Merge target info into the module info

lib/msf/core/module.rb

@@ -126,10 +126,10 @@ def initialize(info = {})
       info_fixups
 
       # Transform some of the fields to arrays as necessary
-      self.author = Msf::Author.transform(module_info['Author'])
-      self.arch = Rex::Transformer.transform(module_info['Arch'], Array, [ String ], 'Arch')
-      self.platform = PlatformList.transform(module_info['Platform'])
-      self.references = Rex::Transformer.transform(module_info['References'], Array, [ SiteReference, Reference ], 'Ref')
+      self.author = Msf::Author.transform(merge_module_info_with_target_info(module_info, 'Author'))
+      self.arch = Rex::Transformer.transform(merge_module_info_with_target_info(module_info, 'Arch'), Array, [ String ], 'Arch')
+      self.platform = PlatformList.transform(merge_module_info_with_target_info(module_info, 'Platform'))
+      self.references = Rex::Transformer.transform(merge_module_info_with_target_info(module_info, 'References'), Array, [ SiteReference, Reference ], 'Ref')
 
       # Create and initialize the option container for this module
       self.options = Msf::OptionContainer.new
@@ -457,12 +457,20 @@ def set_defaults
       self.module_store = {}
     end
 
+    def merge_module_info_with_target_info(module_info, key)
+      entries = Array.wrap(module_info[key])
+      if (module_targets = module_info['Targets'])
+        module_targets.each do |_target_name, target_info|
+          entries += Array.wrap(target_info[key])
+        end
+      end
+      entries.uniq
+    end
+
     attr_writer   :platform, :references # :nodoc:
     attr_writer   :privileged # :nodoc:
     attr_writer   :license # :nodoc:
 
-
-
   end
 
 end

modules/exploits/aix/rpc_cmsd_opcode21.rb

@@ -34,7 +34,6 @@ def initialize(info = {})
           [ 'URL', 'https://web.archive.org/web/20091013155835/http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825' ],
           [ 'URL', 'https://web.archive.org/web/20221204155746/http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc' ]
         ],
-        'Platform' => [ 'aix' ],
         'Payload' => {
           'Space' => 4104,
           'BadChars' => "\x00",

modules/exploits/aix/rpc_ttdbserverd_realpath.rb

@@ -22,7 +22,6 @@ def initialize(info = {})
           'Ramon de C Valle',
           'Adriano Lima <adriano[at]risesecurity.org>',
         ],
-        'Platform' => [ 'aix' ],
         'References' => [
           [ 'CVE', '2009-2727'],
           [ 'OSVDB', '55151' ]

modules/exploits/android/adb/adb_server_exec.rb

@@ -22,7 +22,6 @@ def initialize(info = {})
         'License' => MSF_LICENSE,
         'DefaultOptions' => { 'PAYLOAD' => 'linux/armle/shell_reverse_tcp' },
         'Platform' => 'linux',
-        'Arch' => [ARCH_ARMLE, ARCH_X86, ARCH_X64, ARCH_MIPSLE],
         'Targets' => [
           ['armle', { 'Arch' => ARCH_ARMLE }],
           ['x86', { 'Arch' => ARCH_X86 }],

modules/exploits/android/local/su_exec.rb

@@ -35,7 +35,6 @@ def initialize(info = {})
           'DisclosureDate' => '2017-08-31',
           'SessionTypes' => [ 'meterpreter', 'shell' ],
           'Platform' => [ 'android', 'linux' ],
-          'Arch' => [ ARCH_AARCH64, ARCH_ARMLE, ARCH_X86, ARCH_X64, ARCH_MIPSLE ],
           'Targets' => [
             ['aarch64', { 'Arch' => ARCH_AARCH64 }],
             ['armle', { 'Arch' => ARCH_ARMLE }],

modules/exploits/apple_ios/browser/safari_libtiff.rb

@@ -46,7 +46,6 @@ def initialize(info = {})
               ].pack('V*')
         },
         'Arch' => ARCH_ARMLE,
-        'Platform' => %w[osx],
         'Targets' => [
           [
             'MobileSafari iPhone Mac OS X (1.00, 1.01, 1.02, 1.1.1)',

modules/exploits/apple_ios/email/mobilemail_libtiff.rb

@@ -38,7 +38,6 @@ def initialize(info = {})
           }
         },
         'Arch' => ARCH_ARMLE,
-        'Platform' => %w[osx],
         'Targets' => [
           [
             'MobileSafari iPhone Mac OS X (1.00, 1.01, 1.02, 1.1.1)',

modules/exploits/firefox/local/exec_shellcode.rb

@@ -22,7 +22,6 @@ def initialize(info = {})
         },
         'License' => MSF_LICENSE,
         'Author' => [ 'joev' ],
-        'Platform' => [ 'firefox' ],
         'DisclosureDate' => '2014-03-10',
         'Targets' => [
           [

modules/exploits/freebsd/http/citrix_dir_traversal_rce.rb

@@ -46,8 +46,6 @@ def initialize(info = {})
         ],
         'DisclosureDate' => '2019-12-17',
         'License' => MSF_LICENSE,
-        'Platform' => ['python', 'unix'],
-        'Arch' => [ARCH_PYTHON, ARCH_CMD],
         'Privileged' => false,
         'Targets' => [
           [

modules/exploits/freebsd/http/junos_phprc_auto_prepend_file.rb

@@ -50,9 +50,7 @@ def initialize(info = {})
           [ 'CVE', '2023-36845']
         ],
         'License' => MSF_LICENSE,
-        'Platform' => %w[php unix],
         'Privileged' => false,
-        'Arch' => [ARCH_PHP, ARCH_CMD],
         'Targets' => [
           [
             'PHP In-Memory',

modules/exploits/linux/http/acronis_cyber_infra_cve_2023_45249.rb

@@ -46,9 +46,7 @@ def initialize(info = {})
           ['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
         ],
         'License' => MSF_LICENSE,
-        'Platform' => ['unix', 'linux'],
         'Privileged' => true,
-        'Arch' => [ARCH_CMD],
         'Targets' => [
           [
             'Unix/Linux Command',

modules/exploits/linux/http/aitemi_m300_time_rce.rb

@@ -32,8 +32,7 @@ def initialize(info = {})
           ['URL', 'https://chocapikk.com/posts/2025/when-a-wifi-name-gives-you-root-part-two/'],
           ['CVE', '2025-34152']
         ],
-        'Platform' => %(linux unix),
-        'Arch' => [ARCH_CMD, ARCH_MIPSBE],
+        'Platform' => %w[linux unix],
         'Payload' => {
           'BadChars' => "\x60"
         },

modules/exploits/linux/http/apache_druid_js_rce.rb

@@ -39,15 +39,13 @@ def initialize(info = {})
           'Litch1, Security Team of Alibaba Cloud', # Vulnerability discovery
           'je5442804' # Metasploit module
         ],
-        'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
         'References' => [
           ['CVE', '2021-25646'],
           ['URL', 'https://lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3E'],
           ['URL', 'https://github.com/yaunsky/cve-2021-25646/blob/main/cve-2021-25646.py']
         ],
         'DisclosureDate' => '2021-01-21',
         'License' => MSF_LICENSE,
-        'Platform' => ['unix', 'linux'],
         'Targets' => [
           [
             'Linux (dropper)', {

modules/exploits/linux/http/apache_ofbiz_deserialization.rb

@@ -43,8 +43,6 @@ def initialize(info = {})
         ],
         'DisclosureDate' => '2020-07-13', # Vendor release note
         'License' => MSF_LICENSE,
-        'Platform' => ['unix', 'linux'],
-        'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
         'Privileged' => false,
         'Targets' => [
           [

modules/exploits/linux/http/apache_ofbiz_deserialization_soap.rb

@@ -39,8 +39,6 @@ def initialize(info = {})
         ],
         'DisclosureDate' => '2021-03-22', # NVD publish date
         'License' => MSF_LICENSE,
-        'Platform' => ['unix', 'linux'],
-        'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
         'Privileged' => false,
         'Targets' => [
           [

modules/exploits/linux/http/apache_solr_backup_restore.rb

@@ -35,9 +35,7 @@ def initialize(info = {})
           [ 'CVE', '2023-50386']
         ],
         'License' => MSF_LICENSE,
-        'Platform' => %w[unix linux],
         'Privileged' => false,
-        'Arch' => [ ARCH_CMD ],
         'Targets' => [
           [
             'Unix Command',

modules/exploits/linux/http/apache_spark_rce_cve_2022_33891.rb

@@ -43,8 +43,6 @@ def initialize(info = {})
           'SSL' => false,
           'WfsDelay' => 5
         },
-        'Platform' => %w[unix linux],
-        'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
         'Targets' => [
           [
             'Unix (In-Memory)',

modules/exploits/linux/http/appsmith_rce_cve_2024_55964.rb

@@ -27,7 +27,6 @@ def initialize(info = {})
           ['URL', 'https://rhinosecuritylabs.com/research/cve-2024-55963-unauthenticated-rce-in-appsmith/'],
           ['URL', 'https://github.com/RhinoSecurityLabs/CVEs/blob/master/CVE-2024-55963/poc.py'],
         ],
-        'Platform' => %w[linux],
         'Targets' => [
           [
             'Linux Command', {

modules/exploits/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb

@@ -35,8 +35,6 @@ def initialize(info = {})
           'SSL' => true,
           'RPort' => 9000
         },
-        'Platform' => %w[unix linux],
-        'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
         'Targets' => [
           [
             'Unix Command',

modules/exploits/linux/http/artica_proxy_unauth_rce_cve_2024_2054.rb

@@ -33,8 +33,6 @@ def initialize(info = {})
           ['PACKETSTORM', '177482']
         ],
         'DisclosureDate' => '2024-03-05',
-        'Platform' => ['php', 'unix', 'linux'],
-        'Arch' => [ARCH_PHP, ARCH_CMD, ARCH_X64, ARCH_X86],
         'Privileged' => false,
         'Targets' => [
           [

modules/exploits/linux/http/axis_app_install.rb

@@ -38,8 +38,6 @@ def initialize(info = {})
           [ 'URL', 'https://www.axis.com/support/developer-support/axis-camera-application-platform']
         ],
         'DisclosureDate' => '2018-04-12',
-        'Platform' => ['linux'],
-        'Arch' => [ARCH_ARMLE],
         'Privileged' => true,
         'Targets' => [
           [

modules/exploits/linux/http/axis_srv_parhand_rce.rb

@@ -39,34 +39,36 @@ def initialize(info = {})
         ],
         'DisclosureDate' => '2018-06-18',
         'License' => MSF_LICENSE,
-        'Platform' => ['unix', 'linux'],
-        'Arch' => [ARCH_CMD, ARCH_ARMLE],
         'Privileged' => true,
         'Targets' => [
           [
             'Unix In-Memory',
-            'Platform' => 'unix',
-            'Arch' => ARCH_CMD,
-            'Type' => :unix_memory,
-            'Payload' => {
-              'BadChars' => ' ',
-              'Encoder' => 'cmd/ifs',
-              'Compat' => {
-                'PayloadType' => 'cmd',
-                'RequiredCmd' => 'netcat-e'
+            {
+              'Platform' => 'unix',
+              'Arch' => ARCH_CMD,
+              'Type' => :unix_memory,
+              'Payload' => {
+                'BadChars' => ' ',
+                'Encoder' => 'cmd/ifs',
+                'Compat' => {
+                  'PayloadType' => 'cmd',
+                  'RequiredCmd' => 'netcat-e'
+                }
+              },
+              'DefaultOptions' => {
+                'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
               }
-            },
-            'DefaultOptions' => {
-              'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
             }
           ],
           [
             'Linux Dropper',
-            'Platform' => 'linux',
-            'Arch' => ARCH_ARMLE,
-            'Type' => :linux_dropper,
-            'DefaultOptions' => {
-              'PAYLOAD' => 'linux/armle/meterpreter_reverse_tcp'
+            {
+              'Platform' => 'linux',
+              'Arch' => ARCH_ARMLE,
+              'Type' => :linux_dropper,
+              'DefaultOptions' => {
+                'PAYLOAD' => 'linux/armle/meterpreter_reverse_tcp'
+              }
             }
           ]
         ],
@@ -103,7 +105,7 @@ def exploit
     end
   end
 
-  def execute_command(cmd, opts = {})
+  def execute_command(cmd, _opts = {})
     send_request_cgi(
       'method' => 'POST',
       'uri' => "/index.html/#{rand_srv}",

modules/exploits/linux/http/bitbucket_git_cmd_injection.rb

@@ -38,9 +38,7 @@ def initialize(info = {})
           [ 'URL', 'https://www.rapid7.com/blog/post/2022/09/20/cve-2022-36804-easily-exploitable-vulnerability-in-atlassian-bitbucket-server-and-data-center/' ],
           [ 'CVE', '2022-36804' ]
         ],
-        'Platform' => [ 'linux' ],
         'Privileged' => false,
-        'Arch' => [ ARCH_X86, ARCH_X64, ARCH_CMD ],
         'Targets' => [
           [
             'Linux Dropper',

modules/exploits/linux/http/cacti_unauthenticated_cmd_injection.rb

@@ -59,8 +59,6 @@ def initialize(info = {})
         'DefaultOptions' => {
           'RPORT' => 8080
         },
-        'Platform' => %w[unix linux],
-        'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
         'Targets' => [
           [
             'Automatic (Unix In-Memory)',

modules/exploits/linux/http/centreon_auth_rce_cve_2025_5946.rb

@@ -32,9 +32,7 @@ def initialize(info = {})
           ['URL', 'https://attackerkb.com/topics/23D4cUoBZj/cve-2025-5946']
         ],
         'License' => MSF_LICENSE,
-        'Platform' => ['unix', 'linux'],
         'Privileged' => false,
-        'Arch' => [ARCH_CMD],
         'Targets' => [
           [
             'Unix/Linux Command',

modules/exploits/linux/http/centreon_pollers_auth_rce.rb

@@ -31,8 +31,6 @@ def initialize(info = {})
         ],
         'DisclosureDate' => '2020-01-27',
         'License' => MSF_LICENSE,
-        'Platform' => ['linux', 'unix'],
-        'Arch' => [ARCH_CMD, ARCH_X64],
         'Privileged' => true,
         'Targets' => [
           [

modules/exploits/linux/http/chamilo_bigupload_webshell.rb

@@ -34,9 +34,7 @@ def initialize(info = {})
           [ 'CVE', '2023-4220']
         ],
         'License' => MSF_LICENSE,
-        'Platform' => %w[php],
         'Privileged' => false,
-        'Arch' => [ ARCH_PHP ],
         'Targets' => [
           [
             'PHP',

modules/exploits/linux/http/chamilo_unauth_rce_cve_2023_34960.rb

@@ -35,9 +35,7 @@ def initialize(info = {})
           ['URL', 'https://attackerkb.com/topics/VVJpMeSpUP/cve-2023-34960']
         ],
         'License' => MSF_LICENSE,
-        'Platform' => ['php', 'unix', 'linux'],
         'Privileged' => false,
-        'Arch' => [ARCH_PHP, ARCH_CMD, ARCH_X64, ARCH_X86, ARCH_AARCH64],
         'Targets' => [
           [
             'PHP',

modules/exploits/linux/http/cisco_asax_sfr_rce.rb

@@ -50,8 +50,6 @@ def initialize(info = {})
           [ 'URL', 'https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html']
         ],
         'DisclosureDate' => '2022-06-22',
-        'Platform' => ['unix', 'linux'],
-        'Arch' => [ARCH_CMD, ARCH_X64,],
         'Privileged' => true,
         'Targets' => [
           [

modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb

@@ -33,8 +33,6 @@ def initialize(info = {})
         ],
         'DisclosureDate' => '2021-05-05',
         'License' => MSF_LICENSE,
-        'Platform' => ['unix', 'linux'],
-        'Arch' => [ARCH_X86, ARCH_X64, ARCH_JAVA],
         'Privileged' => false, # Privesc left as an exercise for the reader
         'Targets' => [
           [

modules/exploits/linux/http/cisco_hyperflex_hx_data_platform_cmd_exec.rb

@@ -35,8 +35,6 @@ def initialize(info = {})
         ],
         'DisclosureDate' => '2021-05-05',
         'License' => MSF_LICENSE,
-        'Platform' => ['unix', 'linux'],
-        'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
         'Privileged' => false, # Privesc left as an exercise for the reader
         'Targets' => [
           [

modules/exploits/linux/http/cisco_rv340_lan.rb

@@ -24,14 +24,12 @@ def initialize(info = {})
           versions 1.0.03.24 and below.
         },
         'License' => MSF_LICENSE,
-        'Platform' => ['linux', 'unix'],
         'Author' => [
           'Biem Pham',  # Vulnerability Discoveries
           'Neterum',    # Metasploit Module
           'jbaines-r7'  # Inspired from cisco_rv_series_authbypass_and_rce.rb
         ],
         'DisclosureDate' => '2021-11-02',
-        'Arch' => [ARCH_CMD, ARCH_ARMLE],
         'References' => [
           ['CVE', '2022-20705'], # Authentication Bypass
           ['CVE', '2022-20707'], # Command Injection

modules/exploits/linux/http/cisco_rv_series_authbypass_and_rce.rb

@@ -41,8 +41,6 @@ def initialize(info = {})
           [ 'URL', 'https://www.iot-inspector.com/blog/advisory-cisco-rv34x-authentication-bypass-remote-command-execution/' ]
         ],
         'DisclosureDate' => '2021-04-07',
-        'Platform' => ['unix', 'linux'],
-        'Arch' => [ARCH_CMD, ARCH_ARMLE],
         'Privileged' => false,
         'Targets' => [
           [