13537 matches found
metasploit-web-scanner-module
MSF Web Vulnerability Scanner Advanced Advanced Metasploit au...
HUSTOJ Zip-Slip v26.01.24 - RCE
Exploit Title: HUSTOJ Zip-Slip v26.01.24 - RCE Date: 2026-02-14 Exploit Author: Marshall Whittaker / oxagast Vendor Homepage: https://github.com/zhblue/hustoj Software Link: http://123.158.38.129:8090/livecd/HUSTOJ25.05.iso LiveCD, or see above git repo Version: Before v26.01.24 Tested on: Ubuntu...
chrome-exploit-simulator
Ethical Hacking — Simulateur Exploit Web Présentation Ce...
📄 Microsoft MMC (.MSC) File Execution Abuse Leading / Admin Creation
This Metasploit local Windows exploit module abuses the way Microsoft Management Console MMC processes specially crafted .msc files to achieve arbitrary PowerShell execution when a user opens the file. The payload is designed to create a new local administrator account or execute a custom command...
📄 NocoBase 2.0.27 Sandbox Escape / Remote Code Execution
This code is a Metasploit Auxiliary module designed to exploit a remote code execution vulnerability in NocoBase versions 2.0.27 and below. It targets a flaw in the server-side script execution engine flownodes that allows breaking out of the JavaScript sandbox...
📄 MISP 2.5.27 Workflow Engine Cross Site Scripting
This Metasploit auxiliary module targets a potential stored cross site scripting vulnerability in the MISP Workflow Engine. It is designed to interact with the MISP API, create workflows, and inject malicious payloads into workflow data fields...
📄 Dovecot passwd-file Path Traversal
This Metasploit auxiliary module targets a path traversal vulnerability in Dovecot's passwd-file authentication backend when per-domain configuration is enabled. ================================================================================================================================== |...
📄 Dovecot OTP Replay Attack
This Metasploit auxiliary module targets a vulnerability in Dovecot's OTP One-Time Password authentication system that allows potential replay attacks when authentication caching is enabled and username handling is improperly managed...
📄 Dovecot doveadm Timing Attack / Credential Extraction
This Metasploit auxiliary module performs a timing-based side-channel attack against the Dovecot doveadm HTTP interface to extract credentials character by character. ==================================================================================================================================...
📄 WebDAV PHP Upload
This Metasploit module exploits WebDAV which also has PHP enabled, such as found on XAMPP servers. It can use do by using any supplied credentials to upload via WebDAV, a PHP payload and then execute it. This module requires Metasploit: https://metasploit.com/download Current source:...
📄 Below Log File Symlink Privilege Escalation
This Metasploit module exploits a local privilege escalation vulnerability in the below utility when executed with sudo. This affects versions prior to 0.9.0. ================================================================================================================================== | Title...
📄 ASP.net 8.0.10 Core Kestrel HTTP Request Smuggling
This Metasploit auxiliary module targets a critical HTTP request smuggling vulnerability in ASP.NET Core Kestrel caused by improper parsing of malformed chunked transfer encoding notably LF-only line handling and case-variant headers like chUnKEd...
Exploit for CVE-2004-2687
The goal of this script NOT to use Metasplo...
📄 OpenEMR 8.0.0.2 Remote Code Execution
This Metasploit exploit module targets a potential remote code execution vulnerability in OpenEMR systems identified as CVE-2026-32238. The module combines authentication handling, HTTP request manipulation, and command injection capabilities to achieve remote command execution on vulnerable...
Metasploit Wrap-Up 04/17/2026
Happy Friday - Seven New Metasploit Modules We’re happy to announce that Metasploit Framework had a big week, landing seven new modules alongside various bug fixes and enhancements. This week’s highlights include RCE modules targeting AVideo, openDCIM, Selenium Grid/Selenoid, and ChurchCRM. On th...
runtime-exploit-guard
Container Exec - Python Script Reads attack-vuln-image-mappi...
Linux Chmod
Runs chmod on the specified file with specified mode. Module Options msf use payload/linux/loongarch64/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options... msf payloadchmod run frozenstringliteral: true This module...
Computer-Security
Computer Security Labs Hands-on security engineering labs cov...
Exploiting-FTP-Service-Port-21-on-Metasploitable2
Exploiting-FTP-Service-Port-21-on-Metasploitable2 1. Objective...
CVE-2026-5463
Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...