Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 58 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Microsoft Windows Authenticated User Code Execution',
      'Description'    => %q{
          This module uses a valid administrator username and password (or
Severity: Major
Found in modules/exploits/windows/smb/psexec.rb - About 2 hrs to fix

    Method exploit has 58 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def exploit
    # Check if we're already root
    if is_root? && !datastore['ForceExploit']
      fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override'
    end
    Severity: Major
    Found in modules/exploits/linux/local/tomcat_ubuntu_log_init_priv_esc.rb - About 2 hrs to fix

      Method initialize has 58 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Dirty Pipe Local Privilege Escalation via CVE-2022-0847',
      Severity: Major
      Found in modules/exploits/linux/local/cve_2022_0847_dirtypipe.rb - About 2 hrs to fix

        Method initialize has 58 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation',
      'Description'    => %q{
        This module attempts to gain root privileges on Linux systems by abusing
        Severity: Major
        Found in modules/exploits/linux/local/ufo_privilege_escalation.rb - About 2 hrs to fix

          Method initialize has 58 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'CWP login.php Unauthenticated RCE',
          Severity: Major
          Found in modules/exploits/linux/http/control_web_panel_login_cmd_exec.rb - About 2 hrs to fix

            Method initialize has 58 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(update_info(info,
      'Name'    => 'Linksys WRT54GL apply.cgi Command Execution',
      'Description' => %q{
          Some Linksys Routers are vulnerable to an authenticated OS command injection in
            Severity: Major
            Found in modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb - About 2 hrs to fix

              Method initialize has 58 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize(info = {})
    super(update_info(info,
      'Name'                => 'Axis Network Camera .srv-to-parhand RCE',
      'Description'         => %q{
        This module exploits an auth bypass in .srv functionality and a
              Severity: Major
              Found in modules/exploits/linux/http/axis_srv_parhand_rce.rb - About 2 hrs to fix

                Method initialize has 58 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Axis IP Camera Application Upload',
                Severity: Major
                Found in modules/exploits/linux/http/axis_app_install.rb - About 2 hrs to fix

                  Method initialize has 58 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Apache Solr Backup/Restore APIs RCE',
                  Severity: Major
                  Found in modules/exploits/linux/http/apache_solr_backup_restore.rb - About 2 hrs to fix

                    Method exploit has 58 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def exploit
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'accounts', 'login/')
    })
                    Severity: Major
                    Found in modules/exploits/linux/http/lifesize_uvc_ping_rce.rb - About 2 hrs to fix

                      Method check has 58 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def check
    # Try to authenticate
    success, msg_or_check_code = opennms_login('check')
    return msg_or_check_code unless success
                      Severity: Major
                      Found in modules/exploits/linux/http/opennms_horizon_authenticated_rce.rb - About 2 hrs to fix

                        Method initialize has 58 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name'          => 'IPFire Bash Environment Variable Injection (Shellshock)',
                        Severity: Major
                        Found in modules/exploits/linux/http/ipfire_bashbug_exec.rb - About 2 hrs to fix

                          Method initialize has 58 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'OpenNMS Horizon Authenticated RCE',
                          Severity: Major
                          Found in modules/exploits/linux/http/opennms_horizon_authenticated_rce.rb - About 2 hrs to fix

                            Method init_orion_db has 58 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def init_orion_db(orion_path)
    if datastore['MSSQL_INSTANCE'] && datastore['MSSQL_DB']
      print_status('MSSQL_INSTANCE and MSSQL_DB advanced options set, connect to SQL using SSPI')
      db_instance_path = datastore['MSSQL_INSTANCE']
      db_name = datastore['MSSQL_DB']
                            Severity: Major
                            Found in modules/post/windows/gather/credentials/solarwinds_orion_dump.rb - About 2 hrs to fix

                              Method initialize has 58 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Veeam Backup and Replication Credentials Dump',
                              Severity: Major
                              Found in modules/post/windows/gather/credentials/veeam_credential_dump.rb - About 2 hrs to fix

                                Method run has 58 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def run
    # keep track of any of the credentials files we read so we only read them once
    cred_files = []
    # where we'll store hashes of found credentials while parsing.  reporting is done at the end.
    creds = []
                                Severity: Major
                                Found in modules/post/linux/gather/mount_cifs_creds.rb - About 2 hrs to fix

                                  Method check_hardening has 58 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def check_hardening
    if aslr_enabled?
      r = 'ASLR is enabled'
      print_good r
      report r
                                  Severity: Major
                                  Found in modules/post/linux/gather/enum_protections.rb - About 2 hrs to fix

                                    Method get_db_creds has 58 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def get_db_creds
    db_properties = process_vcdb_properties_file

    self.vcdb_name = db_properties['name']
    self.vcdb_user = db_properties['username']
                                    Severity: Major
                                    Found in modules/post/linux/gather/vcenter_secrets_dump.rb - About 2 hrs to fix

                                      Method has_h2_headings has 58 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def has_h2_headings
    has_vulnerable_application = false
    has_verification_steps = false
    has_scenarios = false
    has_options = false
                                      Severity: Major
                                      Found in tools/dev/msftidy_docs.rb - About 2 hrs to fix

                                        Method use has 58 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def use(mod, opts = { })
    if mod.nil?
      raise RuntimeError, "No modules were specified", caller
    end
                                        Severity: Major
                                        Found in lib/rex/post/meterpreter/client_core.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language