Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 15,831 of 21,886 total issues

Method run has 26 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def run
    if session
      set_mssql_session(session.client)
    else
      unless mssql_login_datastore
Severity: Minor
Found in modules/auxiliary/admin/mssql/mssql_exec.rb - About 1 hr to fix

    Method bypass_auth has 26 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def bypass_auth(token, usr, pwd)
    d = {
      'userName' => usr,
      'password' => pwd,
      'roleName' => 'global-admin'
    Severity: Minor
    Found in modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb - About 1 hr to fix

      Method run_host has 26 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def run_host(_ip)
    tmpfile = Rex::Text.rand_text_alphanumeric(20) # Store the base64 encoded traversal data in a hard-to-brute filename, just in case.

    print_status("Attempting to connect to #{rhost}:#{rport}")
    res = send_request_raw(
      Severity: Minor
      Found in modules/auxiliary/admin/http/contentkeeper_fileaccess.rb - About 1 hr to fix

        Method action_remove has 26 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def action_remove
    message = { name: 'DeleteUser' }
    message[:data] = Nokogiri::XML(<<-ENVELOPE, nil, nil, Nokogiri::XML::ParseOptions::NOBLANKS).root.to_xml(indent: 0, save_with: 0)
      <root>
        <username secure="true">#{datastore['USERNAME'].encode(xml: :text)}</username>
        Severity: Minor
        Found in modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb - About 1 hr to fix

          Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(update_info(info,
      'Name'            => 'SAP ConfigServlet OS Command Execution',
      'Description'     => %q{
          This module allows execution of operating system commands through the SAP
          Severity: Minor
          Found in modules/auxiliary/admin/sap/sap_configservlet_exec_noauth.rb - About 1 hr to fix

            Method authenticate has 26 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def authenticate
    res = send_request_cgi({
      'uri' => normalize_uri(datastore['TARGETURI'], 'userSession.do'),
      'method' => 'POST',
      'vars_post' => {
            Severity: Minor
            Found in modules/auxiliary/admin/http/netgear_auth_download.rb - About 1 hr to fix

              Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'WordPress Symposium Plugin SQL Injection',
              Severity: Minor
              Found in modules/auxiliary/admin/http/wp_symposium_sql_injection.rb - About 1 hr to fix

                Method run has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def run
    if check_filename(datastore['filepath'])
      file = nil
      if datastore['TRAVERSAL_PATH'].nil?
        traversal_size = datastore['MAX_TRAVERSAL']
                Severity: Minor
                Found in modules/auxiliary/admin/http/webnms_file_download.rb - About 1 hr to fix

                  Method try_autodetect_patterns has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def try_autodetect_patterns
    print_status('Trying to automatically determine Pattern1 and Pattern2...')
    begin
      res = send_request_cgi({
        'method' => 'POST',
                  Severity: Minor
                  Found in modules/auxiliary/admin/http/typo3_news_module_sqli.rb - About 1 hr to fix

                    Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize
    super(
      'Name' => 'Katello (Red Hat Satellite) users/update_roles Missing Authorization',
      'Description' => %q{
          This module exploits a missing authorization vulnerability in the
                    Severity: Minor
                    Found in modules/auxiliary/admin/http/katello_satellite_priv_esc.rb - About 1 hr to fix

                      Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability',
      'Description'    => %q{
          This module exploits an authentication bypass vulnerability
                      Severity: Minor
                      Found in modules/auxiliary/admin/oracle/osb_execqr2.rb - About 1 hr to fix

                        Method run has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def run

    if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success
      vm_ref = vim_find_vm_by_name(datastore['VM'])
      case vm_ref
                        Severity: Minor
                        Found in modules/auxiliary/admin/vmware/tag_vm.rb - About 1 hr to fix

                          Method run has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def run

    dport = datastore['RPORT'].to_i

    if (dport != 0)
                          Severity: Minor
                          Found in modules/auxiliary/admin/ms/ms08_059_his2006.rb - About 1 hr to fix

                            Method pub_subnet has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def pub_subnet(creds, vpc_id)
    # First look for subnets that are configured to provision a public IP when instances are launched
    action = 'DescribeSubnets'
    doc = call_ec2(creds, 'Action' => action)
    doc = print_results(doc, action)
                            Severity: Minor
                            Found in modules/auxiliary/admin/aws/aws_launch_instances.rb - About 1 hr to fix

                              Method run has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def run
    return if not check_dependencies

    name1 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)
    name2 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)
                              Severity: Minor
                              Found in modules/auxiliary/admin/oracle/ora_ntlm_stealer.rb - About 1 hr to fix

                                Method run has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def run
    return if not check_dependencies

    name = Rex::Text.rand_text_alpha_upper(rand(10) + 1)
                                Severity: Minor
                                Found in modules/auxiliary/sqli/oracle/dbms_cdc_ipublish.rb - About 1 hr to fix

                                  Method run has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def run
    all_regions = enumerate_regions
    if datastore['REGION'].blank?
      regions = all_regions
    elsif !all_regions.include?(datastore['REGION'])
                                  Severity: Minor
                                  Found in modules/auxiliary/cloud/aws/enum_ec2.rb - About 1 hr to fix

                                    Method run has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def run
    return if not check_dependencies

    name = Rex::Text.rand_text_alpha(rand(10) + 1)
                                    Severity: Minor
                                    Found in modules/auxiliary/sqli/oracle/dbms_cdc_subscribe_activate_subscription.rb - About 1 hr to fix

                                      Method load_yaml_conf has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def load_yaml_conf
    opts = {}

    File.open(datastore['YAML_CONFIG'], "rb") do |f|
      yamlconf = YAML::load(f)
                                      Severity: Minor
                                      Found in modules/auxiliary/client/smtp/emailer.rb - About 1 hr to fix

                                        Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize(info = {})
    super(update_info(info,
      'Name'           => '7-Technologies IGSS 9 IGSSdataServer.exe DoS',
      'Description'    => %q{
        The 7-Technologies SCADA IGSS Data Server (IGSSdataServer.exe) <= 9.0.0.10306 can be
                                        Severity: Minor
                                        Found in modules/auxiliary/dos/scada/igss9_dataserver.rb - About 1 hr to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language