50738 matches found
Apache 2.4.49/2.4.50 Traversal Remote Code Execution Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache 2.4.49/2.4.50 Traversal RCE scanner', 'Description' = %q This module scans for an unauthenticated RCE vulnerability which exists in Apache...
Abandoned Cart For WooCommerce SQL Injection Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Abandoned Cart for WooCommerce SQLi Scanner', 'Description' = %q Abandoned Cart, a plugin for WordPress which extends the WooCommerce plugin, pri...
SAP CTC Service Verb Tampering User Management
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache modcgi Bash Environment Variable Injection Shellshock Scanner', 'Description' = %q This module scans for the Shellshock vulnerability, a...
IBM Lotus Notes Sametime Room Name Bruteforce
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'enumerable' class MetasploitModule 'IBM Lotus Notes Sametime Room Name Bruteforce', 'Description' = %q This module bruteforces Sametime meeting room names via t...
CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure', 'Description' = %q This module sends a query to the port 264/TCP on...
Apache Commons FileUpload and Apache Tomcat Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Commons FileUpload and Apache Tomcat DoS', 'Description' = %q This module triggers an infinite loop in Apache Commons FileUpload 1.0 throu...
Microsoft Windows Deployment Services Unattend Gatherer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows Deployment Services Unattend Gatherer', 'Description' = %q This module will search remote file shares for unattended installati...
Sielco Sistemi Winlog Remote File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sielco Sistemi Winlog Remote File Access', 'Description' = %q This module exploits a directory traversal in Sielco Sistemi Winlog. The...
Archer C7 Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Archer C7 Directory Traversal Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability in the PATHINFO found a...
Oracle DB SQL Injection Via SYS.DBMS_METADATA.GET_GRANTED_XML
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.DBMSMETADATA.GETGRANTEDXML', 'Description' = %q This module will escalate an Oracle DB user to DBA by exploiting ...
SNMP Windows Username Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SNMP Windows Username Enumeration', 'Description' = ' This module will use LanManager/psProcessUsername OID values to enumerate local user accoun...
XM Easy Personal FTP Server 5.7.0 NLST Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'XM Easy Personal FTP Server 5.7.0 NLST DoS', 'Description' = %q You need a valid login to DoS this FTP server, but even anonymous can do it as lo...
Android Browser Open in New Tab Cookie Theft
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Browser "Open in New Tab" Cookie Theft', 'Description' = %q In Android's stock AOSP Browser application and WebView component, the "open ...
Novell EDirectory EMBox Unauthenticated File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell eDirectory eMBox Unauthenticated File Access', 'Description' = %q This module will access Novell eDirectory's eMBox service and can run th...
ws Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ws - Denial of Service', 'Description' = %q This module exploits a Denial of Service vulnerability in npm module "ws". By sending a specially...
Apple Filing Protocol Info Enumerator
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apple Filing Protocol Info Enumerator', 'Description' = %q This module fetches AFP server information, including server name, network address,...
Fake DNS Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'resolv' class MetasploitModule 'Fake DNS Service', 'Description' = %q This module provides a DNS service that redirects all queries to a particular address. ,...
HTTP Client Automatic Exploiter 2 (Browser Autopwn)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "HTTP Client Automatic Exploiter 2 Browser Autopwn", 'Description' = %q This module will automatically serve browser exploits. Here are the option...
IBM DB2 Db2rcmd.exe Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM DB2 db2rcmd.exe Command Execution Vulnerability', 'Description' = %q This module exploits a vulnerability in the Remote Command Server...
WordPress Traversal Directory Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Traversal Directory DoS', 'Description' = %q Cross-site request forgery CSRF vulnerability in the wpajaxupdateplugin function in...
SAP MaxDB Cons.exe Remote Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP MaxDB cons.exe Remote Command Injection', 'Description' = %q SAP MaxDB is prone to a remote command-injection vulnerability because the...
Webmin Edit_html.cgi File Parameter Traversal Arbitrary File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin edithtml.cgi file Parameter Traversal Arbitrary File Access', 'Description' = %q This module exploits a directory traversal in Webmin 1.58...
WPAD.dat File Server
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WPAD.dat File Server', 'Description' = %q This module generates a valid wpad.dat file for WPAD mitm attacks. Usually this module is used in...
Mutiny 5 Arbitrary File Read And Delete
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mutiny 5 Arbitrary File Read and Delete', 'Description' = %q This module exploits the EditDocument servlet from the frontend on the Mutiny 5...
Solar FTP Server Malformed USER Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Solar FTP Server Malformed USER Denial of Service', 'Description' = %q This module will send a format string as USER to Solar FTP, causing a READ...
ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection', 'Description' = %q ManageEngine Password Manager Pro PMP has an...
D-Link I2eye Video Conference AutoAnswer (WDBRPC)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link i2eye Video Conference AutoAnswer WDBRPC', 'Description' = %q This module can be used to enable auto-answer mode for the D-Link i2eye vide...
Samsung Internet Browser SOP Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samsung Internet Browser SOP Bypass', 'Description' = %q This module takes advantage of a Same-Origin Policy SOP bypass vulnerability in the...
Microsoft SQL Server SQL Injection SUSER_SNAME Windows Domain Account Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi SUSERSNAME Windows Domain Account Enumeration', 'Description' = %q This module can be used to bruteforce RIDs associate...
Android Mercury Browser Intent URI Scheme And Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Mercury Browser Intent URI Scheme and Directory Traversal Vulnerability', 'Description' = %q This module exploits an unsafe intent URI...
Plixer Scrutinizer NetFlow And SFlow Analyzer HTTP Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Plixer Scrutinizer NetFlow and sFlow Analyzer HTTP Authentication Bypass', 'Description' = %q This will add an administrative account to...
Java RMI Registry Interfaces Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/java/serialization' class MetasploitModule 'Java RMI Registry Interfaces Enumeration', 'Description' = %q This module gathers information from an RMI endpoi...
IBM Lotus Notes Sametime User Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'enumerable' class MetasploitModule 'IBM Lotus Notes Sametime User Enumeration', 'Description' = %q This module extracts usernames using the IBM Lotus Notes...
FileZilla FTP Server Admin Interface Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FileZilla FTP Server Admin Interface Denial of Service', 'Description' = %q This module triggers a Denial of Service condition in the FileZilla F...
Android Open Source Platform (AOSP) Browser UXSS
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Open Source Platform AOSP Browser UXSS', 'Description' = %q This module exploits a Universal Cross-Site Scripting UXSS vulnerability...
Cisco DCNM Auth Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'securerandom' require 'base64' class MetasploitModule 'Cisco DCNM auth bypass', 'Description' = %q This exploit is able to add an admin account to a Cisco DCNM...
SolarWinds Serv-U Unauthenticated Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SolarWinds Serv-U Unauthenticated Arbitrary File Read', 'Description' = %q This module exploits an unauthenticated file read vulnerability, due t...
Tomcat UTF-8 Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tomcat UTF-8 Directory Traversal Vulnerability', 'Description' = %q This module tests whether a directory traversal vulnerability is present in...
Viproy CUCDM IP Phone XML Services Speed Dial Attack Tool
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Viproy CUCDM IP Phone XML Services - Speed Dial Attack Tool', 'Description' = %q The BVSMWeb portal in the web framework...
Mac OS X Safari .webarchive File Format UXSS
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Mac OS X Safari .webarchive File Format UXSS', 'Description' = %q Generates a .webarchive file for Mac OS X Safari that will attemp...
EMC CTA 10.0 Unauthenticated XXE Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EMC CTA v10.0 Unauthenticated XXE Arbitrary File Read', 'Description' = %q EMC CTA v10.0 is susceptible to an unauthenticated XXE attack that...
Pulse Secure VPN Arbitrary File Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pulse Secure VPN Arbitrary File Disclosure', 'Description' = %q This module exploits a pre-auth directory traversal in the Pulse Secure VPN serve...
Apache mod_isapi Dangling Pointer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache modisapi Dangling Pointer', 'Description' = %q This module triggers a use-after-free vulnerability in the Apache Software Foundation...
Wordpress XMLRPC Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress XMLRPC DoS', 'Description' = %q Wordpress XMLRPC parsing is vulnerable to a XML based denial of service. This vulnerability affects...
MMS Client
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MMS Client', 'Description' = %q This module sends an MMS message to multiple phones of the same carrier. You can use it to send a malicious...
EMC AlphaStor Library Manager Arbitrary Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EMC AlphaStor Library Manager Arbitrary Command Execution', 'Description' = %q EMC AlphaStor Library Manager is prone to a remote command-injecti...
NetBIOS Response Brute Force Spoof
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NetBIOS Response Brute Force Spoof Direct', 'Description' = %q This module continuously spams NetBIOS responses to a target for given hostname,...
Flexense HTTP Server Denial Of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flexense HTTP Server Denial Of Service', 'Description' = %q This module triggers a Denial of Service vulnerability in the Flexense HTTP server...
Brocade Enable Login Check Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/telnet' class MetasploitModule 'Brocade Enable Login Check Scanner',...