rapid7/metasploit-framework

View on GitHub

Showing 15,639 of 21,649 total issues

Method run has 401 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def run

    loot = ""
    uri = "/"
    uri << (datastore['YEAR']).to_s if datastore['YEAR'].to_s != ""
Severity: Major
Found in modules/auxiliary/gather/corpwatch_lookup_id.rb - About 2 days to fix

    Method import_nmap_xml has a Cognitive Complexity of 99 (exceeds 5 allowed). Consider refactoring.
    Open

      def import_nmap_xml(args={}, &block)
        return nil if args[:data].nil? or args[:data].empty?
        wspace = Msf::Util::DBManager.process_opts_workspace(args, framework)
        bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
    
    
    Severity: Minor
    Found in lib/msf/core/db_manager/import/nmap.rb - About 1 day to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    File lm2ntcrack.rb has 822 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    msfbase = __FILE__
    while File.symlink?(msfbase)
      msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
    end
    
    
    Severity: Major
    Found in tools/password/lm2ntcrack.rb - About 1 day to fix

      Method initialize has 390 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
          super(merge_info(info,
            'Name'          => 'NetWare Command Shell',
            'Description'   => 'Connect to the NetWare console (staged)',
            'Author'        => 'toto',
      Severity: Major
      Found in modules/payloads/stages/netware/shell.rb - About 1 day to fix

        Method arp_poisoning has a Cognitive Complexity of 97 (exceeds 5 allowed). Consider refactoring.
        Open

          def arp_poisoning
            lsmac = datastore['LOCALSMAC'] || @smac
            raise 'Local Source Mac is not in correct format' unless is_mac?(lsmac)
        
            dhosts_range = Rex::Socket::RangeWalker.new(datastore['DHOSTS'])
        Severity: Minor
        Found in modules/auxiliary/spoof/arp/arp_poisoning.rb - About 1 day to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Function run has a Cognitive Complexity of 95 (exceeds 5 allowed). Consider refactoring.
        Open

            def run(self):
                if self.__usersFile:
                    self.request_users_file_TGSs()
                    return
        
        
        Severity: Minor
        Found in modules/auxiliary/gather/get_user_spns.py - About 1 day to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method import_libpcap has a Cognitive Complexity of 95 (exceeds 5 allowed). Consider refactoring.
        Open

          def import_libpcap(args={}, &block)
            data = args[:data]
            wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
            bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
            # seen_hosts is only used for determining when to yield an address. Once we get
        Severity: Minor
        Found in lib/msf/core/db_manager/import/libpcap.rb - About 1 day to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        File cve_2019_0708_bluekeep_rce.rb has 798 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        class MetasploitModule < Msf::Exploit::Remote
          prepend Msf::Exploit::Remote::AutoCheck
        
          Rank = ManualRanking
        
        
        Severity: Major
        Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 1 day to fix

          File vcenter_secrets_dump.rb has 798 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          require 'metasploit/framework/credential_collection'
          
          class MetasploitModule < Msf::Post
            include Msf::Post::Common
            include Msf::Post::File
          Severity: Major
          Found in modules/post/linux/gather/vcenter_secrets_dump.rb - About 1 day to fix

            Method dump_ntds_hashes has a Cognitive Complexity of 94 (exceeds 5 allowed). Consider refactoring.
            Open

              def dump_ntds_hashes
                _machine_name, domain_name, dns_domain_name = get_machine_name_and_domain_info
                return unless domain_name
            
                print_status('Dumping Domain Credentials (domain\\uid:rid:lmhash:nthash)')
            Severity: Minor
            Found in modules/auxiliary/gather/windows_secrets_dump.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method run has a Cognitive Complexity of 94 (exceeds 5 allowed). Consider refactoring.
            Open

              def run
                fail_with(Failure::NoAccess, 'Session isnt running as root') unless is_root?
                case datastore['UseraddMethod']
                when 'CUSTOM'
                  fail_with(Failure::NotFound, "Cannot find command on path given: #{datastore['UseraddBinary']}") unless check_command_exists?(datastore['UseraddBinary'])
            Severity: Minor
            Found in modules/post/linux/manage/adduser.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method run_host has a Cognitive Complexity of 93 (exceeds 5 allowed). Consider refactoring.
            Open

              def run_host(ip)
                begin
            
                res = send_request_raw({
                  'uri'     => '/oradb/PUBLIC/GLOBAL_NAME',
            Severity: Minor
            Found in modules/auxiliary/scanner/oracle/xdb_sid_brute.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            File base.rb has 788 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            class Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Base
              extend Forwardable
              include Msf::Exploit::Remote::Kerberos::Client
              include Msf::Auxiliary::Report
              include Rex::Proto::Gss::Asn1
            Severity: Major
            Found in lib/msf/core/exploit/remote/kerberos/service_authenticator/base.rb - About 1 day to fix

              File exploit.rb has 785 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              module Msf
              
              
              
              ###
              Severity: Major
              Found in lib/msf/core/exploit.rb - About 1 day to fix

                Method run_host has a Cognitive Complexity of 91 (exceeds 5 allowed). Consider refactoring.
                Open

                  def run_host(target_host)
                    conn = true
                    ecode = nil
                    emesg = nil
                
                
                Severity: Minor
                Found in modules/auxiliary/scanner/http/svn_scanner.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method cmd_sessions has 361 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def cmd_sessions(*args)
                    begin
                    method   = nil
                    quiet    = false
                    show_active = false
                Severity: Major
                Found in lib/msf/ui/console/command_dispatcher/core.rb - About 1 day to fix

                  Method run has a Cognitive Complexity of 90 (exceeds 5 allowed). Consider refactoring.
                  Open

                    def run
                      cracker = new_password_cracker(action.name)
                  
                      lookups = []
                  
                  
                  Severity: Minor
                  Found in modules/auxiliary/analyze/apply_pot.rb - About 1 day to fix

                  Cognitive Complexity

                  Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                  A method's cognitive complexity is based on a few simple rules:

                  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                  • Code is considered more complex for each "break in the linear flow of the code"
                  • Code is considered more complex when "flow breaking structures are nested"

                  Further reading

                  Method run_host has a Cognitive Complexity of 89 (exceeds 5 allowed). Consider refactoring.
                  Open

                    def run_host(ip)
                  
                      path = datastore['PATH']
                      check1 = [
                        'iNotes/Forms5.nsf',
                  Severity: Minor
                  Found in modules/auxiliary/scanner/lotus/lotus_domino_version.rb - About 1 day to fix

                  Cognitive Complexity

                  Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                  A method's cognitive complexity is based on a few simple rules:

                  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                  • Code is considered more complex for each "break in the linear flow of the code"
                  • Code is considered more complex when "flow breaking structures are nested"

                  Further reading

                  Method cmd_services has a Cognitive Complexity of 89 (exceeds 5 allowed). Consider refactoring.
                  Open

                    def cmd_services(*args)
                      return unless active?
                      mode = :search
                      onlyup = false
                      output_file = nil
                  Severity: Minor
                  Found in lib/msf/ui/console/command_dispatcher/db.rb - About 1 day to fix

                  Cognitive Complexity

                  Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                  A method's cognitive complexity is based on a few simple rules:

                  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                  • Code is considered more complex for each "break in the linear flow of the code"
                  • Code is considered more complex when "flow breaking structures are nested"

                  Further reading

                  File browser_autopwn.rb has 756 lines of code (exceeds 250 allowed). Consider refactoring.
                  Open

                  require 'rex/exploitation/js/detect'
                  require 'rex/exploitation/jsobfu'
                  
                  class MetasploitModule < Msf::Auxiliary
                    include Msf::Exploit::Remote::HttpServer::HTML
                  Severity: Major
                  Found in modules/auxiliary/server/browser_autopwn.rb - About 1 day to fix
                    Severity
                    Category
                    Status
                    Source
                    Language