Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 83 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(
      update_info(
        info,
        {
Severity: Major
Found in modules/exploits/windows/local/druva_insync_insynccphwnet64_rcp_type_5_priv_esc.rb - About 3 hrs to fix

    Method exploit has 83 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def exploit

    peer = "#{rhost}:#{rport}"

    # Generate the ASP containing the EXE containing the payload
    Severity: Major
    Found in modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb - About 3 hrs to fix

      Method initialize has 83 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(
      update_info(
        info,
        {
      Severity: Major
      Found in modules/exploits/linux/ssh/vmware_vrni_known_privkey.rb - About 3 hrs to fix

        Method run has 83 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def run
    print_status('Checking if BulletProof FTP Client is installed...')
    if !check_installation
      print_error("BulletProof FTP Client isn't installed")
      return
        Severity: Major
        Found in modules/post/windows/gather/credentials/bulletproof_ftp.rb - About 3 hrs to fix

          Method cmd_pivot has 83 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def cmd_pivot(*args)
    if args.length == 0 || args.include?('-h')
      cmd_pivot_help
      return true
    end
          Severity: Major
          Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb - About 3 hrs to fix

            Identical blocks of code found in 2 locations. Consider refactoring.
            Open

              def check
    var_a = rand_text_alpha_lower(4)
    var_b = rand_text_alpha_lower(4)

    addend_one = rand_text_numeric(rand(3) + 1).to_i
            Severity: Major
            Found in modules/exploits/multi/http/struts_dmi_rest_exec.rb and 1 other location - About 3 hrs to fix
            modules/exploits/multi/http/struts_dmi_exec.rb on lines 141..169

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 117.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Identical blocks of code found in 2 locations. Consider refactoring.
            Open

              def is_app_epmp1000?
    begin
      res = send_request_cgi(
        {
          'uri'       => '/',
            Severity: Major
            Found in modules/exploits/unix/http/epmp1000_get_chart_cmd_shell.rb and 1 other location - About 3 hrs to fix
            modules/exploits/unix/http/epmp1000_ping_cmd_shell.rb on lines 60..95

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 117.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Identical blocks of code found in 2 locations. Consider refactoring.
            Open

              def check
    var_a = rand_text_alpha_lower(4)
    var_b = rand_text_alpha_lower(4)

    addend_one = rand_text_numeric(rand(3) + 1).to_i
            Severity: Major
            Found in modules/exploits/multi/http/struts_dmi_exec.rb and 1 other location - About 3 hrs to fix
            modules/exploits/multi/http/struts_dmi_rest_exec.rb on lines 142..170

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 117.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Identical blocks of code found in 2 locations. Consider refactoring.
            Open

              def is_app_epmp1000?
    begin
      res = send_request_cgi(
        {
          'uri'       => '/',
            Severity: Major
            Found in modules/exploits/unix/http/epmp1000_ping_cmd_shell.rb and 1 other location - About 3 hrs to fix
            modules/exploits/unix/http/epmp1000_get_chart_cmd_shell.rb on lines 59..94

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 117.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Identical blocks of code found in 2 locations. Consider refactoring.
            Open

                # NOTE: We don't care if the login failed here...
    ret = connect
    banner = sock.get_once || ''

    # We just want the banner to check against our targets..
            Severity: Major
            Found in modules/exploits/linux/ftp/proftp_telnet_iac.rb and 1 other location - About 3 hrs to fix
            modules/exploits/freebsd/ftp/proftp_telnet_iac.rb on lines 91..130

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 116.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Identical blocks of code found in 2 locations. Consider refactoring.
            Open

                # NOTE: We don't care if the login failed here...
    ret = connect
    banner = sock.get_once || ''

    # We just want the banner to check against our targets..
            Severity: Major
            Found in modules/exploits/freebsd/ftp/proftp_telnet_iac.rb and 1 other location - About 3 hrs to fix
            modules/exploits/linux/ftp/proftp_telnet_iac.rb on lines 270..309

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 116.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Similar blocks of code found in 2 locations. Consider refactoring.
            Open

                  if datastore['PLUGINS']
        print_status("#{target_host} - Enumerating plugins")

        if datastore['EXPLOITABLE']
          f = File.open(datastore['EXPLOITABLE_PLUGINS'], 'rb')
            Severity: Major
            Found in modules/auxiliary/scanner/http/wordpress_scanner.rb and 1 other location - About 3 hrs to fix
            modules/auxiliary/scanner/http/wordpress_scanner.rb on lines 66..96

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 116.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Similar blocks of code found in 2 locations. Consider refactoring.
            Open

                  if datastore['THEMES']
        print_status("#{target_host} - Enumerating Themes")

        if datastore['EXPLOITABLE']
          f = File.open(datastore['EXPLOITABLE_THEMES'], 'rb')
            Severity: Major
            Found in modules/auxiliary/scanner/http/wordpress_scanner.rb and 1 other location - About 3 hrs to fix
            modules/auxiliary/scanner/http/wordpress_scanner.rb on lines 98..128

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 116.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Method parse_user_record has 82 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def parse_user_record(dcerpc_client, user_record)
    vprint_status("Decrypting hash for user: #{user_record.pmsg_out.msg_getchg.p_nc.string_name.to_ary[0..].join.encode('utf-8')}")

    entinf_struct = user_record.pmsg_out.msg_getchg.p_objects.entinf
    rid = entinf_struct.p_name.sid[-4..].unpack('L<').first
            Severity: Major
            Found in modules/auxiliary/gather/windows_secrets_dump.rb - About 3 hrs to fix

              Method dispatch_request has 82 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def dispatch_request(packet, rhost, src_port)
    rhost = ::IPAddr.new(rhost)

    # `recvfrom` (on Linux at least) will give us an ipv6/ipv4 mapped
    # addr like "::ffff:192.168.0.1" when the interface we're listening
              Severity: Major
              Found in modules/auxiliary/spoof/llmnr/llmnr_response.rb - About 3 hrs to fix

                Method run has 82 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def run
    print_status("Logging into #{target_url}...")
    res = send_request_cgi(
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path, 'user_session', 'new'),
                Severity: Major
                Found in modules/auxiliary/admin/http/katello_satellite_priv_esc.rb - About 3 hrs to fix

                  Method run_host has 82 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def run_host(ip)
    @proto = (ssl ? 'https' : 'http')

    case action.name
    when 'CHECK_TRAVERSAL'
                  Severity: Major
                  Found in modules/auxiliary/scanner/http/apache_normalize_path.rb - About 3 hrs to fix

                    Method exploit has 82 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def exploit
    if check != CheckCode::Appears
      fail_with(Failure::NotVulnerable, 'Target is not vulnerable')
    end
                    Severity: Major
                    Found in modules/exploits/unix/http/pihole_dhcp_mac_exec.rb - About 3 hrs to fix

                      Method initialize has 82 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Bolt CMS 3.7.0 - Authenticated Remote Code Execution',
                      Severity: Major
                      Found in modules/exploits/unix/webapp/bolt_authenticated_rce.rb - About 3 hrs to fix

                        Method exploit has 82 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def exploit
    if @csrf_token.blank? || @cacti_version.blank?
      res = send_request_cgi(
        'uri' => normalize_uri(target_uri.path, 'index.php'),
        'method' => 'GET',
                        Severity: Major
                        Found in modules/exploits/multi/http/cacti_pollers_sqli_rce.rb - About 3 hrs to fix
                          Severity
                          Category
                          Status
                          Source
                          Language