Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method run has 104 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def run
    base_addr = datastore['BASEDNS']
    targ_addr = datastore['TARGDNS']
    check_ar  = datastore['CHECK_ADDITIONAL']
    check_aa  = datastore['CHECK_AUTHORITY']
Severity: Major
Found in modules/auxiliary/spoof/dns/compare_results.rb - About 4 hrs to fix

    Method defines has 104 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def defines
    %^
        #define _SEED 0x#{@hash.to_s(16)}
        #define _ROR8(v) (v >> 8 | v << 24)
        #define MAX_SYSCALLS 500
    Severity: Major
    Found in modules/evasion/windows/syscall_inject.rb - About 4 hrs to fix

      Method initialize has 104 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(update_info(info,
      'Name'            => 'Wireshark LWRES Dissector getaddrsbyname_request Buffer Overflow (loop)',
      'Description'    => %q{
          The LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through
      Severity: Major
      Found in modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb - About 4 hrs to fix

        Method exploit has 104 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def exploit

    # Generate the WAR containing the payload
    app_base = rand_text_alphanumeric(4+rand(32-4))
    jsp_name = rand_text_alphanumeric(8+rand(8))
        Severity: Major
        Found in modules/exploits/windows/http/zenworks_assetmgmt_uploadservlet.rb - About 4 hrs to fix

          Method initialize has 104 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'SaltStack Salt Master/Minion Unauthenticated RCE',
          Severity: Major
          Found in modules/exploits/linux/misc/saltstack_salt_unauth_rce.rb - About 4 hrs to fix

            Method mssql_parse_tds_reply has 104 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def mssql_parse_tds_reply(data, info)
    info[:errors] ||= []
    info[:colinfos] ||= []
    info[:colnames] ||= []
            Severity: Major
            Found in lib/rex/proto/mssql/client_mixin.rb - About 4 hrs to fix

              Method cmd_exploit has 104 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def cmd_exploit(*args, opts: {})
    if (args.include?('-r') || args.include?('--reload-libs')) && !opts[:previously_reloaded]
      driver.run_single('reload_lib -a')
    end
              Severity: Major
              Found in lib/msf/ui/console/command_dispatcher/exploit.rb - About 4 hrs to fix

                Method initialize has 104 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(prompt = DefaultPrompt, prompt_char = DefaultPromptChar, opts = {})
    histfile = opts['HistFile'] || Msf::Config.history_file

    begin
      FeatureManager.instance.load_config
                Severity: Major
                Found in lib/msf/ui/console/driver.rb - About 4 hrs to fix

                  Method encode has 104 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def encode
    # Get the minimum number of nops to use
    min = (reqs['MinNops'] || 0).to_i
    min = 0 if reqs['DisableNops']
                  Severity: Major
                  Found in lib/msf/core/encoded_payload.rb - About 4 hrs to fix

                    Method asm_block_recv_rc4 has 104 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def asm_block_recv_rc4(opts={})
    xorkey = Rex::Text.to_dword(opts[:xorkey]).chomp
    reliable     = opts[:reliable]
    asm = %Q^
      recv:
                    Severity: Major
                    Found in lib/msf/core/payload/windows/x64/reverse_tcp_rc4_x64.rb - About 4 hrs to fix

                      Method initialize has 103 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(update_info(info,
      'Name'        => 'HTTP Client Automatic Exploiter',
      'Description' => %q{
          This module has three actions.  The first (and the default)
                      Severity: Major
                      Found in modules/auxiliary/server/browser_autopwn.rb - About 4 hrs to fix

                        Method super_redacted_deobfuscation has 103 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def super_redacted_deobfuscation(ciphertext)
    input = ciphertext
    input = input.gsub('Z', '000')

    base = '0'.upto('9').to_a + 'a'.upto('z').to_a + 'A'.upto('G').to_a
                        Severity: Major
                        Found in modules/auxiliary/admin/http/webnms_cred_disclosure.rb - About 4 hrs to fix

                          Method generate has 103 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def generate(_opts = {})
    # Split the cmd string into arg chunks
    cmd_str = datastore['CMD']
    cmd_and_args = Shellwords.shellsplit(cmd_str).map { |s| "#{s}\x00" }
                          Severity: Major
                          Found in modules/payloads/singles/osx/aarch64/shell_bind_tcp.rb - About 4 hrs to fix

                            Method initialize has 103 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Linux x64 Command Shell, Bind TCP Inline (IPv6)',
      'Description'   => 'Listen for an IPv6 connection and spawn a command shell',
      'Author'        => 'epi <epibar052[at]gmail.com>',
                            Severity: Major
                            Found in modules/payloads/singles/linux/x64/shell_bind_ipv6_tcp.rb - About 4 hrs to fix

                              Method initialize has 103 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Adobe ColdFusion Unauthenticated Remote Code Execution',
                              Severity: Major
                              Found in modules/exploits/multi/http/adobe_coldfusion_rce_cve_2023_26360.rb - About 4 hrs to fix

                                Method get_register_info has 103 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def get_register_info
    if @version >= Rex::Version.new('7.2')
      vprint_status('Returning SYSINFO for 7.2 target')
      register_info = <<~REGISTER_INFO
        FCTOS=WIN64
                                Severity: Major
                                Found in modules/exploits/windows/http/forticlient_ems_fctid_sqli.rb - About 4 hrs to fix

                                  Method send_file has 103 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def send_file(traversal_path, filename, file_content)
    #
    # FileStorageService packet structure:
    #
    # @packet_header_pre_packet_size
                                  Severity: Major
                                  Found in modules/exploits/windows/http/trackit_file_upload.rb - About 4 hrs to fix

                                    Method check has 103 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def check
    # used to ensure cleanup only runs against flexdotnetcms targets
    @skip_cleanup = true

    # visit login the page to get the necessary cookies
                                    Severity: Major
                                    Found in modules/exploits/windows/http/flexdotnetcms_upload_exec.rb - About 4 hrs to fix

                                      Method initialize has 103 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize(info={})
    super(update_info(info,
      'Name'           => "MS12-043 Microsoft XML Core Services MSXML Uninitialized Memory Corruption",
      'Description'    => %q{
          This module exploits a memory corruption flaw in Microsoft XML Core Services
                                      Severity: Major
                                      Found in modules/exploits/windows/browser/msxml_get_definition_code_exec.rb - About 4 hrs to fix

                                        Method build_packet_and_layouts has 103 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def build_packet_and_layouts(packet, function, args, arch)
    case arch
    when ARCH_X64
      native = 'Q<'
    when ARCH_X86
                                        Severity: Major
                                        Found in lib/rex/post/meterpreter/extensions/stdapi/railgun/library.rb - About 4 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language