50738 matches found
Gallery WD For Joomla! Unauthenticated SQL Injection Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Gallery WD for Joomla! Unauthenticated SQL Injection Scanner', 'Description' = %q This module will scan for Joomla! instances...
ES File Explorer Open Port
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ES File Explorer Open Port', 'Description' = %q This module connects to ES File Explorer's HTTP server to run certain commands. The HTTP server i...
Oracle Demantra Database Credentials Leak
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Demantra Database Credentials Leak', 'Description' = %q This module exploits a database credentials leak found in Oracle Demantra 12.2.1 i...
IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval', 'Description' = %q| This module identifies IPMI 2.0-compatible systems and attempts to retrie...
Microsoft IIS Shortname Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft IIS shortname vulnerability scanner', 'Description' = %q The vulnerability is caused by a tilde character "" in a GET or OPTIONS reques...
ClanSphere 2011.3 Local File Inclusion
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ClanSphere 2011.3 Local File Inclusion Vulnerability', 'Description' = %q This module exploits a directory traversal flaw found in Clansphere...
LiteSpeed Source Code Disclosure/Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LiteSpeed Source Code Disclosure/Download', 'Description' = %q This module exploits a source code disclosure/download vulnerability in versions...
Binom3 Web Management Login Scanner, Config And Password File Dump
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Binom3 Web Management Login Scanner, Config and Password File Dump', 'Description' = % This module scans for Binom3 Multifunctional Revenue Energ...
Zabbix Server Brute Force Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/zabbix' require 'metasploit/framework/credentialcollection' class MetasploitModule 'Zabbix Server Brute Force Utility',...
DnaLIMS Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DnaLIMS Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the...
Total.js Prior To 3.2.4 Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Check and exploit Total.js Directory Traversal CVE-2019-8903 class MetasploitModule 'Total.js prior to 3.2.4 Directory Traversal', 'Description' = %q This module check a...
Adobe XML External Entity Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe XML External Entity Injection', 'Description' = %q Multiple Adobe Products -- XML External Entity Injection. Affected Software: BlazeDS 3.2...
Cambium EPMP 1000 Ping Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP 1000 'ping' Command Injection up to v2.5", 'Description' = % This module exploits an OS Command Injection vulnerability in Cambium...
SMTP Open Relay Detection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMTP Open Relay Detection', 'Description' = %q This module tests if an SMTP server will accept via a code 250 an e-mail by using a variation of...
Symantec Messaging Gateway 10 Exposure Of Stored AD Password
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest' require "openssl" class MetasploitModule 'Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability', 'Description' = %q This module wi...
Wordpress BulletProof Security Backup Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Wordpress BulletProof Security Backup Disclosure', 'Description' = %q The Wordpress plugin BulletProof Security, versions 'Ron...
Oracle Demantra Arbitrary File Retrieval With Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Demantra Arbitrary File Retrieval with Authentication Bypass', 'Description' = %q This module exploits a file download vulnerability found...
IPMI 2.0 Cipher Zero Authentication Bypass Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPMI 2.0 Cipher Zero Authentication Bypass Scanner', 'Description' = %q| This module identifies IPMI 2.0-compatible systems that are vulnerable t...
SAP CTC Service Verb Tampering User Management
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
Bitweaver Overlay_type Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitweaver overlaytype Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Bitweaver. When...
Jira Users Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jira Users Enumeration', 'Description' = %q This module exploits an information disclosure vulnerability that allows an unauthenticated user to...
Microsoft Azure Active Directory Login Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Azure Active Directory Login Enumeration', 'Description' = %q This module enumerates valid usernames and passwords against a Microsoft...
Microsoft IIS HTTP Internal IP Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft IIS HTTP Internal IP Disclosure', 'Description' = %q Collect any leaked internal IPs by requesting commonly redirected locations from...
Outlook Web App (OWA) Brute Force Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Outlook Web App OWA Brute Force Utility', 'Description' = %q This module tests credentials on OWA 2003, 2007, 2010, 2013, and 2016 servers. ,...
SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXEC Function Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
Syncovery For Linux Web-GUI Session Token Brute-Forcer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'date' require 'json' require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/syncoveryfilesyncbackup'...
Cambium EPMP 1000 Login Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cambium ePMP 1000 Login Scanner', 'Description' = % This module scans for Cambium ePMP 1000 management login portals, and attempts to identify...
SMTP User Enumeration Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMTP User Enumeration Utility', 'Description' = %q The SMTP service has two internal commands that allow the enumeration of users: VRFY confirmin...
Ray Sharp DVR Password Retriever
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray Sharp DVR Password Retriever', 'Description' = %q This module takes advantage of a protocol design issue with the Ray Sharp based DVR systems...
D-Link User-Agent Backdoor Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link User-Agent Backdoor Scanner', 'Description' = %q This module attempts to find D-Link devices running Alphanetworks web interfaces affected...
Citrix ADC (NetScaler) Directory Traversal Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC NetScaler Directory Traversal Scanner', 'Description' = % This module exploits a directory traversal vulnerability CVE-2019-19781 with...
WordPress Mobile Edition File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Mobile Edition File Read Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability in WordPress Plugi...
Icingaweb Directory Traversal In Static Library File Requests
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Icingaweb Directory Traversal in Static Library File Requests', 'Description' = %q Icingaweb versions from 2.9.0 to 2.9.5 inclusive, and 2.8.0 to...
Wordpress XML-RPC System.multicall Credential Collector
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/wordpressmulticall' class MetasploitModule 'Wordpress XML-RPC...
ColoradoFTP Server 1.3 Build 8 Directory Traversal Information Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ColoradoFTP Server 1.3 Build 8 Directory Traversal Information Disclosure', 'Description' = %q This module exploits a directory traversal...
SAP BusinessObjects Web User Bruteforcer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP BusinessObjects Web User Bruteforcer', 'Description' = 'This module simply attempts to bruteforce SAP BusinessObjects users by using CmcApp.'...
Embedthis GoAhead Embedded Web Server Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Embedthis GoAhead Embedded Web Server Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability in the...
MySQL Authentication Bypass Password Dump
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/mysql/client' class MetasploitModule 'MySQL Authentication Bypass Password Dump', 'Description' = %Q This module exploits a password bypass...
Novell ZENworks Asset Management 7.5 Remote File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell ZENworks Asset Management 7.5 Remote File Access', 'Description' = %q This module exploits a hardcoded user and password for the GetFile...
Canon IR-Adv Password Extractor
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Canon IR-Adv Password Extractor', 'Description' = %q This module will extract the passwords from address books on various Canon IR-Adv mfp device...
Rosewill RXS-3211 IP Camera Password Retriever
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rosewill RXS-3211 IP Camera Password Retriever', 'Description' = %q This module takes advantage of a protocol design issue with the Rosewill admi...
Cisco Device HTTP Device Manager Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Device HTTP Device Manager Access', 'Description' = %q This module gathers data from a Cisco device router or switch with the device manage...
HP SiteScope SOAP Call GetFileInternal Remote File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP SiteScope SOAP Call getFileInternal Remote File Access', 'Description' = %q This module exploits an authentication bypass vulnerability in HP...
Sentry Switched CDU Bruteforce Login Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sentry Switched CDU Bruteforce Login Utility', 'Description' = % This module scans for ServerTech's Sentry Switched CDU Cabinet Power Distributio...
Dolibarr ERP/CRM Login Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dolibarr ERP/CRM Login Utility', 'Description' = %q This module attempts to authenticate to a Dolibarr ERP/CRM's admin web interface, and should...
EtherPAD Duo Login Bruteforce Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EtherPAD Duo Login Bruteforce Utility', 'Description' = % This module scans for EtherPAD Duo login portal, and performs a login bruteforce attack...
WANGKONGBAO CNS-1000 And 1100 UTM Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WANGKONGBAO CNS-1000 and 1100 UTM Directory Traversal', 'Description' = %q This module exploits the WANGKONGBAO CNS-1000 and 1100 UTM appliances...
Titan FTP Administrative Password Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Titan FTP Administrative Password Disclosure', 'Description' = %q On Titan FTP servers prior to version 9.14.1628, an...
ThinVNC Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ThinVNC Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability in ThinVNC versions 1.0b1 and prior whi...
Symantec Messaging Gateway 9.5 Log File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Symantec Messaging Gateway 9.5 Log File Download Vulnerability', 'Description' = %q This module will download a file of your choice against...