rapid7 · msutovsky-r7 · May 30, 2025 · May 24, 2025
diff --git a/modules/auxiliary/scanner/dcerpc/dfscoerce.rb b/modules/auxiliary/scanner/dcerpc/dfscoerce.rb
@@ -30,7 +30,12 @@ def initialize
       'References' => [
         [ 'URL', 'https://github.com/Wh04m1001/DFSCoerce' ]
       ],
-      'License' => MSF_LICENSE
+      'License' => MSF_LICENSE,
+      'Notes' => {
+        'Stability' => [CRASH_SAFE],
+        'SideEffects' => [IOC_IN_LOGS],
+        'Reliability' => []
+      }
     )
 
     register_options(

diff --git a/modules/auxiliary/scanner/dcerpc/endpoint_mapper.rb b/modules/auxiliary/scanner/dcerpc/endpoint_mapper.rb
@@ -3,6 +3,7 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
+require 'English'
 class MetasploitModule < Msf::Auxiliary
 
   # Exploit mixins should be called first
@@ -15,66 +16,70 @@ class MetasploitModule < Msf::Auxiliary
 
   def initialize
     super(
-      'Name'        => 'Endpoint Mapper Service Discovery',
+      'Name' => 'Endpoint Mapper Service Discovery',
       'Description' => %q{
         This module can be used to obtain information from the
         Endpoint Mapper service.
       },
-      'Author'      => 'hdm',
-      'License'     => MSF_LICENSE
+      'Author' => 'hdm',
+      'License' => MSF_LICENSE,
+      'Notes' => {
+        'Stability' => [CRASH_SAFE],
+        'SideEffects' => [],
+        'Reliability' => []
+      }
     )
 
     register_options(
       [
         Opt::RPORT(135)
-      ])
+      ]
+    )
   end
 
   # Obtain information about a single host
   def run_host(ip)
-    begin
+    ids = dcerpc_endpoint_list
+    return unless ids
+
+    name = nil
+    ids.each do |id|
+      next if !id[:prot]
 
-      ids = dcerpc_endpoint_list()
-      return if not ids
-      name = nil
-      ids.each do |id|
-        next if not id[:prot]
-        line = "#{id[:uuid]} v#{id[:vers]} "
-        line << "#{id[:prot].upcase} "
-        line << "(#{id[:port]}) " if id[:port]
-        line << "(#{id[:pipe]}) " if id[:pipe]
-        line << "#{id[:host]} " if id[:host]
-        line << "[#{id[:note]}]" if id[:note]
-        print_status(line)
-        if (id[:host] and id[:host][0,2] == "\\\\")
-          name = id[:host][2..-1]
-        end
-        if id[:prot].downcase == "tcp" or id[:prot].downcase == "udp"
-          report_service(
-            :host => ip,
-            :port => id[:port],
-            :proto => id[:prot].downcase,
-            :name => "dcerpc",
-            :info => "#{id[:uuid]} v#{id[:vers]} #{id[:note]}"
-          )
-        end
+      line = "#{id[:uuid]} v#{id[:vers]} "
+      line << "#{id[:prot].upcase} "
+      line << "(#{id[:port]}) " if id[:port]
+      line << "(#{id[:pipe]}) " if id[:pipe]
+      line << "#{id[:host]} " if id[:host]
+      line << "[#{id[:note]}]" if id[:note]
+      print_status(line)
+      if id[:host] && (id[:host][0, 2] == '\\\\')
+        name = id[:host][2..]
       end
-      report_host(:host => ip, :name => name) if name
+      next unless (id[:prot].downcase == 'tcp') || (id[:prot].downcase == 'udp')
+
       report_service(
-        :host => ip,
-        :port => rport,
-        :proto => 'tcp',
-        :name => "dcerpc",
-        :info => "Endpoint Mapper (#{ids.length} services)"
+        host: ip,
+        port: id[:port],
+        proto: id[:prot].downcase,
+        name: 'dcerpc',
+        info: "#{id[:uuid]} v#{id[:vers]} #{id[:note]}"
       )
-
-    rescue ::Interrupt
-      raise $!
-    rescue ::Rex::Proto::DCERPC::Exceptions::Fault
-    rescue ::Exception => e
-      print_error("#{ip}:#{rport} error: #{e}")
     end
-  end
-
 
+    report_host(host: ip, name: name) if name
+    report_service(
+      host: ip,
+      port: rport,
+      proto: 'tcp',
+      name: 'dcerpc',
+      info: "Endpoint Mapper (#{ids.length} services)"
+    )
+  rescue ::Interrupt
+    raise $ERROR_INFO
+  rescue ::Rex::Proto::DCERPC::Exceptions::Fault => e
+    vprint_error("#{ip}:#{rport} error: #{e}")
+  rescue StandardError => e
+    print_error("#{ip}:#{rport} error: #{e}")
+  end
 end
diff --git a/modules/auxiliary/scanner/dcerpc/hidden.rb b/modules/auxiliary/scanner/dcerpc/hidden.rb
@@ -25,7 +25,12 @@ def initialize
       and analyzed to see whether anonymous access is permitted.
       },
       'Author' => 'hdm',
-      'License' => MSF_LICENSE
+      'License' => MSF_LICENSE,
+      'Notes' => {
+        'Stability' => [CRASH_SAFE],
+        'SideEffects' => [],
+        'Reliability' => []
+      }
     )
 
     deregister_options('RPORT')
@@ -76,17 +81,17 @@ def run_host(ip)
           dcerpc.call(0, NDR.long(0) * 128)
           call = true
 
-          if (!dcerpc.last_response.nil? && !dcerpc.last_response.stub_data.nil?)
+          if !dcerpc.last_response.nil? && !dcerpc.last_response.stub_data.nil?
             data = dcerpc.last_response.stub_data
           end
         rescue ::Interrupt
           raise $ERROR_INFO
-        rescue ::Exception => e
+        rescue StandardError => e
           error = e.to_s
         end
 
         if error
-          if error =~ (/DCERPC FAULT/) && error !~ (/nca_s_fault_access_denied/)
+          if error =~ /DCERPC FAULT/ && error !~ /nca_s_fault_access_denied/
             call = true
           else
             elog(e)
@@ -103,20 +108,18 @@ def run_host(ip)
         print_status(status)
         print_status('')
 
-        ## Add Report
         report_note(
           host: ip,
           proto: 'tcp',
           port: datastore['RPORT'],
           type: "DCERPC HIDDEN: UUID #{id[0]} v#{id[1]}",
-          data: { :status => status }
+          data: { status: status }
         )
       end
     end
   rescue ::Interrupt
     raise $ERROR_INFO
-  rescue ::Exception => e
+  rescue StandardError => e
     print_status("Error: #{e}")
   end
-
 end
diff --git a/modules/auxiliary/scanner/dcerpc/management.rb b/modules/auxiliary/scanner/dcerpc/management.rb
@@ -3,6 +3,7 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
+require 'English'
 class MetasploitModule < Msf::Auxiliary
 
   # Exploit mixins should be called first
@@ -15,71 +16,72 @@ class MetasploitModule < Msf::Auxiliary
 
   def initialize
     super(
-      'Name'        => 'Remote Management Interface Discovery',
+      'Name' => 'Remote Management Interface Discovery',
       'Description' => %q{
         This module can be used to obtain information from the Remote
         Management Interface DCERPC service.
       },
-      'Author'      => 'hdm',
-      'License'     => MSF_LICENSE
+      'Author' => 'hdm',
+      'License' => MSF_LICENSE,
+      'Notes' => {
+        'Stability' => [CRASH_SAFE],
+        'SideEffects' => [],
+        'Reliability' => []
+      }
     )
 
     register_options(
       [
         Opt::RPORT(135)
-      ])
+      ]
+    )
   end
 
   # Obtain information about a single host
   def run_host(ip)
-    begin
-
-      ids = dcerpc_mgmt_inq_if_ids(rport)
-      return if not ids
-      ids.each do |id|
-        print_status("UUID #{id[0]} v#{id[1]}")
-
-        reportdata = ""
+    ids = dcerpc_mgmt_inq_if_ids(rport)
+    return unless ids
 
-        stats = dcerpc_mgmt_inq_if_stats(rport)
-        if stats
-          print_status("\t stats: " + stats.map{|i| "0x%.8x" % i}.join(", "))
-          reportdata << "stats: " + stats.map{|i| "0x%.8x" % i}.join(", ") + " "
-        end
+    ids.each do |id|
+      print_status("UUID #{id[0]} v#{id[1]}")
 
-        live  = dcerpc_mgmt_is_server_listening(rport)
-        if live
-          print_status("\t listening: %.8x" % live)
-          #reportdata << "listening: %.8x" % live + " "
-        end
+      reportdata = ''
 
-        dead  = dcerpc_mgmt_stop_server_listening(rport)
-        if dead
-          print_status("\t killed: %.8x" % dead)
-          #reportdata << "killed: %.8x" % dead + " "
-        end
+      stats = dcerpc_mgmt_inq_if_stats(rport)
+      if stats
+        print_status("\t stats: " + stats.map { |i| '0x%.8x' % i }.join(', '))
+        reportdata << 'stats: ' + stats.map { |i| '0x%.8x' % i }.join(', ') + ' '
+      end
 
-        princ = dcerpc_mgmt_inq_princ_name(rport)
-        if princ
-          print_status("\t name: #{princ.unpack("H*")[0]}")
-          #reportdata << "name: #{princ.unpack("H*")[0]}"
-        end
+      live = dcerpc_mgmt_is_server_listening(rport)
+      if live
+        print_status("\t listening: %.8x" % live)
+        # reportdata << "listening: %.8x" % live + " "
+      end
 
-        # Add Report
-        report_note(
-          :host   => ip,
-          :proto  => 'tcp',
-          :port   => datastore['RPORT'],
-          :type   => "DCERPC UUID #{id[0]} v#{id[1]}",
-          :data   => { :report_data => reportdata }
-        )
+      dead = dcerpc_mgmt_stop_server_listening(rport)
+      if dead
+        print_status("\t killed: %.8x" % dead)
+        # reportdata << "killed: %.8x" % dead + " "
+      end
 
+      princ = dcerpc_mgmt_inq_princ_name(rport)
+      if princ
+        print_status("\t name: #{princ.unpack('H*')[0]}")
+        # reportdata << "name: #{princ.unpack("H*")[0]}"
       end
 
-    rescue ::Interrupt
-      raise $!
-    rescue ::Exception => e
-      print_error("Error: #{e}")
+      report_note(
+        host: ip,
+        proto: 'tcp',
+        port: datastore['RPORT'],
+        type: "DCERPC UUID #{id[0]} v#{id[1]}",
+        data: { report_data: reportdata }
+      )
     end
+  rescue ::Interrupt
+    raise $ERROR_INFO
+  rescue StandardError => e
+    print_error("Error: #{e}")
   end
 end