21 matches found
metasploit-framework
This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The repository contains various modules and tools for exploiting vulnerabilities and conducting penetration testing. The primary...
metasploit-framework
This repository is an offensive tool for Metasploit Framework. It is a collection of files and workflows used to build and test the Metasploit Framework, a penetration testing tool. The repository contains various templates for reporting issues, suggesting new features, and submitting pull...
Metasploit Wrap-Up 04/25/2025
AD CS workflow improvement with new PKCS12 features Given the increasing popularity of AD CS misconfiguration exploitation in recent years, Metasploit has been consistently improving its capabilities in this area. This week’s release introduces a new certs command to the msfconsole, enabling user...
Metasploit Weekly Wrap-Up
Roxy-WI Unauthenticated RCE This week, community member Nuri Çilengir added an unauthenticated RCE for Roxy-WI. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers. The vulnerability can be triggered by a specially crafted POST request to a Python script where the ipbackend...
Metasploit Wrap-Up
Dump Windows secrets from Active Directory This week, our very own Christophe De La Fuente added an important update to the existing Windows Secret Dump module. It is now able to dump secrets from Active Directory, which will be very useful for Metasploit users. This new feature uses the Director...
Viper - Intranet Pentesting Tool With Webui
Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration Viper integrates basic functions such as bypass anti-virus software, intranet tunnel, file management, command line and so on Viper ha...
Exploit for Server-Side Request Forgery in Microsoft
ProxyLogon-CVE-2021-26855-metasploit CVE-2021-26855 proxyLogon...
Xitami Web Server 2.5 Remote Buffer Overflow
Exploit Title: Xitami Web Server 2.5 Remote Buffer Overflow SEH + Egghunter Date: May 4, 2019 Author: ElSoufiane Version: 2.5b4 Tested on: Windows Vista Ultimate Build 6000 and Windows XP SP3 Professional Discovered by: Krystian Kloskowski Set up a multi handler listener in MSFConsole then run...
Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)
Xitami Web Server 2.5 - Remote Buffer Overflow SEH + Egghunter Exploit Title: Xitami Web Server 2.5 Remote Buffer Overflow SEH + Egghunter Date: May 4, 2019 Author: ElSoufiane Version: 2.5b4 Tested on: Windows Vista Ultimate Build 6000 and Windows XP SP3 Professional Discovered by: Krystian...
Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter) Exploit
Exploit Title: Xitami Web Server 2.5 Remote Buffer Overflow SEH + Egghunter Author: ElSoufiane Version: 2.5b4 Tested on: Windows Vista Ultimate Build 6000 and Windows XP SP3 Professional Discovered by: Krystian Kloskowski Set up a multi handler listener in MSFConsole then run exploit...
Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)
Exploit Title: Xitami Web Server 2.5 Remote Buffer Overflow SEH + Egghunter Date: May 4, 2019 Author: ElSoufiane Version: 2.5b4 Tested on: Windows Vista Ultimate Build 6000 and Windows XP SP3 Professional Discovered by: Krystian Kloskowski Set up a multi handler listener in MSFConsole then run...
Mad-Metasploit - Metasploit Custom Modules, Plugins & Resource Scripts
Metasploit custom modules, plugins, resource script and.. awesome metasploit collection https://www.hahwul.com/p/mad-metasploit.html Awesome open awesome.md Add mad-metasploit to metasploit framework 1. config your metasploit-framework directory $ vim config/config.rb $metasploitpath =...
Metasploit msfd Remote Code Execution Via Browser
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Metasploit msfd Remote Code Execution via Browser', 'Description' = %q Metasploit's msfd-service makes it possible to get a msfconsole-like...
ezsploit - Linux Bash Script Automation For Metasploit
Command line script for automatingmetasploit functions: Checks for metasploit service and starts if not present Easily craft meterpreter reversetcp payloads for Windows, Linux, Android and Mac Start multiple meterpreter reversetcp listners Assistance with building basic persistence options and...
Backdooring Android APK: backdoor-apk
Backdooring Android APK backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without...
Remote msfconsole: msf-remote-console
Remote msfconsole A remote msfconsole written in Python 2.7 to connect to the msfrcpd server of metasploit. This tool gives you the ability to load modules permanently as daemon on your server like autopwn2. Although it gives you the ability to remotely use the msfrpcd server it is recommended to...
XSSER - From XSS to RCE
From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016 Demo Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZO40vP-eKsgf Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj Requirements Python 2.7., version 2.7.11 was used for...
From XSS to RCE: XSSer
From XSS to RCE This demonstrates how an attacker can utilize XSS to execute arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload. Custom tools and payloads integrated with Metasploit’s Meterpreter in a highly automated approach will be...
Metasploit Web UI Diagnostic Console Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Metasploit Web UI Diagnostic Console Command Execution', 'Description' = %q This module exploits the "diagnostic console" featu...
Chuckle - An Automated SMB Relay Script
Chuckle is an automated SMB Relay Script. Chuckle requires a few tools to work: SMBRelayX.py Veil latest version from git Responder Chuckle will detect which version you are using. Nmap Nbtscan unixwiz MSFconsole Usuage should be fairly simple, run as root or use sudo: sudo ./chuckle.sh Wait a...