Lucene search
K
MetasploitMost viewed

6849 matches found

Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•108 views

HTTP Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an HTTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/dllinject/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf payloadreversetcpallports...

6AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•108 views

Powershell Exec, Hidden Bind Ipknock TCP Stager

Execute an x86 payload from a command via PowerShell. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The socke...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•108 views

Powershell Exec, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Execute an x86 payload from a command via PowerShell. Listen for a connection Module Options msf use payload/cmd/windows/powershell/vncinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set options...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2019/06/02 2:19 a.m.•108 views

Safari Webkit Proxy Object Type Confusion

This module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e....

8.8CVSS8.4AI score0.53772EPSS
Exploits16
Metasploit
Metasploit
•added 2017/05/17 9:53 a.m.•108 views

Sync Breeze Enterprise GET Buffer Overflow

This module exploits a stack-based buffer overflow vulnerability in the web interface of Sync Breeze Enterprise v9.4.28, v10.0.28, and v10.1.16, caused by improper bounds checking of the request in HTTP GET and POST requests sent to the built-in web server. This module has been tested successfull...

9.8CVSS0.1AI score0.22483EPSS
Exploits7
Metasploit
Metasploit
•added 2015/08/27 7:36 p.m.•108 views

Android Meterpreter Browsable Launcher

This module allows you to open an android meterpreter via a browser. An Android meterpreter must be installed as an application beforehand on the target device in order to use this. For best results, you can consider using the auxiliary/client/sms/sendtext to trick your target into opening the...

0.1AI score
Exploits0
Metasploit
Metasploit
•added 2026/06/25 7:5 p.m.•107 views

SMB to Meterpreter Upgrade via PsExec

Upgrades an authenticated SMB session to a Meterpreter session using PsExec techniques. This module uploads a service-wrapped executable payload to the ADMIN$ share via the existing authenticated SMB connection, then creates and starts a Windows service that executes the payload. This mirrors the...

6AI score
Exploits0
Metasploit
Metasploit
•added 2015/03/27 11:34 a.m.•107 views

SSL Labs API Client

This module is a simple client for the SSL Labs APIs, designed for SSL/TLS assessment during a penetration test. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'activesupport/inflector' require 'json' require...

7.4CVSS8.2AI score0.95326EPSS
Exploits9
Metasploit
Metasploit
•added 2012/11/16 3:3 p.m.•107 views

NFR Agent FSFUI Record Arbitrary Remote File Access

NFRAgent.exe, a component of Novell File Reporter NFR, allows remote attackers to retrieve arbitrary text files via a directory traversal while handling requests to /FSF/CMD with an FSFUI record with UICMD 126. This module has been tested successfully against NFR Agent 1.0.4.3 File Reporter 1.0.2...

10CVSS10AI score0.73514EPSS
Exploits21
Metasploit
Metasploit
•added 2010/08/24 6:22 p.m.•107 views

Tomcat UTF-8 Directory Traversal Vulnerability

This module tests whether a directory traversal vulnerability is present in versions of Apache Tomcat 4.1.0 - 4.1.37, 5.5.0 - 5.5.26 and 6.0.0 - 6.0.16 under specific and non-default installations. The connector must have allowLinking set to true and URIEncoding set to UTF-8. Furthermore, the...

4.3CVSS6.9AI score0.99708EPSS
Exploits22
Metasploit
Metasploit
•added 2025/05/29 6:52 p.m.•106 views

PHP Exec, PHP Command, Double Reverse TCP Connection (via Perl)

Execute a PHP payload from a command. Creates an interactive shell via perl Module Options msf use payload/cmd/unix/php/reverseperl msf payloadreverseperl show actions ...actions... msf payloadreverseperl set ACTION msf payloadreverseperl show options ...show and set options... msf...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•106 views

Powershell Exec, Windows x64 Bind Named Pipe Stager

Execute an x64 payload from a command via PowerShell. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/vncinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•106 views

Powershell Exec, Windows Reverse HTTP Stager (winhttp)

Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/powershell/dllinject/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2021/06/09 5:43 p.m.•106 views

NSClient++ 0.5.2.35 - ExternalScripts Authenticated Remote Code Execution

This module allows an attacker with knowledge of the admin password of NSClient++ to start a privilege shell. For this module to work, both web interface of NSClient++ and ExternalScripts feature should be enabled. Module Options msf use exploit/windows/http/nscpauthenticatedrce msf...

7.8CVSS6.8AI score0.01277EPSS
Exploits2
Metasploit
Metasploit
•added 2020/07/31 5:40 p.m.•106 views

CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow

This module exploits a buffer overflow within the CA Unified Infrastructure Management nimcontroller. The vulnerability occurs in the robot controller component when sending a specially crafted directorylist probe. Technically speaking the target host must also be vulnerable to CVE-2020-8010 in...

10CVSS9.6AI score0.77566EPSS
Exploits9
Metasploit
Metasploit
•added 2020/07/09 8:21 p.m.•106 views

Pandora FMS Events Remote Command Execution

This module exploits a vulnerability CVE-2020-13851 in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 and perhaps older versions in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in the Events feature of Pandora FMS. This flaw...

8.8CVSS0.3AI score0.91095EPSS
Exploits4
Metasploit
Metasploit
•added 2012/01/27 5:12 p.m.•106 views

Multi Gather VirtualBox VM Enumeration

This module will attempt to enumerate any VirtualBox VMs on the target machine. Due to the nature of VirtualBox, this module can only enumerate VMs registered for the current user, therefore, this module needs to be invoked from a user context. This module requires Metasploit:...

Exploits0
Metasploit
Metasploit
•added 2022/12/13 7:52 p.m.•105 views

Acronis TrueImage XPC Privilege Escalation

Acronis TrueImage versions 2019 update 1 through 2021 update 1 are vulnerable to privilege escalation. The com.acronis.trueimagehelper helper tool does not perform any validation on connecting clients, which gives arbitrary clients the ability to execute functions provided by the helper tool with...

7.8CVSS8.1AI score0.02152EPSS
Exploits3
Metasploit
Metasploit
•added 2022/02/09 5:42 p.m.•105 views

Grandstream GXV31XX 'settimezone' Unauthenticated Command Execution

This module exploits a command injection vulnerability in Grandstream GXV31XX IP multimedia phones. The 'settimezone' action does not validate input in the 'timezone' parameter allowing injection of arbitrary commands. A buffer overflow in the 'phonecookie' cookie parsing allows authentication to...

9.8CVSS9.8AI score0.15353EPSS
Exploits7
Metasploit
Metasploit
•added 2020/04/30 9:19 a.m.•105 views

Microsoft Windows NtUserMNDragOver Local Privilege Elevation

This module exploits a NULL pointer dereference vulnerability in MNGetpItemFromIndex, which is reachable via a NtUserMNDragOver system call. The NULL pointer dereference occurs because the xxxMNFindWindowFromPoint function does not effectively check the validity of the tagPOPUPMENU objects it...

7.8CVSS7.6AI score0.53298EPSS
Exploits10
Metasploit
Metasploit
•added 2019/05/31 4:18 p.m.•105 views

Password Cracker: Linux

This module uses John the Ripper or Hashcat to identify weak passwords that have been acquired from unshadowed passwd files from Unix/Linux systems. The module will only crack MD5, BSDi and DES implementations by default. However, it can also crack Blowfish and SHA256/512, but it is much slower...

7.4AI score
Exploits0
Metasploit
Metasploit
•added 2018/02/09 10:14 a.m.•105 views

HP iLO 4 1.00-2.50 Authentication Bypass Administrator Account Creation

This module exploits an authentication bypass in HP iLO 4 1.00 to 2.50, triggered by a buffer overflow in the Connection HTTP header handling by the web server. Exploiting this vulnerability gives full access to the REST API, allowing arbitrary accounts creation. This module requires Metasploit:...

10CVSS0.3AI score0.99335EPSS
Exploits9
Metasploit
Metasploit
•added 2015/07/11 5:28 a.m.•105 views

Adobe Flash opaqueBackground Use After Free

This module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public as part of the July 2015 data leak, was described as an Use After Free while handling the opaqueBackground property 7 setter of the flash.display.DisplayObject class. This...

9.8CVSS10AI score0.93688EPSS
Exploits5
Metasploit
Metasploit
•added 2015/04/27 3:56 p.m.•105 views

Netgear Unauthenticated SOAP Password Extractor

This module exploits an authentication bypass vulnerability in different Netgear devices. It allows to extract the password for the remote management interface. This module has been tested on a Netgear WNDR3700v4 - V1.0.1.42, but other devices are reported as vulnerable: NetGear WNDR3700v4 -...

7.4AI score
Exploits0
Metasploit
Metasploit
•added 2012/03/19 5:53 p.m.•105 views

MS12-020 Microsoft Remote Desktop Use-After-Free DoS

This module exploits the MS12-020 RDP vulnerability originally discovered and reported by Luigi Auriemma. The flaw can be found in the way the T.125 ConnectMCSPDU packet is handled in the maxChannelIDs field, which will result an invalid pointer being used, therefore causing a denial-of-service...

9.3CVSS6.3AI score0.73924EPSS
Exploits11
Metasploit
Metasploit
•added 2011/06/21 12:38 a.m.•105 views

Windows Manage Enable Remote Desktop

This module enables the Remote Desktop Service RDP. It provides the options to create an account and configure it to be a member of the Local Administrators and Remote Desktop Users group. It can also forward the target's port 3389/tcp. This module requires Metasploit:...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2021/11/19 5:42 p.m.•104 views

Apache Storm Nimbus getTopologyHistory Unauthenticated Command Execution

This module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name of a user which is concatenated into a string that is executed by bash. In order for the...

9.8CVSS10AI score0.84489EPSS
Exploits4
Metasploit
Metasploit
•added 2021/11/17 5:42 p.m.•104 views

Microsoft Azure Active Directory Login Enumeration

This module enumerates valid usernames and passwords against a Microsoft Azure Active Directory domain by utilizing a flaw in how SSO authenticates. Module Options msf use auxiliary/scanner/http/azureadlogin msf auxiliaryazureadlogin show actions ...actions... msf auxiliaryazureadlogin set ACTION...

6.9AI score
Exploits0
Metasploit
Metasploit
•added 2020/11/20 5:41 p.m.•104 views

Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution

This module exploits a series of vulnerabilities to achieve unauthenticated remote code execution on the Rockwell FactoryTalk View SE SCADA product as the IIS user. The attack relies on the chaining of five separate vulnerabilities. The first vulnerability is an unauthenticated project copy...

9CVSS7AI score0.53024EPSS
Exploits5
Metasploit
Metasploit
•added 2015/03/28 8:31 p.m.•104 views

Windows Gather Local SQL Server Hash Dump

This module extracts the usernames and password hashes from an MSSQL server and stores them as loot. It uses the same technique in mssqllocalauthbypass. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

10AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•103 views

Powershell Exec, Windows Meterpreter Service, Reverse TCP Inline

Execute an x86 payload from a command via PowerShell. Stub payload for interacting with a Meterpreter Service Module Options msf use payload/cmd/windows/powershell/metsvcreversetcp msf payloadmetsvcreversetcp show actions ...actions... msf payloadmetsvcreversetcp set ACTION msf...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•103 views

Powershell Exec, Bind TCP Stager with UUID Support (Windows x86)

Execute an x86 payload from a command via PowerShell. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/powershell/meterpreter/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2021/05/15 5:42 p.m.•103 views

Dell DBUtil_2_3.sys IOCTL memmove

The DBUtil23.sys driver distributed by Dell exposes an unprotected IOCTL interface that can be abused by an attacker read and write kernel-mode memory. Module Options msf use exploit/windows/local/cve202121551dbutilmemmove msf exploitcve202121551dbutilmemmove show targets ...targets... msf...

8.8CVSS8.2AI score0.57474EPSS
Exploits17
Metasploit
Metasploit
•added 2020/05/08 4:21 p.m.•103 views

Cloud Lookup (and Bypass)

This module can be useful if you need to test the security of your server and your website behind a solution Cloud based. By discovering the origin IP address of the targeted host. More precisely, this module uses multiple data sources in order ViewDNS.info, DNS enumeration and Censys to collect...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2019/03/30 2:37 p.m.•103 views

Onion Omega2 Login Brute-Force

OnionOS login scanner module for Onion Omega2 devices. !/usr/bin/env python3 -- coding: utf-8 -- 2019-03-27 05-55 Standard Modules from metasploit import module, loginscanner import json Extra Modules dependenciesmissing = False try: import requests except ImportError: dependenciesmissing = True...

7.1AI score
Exploits0
Metasploit
Metasploit
•added 2018/03/21 11:26 a.m.•103 views

Gather Ticket Granting Service (TGS) tickets for User Service Principal Names (SPN)

This module will try to find Service Principal Names that are associated with normal user accounts. Since normal accounts' passwords tend to be shorter than machine accounts, and knowing that a TGS request will encrypt the ticket with the account the SPN is running under, this could be used for a...

0.1AI score
Exploits0
Metasploit
Metasploit
•added 2017/04/30 1:3 p.m.•103 views

WordPress Traversal Directory DoS

Cross-site request forgery CSRF vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the checkajaxreferer...

7.1CVSS5.9AI score0.38445EPSS
Exploits6
Metasploit
Metasploit
•added 2009/09/19 5:24 p.m.•103 views

NFS Mount Scanner

This module scans NFS mounts and their permissions. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NFS Mount Scanner', 'Description' = %q This module scans NFS mounts and their permissions. ,...

10CVSS7.1AI score0.1841EPSS
Exploits2
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•102 views

Powershell Exec

Execute an x86 payload from a command via PowerShell Module Options msf use payload/cmd/windows/powershell/powershellreversetcpssl msf payloadpowershellreversetcpssl show actions ...actions... msf payloadpowershellreversetcpssl set ACTION msf payloadpowershellreversetcpssl show options ...show an...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•102 views

Powershell Exec, Windows Reverse HTTP Stager (wininet)

Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/powershell/dllinject/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show options...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2021/02/18 5:42 p.m.•102 views

WordPress ChopSlider3 id SQLi Scanner

The iDangero.us Chop Slider 3 WordPress plugin version 3.4 and prior contains a blind SQL injection in the id parameter of the getscript/index.php page. The injection is passed through GET parameters, and thus must be encoded, and magicquotes is applied at the server. Module Options msf use...

9.8CVSS9.5AI score0.95657EPSS
Exploits8
Metasploit
Metasploit
•added 2019/12/18 8:5 p.m.•102 views

Reliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation

This module exploits a vulnerability in the rdspagecopyuser function in net/rds/page.c RDS in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root CVE-2010-3904. This module has been tested successfully on: Fedora 13 i686 kernel version 2.6.33.3-85.fc13.i686.PAE; and Ubuntu 10.04...

7.8CVSS7.8AI score0.11217EPSS
Exploits16
Metasploit
Metasploit
•added 2012/06/14 10:29 p.m.•102 views

PHP apache_request_headers Function Buffer Overflow

This module exploits a stack based buffer overflow in the CGI version of PHP 5.4.x before 5.4.3. The vulnerability is due to the insecure handling of the HTTP headers. This module has been tested against the thread safe version of PHP 5.4.2, from "windows.php.net", running with Apache 2.2.22 from...

5CVSS9.8AI score0.62649EPSS
Exploits6
Metasploit
Metasploit
•added 2010/09/20 8:6 a.m.•102 views

FrontPage Server Extensions Anonymous Login Scanner

This module queries the FrontPage Server Extensions and determines whether anonymous access is allowed. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FrontPage Server Extensions Anonymous Log...

0.3AI score
Exploits0
Metasploit
Metasploit
•added 2010/04/06 4:36 p.m.•102 views

HTTP Vuln Scanner

This module identifies common vulnerable files or cgis. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Vuln Scanner', 'Description' = %q This module identifies common vulnerable files or...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•101 views

Powershell Exec, Windows x64 Reverse TCP Stager

Execute an x64 payload from a command via PowerShell. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/vncinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...sho...

7.1AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•101 views

Powershell Exec, Windows Reverse HTTP Stager (winhttp)

Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/powershell/meterpreter/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•101 views

Powershell Exec, Bind TCP Stager (Windows x86)

Execute an x86 payload from a command via PowerShell. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/powershell/peinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... m...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•101 views

Powershell Exec, Reverse TCP Stager (No NX or Win7)

Execute an x86 payload from a command via PowerShell. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/powershell/peinject/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show options...

7.1AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•101 views

Powershell Exec, Reverse HTTP Stager Proxy

Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP Module Options msf use payload/cmd/windows/powershell/vncinject/reversehttpproxypstore msf payloadreversehttpproxypstore show actions ...actions... msf payloadreversehttpproxypstore set ACTION msf...

7.2AI score
Exploits0
Total number of security vulnerabilities5000