rapid7/metasploit-framework

View on GitHub

Showing 21,886 of 21,886 total issues

Method on_request_uri has 303 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def on_request_uri(cli, request)
    if request.uri =~ %r{/screenshot$}
      data = ''
      if supports_espia?(session)
        data = session.espia.espia_image_get_dev_screen
Severity: Major
Found in modules/post/multi/manage/screenshare.rb - About 1 day to fix

    Method run has a Cognitive Complexity of 76 (exceeds 5 allowed). Consider refactoring.
    Open

      def run
        def check_results(passwords, results, hash_type, method)
          passwords.each do |password_line|
            password_line.chomp!
            next if password_line.blank?
    Severity: Minor
    Found in modules/auxiliary/analyze/crack_mobile.rb - About 1 day to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method vuln_version? has a Cognitive Complexity of 76 (exceeds 5 allowed). Consider refactoring.
    Open

      def vuln_version?(res)
        # checks the model, firmware and hardware version
        @d_link = { 'product' => nil, 'firmware' => nil, 'hardware' => nil, 'arch' => nil }
        html = Nokogiri.HTML(res.body, nil, 'UTF-8')
    
    
    Severity: Minor
    Found in modules/exploits/linux/upnp/dlink_upnp_msearch_exec.rb - About 1 day to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

    module Payload::Windows::BindNamedPipe
    
      include Msf::Payload::TransportConfig
      include Msf::Payload::Windows
      include Msf::Payload::Windows::SendUUID
    Severity: Major
    Found in lib/msf/core/payload/windows/bind_named_pipe.rb and 1 other location - About 1 day to fix
    lib/msf/core/payload/windows/x64/bind_named_pipe_x64.rb on lines 10..353

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 374.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

    module Payload::Windows::BindNamedPipe_x64
    
      include Msf::Payload::TransportConfig
      include Msf::Payload::Windows
      include Msf::Payload::Windows::SendUUID_x64
    Severity: Major
    Found in lib/msf/core/payload/windows/x64/bind_named_pipe_x64.rb and 1 other location - About 1 day to fix
    lib/msf/core/payload/windows/bind_named_pipe.rb on lines 10..338

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 374.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    File openssl_heartbleed.rb has 659 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    class MetasploitModule < Msf::Auxiliary
      include Msf::Exploit::Remote::Tcp
      include Msf::Auxiliary::Scanner
      include Msf::Auxiliary::Report
    
    
    Severity: Major
    Found in modules/auxiliary/scanner/ssl/openssl_heartbleed.rb - About 1 day to fix

      Method exploit has a Cognitive Complexity of 74 (exceeds 5 allowed). Consider refactoring.
      Open

        def exploit
          # Display start time
          time1 = Time.new
          print_status("-------------------------------------------------")
          print_status("Start time : #{time1.inspect}")
      Severity: Minor
      Found in modules/exploits/windows/mssql/mssql_linkcrawler.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      File ms_dtyp.rb has 656 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      require 'bindata'
      require 'ruby_smb'
      require 'rex/proto/secauthz/well_known_sids'
      
      module Rex::Proto::MsDtyp
      Severity: Major
      Found in lib/rex/proto/ms_dtyp.rb - About 1 day to fix

        File resolver.rb has 654 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        require 'socket'
        require 'timeout'
        require 'ipaddr'
        require 'logger'
        require 'net/dns/packet'
        Severity: Major
        Found in lib/net/dns/resolver.rb - About 1 day to fix

          File opennms_horizon_authenticated_rce.rb has 651 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          class MetasploitModule < Msf::Exploit::Remote
            Rank = ExcellentRanking
          
            include Msf::Exploit::Remote::HttpClient
            prepend Msf::Exploit::Remote::AutoCheck
          Severity: Major
          Found in modules/exploits/linux/http/opennms_horizon_authenticated_rce.rb - About 1 day to fix

            Method check_lines has a Cognitive Complexity of 73 (exceeds 5 allowed). Consider refactoring.
            Open

              def check_lines
                url_ok     = true
                no_stdio   = true
                in_comment = false
                in_literal = false
            Severity: Minor
            Found in tools/dev/msftidy.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            File glassfish_deployer.rb has 647 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            require 'nokogiri'
            require 'metasploit/framework/login_scanner/glassfish'
            require 'metasploit/framework/credential_collection'
            
            class MetasploitModule < Msf::Exploit::Remote
            Severity: Major
            Found in modules/exploits/multi/http/glassfish_deployer.rb - About 1 day to fix

              Class Exploit has 77 methods (exceeds 20 allowed). Consider refactoring.
              Open

              class Exploit < Msf::Module
              
              ##
                # Exceptions
                ##
              Severity: Major
              Found in lib/msf/core/exploit.rb - About 1 day to fix

                File thycotic_secretserver_dump.rb has 644 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                require 'metasploit/framework/credential_collection'
                
                class MetasploitModule < Msf::Post
                  include Msf::Post::Common
                  include Msf::Post::File
                Severity: Major
                Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 1 day to fix

                  Method run has a Cognitive Complexity of 72 (exceeds 5 allowed). Consider refactoring.
                  Open

                    def run
                      # we have to overload the process_cracker_results from password_cracker.rb since LANMAN
                      # is a special case where we may need to do some combining
                      def process_cracker_results(results, cred)
                        return results if cred['core_id'].nil? # make sure we have good data
                  Severity: Minor
                  Found in modules/auxiliary/analyze/crack_windows.rb - About 1 day to fix

                  Cognitive Complexity

                  Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                  A method's cognitive complexity is based on a few simple rules:

                  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                  • Code is considered more complex for each "break in the linear flow of the code"
                  • Code is considered more complex when "flow breaking structures are nested"

                  Further reading

                  Method run_host has a Cognitive Complexity of 72 (exceeds 5 allowed). Consider refactoring.
                  Open

                    def run_host(ip)
                  
                      #
                      # Max string len
                      #
                  Severity: Minor
                  Found in modules/auxiliary/scanner/http/xpath.rb - About 1 day to fix

                  Cognitive Complexity

                  Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                  A method's cognitive complexity is based on a few simple rules:

                  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                  • Code is considered more complex for each "break in the linear flow of the code"
                  • Code is considered more complex when "flow breaking structures are nested"

                  Further reading

                  Similar blocks of code found in 2 locations. Consider refactoring.
                  Open

                          elif decodedTGS['ticket']['enc-part']['etype'] == constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value:
                              entry = '$krb5tgs$%d$%s$%s$*%s*$%s$%s' % (
                                  constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value, username, decodedTGS['ticket']['realm'],
                                  spn.replace(':', '~'),
                                  hexlify(decodedTGS['ticket']['enc-part']['cipher'][-12:].asOctets()).decode(),
                  Severity: Major
                  Found in modules/auxiliary/gather/get_user_spns.py and 1 other location - About 1 day to fix
                  modules/auxiliary/gather/get_user_spns.py on lines 210..219

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 163.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Similar blocks of code found in 2 locations. Consider refactoring.
                  Open

                          elif decodedTGS['ticket']['enc-part']['etype'] == constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value:
                              entry = '$krb5tgs$%d$%s$%s$*%s*$%s$%s' % (
                                  constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value, username, decodedTGS['ticket']['realm'],
                                  spn.replace(':', '~'),
                                  hexlify(decodedTGS['ticket']['enc-part']['cipher'][-12:].asOctets()).decode(),
                  Severity: Major
                  Found in modules/auxiliary/gather/get_user_spns.py and 1 other location - About 1 day to fix
                  modules/auxiliary/gather/get_user_spns.py on lines 220..229

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 163.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Method generate has 285 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def generate(_opts = {})
                  
                      target_uri = datastore['URL'] || ""
                      filename = datastore['EXE'] || ""
                      proto = "https"
                  Severity: Major
                  Found in modules/payloads/singles/windows/download_exec.rb - About 1 day to fix

                    File client.rb has 639 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    require 'rex/encoder/ndr'
                    require 'recog'
                    
                    module Msf
                      module Exploit::Remote::SMB
                    Severity: Major
                    Found in lib/msf/core/exploit/remote/smb/client.rb - About 1 day to fix
                      Severity
                      Category
                      Status
                      Source
                      Language