Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 22,177 of 22,177 total issues

Method steal_default_files has 114 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def steal_default_files
    %Q|

      try {
Severity: Major
Found in lib/msf/core/exploit/format/webarchive.rb - About 4 hrs to fix

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

      def parse_flags(flags)
    flags = flags.to_s(2)
    result = {}
    result['Super Client'] = flags[0,1] == '1' ? true : false
    result['UUIDs'] = flags[5,1] == '1' ? true : false
    Severity: Major
    Found in lib/msf/core/exploit/remote/afp.rb and 1 other location - About 4 hrs to fix
    lib/metasploit/framework/afp/client.rb on lines 293..308

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 154.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

            def parse_flags(flags)
          flags = flags.to_s(2)
          result = {}
          result['Super Client'] = flags[0,1] == '1' ? true : false
          result['UUIDs'] = flags[5,1] == '1' ? true : false
    Severity: Major
    Found in lib/metasploit/framework/afp/client.rb and 1 other location - About 4 hrs to fix
    lib/msf/core/exploit/remote/afp.rb on lines 306..321

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 154.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

      def start_http(opts={})
    # Ensture all dependencies are present before initializing HTTP
    use_zlib

    comm = datastore['ListenerComm']
    Severity: Major
    Found in modules/auxiliary/gather/safari_file_url_navigation.rb and 1 other location - About 4 hrs to fix
    modules/exploits/osx/browser/safari_file_policy.rb on lines 168..224

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 154.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

      def start_http(opts={})
    # Ensure all dependencies are present before initializing HTTP
    use_zlib

    comm = datastore['ListenerComm']
    Severity: Major
    Found in modules/exploits/osx/browser/safari_file_policy.rb and 1 other location - About 4 hrs to fix
    modules/auxiliary/gather/safari_file_url_navigation.rb on lines 215..271

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 154.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

      def bruteforce(ip)
    @scanner.scan! do |result|
      case result.status
        when Metasploit::Model::Login::Status::SUCCESSFUL
          print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"
    Severity: Major
    Found in modules/auxiliary/scanner/http/chef_webui_login.rb and 1 other location - About 4 hrs to fix
    modules/auxiliary/scanner/http/zabbix_login.rb on lines 59..98

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 154.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

      def bruteforce(ip)
    @scanner.scan! do |result|
      case result.status
        when Metasploit::Model::Login::Status::SUCCESSFUL
          print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"
    Severity: Major
    Found in modules/auxiliary/scanner/http/zabbix_login.rb and 1 other location - About 4 hrs to fix
    modules/auxiliary/scanner/http/chef_webui_login.rb on lines 58..97

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 154.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

      def run_host(target_host)
    begin
      # Login anonymously and open the socket that we'll use for data retrieval.
      connect_login
      sock = data_connect
    Severity: Major
    Found in modules/auxiliary/scanner/ftp/pcman_ftp_traversal.rb and 1 other location - About 4 hrs to fix
    modules/auxiliary/scanner/ftp/konica_ftp_traversal.rb on lines 57..111

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 154.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

      def run_host(target_host)
    begin
      # Login anonymously and open the socket that we'll use for data retrieval.
      connect_login
      sock = data_connect
    Severity: Major
    Found in modules/auxiliary/scanner/ftp/konica_ftp_traversal.rb and 1 other location - About 4 hrs to fix
    modules/auxiliary/scanner/ftp/pcman_ftp_traversal.rb on lines 55..109

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 154.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Method run has 113 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'agentHandler'),
      'method' =>'GET',
      'vars_get' => {
    Severity: Major
    Found in modules/auxiliary/gather/eventlog_cred_disclosure.rb - About 4 hrs to fix

      Method run_host has 113 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def run_host(ip)

    conn = false

    timeout = datastore['TIMEOUT']
      Severity: Major
      Found in modules/auxiliary/scanner/http/brute_dirs.rb - About 4 hrs to fix

        Method initialize has 113 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Drupal Drupalgeddon 2 Forms API Property Injection',
      'Description'    => %q{
        This module exploits a Drupal property injection in the Forms API.
        Severity: Major
        Found in modules/exploits/unix/webapp/drupal_drupalgeddon2.rb - About 4 hrs to fix

          Method rce_implant has 113 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def rce_implant
    # create new dashboard
    vprint_status('Creating new dashboard')
    res = send_request_cgi(
      'keep_cookies' => true,
          Severity: Major
          Found in modules/exploits/linux/http/apache_superset_cookie_sig_rce.rb - About 4 hrs to fix

            Method create_library has 113 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def self.create_library(constant_manager, library_path = 'libc.so.6')
    lib = Library.new(library_path, constant_manager)

    lib.add_function(
      'calloc',
            Severity: Major
            Found in lib/rex/post/meterpreter/extensions/stdapi/railgun/def/linux/def_libc.rb - About 4 hrs to fix

              Method add_thread_x64 has 113 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def add_thread_x64(payload)

    stackpreserve = "\x90\x50\x53\x51\x52\x56\x57\x55\x41\x50" +    # AUTOMATED ASM: x64 = ['nop', 'push rax', 'push rbx', 'push rcx', 'push rdx', 'push rsi', 'push rdi', 'push rbp', 'push r8']
        "\x41\x51\x41\x52\x41\x53\x41\x54\x41\x55\x41\x56\x41\x57\x9c"    # AUTOMATED ASM: x64 = ['push r9', 'push r10', 'push r11', 'push r12', 'push r13', 'push r14', 'push r15', 'pushfq']
              Severity: Major
              Found in lib/rex/post/meterpreter/extensions/peinjector/peinjector.rb - About 4 hrs to fix

                File psexec.rb has 355 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                require 'windows_error'
require 'windows_error/win32'
include WindowsError::Win32

module Msf
                Severity: Minor
                Found in lib/msf/core/exploit/remote/smb/client/psexec.rb - About 4 hrs to fix

                  Class MetasploitModule has 35 methods (exceeds 20 allowed). Consider refactoring.
                  Open

                  class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::EXE
                  Severity: Minor
                  Found in modules/exploits/multi/http/jira_hipchat_template.rb - About 4 hrs to fix

                    Class Header has 35 methods (exceeds 20 allowed). Consider refactoring.
                    Open

                        class Header
    
      #
      # =Name
      #
                    Severity: Minor
                    Found in lib/net/dns/header.rb - About 4 hrs to fix

                      Class Post has 35 methods (exceeds 20 allowed). Consider refactoring.
                      Open

                        class Post
    module Vcenter
      module Vcenter
        include Msf::Post::File
        include Msf::Post::Linux::Priv
                      Severity: Minor
                      Found in lib/msf/core/post/vcenter/vcenter.rb - About 4 hrs to fix

                        File wiki.rb has 354 lines of code (exceeds 250 allowed). Consider refactoring.
                        Open

                        module Msf
  ###
  #
  # This plugin extends the Rex::Text::Table class and provides commands
  # that output database information for the current workspace in a wiki
                        Severity: Minor
                        Found in plugins/wiki.rb - About 4 hrs to fix
                          Severity
                          Category
                          Status
                          Source
                          Language