Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 15,831 of 21,886 total issues

Method request has 26 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def request(cmd)

    uri = '/cgi/time/timeHandler.cgi'

    begin
Severity: Minor
Found in modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb - About 1 hr to fix

    Method exploit has 26 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def exploit
    begin
      # To manually view the vuln page, click to proxy.cgi.  At the bottom
      # select Local, and save. Ignore the error box, at the bottom of
      # the page click the button: User Management.
    Severity: Minor
    Found in modules/exploits/linux/http/ipfire_proxy_exec.rb - About 1 hr to fix

      Method check has 26 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def check
    res = send_request_cgi(
      'uri' => normalize_uri(target_uri.path, 'app', 'kibana'),
      'method' => 'GET',
      'keep_cookies' => true
      Severity: Minor
      Found in modules/exploits/linux/http/kibana_timelion_prototype_pollution_rce.rb - About 1 hr to fix

        Method send_exploit has 26 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def send_exploit(cmd)
    options = Rex::Text.rand_text_alphanumeric(5..12)
    destination = Rex::Text.rand_text_alphanumeric(5..12)
    filepath = Rex::Text.rand_text_alphanumeric(5..12)
    filename = Rex::Text.rand_text_alphanumeric(5..12)
        Severity: Minor
        Found in modules/exploits/linux/http/cisco_rv_series_authbypass_and_rce.rb - About 1 hr to fix

          Method send_injection has 26 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def send_injection(reset: false)
    if reset
      pload = ".es(*).props(label.__proto__.env.AAAA='').props(label.__proto__.env.NODE_OPTIONS='')"
    else
      # we leave a marker for our payload to avoid having .to_json process it and make it unusable by the host OS
          Severity: Minor
          Found in modules/exploits/linux/http/kibana_timelion_prototype_pollution_rce.rb - About 1 hr to fix

            Method login_hash has 26 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def login_hash
    clue = rand_text_alpha(8)
    sql_clue = clue.each_byte.map { |b| b.to_s(16) }.join
    # select value from tconfig where token = 'loginhash_pwd';
    sqli = "1' AND (SELECT 2243 FROM(SELECT COUNT(*),CONCAT(0x#{sql_clue},(SELECT MID((IFNULL(CAST"
            Severity: Minor
            Found in modules/exploits/linux/http/pandora_fms_sqli.rb - About 1 hr to fix

              Method auth has 26 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def auth
    print_status('Performing authentication...')

    res = send_request_cgi({
      'method' => 'GET',
              Severity: Minor
              Found in modules/exploits/linux/http/mailcleaner_exec.rb - About 1 hr to fix

                Method prepare_shellcode has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def prepare_shellcode(cmd)
    case target
    # RV110W 1.1.0.9, 1.2.0.9, 1.2.0.10, 1.2.1.4, 1.2.1.7
    # RV215W 1.1.0.5, 1.1.0.6, 1.2.0.14, 1.2.0.15, 1.3.0.7, 1.3.0.8
    when targets[0], targets[1], targets[2], targets[3], targets[4], targets[6], targets[7], targets[8], targets[9], targets[10], targets[11]
                Severity: Minor
                Found in modules/exploits/linux/http/cve_2019_1663_cisco_rmi_rce.rb - About 1 hr to fix

                  Method execute_command has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def execute_command(cmd, opts = {})
    uri = target_uri.path
    send_request_cgi({
      'method' => 'POST',
      'version' => '1.0',
                  Severity: Minor
                  Found in modules/exploits/linux/http/trendmicro_sps_exec.rb - About 1 hr to fix

                    Method exploit has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def exploit
    data = random_chunk_size(1024)

    if target['CanaryOffset'].nil?
      data << Rex::Text.rand_text_alpha(target['Offset'] - data.size)
                    Severity: Minor
                    Found in modules/exploits/linux/http/nginx_chunked_size.rb - About 1 hr to fix

                      Method make_container has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def make_container(mnt_path, cron_path, payload_path, container_id)
    vprint_status('Setting container json request variables')
    container_data = {
      'cmd'                 => make_cmd(mnt_path, cron_path, payload_path),
      'cpus'                => 1,
                      Severity: Minor
                      Found in modules/exploits/linux/http/dcos_marathon.rb - About 1 hr to fix

                        Method do_login has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def do_login(ssh_options)
    begin
      ssh_socket = nil
      ::Timeout.timeout(datastore['SSH_TIMEOUT']) do
        ssh_socket = Net::SSH.start(rhost, 'root', ssh_options)
                        Severity: Minor
                        Found in modules/exploits/linux/ssh/exagrid_known_privkey.rb - About 1 hr to fix

                          Method run has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def run
    begin
      unless check_lsof
        print_error('Sonic Pi is not running')
                          Severity: Minor
                          Found in modules/post/osx/manage/sonic_pi.rb - About 1 hr to fix

                            Method run has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def run
    # ensure the user is root (or can read the kcpassword)
    unless is_root?
      fail_with(Failure::NoAccess, 'Root privileges are required to read kcpassword file')
    end
                            Severity: Minor
                            Found in modules/post/osx/gather/autologin_password.rb - About 1 hr to fix

                              Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Multi Gather Resolve Hosts',
                              Severity: Minor
                              Found in modules/post/multi/gather/resolve_hosts.rb - About 1 hr to fix

                                Method run has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def run
    # Certain shells for certain platform
    vprint_status('Determining session platform and type')
    case session.platform
    when 'unix', 'linux', 'bsd'
                                Severity: Minor
                                Found in modules/post/multi/gather/firefox_creds.rb - About 1 hr to fix

                                  Method parse_vmx has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def parse_vmx(vmx_data, filename)
    vm = {}
    unless vmx_data.nil? || vmx_data.empty?
      vm['SharedFolders'] = []
      vmx_data.each_line do |line|
                                  Severity: Minor
                                  Found in modules/post/multi/gather/find_vmx.rb - About 1 hr to fix

                                    Method get_report has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def get_report(api_key, checksum)
    #
    # We have to use Net::HTTP instead of HttpClient because of the following error:
    # The supplied module name is ambiguous: undefined method `register_autofilter_ports'
    #
                                    Severity: Minor
                                    Found in modules/post/multi/gather/check_malware.rb - About 1 hr to fix

                                      Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Gather GRUB Password',
                                      Severity: Minor
                                      Found in modules/post/multi/gather/grub_creds.rb - About 1 hr to fix

                                        Method initialize has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Gather MinIO Client Key',
                                        Severity: Minor
                                        Found in modules/post/multi/gather/minio_client.rb - About 1 hr to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language