This Metasploit module can detect situations where there may be information disclosure vulnerabilities that occur when a Git repository is made available over HTTP.
f3fc66ff62ad13f3081bddfba7d9e771214b26ddbd974bf809d56a802a53e08c
This Metasploit module exploits a source code disclosure/download vulnerability in versions 0.7 and 0.8 of the nginx web server. Versions 0.7.66 and 0.8.40 correct this vulnerability.
dbde0118738f8ec88172bdd2d8c742551346fd8f2a6024c26e8db71ac19bbecb
This Metasploit module scans for ServerTechs Sentry Switched CDU (Cabinet Power Distribution Unit) web login portals, and performs login brute force to identify valid credentials.
ea9a49f43b18efdec70397195d549a5898b68c47aa21c2551cd1058b7efb808c
This Metasploit module exploits a vulnerability in the Cisco IOS HTTP Server. By sending a GET request for "/level/num/exec/..", where num is between 16 and 99, it is possible to bypass authentication and obtain full system control. IOS 11.3 -> 12.2 are reportedly vulnerable. This Metasploit module tested successfully against a Cisco 1600 Router IOS v11.3(11d).
f47c8e7887760a5e15e7ecfe81baff6ced2ddb34267bcb19aff00e68bad4084e
This Metasploit module abuses a directory traversal vulnerability in the url_redirect.cgi application accessible through the web interface of Supermicro Onboard IPMI controllers. The vulnerability is present due to a lack of sanitization of the url_name parameter. This allows an attacker with a valid, but not necessarily administrator-level account, to access the contents of any file on the system. This includes the /nv/PSBlock file, which contains the cleartext credentials for all configured accounts. This Metasploit module has been tested on a Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware version SMT_X9_214. Other file names to try include /PSStore, /PMConfig.dat, and /wsman/simple_auth.passwd.
2a895b9a6c562c00a389ca6061ee3c5d3935d00911eac01555699f44b7a15397
This Metasploit module exploits a directory traversal vulnerability present in several Barracuda products, including the Barracuda Spam and Virus Firewall, Barracuda SSL VPN, and the Barracuda Web Application Firewall. By default, this module will attempt to download the Barracuda configuration file.
6442c5754109debd479b03a4170762b45607423d76b1903b7a24b3253875c7b2
This Metasploit module exploits a directory traversal vulnerability in WordPress Plugin "Simple Backup" version 2.7.10, allowing to read arbitrary files with the web server privileges.
61f6a4e4921a58a63cca20abf255135172544871c3ca345e5acc8abd9d439b6e
This Metasploit module generates a GET request to the provided web servers and executes an SSRF against the targeted EMBY server. Returns the server header, HTML title attribute and location header (if set). This is useful for rapidly identifying web applications on the internal network using the Emby SSRF vulnerability.
fcd1acfc1aea918108a97ea953c37ce3f9c7c4fea3d526e2df6c4414ad277111
This Metasploit module exploits a file disclosure vulnerability in the Accellion File Transfer appliance. This vulnerability is triggered when a user-provided statecode cookie parameter is appended to a file path that is processed as a HTML template. By prepending this cookie with directory traversal sequence and appending a NULL byte, any file readable by the web user can be exposed. The web user has read access to a number of sensitive files, including the system configuration and files uploaded to the appliance by users. This issue was confirmed on version FTA_9_11_200, but may apply to previous versions as well. This issue was fixed in software update FTA_9_11_210.
54b5d23c43a234a88b3e5e9d8345ae34b6dec9bf36741d5a1bc88d1cdf6813e5
This Metasploit module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080 and 8119 which allows unauthenticated users to download arbitrary files from the software root directory; including the user database, configuration files and log files. This Metasploit module extracts the administrator username and password, and the usernames and passwords or password hashes for all users. This Metasploit module has been tested successfully on SurgeNews version 2.0a-13 on Windows 7 SP 1 and 2.0a-12 on Ubuntu Linux.
73764b44f63d2549636f9a072cfc6159cd3fc1782b3972e02ed0b63dd113c7dc
This Metasploit module scans for OpenMind Message-OS provisioning web login portal, and performs a login brute force attack to identify valid credentials.
28480da105e7aa249ae3a2817a7fb69f5cd9b5986973631805327c9c32624fc3
This Metasploit module scans for Cisco Ironport SMA, WSA and ESA web login portals, finds AsyncOS versions, and performs login brute force to identify valid credentials.
19d08d4f5b105944f70b819c179403363836a5d079c1223718e0f4bb91836bf6
This Metasploit module exploits a directory traversal vulnerability in WordPress Plugin "DukaPress" versions less than or equal to 2.5.3, allowing to read arbitrary files with the web server privileges.
a534bb38da2e6e4279d9c429b273f4dc2bd07839bb464b1f89072d15672e1f5b
This Metasploit module enumerates Apache Tomcats usernames via malformed requests to j_security_check, which can be found in the web administration package. It should work against Tomcat servers 4.1.0 - 4.1.39, 5.5.0 - 5.5.27, and 6.0.0 - 6.0.18. Newer versions no longer have the "admin" package by default. The admin package is no longer provided for Tomcat 6 and later versions.
ddc9c4c9f598773b8e0921e7125f71bd3f5c7f1793c0f1c17a1adfd1577b0e43
This Metasploit module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003 and CAS 2007, 2010, and 2013 servers.
cf57e41e4e7598060afb12233b6e95687df308ec41eb8647506b622e6052eaf4
This Metasploit module tries to identify unique virtual hosts hosted by the target web server.
08261c4bf0143e0854d3c619351a9f5b6242b7465c1d0622634759ab8be05d9f
This Metasploit module scans for Cisco ASA Clientless SSL VPN (WebVPN) web login portals and performs login brute-force to identify valid credentials.
983f31bd8edeeb35f86c4eda6d8e40112b381f09fec355e208711ecccd89c799
This Metasploit module exploits a directory traversal vulnerability in Novell Groupwise. The vulnerability exists in the web interface of both the Post Office and the MTA agents. This Metasploit module has been tested successfully on Novell Groupwise 8.02 HP2 over Windows 2003 SP2.
cf3c10c3309d3a179dabde680510ab0063386316124c0e6cf1c7d34f3864c865
This Metasploit module exploits a directory traversal vulnerability in the RIPS Scanner v0.54, allowing to read arbitrary files with the web server privileges.
64c5fa4a4c496821d7e786dd634977b36db94e56b76ac0110a7c936a85a84f1f
This Metasploit module scans for Radware AppDirectors web login portal, and performs login brute force to identify valid credentials.
06be4d3b7aacdc65c359d439b5b7fed02d8b06ee7fa5627c57d94a1ea6709f9f
This Metasploit module exploits a directory traversal vulnerability in Ciscos Adaptive Security Appliance (ASA) software and Firepower Threat Defense (FTD) software. It lists the contents of Ciscos VPN web service which includes directories, files, and currently logged in users.
e8b395cf6df8cf62cd4fe6d2f7723d35e8e26a64675e9f380f11ed7370dec63d
Checks if an HTTP proxy is open. False positive are avoided verifying the HTTP return code and matching a pattern. The CONNECT method is verified only the return code. HTTP headers are shown regarding the use of proxy or load balancer.
8a0266333291f7df747501b70f5b9f99d56d9c23eda6f14be90cd699b795cbbd
This Metasploit module exploits a hardcoded user and password for the GetConfig maintenance task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web Console and can be triggered by sending a specially crafted request to the rtrlet component, allowing a remote unauthenticated user to retrieve the configuration parameters of Novell Zenworks Asset Management, including the database credentials in clear text. This Metasploit module has been successfully tested on Novell ZENworks Asset Management 7.5.
1d9e7ba3c5437ccfb3683cfc6321e1b7024fe5a849eab97a085b5868e1d6209e
This Metasploit module test for authentication bypass using different HTTP verbs.
a50ad83fc15a997219900fc6f730f8e9b12750ef159913a0418fb239a854e45c
This Metasploit module attempts to brute force SAP username and passwords through the SAP Web GUI service. Default clients can be tested without needing to set a CLIENT. Common and default user/password combinations can be tested just setting the DEFAULT_CRED variable to true. The MSF_DATA_DIRECTORY/wordlists/sap_default.txt path store stores these default combinations.
5b059712a374ae4fd1c41ed977a19e72fe22c49b2377deff8c9e4b5e2d17dfcf