rapid7/metasploit-framework

View on GitHub

Showing 7,287 of 21,960 total issues

Similar blocks of code found in 2 locations. Consider refactoring.
Open

        elif decodedTGS['ticket']['enc-part']['etype'] == constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value:
            entry = '$krb5tgs$%d$%s$%s$*%s*$%s$%s' % (
                constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value, username, decodedTGS['ticket']['realm'],
                spn.replace(':', '~'),
                hexlify(decodedTGS['ticket']['enc-part']['cipher'][-12:].asOctets()).decode(),
Severity: Major
Found in modules/auxiliary/gather/get_user_spns.py and 1 other location - About 1 day to fix
modules/auxiliary/gather/get_user_spns.py on lines 220..229

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 163.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

        elif decodedTGS['ticket']['enc-part']['etype'] == constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value:
            entry = '$krb5tgs$%d$%s$%s$*%s*$%s$%s' % (
                constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value, username, decodedTGS['ticket']['realm'],
                spn.replace(':', '~'),
                hexlify(decodedTGS['ticket']['enc-part']['cipher'][-12:].asOctets()).decode(),
Severity: Major
Found in modules/auxiliary/gather/get_user_spns.py and 1 other location - About 1 day to fix
modules/auxiliary/gather/get_user_spns.py on lines 210..219

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 163.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method generate has 285 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def generate(_opts = {})

    target_uri = datastore['URL'] || ""
    filename = datastore['EXE'] || ""
    proto = "https"
Severity: Major
Found in modules/payloads/singles/windows/download_exec.rb - About 1 day to fix

    File client.rb has 639 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    require 'rex/encoder/ndr'
    require 'recog'
    
    module Msf
      module Exploit::Remote::SMB
    Severity: Major
    Found in lib/msf/core/exploit/remote/smb/client.rb - About 1 day to fix

      Identical blocks of code found in 2 locations. Consider refactoring.
      Open

        def make_pdf(js)
          xref = []
          eol = "\n"
          endobj = "endobj" << eol
      
      
      Severity: Major
      Found in modules/exploits/windows/browser/adobe_toolbutton.rb and 1 other location - About 1 day to fix
      modules/exploits/windows/fileformat/adobe_toolbutton.rb on lines 225..329

      Duplicated Code

      Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

      Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

      When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

      Tuning

      This issue has a mass of 357.

      We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

      The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

      If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

      See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

      Refactorings

      Further Reading

      Identical blocks of code found in 2 locations. Consider refactoring.
      Open

        def make_pdf(js)
          xref = []
          eol = "\n"
          endobj = "endobj" << eol
      
      
      Severity: Major
      Found in modules/exploits/windows/fileformat/adobe_toolbutton.rb and 1 other location - About 1 day to fix
      modules/exploits/windows/browser/adobe_toolbutton.rb on lines 216..320

      Duplicated Code

      Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

      Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

      When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

      Tuning

      This issue has a mass of 357.

      We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

      The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

      If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

      See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

      Refactorings

      Further Reading

      File android.rb has 637 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      require 'rex/post/meterpreter'
      require 'rex/post/meterpreter/extensions/android/command_ids'
      require 'date'
      
      module Rex
      Severity: Major
      Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb - About 1 day to fix

        File uds.rb has 636 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        module Msf
        class Post
        module Hardware
        module Automotive
        
        
        Severity: Major
        Found in lib/msf/core/post/hardware/automotive/uds.rb - About 1 day to fix

          Similar blocks of code found in 2 locations. Consider refactoring.
          Open

                  if decodedTGS['ticket']['enc-part']['etype'] == constants.EncryptionTypes.rc4_hmac.value:
                      entry = '$krb5tgs$%d$*%s$%s$%s*$%s$%s' % (
                          constants.EncryptionTypes.rc4_hmac.value, username, decodedTGS['ticket']['realm'],
                          spn.replace(':', '~'),
                          hexlify(decodedTGS['ticket']['enc-part']['cipher'][:16].asOctets()).decode(),
          Severity: Major
          Found in modules/auxiliary/gather/get_user_spns.py and 1 other location - About 1 day to fix
          modules/auxiliary/gather/get_user_spns.py on lines 230..239

          Duplicated Code

          Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

          Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

          When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

          Tuning

          This issue has a mass of 161.

          We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

          The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

          If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

          See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

          Refactorings

          Further Reading

          Similar blocks of code found in 2 locations. Consider refactoring.
          Open

                  elif decodedTGS['ticket']['enc-part']['etype'] == constants.EncryptionTypes.des_cbc_md5.value:
                      entry = '$krb5tgs$%d$*%s$%s$%s*$%s$%s' % (
                          constants.EncryptionTypes.des_cbc_md5.value, username, decodedTGS['ticket']['realm'],
                          spn.replace(':', '~'),
                          hexlify(decodedTGS['ticket']['enc-part']['cipher'][:16].asOctets()).decode(),
          Severity: Major
          Found in modules/auxiliary/gather/get_user_spns.py and 1 other location - About 1 day to fix
          modules/auxiliary/gather/get_user_spns.py on lines 200..209

          Duplicated Code

          Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

          Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

          When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

          Tuning

          This issue has a mass of 161.

          We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

          The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

          If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

          See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

          Refactorings

          Further Reading

          Method on_request_uri has 280 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def on_request_uri(cli, request)
              print_status("Request from #{request['User-Agent']}")
              if request.uri =~ %r{/loader32$}
                print_good("armle target is vulnerable.")
                local_file = File.join( Msf::Config.data_directory, "exploits", "CVE-2016-4655", "exploit32" )
          Severity: Major
          Found in modules/exploits/apple_ios/browser/webkit_trident.rb - About 1 day to fix

            Class EXE has 74 methods (exceeds 20 allowed). Consider refactoring.
            Open

            class EXE
            
            require 'rex'
            require 'rex/peparsey'
            require 'rex/pescan'
            Severity: Major
            Found in lib/msf/util/exe.rb - About 1 day to fix

              Class Modules has 74 methods (exceeds 20 allowed). Consider refactoring.
              Open

                      class Modules
              
                        include Msf::Ui::Console::CommandDispatcher
                        include Msf::Ui::Console::CommandDispatcher::Common
              
              
              Severity: Major
              Found in lib/msf/ui/console/command_dispatcher/modules.rb - About 1 day to fix

                File packet.rb has 624 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                require 'openssl'
                require 'rex/post/meterpreter/command_mapper'
                
                module Rex
                module Post
                Severity: Major
                Found in lib/rex/post/meterpreter/packet.rb - About 1 day to fix

                  Identical blocks of code found in 2 locations. Consider refactoring.
                  Open

                          if self.__noOutput is False:
                              smbConnection = SMBConnection(addr, addr)
                              if self.__doKerberos is False:
                                  smbConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
                              else:
                  Severity: Major
                  Found in modules/auxiliary/scanner/smb/impacket/dcomexec.py and 1 other location - About 1 day to fix
                  modules/auxiliary/scanner/smb/impacket/wmiexec.py on lines 78..94

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 157.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Identical blocks of code found in 2 locations. Consider refactoring.
                  Open

                              try:
                                  smbConnection = SMBConnection(addr, addr)
                                  if self.__doKerberos is False:
                                      smbConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
                                  else:
                  Severity: Major
                  Found in modules/auxiliary/scanner/smb/impacket/wmiexec.py and 1 other location - About 1 day to fix
                  modules/auxiliary/scanner/smb/impacket/dcomexec.py on lines 104..120

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 157.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  File oraenum.rb has 621 lines of code (exceeds 250 allowed). Consider refactoring.
                  Open

                  class MetasploitModule < Msf::Auxiliary
                    include Msf::Auxiliary::Report
                    include Msf::Exploit::ORACLE
                  
                    def initialize(info = {})
                  Severity: Major
                  Found in modules/auxiliary/admin/oracle/oraenum.rb - About 1 day to fix

                    Method exploit has 272 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def exploit
                        if !datastore['ForceExploit'] && is_root?
                          fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')
                        end
                    
                    
                    Severity: Major
                    Found in modules/exploits/linux/local/sock_sendpage.rb - About 1 day to fix

                      File whatsupgold_credential_dump.rb has 614 lines of code (exceeds 250 allowed). Consider refactoring.
                      Open

                      require 'metasploit/framework/credential_collection'
                      
                      class MetasploitModule < Msf::Post
                        include Msf::Post::Common
                        include Msf::Post::File

                        Method apply_prepends has 267 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def apply_prepends(buf)
                            pre = ''
                            app = ''
                        
                            test_arch = [ *(self.arch) ]
                        Severity: Major
                        Found in lib/msf/core/payload/linux.rb - About 1 day to fix
                          Severity
                          Category
                          Status
                          Source
                          Language