Apache NiFi Credentials Gather

This module will grab Apache NiFi credentials from various files on Linux. Module Options msf use post/linux/gather/apachenificredentials msf postapachenificredentials show actions ...actions... msf postapachenificredentials set ACTION msf postapachenificredentials show options ...show and set...

Citrix ADC (NetScaler) Bleed Scanner

This module scans for a vulnerability that allows a remote, unauthenticated attacker to leak memory for a target Citrix ADC server. The leaked memory is then scanned for session cookies which can be hijacked if found. Module Options msf use auxiliary/scanner/http/citrixbleedcve20234966 msf...

CVE-2020-7012

creationtimestamp| type| source ---|---|--- 2023-10-06 21:55:04+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/kibanaupgradeassistanttelemetryrce.rb 2025-10-23 21:12:59+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

TOTOLINK Wireless Routers Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'TOTOLINK Wireless Routers unauthenticated remote command execution vulnerability.', 'Description' = %q Multiple TOTOLINK...

Ivanti Sentry Authentication Bypass / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Sentry MICSLogService Auth Bypass resulting in RCE CVE-2023-38035', 'Description' = %q This module exploits an authentication bypass in...

Exploit for Classic Buffer Overflow in Cisco Pix_Firewall_Software

This is a PoC exploit for CVE-2016-6366, a remote code execution vulnerability in Cisco ASA. The repository contains improvements to the EXTRABACON exploit, which was written by the Equation Group NSA and leaked by the Shadow Brokers. The exploit targets various versions of Cisco ASA, including 8...

CVE-2023-38035

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. Recent assessments: jheysel-r7 at...

H2 Database Web Interface Create Alias Remote Code Execution Exploit

The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...

Microsoft Azure Subdomain Scanner / Enumerator

Background: Microsoft makes use of a number of different domains and subdomains for each of their Azure services. From SQL databases to SharePoint drives, each service maps to its respective domain/subdomain, and with the proper toolset, these can be identified through DNS enumeration to yield...

pfSense v2.7.0 - OS Command Injection Exploit

Exploit Title: pfSense v2.7.0 - OS Command Injection Exploit Author: Emir Polat CVE-ID : CVE-2023-27253 class MetasploitModule 'pfSense Restore RRD Data Command Injection', 'Description' = %q This module exploits an authenticated command injection vulnerabilty in the "restorerrddata" function of...

Openfire Authentication Bypass / Remote Code Execution Exploit

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

HTTPS Fetch, Linux Command Shell, Bind TCP Random Port Inline

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options msf use payload/cmd/linux/https/x86/shellbindtcprandomport msf payloadshellbindtcprandomport show...

HTTP Fetch, Linux Command Shell, Find Port Inline

Fetch and execute a x86 payload from an HTTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/http/x86/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show and...

HTTPS Fetch, Linux Command Shell, Reverse TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x64/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show option...

HTTP Fetch, Linux Command Shell, Bind TCP Random Port Inline

Fetch and execute an x64 payload from an HTTP server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options msf use payload/cmd/linux/http/x64/shellbindtcprandomport msf payloadshellbindtcprandomport show...

CVE-2023-28458

creationtimestamp| type| source ---|---|--- 2023-04-21 00:31:05+00:00| seen| https://t.me/cibsecurity/62560 2025-08-27 20:55:20+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pretalxrcecve202328458.rb 2025-10-23 21:13:01+00:00| seen|...

VMware Workspace ONE Access Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-22960', 'Description' = %q This module exploits CVE-2022-22960 which allows the user to overwrite the...

Monitorr 1.7.6m / 1.7.7d Remote Code Execution Exploit

This Metasploit module exploits an arbitrary file upload vulnerability and achieves remote code execution in the Monitorr application. Using a specially crafted request, custom PHP code can be uploaded and injected through endpoint upload.php because of missing input validation. Any user privileg...

Open Web Analytics 1.7.3 Remote Code Execution

class MetasploitModule 'Open Web Analytics 1.7.3 - Remote Code Execution RCE', 'Description' = %q Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs...

Bitbucket Environment Variable Remote Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitbucket Environment Variable RCE', 'Description' = %q For various versions of Bitbucket, there is an authenticated command injection...