Merge pull request #71 from vulncheck-oss/tls-and-typo-fix

Enable older TLS/SSL clients by default. Fix rhosts typo.
vulncheck-oss · Oct 23, 2023 · 89314e4 · 89314e4
2 parents 4f5e9b3 + 71e3886
commit 89314e4
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -95,3 +95,7 @@ issues:
       linters:
         - staticcheck
       text: SA1019
+    - path: framework.go
+      linters:
+        - staticcheck
+      text: SA1019
diff --git a/cli/commandline.go b/cli/commandline.go
@@ -160,11 +160,11 @@ func handleRhostsOptions(conf *config.Config, rhosts string, rports string, rhos
 func commonValidate(conf *config.Config, rhosts string, rports string, rhostsFile string) bool {
 	switch {
 	case len(conf.Rhost) == 0 && len(rhosts) == 0 && len(rhostsFile) == 0:
-		output.PrintFrameworkError("Missing required option 'rhost', 'rhosts', or 'rhostsFile'")
+		output.PrintFrameworkError("Missing required option 'rhost', 'rhosts', or 'rhosts-file'")
 
 		return false
 	case conf.Rport == 0 && len(rports) == 0 && len(rhostsFile) == 0:
-		output.PrintFrameworkError("Missing required option 'rport', 'rports', or 'rhostsFile'")
+		output.PrintFrameworkError("Missing required option 'rport', 'rports', or 'rhosts-file'")
 
 		return false
 	case len(conf.Rhost) != 0 && len(rhosts) != 0:

diff --git a/framework.go b/framework.go
@@ -332,7 +332,11 @@ func RunProgram(sploit Exploit, conf *config.Config) {
 	}
 
 	// disable https cert verification globally
-	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{
+		InsecureSkipVerify: true,
+		// We have no control over the SSL versions supported on the remote target. Be permissive for more targets.
+		MinVersion: tls.VersionSSL30,
+	}
 
 	// if the c2 server is meant to catch responses, initialize and start so it can bind
 	if !startC2Server(conf) {