File struts2_namespace_ognl.rb has 386 lines of code (exceeds 250 allowed). Consider refactoring.

Open

class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::EXE

Method report_creds has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def report_creds(opts)
    ip = opts[:ip] || rhost
    user = opts[:user] || nil
    domain = opts[:domain] || nil
    ntlm_ver = opts[:ntlm_ver] || nil

• Read up
  Read up

Method run has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def run
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'agentHandler'),
      'method' =>'GET',
      'vars_get' => {

• Read up
  Read up

Method run has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def run
    requests = datastore['REQUESTS']
    backends = []
    cookie_name = ''
    pool_name = ''

• Read up
  Read up

Method run_host has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def run_host(ip)

    unless wordpress_and_online?
      print_error("#{target_uri} does not seem to be WordPress site")
      return

• Read up
  Read up

Method run_host has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def run_host(ip)
    # Get the available SSL/TLS versions that that Metasploit host supports
    versions = get_metasploit_ssl_versions

    certs_found = {}

• Read up
  Read up

Method exploit has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def exploit
    admin_creds = nil
    is_windows = nil
    loop do
      print_status('Downloading the session file')

• Read up
  Read up

Method exploit has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def exploit
    # Sanity check the USERNAME and PASSWORD will meet the servers password requirements.
    fail_with(Failure::BadConfig, 'USERNAME must not be empty.') if datastore['USERNAME'].empty?
    fail_with(Failure::BadConfig, 'PASSWORD must be 8 characters of more.') if datastore['PASSWORD'].length < 8

• Read up
  Read up

Method exploit has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def exploit
    # Generate the ASP containing the EXE containing the payload
    exe  = generate_payload_exe
    asp  = Msf::Util::EXE.to_exe_asp(exe)
    path = datastore['PATH'].gsub('%RAND%', rand(0x10000000).to_s)

• Read up
  Read up

Method serial_num_method3 has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def serial_num_method3(serial_number)
    # SerialNumMethod3 password derivation function

    # constant definitions
    keystr1_byte_array = 'IO'.bytes.to_a

• Read up
  Read up

Method check has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def check
    res = send_request_cgi(
      'method' => 'GET',
      'keep_cookies' => true,
      'uri' => normalize_uri(target_uri.path, 'login')

• Read up
  Read up

Method get_pidgin_creds has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def get_pidgin_creds(paths)
    case paths
    when /#{@user}\\(.*)\\/
      sys_user = ::Regexp.last_match(1)
    when %r{home/(.*)/}

• Read up
  Read up

Method get_bookmarks has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def get_bookmarks(browser)
    file_exists = false # initializes file as not found
    grab_user_profiles.each do |user| # parses information for all users on target machine into a list.
      # If the browser is Google Chrome or Edge is searches the "AppData\Local directory, if it is Opera, it searches the AppData\Roaming directory"
      if (browser == 'GoogleChrome')

• Read up
  Read up

Method is_hash_from_empty_pwd? has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def self.is_hash_from_empty_pwd?(arg)
    hash_type = arg[:type]
    raise ArgumentError,"arg[:type] is mandatory" if not hash_type
    raise ArgumentError,"arg[:type] must be lm or ntlm" if not hash_type  =~ /^((lm)|(ntlm))$/

• Read up
  Read up

Method wsloop has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

    def wsloop(opts = {}, &block)
      buffer = ''
      buffer_type = nil

      # since web sockets have their own tear down exchange, use a synchronization lock to ensure we aren't closed until

• Read up
  Read up

Method cmd_pivot has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def cmd_pivot(*args)
    if args.length == 0 || args.include?('-h')
      cmd_pivot_help
      return true
    end

• Read up
  Read up

Method download_file has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def File.download_file(dest_file, src_file, opts = {}, &stat)
    stat ||= lambda { |a,b,c| }

    adaptive = opts["adaptive"]
    block_size = opts["block_size"] || 1024 * 1024

• Read up
  Read up

Method cmd_klist has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def cmd_klist(*args)
    return unless active?

    entries_affected = 0
    mode = :list

• Read up
  Read up

Method import_msf_zip has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def import_msf_zip(args={}, &block)
    data = args[:data]
    wspace = Msf::Util::DBManager.process_opts_workspace(args, framework)
    bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []

• Read up
  Read up

Method report_web_site has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.

Open

  def report_web_site(opts)
    return if not active
  ::ApplicationRecord.connection_pool.with_connection { |conn|
    opts = opts.clone() # protect the original caller's opts
    wspace = Msf::Util::DBManager.process_opts_workspace(opts, framework)

• Read up
  Read up