Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 21,960 of 21,960 total issues

Method exploit has 101 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def exploit
    # Generate the ASP containing the EXE containing the payload
    exe  = generate_payload_exe
    asp  = Msf::Util::EXE.to_exe_asp(exe)
    path = datastore['PATH'].gsub('%RAND%', rand(0x10000000).to_s)
Severity: Major
Found in modules/exploits/windows/iis/iis_webdav_upload_asp.rb - About 4 hrs to fix

    Method initialize has 101 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow',
      'Description'    => %q{
          This module exploits a vulnerability found in the AutoVue.ocx ActiveX control.
    Severity: Major
    Found in modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb - About 4 hrs to fix

      File ie_sandbox_findfiles.rb has 334 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::HttpServer::HTML

  def initialize(info={})
    super(update_info(info,
      Severity: Minor
      Found in modules/auxiliary/gather/ie_sandbox_findfiles.rb - About 4 hrs to fix

        File adobe_flashplayer_button.rb has 334 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        require 'zlib'

class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking
        Severity: Minor
        Found in modules/exploits/windows/fileformat/adobe_flashplayer_button.rb - About 4 hrs to fix

          File netfilter_priv_esc_ipv4.rb has 334 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          class MetasploitModule < Msf::Exploit::Local
  Rank = GoodRanking

  include Msf::Post::File
  include Msf::Post::Linux::Kernel
          Severity: Minor
          Found in modules/exploits/linux/local/netfilter_priv_esc_ipv4.rb - About 4 hrs to fix

            File krb5_ccache_presenter.rb has 334 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            require 'base64'
require 'rex/proto/kerberos/pac/krb5_pac'

module Rex::Proto::Kerberos::CredentialCache
  class Krb5CcachePresenter
            Severity: Minor
            Found in lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter.rb - About 4 hrs to fix

              File payload.rb has 334 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              require 'metasm'

module Msf

###
              Severity: Minor
              Found in lib/msf/core/payload.rb - About 4 hrs to fix

                Class MetasploitModule has 32 methods (exceeds 20 allowed). Consider refactoring.
                Open

                class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::SMB::Client::Authenticated
  include Msf::Auxiliary::Report
  include Msf::Util::WindowsRegistry
  include Msf::Util::WindowsCryptoHelpers
                Severity: Minor
                Found in modules/auxiliary/gather/windows_secrets_dump.rb - About 4 hrs to fix

                  Consider simplifying this complex logical expression.
                  Open

                        if hash.nil? || hash.empty? ||
         (hash.start_with?(/{crypt}/i) && hash.length < 10) ||
         hash.start_with?('*****') ||
         hash.start_with?(/yyyyyy/i) ||
         hash == '*' ||
                  Severity: Critical
                  Found in modules/auxiliary/gather/ldap_hashdump.rb - About 4 hrs to fix

                    Method run has 100 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def run

    yamlconf = load_yaml_conf

    fileto               = yamlconf['to']
                    Severity: Major
                    Found in modules/auxiliary/client/smtp/emailer.rb - About 4 hrs to fix

                      Method run_host has 100 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def run_host(ip)
    uri = target_uri.path
    peer = "#{ip}:#{rport}"

    vprint_status("Retrieving cookie")
                      Severity: Major
                      Found in modules/auxiliary/scanner/http/support_center_plus_directory_traversal.rb - About 4 hrs to fix

                        Method run_host has 100 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def run_host(ip)
    conn = true
    ecode = nil
    emesg = nil
                        Severity: Major
                        Found in modules/auxiliary/scanner/http/dir_scanner.rb - About 4 hrs to fix

                          Method initialize has 100 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'SSH Username Enumeration',
                          Severity: Major
                          Found in modules/auxiliary/scanner/ssh/ssh_enumusers.rb - About 4 hrs to fix

                            Method generate has 100 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def generate(opts={})
    cmd             = datastore['CMD'] || ''
    nullfreeversion = datastore['NullFreeVersion']

    if cmd.empty?
                            Severity: Major
                            Found in modules/payloads/singles/linux/x64/exec.rb - About 4 hrs to fix

                              Method exploit has 100 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def exploit
    # Forge the payload
    name = ".#{Rex::Text.rand_text_alpha(4)}"
    files =
      [
                              Severity: Major
                              Found in modules/exploits/multi/http/baldr_upload_exec.rb - About 4 hrs to fix

                                Method get_phpinfo has 100 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def get_phpinfo
    # uses the Magento_Framework_DB_Transaction class
    serialize =  'O:13:\"Credis_Client\":22:{'
    serialize << 's:8:\"\u0000*\u0000redis\";'
    serialize << 'O:45:\"Magento\\\Sales\\\Model\\\Order\\\Payment\\\Transaction\":40:{'
                                Severity: Major
                                Found in modules/exploits/multi/http/magento_unserialize.rb - About 4 hrs to fix

                                  Method initialize has 100 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Gogs Git Hooks Remote Code Execution',
                                  Severity: Major
                                  Found in modules/exploits/multi/http/gogs_git_hooks_rce.rb - About 4 hrs to fix

                                    Class Shares has 32 methods (exceeds 20 allowed). Consider refactoring.
                                    Open

                                            class Console::CommandDispatcher::Shares

          include Rex::Post::SMB::Ui::Console::CommandDispatcher

          #
                                    Severity: Minor
                                    Found in lib/rex/post/smb/ui/console/command_dispatcher/shares.rb - About 4 hrs to fix

                                      Class Protocol has 32 methods (exceeds 20 allowed). Consider refactoring.
                                      Open

                                        class Protocol

    VERSION = 10
    MAX_PACKET_LENGTH = 2**24-1
                                      Severity: Minor
                                      Found in lib/rbmysql/protocol.rb - About 4 hrs to fix

                                        Class ClientCore has 32 methods (exceeds 20 allowed). Consider refactoring.
                                        Open

                                        class ClientCore < Extension

  METERPRETER_TRANSPORT_TCP   = 0
  METERPRETER_TRANSPORT_HTTP  = 1
  METERPRETER_TRANSPORT_HTTPS = 2
                                        Severity: Minor
                                        Found in lib/rex/post/meterpreter/client_core.rb - About 4 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language