Update checkcode usage in aux modules

[adfoster-r7]

Fixes a crash when running auxiliary modules that incorrectly reference checkcodes

Specifically it explicitly uses the correct module namespace for the checkcode usage in aux modules, to avoid issues like this:

Local msfconsole usage:

msf auxiliary(scanner/http/elasticsearch_memory_disclosure) > recheck rhost=127.0.0.1 rport=3790
[*] Reloading module...
[-] Auxiliary failed: NameError uninitialized constant Msf::Modules::Auxiliary__Scanner__Http__Elasticsearch_memory_disclosure::MetasploitModule::CheckCode
[-] Call stack:
[-]   /tmp/metasploit-framework/modules/auxiliary/scanner/http/elasticsearch_memory_disclosure.rb:87:in `check_host'
[-]   /tmp/metasploit-framework/lib/msf/core/auxiliary/multiple_target_hosts.rb:22:in `check'
[-] 127.0.0.1:3790 - Check failed: The state could not be determined.

Verification

• Ensure CI passes

[Copilot]

Pull request overview

Fixes runtime NameError crashes in non-exploit Metasploit modules by ensuring CheckCode references are properly namespaced, and adds a RuboCop lint to prevent reintroducing the issue.

Changes:

• Replaced bare CheckCode::* usages with Exploit::CheckCode::* in affected auxiliary modules.
• Added a new RuboCop cop (Lint/BareCheckCodeInNonExploit) to detect/autocorrect bare CheckCode usage in auxiliary/post/evasion modules.
• Added RSpec coverage for the new RuboCop cop and enabled it via .rubocop.yml.

Reviewed changes

Copilot reviewed 16 out of 16 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
spec/rubocop/cop/lint/bare_check_code_in_non_exploit_spec.rb	Adds tests validating offenses/autocorrections for bare CheckCode in non-exploit modules.
lib/rubocop/cop/lint/bare_check_code_in_non_exploit.rb	Implements the new RuboCop cop to flag/autocorrect bare CheckCode in auxiliary/post/evasion.
.rubocop.yml	Requires/enables the new cop and scopes it to modules directories.
modules/auxiliary/scanner/http/elasticsearch_memory_disclosure.rb	Fixes CheckCode::Unknown to Exploit::CheckCode::Unknown.
modules/auxiliary/gather/upsmon_traversal.rb	Prefixes CheckCode returns with Exploit::CheckCode.
modules/auxiliary/gather/solarwinds_webhelpdesk_backdoor.rb	Prefixes CheckCode returns with Exploit::CheckCode.
modules/auxiliary/gather/pacsserver_traversal.rb	Prefixes CheckCode returns with Exploit::CheckCode.
modules/auxiliary/gather/onedev_arbitrary_file_read.rb	Prefixes CheckCode returns with Exploit::CheckCode.
modules/auxiliary/gather/magento_xxe_cve_2024_34102.rb	Prefixes CheckCode returns with Exploit::CheckCode.
modules/auxiliary/gather/glpi_inventory_plugin_unauth_sqli.rb	Prefixes CheckCode::Unknown return with Exploit::CheckCode::Unknown.
modules/auxiliary/gather/gitlab_authenticated_subgroups_file_read.rb	Prefixes CheckCode::Safe return with Exploit::CheckCode::Safe.
modules/auxiliary/admin/scada/mypro_mgr_creds.rb	Prefixes CheckCode returns with Exploit::CheckCode.
modules/auxiliary/admin/http/whatsup_gold_sqli.rb	Prefixes CheckCode::Unknown returns with Exploit::CheckCode::Unknown.
modules/auxiliary/admin/http/idsecure_auth_bypass.rb	Prefixes CheckCode returns with Exploit::CheckCode.
modules/auxiliary/admin/http/fortinet_fortiweb_create_admin.rb	Prefixes CheckCode::Unknown return with Exploit::CheckCode::Unknown.
modules/auxiliary/admin/dcerpc/cve_2020_1472_zerologon.rb	Prefixes CheckCode returns/comparisons with Exploit::CheckCode.

[adfoster-r7]

Release Notes

Fixes a crash with a small number of auxiliary modules when the check method was run and the vulnerability wasn't present