RegEx Replacement Warning in smb_version

[ccurzio]

Steps to reproduce

How'd you do it?

1. Start msfconsole
2. use auxiliary/scanner/smb
3. set RHOST xxx.xxx.xxx.xxx
4. exploit

Were you following a specific guide/tutorial or reading documentation?

No.

Current behavior

RegEx Warning:

/usr/share/metasploit-framework/vendor/bundle/ruby/3.3.0/gems/recog-3.1.16/lib/recog/fingerprint/regexp_factory.rb:34: warning: nested repeat operator '+' and '?' was replaced with '*' in regular expression

Metasploit version

Framework: 6.4.56-dev
Console : 6.4.56-dev

Module/Datastore

The following global/module datastore, and database setup was configured before the issue occurred:

Collapse

[framework/core]
loglevel=3

[framework/ui/console]
ActiveModule=auxiliary/scanner/smb/smb_version

[scanner/smb/smb_version]
RHOSTS=REDACTED
WORKSPACE=
VERBOSE=false
RPORT=
SSL=false
SSLServerNameIndication=
SSLVersion=Auto
SSLVerifyMode=PEER
SSLCipher=
Proxies=
CPORT=
CHOST=
ConnectTimeout=10
TCP::max_send_size=0
TCP::send_delay=0
DCERPC::max_frag_size=4096
DCERPC::fake_bind_multi=true
DCERPC::fake_bind_multi_prepend=0
DCERPC::fake_bind_multi_append=0
DCERPC::smb_pipeio=rw
DCERPC::ReadTimeout=10
NTLM::UseNTLMv2=true
NTLM::UseNTLM2_session=true
NTLM::SendLM=true
NTLM::UseLMKey=false
NTLM::SendNTLM=true
NTLM::SendSPN=true
SMB::pipe_evasion=false
SMB::pipe_write_min_size=1
SMB::pipe_write_max_size=1024
SMB::pipe_read_min_size=1
SMB::pipe_read_max_size=1024
SMB::pad_data_level=0
SMB::pad_file_level=0
SMB::obscure_trans_pipe_level=0
SMBDirect=true
SMBUser=
SMBPass=
SMBDomain=.
SMBName=*SMBSERVER
SMB::VerifySignature=false
SMB::ChunkSize=500
SMB::Native_OS=Windows 2000 2195
SMB::Native_LM=Windows 2000 5.0
SMB::AlwaysEncrypt=true
THREADS=1
ShowProgress=true
ShowProgressPercent=10
KrbCacheMode=read-write
SMB::Auth=auto
SMB::Rhostname=
DomainControllerRhost=
SMB::Krb5Ccname=
SMB::KrbOfferedEncryptionTypes=AES256,AES128,RC4-HMAC,DES-CBC-MD5,DES3-CBC-SHA1

Database Configuration

The database contains the following information:

Collapse

Session Type: postgresql selected, no connection

Framework Configuration

The features are configured as follows:

Collapse

name	enabled
wrapped_tables	true
fully_interactive_shells	false
manager_commands	false
metasploit_payload_warnings	true
defer_module_loads	false
smb_session_type	true
postgresql_session_type	true
mysql_session_type	true
mssql_session_type	true
ldap_session_type	true
show_successful_logins	false
dns	true
hierarchical_search_table	true
display_module_action	true

History

The following commands were ran during the session and before this issue occurred:

Collapse

14     set loglevel 3
15     use auxiliary/scanner/smb/smb_version
16     set RHOST REDACTED
17     exploit
18     debug

Framework Errors

The following framework errors occurred before the issue occurred:

Collapse

[05/02/2025 09:40:03] [e(0)] core: Failed to connect to the database: No database YAML file
[05/02/2025 09:40:32] [e(0)] core: Failed to open history file: /home/pilot/.msf4/history with error: No such file or directory @ rb_sysopen - /home/pilot/.msf4/history
[05/02/2025 09:40:50] [e(0)] core: Module auxiliary/scanner/smb not found, and no loading errors found. If you're using a custom module refer to our wiki: https://docs.metasploit.com/docs/using-metasploit/intermediate/running-private-modules.html
[05/02/2025 09:51:58] [e(0)] core: Failed to connect to the database: No database YAML file
[05/02/2025 09:53:14] [e(0)] core: Failed to connect to the database: No database YAML file

Web Service Errors

The following web service errors occurred before the issue occurred:

Collapse

msf-ws.log does not exist.

Framework Logs

The following framework logs were recorded before the issue occurred:

Collapse

[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/armle/shell have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/mipsbe/meterpreter have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/mipsbe/shell have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/aarch64/meterpreter have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/aarch64/shell have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/mipsle/meterpreter have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/mipsle/shell have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/x64/meterpreter have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/x64/shell have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/x86/vforkshell have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/x86/isight have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/x86/bundleinject have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/armle/execute have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/armle/shell have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/ppc/shell have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/aarch64/meterpreter have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/x64/dupandexecve have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/x64/meterpreter have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage netware/shell have incompatible platforms: ["Android"] - ["Netware"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage java/meterpreter have incompatible platforms: ["Android"] - ["Java"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage java/shell have incompatible platforms: ["Android"] - ["Java"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage bsdi/x86/shell have incompatible platforms: ["Android"] - ["BSDi"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage python/meterpreter have incompatible platforms: ["Android"] - ["Python"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/vncinject have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/meterpreter have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/patchupdllinject have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/patchupmeterpreter have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/custom have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/dllinject have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/upexec have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/peinject have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/shell have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/x64/vncinject have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/x64/meterpreter have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/x64/custom have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/x64/peinject have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/x64/shell have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(3)] core: Checking compat [ with ]: javasocket to javaurl
[05/02/2025 09:53:38] [d(3)] core: Checking compat [ with ]: javaurl to javaurl
[05/02/2025 09:53:38] [d(1)] core: Module  is compatible with
[05/02/2025 09:53:38] [d(3)] core: Checking compat [ with ]: javasocket to javaurl
[05/02/2025 09:53:38] [d(3)] core: Checking compat [ with ]: javaurl to javaurl
[05/02/2025 09:53:38] [d(1)] core: Module  is compatible with
[05/02/2025 09:53:38] [d(2)] core: Built staged payload android/meterpreter/reverse_https.
[05/02/2025 09:53:38] [d(1)] core: Module  is compatible with
[05/02/2025 09:53:38] [d(1)] core: Module  is compatible with
[05/02/2025 09:53:38] [d(2)] core: Built staged payload android/shell/reverse_https.
[05/02/2025 09:53:41] [i(2)] core: Reloading auxiliary module scanner/smb/smb_version. Ambiguous module warnings are safe to ignore
[05/02/2025 09:53:52] [d(0)] core: SMB version(s) to negotiate: [1]
[05/02/2025 09:53:52] [d(0)] core: Negotiated SMB version: SMB1

Web Service Logs

The following web service logs were recorded before the issue occurred:

Collapse

msf-ws.log does not exist.

Version/Install

The versions and install method of your Metasploit setup:

Collapse

Framework: 6.4.56-dev
Ruby: ruby 3.3.7 (2025-01-15 revision be31f993d7) [x86_64-linux-gnu]
OpenSSL: OpenSSL 3.4.0 22 Oct 2024
Install Root: /usr/share/metasploit-framework
Session Type: postgresql selected, no connection
Install Method: Other - Please specify

[github-actions]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.