WordPress CP Multi-View Calendar Unauthenticated SQL Injection Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'WordPress CP Multi-View Calendar Unauthenticated SQL Injection Scanner', 'Description' = %q This module will scan given instances f...

Abandoned Cart For WooCommerce SQL Injection Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Abandoned Cart for WooCommerce SQLi Scanner', 'Description' = %q Abandoned Cart, a plugin for WordPress which extends the WooCommerce plugin, pri...

Oracle Demantra Arbitrary File Retrieval With Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Demantra Arbitrary File Retrieval with Authentication Bypass', 'Description' = %q This module exploits a file download vulnerability found...

Lotus Domino Password Hash Collector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lotus Domino Password Hash Collector', 'Description' = 'Get users passwords hashes from names.nsf page', 'Author' = 'Tiago Ferreira ', 'License' ...

Cisco ASA Clientless SSL VPN (WebVPN) Brute-force Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco ASA Clientless SSL VPN WebVPN Brute-force Login Utility', 'Description' = %q This module scans for Cisco ASA Clientless SSL VPN WebVPN web...

Wordpress XML-RPC System.multicall Credential Collector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/wordpressmulticall' class MetasploitModule 'Wordpress XML-RPC...

HP Intelligent Management FaultDownloadServlet Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management FaultDownloadServlet Directory Traversal', 'Description' = %q This module exploits a lack of authentication and a...

PCMan FTP Server 2.0.7 Directory Traversal Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PCMan FTP Server 2.0.7 Directory Traversal Information Disclosure', 'Description' = %q This module exploits a directory traversal vulnerability...

WordPress XMLRPC GHOST Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress XMLRPC GHOST Vulnerability Scanner', 'Description' = %q This module can be used to determine hosts vulnerable to the GHOST vulnerabilit...

Cisco IOS HTTP Unauthorized Administrative Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOS HTTP Unauthorized Administrative Access', 'Description' = %q This module exploits a vulnerability in the Cisco IOS HTTP Server. By...

Canon Printer Wireless Configuration Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nokogiri' class MetasploitModule 'Canon Printer Wireless Configuration Disclosure', 'Description' = %q This module enumerates wireless credentials from Canon...

Apache Flink JobManager Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink JobManager Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Flink...

LimeSurvey Zip Path Traversals

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LimeSurvey Zip Path Traversals', 'Description' = %q This module exploits an authenticated path traversal vulnerability found in LimeSurvey versio...

IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval', 'Description' = %q| This module identifies IPMI 2.0-compatible systems and attempts to retrie...

Wordpress Secure Copy Content Protection And Content Locking Sccp_id Unauthenticated SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Secure Copy Content Protection and Content Locking sccpid Unauthenticated SQLi', 'Description' = %q Secure Copy Content Protection and...

Drupal Views Module Users Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal Views Module Users Enumeration', 'Description' = %q This module exploits an information disclosure vulnerability in the 'Views' module of...

Cisco ASA Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco ASA Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability in Cisco's Adaptive Security Applianc...

Cassandra Web File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cassandra Web File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Cassandra...

WordPress Simple Backup File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Simple Backup File Read Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability in WordPress Plugin...

Log4Shell HTTP Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Scanner', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration,...

Kodi 17.0 Local File Inclusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kodi 17.0 Local File Inclusion Vulnerability', 'Description' = %q This module exploits a directory traversal flaw found in Kodi before 17.1. ,...

WordPress WPS Hide Login Login Page Revealer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress WPS Hide Login Login Page Revealer', 'Description' = %q This module exploits a bypass issue with WPS Hide Login version 'WPVDB',...

SAP SOAP Service RFC_PING Login Brute Forcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

SurgeNews User Credentials

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SurgeNews User Credentials', 'Description' = %q This module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080...

WordPress GI-Media Library Plugin Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress GI-Media Library Plugin Directory Traversal Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability...

SAP ICF /sap/public/info Service Sensitive Information Gathering

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

Eaton Xpert Meter SSH Private Key Exposure Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework XXX: This shouldn't be necessary but is now require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Eaton Xpert Meter SSH Private Key Exposure Scanner'...

ManageEngine DeviceExpert User Credentials

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine DeviceExpert User Credentials', 'Description' = %q This module extracts usernames and salted MD5 password hashes from ManageEngine...

Symantec Messaging Gateway 9.5 Log File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Symantec Messaging Gateway 9.5 Log File Download Vulnerability', 'Description' = %q This module will download a file of your choice against...

SAP Web GUI Login Brute Forcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

TP-Link Wireless Lite N Access Point Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TP-Link Wireless Lite N Access Point Directory Traversal Vulnerability', 'Description' = %q This module tests whether a directory traversal...

HP SiteScope SOAP Call LoadFileContent Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP SiteScope SOAP Call loadFileContent Remote File Access', 'Description' = %q This module exploits an authentication bypass vulnerability in HP...

Canon IR-Adv Password Extractor

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Canon IR-Adv Password Extractor', 'Description' = %q This module will extract the passwords from address books on various Canon IR-Adv mfp device...

Supermicro Onboard IPMI Port 49152 Sensitive File Exposure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Supermicro Onboard IPMI Port 49152 Sensitive File Exposure', 'Description' = %q This module abuses a file exposure vulnerability...

Nginx Source Code Disclosure/Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nginx Source Code Disclosure/Download', 'Description' = %q This module exploits a source code disclosure/download vulnerability in versions 0.7 a...

Samba _netr_ServerPasswordSet Uninitialized Credential State

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samba netrServerPasswordSet Uninitialized Credential State', 'Description' = %q This module checks if a Samba target is vulnerable to an...

Cisco ASA SSL VPN Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco ASA SSL VPN Privilege Escalation Vulnerability', 'Description' = %q This module exploits a privilege escalation vulnerability for Cisco ASA...

Atlassian Crowd XML Entity Expansion Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Crowd XML Entity Expansion Remote File Access', 'Description' = %q This module simply attempts to read a remote file from the server...

NTP Mode 7 PEER_LIST Denial Of Service Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Mode 7 PEERLIST DoS Scanner', 'Description' = %q This module identifies NTP servers which permit "PEERLIST" queries and return responses that...

MediaWiki SVG XML Entity Expansion Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MediaWiki SVG XML Entity Expansion Remote File Access', 'Description' = %q This module attempts to read a remote file from the server using a...

Syncovery For Linux Web-GUI Session Token Brute-Forcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'date' require 'json' require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/syncoveryfilesyncbackup'...

Intel AMT Digest Authentication Bypass Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Intel AMT Digest Authentication Bypass Scanner', 'Description' = %q This module scans for Intel Active Management Technology endpoints and attemp...

JBoss Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Vulnerability Scanner', 'Description' = %q This module scans a JBoss instance for a few vulnerabilities. , 'Author' = 'Tyler Krpata', 'Zach...

Juniper SSH Backdoor Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh' class MetasploitModule 'Juniper SSH Backdoor Scanner', 'Description' = %q This module scans for the Juniper SSH backdoor also valid on Telnet. Any...

Cambium EPMP 1000 Get_chart Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP 1000 'getchart' Command Injection v3.1-3.5-RC7", 'Description' = % This module exploits an OS Command Injection vulnerability in...

SAP /sap/bc/soap/rfc SOAP Service TH_SAPREL Function Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

Cisco ASA ASDM Brute-force Login

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco ASA ASDM Brute-force Login', 'Description' = %q This module scans for the Cisco ASA ASDM landing page and performs login brute-force to...

ManageEngine Support Center Plus Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Support Center Plus Directory Traversal", 'Description' = %q This module exploits a directory traversal vulnerability found in...

Jira Users Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jira Users Enumeration', 'Description' = %q This module exploits an information disclosure vulnerability that allows an unauthenticated user to...

JBoss Status Servlet Information Gathering

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Status Servlet Information Gathering', 'Description' = %q This module queries the JBoss status servlet to collect sensitive information,...