Skip to content

Fix #21296 - Add Msf::Auxiliary::Report#21314

Open
g0tmi1k wants to merge 1 commit intorapid7:masterfrom
g0tmi1k:report_vuln
Open

Fix #21296 - Add Msf::Auxiliary::Report#21314
g0tmi1k wants to merge 1 commit intorapid7:masterfrom
g0tmi1k:report_vuln

Conversation

@g0tmi1k
Copy link
Copy Markdown
Contributor

@g0tmi1k g0tmi1k commented Apr 16, 2026
edited
Loading

Fix: #21296

Before

$ ./msfconsole -q -x 'db_status; workspace -D;
setg VERBOSE true; setg RHOSTS 10.0.0.10; setg LHOST tap0;'
[*] Connected to msf. Connection type: postgresql.
[*] Deleted workspace: default
[*] Recreated the default workspace
VERBOSE => true
RHOSTS => 10.0.0.10
LHOST => tap0
msf > git checkout master
[*] exec: git checkout master

Already on 'master'
Your branch is up to date with 'origin/master'.
msf > use auxiliary/scanner/http/trace
msf auxiliary(scanner/http/trace) > run
[+] 10.0.0.10:80 is vulnerable to Cross-Site Tracing
[-] Auxiliary failed: Msf::ValidationError Failed to report vuln for 10.0.0.10:80 to the database
[-] Call stack:
[-]   /usr/share/metasploit-framework2/lib/msf/core/auxiliary/report.rb:300:in `report_vuln'
[-]   /usr/share/metasploit-framework2/modules/auxiliary/scanner/http/trace.rb:44:in `run_host'
[-]   /usr/share/metasploit-framework2/lib/msf/core/auxiliary/scanner.rb:130:in `block (2 levels) in run'
[-]   /usr/share/metasploit-framework2/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[*] Auxiliary module execution completed
msf auxiliary(scanner/http/trace) >
msf auxiliary(scanner/http/trace) >

After

msf auxiliary(scanner/http/trace) > git checkout report_vuln
[*] exec: git checkout report_vuln

Switched to branch 'report_vuln'
Your branch is up to date with 'origin/report_vuln'.
msf auxiliary(scanner/http/trace) > reload
[*] Reloading module...
msf auxiliary(scanner/http/trace) > workspace -D
[*] Deleted workspace: default
[*] Recreated the default workspace
msf auxiliary(scanner/http/trace) > run
[+] 10.0.0.10:80 is vulnerable to Cross-Site Tracing
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/http/trace) > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
*        default  1      1         1      0      0      0

msf auxiliary(scanner/http/trace) >

@g0tmi1k g0tmi1k force-pushed the report_vuln branch 3 times, most recently from 98cab55 to c6e09eb Compare April 24, 2026 11:15
@bwatters-r7
Copy link
Copy Markdown
Contributor

bwatters-r7 commented Apr 30, 2026

  1. Would this be better to add to the parent auxiliary class rather than the individual auxiliary modules?
  2. Can you drop in a before/after for at least 1 module?

@g0tmi1k
Copy link
Copy Markdown
Contributor Author

g0tmi1k commented Apr 30, 2026
edited
Loading

Thanks for getting back to me @bwatters-r7
I messed up =).
It wasn't all those modules like I orginally posted, however, just a single one.

  1. Would this be better to add to the parent auxiliary class rather than the individual auxiliary modules?

N/A

  1. Can you drop in a before/after for at least 1 module?

Done - see first comment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Metasploit Kanban
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

scanner/http/trace - Failed to report vuln

3 participants

@g0tmi1k @bwatters-r7 @smcintyre-r7