NFR Agent SRS Record Arbitrary Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NFR Agent SRS Record Arbitrary Remote File Access', 'Description' = %q NFRAgent.exe, a component of Novell File Reporter NFR, allows remote...

Gallery WD For Joomla! Unauthenticated SQL Injection Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Gallery WD for Joomla! Unauthenticated SQL Injection Scanner', 'Description' = %q This module will scan for Joomla! instances...

Abandoned Cart For WooCommerce SQL Injection Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Abandoned Cart for WooCommerce SQLi Scanner', 'Description' = %q Abandoned Cart, a plugin for WordPress which extends the WooCommerce plugin, pri...

Canon IR-Adv Password Extractor

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Canon IR-Adv Password Extractor', 'Description' = %q This module will extract the passwords from address books on various Canon IR-Adv mfp device...

MediaWiki SVG XML Entity Expansion Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MediaWiki SVG XML Entity Expansion Remote File Access', 'Description' = %q This module attempts to read a remote file from the server using a...

RFCode Reader Web Interface Login / Bruteforce Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RFCode Reader Web Interface Login / Bruteforce Utility', 'Description' = % This module simply attempts to login to a RFCode Reader web interface...

SAP Management Console Brute Force

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Management Console Brute Force', 'Description' = %q This module simply attempts to brute force the username and password for the SAP Manageme...

Chinese Caidao Backdoor Bruteforce

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/caidao' class MetasploitModule 'Chinese Caidao Backdoor Bruteforce',...

FTP Authentication Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/ftp' class MetasploitModule 'FTP Authentication Scanner', 'Description' = ...

ColoradoFTP Server 1.3 Build 8 Directory Traversal Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ColoradoFTP Server 1.3 Build 8 Directory Traversal Information Disclosure', 'Description' = %q This module exploits a directory traversal...

ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal', 'Description' = %q This module exploits a directory traversal vulnerabili...

Wordpress BulletProof Security Backup Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Wordpress BulletProof Security Backup Disclosure', 'Description' = %q The Wordpress plugin BulletProof Security, versions 'Ron...

NetDecision NOCVision Server Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NetDecision NOCVision Server Directory Traversal', 'Description' = %q This module exploits a directory traversal bug in NetDecision's...

Simple Web Server 2.3-RC1 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Simple Web Server 2.3-RC1 Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Simple Web...

SerComm Network Device Backdoor Detection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SerComm Network Device Backdoor Detection', 'Description' = %q This module can identify SerComm manufactured network devices which contain a...

Cambium EPMP 1000 Login Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cambium ePMP 1000 Login Scanner', 'Description' = % This module scans for Cambium ePMP 1000 management login portals, and attempts to identify...

LiteSpeed Source Code Disclosure/Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LiteSpeed Source Code Disclosure/Download', 'Description' = %q This module exploits a source code disclosure/download vulnerability in versions...

WordPress Modern Events Calendar SQL Injection Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Modern Events Calendar SQLi Scanner', 'Description' = %q Modern Events Calendar plugin contains an unauthenticated timebased SQL...

HP Intelligent Management BIMS DownloadServlet Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management BIMS DownloadServlet Directory Traversal', 'Description' = %q This module exploits a lack of authentication and a...

Jenkins-CI Unauthenticated Script-Console Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'cgi' class MetasploitModule 'Jenkins-CI Unauthenticated Script-Console Scanner', 'Description' = %q This module scans for unauthenticated Jenkins-CI script...

Carlo Gavazzi Energy Meters Login Brute Force, Extract Info And Dump Plant Database

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Carlo Gavazzi Energy Meters - Login Brute Force, Extract Info and Dump Plant Database', 'Description' = % This module scans for Carlo Gavazzi...

Libssh Authentication Bypass Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'libssh Authentication Bypass Scanner', 'Description' = %q This module exploits an authentication bypass in libssh server code where a...

Sybase Easerver 6.3 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sybase Easerver 6.3 Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Sybase EAserver's...

Wordpress RegistrationMagic Task_ids Authenticated SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress RegistrationMagic taskids Authenticated SQLi', 'Description' = %q RegistrationMagic, a WordPress plugin, prior to 5.0.1.5 is affected b...

HTTP SickRage Password Leak

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP SickRage Password Leak', 'Description' = %q SickRage 'Sven Fassbender', EDB POC 'Shelby Pace' Metasploit Module , 'License' = MSFLICENSE,...

Citrix ADC (NetScaler) Bleed Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC NetScaler Bleed Scanner', 'Description' = %q This module scans for a vulnerability that allows a remote, unauthenticated attacker to...

GitLab GraphQL API User Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab GraphQL API User Enumeration', 'Description' = %q This module queries the GitLab GraphQL API without authentication to acquire the list of...

FortiMail Unauthenticated Login Bypass Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiMail Unauthenticated Login Bypass Scanner', 'Description' = %q This module attempts to detect instances of FortiMail vulnerable against an...

Spring Cloud Config Server Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability whi...

HP Intelligent Management IctDownloadServlet Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management IctDownloadServlet Directory Traversal', 'Description' = %q This module exploits a lack of authentication and a directo...

Sockso Music Host Server 1.5 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sockso Music Host Server 1.5 Directory Traversal', 'Description' = %q This module exploits a directory traversal bug in Sockso on port 4444. This...

Icingaweb Directory Traversal In Static Library File Requests

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Icingaweb Directory Traversal in Static Library File Requests', 'Description' = %q Icingaweb versions from 2.9.0 to 2.9.5 inclusive, and 2.8.0 to...

FrontPage .pwd File Credential Dump

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FrontPage .pwd File Credential Dump', 'Description' = %q This module downloads and parses the 'vtipvt/service.pwd', 'vtipvt/administrators.pwd',...

MS17-010 SMB Remote Code Execution Detection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS17-010 SMB RCE Detection', 'Description' = %q Uses information disclosure to determine if MS17-010 has been patched or not. Specifically, it...

X11 No-Auth Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'X11 No-Auth Scanner', 'Description' = %q This module scans for X11 servers that allow anyone to connect without authentication. , 'Author' = 'teb...

Dahua DVR Authentication Bypass Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule %qDahua DVR Auth Bypass Scanner, 'Description' = %qScans for Dahua-based DVRs and then grabs settings. Optionally resets a user's password and...

IBM WebSphere MQ Channel Name Bruteforce

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM WebSphere MQ Channel Name Bruteforce', 'Description' = 'This module uses a dictionary to bruteforce MQ channel names. For all identified...

SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

WordPress Email Subscribers And Newsletter Hash SQL Injection Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Email Subscribers and Newsletter Hash SQLi Scanner', 'Description' = %q Email Subscribers & Newsletters plugin contains an...

Cambium EPMP 1000 Ping Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP 1000 'ping' Command Injection up to v2.5", 'Description' = % This module exploits an OS Command Injection vulnerability in Cambium...

WordPress Mobile Pack Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Mobile Pack Information Disclosure Vulnerability', 'Description' = %q This module exploits an information disclosure vulnerability in...

Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal", 'Description' = %q This module exploits a directory...

WordPress Mobile Edition File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Mobile Edition File Read Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability in WordPress Plugi...

Novell Zenworks Mobile Device Management Admin Credentials

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell Zenworks Mobile Device Management Admin Credentials', 'Description' = %q This module attempts to pull the administrator credentials from a...

HP Intelligent Management ReportImgServlt Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management ReportImgServlt Directory Traversal', 'Description' = %q This module exploits a lack of authentication and a directory...

Microsoft Azure Active Directory Login Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Azure Active Directory Login Enumeration', 'Description' = %q This module enumerates valid usernames and passwords against a Microsoft...

WordPress NextGEN Gallery Directory Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'json' require 'nokogiri' class MetasploitModule 'WordPress NextGEN Gallery Directory Read Vulnerability', 'Description' = %q This module exploits an authenticat...

Httpdasm Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Httpdasm Directory Traversal', 'Description' = %q This module allows for traversing the file system of a host running httpdasm v0.92. , 'Author' ...

Symantec Messaging Gateway 10 Exposure Of Stored AD Password

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest' require "openssl" class MetasploitModule 'Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability', 'Description' = %q This module wi...

S40 0.4.2 CMS Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'S40 0.4.2 CMS Directory Traversal Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability found in S40 CMS. T...