Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method cmd_db_connect has 76 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def cmd_db_connect(*args)
    return if not db_check_driver

    opts = {}
    while (arg = args.shift)
Severity: Major
Found in lib/msf/ui/console/command_dispatcher/db.rb - About 3 hrs to fix

    Method start_handler has 76 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def start_handler

    # Maximum number of seconds to run the handler
    ctimeout = 150
    Severity: Major
    Found in lib/msf/core/handler/bind_udp.rb - About 3 hrs to fix

      Method hash_to_hashcat has 76 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

                def self.hash_to_hashcat(cred)
            case cred.private.type
            when 'Metasploit::Credential::NTLMHash'
              both = cred.private.data.split(':')
              if both[0].upcase == 'AAD3B435B51404EEAAD3B435B51404EE' # lanman empty, return ntlm
      Severity: Major
      Found in lib/metasploit/framework/password_crackers/hashcat/formatter.rb - About 3 hrs to fix

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

          def check_auth
    # see if authentication is required for the specified Solr instance
    auth_check = solr_get(
      'uri' => normalize_uri(target_uri.path, '/admin/info/system'),
      'vars_get' => { 'wt' => 'json' }
        Severity: Major
        Found in modules/exploits/multi/http/solr_velocity_rce.rb and 1 other location - About 3 hrs to fix
        lib/msf/core/exploit/remote/http/apache_solr.rb on lines 58..113

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 108.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

                  def solr_check_auth
            # see if authentication is required for the specified Solr instance
            auth_check = solr_get(
              'uri' => normalize_uri(target_uri.path, '/admin/info/system'),
              'vars_get' => { 'wt' => 'json' }
        Severity: Major
        Found in lib/msf/core/exploit/remote/http/apache_solr.rb and 1 other location - About 3 hrs to fix
        modules/exploits/multi/http/solr_velocity_rce.rb on lines 134..189

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 108.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

          def generate_rop(buf_addr, rvas)
    # ROP fun! (XP SP3 English, Dec 15 2010)
    rvas.merge!({
      # Instructions / Name    => RVA
      'BaseAddress'            => 0x63f00000,
        Severity: Major
        Found in modules/exploits/windows/browser/ms11_003_ie_css_import.rb and 1 other location - About 3 hrs to fix
        modules/exploits/windows/browser/wmi_admintools.rb on lines 236..305

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 108.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

          def initialize(info = {})
    super(merge_info(info,
                     'Name'          => 'Z/OS (MVS) Command Shell, Reverse TCP',
                     'Description'   => 'Provide JCL which creates a reverse shell
                       This implementation does not include ebcdic character translation,
        Severity: Major
        Found in modules/payloads/singles/cmd/mainframe/reverse_shell_jcl.rb and 1 other location - About 3 hrs to fix
        modules/payloads/singles/cmd/mainframe/bind_shell_jcl.rb on lines 18..56

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 108.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

          def initialize(info = {})
    super(merge_info(info,
                     'Name'          => 'Z/OS (MVS) Command Shell, Bind TCP',
                     'Description'   => 'Provide JCL which creates a bind shell
                     This implementation does not include ebcdic character translation,
        Severity: Major
        Found in modules/payloads/singles/cmd/mainframe/bind_shell_jcl.rb and 1 other location - About 3 hrs to fix
        modules/payloads/singles/cmd/mainframe/reverse_shell_jcl.rb on lines 18..56

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 108.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

          def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Windows Disable Windows ICF, Command Shell, Bind TCP Inline',
      'Description'   => 'Disable the Windows ICF, then listen for a connection and spawn a command shell',
      'Author'        => 'Lin0xx <lin0xx[at]metasploit.com>',
        Severity: Major
        Found in modules/payloads/singles/windows/shell_bind_tcp_xpfw.rb and 1 other location - About 3 hrs to fix
        modules/payloads/singles/bsd/vax/shell_reverse_tcp.rb on lines 17..68

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 108.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

          def initialize(info = {})
    super(merge_info(info,
      'Name'        => 'BSD Command Shell, Reverse TCP Inline',
      'Description' => 'Connect back to attacker and spawn a command shell',
      'Author'      => 'wvu',
        Severity: Major
        Found in modules/payloads/singles/bsd/vax/shell_reverse_tcp.rb and 1 other location - About 3 hrs to fix
        modules/payloads/singles/windows/shell_bind_tcp_xpfw.rb on lines 15..70

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 108.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

          def generate_rop(buf_addr, rvas)
    # ROP fun! (XP SP3 English, Dec 15 2010)
    rvas.merge!({
      # Instructions / Name    => RVA
      'BaseAddress'            => 0x63f00000,
        Severity: Major
        Found in modules/exploits/windows/browser/wmi_admintools.rb and 1 other location - About 3 hrs to fix
        modules/exploits/windows/browser/ms11_003_ie_css_import.rb on lines 365..434

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 108.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Method record_detection has 75 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def record_detection(cli, request)
    os_name = nil
    os_flavor = nil
    os_sp = nil
    os_lang = nil
        Severity: Major
        Found in modules/auxiliary/server/browser_autopwn.rb - About 3 hrs to fix

          Method run has 75 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def run
    vprint_status('Getting Variables')
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'default.aspx'),
      'method' => 'GET'
          Severity: Major
          Found in modules/auxiliary/gather/billquick_txtid_sqli.rb - About 3 hrs to fix

            Method run has 75 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def run
    # check our API key is somewhat sane
    unless /^[a-z\d]{32}$/i.match?(datastore['SHODAN_APIKEY'])
      fail_with(Failure::BadConfig, 'Shodan API key should be 32 characters a-z,A-Z,0-9.')
    end
            Severity: Major
            Found in modules/auxiliary/gather/shodan_search.rb - About 3 hrs to fix

              Method run has 75 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def run

    print_status("Attempting to connect to http://#{rhost}/xslt?PAGE=A07 to gather information")
    res = send_request_raw(
    {
              Severity: Major
              Found in modules/auxiliary/admin/2wire/xslt_password_reset.rb - About 3 hrs to fix

                Method run has 75 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def run
    print_status("Validating options...")

    unless datastore['USER_SID'] =~ /^S-(\d+-){6}\d+$/
      print_error("Invalid USER_SID. Ex: S-1-5-21-1755879683-3641577184-3486455962-1000")
                Severity: Major
                Found in modules/auxiliary/admin/kerberos/ms14_068_kerberos_checksum.rb - About 3 hrs to fix

                  Method run has 75 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def run
    @privesc_success = false
    @computer_created = false

    opts = {}
                  Severity: Major
                  Found in modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb - About 3 hrs to fix

                    Method enum_user has 75 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def enum_user(user, pass, uri)

    # Replace placeholder with SAP SID, if present
    if datastore['SAP_SID']
      user = user.gsub("<SAPSID>", datastore["SAP_SID"].downcase)
                    Severity: Major
                    Found in modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb - About 3 hrs to fix

                      Method run_host has 75 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def run_host(ip)
    users = get_users
    return if users.nil?

    service_data = {
                      Severity: Major
                      Found in modules/auxiliary/scanner/http/manageengine_deviceexpert_user_creds.rb - About 3 hrs to fix

                        Method run_host has 75 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def run_host(ip)
    unless wordpress_and_online?
      vprint_error('Server not online or not detected as wordpress')
      return
    end
                        Severity: Major
                        Found in modules/auxiliary/scanner/http/wp_abandoned_cart_sqli.rb - About 3 hrs to fix
                          Severity
                          Category
                          Status
                          Source
                          Language