Review all command module config file descirptions and authors #2287
Description
Command module configuration files define various module properties, including module authors.
Example:
beef/modules/browser/hooked_domain/alert_dialog/config.yaml
Lines 1 to 15 in 124c9d6
Historically, the module authors included only those who worked on the module in some way.
However, in instances where we wanted to give credit to other people (such as for discovery of a bug, a proof of concept, or development of a technique), this information was usually shoved into the issue descriptions, sometimes with associated reference URLs (#2286), rather than including the person in the authors key. Example:
beef/modules/persistence/invisible_htmlfile_activex/config.yaml
Lines 1 to 19 in 124c9d6
This is an incredibly ham-fisted approach. The YAML file format supports new lines between array elements and supports trailing comments. I suggest we take a page out of Metasploit's book, but attributing all people associated with the module and elaborate in trailing comments. modules/exploits/windows/smb/cve_2020_0796_smbghost.rb example from Metasploit:
'Author' => [
'hugeh0ge', # Ricerca Security research, detailed technique description
'chompie1337', # PoC on which this module is based
'Spencer McIntyre', # msf module
],Metasploit takes the opposite approach to academia. That is, in academia, the lead author's name is first, and other authors follow. Where as Metasploit is the inverse. Someone who discovers a bug is attributed first, with the Metasploit author attributed next. I could not care less.
Even when someone had nothing to do with developing a module, it is still nice to offer credit.
Additionally, the admin web ui should print the authors when displaying module information.