Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method cmd_loot has 135 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def cmd_loot(*args)
    return unless active?

    mode = :search
    host_ranges = []
Severity: Major
Found in lib/msf/ui/console/command_dispatcher/db.rb - About 5 hrs to fix

    Method send_request_tgt has 135 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

              def send_request_tgt(options = {})
            realm = options[:realm]
            server_name = options[:server_name] || "krbtgt/#{realm}"
            client_name = options[:client_name]
            client_name = client_name.dup.force_encoding('utf-8') if client_name
    Severity: Major
    Found in lib/msf/core/exploit/remote/kerberos/client.rb - About 5 hrs to fix

      Method get_detection_html has 135 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

          def get_detection_html(user_agent)
      ua_info = fingerprint_user_agent(user_agent)
      os      = ua_info[:os_name]
      client  = ua_info[:ua_name]
      Severity: Major
      Found in lib/msf/core/exploit/remote/browser_exploit_server.rb - About 5 hrs to fix

        Method run has 134 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def run
    # If the action can be detected automatically. (Action: Automatic)
    @my_action = pick_action
    if @my_action.nil?
      # If the automatic search fails, bye bye.
        Severity: Major
        Found in modules/auxiliary/gather/cloud_lookup.rb - About 5 hrs to fix

          Method exploit has 134 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def exploit
    sploit = ''
    if target.name =~ /Windows 2000 SP4/

      sploit << rand_text_alpha(934)
          Severity: Major
          Found in modules/exploits/windows/lotus/domino_icalendar_organizer.rb - About 5 hrs to fix

            Method smb_fingerprint_windows_lang has 134 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

                  def smb_fingerprint_windows_lang

        #
        # Remote language detection via Print Providers
        # Credit: http://immunityinc.com/downloads/Remote_Language_Detection_in_Immunity_CANVAS.odt
            Severity: Major
            Found in lib/msf/core/exploit/remote/smb/client.rb - About 5 hrs to fix

              Method on_request_uri has 133 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def on_request_uri(cli, request)

    js_name  = rand_text_alpha(rand(10)+5) + '.js'

    payload_url =  "http://"
              Severity: Major
              Found in modules/exploits/windows/browser/samsung_security_manager_put.rb - About 5 hrs to fix

                Method initialize has 133 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Samba SetInformationPolicy AuditEventsInfo Heap Overflow',
      'Description'    => %q{
          This module triggers a vulnerability in the LSA RPC service of the Samba daemon
                Severity: Major
                Found in modules/exploits/linux/samba/setinfopolicy_heap.rb - About 5 hrs to fix

                  Method generate has 133 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                      def self.generate(cmd, shell: nil)
      js_escaped = "String.fromCharCode(#{cmd.each_char.map(&:ord).map(&:to_s).join(',')})"

      # emulate the same behavior as the ysoserial-modified series,
      # see: https://github.com/pimps/ysoserial-modified/blob/1bd423d30ae87074f94d6b9b687c17162f122c3d/src/main/java/ysoserial/payloads/util/CmdExecuteHelper.java#L11
                  Severity: Major
                  Found in lib/msf/util/java_deserialization/bean_factory.rb - About 5 hrs to fix

                    Similar blocks of code found in 5 locations. Consider refactoring.
                    Open

                      swagger_path '/api/v1/logins/{id}' do
    # Swagger documentation for /api/v1/logins/:id GET
    operation :get do
      key :description, 'Return specific login that is stored in the database.'
      key :tags, [ 'login' ]
                    Severity: Major
                    Found in lib/msf/core/web_services/documentation/api/v1/login_api_doc.rb and 4 other locations - About 5 hrs to fix
                    lib/msf/core/web_services/documentation/api/v1/note_api_doc.rb on lines 146..222
                    lib/msf/core/web_services/documentation/api/v1/payload_api_doc.rb on lines 162..238
                    lib/msf/core/web_services/documentation/api/v1/service_api_doc.rb on lines 148..225
                    lib/msf/core/web_services/documentation/api/v1/workspace_api_doc.rb on lines 135..211

                    Duplicated Code

                    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                    Tuning

                    This issue has a mass of 177.

                    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                    Refactorings

                    Further Reading

                    Similar blocks of code found in 5 locations. Consider refactoring.
                    Open

                      swagger_path '/api/v1/payloads/{id}' do
    # Swagger documentation for api/v1/payloads/:id GET
    operation :get do
      key :description, 'Return specific payload that is stored in the database.'
      key :tags, [ 'payload' ]
                    Severity: Major
                    Found in lib/msf/core/web_services/documentation/api/v1/payload_api_doc.rb and 4 other locations - About 5 hrs to fix
                    lib/msf/core/web_services/documentation/api/v1/login_api_doc.rb on lines 155..231
                    lib/msf/core/web_services/documentation/api/v1/note_api_doc.rb on lines 146..222
                    lib/msf/core/web_services/documentation/api/v1/service_api_doc.rb on lines 148..225
                    lib/msf/core/web_services/documentation/api/v1/workspace_api_doc.rb on lines 135..211

                    Duplicated Code

                    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                    Tuning

                    This issue has a mass of 177.

                    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                    Refactorings

                    Further Reading

                    Similar blocks of code found in 5 locations. Consider refactoring.
                    Open

                      swagger_path '/api/v1/notes/{id}' do
    # Swagger documentation for api/v1/notes/:id GET
    operation :get do
      key :description, 'Return specific note that is stored in the database.'
      key :tags, [ 'note' ]
                    Severity: Major
                    Found in lib/msf/core/web_services/documentation/api/v1/note_api_doc.rb and 4 other locations - About 5 hrs to fix
                    lib/msf/core/web_services/documentation/api/v1/login_api_doc.rb on lines 155..231
                    lib/msf/core/web_services/documentation/api/v1/payload_api_doc.rb on lines 162..238
                    lib/msf/core/web_services/documentation/api/v1/service_api_doc.rb on lines 148..225
                    lib/msf/core/web_services/documentation/api/v1/workspace_api_doc.rb on lines 135..211

                    Duplicated Code

                    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                    Tuning

                    This issue has a mass of 177.

                    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                    Refactorings

                    Further Reading

                    Similar blocks of code found in 5 locations. Consider refactoring.
                    Open

                      swagger_path '/api/v1/services/{id}' do
    # Swagger documentation for api/v1/services/:id GET

    operation :get do
      key :description, 'Return specific service that is stored in the database.'
                    Severity: Major
                    Found in lib/msf/core/web_services/documentation/api/v1/service_api_doc.rb and 4 other locations - About 5 hrs to fix
                    lib/msf/core/web_services/documentation/api/v1/login_api_doc.rb on lines 155..231
                    lib/msf/core/web_services/documentation/api/v1/note_api_doc.rb on lines 146..222
                    lib/msf/core/web_services/documentation/api/v1/payload_api_doc.rb on lines 162..238
                    lib/msf/core/web_services/documentation/api/v1/workspace_api_doc.rb on lines 135..211

                    Duplicated Code

                    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                    Tuning

                    This issue has a mass of 177.

                    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                    Refactorings

                    Further Reading

                    Similar blocks of code found in 5 locations. Consider refactoring.
                    Open

                      swagger_path '/api/v1/workspaces/{id}' do
    # Swagger documentation for api/v1/workspaces/:id GET
    operation :get do
      key :description, 'Return specific workspace that is stored in the database.'
      key :tags, [ 'workspace' ]
                    Severity: Major
                    Found in lib/msf/core/web_services/documentation/api/v1/workspace_api_doc.rb and 4 other locations - About 5 hrs to fix
                    lib/msf/core/web_services/documentation/api/v1/login_api_doc.rb on lines 155..231
                    lib/msf/core/web_services/documentation/api/v1/note_api_doc.rb on lines 146..222
                    lib/msf/core/web_services/documentation/api/v1/payload_api_doc.rb on lines 162..238
                    lib/msf/core/web_services/documentation/api/v1/service_api_doc.rb on lines 148..225

                    Duplicated Code

                    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                    Tuning

                    This issue has a mass of 177.

                    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                    Refactorings

                    Further Reading

                    Similar blocks of code found in 2 locations. Consider refactoring.
                    Open

                    "\x55\x8b\xec\x81\xec\xa8\x01\x00\x00\x53\x56\x57\xeb\x02\xeb\x05\xe8\xf9\xff\xff\xff" +
"\x5b\x83\xeb\x15\x89\x9d\x60\xff\xff\xff\x89\xbd\x58\xfe\xff\xff\xeb\x70\x56\x33" +
"\xc0\x64\x8b\x40\x30\x85\xc0\x78\x0c\x8b\x40\x0c\x8b\x70\x1c\xad\x8b\x40\x08\xeb" +
"\x09\x8b\x40\x34\x8d\x40\x7c\x8b\x40\x3c\x5e\xc3\x60\x8b\x6c\x24\x24\x8b\x45\x3c" +
"\x8b\x54\x05\x78\x03\xd5\x8b\x4a\x18\x8b\x5a\x20\x03\xdd\xe3\x34\x49\x8b\x34\x8b" +
                    Severity: Major
                    Found in lib/msf/core/payload/windows/dll_inject.rb and 1 other location - About 5 hrs to fix
                    modules/exploits/osx/browser/safari_metadata_archive.rb on lines 118..207

                    Duplicated Code

                    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                    Tuning

                    This issue has a mass of 177.

                    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                    Refactorings

                    Further Reading

                    Similar blocks of code found in 2 locations. Consider refactoring.
                    Open

                        "\x00\x05\x16\x07\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x09\x00\x00"+
    "\x00\x32\x00\x00\x00\x20\x00\x00\x00\x02\x00\x00\x00\x52\x00\x00"+
    "\x05\x3a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
                    Severity: Major
                    Found in modules/exploits/osx/browser/safari_metadata_archive.rb and 1 other location - About 5 hrs to fix
                    lib/msf/core/payload/windows/dll_inject.rb on lines 38..126

                    Duplicated Code

                    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                    Tuning

                    This issue has a mass of 177.

                    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                    Refactorings

                    Further Reading

                    Identical blocks of code found in 2 locations. Consider refactoring.
                    Open

                        if mytarget.name == 'CRASHER'
      sploit = Rex::Text.pattern_create(2048)
      print_status("Attempting to corrupt memory to cause an exception!")
      num = 32
    else
                    Severity: Major
                    Found in modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb and 1 other location - About 5 hrs to fix
                    modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb on lines 316..367

                    Duplicated Code

                    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                    Tuning

                    This issue has a mass of 176.

                    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                    Refactorings

                    Further Reading

                    Identical blocks of code found in 2 locations. Consider refactoring.
                    Open

                        if mytarget.name == 'CRASHER'
      sploit = Rex::Text.pattern_create(2048)
      print_status("Attempting to corrupt memory to cause an exception!")
      num = 32
    else
                    Severity: Major
                    Found in modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb and 1 other location - About 5 hrs to fix
                    modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb on lines 319..370

                    Duplicated Code

                    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                    Tuning

                    This issue has a mass of 176.

                    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                    Refactorings

                    Further Reading

                    Similar blocks of code found in 2 locations. Consider refactoring.
                    Open

                      def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Reverse TCP Stager',
      'Description'   => 'Connect back to the attacker',
      'Author'        =>
                    Severity: Major
                    Found in modules/payloads/stagers/linux/mipsle/reverse_tcp.rb and 1 other location - About 5 hrs to fix
                    modules/payloads/stagers/linux/mipsbe/reverse_tcp.rb on lines 14..111

                    Duplicated Code

                    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                    Tuning

                    This issue has a mass of 176.

                    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                    Refactorings

                    Further Reading

                    Similar blocks of code found in 2 locations. Consider refactoring.
                    Open

                      def initialize(info={})
    super(update_info(info,
      'Name'                => 'Adobe Flash Player Drawing Fill Shader Memory Corruption',
      'Description'         => %q{
        This module exploits a memory corruption happening when applying a Shader as a drawing fill
                    Severity: Major
                    Found in modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb and 1 other location - About 5 hrs to fix
                    modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb on lines 11..93

                    Duplicated Code

                    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                    Tuning

                    This issue has a mass of 176.

                    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                    Refactorings

                    Further Reading

                    Severity
                    Category
                    Status
                    Source
                    Language