Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,230 of 21,757 total issues

Method kernel_mode_payload has 438 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def kernel_mode_payload

    # Windows x64 kernel shellcode from ring 0 to ring 3 by sleepya
    #
    # This shellcode was written originally for eternalblue exploits
Severity: Major
Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 2 days to fix

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

      def query_current_connection(wlan_handle, guid)
    connection = {}
    conn_info = @wlanapi.WlanQueryInterface(wlan_handle, guid, 7, nil, 4, 4, nil)
    # Grab the pointer to our data structure. We skip voer the Interface State since we already have it
    # We interpret the connection mode used first
    Severity: Major
    Found in modules/post/windows/wlan/wlan_current_connection.rb and 1 other location - About 2 days to fix
    modules/post/windows/wlan/wlan_disconnect.rb on lines 124..296

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 538.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

      def query_current_connection(wlan_handle, guid)
    connection = {}
    conn_info = @wlanapi.WlanQueryInterface(wlan_handle, guid, 7, nil, 4, 4, nil)

    # Grab the pointer to our data structure. We skip voer the Interface State since we already have it
    Severity: Major
    Found in modules/post/windows/wlan/wlan_disconnect.rb and 1 other location - About 2 days to fix
    modules/post/windows/wlan/wlan_current_connection.rb on lines 89..260

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 538.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 3 locations. Consider refactoring.
    Open

      def make_pdf(swf, js)

    swf_name = rand_text_alpha(8 + rand(8)) + ".swf"

    xref = []
    Severity: Major
    Found in modules/exploits/windows/fileformat/adobe_flashplayer_button.rb and 2 other locations - About 2 days to fix
    modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb on lines 283..418
    modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb on lines 285..420

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 536.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 3 locations. Consider refactoring.
    Open

      def make_pdf(swf, js)

    swf_name = rand_text_alpha(8 + rand(8)) + ".swf"

    xref = []
    Severity: Major
    Found in modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb and 2 other locations - About 2 days to fix
    modules/exploits/windows/fileformat/adobe_flashplayer_button.rb on lines 289..424
    modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb on lines 285..420

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 536.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 3 locations. Consider refactoring.
    Open

      def make_pdf(swf, js)

    swf_name = rand_text_alpha(8 + rand(8)) + ".swf"

    xref = []
    Severity: Major
    Found in modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb and 2 other locations - About 2 days to fix
    modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb on lines 283..418
    modules/exploits/windows/fileformat/adobe_flashplayer_button.rb on lines 289..424

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 536.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    File exceptions.rb has 838 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    module Rex
module Proto
module SMB
module Exceptions
    Severity: Major
    Found in lib/rex/proto/smb/exceptions.rb - About 2 days to fix

      Method run has 401 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def run

    loot = ""
    uri = "/"
    uri << (datastore['YEAR']).to_s if datastore['YEAR'].to_s != ""
      Severity: Major
      Found in modules/auxiliary/gather/corpwatch_lookup_id.rb - About 2 days to fix

        File lm2ntcrack.rb has 822 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        msfbase = __FILE__
while File.symlink?(msfbase)
  msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
end
        Severity: Major
        Found in tools/password/lm2ntcrack.rb - About 1 day to fix

          Method initialize has 390 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'NetWare Command Shell',
      'Description'   => 'Connect to the NetWare console (staged)',
      'Author'        => 'toto',
          Severity: Major
          Found in modules/payloads/stages/netware/shell.rb - About 1 day to fix

            File cve_2019_0708_bluekeep_rce.rb has 798 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            class MetasploitModule < Msf::Exploit::Remote
  prepend Msf::Exploit::Remote::AutoCheck

  Rank = ManualRanking
            Severity: Major
            Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 1 day to fix

              File vcenter_secrets_dump.rb has 798 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              require 'metasploit/framework/credential_collection'

class MetasploitModule < Msf::Post
  include Msf::Post::Common
  include Msf::Post::File
              Severity: Major
              Found in modules/post/linux/gather/vcenter_secrets_dump.rb - About 1 day to fix

                File base.rb has 788 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                class Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Base
  extend Forwardable
  include Msf::Exploit::Remote::Kerberos::Client
  include Msf::Auxiliary::Report
  include Rex::Proto::Gss::Asn1
                Severity: Major
                Found in lib/msf/core/exploit/remote/kerberos/service_authenticator/base.rb - About 1 day to fix

                  File exploit.rb has 785 lines of code (exceeds 250 allowed). Consider refactoring.
                  Open

                  module Msf



###
                  Severity: Major
                  Found in lib/msf/core/exploit.rb - About 1 day to fix

                    Method cmd_sessions has 361 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def cmd_sessions(*args)
    begin
    method   = nil
    quiet    = false
    show_active = false
                    Severity: Major
                    Found in lib/msf/ui/console/command_dispatcher/core.rb - About 1 day to fix

                      File browser_autopwn.rb has 756 lines of code (exceeds 250 allowed). Consider refactoring.
                      Open

                      require 'rex/exploitation/js/detect'
require 'rex/exploitation/jsobfu'

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::HttpServer::HTML
                      Severity: Major
                      Found in modules/auxiliary/server/browser_autopwn.rb - About 1 day to fix

                        Identical blocks of code found in 2 locations. Consider refactoring.
                        Open

                        package msf.x;

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
                        Severity: Major
                        Found in external/source/exploits/CVE-2012-1723/src/msf/x/PayloadX.java and 1 other location - About 1 day to fix
                        external/source/exploits/CVE-2012-0507/msf/x/PayloadX.java on lines 1..195

                        Duplicated Code

                        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                        Tuning

                        This issue has a mass of 858.

                        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                        Refactorings

                        Further Reading

                        Identical blocks of code found in 2 locations. Consider refactoring.
                        Open

                        package msf.x;

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
                        Severity: Major
                        Found in external/source/exploits/CVE-2012-0507/msf/x/PayloadX.java and 1 other location - About 1 day to fix
                        external/source/exploits/CVE-2012-1723/src/msf/x/PayloadX.java on lines 1..195

                        Duplicated Code

                        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                        Tuning

                        This issue has a mass of 858.

                        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                        Refactorings

                        Further Reading

                        File file.rb has 755 lines of code (exceeds 250 allowed). Consider refactoring.
                        Open

                        require 'rex/post/meterpreter/extensions/stdapi/command_ids'
require 'rex/post/file_stat'

module Msf::Post::File
  include Msf::Post::Common
                        Severity: Major
                        Found in lib/msf/core/post/file.rb - About 1 day to fix

                          File snmp_enum.rb has 749 lines of code (exceeds 250 allowed). Consider refactoring.
                          Open

                          class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::SNMPClient
  include Msf::Auxiliary::Report
  include Msf::Auxiliary::Scanner
                          Severity: Major
                          Found in modules/auxiliary/scanner/snmp/snmp_enum.rb - About 1 day to fix
                            Severity
                            Category
                            Status
                            Source
                            Language