From c3445ccb6f1b86ab0fd1975017e6d0a7a6a95950 Mon Sep 17 00:00:00 2001
From: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
Date: Wed, 16 Mar 2022 14:24:45 -0500
Subject: [PATCH 1/2] respect `ssl_version` in crawler

When utilizing `Anemone` to crawl pages using `Rex` sockets
Framework common `SSL` settings can pull from standardized options.
This change enables more fine grained user control and avoids issues
with missing or deprecated SSL versions in newer Ruby versions.
---
 lib/anemone/rex_http.rb                   | 2 +-
 lib/msf/core/auxiliary/http_crawler.rb    | 3 +++
 modules/auxiliary/scanner/http/crawler.rb | 4 ++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/anemone/rex_http.rb b/lib/anemone/rex_http.rb
index 9c51ad4c8e..a00e913347 100644
--- a/lib/anemone/rex_http.rb
+++ b/lib/anemone/rex_http.rb
@@ -189,7 +189,7 @@ module Anemone
       url.port.to_i,
       context,
       url.scheme == "https",
-      'SSLv23',
+      @opts[:ssl_version],
       @opts[:proxies],
                     @opts[:username],
                     @opts[:password]
diff --git a/lib/msf/core/auxiliary/http_crawler.rb b/lib/msf/core/auxiliary/http_crawler.rb
index b45cf52028..07edb890ec 100644
--- a/lib/msf/core/auxiliary/http_crawler.rb
+++ b/lib/msf/core/auxiliary/http_crawler.rb
@@ -294,6 +294,9 @@ module Auxiliary::HttpCrawler
     opts[:password] = t[:password] || ''
     opts[:domain]   = t[:domain]   || 'WORKSTATION'
 
+    if ssl
+      opts[:ssl_version] = ssl_version
+    end
     opts
   end
 
diff --git a/modules/auxiliary/scanner/http/crawler.rb b/modules/auxiliary/scanner/http/crawler.rb
index 7d7b4a1634..3ef4756367 100644
--- a/modules/auxiliary/scanner/http/crawler.rb
+++ b/modules/auxiliary/scanner/http/crawler.rb
@@ -64,6 +64,10 @@ class MetasploitModule < Msf::Auxiliary
   #
   def crawler_process_page(t, page, cnt)
     msg = "[#{"%.5d" % cnt}/#{"%.5d" % max_page_count}]    #{page.code || "ERR"} - #{t[:vhost]} - #{page.url}"
+    if page.error
+      print_error("Error accessing page #{page.error.to_s}")
+      elog(page.error)
+    end
     case page.code
       when 301,302
         if page.headers and page.headers["location"]

From ebaf584a00d9b9737d22336c5a38a1f33e761e3f Mon Sep 17 00:00:00 2001
From: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
Date: Fri, 18 Mar 2022 16:45:34 -0500
Subject: [PATCH 2/2] use 'Auto' for `ssl_version`

---
 lib/msf/core/auxiliary/web/http.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/msf/core/auxiliary/web/http.rb b/lib/msf/core/auxiliary/web/http.rb
index fb4eec48c0..4a356dcad4 100644
--- a/lib/msf/core/auxiliary/web/http.rb
+++ b/lib/msf/core/auxiliary/web/http.rb
@@ -110,7 +110,7 @@ class Auxiliary::Web::HTTP
       opts[:target].port,
       {},
       opts[:target].ssl,
-      'SSLv23',
+      'Auto',
       nil,
       username,
       password