IBM Lotus Sametime Version Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule Release .+?/i , 'api', 'meeting', /^meeting=.$/i , 'api', 'appshare', /^appshare=.$/i , 'api', 'docshare', /^docshare=.$/i , 'api',...

Mettler Toledo IND780 Weighing Terminal Remote Unauthenticated Directory Traversal (CVE-2021-40661)

A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 SS Label 'IND7808.0.07', Version 7.2.10 June 18, 2012 SS Label 'IND7807.2.10'. It was possible to traverse the folders of the...

Rockwell FactoryTalk Product and Version Enumeration (Windows)

Binary data rockwellfactorytalkwinenuminstalls.nbin...

Microsoft Windows Installed Software Version Enumeration

This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version. Note that the versions detected here do not necessarily...

CVE-2022-2243

An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects...

ASP.NET Core/.NET Core SDK Detection (Windows SMB Login)

Detects the installed version of ASP.NET Core. The script logs in via smb, searches for SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

U.S. Dept Of Defense: Exposed ███████ Administrative Interface (ColdFusion 11)

Summary: The "/██████████/administrator/" directory is accessible to the public and allows an attacker to further enumerate the system and/or perform brute force attacks. Description: The ████████ website has an exposed "Administrative Interface" for ColdFusion 11, which could be useful to an...

droopescan - A plugin-based scanner that aids security researchers in identifying issues with several CMSs (Drupal, Silverstripe & Wordpress)

A plugin-based scanner that aids security researchers in identifying issues with several CMS: Drupal. SilverStripe. Wordpress. Partial functionality for: Joomla version enumeration and interesting URLs only. Moodle identification doesn't work yet. You need to force 'scan moodle'...

Black Box WordPress Vulnerability Scanner: WPScan

WPScan is a Black Box WordPress Vulnerability Scanner that attempts to find known security weaknesses within WordPress installations. The application is provided for security professionals or WordPress administrators to help them find security problems and vulnerabilities in their installations. ...

WPScan - WordPress Security Scanner

WPScan is a black box WordPress vulnerability scanner. Features Username enumeration from author querystring and location header Weak password cracking multithreaded Version enumeration from generator meta tag and from client side files Vulnerability enumeration based on version Plugin enumeratio...

IBM Lotus Sametime Version Enumeration

This module scans an IBM Lotus Sametime web interface to enumerate the application's version and configuration information. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule Release...

Plown : Security scanner for Plone CMS

Plown : Security scanner for Plone CMS Despite the fact that Plone is one of the most secure CMS, even the most secure system can be penetrated due to misconfigurations, use of weak passwords and if the admins never apply the patches released. Plown has been developed during penetration tests on...

Asterisk Invalid INVITE / REGISTER SIP Request Username Enumeration (AST-2011-011)

According to the version in its SIP banner, the version of Asterisk running on the remote host allows a remote attacker to enumerate valid users by sending malformed SIP INVITE and REGISTER requests. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

WPSCAN - WordPress Security & vulnerability Scanner

WPSCAN - WordPress Security & vulnerability Scanner WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach. Details Username enumeration from author querystring and location header Weak password cracking multithreaded Version enumeration...

WPSCAN - WordPress Security & vulnerability Scanner

WPSCAN - WordPress Security & vulnerability Scanner WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach. Details Username enumeration from author querystring and location header Weak password cracking multithreaded Version enumeration...

PostgreSQL Version Probe

Enumerates the version of PostgreSQL servers. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PostgreSQL Version Probe', 'Description' = %q Enumerates the version of PostgreSQL servers. ,...