Lucene search
K
MetasploitMost viewed

6850 matches found

Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•341 views

HTTP Fetch, Linux Command Shell, Reverse TCP Stager

Fetch and execute an MIPSBE payload from an HTTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/http/mipsbe/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•341 views

HTTP Fetch

Fetch and execute an MIPSLE payload from an HTTP server. Module Options msf use payload/cmd/linux/http/mipsle/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2026/01/28 6:59 p.m.•340 views

FreePBX Custom Extension SQL Injection

FreePBX versions prior to 16.0.44,16.0.92 and 17.0.23,17.0.6 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61675, in the context of this module. The versions before 16.0.44 and 17.0.23 are vulnerable to CVE-2025-66039, while versions before 16.0.92 and 17.0.6 are...

9.8CVSS6.1AI score0.3896EPSS
Exploits8
Metasploit
Metasploit
•added 2025/12/12 6:56 p.m.•340 views

N-able N-Central Authentication Bypass and XXE Scanner

This module scans for vulnerable N-able N-Central instances affected by CVE-2025-9316 Unauthenticated Session Bypass and CVE-2025-11700 XXE. The module attempts to exploit CVE-2025-9316 by sending a sessionHello SOAP request to the ServerMMS endpoint with various appliance IDs to obtain an...

8.4CVSS8.1AI score0.37335EPSS
Exploits2
Metasploit
Metasploit
•added 2025/06/05 6:50 p.m.•340 views

ThinManager Path Traversal (CVE-2023-2915) Arbitrary File Delete

This module exploits a path traversal vulnerability CVE-2023-2915 in ThinManager use auxiliary/admin/networking/thinmanagertraversaldelete msf auxiliarythinmanagertraversaldelete show actions ...actions... msf auxiliarythinmanagertraversaldelete set ACTION msf auxiliarythinmanagertraversaldelete...

9.1CVSS7.4AI score0.78093EPSS
Exploits1
Metasploit
Metasploit
•added 2025/05/06 6:54 p.m.•340 views

Sante PACS Server Path Traversal (CVE-2025-2264)

This module exploits a path traversal vulnerability CVE-2025-2264 in Sante PACS Server use auxiliary/gather/pacsservertraversal msf auxiliarypacsservertraversal show actions ...actions... msf auxiliarypacsservertraversal set ACTION msf auxiliarypacsservertraversal show options ...show and set...

7.5CVSS7.4AI score0.38656EPSS
Exploits2
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•340 views

HTTPS Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an PPC64 payload from an HTTPS server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/https/ppc64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2023/01/27 7:49 p.m.•340 views

Kerberos TGT/TGS Ticket Requester

This module requests TGT/TGS Kerberos tickets from the KDC Module Options msf use auxiliary/admin/kerberos/getticket msf auxiliarygetticket show actions ...actions... msf auxiliarygetticket set ACTION msf auxiliarygetticket show options ...show and set options... msf auxiliarygetticket run This...

5.3AI score
Exploits0
Metasploit
Metasploit
•added 2025/12/10 6:57 p.m.•339 views

Linux Reboot

A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/linux/loongarch64/reboot msf payloadreboot show actions ...actions... msf payloadreboot set ACTION msf...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•339 views

HTTP Fetch, Linux Execute Command

Fetch and execute an MIPSLE payload from an HTTP server. A very small shellcode for executing commands. This module is sometimes helpful for testing purposes as well as on targets with extremely limited buffer space. Module Options msf use payload/cmd/linux/http/mipsle/exec msf payloadexec show...

7.4AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•339 views

HTTP Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an PPC64 payload from an HTTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/http/ppc64/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2025/07/17 6:55 p.m.•338 views

PandoraFMS Netflow Authenticated Remote Code Execution

This module exploits a command injection vulnerability in Netflow component of PandoraFMS. The module requires a set of user credentials to modify Netflow settings. Also, Netflow binaries have to be present on the system. Module Options msf use exploit/linux/http/pandorafmsauthnetflowrce msf...

9.8CVSS5.8AI score0.19944EPSS
Exploits3
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•338 views

HTTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an MIPSBE payload from an HTTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/http/mipsbe/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2026/01/05 6:59 p.m.•337 views

Linux Command Shell, Bind TCP Inline

Listen for a connection and spawn a command shell Module Options msf use payload/linux/riscv32le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show and set options... msf payloadshellbindtcp run This modu...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•337 views

HTTPS Fetch

Fetch and execute an MIPSLE payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/mipsle/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show a...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•337 views

TFTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an ARMLE payload from a TFTP server. Connect to target and spawn a command shell Module Options msf use payload/cmd/linux/tftp/armle/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show an...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2023/01/24 7:51 p.m.•337 views

Python Exec, Python Meterpreter Shell, Bind TCP Inline

Execute a Python payload from a command. Connect to the victim and spawn a Meterpreter shell Module Options msf use payload/cmd/windows/python/meterpreterbindtcp msf payloadmeterpreterbindtcp show actions ...actions... msf payloadmeterpreterbindtcp set ACTION msf payloadmeterpreterbindtcp show...

7AI score
Exploits0
Metasploit
Metasploit
•added 2026/01/05 6:59 p.m.•336 views

HTTP Fetch, Linux Reboot

Fetch and execute an RISC-V 64-bit payload from an HTTP server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/http/riscv64le/reboot msf...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•336 views

TFTP Fetch, Linux Add User

Fetch and execute an ARMLE payload from a TFTP server. Create a new user with UID 0 Module Options msf use payload/cmd/linux/tftp/armle/adduser msf payloadadduser show actions ...actions... msf payloadadduser set ACTION msf payloadadduser show options ...show and set options... msf payloadadduser...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•336 views

HTTPS Fetch

Fetch and execute an MIPSLE payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/ppc/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2023/05/18 7:52 p.m.•336 views

HTTP Fetch, Windows shellcode stage, Windows x64 Reverse HTTPS Stager (winhttp)

Fetch and execute an x64 payload from an HTTP server. Custom shellcode stage. Tunnel communication over HTTPS Windows x64 winhttp Module Options msf use payload/cmd/windows/http/x64/custom/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION...

5.9AI score
Exploits0
Metasploit
Metasploit
•added 2025/05/29 6:52 p.m.•335 views

PHP Exec, PHP Command Shell, Bind TCP (via php) IPv6

Execute a PHP payload as an OS command from a Posix-compatible shell. Listen for a connection and spawn a command shell via php IPv6 Module Options msf use payload/cmd/unix/php/bindphpipv6 msf payloadbindphpipv6 show actions ...actions... msf payloadbindphpipv6 set ACTION msf payloadbindphpipv6...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•335 views

HTTPS Fetch

Fetch and execute an AARCH64 payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/aarch64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2024/08/23 6:52 p.m.•335 views

Ray cpu_profile command injection

Ray RCE via cpuprofile command injection vulnerability. Module Options msf use exploit/linux/http/raycpuprofilecmdinjectioncve20236019 msf exploitraycpuprofilecmdinjectioncve20236019 show targets ...targets... msf exploitraycpuprofilecmdinjectioncve20236019 set TARGET msf...

9.8CVSS7.9AI score0.7463EPSS
Exploits15
Metasploit
Metasploit
•added 2023/02/01 7:50 p.m.•335 views

vmwgfx Driver File Descriptor Handling Priv Esc

If the vmwgfx driver fails to copy the 'fencerep' object to userland, it tries to recover by deallocating the already populated file descriptor. This is wrong, as the fd gets released via putunusedfd which shouldn't be used, as the fd table slot was already populated via the previous call to...

7.8CVSS6.5AI score0.02579EPSS
Exploits3
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•334 views

HTTP Fetch

Fetch and execute a PPC64LE payload from an HTTP server. Module Options msf use payload/cmd/linux/http/ppc64le/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and se...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2022/04/12 5:42 p.m.•334 views

User Profile Arbitrary Junction Creation Local Privilege Elevation

The user profile service, identified as ProfSrv, is vulnerable to a local privilege elevation vulnerability in its CreateDirectoryJunction function due to a lack of appropriate checks on the directory structure of the junctions it tries to link together. Attackers can leverage this vulnerability ...

7.8CVSS8.4AI score0.14393EPSS
Exploits2
Metasploit
Metasploit
•added 2026/05/01 7:1 p.m.•333 views

HTTP Fetch, Linux Execute Command

Fetch and execute an AARCH64 payload from an HTTP server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/http/aarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... m...

6.1AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•333 views

HTTPS Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an MIPSLE payload from an HTTPS server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/https/mipsle/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options...

6AI score
Exploits0
Metasploit
Metasploit
•added 2024/10/01 6:55 p.m.•333 views

VICIdial Authenticated Remote Code Execution

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. Module Options msf use...

9.8CVSS8.9AI score0.80023EPSS
Exploits10
Metasploit
Metasploit
•added 2024/08/21 6:52 p.m.•333 views

DIAEnergie SQL Injection (CVE-2024-4548)

SQL injection vulnerability in DIAEnergie use exploit/windows/scada/diaenergiesqli msf exploitdiaenergiesqli show targets ...targets... msf exploitdiaenergiesqli set TARGET msf exploitdiaenergiesqli show options ...show and set options... msf exploitdiaenergiesqli exploit class MetasploitModule...

9.8CVSS9.7AI score0.29425EPSS
Exploits5
Metasploit
Metasploit
•added 2024/07/11 7:53 p.m.•333 views

Atlassian Confluence Administrator Code Macro Remote Code Execution

This module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will...

8.8CVSS9.4AI score0.88267EPSS
Exploits9
Metasploit
Metasploit
•added 2023/09/13 7:51 p.m.•333 views

Apache Superset Signed Cookie Priv Esc

Apache Superset versions use auxiliary/gather/apachesupersetcookiesigprivesc msf auxiliaryapachesupersetcookiesigprivesc show actions ...actions... msf auxiliaryapachesupersetcookiesigprivesc set ACTION msf auxiliaryapachesupersetcookiesigprivesc show options ...show and set options... msf...

9.8CVSS8.4AI score0.97405EPSS
Exploits20
Metasploit
Metasploit
•added 2026/05/08 6:56 p.m.•332 views

VIM Plugin Persistence

This module creates a VIM Plugin which executes a payload on VIM startup. Module Options msf use exploit/linux/persistence/vimplugin msf exploitvimplugin show targets ...targets... msf exploitvimplugin set TARGET msf exploitvimplugin show options ...show and set options... msf exploitvimplugin...

5.9AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/07 7:1 p.m.•332 views

Windows Service for User (S4U) Scheduled Task Persistence - Event Trigger

Creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires 'Logon as a batch job'...

6AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•332 views

HTTP Fetch

Fetch and execute an AARCH64 payload from an HTTP server. Module Options msf use payload/cmd/linux/http/aarch64/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and s...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2023/06/10 7:49 p.m.•332 views

TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution

This module exploits an unauthenticated remote code-execution vulnerability in TerraMaster TOS 4.2.06 and lower via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system und...

9.1AI score
Exploits0
Metasploit
Metasploit
•added 2026/05/06 7:1 p.m.•331 views

Anonymous FTP Access Detection

Detect anonymous read/write FTP service access. Module Options msf use auxiliary/scanner/ftp/ftpanonymous msf auxiliaryftpanonymous show actions ...actions... msf auxiliaryftpanonymous set ACTION msf auxiliaryftpanonymous show options ...show and set options... msf auxiliaryftpanonymous run...

5.9AI score0.07085EPSS
Exploits1
Metasploit
Metasploit
•added 2026/04/07 7:1 p.m.•331 views

AD/CS Authenticated Web Enrollment Services Module

Authenticates to the AD/CS Web enrollment service and allows the user to query templates and create certificates based on available templates. Module Options msf use auxiliary/admin/http/webenrollmentcert msf auxiliarywebenrollmentcert show actions ...actions... msf auxiliarywebenrollmentcert set...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/01/07 6:58 p.m.•331 views

Taiga tribe_gig authenticated unserialize remote code execution

This module exploits an unserialization flaw by creating a userstory in a project. Module Options msf use exploit/multi/http/taigatribegigunserial msf exploittaigatribegigunserial show targets ...targets... msf exploittaigatribegigunserial set TARGET msf exploittaigatribegigunserial show options...

9CVSS5.8AI score0.01405EPSS
Exploits2
Metasploit
Metasploit
•added 2026/01/05 6:59 p.m.•331 views

Linux Command Shell, Bind TCP Inline

Listen for a connection and spawn a command shell Module Options msf use payload/linux/riscv64le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show and set options... msf payloadshellbindtcp run This modu...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2025/06/09 6:51 p.m.•331 views

OS Command Exec, Unix Command Shell, Reverse TCP SSL (via perl)

Execute an OS command from PHP. Creates an interactive shell via perl, uses SSL Module Options msf use payload/php/unix/cmd/reverseperlssl msf payloadreverseperlssl show actions ...actions... msf payloadreverseperlssl set ACTION msf payloadreverseperlssl show options ...show and set options... ms...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•331 views

HTTP Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an MIPSLE payload from an HTTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/http/mipsle/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2020/05/26 2:36 a.m.•331 views

BIND TSIG Badtime Query Denial of Service

A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BIND TSIG Badtime Query Denial of Service...

7.5CVSS0.4AI score0.93422EPSS
Exploits5
Metasploit
Metasploit
•added 2025/06/09 6:51 p.m.•330 views

OS Command Exec, Unix Command Shell, Pingback Bind TCP (via netcat)

Execute an OS command from PHP. Accept a connection, send a UUID, then exit Module Options msf use payload/php/unix/cmd/pingbackbind msf payloadpingbackbind show actions ...actions... msf payloadpingbackbind set ACTION msf payloadpingbackbind show options ...show and set options... msf...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2024/09/24 6:53 p.m.•330 views

Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419)

This module exploits an improper access control vulnerability in Cisco Smart Software Manager SSM On-Prem use auxiliary/admin/http/ciscossmonpremaccount msf auxiliaryciscossmonpremaccount show actions ...actions... msf auxiliaryciscossmonpremaccount set ACTION msf auxiliaryciscossmonpremaccount...

10CVSS6AI score0.80767EPSS
Exploits3
Metasploit
Metasploit
•added 2026/01/09 6:58 p.m.•329 views

udev Persistence

This module will add a script in /lib/udev/rules.d/ in order to execute a payload written on disk. It'll be executed with root privileges everytime a network interface other than l0 comes up. Execution is triggered through at command, so it must be installed on the target. Module Options msf use...

5.9AI score
Exploits0
Metasploit
Metasploit
•added 2025/12/09 6:55 p.m.•328 views

TFTP Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an PPC payload from an TFTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/tftp/ppc/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2024/08/27 6:53 p.m.•328 views

Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)

This module exploits an access control issue in Ivanti Virtual Traffic Manager vTM, by adding a new administrative user to the web interface of the application. Affected versions include 22.7R1, 22.6R1, 22.5R1, 22.3R2, 22.3, 22.2. Module Options msf use auxiliary/admin/http/ivantivtmadmin msf...

9.8CVSS7.4AI score0.99987EPSS
Exploits4
Metasploit
Metasploit
•added 2021/10/28 5:51 p.m.•328 views

Atlassian Confluence WebWork OGNL Injection

This module exploits an OGNL injection in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. Module Options msf use exploit/multi/http/atlassianconfluencewebworkognlinjection msf exploitatlassianconfluencewebworkognlinjection show targets ...targets... msf...

9.8CVSS8.7AI score0.99999EPSS
Exploits45
Total number of security vulnerabilities5000