Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method on_request_uri has 114 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def on_request_uri(cli, request)
    print_status("Request '#{request.method} #{request.uri}'")

    if request.method.downcase == 'post'
      collect_data(request)
Severity: Major
Found in modules/auxiliary/gather/android_stock_browser_uxss.rb - About 4 hrs to fix

    Method run has 114 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run
    # Add padding to bypass TYPO3 security filters
    #
    # Null byte fixed in PHP 5.3.4
    #
    Severity: Major
    Found in modules/auxiliary/admin/http/typo3_winstaller_default_enc_keys.rb - About 4 hrs to fix

      Method run_host has 114 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def run_host(ip)
    extensions = [
      '.null',
      '.backup',
      '.bak',
      Severity: Major
      Found in modules/auxiliary/scanner/http/files_dir.rb - About 4 hrs to fix

        Method exploit has 114 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def exploit
    uri = target_uri.path

    print_status("Grabbing version and login CSRF token...")
    response = send_request_cgi({
        Severity: Major
        Found in modules/exploits/multi/http/mediawiki_thumb.rb - About 4 hrs to fix

          Method steal_default_files has 114 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def steal_default_files
    %Q|

      try {
          Severity: Major
          Found in lib/msf/core/exploit/format/webarchive.rb - About 4 hrs to fix

            Identical blocks of code found in 2 locations. Consider refactoring.
            Open

              def parse_flags(flags)
    flags = flags.to_s(2)
    result = {}
    result['Super Client'] = flags[0,1] == '1' ? true : false
    result['UUIDs'] = flags[5,1] == '1' ? true : false
            Severity: Major
            Found in lib/msf/core/exploit/remote/afp.rb and 1 other location - About 4 hrs to fix
            lib/metasploit/framework/afp/client.rb on lines 293..308

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 154.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Identical blocks of code found in 2 locations. Consider refactoring.
            Open

                    def parse_flags(flags)
          flags = flags.to_s(2)
          result = {}
          result['Super Client'] = flags[0,1] == '1' ? true : false
          result['UUIDs'] = flags[5,1] == '1' ? true : false
            Severity: Major
            Found in lib/metasploit/framework/afp/client.rb and 1 other location - About 4 hrs to fix
            lib/msf/core/exploit/remote/afp.rb on lines 306..321

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 154.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Identical blocks of code found in 2 locations. Consider refactoring.
            Open

              def start_http(opts={})
    # Ensture all dependencies are present before initializing HTTP
    use_zlib

    comm = datastore['ListenerComm']
            Severity: Major
            Found in modules/auxiliary/gather/safari_file_url_navigation.rb and 1 other location - About 4 hrs to fix
            modules/exploits/osx/browser/safari_file_policy.rb on lines 168..224

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 154.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Identical blocks of code found in 2 locations. Consider refactoring.
            Open

              def start_http(opts={})
    # Ensure all dependencies are present before initializing HTTP
    use_zlib

    comm = datastore['ListenerComm']
            Severity: Major
            Found in modules/exploits/osx/browser/safari_file_policy.rb and 1 other location - About 4 hrs to fix
            modules/auxiliary/gather/safari_file_url_navigation.rb on lines 215..271

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 154.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Identical blocks of code found in 2 locations. Consider refactoring.
            Open

              def bruteforce(ip)
    @scanner.scan! do |result|
      case result.status
        when Metasploit::Model::Login::Status::SUCCESSFUL
          print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"
            Severity: Major
            Found in modules/auxiliary/scanner/http/chef_webui_login.rb and 1 other location - About 4 hrs to fix
            modules/auxiliary/scanner/http/zabbix_login.rb on lines 59..98

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 154.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Identical blocks of code found in 2 locations. Consider refactoring.
            Open

              def bruteforce(ip)
    @scanner.scan! do |result|
      case result.status
        when Metasploit::Model::Login::Status::SUCCESSFUL
          print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"
            Severity: Major
            Found in modules/auxiliary/scanner/http/zabbix_login.rb and 1 other location - About 4 hrs to fix
            modules/auxiliary/scanner/http/chef_webui_login.rb on lines 58..97

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 154.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Similar blocks of code found in 2 locations. Consider refactoring.
            Open

              def run_host(target_host)
    begin
      # Login anonymously and open the socket that we'll use for data retrieval.
      connect_login
      sock = data_connect
            Severity: Major
            Found in modules/auxiliary/scanner/ftp/pcman_ftp_traversal.rb and 1 other location - About 4 hrs to fix
            modules/auxiliary/scanner/ftp/konica_ftp_traversal.rb on lines 57..111

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 154.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Similar blocks of code found in 2 locations. Consider refactoring.
            Open

              def run_host(target_host)
    begin
      # Login anonymously and open the socket that we'll use for data retrieval.
      connect_login
      sock = data_connect
            Severity: Major
            Found in modules/auxiliary/scanner/ftp/konica_ftp_traversal.rb and 1 other location - About 4 hrs to fix
            modules/auxiliary/scanner/ftp/pcman_ftp_traversal.rb on lines 55..109

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 154.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Method run has 113 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def run
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'agentHandler'),
      'method' =>'GET',
      'vars_get' => {
            Severity: Major
            Found in modules/auxiliary/gather/eventlog_cred_disclosure.rb - About 4 hrs to fix

              Method run_host has 113 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def run_host(ip)

    conn = false

    timeout = datastore['TIMEOUT']
              Severity: Major
              Found in modules/auxiliary/scanner/http/brute_dirs.rb - About 4 hrs to fix

                Method initialize has 113 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Drupal Drupalgeddon 2 Forms API Property Injection',
      'Description'    => %q{
        This module exploits a Drupal property injection in the Forms API.
                Severity: Major
                Found in modules/exploits/unix/webapp/drupal_drupalgeddon2.rb - About 4 hrs to fix

                  Method rce_implant has 113 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def rce_implant
    # create new dashboard
    vprint_status('Creating new dashboard')
    res = send_request_cgi(
      'keep_cookies' => true,
                  Severity: Major
                  Found in modules/exploits/linux/http/apache_superset_cookie_sig_rce.rb - About 4 hrs to fix

                    Method create_library has 113 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def self.create_library(constant_manager, library_path = 'libc.so.6')
    lib = Library.new(library_path, constant_manager)

    lib.add_function(
      'calloc',
                    Severity: Major
                    Found in lib/rex/post/meterpreter/extensions/stdapi/railgun/def/linux/def_libc.rb - About 4 hrs to fix

                      Method add_thread_x64 has 113 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def add_thread_x64(payload)

    stackpreserve = "\x90\x50\x53\x51\x52\x56\x57\x55\x41\x50" +    # AUTOMATED ASM: x64 = ['nop', 'push rax', 'push rbx', 'push rcx', 'push rdx', 'push rsi', 'push rdi', 'push rbp', 'push r8']
        "\x41\x51\x41\x52\x41\x53\x41\x54\x41\x55\x41\x56\x41\x57\x9c"    # AUTOMATED ASM: x64 = ['push r9', 'push r10', 'push r11', 'push r12', 'push r13', 'push r14', 'push r15', 'pushfq']
                      Severity: Major
                      Found in lib/rex/post/meterpreter/extensions/peinjector/peinjector.rb - About 4 hrs to fix

                        Method run has 112 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def run
    found = false
    roots.each do |root|
      break if found
                        Severity: Major
                        Found in modules/auxiliary/gather/owncloud_phpinfo_reader.rb - About 4 hrs to fix
                          Severity
                          Category
                          Status
                          Source
                          Language