From 3d41b4046ca6a506b3e06f3e7f341b2eb521dadd Mon Sep 17 00:00:00 2001 From: Jake Yamaki Date: Wed, 30 Sep 2015 16:33:15 -0400 Subject: [PATCH] Standardize output and include full uri --- modules/auxiliary/scanner/http/verb_auth_bypass.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/auxiliary/scanner/http/verb_auth_bypass.rb b/modules/auxiliary/scanner/http/verb_auth_bypass.rb index c9eb6fafd0..1660433bf6 100644 --- a/modules/auxiliary/scanner/http/verb_auth_bypass.rb +++ b/modules/auxiliary/scanner/http/verb_auth_bypass.rb @@ -51,13 +51,13 @@ class Metasploit3 < Msf::Auxiliary return if not res if not res.headers['WWW-Authenticate'] - print_status("[#{ip}] Authentication not required. #{datastore['PATH']} #{res.code}") + print_status("[#{ip}:#{datastore['RPORT']}#{datastore['PATH']}] Authentication not required, resp code: [#{res.code}]") return end auth_code = res.code - print_status("#{ip} requires authentication: #{res.headers['WWW-Authenticate']} [#{auth_code}]") + print_status("[#{ip}:#{datastore['RPORT']}#{datastore['PATH']}] Authentication required: #{res.headers['WWW-Authenticate']}, resp code [#{auth_code}]") report_note( :host => ip, @@ -77,10 +77,10 @@ class Metasploit3 < Msf::Auxiliary next if not resauth - print_status("[#{ip}] Testing verb #{tv}, resp code: [#{resauth.code}]") + print_status("[#{ip}:#{datastore['RPORT']}#{datastore['PATH']}] Testing verb #{tv}, resp code: [#{resauth.code}]") if resauth.code != auth_code and resauth.code <= 302 - print_good("[#{ip}] Possible authentication bypass with verb #{tv} code #{resauth.code}") + print_good("[#{ip}:#{datastore['RPORT']}#{datastore['PATH']}] Possible authentication bypass with verb #{tv}, resp code: [#{resauth.code}]") # Unable to use report_web_vuln as method is not in list of allowed methods.