1350 matches found
Windows shellcode stage, Windows x64 Reverse TCP Stager
Custom shellcode stage. Connect back to the attacker Windows x64 Module Options msf use payload/windows/x64/custom/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options... msf payloadreversetcp run...
Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet)
Custom shellcode stage. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/windows/x64/custom/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show options ...show and set options... msf...
Metasploit Weekly Wrap-Up
SAMR Auxiliary Module A new SAMR auxiliary module has been added that allows users to add, lookup, and delete computer accounts from an AD domain. This should be useful for pentesters on engagements who need to create an AD account to gain an initial foothold into the domain for lateral movement...
Polkit pkexec Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Local Privilege Escalation in polkits pkexec', 'Description' = %q A bug exists in the polkit pkexec binary in how it processes arguments. If the...
CVE-2019-12928
creationtimestamp| type| source ---|---|--- 2022-02-07 22:01:55+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/qemumonitorhmpmigratecmdexec.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...
Exploit for CVE-2017-17562
GoAhead Web Server 2.5 use multi/handler msf6 exploitmulti/h...
CVE-2021-4374
creationtimestamp| type| source ---|---|--- 2021-11-05 12:13:45+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/wpautomaticpluginprivesc.rb 2025-10-23 21:12:59+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7 2026-03-19 00:00:00+00:00|...
Exploit for Path Traversal in Microsoft
CVE-2021-40444-POC An attempt to reproduce Microsoft MSHTML Re...
REW-sploit - Emulate And Dissect MSF And *Other* Attacks
REW-sploit The tool has been presented at Black-Hat Arsenal USA 2021 https://www.blackhat.com/us-21/arsenal/schedule/index.htmlrew-sploit-dissecting-metasploit-attacks-24086 Slides of presentation are available at https://github.com/REW-sploit/REW-sploitdocs Need help in analyzing Windows shellco...
purple-team-attack-automation
This is an offensive tool for Metasploit Framework. The tool is designed to automate the process of exploiting vulnerabilities in various systems. It is likely used for penetration testing and vulnerability assessment purposes. The tool is written in Ruby and utilizes the Metasploit Framework,...
Metasploit Wrap-Up
Dell DBUtil23.sys IOCTL memmove privilege escalation Our very own zeroSteiner added a new module, which exploits insufficient access control in Dell's dbutil23.sys firmware update driver included in the Dell Bios Utility that comes pre-installed with most Windows machines. The driver accepts...
Microsoft Windows TokenMagic Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Privilege Escalation via TokenMagic UAC Bypass', 'Description' = %q This module leverages a UAC bypass TokenMagic in order to spawn a...
Pystinger - Bypass Firewall For Traffic Forwarding Using Webshell
Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework, viper, cobalt strike for session online. Pystinger is developed in python, and currently supports three proxy scripts: php, jspx and aspx. Usage Suppose the domain name of the serv...
MeterPwrShell - Automated Tool That Generate The Perfect Powershell Payload
Automated Tool That Generate A Powershell Oneliner That Can Create Meterpreter Shell On Metasploit,Bypass AMSI,Bypass Firewall,Bypass UAC,And Bypass Any AVs. This tool is powered by Metasploit-Framework and amsi.fail Notes NEVER UPLOAD THE PAYLOAD THAT GENERATED BY THIS PROGRAM TO ANY ONLINE...
Rapid7 Metasploit Framework Code Issue Vulnerability
Rapid7 Metasploit Framework is a penetration testing framework from the US company Rapid7. The Metasploit Framework suffers from a code issue vulnerability that stems from the fact that a user would inadvertently expose the deserialization of Metasploit, which is the issue exploited by this modul...
Rapid7 Metasploit Framework 代码问题漏洞
Rapid7 Metasploit Framework is a penetration testing framework from the US company Rapid7. The Metasploit Framework suffers from a code issue vulnerability that stems from the fact that a user would inadvertently expose the deserialization of Metasploit, which is the issue exploited by this modul...
Exploit for Incorrect Authorization in Theforeman Smart_Proxy_Salt
This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The repository contains various modules for exploiting vulnerabilities in different software and systems, including Windows, Linux, an...
metasploit-framework
This is a Metasploit Framework repository. The Metasploit Framework is an open-source penetration testing platform that provides a comprehensive set of tools for identifying and exploiting vulnerabilities in computer systems and applications. The framework is written in Ruby and provides a modula...
CVE-2020-7384
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine...
Cooolis-ms - A Server That Supports The Metasploit Framework RPC
Cooolis-ms is a server that supports Metasploit Framework RPC. It is used to work for Shellcode and PE loader, bypassing the static detection of anti-virus software to a certain extent, and allows the Cooolis-ms server to perform with the Metasploit server separate. Loader execution process: 1...