50653 matches found
SMTP User Enumeration Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMTP User Enumeration Utility', 'Description' = %q The SMTP service has two internal commands that allow the enumeration of users: VRFY confirmin...
MS09-020 IIS6 WebDAV Unicode Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS09-020 IIS6 WebDAV Unicode Authentication Bypass', 'Description' = %q This module attempts to to bypass authentication using the WebDAV IIS6...
WANGKONGBAO CNS-1000 And 1100 UTM Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WANGKONGBAO CNS-1000 and 1100 UTM Directory Traversal', 'Description' = %q This module exploits the WANGKONGBAO CNS-1000 and 1100 UTM appliances...
Titan FTP XCRC Directory Traversal Information Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Titan FTP XCRC Directory Traversal Information Disclosure', 'Description' = %q This module exploits a directory traversal vulnerability in the XC...
VICIdial Multiple Authenticated SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VICIdial Multiple Authenticated SQLi', 'Description' = %q This module exploits several authenticated SQL Inject vulnerabilities in VICIdial...
Cambium EPMP 1000 Ping Password Hash Extractor
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP 1000 'ping' Password Hash Extractor up to v2.5", 'Description' = % This module exploits an OS Command Injection vulnerability in...
Outlook Web App (OWA) Brute Force Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Outlook Web App OWA Brute Force Utility', 'Description' = %q This module tests credentials on OWA 2003, 2007, 2010, 2013, and 2016 servers. ,...
SMB Group Policy Preference Saved Passwords Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMB Group Policy Preference Saved Passwords Enumeration', 'Description' = %Q This module enumerates files from target domain controllers and...
Accellion FTA Statecode Cookie Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Accellion FTA 'statecode' Cookie Arbitrary File Read", 'Description' = %q This module exploits a file disclosure vulnerability in the Accellion...
SAP CTC Service Verb Tampering User Management
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
OpenMind Message-OS Portal Login Brute Force Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMind Message-OS Portal Login Brute Force Utility', 'Description' = % This module scans for OpenMind Message-OS provisioning web login portal,...
MySQL Authentication Bypass Password Dump
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/mysql/client' class MetasploitModule 'MySQL Authentication Bypass Password Dump', 'Description' = %Q This module exploits a password bypass...
Supermicro Onboard IPMI Url_redirect.cgi Authenticated Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Supermicro Onboard IPMI urlredirect.cgi Authenticated Directory Traversal', 'Description' = %q This module abuses a directory...
ManageEngine SecurityManager Plus 5.5 Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine SecurityManager Plus 5.5 Directory Traversal', 'Description' = %q This module exploits a directory traversal flaw found in...
Netgear SPH200D Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear SPH200D Directory Traversal Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability which is present ...
HTTP Git Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Git Scanner', 'Description' = %q This module can detect situations where there may be information disclosure vulnerabilities that occur when...
PocketPAD Login Bruteforce Force Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PocketPAD Login Bruteforce Force Utility', 'Description' = % This module scans for PocketPAD login portal, and performs a login bruteforce attack...
HTTP Virtual Host Brute Force Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework May I reuse some methods? require 'cgi' class MetasploitModule 'HTTP Virtual Host Brute Force Scanner', 'Description' = %q This module tries to identify unique virtual...
SSH Username Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SSH Username Enumeration', 'Description' = %q This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The...
HP Web JetAdmin 6.5 Server Arbitrary Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Web JetAdmin 6.5 Server Arbitrary Command Execution', 'Description' = %q This module abuses a command execution vulnerability within the web...
Microsoft Plug and Play Service Registry Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Plug and Play Service Registry Overflow', 'Description' = %q This module triggers a stack buffer overflow in the Windows Plug and Play...
D-Link DSL 320B Password Extractor
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link DSL 320B Password Extractor', 'Description' = %q This module exploits an authentication bypass vulnerability in D-Link DSL 320B 'EDB',...
IBM Notes encodeURI Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "IBM Notes encodeURI DOS", 'Description' = %q This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If...
XBMC Web Server Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "XBMC Web Server Directory Traversal", 'Description' = %q This module exploits a directory traversal bug in XBMC 11, up until the 2012-11-04 night...
WinFTP 2.3.0 NLST Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WinFTP 2.3.0 NLST Denial of Service', 'Description' = %q This module is a very rough port of Julien Bedard's PoC. You need a valid login, but eve...
3Com SuperStack Switch Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule '3Com SuperStack Switch Denial of Service', 'Description' = %q This module causes a temporary denial of service condition against 3Com SuperStack...
NTP Mode 7 PEER_LIST_SUM Denial Of Service Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Mode 7 PEERLISTSUM DoS Scanner', 'Description' = %q This module identifies NTP servers which permit "PEERLISTSUM" queries and return response...
Oracle DB SQL Injection Via SYS.LT.ROLLBACKWORKSPACE
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.LT.ROLLBACKWORKSPACE', 'Description' = %q This module exploits a sql injection flaw in the ROLLBACKWORKSPACE...
Android Stock Browser Iframe Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Android Stock Browser Iframe DOS", 'Description' = %q This module exploits a vulnerability in the native browser that comes with Android 4.0.3. I...
Kaillera 0.86 Server Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaillera 0.86 Server Denial of Service' , 'Description' = %q The Kaillera 0.86 server can be shut down by sending any malformed packet after the...
Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service DoS Exploit', 'Description' = %q This module allows remote attackers to cause a denial ...
Arris DG950A Cable Modem Wifi Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Arris DG950A Cable Modem Wifi Enumeration', 'Description' = %q This module will extract WEP keys and WPA preshared keys from Arris DG950A cable...
GitLab Tags RSS Feed Email Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab Tags RSS feed email disclosure', 'Description' = %q An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prio...
ISC DHCP Zero Length ClientID Denial of Service Module
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ISC DHCP Zero Length ClientID Denial of Service Module', 'Description' = %q This module performs a Denial of Service Attack against the ISC DHCP...
WordPress Ultimate CSV Importer User Table Extract
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'csv' class MetasploitModule 'WordPress Ultimate CSV Importer User Table Extract', 'Description' = %q Due to lack of verification of a visitor's permissions, it ...
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Piwigo CVE-2023-26876 Gather Credentials via SQL Injection ', 'Description' = %q This module allows an authenticated user to retrieve the usernam...
iOS Safari Denial of Service with CSS
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "iOS Safari Denial of Service with CSS", 'Description' = %q This module exploits a vulnerability in WebKit on Apple iOS. If successful, the device...
ua-parser-js npm module ReDenial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ua-parser-js npm module ReDoS', 'Description' = %q This module exploits a Regular Expression Denial of Service vulnerability in the npm module...
Oracle DB SQL Injection Via SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.DBMSCDCIPUBLISH.ALTERHOTLOGINTERNALCSOURCE', 'Description' = %q The module exploits an sql injection flaw in the...
ManageEngine DataSecurity Plus Xnode Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine DataSecurity Plus Xnode Enumeration', 'Description' = %q This module exploits default admin credentials for the DataEngine Xnode...
Cross Platform Webkit File Dropper
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cross Platform Webkit File Dropper', 'Description' = %q This module exploits a XSLT vulnerability in Webkit to drop ASCII or UTF-8 files to the...
Cisco IOX XE Unauthenticated OS Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE unauthenticated OS command execution', 'Description' = %q This module leverages both CVE-2023-20198 and CVE-2023-20273 against...
Cambium CnPilot R200/r201 SNMP Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cambium cnPilot r200/r201 SNMP Enumeration', 'Description' = % Cambium cnPilot r200/r201 devices can be administered using SNMP. The device...
MS06-019 Exchange MODPROP Heap Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS06-019 Exchange MODPROP Heap Overflow', 'Description' = %q This module triggers a heap overflow vulnerability in MS Exchange that occurs when...
WordPress All-in-One Migration Export
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress All-in-One Migration Export', 'Description' = %q This module allows you to export Wordpress data such as the database, plugins, themes,...
General Electric D20ME TFTP Server Buffer Overflow / Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework The General Electric D20 and possibly other devices have numerous buffer overruns in their TFTP servers and probably other servers. There are many buffer overruns like i...
Microsoft Windows Browser Pool Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows Browser Pool DoS', 'Description' = %q This module exploits a denial of service flaw in the Microsoft Windows SMB service on...
VMware vCenter Server vmdir Information Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server vmdir Information Disclosure', 'Description' = %q This module uses an anonymous-bind LDAP connection to dump data from the...
Android Content Provider File Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Content Provider File Disclosure', 'Description' = %q This module exploits a cross-domain issue within the Android web browser to...
PhoenixContact PLC Remote START/STOP Command
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PhoenixContact PLC Remote START/STOP Command', 'Version' = '1', 'Description' = %q PhoenixContact Programmable Logic Controllers are built upon a...