📄 OpenBabel 3.1.1 Parsing Issues

This Metasploit auxiliary module generates specially crafted proof of concept files targeting potential parsing vulnerabilities in OpenBabel version 3.1.1 such as NULL pointer dereference and out-of-bounds read conditions...

📄 SPIP Saisies 5.11.0 Remote Code Execution

This Metasploit module exploits a PHP code injection vulnerability in the Saisies plugin for SPIP. The vulnerability allows an attacker to inject and execute arbitrary PHP code through the vulnerable parameter anciennesvaleurs. Versions 5.4.0 through 5.11.0 are affected...

Regular Expression Denial of Service (ReDoS) Detector

This Metasploit auxiliary module implements a scientific approach to detecting and validating ReDoS vulnerabilities in HTTP-based applications. It leverages context-aware payload generation, length progression testing, and statistical analysis to identify inefficient regular expressions that may...

📄 Xerte Online Toolkits 3.14 Upload Image Shell Upload

This Metasploit module exploits the user template file import functions unrestricted file upload in Xerte Online Toolkits versions 3.14 and earlier to upload and execute a shell. This targets editor/uploadImage.php. This has only been tested in implementations where the authentication type is Db...

Windows Registry Run Persistence

This Metasploit module is a Windows persistence module designed to maintain access to a compromised system after a successful exploitation and an active Meterpreter session has been obtained...

FreePBX endpoint SQLi to RCE

FreePBX is an open-source IP PBX management tool that provides a modern phone system for businesses that use VoIP to make and receive phone calls. Versions before 16.0.44 and 17.0.23 are vulnerable to CVE-2025-66039, while versions before 16.0.92 and 17.0.6 are vulnerable to CVE-2025-61675. The...

CVE-2025-34442

creationtimestamp| type| source ---|---|--- 2026-01-15 23:54:26+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/avideonotifyffmpegunauthrce.rb 2026-01-16 21:03:03+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mckypdx2ay22...

TFTP Fetch, Linux Chmod

Fetch and execute an AARCH64 payload from a TFTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/tftp/aarch64/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options...

udev Persistence

This module will add a script in /lib/udev/rules.d/ in order to execute a payload written on disk. It'll be executed with root privileges everytime a network interface other than l0 comes up. Execution is triggered through at command, so it must be installed on the target. Module Options msf use...

Accessibility Features Persistence Via Debugger Registry Key

This Metasploit module makes it possible to apply the sticky keys hack to a session with appropriate rights. The hack provides a means to get a SYSTEM shell using UI-level interaction at an RDP login screen or via a UAC confirmation dialog. The module modifies the Debug registry setting for certa...

📄 Prison Management System 1.0 Shell Upload

This Metasploit module exploits an unrestricted file upload vulnerability in Prison Management System version 1.0. An authenticated user can upload a PHP file with arbitrary content by abusing the avatar upload functionality in the add-admin.php endpoint. The application fails to properly validat...

Linux Command Shell, Bind TCP Inline

Listen for a connection and spawn a command shell Module Options msf use payload/linux/riscv64le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show and set options... msf payloadshellbindtcp run This modu...

HTTP Fetch, Linux Chmod

Fetch and execute an RISC-V 32-bit payload from an HTTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/http/riscv32le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...

Exploit for Path Traversal in Huawei Hg255S-10_Firmware

Huawei HG255 Directory Traversal Exploit CVE-2017-17309 Thi...

📄 Backdoor.Win32.Poison.jh Remote File Hijack

This code represents an educational Metasploit module concept that demonstrates how insecure file permissions created Backdoor.Win32.Poison.jh could be abused to achieve code execution. The scenario assumes that the malware drops an executable file inside a protected Windows directory SysWOW64 wi...

HTTPS Fetch, Linux Command Shell, Find Port Inline

Fetch and execute an MIPSLE payload from an HTTPS server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/https/ppc/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...sh...

HTTP Fetch, Linux Command Shell, Find Port Inline

Fetch and execute an PPC payload from an HTTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/http/ppc/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show an...

📄 Microsoft Windows 11 Search Path Privilege Escalation

Microsoft Windows 11 suffers from an untrusted search path local privilege escalation vulnerability. Proof of concept Metasploit module included. ============================================================================================================================================= | Title :...

Linux Command Shell, Reverse TCP Inline

Connect back to attacker and spawn a command shell. Module Options msf use payload/linux/riscv32le/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show options ...show and set options... msf...

📄 Confluence 8.x Privilege Escalation

Metasploit module proof of concept exploit that demonstrates an authentication bypass vulnerability Confluence version 8.x. ============================================================================================================================================= | Title : Confluence 8.x...