HTTP Fetch, Windows Upload/Execute, Reverse TCP Stager (IPv6)

Fetch and execute an x86 payload from an HTTP server. Uploads an executable and runs it staged. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/http/x86/upexec/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTIO...

HTTP Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an HTTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/patchupmeterpreter/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf...

HTTP Fetch, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/patchupmeterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set...

HTTP Fetch, Windows shellcode stage, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/http/x86/custom/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf...

HTTP Fetch, Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/custom/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf...

HTTP Fetch, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/dllinject/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf payloadreversetcprc4dns show options...

HTTP Fetch, Bind IPv6 TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Listen for an IPv6 connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/dllinject/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...show...

HTTP Fetch, Windows shellcode stage, Reverse UDP Stager with UUID Support

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/http/x86/custom/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION msf payloadreverseud...

HTTP Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an HTTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/dllinject/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf payloadreversetcpallports...

HTTP Fetch, DNS TXT Record Payload Download and Execution

Fetch and execute an x86 payload from an HTTP server. Performs a TXT query against a series of DNS records and executes the returned x86 shellcode. The DNSZONE option is used as the base name to iterate over. The payload will first request the TXT contents of the a hostname, followed by b, then c...

HTTP Fetch, Windows Reverse HTTP Stager (wininet)

Fetch and execute an x86 payload from an HTTP server. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/http/x86/dllinject/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show options...

HTTP Fetch, Bind TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTP server. Listen for a connection No NX Module Options msf use payload/cmd/windows/http/x86/dllinject/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and set...

HTTP Fetch, Reverse TCP Stager (IPv6)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/http/x86/dllinject/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf payloadreverseipv6tcp show option...

HTTP Fetch, Windows shellcode stage, Windows Reverse HTTPS Stager (wininet)

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Tunnel communication over HTTPS Windows wininet Module Options msf use payload/cmd/windows/http/x86/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf...

GHSA-WXJX-R2J2-96FX AVideo: Full-Read SSRF Through Unvalidated statsURL Parameter in plugin/Live/test.php

Summary The plugin/Live/test.php endpoint accepts a URL via the statsURL parameter and fetches it server-side using filegetcontents, curlexec, or wget, returning the full response content in the HTML output. The only validation is a trivial regex /^http/ that does not block requests to...

PT-2026-26400

Summary isPrivateIpv4 in bundled SSRF guard code missed several IPv4 special-use/non-global ranges, so web fetch could allow targets that should be blocked by SSRF policy. Affected Packages / Versions - Package: openclaw npm - Latest published affected version: 2026.2.21-2 published 2026-02-21 -...

CVE-2026-27730

esm.sh (a no-build CDN for web development) versions up to and including 137 contain an SSRF (CWE-918) in the /http(s) fetch route. The service validates against localhost/internal targets using hostname string checks, which can be bypassed with DNS alias domains, allowing an external requester t...

HTTP Fetch, Linux Chmod

Fetch and execute an RISC-V 32-bit payload from an HTTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/http/riscv32le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...

HTTP Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an RISC-V 32-bit payload from an HTTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/http/riscv32le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show...

HTTPS Fetch, Linux Chmod

Fetch and execute an RISC-V 64-bit payload from an HTTPS server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/https/riscv64le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and s...