50738 matches found
NTP NAK To The Future
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP "NAK to the Future"', 'Description' = %q Crypto-NAK packets can be used to cause ntpd to accept time from unauthenticated ephemeral symmetric...
Netgear R7000 Backup.cgi Heap Overflow Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear R7000 backup.cgi Heap Overflow RCE', 'Description' = %q This module exploits a heap buffer overflow in the genie.cgi?backup.cgi page of...
Oracle XML DB SID Discovery Via Brute Force
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle XML DB SID Discovery via Brute Force', 'Description' = %q This module attempts to retrieve the sid from the Oracle XML DB httpd server,...
NTP Mode 7 PEER_LIST_SUM Denial Of Service Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Mode 7 PEERLISTSUM DoS Scanner', 'Description' = %q This module identifies NTP servers which permit "PEERLISTSUM" queries and return response...
NTP Mode 6 REQ_NONCE DRDoS Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Mode 6 REQNONCE DRDoS Scanner', 'Description' = %q This module identifies NTP servers which permit mode 6 REQNONCE requests that can be used ...
UDP Amplification Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UDP Amplification Scanner', 'Description' = 'Detect UDP endpoints with UDP amplification vulnerabilities', 'Author' = 'Jon Hart ', 'License' =...
Limesurvey Unauthenticated File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework for extracting files require 'zip' class MetasploitModule 'Limesurvey Unauthenticated File Download', 'Description' = %q This module exploits an unauthenticated file...
VBulletin Administrator Account Creation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin Administrator Account Creation', 'Description' = %q This module abuses the "install/upgrade.php" component on vBulletin 4.1+ and 4.5+ t...
SysAid Help Desk Administrator Account Creation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SysAid Help Desk Administrator Account Creation', 'Description' = %q This module exploits a vulnerability in SysAid Help Desk that allows an...
Network Shutdown Module sort_values Credential Dumper
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Network Shutdown Module sortvalues Credential Dumper', 'Description' = %q This module will extract user credentials from Network Shutdown Module...
Cerberus Helpdesk User Hash Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cerberus Helpdesk User Hash Disclosure', 'Description' = %q This module extracts usernames and password hashes from the Cerberus Helpdesk through...
BIND TKEY Query Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BIND TKEY Query Denial of Service', 'Description' = %q This module sends a malformed TKEY query, which exploits an error in handling TKEY queries...
CVE-2024-20767 Adobe Coldfusion Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read', 'Description' = %q This module exploits an Improper Access Vulnerability in Adobe...
Telpho10 Backup Credentials Dumper
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Telpho10 Backup Credentials Dumper', 'Description' = %q This module exploits a vulnerability present in all versions of Telpho10 telephone system...
Supra Smart Cloud TV Remote File Inclusion
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Supra Smart Cloud TV Remote File Inclusion', 'Description' = %q This module exploits an unauthenticated remote file inclusion which exists in Sup...
ManageEngine NetFlow Analyzer Arbitrary File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine NetFlow Analyzer Arbitrary File Download', 'Description' = %q This module exploits an arbitrary file download vulnerability in...
GitStack Unauthenticated REST API Requests
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitStack Unauthenticated REST API Requests', 'Description' = %q This modules exploits unauthenticated REST API requests in GitStack through...
Jasmin Ransomware Web Server Unauthenticated SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jasmin Ransomware Web Server Unauthenticated SQL Injection', 'Description' = %q The Jasmin Ransomware web server contains an unauthenticated SQL...
Flash Rosetta JSONP GET/POST Response Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Flash "Rosetta" JSONP GET/POST Response Disclosure', 'Description' = %q A website that serves a JSONP endpoint that accepts a custo...
GitLab Authenticated File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab Authenticated File Read', 'Description' = %q GitLab version 16.0 contains a directory traversal for arbitrary file read as the gitlab-www...
Oracle TNS Listener SID Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle TNS Listener SID Enumeration', 'Description' = %q This module simply queries the TNS listener for the Oracle SID. With Oracle 9.2.0.8 and...
Linksys WRT54GL Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys WRT54GL Remote Command Execution', 'Description' = %q Some Linksys Routers are vulnerable to OS Command injection. You will need...
PacketTrap TFTP Server 2.2.5459.0 Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PacketTrap TFTP Server 2.2.5459.0 DoS', 'Description' = %q The PacketTrap TFTP server version 2.2.5459.0 can be brought down by sending a special...
Citrix MetaFrame ICA Published Applications Bruteforcer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix MetaFrame ICA Published Applications Bruteforcer', 'Description' = %q This module attempts to brute force program names within the Citrix...
Wireshark CAPWAP Dissector Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wireshark CAPWAP Dissector DoS', 'Description' = %q This module injects a malformed UDP packet to crash Wireshark and TShark 1.8.0 to 1.8.7, as...
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module Denial Of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service', 'Description' = %q This module sends a specially crafted pack...
Adobe ColdFusion Unauthenticated Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe ColdFusion Unauthenticated Arbitrary File Read', 'Description' = %q This module exploits a remote unauthenticated deserialization of...
3Com SuperStack Switch Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule '3Com SuperStack Switch Denial of Service', 'Description' = %q This module causes a temporary denial of service condition against 3Com SuperStack...
Rancher Authenticated API Credential Exposure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rancher Authenticated API Credential Exposure', 'Description' = %q An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6...
Android Stock Browser Iframe Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Android Stock Browser Iframe DOS", 'Description' = %q This module exploits a vulnerability in the native browser that comes with Android 4.0.3. I...
NetBIOS Name Service Spoofer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NetBIOS Name Service Spoofer', 'Description' = %q This module forges NetBIOS Name Service NBNS responses. It will listen for NBNS requests sent t...
SAMR Computer Management
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rubysmb/dcerpc/client' class MetasploitModule 'SAMR Computer Management', 'Description' = %q Add, lookup and delete computer / machine accounts via MS-SAMR. By...
Microsoft RRAS InterfaceAdjustVLSPointers NULL Dereference
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft RRAS InterfaceAdjustVLSPointers NULL Dereference', 'Description' = %q This module triggers a NULL dereference in svchost.exe on all...
D-Link Central WiFiManager SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'csv' require 'digest' class MetasploitModule 'D-Link Central WiFiManager SQL injection', 'Description' = %q This module exploits a SQLi vulnerability found in...
MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service', 'Description' = %q This module will check if scanned hosts are vulnerable to...
F5 BIG-IP Backend Cookie Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP Backend Cookie Disclosure', 'Description' = %q This module identifies F5 BIG-IP load balancers and leaks backend information pool name,...
IBM Lotus Sametime Version Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule Release .+?/i , 'api', 'meeting', /^meeting=.$/i , 'api', 'appshare', /^appshare=.$/i , 'api', 'docshare', /^docshare=.$/i , 'api',...
Android Content Provider File Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Content Provider File Disclosure', 'Description' = %q This module exploits a cross-domain issue within the Android web browser to...
Android Browser File Theft
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Browser File Theft', 'Description' = %q This module steals the cookie, password, and autofill databases from the Browser application on...
Microsoft SQL Server NTLM Stealer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server NTLM Stealer', 'Description' = %q This module can be used to help capture or relay the LM/NTLM credentials of the account...
GNU Wget FTP Symlink Arbitrary Filesystem Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GNU Wget FTP Symlink Arbitrary Filesystem Access', 'Description' = %q This module exploits a vulnerability in Wget when used in recursive -r mode...
URGENT/11 Scanner, Based On Detection Tool By Armis
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'URGENT/11 Scanner, Based on Detection Tool by Armis', 'Description' = %q This module detects VxWorks and the IPnet IP stack, along with devices...
ZyXEL GS1510-16 Password Extractor
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZyXEL GS1510-16 Password Extractor', 'Description' = %q This module exploits a vulnerability in ZyXEL GS1510-16 routers to extract the admin...
MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass', 'Description' = %q This module bypasses basic authentication for Internet Informatio...
ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure', 'Description' = %q ManageEngine...
Apple TV Image Remote Control
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apple TV Image Remote Control', 'Description' = %q This module will show an image on an AppleTV device for a period of time. Some AppleTV devices...
HP Data Protector Manager RDS Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Data Protector Manager RDS DOS', 'Description' = %q This module causes a remote DOS on HP Data Protector's RDS service. By sending a malformed...
ManageEngine ADAudit Plus Xnode Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADAudit Plus Xnode Enumeration', 'Description' = %q This module exploits default admin credentials for the DataEngine Xnode server i...
RPC Denial of Service targeting *nix rpcbind/libtirpc
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RPC DoS targeting nix rpcbind/libtirpc', 'Description' = %q This module exploits a vulnerability in certain versions of rpcbind, LIBTIRPC, and...
BADPDF Malicious PDF Creator
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BADPDF Malicious PDF Creator', 'Description' = ' This module can either creates a blank PDF file which contains a UNC link which can be used to...