Method import_qualys_scan_xml has a Cognitive Complexity of 39 (exceeds 5 allowed). Consider refactoring.

Open

  def import_qualys_scan_xml(args={}, &block)
    data = args[:data]
    wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
    bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []

• Read up
  Read up

Method asm_reverse_winhttp has a Cognitive Complexity of 39 (exceeds 5 allowed). Consider refactoring.

Open

  def asm_reverse_winhttp(opts={})

    retry_count       = [opts[:retry_count].to_i, 1].max
    verify_ssl        = nil
    encoded_cert_hash = nil

• Read up
  Read up

Method initialize has 147 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def initialize
    super(
      'Name'           => 'Veeder-Root Automatic Tank Gauge (ATG) Administrative Client',
      'Description'    => %q{
        This module acts as a simplistic administrative client for interfacing

File aggregator.rb has 411 lines of code (exceeds 250 allowed). Consider refactoring.

Open

module Msf
  Aggregator_yaml = "#{Msf::Config.config_directory}/aggregator.yaml".freeze # location of the aggregator.yml containing saved aggregator creds

  # This plugin provides management and interaction with an external session aggregator.
  class Plugin::Aggregator < Msf::Plugin

File http_server.rb has 411 lines of code (exceeds 250 allowed). Consider refactoring.

Open

require 'rex/exploitation/obfuscatejs'
require 'rex/exploitation/encryptjs'
require 'rex/exploitation/heaplib'
require 'rex/exploitation/js'

File wp_crop_rce.rb has 410 lines of code (exceeds 250 allowed). Consider refactoring.

Open

class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::FileDropper
  include Msf::Exploit::Remote::HTTP::Wordpress

Method cmd_workspace has 146 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def cmd_workspace(*args)
    return unless active?

    state = :nil

Class MsftidyRunner has 43 methods (exceeds 20 allowed). Consider refactoring.

Open

class MsftidyRunner

  # Status codes
  OK       = 0
  WARNING  = 1

Method listeners_start has 145 lines of code (exceeds 25 allowed). Consider refactoring.

Open

      def listeners_start(args)
        config = parse_start_args(args)
        if config[:show_help]
          help('start')
          return

Method run_host has 145 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def run_host(ip)

    begin
      snmp = connect_snmp

Method run_host has 145 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def run_host(ip)
    verbs = %w(
      get
      active
      activate

File dispatcher_shell.rb has 407 lines of code (exceeds 250 allowed). Consider refactoring.

Open

require 'pp'
require 'rex/text/table'
require 'erb'
require 'readline'

File lsa.rb has 407 lines of code (exceeds 250 allowed). Consider refactoring.

Open

require 'rex/proto/ms_dtyp'

module Msf
  class Post
    module Windows

Method run has 144 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def run
    dork = datastore['ZOOMEYE_DORK']
    resource = datastore['RESOURCE']
    maxpage = datastore['MAXPAGE']
    facets = datastore['FACETS']

Method run_host has 144 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def run_host(ip)
    base_header = BaseHeader.new

    # Version number is always 0x10
    base_header.version_number = 16

Method exploit has 144 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def exploit
    # CVE-2024-0204 allows an unauthenticated attacker to create a new administrator account on the target system. So
    # we generate the username/password pair we want to use.
    # Note: We cannot delete the administrator account that we create.
    admin_username = Rex::Text.rand_text_alpha_lower(8)

Method rpc_round_exec has a Cognitive Complexity of 38 (exceeds 5 allowed). Consider refactoring.

Open

      def rpc_round_exec(mod, mtype, opts, nmaxjobs)
        res = nil
        idx = 0

        if active_rpc_nodes == 0

• Read up
  Read up

Method run_host has a Cognitive Complexity of 38 (exceeds 5 allowed). Consider refactoring.

Open

  def run_host(ip)
    conn = true
    ecode = nil
    emesg = nil

• Read up
  Read up

Method run_host has a Cognitive Complexity of 38 (exceeds 5 allowed). Consider refactoring.

Open

  def run_host(ip)
    print_status("#{ip}:#{rport} SSH - Testing Cleartext Keys")

    if datastore["USER_FILE"].blank? && datastore["USERNAME"].blank?
      validation_reason = "At least one of USER_FILE or USERNAME must be given"

• Read up
  Read up

Method exploit has a Cognitive Complexity of 38 (exceeds 5 allowed). Consider refactoring.

Open

  def exploit
    #
    # 1. Leverage the auth bypass to generate a new administrator access token. Older version of TeamCity (circa 2018)
    #    do not have support for access token, so we fall back to creating a new administrator account. The benefit
    #    of using an access token is we can delete it when we are finished, unlike a user account.

• Read up
  Read up