Method upload_file has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def upload_file
    entity = Rex::Text.rand_text_alpha_lower(3)
    @file_name = Rex::Text.rand_text_alpha_lower(4)
    svg_file = %Q|
    <!DOCTYPE svg [<!ENTITY #{entity} SYSTEM "file://#{datastore['RFILE']}">]>

• Read up
  Read up

Method do_request has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def do_request(after)
    graphql_query = '{"query": "query { users'
    unless after.empty?
      graphql_query += "(after:\\\"#{after}\\\")"
    end

• Read up
  Read up

Method enum_user has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def enum_user(user, pass)
    vprint_status("#{rhost}:#{rport} - Trying username:'#{user}' password: '#{pass}'")
    success = false
    data = 'isFromLogonPage=true&cms=127.0.1%3A6400'
    data << "&username=#{Rex::Text.uri_encode(user.to_s)}"

• Read up
  Read up

Method run_host has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run_host(ip)
    cred_collection = build_credential_collection(
        username: datastore['USERNAME'],
        password: datastore['PASSWORD']
    )

• Read up
  Read up

Avoid deeply nested control flow statements.

Open

                service_name: (ssl ? 'https' : 'http'),

Method do_login has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def do_login(user, pass)
    #
    # Get a new session ID/token.  That way if we get a successful login,
    # we won't get a false positive due to reusing the same sid/token.
    #

• Read up
  Read up

Method run_host has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run_host(ip)
    # No point to continue if no filename is specified
    if datastore['FILEPATH'].nil? or datastore['FILEPATH'].empty?
      print_error("#{rhost}:#{rport} - Please supply FILEPATH")
      return

• Read up
  Read up

Method accessfile has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def accessfile(rhost)
    uri = normalize_uri(target_uri.path)
    print_status("#{rhost}:#{rport} Connecting to Crowd SOAP Interface")

    soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'

• Read up
  Read up

Method run_host has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run_host(ip)
    ignored_headers = datastore['IGN_HEADER'].split(',')

    uri = normalize_uri(target_uri.path)
    method = datastore['HTTP_METHOD']

• Read up
  Read up

Method run_host has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run_host(ip)
    check_code = check
    return unless check_code == Exploit::CheckCode::Appears

    f = File.open(datastore['PLUGINS_FILE'], 'rb')

• Read up
  Read up

Method get_login_cookie has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def get_login_cookie
    res = send_request_raw({'uri' => datastore['URI']})

    uid             = ''
    session_id_port = ''

• Read up
  Read up

Method bruteforce has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def bruteforce(ip)
    @scanner.scan! do |result|
      case result.status
      when Metasploit::Model::Login::Status::SUCCESSFUL
        print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"

• Read up
  Read up

Method bruteforce has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def bruteforce(ip)
    @scanner.scan! do |result|
      case result.status
        when Metasploit::Model::Login::Status::SUCCESSFUL
          print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"

• Read up
  Read up

Method run_host has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run_host(ip)
    ports = Rex::Socket.portspec_crack(datastore['PORTS'])

    if ports.empty?
      print_error('PORTS options is invalid')

• Read up
  Read up

Method rce_check has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def rce_check(version, real_target: false)
    version_type, clean_version = parse_version(version)
    if version_type == 'unsupported'
      print_error("Invalid version format: `#{version}`. Please provide an existing Nagios XI version or use `unset VERSION` to cancel")
      return

• Read up
  Read up

Method run_host has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run_host(ip)
    vprint_status('Checking if target is online and running Wordpress...')
    fail_with(Failure::BadConfig, 'The target is not online and running Wordpress') unless wordpress_and_online?
    vprint_status('Checking plugin installed and vulnerable')
    checkcode = check_plugin_version_from_readme('bulletproof-security', '5.2')

• Read up
  Read up

Method run_host has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run_host(ip)
    uri = target_uri.path
    traversal = "../" * datastore['DEPTH']
    filename = datastore['FILE']
    filename = filename[1, filename.length] if filename =~ /^\//

• Read up
  Read up

Method get_version has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def get_version
    vprint_status('Querying version information...')
    request = {
      'uri' => normalize_uri(target_uri.path),
      'method' => 'GET'

• Read up
  Read up

Method run_host has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run_host(target_host)

    begin
      res = send_request_raw({
        'uri'          => '/<script>alert(1337)</script>', #XST Payload

• Read up
  Read up

Method run_host has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run_host(ip)
    res = send_request_cgi(
      {
        'uri'       => "/" + Rex::Text.rand_text_alpha(12),
        'method'    => 'GET',

• Read up
  Read up