Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 15,730 of 21,757 total issues

Method check_host_key has 27 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def check_host_key(server_data)
    table = []

    host_key_checks = {
      %w[
Severity: Minor
Found in modules/auxiliary/scanner/ssh/ssh_version.rb - About 1 hr to fix

    Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Eaton Xpert Meter SSH Private Key Exposure Scanner',
      'Description'    => %q{
        Eaton Power Xpert Meters running firmware below version 12.x.x.x or
    Severity: Minor
    Found in modules/auxiliary/scanner/ssh/eaton_xpert_backdoor.rb - About 1 hr to fix

      Method run_host has 27 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def run_host(ip)
    # first check if we even need auth
    begin
      connect
      challenge = require_auth?
      Severity: Minor
      Found in modules/auxiliary/scanner/varnish/varnish_cli_file_read.rb - About 1 hr to fix

        Method check_path has 27 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def check_path(ip, path)
    vprint_status("Trying to download \\\\#{ip}\\#{path}...")
    begin
      fd = simple.open(path, 'ro')
      print_good "Found Policy Share on #{ip}"
        Severity: Minor
        Found in modules/auxiliary/scanner/smb/smb_enum_gpp.rb - About 1 hr to fix

          Method get_ftp_credentials has 27 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def get_ftp_credentials(conf)
    server = ""
    user = ""
    password = ""
    port = ""
          Severity: Minor
          Found in modules/auxiliary/scanner/misc/dvr_config_disclosure.rb - About 1 hr to fix

            Method encode_block_perl has 27 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def encode_block_perl(state, buf)

    hex = buf.unpack("H*").join
    cmd = 'perl -e '
    qot = ',-:.=+!@#$%^&'
            Severity: Minor
            Found in modules/encoders/cmd/perl.rb - About 1 hr to fix

              Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Microsoft Word UNC Path Injector',
      'Description'    => %q{
          This module modifies a .docx file that will, upon opening, submit stored
              Severity: Minor
              Found in modules/auxiliary/docx/word_unc_injector.rb - About 1 hr to fix

                Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(merge_info(info,
     'Name'          => 'Unix Command Shell, Bind TCP (via BusyBox telnetd)',
     'Description'   => 'Listen for a connection and spawn a command shell via BusyBox telnetd',
     'Author'        => 'Matthew Kienow <matthew_kienow[AT]rapid7.com>',
                Severity: Minor
                Found in modules/payloads/singles/cmd/unix/bind_busybox_telnetd.rb - About 1 hr to fix

                  Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(merge_info(info,
       'Name'          => 'Unix Command Shell, Reverse TCP SSL (telnet)',
       'Description'   => %q{
        Creates an interactive shell via mkfifo and telnet.
                  Severity: Minor
                  Found in modules/payloads/singles/cmd/unix/reverse_bash_telnet_ssl.rb - About 1 hr to fix

                    Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(merge_info(info,
     'Name'        => 'Unix Command Shell, Reverse TCP SSH',
     'Description' => 'Connect back and create a command shell via SSH',
     'Author'      => [
                    Severity: Minor
                    Found in modules/payloads/singles/cmd/unix/reverse_ssh.rb - About 1 hr to fix

                      Method brute_exploit has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def brute_exploit(brute_target)

    if not @aixpayload
      datastore['AIX'] = target['AIX']
      @aixpayload = regenerate_payload.encoded
                      Severity: Minor
                      Found in modules/exploits/aix/rpc_cmsd_opcode21.rb - About 1 hr to fix

                        Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info={})
    super(merge_info(info,
      'Name'        =>  'Microsoft Windows Defender Evasive JS.Net and HTA',
      'Description' =>  %q{
        This module will generate an HTA file that writes and compiles a JScript.NET file
                        Severity: Minor
                        Found in modules/evasion/windows/windows_defender_js_hta.rb - About 1 hr to fix

                          Method execute_command has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def execute_command(cmd, _opts = {})
    # get token
    res = send_request_cgi(
      'uri' => normalize_uri(target_uri.path, 'admin', 'list.php'),
      'keep_cookies' => true,
                          Severity: Minor
                          Found in modules/exploits/unix/http/pihole_whitelist_exec.rb - About 1 hr to fix

                            Method login has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def login
    cookie_jar.clear

    print_status('Grabbing CSRF')
    res = send_request_cgi(
                            Severity: Minor
                            Found in modules/exploits/unix/http/cacti_filter_sqli_rce.rb - About 1 hr to fix

                              Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(update_info(info,
      'Name'           => 'CTEK SkyRouter 4200 and 4300 Command Execution',
      'Description'    => %q{
          This module exploits an unauthenticated remote root exploit within ctek SkyRouter 4200 and 4300.
                              Severity: Minor
                              Found in modules/exploits/unix/http/ctek_skyrouter.rb - About 1 hr to fix

                                Method trigger_payload has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def trigger_payload(jsid, csrf_token, cookie_string)
    return nil unless jsid && csrf_token

    runshellscript_url = normalize_uri(target_uri.path, 'en-US', 'splunkd', '__raw', 'servicesNS', datastore['USERNAME'], 'search', 'search', 'jobs')
    runshellscript_data = {
                                Severity: Minor
                                Found in modules/exploits/unix/http/splunk_xslt_authenticated_rce.rb - About 1 hr to fix

                                  Method do_login has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def do_login
    change_password
    print_status("#{rhost}:22 - Attempt to start a SSH connection...")
    opts = ssh_client_defaults.merge({
      auth_methods: ['password', 'keyboard-interactive'],
                                  Severity: Minor
                                  Found in modules/exploits/unix/http/schneider_electric_net55xx_encoder.rb - About 1 hr to fix

                                    Method cmd_shell has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def cmd_shell(config_uri, cookie)
    command = payload.encoded
    inject = '|' + "#{command}" + ' ||'
    clean_inject = CGI.unescapeHTML(inject.to_s)
                                    Severity: Minor
                                    Found in modules/exploits/unix/http/epmp1000_ping_cmd_shell.rb - About 1 hr to fix

                                      Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize(info = {})
    super(update_info(
      info,
      'Name'           => 'Wordpress Front-end Editor File Upload',
      'Description'    => %q{
                                      Severity: Minor
                                      Found in modules/exploits/unix/webapp/wp_frontend_editor_file_upload.rb - About 1 hr to fix

                                        Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize(info = {})
    super(update_info(
      info,
      'Name'           => 'WordPress WP-Property PHP File Upload Vulnerability',
      'Description'    => %q(
                                        Severity: Minor
                                        Found in modules/exploits/unix/webapp/wp_property_upload_exec.rb - About 1 hr to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language