retn versions in chk_setup, tests to reflect, doc

documentation/modules/auxiliary/scanner/http/phpmyadmin_login.md

@@ -15,7 +15,7 @@
 
 ## Scenarios
 
-### Tested on PhpMyAdmin Versions 4.8.2, 4.8.1, 4.0.10.20
+### Tested on PhpMyAdmin Versions 4.0.10.20, 4.5.0, 4.8.1, 4.8.2, 5.0
 
   ```
   msf5 > use auxiliary/scanner/http/phpmyadmin_login
@@ -26,11 +26,8 @@
   msf5 auxiliary(scanner/http/phpmyadmin_login) > set password password
   password => password
   msf5 auxiliary(scanner/http/phpmyadmin_login) > run
-  PhpMyAdmin Version: 4.8.2
-  Token here: !il&>s3]t28i34x7
-  Session ID: sruks7tm3bnh6jljb8h1q9gh6u
-  Cookies: pma_lang=en; phpMyAdmin=anttidd9jgc8c2qnhn0kq4sshu;
 
+  [*] PhpMyAdmin Version: 4.8.2
   [+] 192.168.37.151:80 - Success: 'root:password'
   [*] Scanned 1 of 1 hosts (100% complete)
   [*] Auxiliary module execution completed

lib/metasploit/framework/login_scanner/phpmyadmin.rb

@@ -9,14 +9,14 @@ module Metasploit
         LOGIN_STATUS = Metasploit::Model::Login::Status
 
         def check_setup
+          version = "Not Detected"
           res = send_request({ 'uri' => uri })
 
           if res && res.body.include?('phpMyAdmin')
             if res.body =~ /PMA_VERSION:"(\d+\.\d+\.\d+)"/
               version = Gem::Version.new($1)
-              puts "PhpMyAdmin Version: #{version.to_s}"
             end
-            return true
+            return version.to_s
           end
 
           false
@@ -32,9 +32,6 @@ module Metasploit
           token = Rex::Text.html_decode(res.body.scan(/token"\s*value="(.*?)"/).flatten[0])
           cookies = res.get_cookies.split[-2..-1].join(' ')
           
-          puts "Token here: #{token}"
-          puts "Session ID: #{session_id}"
-          puts "Cookies: #{cookies}"
           info = [session_id, token, cookies]
           return no_connect if (info.empty? || session_id.empty? || token.empty? || cookies.empty?)
 

modules/auxiliary/scanner/http/phpmyadmin_login.rb

@@ -103,11 +103,14 @@ class MetasploitModule < Msf::Auxiliary
   end
 
   def run_host(ip)
-    unless scanner(ip).check_setup
+    phpmyadmin_res = scanner(ip).check_setup
+    unless phpmyadmin_res
       print_brute(:level => :error, :ip => ip, :msg => "PhpMyAdmin is not available")
       return
     end
 
+    print_status("PhpMyAdmin Version: #{phpmyadmin_res}")
+
     scanner(ip).scan! do |result|
         case result.status
         when Metasploit::Model::Login::Status::SUCCESSFUL

spec/lib/metasploit/framework/login_scanner/phpmyadmin_spec.rb

@@ -51,15 +51,14 @@ RSpec.describe Metasploit::Framework::LoginScanner::PhpMyAdmin do
   describe '#check_setup' do
     let(:phpMyAdmin_res) do
       res = Rex::Proto::Http::Response.new(200, 'OK')
-      res.body = '<h1>Welcome to <bdo dir="ltr" lang="en">phpMyAdmin</bdo></h1>'
+      res.body = '<h1>Welcome to <bdo dir="ltr" lang="en">phpMyAdmin</bdo></h1> PMA_VERSION:"4.8.2"'
       res
     end
 
-    context 'when the target is PhpMyAdmin' do
-      let(:response) { phpMyAdmin_res }
-      it 'should return true' do
-        expect(subject.check_setup).to eql(true)
-      end
+    let(:phpMyAdmin_no_vers) do
+      res = Rex::Proto::Http::Response.new(200, 'OK')
+      res.body = '<h1>Welcome to <bdo dir="ltr" lang="en">phpMyAdmin</bdo></h1>'
+      res
     end
 
     context 'when the target is not PhpMyAdmin' do
@@ -67,6 +66,20 @@ RSpec.describe Metasploit::Framework::LoginScanner::PhpMyAdmin do
         expect(subject.check_setup).to eql(false)
       end
     end
+
+    context 'when the version of PhpMyAdmin is detected' do
+      let(:response) { phpMyAdmin_res }
+      it 'should return the version' do
+        expect(subject.check_setup).to eql("4.8.2")
+      end
+    end
+
+    context 'when the version of PhpMyAdmin is not detected' do
+      let(:response) { phpMyAdmin_no_vers }
+      it 'should return "Not Detected"' do
+        expect(subject.check_setup).to eql("Not Detected")
+      end
+    end
   end
 
   describe '#get_session_info' do