From 2b6f823a1bea54568cc5acbbdd1b2a012d944575 Mon Sep 17 00:00:00 2001
From: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
Date: Wed, 7 Jun 2017 17:42:45 -0500
Subject: [PATCH] store vuln attempt when reported

---
 lib/msf/core/auxiliary/report.rb | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/lib/msf/core/auxiliary/report.rb b/lib/msf/core/auxiliary/report.rb
index e074c8b2b5..af531e7163 100644
--- a/lib/msf/core/auxiliary/report.rb
+++ b/lib/msf/core/auxiliary/report.rb
@@ -274,7 +274,28 @@ module Auxiliary::Report
         :workspace => myworkspace,
         :task => mytask
     }.merge(opts)
-    framework.db.report_vuln(opts)
+    vuln = framework.db.report_vuln(opts)
+
+    # add vuln attempt audit details here during report
+
+    timestamp  = opts[:timestamp]
+    username   = opts[:username]
+    mname      = self.fullname # use module name when reporting attempt for correlation
+
+    # report_vuln is only called in an identified case, consider setting value reported here
+    attempt_info = {
+        :vuln_id      => vuln.id,
+        :attempted_at => timestamp || Time.now.utc,
+        :exploited    => false,
+        :fail_detail  => 'vulnerability identified',
+        :fail_reason  => 'Untried', # Mdm::VulnAttempt::Status::UNTRIED, avoiding direct dependency on Mdm, used elsewhere in this module
+        :module       => mname,
+        :username     => username  || "unknown",
+    }
+
+    vuln.vuln_attempts.create(attempt_info)
+
+    vuln
   end
 
   # This will simply log a deprecation warning, since report_exploit()