📄 MCPJam 1.4.2 Command Injection

This Metasploit exploit module targets the MCP Model Context Protocol server, specifically exploiting a command injection vulnerability in the /api/mcp/connect endpoint. The vulnerability allows unauthorized remote command execution by sending crafted JSON payloads that are executed by the server...

Context-Aware Offensive Intelligence (CAOI)

This research introduces a new class of post-exploitation intelligence modules for the Metasploit Framework. Unlike traditional modules, these components do not exploit vulnerabilities, escalate privileges, or modify target systems. The modules operate as a contextual intelligence layer that...

Samba-smbd-3.x-4.x-Exploitation-using-Metasploit

Samba smbd 3.x–4.x Exploitation using Metasploit Project...

SploitGPT

🤖 SploitGPT - Your Penetration Testing Companion 🚀 Getting...

📄 Metasploit Web Delivery PHP Proof of Concept

This project presents an advanced proof of concept that emulates the behavior of Metasploit's multi/script/webdelivery module using PHP. The goal is to demonstrate how script-based payload delivery works in a modular and extensible way, without relying directly on Metasploit. The script launches ...

CVE-2025-34442

creationtimestamp| type| source ---|---|--- 2026-01-15 23:54:26+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/avideonotifyffmpegunauthrce.rb 2026-01-16 21:03:03+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mckypdx2ay22...

Linux Chmod

Runs chmod on the specified file with specified mode. Module Options msf use payload/linux/aarch64/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options... msf payloadchmod run This module requires Metasploit:...

TFTP Fetch, Linux Chmod

Fetch and execute an AARCH64 payload from a TFTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/tftp/aarch64/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options...

udev Persistence

This module will add a script in /lib/udev/rules.d/ in order to execute a payload written on disk. It'll be executed with root privileges everytime a network interface other than l0 comes up. Execution is triggered through at command, so it must be installed on the target. Module Options msf use...

CVE-2020-7384

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine...

Accessibility Features Persistence Via Debugger Registry Key

This Metasploit module makes it possible to apply the sticky keys hack to a session with appropriate rights. The hack provides a means to get a SYSTEM shell using UI-level interaction at an RDP login screen or via a UAC confirmation dialog. The module modifies the Debug registry setting for certa...

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

SploitGPT An autonomous AI penetration testing agent that con...

📄 Prison Management System 1.0 Shell Upload

This Metasploit module exploits an unrestricted file upload vulnerability in Prison Management System version 1.0. An authenticated user can upload a PHP file with arbitrary content by abusing the avatar upload functionality in the add-admin.php endpoint. The application fails to properly validat...

Linux Command Shell, Bind TCP Inline

Listen for a connection and spawn a command shell Module Options msf use payload/linux/riscv32le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show and set options... msf payloadshellbindtcp run This modu...

Linux Command Shell, Bind TCP Inline

Listen for a connection and spawn a command shell Module Options msf use payload/linux/riscv64le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show and set options... msf payloadshellbindtcp run This modu...

HTTP Fetch, Linux Chmod

Fetch and execute an RISC-V 32-bit payload from an HTTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/http/riscv32le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...

Exploit for Path Traversal in Huawei Hg255S-10_Firmware

Huawei HG255 Directory Traversal Exploit CVE-2017-17309 Thi...

VULNEXPO

🔥 VULNEXPO — Vulnerability Detection & Exploitation Framework...

📄 Backdoor.Win32.Poison.jh Remote File Hijack

This code represents an educational Metasploit module concept that demonstrates how insecure file permissions created Backdoor.Win32.Poison.jh could be abused to achieve code execution. The scenario assumes that the malware drops an executable file inside a protected Windows directory SysWOW64 wi...

CVE-2023-53959

FileZilla Client 3.63.1 is affected by a DLL hijacking flaw: an attacker can place a crafted TextShaping.dll in the application directory to achieve remote code execution when FileZilla is launched. The vulnerability stems from a missing/bad TextShaping.dll that can be replaced with a malicious p...