Ruby On Rails JSON Processor YAML Deserialization Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby on Rails JSON Processor YAML Deserialization Scanner', 'Description' = %q This module attempts to identify Ruby on Rails instances vulnerabl...

Ruby On Rails XML Processor YAML Deserialization Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby on Rails XML Processor YAML Deserialization Scanner', 'Description' = %q This module attempts to identify Ruby on Rails instances vulnerable...

Cisco SSL VPN Bruteforce Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco SSL VPN Bruteforce Login Utility', 'Description' = % This module scans for Cisco SSL VPN web login portals and performs login brute force t...

Lotus Domino Brute Force Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lotus Domino Brute Force Utility', 'Description' = 'Lotus Domino Authentication Brute Force Utility', 'Author' = 'Tiago Ferreira ', 'License' =...

WinRM Command Runner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/winrm/connection' class MetasploitModule 'WinRM Command Runner', 'Description' = %q This module runs arbitrary Windows commands using the WinRM Service ,...

Wordpress Arbitrary File Deletion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Arbitrary File Deletion', 'Description' = %q An arbitrary file deletion vulnerability in the WordPress core allows any user with...

MS09-020 IIS6 WebDAV Unicode Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS09-020 IIS6 WebDAV Unicode Authentication Bypass', 'Description' = %q This module attempts to to bypass authentication using the WebDAV IIS6...

Linknat Vos Manager Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linknat Vos Manager Traversal', 'Description' = %q This module attempts to test whether a file traversal vulnerability is present in version of...

Wordpress Plugin WooCommerce Payments Unauthenticated Admin Creation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin WooCommerce Payments Unauthenticated Admin Creation', 'Description' = %q WooCommerce-Payments plugin for Wordpress versions 4.8'...

PocketPAD Login Bruteforce Force Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PocketPAD Login Bruteforce Force Utility', 'Description' = % This module scans for PocketPAD login portal, and performs a login bruteforce attack...

Cambium EPMP 1000 Ping Password Hash Extractor

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP 1000 'ping' Password Hash Extractor up to v2.5", 'Description' = % This module exploits an OS Command Injection vulnerability in...

Cisco Ironport Bruteforce Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Ironport Bruteforce Login Utility', 'Description' = % This module scans for Cisco Ironport SMA, WSA and ESA web login portals, finds AsyncO...

OpenMind Message-OS Portal Login Brute Force Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMind Message-OS Portal Login Brute Force Utility', 'Description' = % This module scans for OpenMind Message-OS provisioning web login portal,...

WordPress Loginizer Log SQL Injection Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Loginizer log SQLi Scanner', 'Description' = %q Loginizer wordpress plugin contains an unauthenticated timebased SQL injection in...

SAP Host Agent Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'SAP Host Agent Information Disclosure', 'Description' = %q This module attempts to retrieve Computer and OS info from Ho...

HTTP Virtual Host Brute Force Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework May I reuse some methods? require 'cgi' class MetasploitModule 'HTTP Virtual Host Brute Force Scanner', 'Description' = %q This module tries to identify unique virtual...

Konica Minolta FTP Utility 1.00 Directory Traversal Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Konica Minolta FTP Utility 1.00 Directory Traversal Information Disclosure', 'Description' = %q This module exploits a directory traversal...

Novell Groupwise Agents HTTP Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell Groupwise Agents HTTP Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability in Novell Groupwis...

Supermicro Onboard IPMI Static SSL Certificate Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Supermicro Onboard IPMI Static SSL Certificate Scanner', 'Description' = %q This module checks for a static SSL certificate shipped with Supermic...

HTTP Git Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Git Scanner', 'Description' = %q This module can detect situations where there may be information disclosure vulnerabilities that occur when...

Apache Mod_userdir User Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache "moduserdir" User Enumeration', 'Description' = %qApache with the UserDir directive enabled generates different error codes when a usernam...

TVT NVMS-1000 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TVT NVMS-1000 Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability which exists in...

Telerik Report Server Auth Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Telerik Report Server Auth Bypass', 'Description' = %q This module exploits an authentication bypass vulnerability in Telerik Report Server...

SAP CTC Service Verb Tampering User Management

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

Zen Load Balancer Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zen Load Balancer Directory Traversal', 'Description' = %q This module exploits a authenticated directory traversal vulnerability in Zen Load...

Sage X3 AdxAdmin Login Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/x3' require 'metasploit/framework/credentialcollection' class MetasploitModule 'Sage X3 AdxAdmin Login Scanner', 'Description'...

SMTP User Enumeration Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMTP User Enumeration Utility', 'Description' = %q The SMTP service has two internal commands that allow the enumeration of users: VRFY confirmin...

WANGKONGBAO CNS-1000 And 1100 UTM Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WANGKONGBAO CNS-1000 and 1100 UTM Directory Traversal', 'Description' = %q This module exploits the WANGKONGBAO CNS-1000 and 1100 UTM appliances...

Apache ActiveMQ Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache ActiveMQ Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability in Apache ActiveMQ 5.3.1 and...

ManageEngine SecurityManager Plus 5.5 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine SecurityManager Plus 5.5 Directory Traversal', 'Description' = %q This module exploits a directory traversal flaw found in...

HTTP Blind XPATH 1.0 Injector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Blind XPATH 1.0 Injector', 'Description' = %q This module exploits blind XPATH 1.0 injections over HTTP GET requests. , 'Author' = 'et at...

WordPress DukaPress Plugin File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress DukaPress Plugin File Read Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability in WordPress...

Meteocontrol WEBlog Password Extractor

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Meteocontrol WEBlog Password Extractor', 'Description' = % This module exploits an authentication bypass vulnerability in Meteocontrol WEBLog...

ManageEngine ServiceDesk Plus Path Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine ServiceDesk Plus Path Traversal", 'Description' = %q This module exploits an unauthenticated path traversal vulnerability found in...

RIPS Scanner Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RIPS Scanner Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability in the RIPS Scanner v0.54, allowin...

Accellion FTA Statecode Cookie Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Accellion FTA 'statecode' Cookie Arbitrary File Read", 'Description' = %q This module exploits a file disclosure vulnerability in the Accellion...

BisonWare BisonFTP Server 3.5 Directory Traversal Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BisonWare BisonFTP Server 3.5 Directory Traversal Information Disclosure', 'Description' = %q This module exploits a directory traversal...

Bitweaver Overlay_type Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitweaver overlaytype Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Bitweaver. When...

Outlook Web App (OWA) Brute Force Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Outlook Web App OWA Brute Force Utility', 'Description' = %q This module tests credentials on OWA 2003, 2007, 2010, 2013, and 2016 servers. ,...

Netgear SPH200D Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear SPH200D Directory Traversal Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability which is present ...

SMB Group Policy Preference Saved Passwords Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMB Group Policy Preference Saved Passwords Enumeration', 'Description' = %Q This module enumerates files from target domain controllers and...

Jupyter Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/jupyter' class MetasploitModule 'Jupyter Login Utility', 'Description' = %...

EasyCafe Server Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EasyCafe Server Remote File Access', 'Description' = %q This module exploits a file retrieval vulnerability in EasyCafe Server. The vulnerability...

VICIdial Multiple Authenticated SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VICIdial Multiple Authenticated SQLi', 'Description' = %q This module exploits several authenticated SQL Inject vulnerabilities in VICIdial...

Oracle ILO Manager Login Brute Force Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle ILO Manager Login Brute Force Utility', 'Description' = % This module scans for Oracle Integrated Lights Out Manager ILO login portal, and...

MySQL Authentication Bypass Password Dump

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/mysql/client' class MetasploitModule 'MySQL Authentication Bypass Password Dump', 'Description' = %Q This module exploits a password bypass...

DnaLIMS Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DnaLIMS Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the...

Supermicro Onboard IPMI Url_redirect.cgi Authenticated Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Supermicro Onboard IPMI urlredirect.cgi Authenticated Directory Traversal', 'Description' = %q This module abuses a directory...

SSH Username Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SSH Username Enumeration', 'Description' = %q This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The...

WordPress Easy WP SMTP Password Reset

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Easy WP SMTP Password Reset', 'Description' = %q Wordpress plugin Easy WP SMTP versions 'h00die', msf module this was an 0day , 'Licens...