Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Identical blocks of code found in 2 locations. Consider refactoring.
Open

  def request_fqdn
    ntlm_ssp = "NTLMSSP\x00\x01\x00\x00\x00\x05\x02\x88\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
    received = send_request_raw(
      'method' => 'RPC_IN_DATA',
      'uri' => normalize_uri('rpc', 'rpcproxy.dll'),
Severity: Major
Found in modules/exploits/windows/http/exchange_proxyshell_rce.rb and 1 other location - About 2 hrs to fix
modules/exploits/windows/http/exchange_proxylogon_rce.rb on lines 259..278

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 85.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Identical blocks of code found in 2 locations. Consider refactoring.
Open

  def validate_cookie(decoded_cookie, secret_key)
    print_status("#{peer} - Attempting to resign with key: #{secret_key}")
    encoded_cookie = Msf::Exploit::Remote::HTTP::FlaskUnsign::Session.sign(decoded_cookie, secret_key)

    print_status("#{peer} - New signed cookie: #{encoded_cookie}")
Severity: Major
Found in modules/exploits/linux/http/apache_superset_cookie_sig_rce.rb and 1 other location - About 2 hrs to fix
modules/auxiliary/gather/apache_superset_cookie_sig_priv_esc.rb on lines 96..114

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 85.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Identical blocks of code found in 2 locations. Consider refactoring.
Open

  def request_fqdn
    ntlm_ssp = "NTLMSSP\x00\x01\x00\x00\x00\x05\x02\x88\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
    received = send_request_raw(
      'method' => 'RPC_IN_DATA',
      'uri' => normalize_uri('rpc', 'rpcproxy.dll'),
Severity: Major
Found in modules/exploits/windows/http/exchange_proxylogon_rce.rb and 1 other location - About 2 hrs to fix
modules/exploits/windows/http/exchange_proxyshell_rce.rb on lines 188..207

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 85.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def run
    check_pcaprub_loaded()
    ::Socket.do_not_reverse_lookup = true  # Mac OS X workaround

    # Avoid receiving extraneous traffic on our send socket
Severity: Major
Found in modules/auxiliary/spoof/llmnr/llmnr_response.rb and 1 other location - About 2 hrs to fix
modules/auxiliary/spoof/mdns/mdns_response.rb on lines 208..242

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 85.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

      class RAKP2 < BinData::Record
        endian  :little
        uint8   :rmcp_version                   ,label: "RMCP Version"
        uint8   :rmcp_padding                   ,label: "RMCP Padding"
        uint8   :rmcp_sequence                  ,label: "RMCP Sequence"
Severity: Major
Found in lib/rex/proto/ipmi/rakp2.rb and 1 other location - About 2 hrs to fix
lib/rex/proto/ipmi/open_session_reply.rb on lines 8..30

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 85.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

      class Open_Session_Reply < BinData::Record
        endian  :little
        uint8   :rmcp_version                     ,label: "RMCP Version"
        uint8   :rmcp_padding                     ,label: "RMCP Padding"
        uint8   :rmcp_sequence                    ,label: "RMCP Sequence"
Severity: Major
Found in lib/rex/proto/ipmi/open_session_reply.rb and 1 other location - About 2 hrs to fix
lib/rex/proto/ipmi/rakp2.rb on lines 8..29

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 85.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def gogs_create_file(last_chunk: false)
    uri = normalize_uri(datastore['USERNAME'], @repo_name, '/_new/master')
    filename = "#{Rex::Text.rand_text_alpha(4..8)}.txt"

    res = send_request_cgi('method' => 'GET', 'uri' => uri, 'keep_cookies' => true)
Severity: Major
Found in modules/exploits/multi/http/gogs_git_hooks_rce.rb and 1 other location - About 2 hrs to fix
modules/exploits/multi/http/gitea_git_hooks_rce.rb on lines 311..339

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 85.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

        def enum_group(server_name = nil)
          unless session.commands.include?(Rex::Post::Meterpreter::Extensions::Stdapi::COMMAND_ID_STDAPI_RAILGUN_API)
            raise "Session doesn't support Railgun!"
          end
Severity: Major
Found in lib/msf/core/post/windows/accounts.rb and 1 other location - About 2 hrs to fix
lib/msf/core/post/windows/accounts.rb on lines 693..716

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 85.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def run
    check_pcaprub_loaded()
    ::Socket.do_not_reverse_lookup = true  # Mac OS X workaround

    # Avoid receiving extraneous traffic on our send socket
Severity: Major
Found in modules/auxiliary/spoof/mdns/mdns_response.rb and 1 other location - About 2 hrs to fix
modules/auxiliary/spoof/llmnr/llmnr_response.rb on lines 189..223

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 85.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

        def enum_localgroup(server_name = nil)
          unless session.commands.include?(Rex::Post::Meterpreter::Extensions::Stdapi::COMMAND_ID_STDAPI_RAILGUN_API)
            raise "Session doesn't support Railgun!"
          end
Severity: Major
Found in lib/msf/core/post/windows/accounts.rb and 1 other location - About 2 hrs to fix
lib/msf/core/post/windows/accounts.rb on lines 726..749

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 85.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def gitea_create_file(last_chunk: false)
    uri = normalize_uri(datastore['USERNAME'], @repo_name, '/_new/master')
    filename = "#{Rex::Text.rand_text_alpha(4..8)}.txt"

    res = send_request_cgi('method' => 'GET', 'uri' => uri, 'keep_cookies' => true)
Severity: Major
Found in modules/exploits/multi/http/gitea_git_hooks_rce.rb and 1 other location - About 2 hrs to fix
modules/exploits/multi/http/gogs_git_hooks_rce.rb on lines 294..322

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 85.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method packetrecord has 56 lines of code (exceeds 25 allowed). Consider refactoring.
Open

def packetrecord(packtime, logfile,intid)
  begin
    rec = 1
    print_status("Packets being saved in to #{logfile}")
    print_status("Packet capture interval is #{packtime} Seconds")
Severity: Major
Found in scripts/meterpreter/packetrecorder.rb - About 2 hrs to fix

    Method run has 56 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run
    print_status("Beginning IBM Lotus Notes Sametime Meeting Room Bruteforce")
    print_status("Using owner: #{datastore['OWNER']}")

    # test for expected response code on non-existent meeting room name
    Severity: Major
    Found in modules/auxiliary/gather/ibm_sametime_room_brute.rb - About 2 hrs to fix

      Method report has 56 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def report
    if @version_info['version']['sametimeVersion']
      print_line
      print_good("#{@version_info['version']['sametimeVersion']} Detected")
    else
      Severity: Major
      Found in modules/auxiliary/gather/ibm_sametime_version.rb - About 2 hrs to fix

        Method invoke_pckupgrade has 56 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def invoke_pckupgrade
    message = { name: 'Netweaver.PI_PCK.PCK' }
    message[:data] = Nokogiri::XML(<<-ENVELOPE, nil, nil, Nokogiri::XML::ParseOptions::NOBLANKS).root.to_xml(indent: 0, save_with: 0)
      <PCK>
        <Usermanagement>
        Severity: Major
        Found in modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb - About 2 hrs to fix

          Method run has 56 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def run
    target  = nil
    targets = {
      "Apple Base Station V5.0.4" => {
        :version  => 0x0024ee3c,
          Severity: Major
          Found in modules/auxiliary/admin/vxworks/apple_airport_extreme_password.rb - About 2 hrs to fix

            Method run has 56 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def run
    # No point to continue if filepath is not specified
    if datastore['FILEPATH'].empty?
      print_error('Please supply the path of the file you want to download.')
      return
            Severity: Major
            Found in modules/auxiliary/admin/http/manageengine_file_download.rb - About 2 hrs to fix

              Method run_host has 56 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def run_host(ip)
    begin
      vuln_status = check_host(ip)
      case vuln_status
      when Exploit::CheckCode::Safe
              Severity: Major
              Found in modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb - About 2 hrs to fix

                Method run_host has 56 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def run_host(ip)
    path   = datastore['PATH']
    data   = datastore['FILEDATA']

    if path[-1,1] != '/'
                Severity: Major
                Found in modules/auxiliary/scanner/http/http_put.rb - About 2 hrs to fix

                  Method get_ip_extract has 56 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def get_ip_extract
    urls = ["/Microsoft-Server-ActiveSync/default.eas",
      "/Microsoft-Server-ActiveSync",
      "/Autodiscover/Autodiscover.xml",
      "/Autodiscover",
                  Severity: Major
                  Found in modules/auxiliary/scanner/http/owa_iis_internal_ip.rb - About 2 hrs to fix
                    Severity
                    Category
                    Status
                    Source
                    Language