Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method cmd_besecure_report_download has 51 lines of code (exceeds 25 allowed). Consider refactoring.
Open

      def cmd_besecure_report_download(*args)
        if args?(args, 4)
          req = Net::HTTP::Post.new('/json.cgi', { 'Host' => @hostname })
          format_file = args[1]
          req.set_form_data({ 'apikey' => @apikey, 'primary' => 'vulnerabilities', 'secondary' => 'report', 'action' => 'getreport', 'network' => args[0], 'format' => format_file })
Severity: Major
Found in plugins/besecure.rb - About 2 hrs to fix

    Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize
    super(
      'Name'        => 'OpenSSL Alternative Chains Certificate Forgery MITM Proxy',
      'Description'    => %q{
        This module exploits a logic error in OpenSSL by impersonating the server
    Severity: Major
    Found in modules/auxiliary/server/openssl_altchainsforgery_mitm_proxy.rb - About 2 hrs to fix

      Method run has 51 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def run
    @sqli = create_sqli(dbms: MySQLi::TimeBasedBlind) do |payload|
      check_char = Rex::Text.rand_text_alpha_lower(5)
      res = send_request_cgi({
        'keep_cookies' => true,
      Severity: Major
      Found in modules/auxiliary/gather/jasmin_ransomware_sqli.rb - About 2 hrs to fix

        Method run has 51 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def run
    res = send_request_cgi(
      'uri' => normalize_uri(target_uri.path),
      'method' => 'GET',
      'keep_cookies' => true,
        Severity: Major
        Found in modules/auxiliary/gather/roundcube_auth_file_read.rb - About 2 hrs to fix

          Method query_columns has 51 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def query_columns(database, table)
    cols = []
    query = "(SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM #{database}.#{table})"

    colc = sqli(query)
          Severity: Major
          Found in modules/auxiliary/gather/joomla_com_realestatemanager_sqli.rb - About 2 hrs to fix

            Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Find Users Without Pre-Auth Required (ASREP-roast)',
            Severity: Major
            Found in modules/auxiliary/gather/asrep.rb - About 2 hrs to fix

              Method download_file has 51 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def download_file(download_path, cookie)
    filename = Rex::Text.rand_text_alphanumeric(rand(8..17)) + '.img'
    begin
      res = send_request_cgi({
        'method' => 'POST',
              Severity: Major
              Found in modules/auxiliary/admin/http/netgear_auth_download.rb - About 2 hrs to fix

                Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'IBM Data Risk Manager Arbitrary File Download',
                Severity: Major
                Found in modules/auxiliary/admin/http/ibm_drm_download.rb - About 2 hrs to fix

                  Method run_host has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def run_host(ip)
    # Check version information to confirm Win/Lin

    soapenv='http://schemas.xmlsoap.org/soap/envelope/'
    xsi='http://www.w3.org/2001/XMLSchema-instance'
                  Severity: Major
                  Found in modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb - About 2 hrs to fix

                    Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'SAP Solution Manager remote unauthorized OS commands execution',
                    Severity: Major
                    Found in modules/auxiliary/admin/sap/cve_2020_6207_solman_rce.rb - About 2 hrs to fix

                      Method run has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def run
    vprint_status("#{rhost}:#{rport} - Trying to access the configuration of the device")

    # Curl request:
    # curl -d SERVICES=DEVICE.ACCOUNT http://192.168.178.200/getcfg.php | egrep "\<name|password"
                      Severity: Major
                      Found in modules/auxiliary/admin/http/dlink_dir_645_password_extractor.rb - About 2 hrs to fix

                        Method run has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def run
    name1  = Rex::Text.rand_text_alpha_upper(rand(10) + 1)
    name2 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)
    rand1 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)
    rand2 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)
                        Severity: Major
                        Found in modules/auxiliary/sqli/oracle/droptable_trigger.rb - About 2 hrs to fix

                          Method add_keytab_entry has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def add_keytab_entry
    keytab_path = datastore['KEYTAB_FILE']
    keytab = read_or_initialize_keytab(keytab_path)

    principal = datastore['PRINCIPAL']
                          Severity: Major
                          Found in modules/auxiliary/admin/kerberos/keytab.rb - About 2 hrs to fix

                            Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(update_info(info,
      'Name'       => 'IBM Lotus Sametime WebPlayer DoS',
      'Description'  => %q{
        This module exploits a known flaw in the IBM Lotus Sametime WebPlayer
                            Severity: Major
                            Found in modules/auxiliary/dos/misc/ibm_sametime_webplayer_dos.rb - About 2 hrs to fix

                              Method run_host has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def run_host(ip)
    unless wordpress_and_online?
      vprint_error('Server not online or not detected as wordpress')
      return
    end
                              Severity: Major
                              Found in modules/auxiliary/scanner/http/wp_chopslider_id_sqli.rb - About 2 hrs to fix

                                Method run_host has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def run_host(ip)
    # Check if remote host is available or appears vulnerable
    unless check_host(ip) == Exploit::CheckCode::Appears
      print_error("#{ip} does not appear to be vulnerable, will not continue")
      return
                                Severity: Major
                                Found in modules/auxiliary/scanner/http/drupal_views_user_enum.rb - About 2 hrs to fix

                                  Method parse_reply has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def parse_reply(pkt)

    return if not pkt[1]

    if(pkt[1] =~ /^::ffff:/)
                                  Severity: Major
                                  Found in modules/auxiliary/scanner/vxworks/wdbrpc_bootline.rb - About 2 hrs to fix

                                    Method handle_intermediate_stage has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def handle_intermediate_stage(conn, payload)
    entry_offset = elf_ep(payload)
    entry_h = entry_offset >> 16
    entry_l = entry_offset & 0x0000ffff
                                    Severity: Major
                                    Found in modules/payloads/stages/linux/mipsle/meterpreter.rb - About 2 hrs to fix

                                      Method handle_intermediate_stage has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def handle_intermediate_stage(conn, payload)
    entry_offset = elf_ep(payload)
    entry_h = entry_offset >> 16
    entry_l = entry_offset & 0x0000ffff
                                      Severity: Major
                                      Found in modules/payloads/stages/linux/mipsbe/meterpreter.rb - About 2 hrs to fix

                                        Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'NetBSD mail.local Privilege Escalation',
                                        Severity: Major
                                        Found in modules/exploits/unix/local/netbsd_mail_local.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language