Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 15,831 of 21,886 total issues

Method request_autodiscover has 26 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def request_autodiscover(server_name)
    xmlns = { 'xmlns' => 'http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a' }

    response = send_xml('POST', "#{server_name}/autodiscover/autodiscover.xml?a=~#{random_ssrf_id}", soap_autodiscover)
Severity: Minor
Found in modules/auxiliary/gather/exchange_proxylogon_collector.rb - About 1 hr to fix

    Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize(info = {})
    super(update_info(info,
      'Name'        => 'Mac OS X Safari file:// Redirection Sandbox Escape',
      'Description' => %q{
        Versions of Safari before 8.0.6, 7.1.6, and 6.2.6 are vulnerable to a
    Severity: Minor
    Found in modules/auxiliary/gather/safari_file_url_navigation.rb - About 1 hr to fix

      Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info={})
    super(update_info(info,
      'Name'           => "Advantech WebAccess 8.1 Post Authentication Credential Collector",
      'Description'    => %q{
        This module allows you to log into Advantech WebAccess 8.1, and collect all of the credentials.
      Severity: Minor
      Found in modules/auxiliary/gather/advantech_webaccess_creds.rb - About 1 hr to fix

        Method run has 26 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def run
    unless check == Exploit::CheckCode::Vulnerable
      print_error 'Check did not pass, exiting.'
      return
    end
        Severity: Minor
        Found in modules/auxiliary/gather/rails_doubletap_file_read.rb - About 1 hr to fix

          Method exploit_lfi has 26 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def exploit_lfi(file_path)
    album_id, cookies = retrieve_album_id

    unless album_id
      print_bad('Failed to retrieve the Album Id')
          Severity: Minor
          Found in modules/auxiliary/gather/qnap_lfi.rb - About 1 hr to fix

            Method on_request_uri has 26 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def on_request_uri(cli, request)
    case request.uri
    when /redirect\.php/
      print_status("Sending redirect")
      send_redirect(cli, "#{datastore['TARGET_URI']}")
            Severity: Minor
            Found in modules/auxiliary/gather/ie_uxss_injection.rb - About 1 hr to fix

              Method query_share has 26 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def query_share(share)
    share_path = "\\\\#{rhost}\\#{share}"
    vprint_status("Enumerating #{share}...")

    begin
              Severity: Minor
              Found in modules/auxiliary/gather/windows_deployment_services_shares.rb - About 1 hr to fix

                Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(update_info(info,
        'Name'          => 'SSL Labs API Client',
        'Description'   => %q{
          This module is a simple client for the SSL Labs APIs, designed for
                Severity: Minor
                Found in modules/auxiliary/gather/ssllabs_scan.rb - About 1 hr to fix

                  Method get_users has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def get_users
    users = []

    uri = normalize_uri(target_uri.path, 'credential-store', 'domain', domain)
    uri << '/'
                  Severity: Minor
                  Found in modules/auxiliary/gather/jenkins_cred_recovery.rb - About 1 hr to fix

                    Method decrypt has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def decrypt(encrypted_pass)
    uri  = normalize_uri(target_uri, 'script')
    res  = send_request_cgi({
      'method'    => 'POST',
      'uri'       => uri,
                    Severity: Minor
                    Found in modules/auxiliary/gather/jenkins_cred_recovery.rb - About 1 hr to fix

                      Method run has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def run
    print_status("Checking MyBB...")
    unless check == Exploit::CheckCode::Detected
      print_error("MyBB not found")
      return
                      Severity: Minor
                      Found in modules/auxiliary/gather/mybb_db_fingerprint.rb - About 1 hr to fix

                        Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize
    super(
      'Name'         => 'JVC/Siemens/Vanderbilt IP-Camera Readfile Password Disclosure',
      'Description'  => %q{
        SIEMENS IP-Camera (CVMS2025-IR + CCMS2025), JVC IP-Camera (VN-T216VPRU),
                        Severity: Minor
                        Found in modules/auxiliary/gather/ipcamera_password_disclosure.rb - About 1 hr to fix

                          Method run has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def run
    # Define our instance variables real quick.
    @base_dn = nil
    @ldap_mspki_enterprise_oids = []
    @ldap_groups = []
                          Severity: Minor
                          Found in modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb - About 1 hr to fix

                            Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(update_info(info,
      'Name'        => 'NIS bootparamd Domain Name Disclosure',
      'Description' => %q{
        This module discloses the NIS domain name from bootparamd.
                            Severity: Minor
                            Found in modules/auxiliary/gather/nis_bootparamd_domain.rb - About 1 hr to fix

                              Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Joomla weblinks-categories Unauthenticated SQL Injection Arbitrary File Read',
      'Description'    => %q{
      Joomla versions 3.2.2 and below are vulnerable to an unauthenticated SQL injection
                              Severity: Minor
                              Found in modules/auxiliary/gather/joomla_weblinks_sqli.rb - About 1 hr to fix

                                Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(update_info(info,
      'Name' => 'Shodan Honeyscore Client',
      'Description' => %q{
        This module uses the shodan API to check
                                Severity: Minor
                                Found in modules/auxiliary/gather/shodan_honeyscore.rb - About 1 hr to fix

                                  Method get_user_info has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def get_user_info(user_id)
    vprint_status("Retrieving user's credentials")
    res = send_request_cgi({
      'method'    => 'GET',
      'uri'       => normalize_uri(target_uri.path, 'user/fiche.php'),
                                  Severity: Minor
                                  Found in modules/auxiliary/gather/doliwamp_traversal_creds.rb - About 1 hr to fix

                                    Method auth_v10 has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def auth_v10
    # step 1: get a JSESSIONID cookie and the server Date header
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'fm/'),
      'method' => 'GET'
                                    Severity: Minor
                                    Found in modules/auxiliary/admin/networking/cisco_dcnm_download.rb - About 1 hr to fix

                                      Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Microsoft SQL Server NTLM Stealer',
      'Description'    => %q{
          This module can be used to help capture or relay the LM/NTLM credentials of the
                                      Severity: Minor
                                      Found in modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb - About 1 hr to fix

                                        Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Microsoft SQL Server Command Execution',
                                        Severity: Minor
                                        Found in modules/auxiliary/admin/mssql/mssql_exec.rb - About 1 hr to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language