Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 15,831 of 21,886 total issues

Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize
    super(
      'Name'           => 'SIP Invite Spoof',
      'Description'    => %q{
        This module will create a fake SIP invite request making the targeted device ring
Severity: Minor
Found in modules/auxiliary/voip/sip_invite_spoof.rb - About 1 hr to fix

    Method enum_users has 27 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

    def enum_users(os)
  users = []

  path4users = ""
  sysdrv = @client.sys.config.getenv('SystemDrive')
    Severity: Minor
    Found in scripts/meterpreter/get_filezilla_creds.rb - About 1 hr to fix

      Method dumphash has 27 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

      def dumphash(session)

  path = File.join( Msf::Config.data_directory, "exploits", "powershell" )

  print_status("Running PowerDump to extract Username and Password Hashes...")
      Severity: Minor
      Found in scripts/meterpreter/powerdump.rb - About 1 hr to fix

        Method lock has 27 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def lock(phone_name)
    res = send_request_cgi({
      'method'    => 'GET',
      'uri'       => '/IPSPCFG/user/Default.aspx',
      'headers'   => {
        Severity: Minor
        Found in modules/auxiliary/voip/telisca_ips_lock_control.rb - About 1 hr to fix

          Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize
    super(
      'Name' => 'Authentication Capture: SMTP',
      'Description' => %q{
        This module provides a fake SMTP service that
          Severity: Minor
          Found in modules/auxiliary/server/capture/smtp.rb - About 1 hr to fix

            Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(update_info(info,
      'Name'        => 'Cross Platform Webkit File Dropper',
      'Description' => %q{
          This module exploits a XSLT vulnerability in Webkit to drop ASCII or UTF-8
            Severity: Minor
            Found in modules/auxiliary/server/webkit_xslt_dropper.rb - About 1 hr to fix

              Method on_client_command_list has 27 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def on_client_command_list(c,arg)

    if(not @state[c][:auth])
      c.put "500 Access denied\r\n"
      return
              Severity: Minor
              Found in modules/auxiliary/server/ftp.rb - About 1 hr to fix

                Method mssql_send_ntlm_challenge has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def mssql_send_ntlm_challenge(c, info)
    win_domain = Rex::Text.to_unicode(@domain_name.upcase)
    win_name = Rex::Text.to_unicode(@domain_name.upcase)
    dns_domain = Rex::Text.to_unicode(@domain_name.downcase)
    dns_name = Rex::Text.to_unicode(@domain_name.downcase)
                Severity: Minor
                Found in modules/auxiliary/server/capture/mssql.rb - About 1 hr to fix

                  Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(update_info(info,
      'Name'        => 'WPAD.dat File Server',
      'Description' => %q{
          This module generates a valid wpad.dat file for WPAD mitm
                  Severity: Minor
                  Found in modules/auxiliary/server/wpad.rb - About 1 hr to fix

                    Method report_credential_core has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def report_credential_core(cred_opts={})
    # Set up the has for our Origin service
    origin_service_data = {
      address: rhost,
      port: rport,
                    Severity: Minor
                    Found in modules/auxiliary/gather/trackit_sql_domain_creds.rb - About 1 hr to fix

                      Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Zabbix toggle_ids SQL Injection',
      'Description'    => %q{
      This module will exploit a SQL injection in Zabbix 3.0.3 and
                      Severity: Minor
                      Found in modules/auxiliary/gather/zabbix_toggleids_sqli.rb - About 1 hr to fix

                        Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(update_info(info,
      'Name'           => "ColdFusion 'password.properties' Hash Extraction",
      'Description'    => %q{
          This module uses a directory traversal vulnerability to extract information
                        Severity: Minor
                        Found in modules/auxiliary/gather/coldfusion_pwd_props.rb - About 1 hr to fix

                          Method trigger_ldap_request has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def trigger_ldap_request
    ldap_trigger_page = '/userpost/xerox.set'
    ldap_trigger_vars = {
      'nameSchema'=>'givenName',
      'emailSchema'=>'mail',
                          Severity: Minor
                          Found in modules/auxiliary/gather/xerox_workcentre_5xxx_ldap.rb - About 1 hr to fix

                            Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Network Shutdown Module sort_values Credential Dumper',
      'Description'    => %q{
        This module will extract user credentials from Network Shutdown Module
                            Severity: Minor
                            Found in modules/auxiliary/gather/eaton_nsm_creds.rb - About 1 hr to fix

                              Method get_sqli_object has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def get_sqli_object
    create_sqli(dbms: MySQLi::Common, opts: { hex_encode_strings: true }) do |payload|
      res = send_request_cgi({
        'method' => 'POST',
        'uri' => normalize_uri('/wp-admin/admin-ajax.php'),
                              Severity: Minor
                              Found in modules/auxiliary/gather/wp_bookingpress_category_services_sqli.rb - About 1 hr to fix

                                Method packages has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def packages
    res = send_req('cgi-bin/bfenterprise/BESMirrorRequest.exe')
    return unless res && res.code == 200

    print_status('Packages')
                                Severity: Minor
                                Found in modules/auxiliary/gather/ibm_bigfix_sites_packages_enum.rb - About 1 hr to fix

                                  Method try_login has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def try_login
    print_status 'Trying to log in.'
    res = send_request_cgi({
      'method' => 'POST',
      'keep_cookies' => true,
                                  Severity: Minor
                                  Found in modules/auxiliary/gather/microweber_lfi.rb - About 1 hr to fix

                                    Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Shodan Host Port',
                                    Severity: Minor
                                    Found in modules/auxiliary/gather/shodan_host.rb - About 1 hr to fix

                                      Method run has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def run
    # Unauthenticated requests to WebInterface endpoints should receive a response containing an 'anonymous' user session cookie
    print_status('Fetching anonymous session cookie...')
    res_anonymous = get_anon_session
                                      Severity: Minor
                                      Found in modules/auxiliary/gather/crushftp_fileread_cve_2024_4040.rb - About 1 hr to fix

                                        Method run has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def run

    doctype = Rex::Text.rand_text_alpha(6)
    element = Rex::Text.rand_text_alpha(6)
    entity = Rex::Text.rand_text_alpha(6)
                                        Severity: Minor
                                        Found in modules/auxiliary/gather/emc_cta_xxe.rb - About 1 hr to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language