50738 matches found
WordPress NextGEN Gallery Directory Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'json' require 'nokogiri' class MetasploitModule 'WordPress NextGEN Gallery Directory Read Vulnerability', 'Description' = %q This module exploits an authenticat...
HP Intelligent Management BIMS DownloadServlet Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management BIMS DownloadServlet Directory Traversal', 'Description' = %q This module exploits a lack of authentication and a...
SurgeNews User Credentials
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SurgeNews User Credentials', 'Description' = %q This module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080...
Novell ZENworks Asset Management 7.5 Configuration Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell ZENworks Asset Management 7.5 Configuration Access', 'Description' = %q This module exploits a hardcoded user and password for the GetConf...
MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner', 'Description' = %q This module is based on et's HTTP Directory Scanner module, with...
Citrix ADC (NetScaler) Bleed Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC NetScaler Bleed Scanner', 'Description' = %q This module scans for a vulnerability that allows a remote, unauthenticated attacker to...
ManageEngine DeviceExpert User Credentials
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine DeviceExpert User Credentials', 'Description' = %q This module extracts usernames and salted MD5 password hashes from ManageEngine...
SAP ICF /sap/public/info Service Sensitive Information Gathering
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
Meteocontrol WEBlog Password Extractor
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Meteocontrol WEBlog Password Extractor', 'Description' = % This module exploits an authentication bypass vulnerability in Meteocontrol WEBLog...
WinRM Command Runner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/winrm/connection' class MetasploitModule 'WinRM Command Runner', 'Description' = %q This module runs arbitrary Windows commands using the WinRM Service ,...
Typo3 Login Bruteforcer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Typo3 Login Bruteforcer', 'Description' = 'This module attempts to bruteforce Typo3 logins.', 'Author' = 'Christian Mehlmauer' , 'License' =...
HTTP Blind XPATH 1.0 Injector
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Blind XPATH 1.0 Injector', 'Description' = %q This module exploits blind XPATH 1.0 injections over HTTP GET requests. , 'Author' = 'et at...
HP SiteScope SOAP Call LoadFileContent Remote File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP SiteScope SOAP Call loadFileContent Remote File Access', 'Description' = %q This module exploits an authentication bypass vulnerability in HP...
Oracle ILO Manager Login Brute Force Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle ILO Manager Login Brute Force Utility', 'Description' = % This module scans for Oracle Integrated Lights Out Manager ILO login portal, and...
WordPress Mobile Pack Information Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Mobile Pack Information Disclosure Vulnerability', 'Description' = %q This module exploits an information disclosure vulnerability in...
Apache Axis2 1.4.1 Local File Inclusion
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Axis2 v1.4.1 Local File Inclusion', 'Description' = %q This module exploits an Apache Axis2 v1.4.1 local file inclusion LFI vulnerability...
SAP /sap/bc/soap/rfc SOAP Service RFC_SYSTEM_INFO Function Sensitive Information Gathering
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
A10 Networks AX Loadbalancer Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'A10 Networks AX Loadbalancer Directory Traversal', 'Description' = %q This module exploits a directory traversal flaw found in A10 Networks Soft ...
Yaws Web Server Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Yaws Web Server Directory Traversal", 'Description' = %q This module exploits a directory traversal bug in Yaws v1.9.1 or less. The module can on...
MS09-020 IIS6 WebDAV Unicode Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS09-020 IIS6 WebDAV Unicode Authentication Bypass', 'Description' = %q This module attempts to to bypass authentication using the WebDAV IIS6...
SAP /sap/bc/soap/rfc SOAP Service TH_SAPREL Function Information Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
Apache ActiveMQ JSP Files Source Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache ActiveMQ JSP Files Source Disclosure', 'Description' = %q This module exploits a source code disclosure in Apache ActiveMQ. The...
SevOne Network Performance Management Application Brute Force Login Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SevOne Network Performance Management Application Brute Force Login Utility', 'Description' = % This module scans for SevOne Network Performance...
Jenkins-CI Unauthenticated Script-Console Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'cgi' class MetasploitModule 'Jenkins-CI Unauthenticated Script-Console Scanner', 'Description' = %q This module scans for unauthenticated Jenkins-CI script...
WordPress Contus Video Gallery Unauthenticated SQL Injection Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Contus Video Gallery Unauthenticated SQL Injection Scanner', 'Description' = %q This module attempts to exploit a UNION-based SQL...
FortiMail Unauthenticated Login Bypass Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiMail Unauthenticated Login Bypass Scanner', 'Description' = %q This module attempts to detect instances of FortiMail vulnerable against an...
NFR Agent SRS Record Arbitrary Remote File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NFR Agent SRS Record Arbitrary Remote File Access', 'Description' = %q NFRAgent.exe, a component of Novell File Reporter NFR, allows remote...
Portmapper Amplification Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Portmapper Amplification Scanner', 'Description' = %q This module can be used to discover Portmapper services which can be used in an amplificati...
Allegro Software RomPager Misfortune Cookie (CVE-2014-9222) Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Allegro Software RomPager 'Misfortune Cookie' CVE-2014-9222 Scanner", 'Description' = %q This module scans for HTTP servers that appear to be...
Cambium EPMP 1000 Account Password Reset
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cambium ePMP 1000 Account Password Reset', 'Description' = % This module exploits an access control vulnerability in Cambium ePMP device manageme...
LimeSurvey Zip Path Traversals
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LimeSurvey Zip Path Traversals', 'Description' = %q This module exploits an authenticated path traversal vulnerability found in LimeSurvey versio...
Samba _netr_ServerPasswordSet Uninitialized Credential State
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samba netrServerPasswordSet Uninitialized Credential State', 'Description' = %q This module checks if a Samba target is vulnerable to an...
SAP SOAP RFC EPS_GET_DIRECTORY_LISTING Directories Information Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
ManageEngine ServiceDesk Plus Path Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine ServiceDesk Plus Path Traversal", 'Description' = %q This module exploits an unauthenticated path traversal vulnerability found in...
Riverbed SteelHead VCX File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Riverbed SteelHead VCX File Read', 'Description' = %q This module exploits an authenticated arbitrary file read in the log module's filter engine...
Cisco ASA ASDM Brute-force Login
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco ASA ASDM Brute-force Login', 'Description' = %q This module scans for the Cisco ASA ASDM landing page and performs login brute-force to...
Web-Dorado ECommerce WD For Joomla! Search_category_id SQL Injection Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Web-Dorado ECommerce WD for Joomla! searchcategoryid SQL Injection Scanner', 'Description' = %q This module will scan for hosts...
Zen Load Balancer Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zen Load Balancer Directory Traversal', 'Description' = %q This module exploits a authenticated directory traversal vulnerability in Zen Load...
MS15-034 HTTP Protocol Stack Request Handling HTTP.SYS Memory Information Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS15-034 HTTP Protocol Stack Request Handling HTTP.SYS Memory Information Disclosure', 'Description' = %q This module dumps memory contents using...
X11 No-Auth Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'X11 No-Auth Scanner', 'Description' = %q This module scans for X11 servers that allow anyone to connect without authentication. , 'Author' = 'teb...
Majordomo2 _list_file_get() Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Majordomo2 listfileget Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability present in the listfileg...
Chinese Caidao Backdoor Bruteforce
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/caidao' class MetasploitModule 'Chinese Caidao Backdoor Bruteforce',...
Cambium EPMP 1000 Ping Password Hash Extractor
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP 1000 'ping' Password Hash Extractor up to v2.5", 'Description' = % This module exploits an OS Command Injection vulnerability in...
Wordpress RegistrationMagic Task_ids Authenticated SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress RegistrationMagic taskids Authenticated SQLi', 'Description' = %q RegistrationMagic, a WordPress plugin, prior to 5.0.1.5 is affected b...
BMC TrackIt! Unauthenticated Arbitrary User Password Change
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BMC TrackIt! Unauthenticated Arbitrary User Password Change', 'Description' = %q This module exploits a flaw in the password reset mechanism in B...
Canon Printer Wireless Configuration Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nokogiri' class MetasploitModule 'Canon Printer Wireless Configuration Disclosure', 'Description' = %q This module enumerates wireless credentials from Canon...
EasyCafe Server Remote File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EasyCafe Server Remote File Access', 'Description' = %q This module exploits a file retrieval vulnerability in EasyCafe Server. The vulnerability...
Linksys E1500 Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys E1500 Directory Traversal Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability which is present in...
Cisco Network Access Manager Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Network Access Manager Directory Traversal Vulnerability', 'Description' = %q This module tests whether a directory traversal vulnerability...
BisonWare BisonFTP Server 3.5 Directory Traversal Information Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BisonWare BisonFTP Server 3.5 Directory Traversal Information Disclosure', 'Description' = %q This module exploits a directory traversal...