-This auxiliary module allows you to pass credentials in a number of ways. You can specifically set a username and password, you can pass a list of usernames and a list of passwords for it to iterate through, or you can provide a file that contains usernames and passwords separated by a space.
 
 ### BLANK PASSWORD 
 
@@ -32,7 +31,7 @@ File containing username and passwords separated by space, one pair one line.
 
 ### USER_FILE
 
-File containing username one per line.
+File containing usernames one per line.
 
 ### PASS_FILE
 
@@ -57,7 +56,7 @@ msf auxiliary(scanner/telnet/telnet_login) > set PASS_FILE passwords.txt
 PASS_FILE => passwords.txt
 msf auxiliary(scanner/telnet/telnet_login) > set VERBOSE false
 VERBOSE => false
-msf auxiliary(scanner/telnet/telnet_login) >run
+msf auxiliary(scanner/telnet/telnet_login) > run
 
 [+] 1.1.1.116 - SUCCESSFUL LOGIN root : s00p3rs3ckret
 [*] Command shell session 1 opened (1.1.1.101:50017 -> 1.1.1.116:23) at 2010-10-08 06:48:27 -0600

documentation/modules/auxiliary/scanner/telnet/telnet_version.md

@@ -1,5 +1,5 @@
 ## Description
-This module will scan a range of machines and prints any telnet servers that are running on it.
+This module will scan a range of machines and prints the banner, usually containing the version of any telnet servers that are running on it.
 
 ## Verification Steps
 

lib/metasploit/framework/version.rb

@@ -30,7 +30,7 @@ module Metasploit
         end
       end
 
-      VERSION = "5.0.8"
+      VERSION = "5.0.9"
       MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
       PRERELEASE = 'dev'
       HASH = get_hash

lib/msf/core/exploit/cmdstager.rb

@@ -57,6 +57,7 @@ module Exploit::CmdStager
       [
         OptEnum.new('CMDSTAGER::FLAVOR', [false, 'The CMD Stager to use.', 'auto', flavors]),
         OptString.new('CMDSTAGER::DECODER', [false, 'The decoder stub to use.']),
+        OptString.new('CMDSTAGER::TEMP', [false, 'Writable directory for staged files']),
         OptBool.new('CMDSTAGER::SSL', [false, 'Use SSL/TLS for supported stagers', false])
       ], self.class)
   end
@@ -129,6 +130,12 @@ module Exploit::CmdStager
 
     self.stager_instance = create_stager
 
+    if datastore['CMDSTAGER::TEMP']
+      opts[:temp] = datastore['CMDSTAGER::TEMP']
+    elsif datastore['WritableDir']
+      opts[:temp] = datastore['WritableDir']
+    end
+
     if stager_instance.respond_to?(:http?) && stager_instance.http?
       opts[:ssl] = datastore['CMDSTAGER::SSL'] unless opts.key?(:ssl)
       opts[:payload_uri] = start_service(opts)

lib/msf/core/exploit/http/client.rb

@@ -480,7 +480,7 @@ module Exploit::Remote::HttpClient
   end
 
   # Returns the complete URI as string including the scheme, port and host
-  def full_uri(custom_uri = nil)
+  def full_uri(custom_uri = nil, vhost_uri: false)
     uri_scheme = ssl ? 'https' : 'http'
 
     if (rport == 80 && !ssl) || (rport == 443 && ssl)
@@ -491,7 +491,9 @@ module Exploit::Remote::HttpClient
 
     uri = normalize_uri(custom_uri || target_uri.to_s)
 
-    if Rex::Socket.is_ipv6?(rhost)
+    if vhost_uri && datastore['VHOST']
+      uri_host = datastore['VHOST']
+    elsif Rex::Socket.is_ipv6?(rhost)
       uri_host = "[#{rhost}]"
     else
       uri_host = rhost

lib/msf/ui/console/command_dispatcher/auxiliary.rb

@@ -62,7 +62,7 @@ class Auxiliary
   #
   # Launches an auxiliary module for single attempt.
   #
-  def run_single(mod, opts)
+  def run_single(mod, action, opts)
     begin
       mod.run_simple(
         'Action'         => action,
@@ -123,23 +123,25 @@ class Auxiliary
       jobify = true
     end
 
-    rhosts_range = Rex::Socket::RangeWalker.new(mod.datastore['RHOSTS'])
-    unless rhosts_range && rhosts_range.length
-      print_error("Auxiliary failed: option RHOSTS failed to validate.")
-      return false
-    end
-
+    rhosts = datastore['RHOSTS']
     begin
-      # Check whether run a scanner module.
-      if mod.class.included_modules.include?(Msf::Auxiliary::Scanner)
-        run_single(mod, opts)
-      # For multi target attempts.
+      # Check if this is a scanner module or doesn't target remote hosts
+      if rhosts.blank? || mod.class.included_modules.include?(Msf::Auxiliary::Scanner)
+        run_single(mod, action, opts)
+      # For multi target attempts with non-scanner modules.
       else
+        rhosts_opt = Msf::OptAddressRange.new('RHOSTS')
+        if !rhosts_opt.valid?(rhosts)
+          print_error("Auxiliary failed: option RHOSTS failed to validate.")
+          return false
+        end
+
+        rhosts_range = Rex::Socket::RangeWalker.new(rhosts_opt.normalize(rhosts))
         rhosts_range.each do |rhost|
           nmod = mod.replicant
           nmod.datastore['RHOST'] = rhost
-          vprint_status("Running module against #{rhost}")
-          run_single(nmod, opts)
+          print_status("Running module against #{rhost}")
+          run_single(nmod, action, opts)
         end
       end
     rescue ::Timeout::Error

modules/auxiliary/scanner/http/iis_shortname_scanner.rb

@@ -255,7 +255,7 @@ class MetasploitModule < Msf::Auxiliary
     else
       print_good("Found #{@dirs.size} directories")
       @dirs.each do |x|
-        print_line("#{proto}://#{datastore['RHOST']}#{@path}#{x}")
+        print_good("#{proto}://#{datastore['RHOST']}#{@path}#{x}")
       end
     end
 
@@ -264,7 +264,7 @@ class MetasploitModule < Msf::Auxiliary
     else
       print_good("Found #{@files.size} files")
       @files.each do |x|
-        print_line("#{proto}://#{datastore['RHOST']}#{@path}#{x}")
+        print_good("#{proto}://#{datastore['RHOST']}#{@path}#{x}")
       end
     end
   end

modules/auxiliary/scanner/printer/canon_iradv_pwd_extract.rb

@@ -26,7 +26,7 @@ class MetasploitModule < Msf::Auxiliary
         [
           'Deral "Percentx" Heiland',
           'Pete "Bokojan" Arzamendi',
-          'William Vu',
+          'wvu',
           'Dev Mohanty'
         ],
       'License'        => MSF_LICENSE

modules/exploits/linux/misc/jenkins_java_deserialize.rb

@@ -23,7 +23,7 @@ class MetasploitModule < Msf::Exploit::Remote
             'Steve Breen',         # Public Exploit
             'Dev Mohanty',         # Metasploit module
             'Louis Sato',          # Metasploit
-            'William Vu',          # Metasploit
+            'wvu',                 # Metasploit
             'juan vazquez',        # Metasploit
             'Wei Chen'             # Metasploit
           ],

modules/exploits/linux/upnp/belkin_wemo_upnp_exec.rb

@@ -59,7 +59,9 @@ class MetasploitModule < Msf::Exploit::Remote
       'DefaultTarget'      => 1,
       'Notes'              => {
         'Stability'        => [CRASH_SAFE],
-        'SideEffects'      => [ARTIFACTS_ON_DISK]
+        'SideEffects'      => [ARTIFACTS_ON_DISK],
+        'Reliablity'       => [REPEATABLE_SESSION],
+        'NOCVE'            => 'Patched in 2.00.8643' # TODO: Add firmware check
       }
     ))
 

modules/exploits/multi/http/apache_jetspeed_file_upload.rb

@@ -62,10 +62,8 @@ class MetasploitModule < Msf::Exploit::Remote
   def exploit
     print_status("Creating admin user: #{username}:#{password}")
     create_admin_user
-    # This was originally a typo... but we're having so much fun!
-    print_status('Kenny Loggins in')
-    kenny_loggins
-    print_warning('You have entered the Danger Zone')
+    print_status('Logging in as newly created admin')
+    jetspeed_login
     print_status("Uploading payload ZIP: #{zip_filename}")
     upload_payload_zip
     print_status("Executing JSP shell: /jetspeed/#{jsp_filename}")
@@ -102,7 +100,7 @@ class MetasploitModule < Msf::Exploit::Remote
     )
   end
 
-  def kenny_loggins
+  def jetspeed_login
     res = send_request_cgi(
       'method' => 'GET',
       'uri'    => '/jetspeed/login/redirector'
@@ -154,11 +152,11 @@ class MetasploitModule < Msf::Exploit::Remote
 
     case target['Platform']
     when 'linux'
-      register_files_for_cleanup("../webapps/jetspeed/#{jsp_filename}")
-      register_files_for_cleanup("../temp/#{username}/#{zip_filename}")
+      register_file_for_cleanup("../webapps/jetspeed/#{jsp_filename}")
+      register_dir_for_cleanup("../temp/#{username}")
     when 'win'
-      register_files_for_cleanup("..\\webapps\\jetspeed\\#{jsp_filename}")
-      register_files_for_cleanup("..\\temp\\#{username}\\#{zip_filename}")
+      register_file_for_cleanup("..\\webapps\\jetspeed\\#{jsp_filename}")
+      register_dir_for_cleanup("..\\temp\\#{username}")
     end
 
     send_request_cgi(
@@ -189,19 +187,6 @@ class MetasploitModule < Msf::Exploit::Remote
     )
   end
 
-  # XXX: This is a hack because FileDropper doesn't delete directories
-  def on_new_session(session)
-    super
-    case target['Platform']
-    when 'linux'
-      print_status("Deleting user temp directory: ../temp/#{username}")
-      session.shell_command_token("rm -rf ../temp/#{username}")
-    when 'win'
-      print_status("Deleting user temp directory: ..\\temp\\#{username}")
-      session.shell_command_token("rd /s /q ..\\temp\\#{username}")
-    end
-  end
-
   #
   # Utility methods
   #

modules/exploits/multi/http/oracle_ats_file_upload.rb

@@ -77,7 +77,7 @@ class MetasploitModule < Msf::Exploit::Remote
     mime.add_part('.', nil, nil, 'form-data; name="storage.workspace"')
     mime.add_part(jsp_directory, nil, nil, 'form-data; name="directory"')
 
-    register_files_for_cleanup(jsp_path)
+    register_file_for_cleanup(jsp_path)
 
     send_request_cgi(
       'method' => 'POST',

modules/exploits/multi/http/struts2_rest_xstream.rb

@@ -76,7 +76,7 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def check
-    return CheckCode::Appears if execute_command(random_crap)
+    return CheckCode::Appears if execute_command(rand_str)
 
     CheckCode::Safe
   end
@@ -151,9 +151,9 @@ class MetasploitModule < Msf::Exploit::Remote
                       <name>start</name>
                       <parameter-types/>
                     </method>
-                    <name>#{random_crap}</name>
+                    <name>#{rand_str}</name>
                   </filter>
-                  <next class="string">#{random_crap}</next>
+                  <next class="string">#{rand_str}</next>
                 </serviceIterator>
                 <lock/>
               </cipher>
@@ -189,7 +189,7 @@ EOF
     'java.lang.String cannot be cast to java.security.Provider$Service'
   end
 
-  def random_crap
+  def rand_str
     Rex::Text.rand_text_alphanumeric(8..42)
   end
 

modules/exploits/unix/webapp/drupal_drupalgeddon2.rb

@@ -122,13 +122,13 @@ class MetasploitModule < Msf::Exploit::Remote
         ]
       ],
       'DefaultTarget'  => 0, # Automatic (PHP In-Memory)
-      'DefaultOptions' => {'WfsDelay' => 2},
+      'DefaultOptions' => {'WfsDelay' => 2}, # Wait between and after attempts
       'Notes'          => {'AKA' => ['SA-CORE-2018-002', 'Drupalgeddon 2']}
     ))
 
     register_options([
       OptString.new('PHP_FUNC',  [true, 'PHP function to execute', 'passthru']),
-      OptBool.new('DUMP_OUTPUT', [false, 'If output should be dumped', false])
+      OptBool.new('DUMP_OUTPUT', [false, 'Dump payload command output', false])
     ])
 
     register_advanced_options([
@@ -161,7 +161,7 @@ class MetasploitModule < Msf::Exploit::Remote
       print_error('Could not determine Drupal patch level')
     end
 
-    token = random_crap
+    token = rand_str
     res   = execute_command(token, func: 'printf')
 
     if res && res.body.start_with?(token)
@@ -211,7 +211,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
   def dropper_assert
     php_file = Pathname.new(
-      "#{datastore['WritableDir']}/#{random_crap}.php"
+      "#{datastore['WritableDir']}/#{rand_str}.php"
     ).cleanpath
 
     # Return the PHP payload or a PHP binary dropper
@@ -242,7 +242,7 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def dropper_exec
-    php_file = "#{random_crap}.php"
+    php_file = "#{rand_str}.php"
     tmp_file = Pathname.new(
       "#{datastore['WritableDir']}/#{php_file}"
     ).cleanpath
@@ -380,7 +380,7 @@ class MetasploitModule < Msf::Exploit::Remote
     )
   end
 
-  def random_crap
+  def rand_str
     Rex::Text.rand_text_alphanumeric(8..42)
   end
 

msfdb

@@ -58,7 +58,7 @@ require 'msf/util/helper'
     db_port: 5433,
     db_pool: 200,
     address: 'localhost',
-    port: 8080,
+    port: 5443,
     ssl: true,
     ssl_cert: @ws_ssl_cert_default,
     ssl_key: @ws_ssl_key_default,

tools/dev/msftidy.rb

@@ -435,6 +435,8 @@ class Msftidy
       if not available_ranks.include?($1)
         error("Invalid ranking. You have '#{$1}'")
       end
+    elsif @source =~ /['"](SideEffects|Stability|Reliability)['"]\s*=/
+      info('No Rank, however SideEffects, Stability, or Reliability are provided')
     else
       warn('No Rank specified. The default is NormalRanking. Please add an explicit Rank value.')
     end

tools/modules/module_author.rb

@@ -16,17 +16,15 @@ while File.symlink?(msfbase)
 end
 
 $:.unshift(File.expand_path(File.join(File.dirname(msfbase), '..', '..', 'lib')))
-require 'msfenv'
-
-$:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
 
 require 'rex'
-require 'msf/ui'
-require 'msf/base'
+require 'json'
+
+FILENAME = 'db/modules_metadata_base.json'
 
 sort = 0
 filter = 'All'
-filters = ['all','exploit','payload','post','nOP','encoder','auxiliary']
+filters = ['all','exploit','payload','post','nop','encoder','auxiliary', 'evasion']
 reg = 0
 regex = nil
 
@@ -69,19 +67,6 @@ opts.parse(ARGV) { |opt, idx, val|
 
 Indent = '    '
 
-# Always disable the database (we never need it just to list module
-# information).
-framework_opts = { 'DisableDatabase' => true }
-
-# If the user only wants a particular module type, no need to load the others
-if filter.downcase != 'all'
-  framework_opts[:module_types] = [ filter.downcase ]
-end
-
-# Initialize the simplified framework instance.
-$framework = Msf::Simple::Framework.create(framework_opts)
-
-
 tbl = Rex::Text::Table.new(
   'Header'  => 'Module References',
   'Indent'  => Indent.length,
@@ -90,18 +75,18 @@ tbl = Rex::Text::Table.new(
 
 names = {}
 
-$framework.modules.each { |name, mod|
-  x = mod.new
-  x.author.each do |r|
-    r = r.to_s
+local_modules = JSON.parse(File.read(FILENAME)) # get cache file location from framework?
+
+local_modules.each do |_module_key, local_module|
+  local_module['author'].each do |r|
+    next if filter.downcase != 'all' && local_module['type'] != filter.downcase
     if regex.nil? or r =~ regex
-      tbl << [ x.fullname, r ]
+      tbl << [ local_module['full_name'], r ]
       names[r] ||= 0
       names[r] += 1
     end
   end
-}
-
+end
 
 if sort == 1
   tbl.sort_rows(1)