HTTP Client Automatic Exploiter

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework ideas: - add a loading page option so the user can specify arbitrary html to insert all of the evil js and iframes into - caching is busted when different browsers come...

LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'rex/zip' class MetasploitModule 'LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator', 'Description' = 'Generates a Maliciou...

WordPress WPLMS Theme Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress WPLMS Theme Privilege Escalation', 'Description' = %q The WordPress WPLMS theme from version 1.5.2 to 1.8.4.1 allows an authenticated...

NTP.org ntpd Reserved Mode Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP.org ntpd Reserved Mode Denial of Service', 'Description' = %q This module exploits a denial of service vulnerability within the NTP network...

DoliWamp jqueryFileTree.php Traversal Gather Credentials

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials", 'Description' = %q This module will extract user credentials from DoliWamp - a WAMP...

Wordpress BookingPress bookingpress_front_get_category_services SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress BookingPress bookingpressfrontgetcategoryservices SQLi', 'Description' = %q The BookingPress WordPress plugin before 1.0.11 fails to...

ManageEngine Multiple Products Arbitrary File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Multiple Products Arbitrary File Download', 'Description' = %q This module exploits an arbitrary file download vulnerability in the...

Atlassian Confluence Data Center And Server Authentication Bypass Via Broken Access Control

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control', 'Description' = %q This module exploits a broken...

CrushFTP Unauthenticated Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CrushFTP Unauthenticated Arbitrary File Read', 'Description' = %q This module leverages an unauthenticated server-side template injection...

Kaseya VSA Master Administrator Account Creation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaseya VSA Master Administrator Account Creation', 'Description' = %q This module abuses the setAccount page on Kaseya VSA between 7 and 9.1 to...

TeamViewer Unquoted URI Handler SMB Redirect

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TeamViewer Unquoted URI Handler SMB Redirect', 'Description' = %q This module exploits an unquoted parameter call within the Teamviewer URI handl...

Citrix MetaFrame ICA Published Applications Bruteforcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix MetaFrame ICA Published Applications Bruteforcer', 'Description' = %q This module attempts to brute force program names within the Citrix...

Microsoft Vista SP0 SMB Negotiate Protocol Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Vista SP0 SMB Negotiate Protocol DoS', 'Description' = %q This module exploits a flaw in Windows Vista that allows a remote...

Webmin Edit_html.cgi File Parameter Traversal Arbitrary File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin edithtml.cgi file Parameter Traversal Arbitrary File Access', 'Description' = %q This module exploits a directory traversal in Webmin 1.58...

MantisBT Admin SQL Injection Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MantisBT Admin SQL Injection Arbitrary File Read", 'Description' = %q Versions 1.2.13 through 1.2.16 are vulnerable to a SQL injection attack if ...

Viproy CUCDM IP Phone XML Services Speed Dial Attack Tool

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Viproy CUCDM IP Phone XML Services - Speed Dial Attack Tool', 'Description' = %q The BVSMWeb portal in the web framework...

WordPress Google Maps Plugin SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Google Maps Plugin SQL Injection', 'Description' = %q This module exploits a SQL injection vulnerability in a REST endpoint registered ...

GitStack Unauthenticated REST API Requests

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitStack Unauthenticated REST API Requests', 'Description' = %q This modules exploits unauthenticated REST API requests in GitStack through...

SSL Labs API Client

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'activesupport/inflector' require 'json' require 'activesupport/coreext/hash' class MetasploitModule uri, 'agent' = useragent, 'method' = 'GET', 'varsget' = para...

ua-parser-js npm module ReDenial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ua-parser-js npm module ReDoS', 'Description' = %q This module exploits a Regular Expression Denial of Service vulnerability in the npm module...

iOS Safari Denial of Service with CSS

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "iOS Safari Denial of Service with CSS", 'Description' = %q This module exploits a vulnerability in WebKit on Apple iOS. If successful, the device...

TeamTalk Gather Credentials

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TeamTalk Gather Credentials', 'Description' = %q This module retrieves user credentials from BearWare TeamTalk. Valid administrator credentials a...

VxWorks WDB Agent Remote Reboot

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VxWorks WDB Agent Remote Reboot', 'Description' = %q This module provides the ability to reboot a VxWorks target through WDBRPC , 'Author' = 'hdm...

Tautulli 2.1.9 Shutdown Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tautulli v2.1.9 - Shutdown Denial of Service', 'Description' = 'Tautulli versions 2.1.9 and prior are vulnerable to denial of service via the...

Cisco IOS HTTP GET /%% Request Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOS HTTP GET /%% Request Denial of Service', 'Description' = %q This module triggers a Denial of Service condition in the Cisco IOS HTTP...

Lantronix Telnet Password Recovery

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lantronix Telnet Password Recovery', 'Description' = %q This module retrieves the setup record from Lantronix serial-to-ethernet devices via the...

Solar FTP Server Malformed USER Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Solar FTP Server Malformed USER Denial of Service', 'Description' = %q This module will send a format string as USER to Solar FTP, causing a READ...

Microsoft SQL Server SQL Injection Escalate Execute AS

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi Escalate Execute AS', 'Description' = %q This module can be used escalate privileges if the IMPERSONATION privilege has...

Indusoft WebStudio NTWebServer Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Indusoft WebStudio NTWebServer Remote File Access', 'Description' = %q This module exploits a directory traversal vulnerability in Indusoft...

Wordpress XMLRPC Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress XMLRPC DoS', 'Description' = %q Wordpress XMLRPC parsing is vulnerable to a XML based denial of service. This vulnerability affects...

Linksys E1500/E2500 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys E1500/E2500 Remote Command Execution', 'Description' = %q Some Linksys Routers are vulnerable to an authenticated OS command injection...

Chromecast Factory Reset Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chromecast Factory Reset DoS', 'Description' = %q This module performs a factory reset on a Chromecast, causing a denial of service DoS. No user...

Oracle TNS Listener SID Bruteforce

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle TNS Listener SID Bruteforce', 'Description' = %q This module queries the TNS listener for a valid Oracle database instance name also known...

Oracle DB SQL Injection Via SYS.LT.COMPRESSWORKSPACE

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.LT.COMPRESSWORKSPACE', 'Description' = %q This module exploits an sql injection flaw in the COMPRESSWORKSPACE...

VxWorks WDB Agent Remote Memory Dump

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VxWorks WDB Agent Remote Memory Dump', 'Description' = %q This module provides the ability to dump the system memory of a VxWorks target through...

TCP SYN Flooder

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TCP SYN Flooder', 'Description' = 'A simple TCP SYN flooder', 'Author' = 'kris katterjohn', 'License' = MSFLICENSE registeroptions Opt::RPORT80,...

Android Open Source Platform (AOSP) Browser UXSS

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Open Source Platform AOSP Browser UXSS', 'Description' = %q This module exploits a Universal Cross-Site Scripting UXSS vulnerability...

ScadaBR Credentials Dumper

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ScadaBR Credentials Dumper', 'Description' = %q This module retrieves credentials from ScadaBR, including service credentials and unsalted SHA1...

Samba read_nttrans_ea_list Integer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/struct2' class MetasploitModule 'Samba readnttransealist Integer Overflow', 'Description' = %q Integer overflow in the readnttransealist function in nttrans...

Oracle DB SQL Injection Via SYS.DBMS_METADATA.GET_GRANTED_XML

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.DBMSMETADATA.GETGRANTEDXML', 'Description' = %q This module will escalate an Oracle DB user to DBA by exploiting ...

TYPO3 Sa-2009-001 Weak Encryption Key File Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TYPO3 sa-2009-001 Weak Encryption Key File Disclosure', 'Description' = %q This module exploits a flaw in TYPO3 encryption ey creation process to...

Sielco Sistemi Winlog Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sielco Sistemi Winlog Remote File Access', 'Description' = %q This module exploits a directory traversal in Sielco Sistemi Winlog. The...

Apple Airport Extreme Password Extraction (WDBRPC)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apple Airport Extreme Password Extraction WDBRPC', 'Description' = %q This module can be used to read the stored password of a vulnerable Apple...

Archer C7 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Archer C7 Directory Traversal Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability in the PATHINFO found a...

Cisco IOS SNMP File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOS SNMP File Upload TFTP', 'Description' = %q This module will copy file to a Cisco IOS device using SNMP and TFTP. The action...

Xerox WorkCentre User Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xerox WorkCentre User Enumeration SNMP', 'Description' = %q This module will do user enumeration based on the Xerox WorkCentre present on the...

Microsoft Windows SRV.SYS SrvSmbQueryFsInformation Pool Overflow Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows SRV.SYS SrvSmbQueryFsInformation Pool Overflow DoS', 'Description' = %q This module exploits a denial of service flaw in the...

MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection", 'Description' = %q This module exploits a universal cross-site...

Microsoft SQL Server SUSER_SNAME Windows Domain Account Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SUSERSNAME Windows Domain Account Enumeration', 'Description' = %q This module can be used to bruteforce RIDs associated wit...

CVE-2019-0708 BlueKeep Microsoft Remote Desktop Remote Code Execution Check

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2019-0708 BlueKeep Microsoft Remote Desktop RCE Check', 'Description' = %q This module checks a range of hosts for the CVE-2019-0708...