Metasploit Module Library
This page contains list of all Metasploit modules currently available in the latest release of the Metasploit Framework version 6.x.
There are the following 7 different module types in Metasploit:
- Exploits - Modules for exploiting a vulnerability and delivering a payload. There are remote exploits, local exploits, privilege escalation exploits, client-side exploits, web application exploits and many others.
- Payloads - Modules for performing an action during the exploitation, e.g. establishing meterpreter session, reverse shell, executing a command, downloading and executing a program etc. Payloads can be staged and non-staged.
- Post - Modules for post exploitation action such as credential / hash dumping, local privilege escalation, backdoor installation, sensitive data extraction, network traffic tunneling (proxying), keylogging, screen capturing and many other actions.
- Auxiliary - Modules for auxiliary actions such as network scanning, enumeration, vulnerability scanning, login brute force and cracking, fuzzing, spidering (traversal), data extraction and many others.
- Encoders - Modules for payload encoding and encryption such as base64, XOR, shikata_ga_nai etc. This can help with obfuscation to evade defenses such as Antivirus or NIDS (network intrusion detection systems), EDR (endpoint detection and response) etc.
- Evasions - Modules for evading defenses such as Antivirus evasion, AppLocker bypass, software restriction policies (SRP) bypass etc.
- Nops - Modules for generating a harmless, benign "No Operation" instructions, e.g. for padding purposes, sliding in memory during exploitation etc.
List of Metasploit Modules
Below is the complete list of Metasploit modules. In total, there are more than 4,800 modules in the latest development version of Metasploit Framework 6.x which is currently available in Kali Linux. Please use the Search function below to find a particular module, e.g.: ms17 scanner.
| Metasploit Module | Name |
|---|---|
| auxiliary/admin/2wire/xslt_password_reset | 2Wire Cross-Site Request Forgery Password Reset Vulnerability |
| auxiliary/admin/android/google_play_store_uxss_xframe_rce | Android Browser RCE Through Google Play Store XFO |
| auxiliary/admin/appletv/appletv_display_image | Apple TV Image Remote Control |
| auxiliary/admin/appletv/appletv_display_video | Apple TV Video Remote Control |
| auxiliary/admin/atg/atg_client | Veeder-Root Automatic Tank Gauge (ATG) Administrative Client |
| auxiliary/admin/aws/aws_launch_instances | Launches Hosts in AWS |
| auxiliary/admin/backupexec/dump | Veritas Backup Exec Windows Remote File Access |
| auxiliary/admin/backupexec/registry | Veritas Backup Exec Server Registry Access |
| auxiliary/admin/chromecast/chromecast_reset | Chromecast Factory Reset DoS |
| auxiliary/admin/chromecast/chromecast_youtube | Chromecast YouTube Remote Control |
| auxiliary/admin/citrix/citrix_netscaler_config_decrypt | Decrypt Citrix NetScaler Config Secrets |
| auxiliary/admin/db2/db2rcmd | IBM DB2 db2rcmd.exe Command Execution Vulnerability |
| auxiliary/admin/dcerpc/cve_2020_1472_zerologon | Netlogon Weak Cryptographic Authentication |
| auxiliary/admin/dcerpc/cve_2021_1675_printnightmare | Print Spooler Remote DLL Injection |
| auxiliary/admin/dcerpc/icpr_cert | ICPR Certificate Management |
| auxiliary/admin/dcerpc/samr_computer | SAMR Computer Management |
| auxiliary/admin/dns/dyn_dns_update | DNS Server Dynamic Update Record Injection |
| auxiliary/admin/edirectory/edirectory_dhost_cookie | Novell eDirectory DHOST Predictable Session Cookie |
| auxiliary/admin/edirectory/edirectory_edirutil | Novell eDirectory eMBox Unauthenticated File Access |
| auxiliary/admin/emc/alphastor_devicemanager_exec | EMC AlphaStor Device Manager Arbitrary Command Execution |
| auxiliary/admin/emc/alphastor_librarymanager_exec | EMC AlphaStor Library Manager Arbitrary Command Execution |
| auxiliary/admin/firetv/firetv_youtube | Amazon Fire TV YouTube Remote Control |
| auxiliary/admin/hp/hp_data_protector_cmd | HP Data Protector 6.1 EXEC_CMD Command Execution |
| auxiliary/admin/hp/hp_ilo_create_admin_account | HP iLO 4 1.00-2.50 Authentication Bypass Administrator Account Creation |
| auxiliary/admin/hp/hp_imc_som_create_account | HP Intelligent Management SOM Account Creation |
| auxiliary/admin/http/allegro_rompager_auth_bypass | Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Authentication Bypass |
| auxiliary/admin/http/arris_motorola_surfboard_backdoor_xss | Arris / Motorola Surfboard SBG6580 Web Interface Takeover |
| auxiliary/admin/http/axigen_file_access | Axigen Arbitrary File Read and Delete |
| auxiliary/admin/http/cfme_manageiq_evm_pass_reset | Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection |
| auxiliary/admin/http/cisco_7937g_ssh_privesc | Cisco 7937G SSH Privilege Escalation |
| auxiliary/admin/http/cnpilot_r_cmd_exec | Cambium cnPilot r200/r201 Command Execution as 'root' |
| auxiliary/admin/http/cnpilot_r_fpt | Cambium cnPilot r200/r201 File Path Traversal |
| auxiliary/admin/http/contentkeeper_fileaccess | ContentKeeper Web Appliance mimencode File Access |
| auxiliary/admin/http/dlink_dir_300_600_exec_noauth | D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution |
| auxiliary/admin/http/dlink_dir_645_password_extractor | D-Link DIR 645 Password Extractor |
| auxiliary/admin/http/dlink_dsl320b_password_extractor | D-Link DSL 320B Password Extractor |
| auxiliary/admin/http/foreman_openstack_satellite_priv_esc | Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment |
| auxiliary/admin/http/gitstack_rest | GitStack Unauthenticated REST API Requests |
| auxiliary/admin/http/grafana_auth_bypass | Grafana 2.0 through 5.2.2 authentication bypass for LDAP and OAuth |
| auxiliary/admin/http/hikvision_unauth_pwd_reset_cve_2017_7921 | Hikvision IP Camera Unauthenticated Password Change Via Improper Authentication Logic |
| auxiliary/admin/http/hp_web_jetadmin_exec | HP Web JetAdmin 6.5 Server Arbitrary Command Execution |
| auxiliary/admin/http/ibm_drm_download | IBM Data Risk Manager Arbitrary File Download |
| auxiliary/admin/http/iis_auth_bypass | MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass |
| auxiliary/admin/http/intersil_pass_reset | Intersil (Boa) HTTPd Basic Authentication Password Reset |
| auxiliary/admin/http/iomega_storcenterpro_sessionid | Iomega StorCenter Pro NAS Web Authentication Bypass |
| auxiliary/admin/http/jboss_bshdeployer | JBoss JMX Console Beanshell Deployer WAR Upload and Deployment |
| auxiliary/admin/http/jboss_deploymentfilerepository | JBoss JMX Console DeploymentFileRepository WAR Upload and Deployment |
| auxiliary/admin/http/jboss_seam_exec | JBoss Seam 2 Remote Command Execution |
| auxiliary/admin/http/joomla_registration_privesc | Joomla Account Creation and Privilege Escalation |
| auxiliary/admin/http/kaseya_master_admin | Kaseya VSA Master Administrator Account Creation |
| auxiliary/admin/http/katello_satellite_priv_esc | Katello (Red Hat Satellite) users/update_roles Missing Authorization |
| auxiliary/admin/http/limesurvey_file_download | Limesurvey Unauthenticated File Download |
| auxiliary/admin/http/linksys_e1500_e2500_exec | Linksys E1500/E2500 Remote Command Execution |
| auxiliary/admin/http/linksys_tmunblock_admin_reset_bof | Linksys WRT120N tmUnblock Stack Buffer Overflow |
| auxiliary/admin/http/linksys_wrt54gl_exec | Linksys WRT54GL Remote Command Execution |
| auxiliary/admin/http/manage_engine_dc_create_admin | ManageEngine Desktop Central Administrator Account Creation |
| auxiliary/admin/http/manageengine_dir_listing | ManageEngine Multiple Products Arbitrary Directory Listing |
| auxiliary/admin/http/manageengine_file_download | ManageEngine Multiple Products Arbitrary File Download |
| auxiliary/admin/http/manageengine_pmp_privesc | ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection |
| auxiliary/admin/http/mantisbt_password_reset | MantisBT password reset |
| auxiliary/admin/http/mutiny_frontend_read_delete | Mutiny 5 Arbitrary File Read and Delete |
| auxiliary/admin/http/netflow_file_download | ManageEngine NetFlow Analyzer Arbitrary File Download |
| auxiliary/admin/http/netgear_auth_download | NETGEAR ProSafe Network Management System 300 Authenticated File Download |
| auxiliary/admin/http/netgear_pnpx_getsharefolderlist_auth_bypass | Netgear PNPX_GetShareFolderList Authentication Bypass |
| auxiliary/admin/http/netgear_r6700_pass_reset | Netgear R6700v3 Unauthenticated LAN Admin Password Reset |
| auxiliary/admin/http/netgear_r7000_backup_cgi_heap_overflow_rce | Netgear R7000 backup.cgi Heap Overflow RCE |
| auxiliary/admin/http/netgear_soap_password_extractor | Netgear Unauthenticated SOAP Password Extractor |
| auxiliary/admin/http/netgear_wnr2000_pass_recovery | NETGEAR WNR2000v5 Administrator Password Recovery |
| auxiliary/admin/http/nexpose_xxe_file_read | Nexpose XXE Arbitrary File Read |
| auxiliary/admin/http/novell_file_reporter_filedelete | Novell File Reporter Agent Arbitrary File Delete |
| auxiliary/admin/http/nuuo_nvrmini_reset | NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Default Configuration Load and Administrator Password Reset |
| auxiliary/admin/http/openbravo_xxe | Openbravo ERP XXE Arbitrary File Read |
| auxiliary/admin/http/pfadmin_set_protected_alias | Postfixadmin Protected Alias Deletion Vulnerability |
| auxiliary/admin/http/pihole_domains_api_exec | Pi-Hole Top Domains API Authenticated Exec |
| auxiliary/admin/http/rails_devise_pass_reset | Ruby on Rails Devise Authentication Password Reset |
| auxiliary/admin/http/scadabr_credential_dump | ScadaBR Credentials Dumper |
| auxiliary/admin/http/scrutinizer_add_user | Plixer Scrutinizer NetFlow and sFlow Analyzer HTTP Authentication Bypass |
| auxiliary/admin/http/sophos_wpa_traversal | Sophos Web Protection Appliance patience.cgi Directory Traversal |
| auxiliary/admin/http/supra_smart_cloud_tv_rfi | Supra Smart Cloud TV Remote File Inclusion |
| auxiliary/admin/http/sysaid_admin_acct | SysAid Help Desk Administrator Account Creation |
| auxiliary/admin/http/sysaid_file_download | SysAid Help Desk Arbitrary File Download |
| auxiliary/admin/http/sysaid_sql_creds | SysAid Help Desk Database Credentials Disclosure |
| auxiliary/admin/http/telpho10_credential_dump | Telpho10 Backup Credentials Dumper |
| auxiliary/admin/http/tomcat_administration | Tomcat Administration Tool Default Access |
| auxiliary/admin/http/tomcat_ghostcat | Ghostcat |
| auxiliary/admin/http/tomcat_utf8_traversal | Tomcat UTF-8 Directory Traversal Vulnerability |
| auxiliary/admin/http/trendmicro_dlp_traversal | TrendMicro Data Loss Prevention 5.5 Directory Traversal |
| auxiliary/admin/http/typo3_news_module_sqli | TYPO3 News Module SQL Injection |
| auxiliary/admin/http/typo3_sa_2009_001 | TYPO3 sa-2009-001 Weak Encryption Key File Disclosure |
| auxiliary/admin/http/typo3_sa_2009_002 | Typo3 sa-2009-002 File Disclosure |
| auxiliary/admin/http/typo3_sa_2010_020 | TYPO3 sa-2010-020 Remote File Disclosure |
| auxiliary/admin/http/typo3_winstaller_default_enc_keys | TYPO3 Winstaller Default Encryption Keys |
| auxiliary/admin/http/ulterius_file_download | Ulterius Server File Download Vulnerability |
| auxiliary/admin/http/vbulletin_upgrade_admin | vBulletin Administrator Account Creation |
| auxiliary/admin/http/webnms_cred_disclosure | WebNMS Framework Server Credential Disclosure |
| auxiliary/admin/http/webnms_file_download | WebNMS Framework Server Arbitrary Text File Download |
| auxiliary/admin/http/wp_automatic_plugin_privesc | WordPress Plugin Automatic Config Change to RCE |
| auxiliary/admin/http/wp_custom_contact_forms | WordPress custom-contact-forms Plugin SQL Upload |
| auxiliary/admin/http/wp_easycart_privilege_escalation | WordPress WP EasyCart Plugin Privilege Escalation |
| auxiliary/admin/http/wp_gdpr_compliance_privesc | WordPress WP GDPR Compliance Plugin Privilege Escalation |
| auxiliary/admin/http/wp_google_maps_sqli | WordPress Google Maps Plugin SQL Injection |
| auxiliary/admin/http/wp_masterstudy_privesc | Wordpress MasterStudy Admin Account Creation |
| auxiliary/admin/http/wp_symposium_sql_injection | WordPress Symposium Plugin SQL Injection |
| auxiliary/admin/http/wp_wplms_privilege_escalation | WordPress WPLMS Theme Privilege Escalation |
| auxiliary/admin/http/zyxel_admin_password_extractor | ZyXEL GS1510-16 Password Extractor |
| auxiliary/admin/kerberos/ms14_068_kerberos_checksum | MS14-068 Microsoft Kerberos Checksum Validation Vulnerability |
| auxiliary/admin/ldap/rbcd | Role Base Constrained Delegation |
| auxiliary/admin/ldap/vmware_vcenter_vmdir_auth_bypass | VMware vCenter Server vmdir Authentication Bypass |
| auxiliary/admin/maxdb/maxdb_cons_exec | SAP MaxDB cons.exe Remote Command Injection |
| auxiliary/admin/misc/sercomm_dump_config | SerComm Device Configuration Dump |
| auxiliary/admin/misc/wol | UDP Wake-On-Lan (WOL) |
| auxiliary/admin/motorola/wr850g_cred | Motorola WR850G v4.03 Credentials |
| auxiliary/admin/ms/ms08_059_his2006 | Microsoft Host Integration Server 2006 Command Execution Vulnerability |
| auxiliary/admin/mssql/mssql_enum_domain_accounts | Microsoft SQL Server SUSER_SNAME Windows Domain Account Enumeration |
| auxiliary/admin/mssql/mssql_enum_domain_accounts_sqli | Microsoft SQL Server SQLi SUSER_SNAME Windows Domain Account Enumeration |
| auxiliary/admin/mssql/mssql_enum | Microsoft SQL Server Configuration Enumerator |
| auxiliary/admin/mssql/mssql_enum_sql_logins | Microsoft SQL Server SUSER_SNAME SQL Logins Enumeration |
| auxiliary/admin/mssql/mssql_escalate_dbowner | Microsoft SQL Server Escalate Db_Owner |
| auxiliary/admin/mssql/mssql_escalate_dbowner_sqli | Microsoft SQL Server SQLi Escalate Db_Owner |
| auxiliary/admin/mssql/mssql_escalate_execute_as | Microsoft SQL Server Escalate EXECUTE AS |
| auxiliary/admin/mssql/mssql_escalate_execute_as_sqli | Microsoft SQL Server SQLi Escalate Execute AS |
| auxiliary/admin/mssql/mssql_exec | Microsoft SQL Server Command Execution |
| auxiliary/admin/mssql/mssql_findandsampledata | Microsoft SQL Server Find and Sample Data |
| auxiliary/admin/mssql/mssql_idf | Microsoft SQL Server Interesting Data Finder |
| auxiliary/admin/mssql/mssql_ntlm_stealer | Microsoft SQL Server NTLM Stealer |
| auxiliary/admin/mssql/mssql_ntlm_stealer_sqli | Microsoft SQL Server SQLi NTLM Stealer |
| auxiliary/admin/mssql/mssql_sql_file | Microsoft SQL Server Generic Query from File |
| auxiliary/admin/mssql/mssql_sql | Microsoft SQL Server Generic Query |
| auxiliary/admin/mysql/mysql_enum | MySQL Enumeration Module |
| auxiliary/admin/mysql/mysql_sql | MySQL SQL Generic Query |
| auxiliary/admin/natpmp/natpmp_map | NAT-PMP Port Mapper |
| auxiliary/admin/netbios/netbios_spoof | NetBIOS Response Brute Force Spoof (Direct) |
| auxiliary/admin/networking/arista_config | Arista Configuration Importer |
| auxiliary/admin/networking/brocade_config | Brocade Configuration Importer |
| auxiliary/admin/networking/cisco_asa_extrabacon | Cisco ASA Authentication Bypass (EXTRABACON) |
| auxiliary/admin/networking/cisco_config | Cisco Configuration Importer |
| auxiliary/admin/networking/cisco_dcnm_auth_bypass | Cisco DCNM auth bypass |
| auxiliary/admin/networking/cisco_dcnm_download | Cisco Data Center Network Manager Unauthenticated File Download |
| auxiliary/admin/networking/cisco_secure_acs_bypass | Cisco Secure ACS Unauthorized Password Change |
| auxiliary/admin/networking/cisco_vpn_3000_ftp_bypass | Cisco VPN Concentrator 3000 FTP Unauthorized Administrative Access |
| auxiliary/admin/networking/f5_config | F5 Configuration Importer |
| auxiliary/admin/networking/juniper_config | Juniper Configuration Importer |
| auxiliary/admin/networking/mikrotik_config | Mikrotik Configuration Importer |
| auxiliary/admin/networking/ubiquiti_config | Ubiquiti Configuration Importer |
| auxiliary/admin/networking/vyos_config | VyOS Configuration Importer |
| auxiliary/admin/officescan/tmlisten_traversal | TrendMicro OfficeScanNT Listener Traversal Arbitrary File Access |
| auxiliary/admin/oracle/oracle_index_privesc | Oracle DB Privilege Escalation via Function-Based Index |
| auxiliary/admin/oracle/oracle_login | Oracle Account Discovery |
| auxiliary/admin/oracle/oracle_sql | Oracle SQL Generic Query |
| auxiliary/admin/oracle/oraenum | Oracle Database Enumeration |
| auxiliary/admin/oracle/ora_ntlm_stealer | Oracle SMB Relay Code Execution |
| auxiliary/admin/oracle/osb_execqr2 | Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability |
| auxiliary/admin/oracle/osb_execqr3 | Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability |
| auxiliary/admin/oracle/osb_execqr | Oracle Secure Backup exec_qr() Command Injection Vulnerability |
| auxiliary/admin/oracle/post_exploitation/win32exec | Oracle Java execCommand (Win32) |
| auxiliary/admin/oracle/post_exploitation/win32upload | Oracle URL Download |
| auxiliary/admin/oracle/sid_brute | Oracle TNS Listener SID Brute Forcer |
| auxiliary/admin/oracle/tnscmd | Oracle TNS Listener Command Issuer |
| auxiliary/admin/pop2/uw_fileretrieval | UoW pop2d Remote File Retrieval Vulnerability |
| auxiliary/admin/postgres/postgres_readfile | PostgreSQL Server Generic Query |
| auxiliary/admin/postgres/postgres_sql | PostgreSQL Server Generic Query |
| auxiliary/admin/sap/cve_2020_6207_solman_rce | SAP Solution Manager remote unauthorized OS commands execution |
| auxiliary/admin/sap/cve_2020_6287_ws_add_user | SAP Unauthenticated WebService User Creation |
| auxiliary/admin/sap/sap_configservlet_exec_noauth | SAP ConfigServlet OS Command Execution |
| auxiliary/admin/sap/sap_igs_xmlchart_xxe | SAP Internet Graphics Server (IGS) XMLCHART XXE |
| auxiliary/admin/sap/sap_mgmt_con_osexec | SAP Management Console OSExecute |
| auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli | Advantech WebAccess DBVisitor.dll ChartThemeConfig SQL Injection |
| auxiliary/admin/scada/ge_proficy_substitute_traversal | GE Proficy Cimplicity WebView substitute.bcl Directory Traversal |
| auxiliary/admin/scada/modicon_command | Schneider Modicon Remote START/STOP Command |
| auxiliary/admin/scada/modicon_password_recovery | Schneider Modicon Quantum Password Recovery |
| auxiliary/admin/scada/modicon_stux_transfer | Schneider Modicon Ladder Logic Upload/Download |
| auxiliary/admin/scada/moxa_credentials_recovery | Moxa Device Credential Retrieval |
| auxiliary/admin/scada/multi_cip_command | Allen-Bradley/Rockwell Automation EtherNet/IP CIP Commands |
| auxiliary/admin/scada/pcom_command | Unitronics PCOM remote START/STOP/RESET command |
| auxiliary/admin/scada/phoenix_command | PhoenixContact PLC Remote START/STOP Command |
| auxiliary/admin/scada/yokogawa_bkbcopyd_client | Yokogawa BKBCopyD.exe Client |
| auxiliary/admin/serverprotect/file | TrendMicro ServerProtect File Access |
| auxiliary/admin/smb/check_dir_file | SMB Scanner Check File/Directory Utility |
| auxiliary/admin/smb/delete_file | SMB File Delete Utility |
| auxiliary/admin/smb/download_file | SMB File Download Utility |
| auxiliary/admin/smb/list_directory | SMB Directory Listing Utility |
| auxiliary/admin/smb/ms17_010_command | MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution |
| auxiliary/admin/smb/psexec_ntdsgrab | PsExec NTDS.dit And SYSTEM Hive Download Utility |
| auxiliary/admin/smb/samba_symlink_traversal | Samba Symlink Directory Traversal |
| auxiliary/admin/smb/upload_file | SMB File Upload Utility |
| auxiliary/admin/smb/webexec_command | WebEx Remote Command Execution Utility |
| auxiliary/admin/sunrpc/solaris_kcms_readfile | Solaris KCMS + TTDB Arbitrary File Read |
| auxiliary/admin/teradata/teradata_odbc_sql | Teradata ODBC SQL Query Module |
| auxiliary/admin/tftp/tftp_transfer_util | TFTP File Transfer Utility |
| auxiliary/admin/tikiwiki/tikidblib | TikiWiki Information Disclosure |
| auxiliary/admin/upnp/soap_portmapping | UPnP IGD SOAP Port Mapping Utility |
| auxiliary/admin/vmware/poweroff_vm | VMWare Power Off Virtual Machine |
| auxiliary/admin/vmware/poweron_vm | VMWare Power On Virtual Machine |
| auxiliary/admin/vmware/tag_vm | VMWare Tag Virtual Machine |
| auxiliary/admin/vmware/terminate_esx_sessions | VMWare Terminate ESX Login Sessions |
| auxiliary/admin/vmware/vcenter_forge_saml_token | VMware vCenter Forge SAML Authentication Credentials |
| auxiliary/admin/vmware/vcenter_offline_mdb_extract | VMware vCenter Extract Secrets from vmdir / vmafd DB File |
| auxiliary/admin/vnc/realvnc_41_bypass | RealVNC NULL Authentication Mode Bypass |
| auxiliary/admin/vxworks/apple_airport_extreme_password | Apple Airport Extreme Password Extraction (WDBRPC) |
| auxiliary/admin/vxworks/dlink_i2eye_autoanswer | D-Link i2eye Video Conference AutoAnswer (WDBRPC) |
| auxiliary/admin/vxworks/wdbrpc_memory_dump | VxWorks WDB Agent Remote Memory Dump |
| auxiliary/admin/vxworks/wdbrpc_reboot | VxWorks WDB Agent Remote Reboot |
| auxiliary/admin/webmin/edit_html_fileaccess | Webmin edit_html.cgi file Parameter Traversal Arbitrary File Access |
| auxiliary/admin/webmin/file_disclosure | Webmin File Disclosure |
| auxiliary/admin/wemo/crockpot | Belkin Wemo-Enabled Crock-Pot Remote Control |
| auxiliary/admin/zend/java_bridge | Zend Server Java Bridge Design Flaw Remote Code Execution |
| auxiliary/analyze/apply_pot | Apply Pot File To Hashes |
| auxiliary/analyze/crack_aix | Password Cracker: AIX |
| auxiliary/analyze/crack_databases | Password Cracker: Databases |
| auxiliary/analyze/crack_linux | Password Cracker: Linux |
| auxiliary/analyze/crack_mobile | Password Cracker: Mobile |
| auxiliary/analyze/crack_osx | Password Cracker: OSX |
| auxiliary/analyze/crack_webapps | Password Cracker: Webapps |
| auxiliary/analyze/crack_windows | Password Cracker: Windows |
| auxiliary/analyze/modbus_zip | Extract zip from Modbus communication |
| auxiliary/bnat/bnat_router | BNAT Router |
| auxiliary/bnat/bnat_scan | BNAT Scanner |
| auxiliary/client/hwbridge/connect | Hardware Bridge Session Connector |
| auxiliary/client/iec104/iec104 | IEC104 Client Utility |
| auxiliary/client/mms/send_mms | MMS Client |
| auxiliary/client/sms/send_text | SMS Client |
| auxiliary/client/smtp/emailer | Generic Emailer (SMTP) |
| auxiliary/client/telegram/send_message | Telegram Message Client |
| auxiliary/cloud/aws/enum_ec2 | Amazon Web Services EC2 instance enumeration |
| auxiliary/cloud/aws/enum_iam | Amazon Web Services IAM credential enumeration |
| auxiliary/cloud/aws/enum_s3 | Amazon Web Services S3 instance enumeration |
| auxiliary/cloud/kubernetes/enum_kubernetes | Kubernetes Enumeration |
| auxiliary/crawler/msfcrawler | Metasploit Web Crawler |
| auxiliary/docx/word_unc_injector | Microsoft Word UNC Path Injector |
| auxiliary/dos/android/android_stock_browser_iframe | Android Stock Browser Iframe DOS |
| auxiliary/dos/apple_ios/webkit_backdrop_filter_blur | iOS Safari Denial of Service with CSS |
| auxiliary/dos/cisco/cisco_7937g_dos | Cisco 7937G Denial-of-Service Attack |
| auxiliary/dos/cisco/cisco_7937g_dos_reboot | Cisco 7937G Denial-of-Service Reboot Attack |
| auxiliary/dos/cisco/ios_http_percentpercent | Cisco IOS HTTP GET /%% Request Denial of Service |
| auxiliary/dos/cisco/ios_telnet_rocem | Cisco IOS Telnet Denial of Service |
| auxiliary/dos/dhcp/isc_dhcpd_clientid | ISC DHCP Zero Length ClientID Denial of Service Module |
| auxiliary/dos/dns/bind_tkey | BIND TKEY Query Denial of Service |
| auxiliary/dos/dns/bind_tsig_badtime | BIND TSIG Badtime Query Denial of Service |
| auxiliary/dos/dns/bind_tsig | BIND TSIG Query Denial of Service |
| auxiliary/dos/freebsd/nfsd/nfsd_mount | FreeBSD Remote NFS RPC Request Denial of Service |
| auxiliary/dos/hp/data_protector_rds | HP Data Protector Manager RDS DOS |
| auxiliary/dos/http/3com_superstack_switch | 3Com SuperStack Switch Denial of Service |
| auxiliary/dos/http/apache_commons_fileupload_dos | Apache Commons FileUpload and Apache Tomcat DoS |
| auxiliary/dos/http/apache_mod_isapi | Apache mod_isapi Dangling Pointer |
| auxiliary/dos/http/apache_range_dos | Apache Range Header DoS (Apache Killer) |
| auxiliary/dos/http/apache_tomcat_transfer_encoding | Apache Tomcat Transfer-Encoding Information Disclosure and DoS |
| auxiliary/dos/http/brother_debut_dos | Brother Debut http Denial Of Service |
| auxiliary/dos/http/cable_haunt_websocket_dos | "Cablehaunt" Cable Modem WebSocket DoS |
| auxiliary/dos/http/canon_wireless_printer | Canon Wireless Printer Denial Of Service |
| auxiliary/dos/http/dell_openmanage_post | Dell OpenManage POST Request Heap Overflow (win32) |
| auxiliary/dos/http/f5_bigip_apm_max_sessions | F5 BigIP Access Policy Manager Session Exhaustion Denial of Service |
| auxiliary/dos/http/flexense_http_server_dos | Flexense HTTP Server Denial Of Service |
| auxiliary/dos/http/gzip_bomb_dos | Gzip Memory Bomb Denial Of Service |
| auxiliary/dos/http/hashcollision_dos | Hashtable Collisions |
| auxiliary/dos/http/ibm_lotus_notes2 | IBM Notes Denial Of Service |
| auxiliary/dos/http/ibm_lotus_notes | IBM Notes encodeURI DOS |
| auxiliary/dos/http/marked_redos | marked npm module "heading" ReDoS |
| auxiliary/dos/http/metasploit_httphandler_dos | Metasploit HTTP(S) handler DoS |
| auxiliary/dos/http/monkey_headers | Monkey HTTPD Header Parsing Denial of Service (DoS) |
| auxiliary/dos/http/ms15_034_ulonglongadd | MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service |
| auxiliary/dos/http/nodejs_pipelining | Node.js HTTP Pipelining Denial of Service |
| auxiliary/dos/http/novell_file_reporter_heap_bof | NFR Agent Heap Overflow Vulnerability |
| auxiliary/dos/http/rails_action_view | Ruby on Rails Action View MIME Memory Exhaustion |
| auxiliary/dos/http/rails_json_float_dos | Ruby on Rails JSON Processor Floating Point Heap Overflow DoS |
| auxiliary/dos/http/slowloris | Slowloris Denial of Service Attack |
| auxiliary/dos/http/sonicwall_ssl_format | SonicWALL SSL-VPN Format String Vulnerability |
| auxiliary/dos/http/squid_range_dos | Squid Proxy Range Header DoS |
| auxiliary/dos/http/tautulli_shutdown_exec | Tautulli v2.1.9 - Shutdown Denial of Service |
| auxiliary/dos/http/ua_parser_js_redos | ua-parser-js npm module ReDoS |
| auxiliary/dos/http/webkitplus | WebKitGTK+ WebKitFaviconDatabase DoS |
| auxiliary/dos/http/webrick_regex | Ruby WEBrick::HTTP::DefaultFileHandler DoS |
| auxiliary/dos/http/wordpress_directory_traversal_dos | WordPress Traversal Directory DoS |
| auxiliary/dos/http/wordpress_long_password_dos | WordPress Long Password DoS |
| auxiliary/dos/http/wordpress_xmlrpc_dos | Wordpress XMLRPC DoS |
| auxiliary/dos/http/ws_dos | ws - Denial of Service |
| auxiliary/dos/mdns/avahi_portzero | Avahi Source Port 0 DoS |
| auxiliary/dos/misc/dopewars | Dopewars Denial of Service |
| auxiliary/dos/misc/ibm_sametime_webplayer_dos | IBM Lotus Sametime WebPlayer DoS |
| auxiliary/dos/misc/ibm_tsm_dos | IBM Tivoli Storage Manager FastBack Server Opcode 0x534 Denial of Service |
| auxiliary/dos/misc/memcached | Memcached Remote Denial of Service |
| auxiliary/dos/ntp/ntpd_reserved_dos | NTP.org ntpd Reserved Mode Denial of Service |
| auxiliary/dos/pptp/ms02_063_pptp_dos | MS02-063 PPTP Malformed Control Data Kernel Denial of Service |
| auxiliary/dos/rpc/rpcbomb | RPC DoS targeting *nix rpcbind/libtirpc |
| auxiliary/dos/samba/lsa_addprivs_heap | Samba lsa_io_privilege_set Heap Overflow |
| auxiliary/dos/samba/lsa_transnames_heap | Samba lsa_io_trans_names Heap Overflow |
| auxiliary/dos/samba/read_nttrans_ea_list | Samba read_nttrans_ea_list Integer Overflow |
| auxiliary/dos/sap/sap_soap_rfc_eps_delete_file | SAP SOAP EPS_DELETE_FILE File Deletion |
| auxiliary/dos/scada/allen_bradley_pccc | DoS Exploitation of Allen-Bradley's Legacy Protocol (PCCC) |
| auxiliary/dos/scada/beckhoff_twincat | Beckhoff TwinCAT SCADA PLC 2.11.0.2004 DoS |
| auxiliary/dos/scada/d20_tftp_overflow | General Electric D20ME TFTP Server Buffer Overflow DoS |
| auxiliary/dos/scada/igss9_dataserver | 7-Technologies IGSS 9 IGSSdataServer.exe DoS |
| auxiliary/dos/scada/siemens_siprotec4 | Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service |
| auxiliary/dos/scada/yokogawa_logsvr | Yokogawa CENTUM CS 3000 BKCLogSvr.exe Heap Buffer Overflow |
| auxiliary/dos/smb/smb_loris | SMBLoris NBSS Denial of Service |
| auxiliary/dos/smtp/sendmail_prescan | Sendmail SMTP Address prescan Memory Corruption |
| auxiliary/dos/solaris/lpd/cascade_delete | Solaris LPD Arbitrary File Delete |
| auxiliary/dos/ssl/dtls_changecipherspec | OpenSSL DTLS ChangeCipherSpec Remote DoS |
| auxiliary/dos/ssl/dtls_fragment_overflow | OpenSSL DTLS Fragment Buffer Overflow DoS |
| auxiliary/dos/ssl/openssl_aesni | OpenSSL TLS 1.1 and 1.2 AES-NI DoS |
| auxiliary/dos/syslog/rsyslog_long_tag | rsyslog Long Tag Off-By-Two DoS |
| auxiliary/dos/tcp/claymore_dos | Claymore Dual GPU Miner Format String dos attack |
| auxiliary/dos/tcp/junos_tcp_opt | Juniper JunOS Malformed TCP Option |
| auxiliary/dos/tcp/synflood | TCP SYN Flooder |
| auxiliary/dos/upnp/miniupnpd_dos | MiniUPnPd 1.4 Denial of Service (DoS) Exploit |
| auxiliary/dos/windows/appian/appian_bpm | Appian Enterprise Business Suite 5.6 SP1 DoS |
| auxiliary/dos/windows/browser/ms09_065_eot_integer | Microsoft Windows EOT Font Table Directory Integer Overflow |
| auxiliary/dos/windows/ftp/filezilla_admin_user | FileZilla FTP Server Admin Interface Denial of Service |
| auxiliary/dos/windows/ftp/filezilla_server_port | FileZilla FTP Server Malformed PORT Denial of Service |
| auxiliary/dos/windows/ftp/guildftp_cwdlist | Guild FTPd 0.999.8.11/0.999.14 Heap Corruption |
| auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof | Microsoft IIS FTP Server Encoded Response Overflow Trigger |
| auxiliary/dos/windows/ftp/iis_list_exhaustion | Microsoft IIS FTP Server LIST Stack Exhaustion |
| auxiliary/dos/windows/ftp/solarftp_user | Solar FTP Server Malformed USER Denial of Service |
| auxiliary/dos/windows/ftp/titan626_site | Titan FTP Server 6.26.630 SITE WHO DoS |
| auxiliary/dos/windows/ftp/vicftps50_list | Victory FTP Server 5.0 LIST DoS |
| auxiliary/dos/windows/ftp/winftp230_nlst | WinFTP 2.3.0 NLST Denial of Service |
| auxiliary/dos/windows/ftp/xmeasy560_nlst | XM Easy Personal FTP Server 5.6.0 NLST DoS |
| auxiliary/dos/windows/ftp/xmeasy570_nlst | XM Easy Personal FTP Server 5.7.0 NLST DoS |
| auxiliary/dos/windows/games/kaillera | Kaillera 0.86 Server Denial of Service |
| auxiliary/dos/windows/http/http_sys_accept_encoding_dos_cve_2021_31166 | Windows IIS HTTP Protocol Stack DOS |
| auxiliary/dos/windows/http/ms10_065_ii6_asp_dos | Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service |
| auxiliary/dos/windows/http/pi3web_isapi | Pi3Web ISAPI DoS |
| auxiliary/dos/windows/llmnr/ms11_030_dnsapi | Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS |
| auxiliary/dos/windows/nat/nat_helper | Microsoft Windows NAT Helper Denial of Service |
| auxiliary/dos/windows/rdp/ms12_020_maxchannelids | MS12-020 Microsoft Remote Desktop Use-After-Free DoS |
| auxiliary/dos/windows/smb/ms05_047_pnp | Microsoft Plug and Play Service Registry Overflow |
| auxiliary/dos/windows/smb/ms06_035_mailslot | Microsoft SRV.SYS Mailslot Write Corruption |
| auxiliary/dos/windows/smb/ms06_063_trans | Microsoft SRV.SYS Pipe Transaction No Null |
| auxiliary/dos/windows/smb/ms09_001_write | Microsoft SRV.SYS WriteAndX Invalid DataOffset |
| auxiliary/dos/windows/smb/ms09_050_smb2_negotiate_pidhigh | Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference |
| auxiliary/dos/windows/smb/ms09_050_smb2_session_logoff | Microsoft SRV2.SYS SMB2 Logoff Remote Kernel NULL Pointer Dereference |
| auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop | Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop |
| auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow | Microsoft Windows SRV.SYS SrvSmbQueryFsInformation Pool Overflow DoS |
| auxiliary/dos/windows/smb/ms11_019_electbowser | Microsoft Windows Browser Pool DoS |
| auxiliary/dos/windows/smb/rras_vls_null_deref | Microsoft RRAS InterfaceAdjustVLSPointers NULL Dereference |
| auxiliary/dos/windows/smb/vista_negotiate_stop | Microsoft Vista SP0 SMB Negotiate Protocol DoS |
| auxiliary/dos/windows/smtp/ms06_019_exchange | MS06-019 Exchange MODPROP Heap Overflow |
| auxiliary/dos/windows/ssh/sysax_sshd_kexchange | Sysax Multi-Server 6.10 SSHD Key Exchange Denial of Service |
| auxiliary/dos/windows/tftp/pt360_write | PacketTrap TFTP Server 2.2.5459.0 DoS |
| auxiliary/dos/windows/tftp/solarwinds | SolarWinds TFTP Server 10.4.0.10 Denial of Service |
| auxiliary/dos/wireshark/capwap | Wireshark CAPWAP Dissector DoS |
| auxiliary/dos/wireshark/chunked | Wireshark chunked_encoding_dissector Function DOS |
| auxiliary/dos/wireshark/cldap | Wireshark CLDAP Dissector DOS |
| auxiliary/dos/wireshark/ldap | Wireshark LDAP Dissector DOS |
| auxiliary/fileformat/badpdf | BADPDF Malicious PDF Creator |
| auxiliary/fileformat/multidrop | Windows SMB Multi Dropper |
| auxiliary/fileformat/odt_badodt | LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator |
| auxiliary/fuzzers/dns/dns_fuzzer | DNS and DNSSEC Fuzzer |
| auxiliary/fuzzers/ftp/client_ftp | Simple FTP Client Fuzzer |
| auxiliary/fuzzers/ftp/ftp_pre_post | Simple FTP Fuzzer |
| auxiliary/fuzzers/http/http_form_field | HTTP Form Field Fuzzer |
| auxiliary/fuzzers/http/http_get_uri_long | HTTP GET Request URI Fuzzer (Incrementing Lengths) |
| auxiliary/fuzzers/http/http_get_uri_strings | HTTP GET Request URI Fuzzer (Fuzzer Strings) |
| auxiliary/fuzzers/ntp/ntp_protocol_fuzzer | NTP Protocol Fuzzer |
| auxiliary/fuzzers/smb/smb2_negotiate_corrupt | SMB Negotiate SMB2 Dialect Corruption |
| auxiliary/fuzzers/smb/smb_create_pipe_corrupt | SMB Create Pipe Request Corruption |
| auxiliary/fuzzers/smb/smb_create_pipe | SMB Create Pipe Request Fuzzer |
| auxiliary/fuzzers/smb/smb_negotiate_corrupt | SMB Negotiate Dialect Corruption |
| auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt | SMB NTLMv1 Login Request Corruption |
| auxiliary/fuzzers/smb/smb_tree_connect_corrupt | SMB Tree Connect Request Corruption |
| auxiliary/fuzzers/smb/smb_tree_connect | SMB Tree Connect Request Fuzzer |
| auxiliary/fuzzers/smtp/smtp_fuzzer | SMTP Simple Fuzzer |
| auxiliary/fuzzers/ssh/ssh_kexinit_corrupt | SSH Key Exchange Init Corruption |
| auxiliary/fuzzers/ssh/ssh_version_15 | SSH 1.5 Version Fuzzer |
| auxiliary/fuzzers/ssh/ssh_version_2 | SSH 2.0 Version Fuzzer |
| auxiliary/fuzzers/ssh/ssh_version_corrupt | SSH Version Corruption |
| auxiliary/fuzzers/tds/tds_login_corrupt | TDS Protocol Login Request Corruption Fuzzer |
| auxiliary/fuzzers/tds/tds_login_username | TDS Protocol Login Request Username Fuzzer |
| auxiliary/gather/advantech_webaccess_creds | Advantech WebAccess 8.1 Post Authentication Credential Collector |
| auxiliary/gather/alienvault_iso27001_sqli | AlienVault Authenticated SQL Injection Arbitrary File Read |
| auxiliary/gather/alienvault_newpolicyform_sqli | AlienVault Authenticated SQL Injection Arbitrary File Read |
| auxiliary/gather/android_browser_file_theft | Android Browser File Theft |
| auxiliary/gather/android_browser_new_tab_cookie_theft | Android Browser "Open in New Tab" Cookie Theft |
| auxiliary/gather/android_htmlfileprovider | Android Content Provider File Disclosure |
| auxiliary/gather/android_object_tag_webview_uxss | Android Open Source Platform (AOSP) Browser UXSS |
| auxiliary/gather/android_stock_browser_uxss | Android Open Source Platform (AOSP) Browser UXSS |
| auxiliary/gather/apache_rave_creds | Apache Rave User Information Disclosure |
| auxiliary/gather/apple_safari_ftp_url_cookie_theft | Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft |
| auxiliary/gather/apple_safari_webarchive_uxss | Mac OS X Safari .webarchive File Format UXSS |
| auxiliary/gather/asterisk_creds | Asterisk Gather Credentials |
| auxiliary/gather/avtech744_dvr_accounts | AVTECH 744 DVR Account Information Retrieval |
| auxiliary/gather/billquick_txtid_sqli | BillQuick Web Suite txtID SQLi |
| auxiliary/gather/browser_info | HTTP Client Information Gather |
| auxiliary/gather/browser_lanipleak | HTTP Client LAN IP Address Gather |
| auxiliary/gather/c2s_dvr_password_disclosure | C2S DVR Management Password Disclosure |
| auxiliary/gather/censys_search | Censys Search |
| auxiliary/gather/cerberus_helpdesk_hash_disclosure | Cerberus Helpdesk User Hash Disclosure |
| auxiliary/gather/checkpoint_hostname | CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure |
| auxiliary/gather/chrome_debugger | Chrome Debugger Arbitrary File Read / Arbitrary Web Request |
| auxiliary/gather/cisco_pvc2300_download_config | Cisco PVC2300 POE Video Camera configuration download |
| auxiliary/gather/cisco_rv320_config | Cisco RV320/RV326 Configuration Disclosure |
| auxiliary/gather/citrix_published_applications | Citrix MetaFrame ICA Published Applications Scanner |
| auxiliary/gather/citrix_published_bruteforce | Citrix MetaFrame ICA Published Applications Bruteforcer |
| auxiliary/gather/cloud_lookup | Cloud Lookup (and Bypass) |
| auxiliary/gather/coldfusion_pwd_props | ColdFusion 'password.properties' Hash Extraction |
| auxiliary/gather/corpwatch_lookup_id | CorpWatch Company ID Information Search |
| auxiliary/gather/corpwatch_lookup_name | CorpWatch Company Name Information Search |
| auxiliary/gather/cve_2021_27850_apache_tapestry_hmac_key | Apache Tapestry HMAC secret key leak |
| auxiliary/gather/d20pass | General Electric D20 Password Recovery |
| auxiliary/gather/darkcomet_filedownloader | DarkComet Server Remote File Download Exploit |
| auxiliary/gather/dolibarr_creds_sqli | Dolibarr Gather Credentials via SQL Injection |
| auxiliary/gather/doliwamp_traversal_creds | DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials |
| auxiliary/gather/drupal_openid_xxe | Drupal OpenID External Entity Injection |
| auxiliary/gather/eaton_nsm_creds | Network Shutdown Module sort_values Credential Dumper |
| auxiliary/gather/emc_cta_xxe | EMC CTA v10.0 Unauthenticated XXE Arbitrary File Read |
| auxiliary/gather/enum_dns | DNS Record Scanner and Enumerator |
| auxiliary/gather/eventlog_cred_disclosure | ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure |
| auxiliary/gather/exchange_proxylogon_collector | Microsoft Exchange ProxyLogon Collector |
| auxiliary/gather/external_ip | Discover External IP via Ifconfig.me |
| auxiliary/gather/f5_bigip_cookie_disclosure | F5 BigIP Backend Cookie Disclosure |
| auxiliary/gather/firefox_pdfjs_file_theft | Firefox PDF.js Browser File Theft |
| auxiliary/gather/flash_rosetta_jsonp_url_disclosure | Flash "Rosetta" JSONP GET/POST Response Disclosure |
| auxiliary/gather/fortios_vpnssl_traversal_creds_leak | FortiOS Path Traversal Credential Gatherer |
| auxiliary/gather/get_user_spns | Gather Ticket Granting Service (TGS) tickets for User Service Principal Names (SPN) |
| auxiliary/gather/grandstream_ucm62xx_sql_account_guess | Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump |
| auxiliary/gather/hikvision_info_disclosure_cve_2017_7921 | Unauthenticated information disclosure such as configuration, credentials and camera snapshots of a vulnerable Hikvision IP Camera |
| auxiliary/gather/hp_enum_perfd | HP Operations Manager Perfd Environment Scanner |
| auxiliary/gather/hp_snac_domain_creds | HP ProCurve SNAC Domain Controller Credential Dumper |
| auxiliary/gather/http_pdf_authors | Gather PDF Authors |
| auxiliary/gather/huawei_wifi_info | Huawei Datacard Information Disclosure Vulnerability |
| auxiliary/gather/ibm_bigfix_sites_packages_enum | IBM BigFix Relay Server Sites and Package Enum |
| auxiliary/gather/ibm_sametime_enumerate_users | IBM Lotus Notes Sametime User Enumeration |
| auxiliary/gather/ibm_sametime_room_brute | IBM Lotus Notes Sametime Room Name Bruteforce |
| auxiliary/gather/ibm_sametime_version | IBM Lotus Sametime Version Enumeration |
| auxiliary/gather/ie_sandbox_findfiles | Internet Explorer Iframe Sandbox File Name Disclosure Vulnerability |
| auxiliary/gather/ie_uxss_injection | MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection |
| auxiliary/gather/impersonate_ssl | HTTP SSL Certificate Impersonation |
| auxiliary/gather/ipcamera_password_disclosure | JVC/Siemens/Vanderbilt IP-Camera Readfile Password Disclosure |
| auxiliary/gather/java_rmi_registry | Java RMI Registry Interfaces Enumeration |
| auxiliary/gather/jenkins_cred_recovery | Jenkins Domain Credential Recovery |
| auxiliary/gather/jetty_web_inf_disclosure | Jetty WEB-INF File Disclosure |
| auxiliary/gather/joomla_com_realestatemanager_sqli | Joomla Real Estate Manager Component Error-Based SQL Injection |
| auxiliary/gather/joomla_contenthistory_sqli | Joomla com_contenthistory Error-Based SQL Injection |
| auxiliary/gather/joomla_weblinks_sqli | Joomla weblinks-categories Unauthenticated SQL Injection Arbitrary File Read |
| auxiliary/gather/kerberos_enumusers | Kerberos Domain User Enumeration |
| auxiliary/gather/konica_minolta_pwd_extract | Konica Minolta Password Extractor |
| auxiliary/gather/lansweeper_collector | Lansweeper Credential Collector |
| auxiliary/gather/ldap_esc_vulnerable_cert_finder | Misconfigured Certificate Template Finder |
| auxiliary/gather/ldap_hashdump | LDAP Information Disclosure |
| auxiliary/gather/ldap_query | LDAP Query and Enumeration Module |
| auxiliary/gather/manageengine_adaudit_plus_xnode_enum | ManageEngine ADAudit Plus Xnode Enumeration |
| auxiliary/gather/manageengine_datasecurity_plus_xnode_enum | ManageEngine DataSecurity Plus Xnode Enumeration |
| auxiliary/gather/mantisbt_admin_sqli | MantisBT Admin SQL Injection Arbitrary File Read |
| auxiliary/gather/mcafee_epo_xxe | McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure |
| auxiliary/gather/memcached_extractor | Memcached Extractor |
| auxiliary/gather/microweber_lfi | Microweber CMS v1.2.10 Local File Inclusion (Authenticated) |
| auxiliary/gather/mikrotik_winbox_fileread | Mikrotik Winbox Arbitrary File Read |
| auxiliary/gather/mongodb_js_inject_collection_enum | MongoDB NoSQL Collection Enumeration Via Injection |
| auxiliary/gather/ms14_052_xmldom | MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure |
| auxiliary/gather/mybb_db_fingerprint | MyBB Database Fingerprint |
| auxiliary/gather/natpmp_external_address | NAT-PMP External Address Scanner |
| auxiliary/gather/netgear_password_disclosure | NETGEAR Administrator Password Disclosure |
| auxiliary/gather/nis_bootparamd_domain | NIS bootparamd Domain Name Disclosure |
| auxiliary/gather/nis_ypserv_map | NIS ypserv Map Dumper |
| auxiliary/gather/nuuo_cms_bruteforce | Nuuo Central Management Server User Session Token Bruteforce |
| auxiliary/gather/nuuo_cms_file_download | Nuuo Central Management Server Authenticated Arbitrary File Download |
| auxiliary/gather/oats_downloadservlet_traversal | Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal |
| auxiliary/gather/office365userenum | Office 365 User Enumeration |
| auxiliary/gather/opennms_xxe | OpenNMS Authenticated XXE |
| auxiliary/gather/peplink_bauth_sqli | Peplink Balance routers SQLi |
| auxiliary/gather/pimcore_creds_sqli | Pimcore Gather Credentials via SQL Injection |
| auxiliary/gather/pulse_secure_file_disclosure | Pulse Secure VPN Arbitrary File Disclosure |
| auxiliary/gather/qnap_backtrace_admin_hash | QNAP NAS/NVR Administrator Hash Disclosure |
| auxiliary/gather/qnap_lfi | QNAP QTS and Photo Station Local File Inclusion |
| auxiliary/gather/rails_doubletap_file_read | Ruby On Rails File Content Disclosure ('doubletap') |
| auxiliary/gather/redis_extractor | Redis Extractor |
| auxiliary/gather/safari_file_url_navigation | Mac OS X Safari file:// Redirection Sandbox Escape |
| auxiliary/gather/saltstack_salt_root_key | SaltStack Salt Master Server Root Key Disclosure |
| auxiliary/gather/samsung_browser_sop_bypass | Samsung Internet Browser SOP Bypass |
| auxiliary/gather/search_email_collector | Search Engine Domain Email Address Collector |
| auxiliary/gather/searchengine_subdomains_collector | Search Engine Subdomains Collector |
| auxiliary/gather/shodan_honeyscore | Shodan Honeyscore Client |
| auxiliary/gather/shodan_host | Shodan Host Port |
| auxiliary/gather/shodan_search | Shodan Search |
| auxiliary/gather/snare_registry | Snare Lite for Windows Registry Access |
| auxiliary/gather/solarwinds_orion_sqli | Solarwinds Orion AccountManagement.asmx GetAccounts Admin Creation |
| auxiliary/gather/ssllabs_scan | SSL Labs API Client |
| auxiliary/gather/suite_crm_export_sqli | SuiteCRM authenticated SQL injection in export functionality |
| auxiliary/gather/teamtalk_creds | TeamTalk Gather Credentials |
| auxiliary/gather/trackit_sql_domain_creds | BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure |
| auxiliary/gather/vbulletin_getindexablecontent_sqli | vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection |
| auxiliary/gather/vbulletin_vote_sqli | vBulletin Password Collector via nodeid SQL Injection |
| auxiliary/gather/vmware_vcenter_vmdir_ldap | VMware vCenter Server vmdir Information Disclosure |
| auxiliary/gather/windows_deployment_services_shares | Microsoft Windows Deployment Services Unattend Gatherer |
| auxiliary/gather/windows_secrets_dump | Windows Secrets Dump |
| auxiliary/gather/wp_all_in_one_migration_export | WordPress All-in-One Migration Export |
| auxiliary/gather/wp_ultimate_csv_importer_user_extract | WordPress Ultimate CSV Importer User Table Extract |
| auxiliary/gather/wp_w3_total_cache_hash_extract | WordPress W3-Total-Cache Plugin 0.9.2.4 (or before) Username and Hash Extract |
| auxiliary/gather/xbmc_traversal | XBMC Web Server Directory Traversal |
| auxiliary/gather/xerox_pwd_extract | Xerox Administrator Console Password Extractor |
| auxiliary/gather/xerox_workcentre_5xxx_ldap | Xerox Workcentre 5735 LDAP Service Redential Extractor |
| auxiliary/gather/xymon_info | Xymon Daemon Gather Information |
| auxiliary/gather/zabbix_toggleids_sqli | Zabbix toggle_ids SQL Injection |
| auxiliary/gather/zookeeper_info_disclosure | Apache ZooKeeper Information Disclosure |
| auxiliary/gather/zoomeye_search | ZoomEye Search |
| auxiliary/parser/unattend | Auxilliary Parser Windows Unattend Passwords |
| auxiliary/pdf/foxit/authbypass | Foxit Reader Authorization Bypass |
| auxiliary/scanner/acpp/login | Apple Airport ACPP Authentication Scanner |
| auxiliary/scanner/afp/afp_login | Apple Filing Protocol Login Utility |
| auxiliary/scanner/afp/afp_server_info | Apple Filing Protocol Info Enumerator |
| auxiliary/scanner/backdoor/energizer_duo_detect | Energizer DUO Trojan Scanner |
| auxiliary/scanner/chargen/chargen_probe | Chargen Probe Utility |
| auxiliary/scanner/couchdb/couchdb_enum | CouchDB Enum Utility |
| auxiliary/scanner/couchdb/couchdb_login | CouchDB Login Utility |
| auxiliary/scanner/db2/db2_auth | DB2 Authentication Brute Force Utility |
| auxiliary/scanner/db2/db2_version | DB2 Probe Utility |
| auxiliary/scanner/db2/discovery | DB2 Discovery Service Detection |
| auxiliary/scanner/dcerpc/dfscoerce | DFSCoerce |
| auxiliary/scanner/dcerpc/endpoint_mapper | Endpoint Mapper Service Discovery |
| auxiliary/scanner/dcerpc/hidden | Hidden DCERPC Service Discovery |
| auxiliary/scanner/dcerpc/management | Remote Management Interface Discovery |
| auxiliary/scanner/dcerpc/petitpotam | PetitPotam |
| auxiliary/scanner/dcerpc/tcp_dcerpc_auditor | DCERPC TCP Service Auditor |
| auxiliary/scanner/dcerpc/windows_deployment_services | Microsoft Windows Deployment Services Unattend Retrieval |
| auxiliary/scanner/dect/call_scanner | DECT Call Scanner |
| auxiliary/scanner/dect/station_scanner | DECT Base Station Scanner |
| auxiliary/scanner/discovery/arp_sweep | ARP Sweep Local Network Discovery |
| auxiliary/scanner/discovery/empty_udp | UDP Empty Prober |
| auxiliary/scanner/discovery/ipv6_multicast_ping | IPv6 Link Local/Node Local Ping Discovery |
| auxiliary/scanner/discovery/ipv6_neighbor | IPv6 Local Neighbor Discovery |
| auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement | IPv6 Local Neighbor Discovery Using Router Advertisement |
| auxiliary/scanner/discovery/udp_probe | UDP Service Prober |
| auxiliary/scanner/discovery/udp_sweep | UDP Service Sweeper |
| auxiliary/scanner/dlsw/dlsw_leak_capture | Cisco DLSw Information Disclosure Scanner |
| auxiliary/scanner/dns/dns_amp | DNS Amplification Scanner |
| auxiliary/scanner/elasticsearch/indices_enum | ElasticSearch Indices Enumeration Utility |
| auxiliary/scanner/emc/alphastor_devicemanager | EMC AlphaStor Device Manager Service |
| auxiliary/scanner/emc/alphastor_librarymanager | EMC AlphaStor Library Manager Service |
| auxiliary/scanner/etcd/open_key_scanner | Etcd Keys API Information Gathering |
| auxiliary/scanner/etcd/version | Etcd Version Scanner |
| auxiliary/scanner/finger/finger_users | Finger Service User Enumerator |
| auxiliary/scanner/ftp/anonymous | Anonymous FTP Access Detection |
| auxiliary/scanner/ftp/bison_ftp_traversal | BisonWare BisonFTP Server 3.5 Directory Traversal Information Disclosure |
| auxiliary/scanner/ftp/colorado_ftp_traversal | ColoradoFTP Server 1.3 Build 8 Directory Traversal Information Disclosure |
| auxiliary/scanner/ftp/easy_file_sharing_ftp | Easy File Sharing FTP Server 3.6 Directory Traversal |
| auxiliary/scanner/ftp/ftp_login | FTP Authentication Scanner |
| auxiliary/scanner/ftp/ftp_version | FTP Version Scanner |
| auxiliary/scanner/ftp/konica_ftp_traversal | Konica Minolta FTP Utility 1.00 Directory Traversal Information Disclosure |
| auxiliary/scanner/ftp/pcman_ftp_traversal | PCMan FTP Server 2.0.7 Directory Traversal Information Disclosure |
| auxiliary/scanner/ftp/titanftp_xcrc_traversal | Titan FTP XCRC Directory Traversal Information Disclosure |
| auxiliary/scanner/gopher/gopher_gophermap | Gopher gophermap Scanner |
| auxiliary/scanner/gprs/gtp_echo | GTP Echo Scanner |
| auxiliary/scanner/h323/h323_version | H.323 Version Scanner |
| auxiliary/scanner/http/a10networks_ax_directory_traversal | A10 Networks AX Loadbalancer Directory Traversal |
| auxiliary/scanner/http/accellion_fta_statecode_file_read | Accellion FTA 'statecode' Cookie Arbitrary File Read |
| auxiliary/scanner/http/adobe_xml_inject | Adobe XML External Entity Injection |
| auxiliary/scanner/http/advantech_webaccess_login | Advantech WebAccess Login |
| auxiliary/scanner/http/allegro_rompager_misfortune_cookie | Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner |
| auxiliary/scanner/http/apache_activemq_source_disclosure | Apache ActiveMQ JSP Files Source Disclosure |
| auxiliary/scanner/http/apache_activemq_traversal | Apache ActiveMQ Directory Traversal |
| auxiliary/scanner/http/apache_flink_jobmanager_traversal | Apache Flink JobManager Traversal |
| auxiliary/scanner/http/apache_mod_cgi_bash_env | Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner |
| auxiliary/scanner/http/apache_normalize_path | Apache 2.4.49/2.4.50 Traversal RCE scanner |
| auxiliary/scanner/http/apache_optionsbleed | Apache Optionsbleed Scanner |
| auxiliary/scanner/http/apache_userdir_enum | Apache "mod_userdir" User Enumeration |
| auxiliary/scanner/http/appletv_login | AppleTV AirPlay Login Utility |
| auxiliary/scanner/http/atlassian_crowd_fileaccess | Atlassian Crowd XML Entity Expansion Remote File Access |
| auxiliary/scanner/http/axis_local_file_include | Apache Axis2 v1.4.1 Local File Inclusion |
| auxiliary/scanner/http/axis_login | Apache Axis2 Brute Force Utility |
| auxiliary/scanner/http/azure_ad_login | Microsoft Azure Active Directory Login Enumeration |
| auxiliary/scanner/http/backup_file | HTTP Backup File Scanner |
| auxiliary/scanner/http/barracuda_directory_traversal | Barracuda Multiple Product "locale" Directory Traversal |
| auxiliary/scanner/http/bavision_cam_login | BAVision IP Camera Web Server Login |
| auxiliary/scanner/http/binom3_login_config_pass_dump | Binom3 Web Management Login Scanner, Config and Password File Dump |
| auxiliary/scanner/http/bitweaver_overlay_type_traversal | Bitweaver overlay_type Directory Traversal |
| auxiliary/scanner/http/blind_sql_query | HTTP Blind SQL Injection Scanner |
| auxiliary/scanner/http/bmc_trackit_passwd_reset | BMC TrackIt! Unauthenticated Arbitrary User Password Change |
| auxiliary/scanner/http/brute_dirs | HTTP Directory Brute Force Scanner |
| auxiliary/scanner/http/buffalo_login | Buffalo NAS Login Utility |
| auxiliary/scanner/http/buildmaster_login | Inedo BuildMaster Login Scanner |
| auxiliary/scanner/http/caidao_bruteforce_login | Chinese Caidao Backdoor Bruteforce |
| auxiliary/scanner/http/canon_wireless | Canon Printer Wireless Configuration Disclosure |
| auxiliary/scanner/http/cassandra_web_file_read | Cassandra Web File Read Vulnerability |
| auxiliary/scanner/http/cert | HTTP SSL Certificate Checker |
| auxiliary/scanner/http/cgit_traversal | cgit Directory Traversal |
| auxiliary/scanner/http/chef_webui_login | Chef Web UI Brute Force Utility |
| auxiliary/scanner/http/chromecast_webserver | Chromecast Web Server Scanner |
| auxiliary/scanner/http/chromecast_wifi | Chromecast Wifi Enumeration |
| auxiliary/scanner/http/cisco_asa_asdm_bruteforce | Cisco ASA ASDM Brute-force Login |
| auxiliary/scanner/http/cisco_asa_asdm | Cisco ASA ASDM Bruteforce Login Utility |
| auxiliary/scanner/http/cisco_asa_clientless_vpn | Cisco ASA Clientless SSL VPN (WebVPN) Brute-force Login Utility |
| auxiliary/scanner/http/cisco_device_manager | Cisco Device HTTP Device Manager Access |
| auxiliary/scanner/http/cisco_directory_traversal | Cisco ASA Directory Traversal |
| auxiliary/scanner/http/cisco_firepower_download | Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal |
| auxiliary/scanner/http/cisco_firepower_login | Cisco Firepower Management Console 6.0 Login |
| auxiliary/scanner/http/cisco_ios_auth_bypass | Cisco IOS HTTP Unauthorized Administrative Access |
| auxiliary/scanner/http/cisco_ironport_enum | Cisco Ironport Bruteforce Login Utility |
| auxiliary/scanner/http/cisco_nac_manager_traversal | Cisco Network Access Manager Directory Traversal Vulnerability |
| auxiliary/scanner/http/cisco_ssl_vpn | Cisco SSL VPN Bruteforce Login Utility |
| auxiliary/scanner/http/cisco_ssl_vpn_priv_esc | Cisco ASA SSL VPN Privilege Escalation Vulnerability |
| auxiliary/scanner/http/citrix_dir_traversal | Citrix ADC (NetScaler) Directory Traversal Scanner |
| auxiliary/scanner/http/clansphere_traversal | ClanSphere 2011.3 Local File Inclusion Vulnerability |
| auxiliary/scanner/http/cnpilot_r_web_login_loot | Cambium cnPilot r200/r201 Login Scanner and Config Dump |
| auxiliary/scanner/http/coldfusion_locale_traversal | ColdFusion Server Check |
| auxiliary/scanner/http/coldfusion_version | ColdFusion Version Scanner |
| auxiliary/scanner/http/concrete5_member_list | Concrete5 Member List Enumeration |
| auxiliary/scanner/http/copy_of_file | HTTP Copy File Scanner |
| auxiliary/scanner/http/crawler | Web Site Crawler |
| auxiliary/scanner/http/dell_idrac | Dell iDRAC Default Login |
| auxiliary/scanner/http/dicoogle_traversal | Dicoogle PACS Web Server Directory Traversal |
| auxiliary/scanner/http/directadmin_login | DirectAdmin Web Control Panel Login Utility |
| auxiliary/scanner/http/dir_listing | HTTP Directory Listing Scanner |
| auxiliary/scanner/http/dir_scanner | HTTP Directory Scanner |
| auxiliary/scanner/http/dir_webdav_unicode_bypass | MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner |
| auxiliary/scanner/http/dlink_dir_300_615_http_login | D-Link DIR-300A / DIR-320 / DIR-615D HTTP Login Utility |
| auxiliary/scanner/http/dlink_dir_615h_http_login | D-Link DIR-615H HTTP Login Utility |
| auxiliary/scanner/http/dlink_dir_session_cgi_http_login | D-Link DIR-300B / DIR-600B / DIR-815 / DIR-645 HTTP Login Utility |
| auxiliary/scanner/http/dlink_user_agent_backdoor | D-Link User-Agent Backdoor Scanner |
| auxiliary/scanner/http/dnalims_file_retrieve | DnaLIMS Directory Traversal |
| auxiliary/scanner/http/docker_version | Docker Server Version Scanner |
| auxiliary/scanner/http/dolibarr_login | Dolibarr ERP/CRM Login Utility |
| auxiliary/scanner/http/drupal_views_user_enum | Drupal Views Module Users Enumeration |
| auxiliary/scanner/http/ektron_cms400net | Ektron CMS400.NET Default Password Scanner |
| auxiliary/scanner/http/elasticsearch_traversal | ElasticSearch Snapshot API Directory Traversal |
| auxiliary/scanner/http/emby_ssrf_scanner | Emby SSRF HTTP Scanner |
| auxiliary/scanner/http/emby_version_ssrf | Emby Version Scanner |
| auxiliary/scanner/http/enum_wayback | Archive.org Stored Domain URLs |
| auxiliary/scanner/http/epmp1000_dump_config | Cambium ePMP 1000 Dump Device Config |
| auxiliary/scanner/http/epmp1000_dump_hashes | Cambium ePMP 1000 'ping' Password Hash Extractor (up to v2.5) |
| auxiliary/scanner/http/epmp1000_get_chart_cmd_exec | Cambium ePMP 1000 'get_chart' Command Injection (v3.1-3.5-RC7) |
| auxiliary/scanner/http/epmp1000_ping_cmd_exec | Cambium ePMP 1000 'ping' Command Injection (up to v2.5) |
| auxiliary/scanner/http/epmp1000_reset_pass | Cambium ePMP 1000 Account Password Reset |
| auxiliary/scanner/http/epmp1000_web_login | Cambium ePMP 1000 Login Scanner |
| auxiliary/scanner/http/error_sql_injection | HTTP Error Based SQL Injection Scanner |
| auxiliary/scanner/http/es_file_explorer_open_port | ES File Explorer Open Port |
| auxiliary/scanner/http/etherpad_duo_login | EtherPAD Duo Login Bruteforce Utility |
| auxiliary/scanner/http/exchange_proxylogon | Microsoft Exchange ProxyLogon Scanner |
| auxiliary/scanner/http/exchange_web_server_pushsubscription | Microsoft Exchange Privilege Escalation Exploit |
| auxiliary/scanner/http/f5_bigip_virtual_server | F5 BigIP HTTP Virtual Server Scanner |
| auxiliary/scanner/http/f5_mgmt_scanner | F5 Networks Devices Management Interface Scanner |
| auxiliary/scanner/http/file_same_name_dir | HTTP File Same Name Directory Scanner |
| auxiliary/scanner/http/files_dir | HTTP Interesting File Scanner |
| auxiliary/scanner/http/fortimail_login_bypass_detection | FortiMail Unauthenticated Login Bypass Scanner |
| auxiliary/scanner/http/fortinet_ssl_vpn | Fortinet SSL VPN Bruteforce Login Utility |
| auxiliary/scanner/http/frontpage_credential_dump | FrontPage .pwd File Credential Dump |
| auxiliary/scanner/http/frontpage_login | FrontPage Server Extensions Anonymous Login Scanner |
| auxiliary/scanner/http/gavazzi_em_login_loot | Carlo Gavazzi Energy Meters - Login Brute Force, Extract Info and Dump Plant Database |
| auxiliary/scanner/http/gitlab_graphql_user_enum | GitLab GraphQL API User Enumeration |
| auxiliary/scanner/http/gitlab_login | GitLab Login Utility |
| auxiliary/scanner/http/gitlab_user_enum | GitLab User Enumeration |
| auxiliary/scanner/http/git_scanner | HTTP Git Scanner |
| auxiliary/scanner/http/glassfish_login | GlassFish Brute Force Utility |
| auxiliary/scanner/http/glassfish_traversal | Path Traversal in Oracle GlassFish Server Open Source Edition |
| auxiliary/scanner/http/goahead_traversal | Embedthis GoAhead Embedded Web Server Directory Traversal |
| auxiliary/scanner/http/grafana_plugin_traversal | Grafana Plugin Path Traversal |
| auxiliary/scanner/http/groupwise_agents_http_traversal | Novell Groupwise Agents HTTP Directory Traversal |
| auxiliary/scanner/http/host_header_injection | HTTP Host Header Injection Detection |
| auxiliary/scanner/http/hp_imc_bims_downloadservlet_traversal | HP Intelligent Management BIMS DownloadServlet Directory Traversal |
| auxiliary/scanner/http/hp_imc_faultdownloadservlet_traversal | HP Intelligent Management FaultDownloadServlet Directory Traversal |
| auxiliary/scanner/http/hp_imc_ictdownloadservlet_traversal | HP Intelligent Management IctDownloadServlet Directory Traversal |
| auxiliary/scanner/http/hp_imc_reportimgservlt_traversal | HP Intelligent Management ReportImgServlt Directory Traversal |
| auxiliary/scanner/http/hp_imc_som_file_download | HP Intelligent Management SOM FileDownloadServlet Arbitrary Download |
| auxiliary/scanner/http/hp_sitescope_getfileinternal_fileaccess | HP SiteScope SOAP Call getFileInternal Remote File Access |
| auxiliary/scanner/http/hp_sitescope_getsitescopeconfiguration | HP SiteScope SOAP Call getSiteScopeConfiguration Configuration Access |
| auxiliary/scanner/http/hp_sitescope_loadfilecontent_fileaccess | HP SiteScope SOAP Call loadFileContent Remote File Access |
| auxiliary/scanner/http/hp_sys_mgmt_login | HP System Management Homepage Login Utility |
| auxiliary/scanner/http/httpbl_lookup | Http:BL Lookup |
| auxiliary/scanner/http/httpdasm_directory_traversal | Httpdasm Directory Traversal |
| auxiliary/scanner/http/http_header | HTTP Header Detection |
| auxiliary/scanner/http/http_hsts | HTTP Strict Transport Security (HSTS) Detection |
| auxiliary/scanner/http/http_login | HTTP Login Utility |
| auxiliary/scanner/http/http_put | HTTP Writable Path PUT/DELETE File Access |
| auxiliary/scanner/http/http_sickrage_password_leak | HTTP SickRage Password Leak |
| auxiliary/scanner/http/http_traversal | Generic HTTP Directory Traversal Utility |
| auxiliary/scanner/http/http_version | HTTP Version Detection |
| auxiliary/scanner/http/iis_internal_ip | Microsoft IIS HTTP Internal IP Disclosure |
| auxiliary/scanner/http/iis_shortname_scanner | Microsoft IIS shortname vulnerability scanner |
| auxiliary/scanner/http/influxdb_enum | InfluxDB Enum Utility |
| auxiliary/scanner/http/infovista_enum | InfoVista VistaPortal Application Bruteforce Login Utility |
| auxiliary/scanner/http/intel_amt_digest_bypass | Intel AMT Digest Authentication Bypass Scanner |
| auxiliary/scanner/http/ipboard_login | IP Board Login Auxiliary Module |
| auxiliary/scanner/http/jboss_status | JBoss Status Servlet Information Gathering |
| auxiliary/scanner/http/jboss_vulnscan | JBoss Vulnerability Scanner |
| auxiliary/scanner/http/jenkins_command | Jenkins-CI Unauthenticated Script-Console Scanner |
| auxiliary/scanner/http/jenkins_enum | Jenkins-CI Enumeration |
| auxiliary/scanner/http/jenkins_login | Jenkins-CI Login Utility |
| auxiliary/scanner/http/jira_user_enum | Jira Users Enumeration |
| auxiliary/scanner/http/joomla_bruteforce_login | Joomla Bruteforce Login Utility |
| auxiliary/scanner/http/joomla_ecommercewd_sqli_scanner | Web-Dorado ECommerce WD for Joomla! search_category_id SQL Injection Scanner |
| auxiliary/scanner/http/joomla_gallerywd_sqli_scanner | Gallery WD for Joomla! Unauthenticated SQL Injection Scanner |
| auxiliary/scanner/http/joomla_pages | Joomla Page Scanner |
| auxiliary/scanner/http/joomla_plugins | Joomla Plugins Scanner |
| auxiliary/scanner/http/joomla_version | Joomla Version Scanner |
| auxiliary/scanner/http/jupyter_login | Jupyter Login Utility |
| auxiliary/scanner/http/kodi_traversal | Kodi 17.0 Local File Inclusion Vulnerability |
| auxiliary/scanner/http/limesurvey_zip_traversals | LimeSurvey Zip Path Traversals |
| auxiliary/scanner/http/linknat_vos_traversal | Linknat Vos Manager Traversal |
| auxiliary/scanner/http/linksys_e1500_traversal | Linksys E1500 Directory Traversal Vulnerability |
| auxiliary/scanner/http/litespeed_source_disclosure | LiteSpeed Source Code Disclosure/Download |
| auxiliary/scanner/http/log4shell_scanner | Log4Shell HTTP Scanner |
| auxiliary/scanner/http/lucky_punch | HTTP Microsoft SQL Injection Table XSS Infection |
| auxiliary/scanner/http/majordomo2_directory_traversal | Majordomo2 _list_file_get() Directory Traversal |
| auxiliary/scanner/http/manageengine_desktop_central_login | ManageEngine Desktop Central Login Utility |
| auxiliary/scanner/http/manageengine_deviceexpert_traversal | ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal |
| auxiliary/scanner/http/manageengine_deviceexpert_user_creds | ManageEngine DeviceExpert User Credentials |
| auxiliary/scanner/http/manageengine_securitymanager_traversal | ManageEngine SecurityManager Plus 5.5 Directory Traversal |
| auxiliary/scanner/http/mediawiki_svg_fileaccess | MediaWiki SVG XML Entity Expansion Remote File Access |
| auxiliary/scanner/http/meteocontrol_weblog_extractadmin | Meteocontrol WEBlog Password Extractor |
| auxiliary/scanner/http/mod_negotiation_brute | Apache HTTPD mod_negotiation Filename Bruter |
| auxiliary/scanner/http/mod_negotiation_scanner | Apache HTTPD mod_negotiation Scanner |
| auxiliary/scanner/http/ms09_020_webdav_unicode_bypass | MS09-020 IIS6 WebDAV Unicode Authentication Bypass |
| auxiliary/scanner/http/ms15_034_http_sys_memory_dump | MS15-034 HTTP Protocol Stack Request Handling HTTP.SYS Memory Information Disclosure |
| auxiliary/scanner/http/mybook_live_login | Western Digital MyBook Live Login Utility |
| auxiliary/scanner/http/nagios_xi_scanner | Nagios XI Scanner |
| auxiliary/scanner/http/netdecision_traversal | NetDecision NOCVision Server Directory Traversal |
| auxiliary/scanner/http/netgear_sph200d_traversal | Netgear SPH200D Directory Traversal Vulnerability |
| auxiliary/scanner/http/nginx_source_disclosure | Nginx Source Code Disclosure/Download |
| auxiliary/scanner/http/novell_file_reporter_fsfui_fileaccess | NFR Agent FSFUI Record Arbitrary Remote File Access |
| auxiliary/scanner/http/novell_file_reporter_srs_fileaccess | NFR Agent SRS Record Arbitrary Remote File Access |
| auxiliary/scanner/http/novell_mdm_creds | Novell Zenworks Mobile Device Managment Admin Credentials |
| auxiliary/scanner/http/ntlm_info_enumeration | Host Information Enumeration via NTLM Authentication |
| auxiliary/scanner/http/octopusdeploy_login | Octopus Deploy Login Utility |
| auxiliary/scanner/http/onion_omega2_login | Onion Omega2 Login Brute-Force |
| auxiliary/scanner/http/openmind_messageos_login | OpenMind Message-OS Portal Login Brute Force Utility |
| auxiliary/scanner/http/open_proxy | HTTP Open Proxy Detection |
| auxiliary/scanner/http/options | HTTP Options Detection |
| auxiliary/scanner/http/oracle_demantra_database_credentials_leak | Oracle Demantra Database Credentials Leak |
| auxiliary/scanner/http/oracle_demantra_file_retrieval | Oracle Demantra Arbitrary File Retrieval with Authentication Bypass |
| auxiliary/scanner/http/oracle_ilom_login | Oracle ILO Manager Login Brute Force Utility |
| auxiliary/scanner/http/owa_ews_login | OWA Exchange Web Services (EWS) Login Scanner |
| auxiliary/scanner/http/owa_iis_internal_ip | Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure |
| auxiliary/scanner/http/owa_login | Outlook Web App (OWA) Brute Force Utility |
| auxiliary/scanner/http/phpmyadmin_login | PhpMyAdmin Login Scanner |
| auxiliary/scanner/http/pocketpad_login | PocketPAD Login Bruteforce Force Utility |
| auxiliary/scanner/http/prev_dir_same_name_file | HTTP Previous Directory File Scanner |
| auxiliary/scanner/http/radware_appdirector_enum | Radware AppDirector Bruteforce Login Utility |
| auxiliary/scanner/http/rails_json_yaml_scanner | Ruby on Rails JSON Processor YAML Deserialization Scanner |
| auxiliary/scanner/http/rails_mass_assignment | Ruby On Rails Attributes Mass Assignment Scanner |
| auxiliary/scanner/http/rails_xml_yaml_scanner | Ruby on Rails XML Processor YAML Deserialization Scanner |
| auxiliary/scanner/http/rdp_web_login | Microsoft RDP Web Client Login Enumeration |
| auxiliary/scanner/http/replace_ext | HTTP File Extension Scanner |
| auxiliary/scanner/http/rewrite_proxy_bypass | Apache Reverse Proxy Bypass Vulnerability Scanner |
| auxiliary/scanner/http/rfcode_reader_enum | RFCode Reader Web Interface Login / Bruteforce Utility |
| auxiliary/scanner/http/rips_traversal | RIPS Scanner Directory Traversal |
| auxiliary/scanner/http/riverbed_steelhead_vcx_file_read | Riverbed SteelHead VCX File Read |
| auxiliary/scanner/http/robots_txt | HTTP Robots.txt Content Scanner |
| auxiliary/scanner/http/s40_traversal | S40 0.4.2 CMS Directory Traversal Vulnerability |
| auxiliary/scanner/http/sap_businessobjects_user_brute | SAP BusinessObjects User Bruteforcer |
| auxiliary/scanner/http/sap_businessobjects_user_brute_web | SAP BusinessObjects Web User Bruteforcer |
| auxiliary/scanner/http/sap_businessobjects_user_enum | SAP BusinessObjects User Enumeration |
| auxiliary/scanner/http/sap_businessobjects_version_enum | SAP BusinessObjects Version Detection |
| auxiliary/scanner/http/scraper | HTTP Page Scraper |
| auxiliary/scanner/http/sentry_cdu_enum | Sentry Switched CDU Bruteforce Login Utility |
| auxiliary/scanner/http/servicedesk_plus_traversal | ManageEngine ServiceDesk Plus Path Traversal |
| auxiliary/scanner/http/sevone_enum | SevOne Network Performance Management Application Brute Force Login Utility |
| auxiliary/scanner/http/simple_webserver_traversal | Simple Web Server 2.3-RC1 Directory Traversal |
| auxiliary/scanner/http/smt_ipmi_49152_exposure | Supermicro Onboard IPMI Port 49152 Sensitive File Exposure |
| auxiliary/scanner/http/smt_ipmi_cgi_scanner | Supermicro Onboard IPMI CGI Vulnerability Scanner |
| auxiliary/scanner/http/smt_ipmi_static_cert_scanner | Supermicro Onboard IPMI Static SSL Certificate Scanner |
| auxiliary/scanner/http/smt_ipmi_url_redirect_traversal | Supermicro Onboard IPMI url_redirect.cgi Authenticated Directory Traversal |
| auxiliary/scanner/http/soap_xml | HTTP SOAP Verb/Noun Brute Force Scanner |
| auxiliary/scanner/http/sockso_traversal | Sockso Music Host Server 1.5 Directory Traversal |
| auxiliary/scanner/http/splunk_web_login | Splunk Web Interface Login Utility |
| auxiliary/scanner/http/springcloud_directory_traversal | Directory Traversal in Spring Cloud Config Server |
| auxiliary/scanner/http/springcloud_traversal | Spring Cloud Config Server Directory Traversal |
| auxiliary/scanner/http/squid_pivot_scanning | Squid Proxy Port Scanner |
| auxiliary/scanner/http/squiz_matrix_user_enum | Squiz Matrix User Enumeration Scanner |
| auxiliary/scanner/http/ssl | HTTP SSL Certificate Information |
| auxiliary/scanner/http/ssl_version | HTTP SSL/TLS Version Detection (POODLE scanner) |
| auxiliary/scanner/http/support_center_plus_directory_traversal | ManageEngine Support Center Plus Directory Traversal |
| auxiliary/scanner/http/surgenews_user_creds | SurgeNews User Credentials |
| auxiliary/scanner/http/svn_scanner | HTTP Subversion Scanner |
| auxiliary/scanner/http/svn_wcdb_scanner | SVN wc.db Scanner |
| auxiliary/scanner/http/sybase_easerver_traversal | Sybase Easerver 6.3 Directory Traversal |
| auxiliary/scanner/http/symantec_brightmail_ldapcreds | Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability |
| auxiliary/scanner/http/symantec_brightmail_logfile | Symantec Messaging Gateway 9.5 Log File Download Vulnerability |
| auxiliary/scanner/http/symantec_web_gateway_login | Symantec Web Gateway Login Utility |
| auxiliary/scanner/http/synology_forget_passwd_user_enum | Synology Forget Password User Enumeration Scanner |
| auxiliary/scanner/http/thinvnc_traversal | ThinVNC Directory Traversal |
| auxiliary/scanner/http/titan_ftp_admin_pwd | Titan FTP Administrative Password Disclosure |
| auxiliary/scanner/http/title | HTTP HTML Title Tag Content Grabber |
| auxiliary/scanner/http/tomcat_enum | Apache Tomcat User Enumeration |
| auxiliary/scanner/http/tomcat_mgr_login | Tomcat Application Manager Login Utility |
| auxiliary/scanner/http/totaljs_traversal | Total.js prior to 3.2.4 Directory Traversal |
| auxiliary/scanner/http/tplink_traversal_noauth | TP-Link Wireless Lite N Access Point Directory Traversal Vulnerability |
| auxiliary/scanner/http/trace_axd | HTTP trace.axd Content Scanner |
| auxiliary/scanner/http/trace | HTTP Cross-Site Tracing Detection |
| auxiliary/scanner/http/tvt_nvms_traversal | TVT NVMS-1000 Directory Traversal |
| auxiliary/scanner/http/typo3_bruteforce | Typo3 Login Bruteforcer |
| auxiliary/scanner/http/vcms_login | V-CMS Login Utility |
| auxiliary/scanner/http/verb_auth_bypass | HTTP Verb Authentication Bypass Scanner |
| auxiliary/scanner/http/vhost_scanner | HTTP Virtual Host Brute Force Scanner |
| auxiliary/scanner/http/vicidial_multiple_sqli | VICIdial Multiple Authenticated SQLi |
| auxiliary/scanner/http/wangkongbao_traversal | WANGKONGBAO CNS-1000 and 1100 UTM Directory Traversal |
| auxiliary/scanner/http/webdav_internal_ip | HTTP WebDAV Internal IP Scanner |
| auxiliary/scanner/http/webdav_scanner | HTTP WebDAV Scanner |
| auxiliary/scanner/http/webdav_website_content | HTTP WebDAV Website Content Scanner |
| auxiliary/scanner/http/webpagetest_traversal | WebPageTest Directory Traversal |
| auxiliary/scanner/http/web_vulndb | HTTP Vuln Scanner |
| auxiliary/scanner/http/wildfly_traversal | WildFly Directory Traversal |
| auxiliary/scanner/http/wordpress_content_injection | WordPress REST API Content Injection |
| auxiliary/scanner/http/wordpress_cp_calendar_sqli | WordPress CP Multi-View Calendar Unauthenticated SQL Injection Scanner |
| auxiliary/scanner/http/wordpress_ghost_scanner | WordPress XMLRPC GHOST Vulnerability Scanner |
| auxiliary/scanner/http/wordpress_login_enum | WordPress Brute Force and User Enumeration Utility |
| auxiliary/scanner/http/wordpress_multicall_creds | Wordpress XML-RPC system.multicall Credential Collector |
| auxiliary/scanner/http/wordpress_pingback_access | Wordpress Pingback Locator |
| auxiliary/scanner/http/wordpress_scanner | Wordpress Scanner |
| auxiliary/scanner/http/wordpress_xmlrpc_login | Wordpress XML-RPC Username/Password Login Scanner |
| auxiliary/scanner/http/wp_abandoned_cart_sqli | Abandoned Cart for WooCommerce SQLi Scanner |
| auxiliary/scanner/http/wp_arbitrary_file_deletion | Wordpress Arbitrary File Deletion |
| auxiliary/scanner/http/wp_bulletproofsecurity_backups | Wordpress BulletProof Security Backup Disclosure |
| auxiliary/scanner/http/wp_chopslider_id_sqli | WordPress ChopSlider3 id SQLi Scanner |
| auxiliary/scanner/http/wp_contus_video_gallery_sqli | WordPress Contus Video Gallery Unauthenticated SQL Injection Scanner |
| auxiliary/scanner/http/wp_dukapress_file_read | WordPress DukaPress Plugin File Read Vulnerability |
| auxiliary/scanner/http/wp_duplicator_file_read | WordPress Duplicator File Read Vulnerability |
| auxiliary/scanner/http/wp_easy_wp_smtp | WordPress Easy WP SMTP Password Reset |
| auxiliary/scanner/http/wp_email_sub_news_sqli | WordPress Email Subscribers and Newsletter Hash SQLi Scanner |
| auxiliary/scanner/http/wp_gimedia_library_file_read | WordPress GI-Media Library Plugin Directory Traversal Vulnerability |
| auxiliary/scanner/http/wp_learnpress_sqli | Wordpress LearnPress current_items Authenticated SQLi |
| auxiliary/scanner/http/wp_loginizer_log_sqli | WordPress Loginizer log SQLi Scanner |
| auxiliary/scanner/http/wp_mobileedition_file_read | WordPress Mobile Edition File Read Vulnerability |
| auxiliary/scanner/http/wp_mobile_pack_info_disclosure | WordPress Mobile Pack Information Disclosure Vulnerability |
| auxiliary/scanner/http/wp_modern_events_calendar_sqli | WordPress Modern Events Calendar SQLi Scanner |
| auxiliary/scanner/http/wp_nextgen_galley_file_read | WordPress NextGEN Gallery Directory Read Vulnerability |
| auxiliary/scanner/http/wp_registrationmagic_sqli | Wordpress RegistrationMagic task_ids Authenticated SQLi |
| auxiliary/scanner/http/wp_secure_copy_content_protection_sqli | Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi |
| auxiliary/scanner/http/wp_simple_backup_file_read | WordPress Simple Backup File Read Vulnerability |
| auxiliary/scanner/http/wp_subscribe_comments_file_read | WordPress Subscribe Comments File Read Vulnerability |
| auxiliary/scanner/http/wp_total_upkeep_downloader | WordPress Total Upkeep Unauthenticated Backup Downloader |
| auxiliary/scanner/http/wp_wps_hide_login_revealer | WordPress WPS Hide Login Login Page Revealer |
| auxiliary/scanner/http/xpath | HTTP Blind XPATH 1.0 Injector |
| auxiliary/scanner/http/yaws_traversal | Yaws Web Server Directory Traversal |
| auxiliary/scanner/http/zabbix_login | Zabbix Server Brute Force Utility |
| auxiliary/scanner/http/zenload_balancer_traversal | Zen Load Balancer Directory Traversal |
| auxiliary/scanner/http/zenworks_assetmanagement_fileaccess | Novell ZENworks Asset Management 7.5 Remote File Access |
| auxiliary/scanner/http/zenworks_assetmanagement_getconfig | Novell ZENworks Asset Management 7.5 Configuration Access |
| auxiliary/scanner/ike/cisco_ike_benigncertain | Cisco IKE Information Disclosure |
| auxiliary/scanner/imap/imap_version | IMAP4 Banner Grabber |
| auxiliary/scanner/ip/ipidseq | IPID Sequence Scanner |
| auxiliary/scanner/ipmi/ipmi_cipher_zero | IPMI 2.0 Cipher Zero Authentication Bypass Scanner |
| auxiliary/scanner/ipmi/ipmi_dumphashes | IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval |
| auxiliary/scanner/ipmi/ipmi_version | IPMI Information Discovery |
| auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum | Jenkins Server Broadcast Enumeration |
| auxiliary/scanner/kademlia/server_info | Gather Kademlia Server Information |
| auxiliary/scanner/llmnr/query | LLMNR Query |
| auxiliary/scanner/lotus/lotus_domino_hashes | Lotus Domino Password Hash Collector |
| auxiliary/scanner/lotus/lotus_domino_login | Lotus Domino Brute Force Utility |
| auxiliary/scanner/lotus/lotus_domino_version | Lotus Domino Version |
| auxiliary/scanner/mdns/query | mDNS Query |
| auxiliary/scanner/memcached/memcached_amp | Memcached Stats Amplification Scanner |
| auxiliary/scanner/memcached/memcached_udp_version | Memcached UDP Version Scanner |
| auxiliary/scanner/misc/cctv_dvr_login | CCTV DVR Login Scanning Utility |
| auxiliary/scanner/misc/cisco_smart_install | Identify Cisco Smart Install endpoints |
| auxiliary/scanner/misc/clamav_control | ClamAV Remote Command Transmitter |
| auxiliary/scanner/misc/dahua_dvr_auth_bypass | Dahua DVR Auth Bypass Scanner |
| auxiliary/scanner/misc/dvr_config_disclosure | Multiple DVR Manufacturers Configuration Disclosure |
| auxiliary/scanner/misc/easycafe_server_fileaccess | EasyCafe Server Remote File Access |
| auxiliary/scanner/misc/freeswitch_event_socket_login | FreeSWITCH Event Socket Login |
| auxiliary/scanner/misc/ibm_mq_channel_brute | IBM WebSphere MQ Channel Name Bruteforce |
| auxiliary/scanner/misc/ibm_mq_enum | Identify Queue Manager Name and MQ Version |
| auxiliary/scanner/misc/ibm_mq_login | IBM WebSphere MQ Login Check |
| auxiliary/scanner/misc/ib_service_mgr_info | Borland InterBase Services Manager Information |
| auxiliary/scanner/misc/java_jmx_server | Java JMX Server Insecure Endpoint Code Execution Scanner |
| auxiliary/scanner/misc/java_rmi_server | Java RMI Server Insecure Endpoint Code Execution Scanner |
| auxiliary/scanner/misc/oki_scanner | OKI Printer Default Login Credential Scanner |
| auxiliary/scanner/misc/poisonivy_control_scanner | Poison Ivy Command and Control Scanner |
| auxiliary/scanner/misc/raysharp_dvr_passwords | Ray Sharp DVR Password Retriever |
| auxiliary/scanner/misc/rosewill_rxs3211_passwords | Rosewill RXS-3211 IP Camera Password Retriever |
| auxiliary/scanner/misc/sercomm_backdoor_scanner | SerComm Network Device Backdoor Detection |
| auxiliary/scanner/misc/sunrpc_portmapper | SunRPC Portmap Program Enumerator |
| auxiliary/scanner/misc/zenworks_preboot_fileaccess | Novell ZENworks Configuration Management Preboot Service Remote File Access |
| auxiliary/scanner/mongodb/mongodb_login | MongoDB Login Utility |
| auxiliary/scanner/motorola/timbuktu_udp | Motorola Timbuktu Service Detection |
| auxiliary/scanner/mqtt/connect | MQTT Authentication Scanner |
| auxiliary/scanner/msf/msf_rpc_login | Metasploit RPC Interface Login Utility |
| auxiliary/scanner/msf/msf_web_login | Metasploit Web Interface Login Utility |
| auxiliary/scanner/msmail/exchange_enum | Exchange email enumeration |
| auxiliary/scanner/msmail/host_id | Vulnerable domain identification |
| auxiliary/scanner/msmail/onprem_enum | On premise user enumeration |
| auxiliary/scanner/mssql/mssql_hashdump | MSSQL Password Hashdump |
| auxiliary/scanner/mssql/mssql_login | MSSQL Login Utility |
| auxiliary/scanner/mssql/mssql_ping | MSSQL Ping Utility |
| auxiliary/scanner/mssql/mssql_schemadump | MSSQL Schema Dump |
| auxiliary/scanner/mysql/mysql_authbypass_hashdump | MySQL Authentication Bypass Password Dump |
| auxiliary/scanner/mysql/mysql_file_enum | MYSQL File/Directory Enumerator |
| auxiliary/scanner/mysql/mysql_hashdump | MYSQL Password Hashdump |
| auxiliary/scanner/mysql/mysql_login | MySQL Login Utility |
| auxiliary/scanner/mysql/mysql_schemadump | MYSQL Schema Dump |
| auxiliary/scanner/mysql/mysql_version | MySQL Server Version Enumeration |
| auxiliary/scanner/mysql/mysql_writable_dirs | MYSQL Directory Write Test |
| auxiliary/scanner/natpmp/natpmp_portscan | NAT-PMP External Port Scanner |
| auxiliary/scanner/nessus/nessus_ntp_login | Nessus NTP Login Utility |
| auxiliary/scanner/nessus/nessus_rest_login | Nessus RPC Interface Login Utility |
| auxiliary/scanner/nessus/nessus_xmlrpc_login | Nessus XMLRPC Interface Login Utility |
| auxiliary/scanner/nessus/nessus_xmlrpc_ping | Nessus XMLRPC Interface Ping Utility |
| auxiliary/scanner/netbios/nbname | NetBIOS Information Discovery |
| auxiliary/scanner/nexpose/nexpose_api_login | NeXpose API Interface Login Utility |
| auxiliary/scanner/nfs/nfsmount | NFS Mount Scanner |
| auxiliary/scanner/nntp/nntp_login | NNTP Login Utility |
| auxiliary/scanner/ntp/ntp_monlist | NTP Monitor List Scanner |
| auxiliary/scanner/ntp/ntp_nak_to_the_future | NTP "NAK to the Future" |
| auxiliary/scanner/ntp/ntp_peer_list_dos | NTP Mode 7 PEER_LIST DoS Scanner |
| auxiliary/scanner/ntp/ntp_peer_list_sum_dos | NTP Mode 7 PEER_LIST_SUM DoS Scanner |
| auxiliary/scanner/ntp/ntp_readvar | NTP Clock Variables Disclosure |
| auxiliary/scanner/ntp/ntp_req_nonce_dos | NTP Mode 6 REQ_NONCE DRDoS Scanner |
| auxiliary/scanner/ntp/ntp_reslist_dos | NTP Mode 7 GET_RESTRICT DRDoS Scanner |
| auxiliary/scanner/ntp/ntp_unsettrap_dos | NTP Mode 6 UNSETTRAP DRDoS Scanner |
| auxiliary/scanner/openvas/openvas_gsad_login | OpenVAS gsad Web Interface Login Utility |
| auxiliary/scanner/openvas/openvas_omp_login | OpenVAS OMP Login Utility |
| auxiliary/scanner/openvas/openvas_otp_login | OpenVAS OTP Login Utility |
| auxiliary/scanner/oracle/emc_sid | Oracle Enterprise Manager Control SID Discovery |
| auxiliary/scanner/oracle/isqlplus_login | Oracle iSQL*Plus Login Utility |
| auxiliary/scanner/oracle/isqlplus_sidbrute | Oracle iSQLPlus SID Check |
| auxiliary/scanner/oracle/oracle_hashdump | Oracle Password Hashdump |
| auxiliary/scanner/oracle/oracle_login | Oracle RDBMS Login Utility |
| auxiliary/scanner/oracle/sid_brute | Oracle TNS Listener SID Bruteforce |
| auxiliary/scanner/oracle/sid_enum | Oracle TNS Listener SID Enumeration |
| auxiliary/scanner/oracle/spy_sid | Oracle Application Server Spy Servlet SID Enumeration |
| auxiliary/scanner/oracle/tnslsnr_version | Oracle TNS Listener Service Version Query |
| auxiliary/scanner/oracle/tnspoison_checker | Oracle TNS Listener Checker |
| auxiliary/scanner/oracle/xdb_sid_brute | Oracle XML DB SID Discovery via Brute Force |
| auxiliary/scanner/oracle/xdb_sid | Oracle XML DB SID Discovery |
| auxiliary/scanner/pcanywhere/pcanywhere_login | PcAnywhere Login Scanner |
| auxiliary/scanner/pcanywhere/pcanywhere_tcp | PcAnywhere TCP Service Discovery |
| auxiliary/scanner/pcanywhere/pcanywhere_udp | PcAnywhere UDP Service Discovery |
| auxiliary/scanner/pop3/pop3_login | POP3 Login Utility |
| auxiliary/scanner/pop3/pop3_version | POP3 Banner Grabber |
| auxiliary/scanner/portmap/portmap_amp | Portmapper Amplification Scanner |
| auxiliary/scanner/portscan/ack | TCP ACK Firewall Scanner |
| auxiliary/scanner/portscan/ftpbounce | FTP Bounce Port Scanner |
| auxiliary/scanner/portscan/syn | TCP SYN Port Scanner |
| auxiliary/scanner/portscan/tcp | TCP Port Scanner |
| auxiliary/scanner/portscan/xmas | TCP "XMas" Port Scanner |
| auxiliary/scanner/postgres/postgres_dbname_flag_injection | PostgreSQL Database Name Command Line Flag Injection |
| auxiliary/scanner/postgres/postgres_hashdump | Postgres Password Hashdump |
| auxiliary/scanner/postgres/postgres_login | PostgreSQL Login Utility |
| auxiliary/scanner/postgres/postgres_schemadump | Postgres Schema Dump |
| auxiliary/scanner/postgres/postgres_version | PostgreSQL Version Probe |
| auxiliary/scanner/printer/canon_iradv_pwd_extract | Canon IR-Adv Password Extractor |
| auxiliary/scanner/printer/printer_delete_file | Printer File Deletion Scanner |
| auxiliary/scanner/printer/printer_download_file | Printer File Download Scanner |
| auxiliary/scanner/printer/printer_env_vars | Printer Environment Variables Scanner |
| auxiliary/scanner/printer/printer_list_dir | Printer Directory Listing Scanner |
| auxiliary/scanner/printer/printer_list_volumes | Printer Volume Listing Scanner |
| auxiliary/scanner/printer/printer_ready_message | Printer Ready Message Scanner |
| auxiliary/scanner/printer/printer_upload_file | Printer File Upload Scanner |
| auxiliary/scanner/printer/printer_version_info | Printer Version Information Scanner |
| auxiliary/scanner/quake/server_info | Gather Quake Server Information |
| auxiliary/scanner/rdp/cve_2019_0708_bluekeep | CVE-2019-0708 BlueKeep Microsoft Remote Desktop RCE Check |
| auxiliary/scanner/rdp/ms12_020_check | MS12-020 Microsoft Remote Desktop Checker |
| auxiliary/scanner/rdp/rdp_scanner | Identify endpoints speaking the Remote Desktop Protocol (RDP) |
| auxiliary/scanner/redis/file_upload | Redis File Upload |
| auxiliary/scanner/redis/redis_login | Redis Login Utility |
| auxiliary/scanner/redis/redis_server | Redis Command Execute Scanner |
| auxiliary/scanner/rogue/rogue_recv | Rogue Gateway Detection: Receiver |
| auxiliary/scanner/rogue/rogue_send | Rogue Gateway Detection: Sender |
| auxiliary/scanner/rservices/rexec_login | rexec Authentication Scanner |
| auxiliary/scanner/rservices/rlogin_login | rlogin Authentication Scanner |
| auxiliary/scanner/rservices/rsh_login | rsh Authentication Scanner |
| auxiliary/scanner/rsync/modules_list | List Rsync Modules |
| auxiliary/scanner/sage/x3_adxsrv_login | Sage X3 AdxAdmin Login Scanner |
| auxiliary/scanner/sap/sap_ctc_verb_tampering_user_mgmt | SAP CTC Service Verb Tampering User Management |
| auxiliary/scanner/sap/sap_hostctrl_getcomputersystem | SAP Host Agent Information Disclosure |
| auxiliary/scanner/sap/sap_icf_public_info | SAP ICF /sap/public/info Service Sensitive Information Gathering |
| auxiliary/scanner/sap/sap_icm_urlscan | SAP URL Scanner |
| auxiliary/scanner/sap/sap_mgmt_con_abaplog | SAP Management Console ABAP Syslog Disclosure |
| auxiliary/scanner/sap/sap_mgmt_con_brute_login | SAP Management Console Brute Force |
| auxiliary/scanner/sap/sap_mgmt_con_extractusers | SAP Management Console Extract Users |
| auxiliary/scanner/sap/sap_mgmt_con_getaccesspoints | SAP Management Console Get Access Points |
| auxiliary/scanner/sap/sap_mgmt_con_getenv | SAP Management Console getEnvironment |
| auxiliary/scanner/sap/sap_mgmt_con_getlogfiles | SAP Management Console Get Logfile |
| auxiliary/scanner/sap/sap_mgmt_con_getprocesslist | SAP Management Console GetProcessList |
| auxiliary/scanner/sap/sap_mgmt_con_getprocessparameter | SAP Management Console Get Process Parameters |
| auxiliary/scanner/sap/sap_mgmt_con_instanceproperties | SAP Management Console Instance Properties |
| auxiliary/scanner/sap/sap_mgmt_con_listconfigfiles | SAP Management Console List Config Files |
| auxiliary/scanner/sap/sap_mgmt_con_listlogfiles | SAP Management Console List Logfiles |
| auxiliary/scanner/sap/sap_mgmt_con_startprofile | SAP Management Console getStartProfile |
| auxiliary/scanner/sap/sap_mgmt_con_version | SAP Management Console Version Detection |
| auxiliary/scanner/sap/sap_router_info_request | SAPRouter Admin Request |
| auxiliary/scanner/sap/sap_router_portscanner | SAPRouter Port Scanner |
| auxiliary/scanner/sap/sap_service_discovery | SAP Service Discovery |
| auxiliary/scanner/sap/sap_smb_relay | SAP SMB Relay Abuse |
| auxiliary/scanner/sap/sap_soap_bapi_user_create1 | SAP /sap/bc/soap/rfc SOAP Service BAPI_USER_CREATE1 Function User Creation |
| auxiliary/scanner/sap/sap_soap_rfc_brute_login | SAP SOAP Service RFC_PING Login Brute Forcer |
| auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec | SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Injection |
| auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec | SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXEC Function Command Injection |
| auxiliary/scanner/sap/sap_soap_rfc_eps_get_directory_listing | SAP SOAP RFC EPS_GET_DIRECTORY_LISTING Directories Information Disclosure |
| auxiliary/scanner/sap/sap_soap_rfc_pfl_check_os_file_existence | SAP SOAP RFC PFL_CHECK_OS_FILE_EXISTENCE File Existence Check |
| auxiliary/scanner/sap/sap_soap_rfc_ping | SAP /sap/bc/soap/rfc SOAP Service RFC_PING Function Service Discovery |
| auxiliary/scanner/sap/sap_soap_rfc_read_table | SAP /sap/bc/soap/rfc SOAP Service RFC_READ_TABLE Function Dump Data |
| auxiliary/scanner/sap/sap_soap_rfc_rzl_read_dir | SAP SOAP RFC RZL_READ_DIR_LOCAL Directory Contents Listing |
| auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface | SAP /sap/bc/soap/rfc SOAP Service SUSR_RFC_USER_INTERFACE Function User Creation |
| auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec | SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Execution |
| auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec | SAP SOAP RFC SXPG_COMMAND_EXECUTE |
| auxiliary/scanner/sap/sap_soap_rfc_system_info | SAP /sap/bc/soap/rfc SOAP Service RFC_SYSTEM_INFO Function Sensitive Information Gathering |
| auxiliary/scanner/sap/sap_soap_th_saprel_disclosure | SAP /sap/bc/soap/rfc SOAP Service TH_SAPREL Function Information Disclosure |
| auxiliary/scanner/sap/sap_web_gui_brute_login | SAP Web GUI Login Brute Forcer |
| auxiliary/scanner/scada/bacnet_l3 | BACnet Scanner |
| auxiliary/scanner/scada/digi_addp_reboot | Digi ADDP Remote Reboot Initiator |
| auxiliary/scanner/scada/digi_addp_version | Digi ADDP Information Discovery |
| auxiliary/scanner/scada/digi_realport_serialport_scan | Digi RealPort Serial Server Port Scanner |
| auxiliary/scanner/scada/digi_realport_version | Digi RealPort Serial Server Version |
| auxiliary/scanner/scada/indusoft_ntwebserver_fileaccess | Indusoft WebStudio NTWebServer Remote File Access |
| auxiliary/scanner/scada/koyo_login | Koyo DirectLogic PLC Password Brute Force Utility |
| auxiliary/scanner/scada/modbus_banner_grabbing | Modbus Banner Grabbing |
| auxiliary/scanner/scada/modbusclient | Modbus Client Utility |
| auxiliary/scanner/scada/modbusdetect | Modbus Version Scanner |
| auxiliary/scanner/scada/modbus_findunitid | Modbus Unit ID and Station ID Enumerator |
| auxiliary/scanner/scada/moxa_discover | Moxa UDP Device Discovery |
| auxiliary/scanner/scada/pcomclient | Unitronics PCOM Client |
| auxiliary/scanner/scada/profinet_siemens | Siemens Profinet Scanner |
| auxiliary/scanner/scada/sielco_winlog_fileaccess | Sielco Sistemi Winlog Remote File Access |
| auxiliary/scanner/sip/enumerator | SIP Username Enumerator (UDP) |
| auxiliary/scanner/sip/enumerator_tcp | SIP Username Enumerator (TCP) |
| auxiliary/scanner/sip/options | SIP Endpoint Scanner (UDP) |
| auxiliary/scanner/sip/options_tcp | SIP Endpoint Scanner (TCP) |
| auxiliary/scanner/sip/sipdroid_ext_enum | SIPDroid Extension Grabber |
| auxiliary/scanner/smb/impacket/dcomexec | DCOM Exec |
| auxiliary/scanner/smb/impacket/secretsdump | DCOM Exec |
| auxiliary/scanner/smb/impacket/wmiexec | WMI Exec |
| auxiliary/scanner/smb/pipe_auditor | SMB Session Pipe Auditor |
| auxiliary/scanner/smb/pipe_dcerpc_auditor | SMB Session Pipe DCERPC Auditor |
| auxiliary/scanner/smb/psexec_loggedin_users | Microsoft Windows Authenticated Logged In Users Enumeration |
| auxiliary/scanner/smb/smb_enum_gpp | SMB Group Policy Preference Saved Passwords Enumeration |
| auxiliary/scanner/smb/smb_enumshares | SMB Share Enumeration |
| auxiliary/scanner/smb/smb_enumusers_domain | SMB Domain User Enumeration |
| auxiliary/scanner/smb/smb_enumusers | SMB User Enumeration (SAM EnumUsers) |
| auxiliary/scanner/smb/smb_login | SMB Login Check Scanner |
| auxiliary/scanner/smb/smb_lookupsid | SMB SID User Enumeration (LookupSid) |
| auxiliary/scanner/smb/smb_ms17_010 | MS17-010 SMB RCE Detection |
| auxiliary/scanner/smb/smb_uninit_cred | Samba _netr_ServerPasswordSet Uninitialized Credential State |
| auxiliary/scanner/smb/smb_version | SMB Version Detection |
| auxiliary/scanner/smtp/smtp_enum | SMTP User Enumeration Utility |
| auxiliary/scanner/smtp/smtp_ntlm_domain | SMTP NTLM Domain Extraction |
| auxiliary/scanner/smtp/smtp_relay | SMTP Open Relay Detection |
| auxiliary/scanner/smtp/smtp_version | SMTP Banner Grabber |
| auxiliary/scanner/snmp/aix_version | AIX SNMP Scanner Auxiliary Module |
| auxiliary/scanner/snmp/arris_dg950 | Arris DG950A Cable Modem Wifi Enumeration |
| auxiliary/scanner/snmp/brocade_enumhash | Brocade Password Hash Enumeration |
| auxiliary/scanner/snmp/cisco_config_tftp | Cisco IOS SNMP Configuration Grabber (TFTP) |
| auxiliary/scanner/snmp/cisco_upload_file | Cisco IOS SNMP File Upload (TFTP) |
| auxiliary/scanner/snmp/cnpilot_r_snmp_loot | Cambium cnPilot r200/r201 SNMP Enumeration |
| auxiliary/scanner/snmp/epmp1000_snmp_loot | Cambium ePMP 1000 SNMP Enumeration |
| auxiliary/scanner/snmp/netopia_enum | Netopia 3347 Cable Modem Wifi Enumeration |
| auxiliary/scanner/snmp/sbg6580_enum | ARRIS / Motorola SBG6580 Cable Modem SNMP Enumeration Module |
| auxiliary/scanner/snmp/snmp_enum_hp_laserjet | HP LaserJet Printer SNMP Enumeration |
| auxiliary/scanner/snmp/snmp_enum | SNMP Enumeration Module |
| auxiliary/scanner/snmp/snmp_enumshares | SNMP Windows SMB Share Enumeration |
| auxiliary/scanner/snmp/snmp_enumusers | SNMP Windows Username Enumeration |
| auxiliary/scanner/snmp/snmp_login | SNMP Community Login Scanner |
| auxiliary/scanner/snmp/snmp_set | SNMP Set Module |
| auxiliary/scanner/snmp/ubee_ddw3611 | Ubee DDW3611b Cable Modem Wifi Enumeration |
| auxiliary/scanner/snmp/xerox_workcentre_enumusers | Xerox WorkCentre User Enumeration (SNMP) |
| auxiliary/scanner/ssh/apache_karaf_command_execution | Apache Karaf Default Credentials Command Execution |
| auxiliary/scanner/ssh/cerberus_sftp_enumusers | Cerberus FTP Server SFTP Username Enumeration |
| auxiliary/scanner/ssh/detect_kippo | Kippo SSH Honeypot Detector |
| auxiliary/scanner/ssh/eaton_xpert_backdoor | Eaton Xpert Meter SSH Private Key Exposure Scanner |
| auxiliary/scanner/ssh/fortinet_backdoor | Fortinet SSH Backdoor Scanner |
| auxiliary/scanner/ssh/juniper_backdoor | Juniper SSH Backdoor Scanner |
| auxiliary/scanner/ssh/karaf_login | Apache Karaf Login Utility |
| auxiliary/scanner/ssh/libssh_auth_bypass | libssh Authentication Bypass Scanner |
| auxiliary/scanner/ssh/ssh_enum_git_keys | Test SSH Github Access |
| auxiliary/scanner/ssh/ssh_enumusers | SSH Username Enumeration |
| auxiliary/scanner/ssh/ssh_identify_pubkeys | SSH Public Key Acceptance Scanner |
| auxiliary/scanner/ssh/ssh_login | SSH Login Check Scanner |
| auxiliary/scanner/ssh/ssh_login_pubkey | SSH Public Key Login Scanner |
| auxiliary/scanner/ssh/ssh_version | SSH Version Scanner |
| auxiliary/scanner/ssl/bleichenbacher_oracle | Scanner for Bleichenbacher Oracle in RSA PKCS #1 v1.5 |
| auxiliary/scanner/ssl/openssl_ccs | OpenSSL Server-Side ChangeCipherSpec Injection Scanner |
| auxiliary/scanner/ssl/openssl_heartbleed | OpenSSL Heartbeat (Heartbleed) Information Leak |
| auxiliary/scanner/ssl/ssl_version | SSL/TLS Version Detection |
| auxiliary/scanner/steam/server_info | Gather Steam Server Information |
| auxiliary/scanner/telephony/wardial | Wardialer |
| auxiliary/scanner/telnet/brocade_enable_login | Brocade Enable Login Check Scanner |
| auxiliary/scanner/telnet/lantronix_telnet_password | Lantronix Telnet Password Recovery |
| auxiliary/scanner/telnet/lantronix_telnet_version | Lantronix Telnet Service Banner Detection |
| auxiliary/scanner/telnet/satel_cmd_exec | Satel Iberia SenNet Data Logger and Electricity Meters Command Injection Vulnerability |
| auxiliary/scanner/telnet/telnet_encrypt_overflow | Telnet Service Encryption Key ID Overflow Detection |
| auxiliary/scanner/telnet/telnet_login | Telnet Login Check Scanner |
| auxiliary/scanner/telnet/telnet_ruggedcom | RuggedCom Telnet Password Generator |
| auxiliary/scanner/telnet/telnet_version | Telnet Service Banner Detection |
| auxiliary/scanner/teradata/teradata_odbc_login | Teradata ODBC Login Scanner Module |
| auxiliary/scanner/tftp/ipswitch_whatsupgold_tftp | IpSwitch WhatsUp Gold TFTP Directory Traversal |
| auxiliary/scanner/tftp/netdecision_tftp | NetDecision 4.2 TFTP Directory Traversal |
| auxiliary/scanner/tftp/tftpbrute | TFTP Brute Forcer |
| auxiliary/scanner/ubiquiti/ubiquiti_discover | Ubiquiti Discovery Scanner |
| auxiliary/scanner/udp/udp_amplification | UDP Amplification Scanner |
| auxiliary/scanner/upnp/ssdp_amp | SSDP ssdp:all M-SEARCH Amplification Scanner |
| auxiliary/scanner/upnp/ssdp_msearch | UPnP SSDP M-SEARCH Information Discovery |
| auxiliary/scanner/varnish/varnish_cli_file_read | Varnish Cache CLI File Read |
| auxiliary/scanner/varnish/varnish_cli_login | Varnish Cache CLI Login Utility |
| auxiliary/scanner/vmware/esx_fingerprint | VMWare ESX/ESXi Fingerprint Scanner |
| auxiliary/scanner/vmware/vmauthd_login | VMWare Authentication Daemon Login Scanner |
| auxiliary/scanner/vmware/vmauthd_version | VMWare Authentication Daemon Version Scanner |
| auxiliary/scanner/vmware/vmware_enum_permissions | VMWare Enumerate Permissions |
| auxiliary/scanner/vmware/vmware_enum_sessions | VMWare Enumerate Active Sessions |
| auxiliary/scanner/vmware/vmware_enum_users | VMWare Enumerate User Accounts |
| auxiliary/scanner/vmware/vmware_enum_vms | VMWare Enumerate Virtual Machines |
| auxiliary/scanner/vmware/vmware_host_details | VMWare Enumerate Host Details |
| auxiliary/scanner/vmware/vmware_http_login | VMWare Web Login Scanner |
| auxiliary/scanner/vmware/vmware_screenshot_stealer | VMWare Screenshot Stealer |
| auxiliary/scanner/vmware/vmware_server_dir_trav | VMware Server Directory Traversal Vulnerability |
| auxiliary/scanner/vmware/vmware_update_manager_traversal | VMWare Update Manager 4 Directory Traversal |
| auxiliary/scanner/vnc/ard_root_pw | Apple Remote Desktop Root Vulnerability |
| auxiliary/scanner/vnc/vnc_login | VNC Authentication Scanner |
| auxiliary/scanner/vnc/vnc_none_auth | VNC Authentication None Detection |
| auxiliary/scanner/voice/recorder | Telephone Line Voice Scanner |
| auxiliary/scanner/vxworks/urgent11_check | URGENT/11 Scanner, Based on Detection Tool by Armis |
| auxiliary/scanner/vxworks/wdbrpc_bootline | VxWorks WDB Agent Boot Parameter Scanner |
| auxiliary/scanner/vxworks/wdbrpc_version | VxWorks WDB Agent Version Scanner |
| auxiliary/scanner/winrm/winrm_auth_methods | WinRM Authentication Method Detection |
| auxiliary/scanner/winrm/winrm_cmd | WinRM Command Runner |
| auxiliary/scanner/winrm/winrm_login | WinRM Login Utility |
| auxiliary/scanner/winrm/winrm_wql | WinRM WQL Query Runner |
| auxiliary/scanner/wproxy/att_open_proxy | Open WAN-to-LAN proxy on AT&T routers |
| auxiliary/scanner/wsdd/wsdd_query | WS-Discovery Information Discovery |
| auxiliary/scanner/x11/open_x11 | X11 No-Auth Scanner |
| auxiliary/server/android_browsable_msf_launch | Android Meterpreter Browsable Launcher |
| auxiliary/server/android_mercury_parseuri | Android Mercury Browser Intent URI Scheme and Directory Traversal Vulnerability |
| auxiliary/server/browser_autopwn2 | HTTP Client Automatic Exploiter 2 (Browser Autopwn) |
| auxiliary/server/browser_autopwn | HTTP Client Automatic Exploiter |
| auxiliary/server/capture/drda | Authentication Capture: DRDA (DB2, Informix, Derby) |
| auxiliary/server/capture/ftp | Authentication Capture: FTP |
| auxiliary/server/capture/http_basic | HTTP Client Basic Authentication Credential Collector |
| auxiliary/server/capture/http | Authentication Capture: HTTP |
| auxiliary/server/capture/http_javascript_keylogger | Capture: HTTP JavaScript Keylogger |
| auxiliary/server/capture/http_ntlm | HTTP Client MS Credential Catcher |
| auxiliary/server/capture/imap | Authentication Capture: IMAP |
| auxiliary/server/capture/mssql | Authentication Capture: MSSQL |
| auxiliary/server/capture/mysql | Authentication Capture: MySQL |
| auxiliary/server/capture/pop3 | Authentication Capture: POP3 |
| auxiliary/server/capture/postgresql | Authentication Capture: PostgreSQL |
| auxiliary/server/capture/printjob_capture | Printjob Capture Service |
| auxiliary/server/capture/sip | Authentication Capture: SIP |
| auxiliary/server/capture/smb | Authentication Capture: SMB |
| auxiliary/server/capture/smtp | Authentication Capture: SMTP |
| auxiliary/server/capture/telnet | Authentication Capture: Telnet |
| auxiliary/server/capture/vnc | Authentication Capture: VNC |
| auxiliary/server/dhclient_bash_env | DHCP Client Bash Environment Variable Code Injection (Shellshock) |
| auxiliary/server/dhcp | DHCP Server |
| auxiliary/server/dns/native_server | Native DNS Server (Example) |
| auxiliary/server/dns/spoofhelper | DNS Spoofing Helper Service |
| auxiliary/server/fakedns | Fake DNS Service |
| auxiliary/server/ftp | FTP File Server |
| auxiliary/server/http_ntlmrelay | HTTP Client MS Credential Relayer |
| auxiliary/server/icmp_exfil | ICMP Exfiltration Service |
| auxiliary/server/jsse_skiptls_mitm_proxy | Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy |
| auxiliary/server/ldap | Native LDAP Server (Example) |
| auxiliary/server/local_hwbridge | Hardware Bridge Server |
| auxiliary/server/ms15_134_mcl_leak | MS15-134 Microsoft Windows Media Center MCL Information Disclosure |
| auxiliary/server/netbios_spoof_nat | NetBIOS Response "BadTunnel" Brute Force Spoof (NAT Tunnel) |
| auxiliary/server/openssl_altchainsforgery_mitm_proxy | OpenSSL Alternative Chains Certificate Forgery MITM Proxy |
| auxiliary/server/openssl_heartbeat_client_memory | OpenSSL Heartbeat (Heartbleed) Client Memory Exposure |
| auxiliary/server/pxeexploit | PXE Boot Exploit Server |
| auxiliary/server/regsvr32_command_delivery_server | Regsvr32.exe (.sct) Command Delivery Server |
| auxiliary/server/socks_proxy | SOCKS Proxy Server |
| auxiliary/server/socks_unc | SOCKS Proxy UNC Path Redirection |
| auxiliary/server/teamviewer_uri_smb_redirect | TeamViewer Unquoted URI Handler SMB Redirect |
| auxiliary/server/tftp | TFTP File Server |
| auxiliary/server/webkit_xslt_dropper | Cross Platform Webkit File Dropper |
| auxiliary/server/wget_symlink_file_write | GNU Wget FTP Symlink Arbitrary Filesystem Access |
| auxiliary/server/wpad | WPAD.dat File Server |
| auxiliary/sniffer/psnuffle | pSnuffle Packet Sniffer |
| auxiliary/spoof/arp/arp_poisoning | ARP Spoof |
| auxiliary/spoof/cisco/cdp | Send Cisco Discovery Protocol (CDP) Packets |
| auxiliary/spoof/cisco/dtp | Forge Cisco DTP Packets |
| auxiliary/spoof/dns/bailiwicked_domain | DNS BailiWicked Domain Attack |
| auxiliary/spoof/dns/bailiwicked_host | DNS BailiWicked Host Attack |
| auxiliary/spoof/dns/compare_results | DNS Lookup Result Comparison |
| auxiliary/spoof/dns/native_spoofer | Native DNS Spoofer (Example) |
| auxiliary/spoof/llmnr/llmnr_response | LLMNR Spoofer |
| auxiliary/spoof/mdns/mdns_response | mDNS Spoofer |
| auxiliary/spoof/nbns/nbns_response | NetBIOS Name Service Spoofer |
| auxiliary/spoof/replay/pcap_replay | Pcap Replay Utility |
| auxiliary/sqli/dlink/dlink_central_wifimanager_sqli | D-Link Central WiFiManager SQL injection |
| auxiliary/sqli/openemr/openemr_sqli_dump | OpenEMR 5.0.1 Patch 6 SQLi Dump |
| auxiliary/sqli/oracle/dbms_cdc_ipublish | Oracle DB SQL Injection via SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE |
| auxiliary/sqli/oracle/dbms_cdc_publish2 | Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE |
| auxiliary/sqli/oracle/dbms_cdc_publish3 | Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET |
| auxiliary/sqli/oracle/dbms_cdc_publish | Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE |
| auxiliary/sqli/oracle/dbms_cdc_subscribe_activate_subscription | Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION |
| auxiliary/sqli/oracle/dbms_export_extension | Oracle DB SQL Injection via DBMS_EXPORT_EXTENSION |
| auxiliary/sqli/oracle/dbms_metadata_get_granted_xml | Oracle DB SQL Injection via SYS.DBMS_METADATA.GET_GRANTED_XML |
| auxiliary/sqli/oracle/dbms_metadata_get_xml | Oracle DB SQL Injection via SYS.DBMS_METADATA.GET_XML |
| auxiliary/sqli/oracle/dbms_metadata_open | Oracle DB SQL Injection via SYS.DBMS_METADATA.OPEN |
| auxiliary/sqli/oracle/droptable_trigger | Oracle DB SQL Injection in MDSYS.SDO_TOPO_DROP_FTBL Trigger |
| auxiliary/sqli/oracle/jvm_os_code_10g | Oracle DB 10gR2, 11gR1/R2 DBMS_JVM_EXP_PERMS OS Command Execution |
| auxiliary/sqli/oracle/jvm_os_code_11g | Oracle DB 11g R1/R2 DBMS_JVM_EXP_PERMS OS Code Execution |
| auxiliary/sqli/oracle/lt_compressworkspace | Oracle DB SQL Injection via SYS.LT.COMPRESSWORKSPACE |
| auxiliary/sqli/oracle/lt_findricset_cursor | Oracle DB SQL Injection via SYS.LT.FINDRICSET Evil Cursor Method |
| auxiliary/sqli/oracle/lt_mergeworkspace | Oracle DB SQL Injection via SYS.LT.MERGEWORKSPACE |
| auxiliary/sqli/oracle/lt_removeworkspace | Oracle DB SQL Injection via SYS.LT.REMOVEWORKSPACE |
| auxiliary/sqli/oracle/lt_rollbackworkspace | Oracle DB SQL Injection via SYS.LT.ROLLBACKWORKSPACE |
| auxiliary/voip/asterisk_login | Asterisk Manager Login Utility |
| auxiliary/voip/cisco_cucdm_call_forward | Viproy CUCDM IP Phone XML Services - Call Forwarding Tool |
| auxiliary/voip/cisco_cucdm_speed_dials | Viproy CUCDM IP Phone XML Services - Speed Dial Attack Tool |
| auxiliary/voip/sip_deregister | SIP Deregister Extension |
| auxiliary/voip/sip_invite_spoof | SIP Invite Spoof |
| auxiliary/voip/telisca_ips_lock_control | Telisca IPS Lock Cisco IP Phone Control |
| auxiliary/vsploit/malware/dns/dns_mariposa | VSploit Mariposa DNS Query Module |
| auxiliary/vsploit/malware/dns/dns_query | VSploit DNS Beaconing Emulation |
| auxiliary/vsploit/malware/dns/dns_zeus | VSploit Zeus DNS Query Module |
| auxiliary/vsploit/pii/email_pii | VSploit Email PII |
| auxiliary/vsploit/pii/web_pii | VSploit Web PII |
| encoder/cmd/brace | Bash Brace Expansion Command Encoder |
| encoder/cmd/echo | Echo Command Encoder |
| encoder/cmd/generic_sh | Generic Shell Variable Substitution Command Encoder |
| encoder/cmd/ifs | Bourne ${IFS} Substitution Command Encoder |
| encoder/cmd/perl | Perl Command Encoder |
| encoder/cmd/powershell_base64 | Powershell Base64 Command Encoder |
| encoder/cmd/printf_php_mq | printf(1) via PHP magic_quotes Utility Command Encoder |
| encoder/generic/eicar | The EICAR Encoder |
| encoder/generic/none | The "none" Encoder |
| encoder/mipsbe/byte_xori | Byte XORi Encoder |
| encoder/mipsbe/longxor | XOR Encoder |
| encoder/mipsle/byte_xori | Byte XORi Encoder |
| encoder/mipsle/longxor | XOR Encoder |
| encoder/php/base64 | PHP Base64 Encoder |
| encoder/ppc/longxor | PPC LongXOR Encoder |
| encoder/ppc/longxor_tag | PPC LongXOR Encoder |
| encoder/ruby/base64 | Ruby Base64 Encoder |
| encoder/sparc/longxor_tag | SPARC DWORD XOR Encoder |
| encoder/x64/xor_context | Hostname-based Context Keyed Payload Encoder |
| encoder/x64/xor_dynamic | Dynamic key XOR Encoder |
| encoder/x64/xor | XOR Encoder |
| encoder/x64/zutto_dekiru | Zutto Dekiru |
| encoder/x86/add_sub | Add/Sub Encoder |
| encoder/x86/alpha_mixed | Alpha2 Alphanumeric Mixedcase Encoder |
| encoder/x86/alpha_upper | Alpha2 Alphanumeric Uppercase Encoder |
| encoder/x86/avoid_underscore_tolower | Avoid underscore/tolower |
| encoder/x86/avoid_utf8_tolower | Avoid UTF8/tolower |
| encoder/x86/bloxor | BloXor - A Metamorphic Block Based XOR Encoder |
| encoder/x86/bmp_polyglot | BMP Polyglot |
| encoder/x86/call4_dword_xor | Call+4 Dword XOR Encoder |
| encoder/x86/context_cpuid | CPUID-based Context Keyed Payload Encoder |
| encoder/x86/context_stat | stat(2)-based Context Keyed Payload Encoder |
| encoder/x86/context_time | time(2)-based Context Keyed Payload Encoder |
| encoder/x86/countdown | Single-byte XOR Countdown Encoder |
| encoder/x86/fnstenv_mov | Variable-length Fnstenv/mov Dword XOR Encoder |
| encoder/x86/jmp_call_additive | Jump/Call XOR Additive Feedback Encoder |
| encoder/x86/nonalpha | Non-Alpha Encoder |
| encoder/x86/nonupper | Non-Upper Encoder |
| encoder/x86/opt_sub | Sub Encoder (optimised) |
| encoder/x86/service | Register Service |
| encoder/x86/shikata_ga_nai | Polymorphic XOR Additive Feedback Encoder |
| encoder/x86/single_static_bit | Single Static Bit |
| encoder/x86/unicode_mixed | Alpha2 Alphanumeric Unicode Mixedcase Encoder |
| encoder/x86/unicode_upper | Alpha2 Alphanumeric Unicode Uppercase Encoder |
| encoder/x86/xor_dynamic | Dynamic key XOR Encoder |
| evasion/windows/applocker_evasion_install_util | Applocker Evasion - .NET Framework Installation Utility |
| evasion/windows/applocker_evasion_msbuild | Applocker Evasion - MSBuild |
| evasion/windows/applocker_evasion_presentationhost | Applocker Evasion - Windows Presentation Foundation Host |
| evasion/windows/applocker_evasion_regasm_regsvcs | Applocker Evasion - Microsoft .NET Assembly Registration Utility |
| evasion/windows/applocker_evasion_workflow_compiler | Applocker Evasion - Microsoft Workflow Compiler |
| evasion/windows/process_herpaderping | Process Herpaderping evasion technique |
| evasion/windows/syscall_inject | Direct windows syscall evasion technique |
| evasion/windows/windows_defender_exe | Microsoft Windows Defender Evasive Executable |
| evasion/windows/windows_defender_js_hta | Microsoft Windows Defender Evasive JS.Net and HTA |
| exploit/aix/local/ibstat_path | ibstat $PATH Privilege Escalation |
| exploit/aix/local/xorg_x11_server | Xorg X11 Server Local Privilege Escalation |
| exploit/aix/rpc_cmsd_opcode21 | AIX Calendar Manager Service Daemon (rpc.cmsd) Opcode 21 Buffer Overflow |
| exploit/aix/rpc_ttdbserverd_realpath | ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX) |
| exploit/android/adb/adb_server_exec | Android ADB Debug Server Remote Payload Execution |
| exploit/android/browser/samsung_knox_smdm_url | Samsung Galaxy KNOX Android Browser RCE |
| exploit/android/browser/stagefright_mp4_tx3g_64bit | Android Stagefright MP4 tx3g Integer Overflow |
| exploit/android/browser/webview_addjavascriptinterface | Android Browser and WebView addJavascriptInterface Code Execution |
| exploit/android/fileformat/adobe_reader_pdf_js_interface | Adobe Reader for Android addJavascriptInterface Exploit |
| exploit/android/local/binder_uaf | Android Binder Use-After-Free Exploit |
| exploit/android/local/futex_requeue | Android 'Towelroot' Futex Requeue Kernel Exploit |
| exploit/android/local/janus | Android Janus APK Signature bypass |
| exploit/android/local/put_user_vroot | Android get_user/put_user Exploit |
| exploit/android/local/su_exec | Android 'su' Privilege Escalation |
| exploit/apple_ios/browser/safari_jit | Safari Webkit JIT Exploit for iOS 7.1.2 |
| exploit/apple_ios/browser/safari_libtiff | Apple iOS MobileSafari LibTIFF Buffer Overflow |
| exploit/apple_ios/browser/webkit_createthis | Safari Webkit Proxy Object Type Confusion |
| exploit/apple_ios/browser/webkit_trident | WebKit not_number defineProperties UAF |
| exploit/apple_ios/email/mobilemail_libtiff | Apple iOS MobileMail LibTIFF Buffer Overflow |
| exploit/apple_ios/ssh/cydia_default_ssh | Apple iOS Default SSH Password Vulnerability |
| exploit/bsd/finger/morris_fingerd_bof | Morris Worm fingerd Stack Buffer Overflow |
| exploit/bsdi/softcart/mercantec_softcart | Mercantec SoftCart CGI Overflow |
| exploit/dialup/multi/login/manyargs | System V Derived /bin/login Extraneous Arguments Buffer Overflow |
| exploit/firefox/local/exec_shellcode | Firefox Exec Shellcode from Privileged Javascript Shell |
| exploit/freebsd/ftp/proftp_telnet_iac | ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD) |
| exploit/freebsd/http/citrix_dir_traversal_rce | Citrix ADC (NetScaler) Directory Traversal RCE |
| exploit/freebsd/http/watchguard_cmd_exec | Watchguard XCS Remote Command Execution |
| exploit/freebsd/local/intel_sysret_priv_esc | FreeBSD Intel SYSRET Privilege Escalation |
| exploit/freebsd/local/ip6_setpktopt_uaf_priv_esc | FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation |
| exploit/freebsd/local/mmap | FreeBSD 9 Address Space Manipulation Privilege Escalation |
| exploit/freebsd/local/rtld_execl_priv_esc | FreeBSD rtld execl() Privilege Escalation |
| exploit/freebsd/local/watchguard_fix_corrupt_mail | Watchguard XCS FixCorruptMail Local Privilege Escalation |
| exploit/freebsd/misc/citrix_netscaler_soap_bof | Citrix NetScaler SOAP Handler Remote Code Execution |
| exploit/freebsd/samba/trans2open | Samba trans2open Overflow (*BSD x86) |
| exploit/freebsd/tacacs/xtacacsd_report | XTACACSD report() Buffer Overflow |
| exploit/freebsd/telnet/telnet_encrypt_keyid | FreeBSD Telnet Service Encryption Key ID Buffer Overflow |
| exploit/freebsd/webapp/spamtitan_unauth_rce | SpamTitan Unauthenticated RCE |
| exploit/hpux/lpd/cleanup_exec | HP-UX LPD Command Execution |
| exploit/irix/lpd/tagprinter_exec | Irix LPD tagprinter Command Execution |
| exploit/linux/antivirus/escan_password_exec | eScan Web Management Console Command Injection |
| exploit/linux/browser/adobe_flashplayer_aslaunch | Adobe Flash Player ActionScript Launch Command Execution Vulnerability |
| exploit/linux/fileformat/unrar_cve_2022_30333 | UnRAR Path Traversal (CVE-2022-30333) |
| exploit/linux/ftp/proftp_sreplace | ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux) |
| exploit/linux/ftp/proftp_telnet_iac | ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux) |
| exploit/linux/games/ut2004_secure | Unreal Tournament 2004 "secure" Overflow (Linux) |
| exploit/linux/http/accellion_fta_getstatus_oauth | Accellion FTA getStatus verify_oauth_token Command Execution |
| exploit/linux/http/advantech_switch_bash_env_exec | Advantech Switch Bash Environment Variable Code Injection (Shellshock) |
| exploit/linux/http/airties_login_cgi_bof | Airties login-cgi Buffer Overflow |
| exploit/linux/http/alcatel_omnipcx_mastercgi_exec | Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution |
| exploit/linux/http/alienvault_exec | AlienVault OSSIM/USM Remote Code Execution |
| exploit/linux/http/alienvault_sqli_exec | AlienVault OSSIM SQL Injection and Remote Code Execution |
| exploit/linux/http/apache_continuum_cmd_exec | Apache Continuum Arbitrary Command Execution |
| exploit/linux/http/apache_couchdb_cmd_exec | Apache CouchDB Arbitrary Command Execution |
| exploit/linux/http/apache_druid_js_rce | Apache Druid 0.20.0 Remote Command Execution |
| exploit/linux/http/apache_ofbiz_deserialization | Apache OFBiz XML-RPC Java Deserialization |
| exploit/linux/http/apache_ofbiz_deserialization_soap | Apache OFBiz SOAP Java Deserialization |
| exploit/linux/http/apache_spark_rce_cve_2022_33891 | Apache Spark Unauthenticated Command Injection RCE |
| exploit/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection | Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection |
| exploit/linux/http/astium_sqli_upload | Astium Remote Code Execution |
| exploit/linux/http/asuswrt_lan_rce | AsusWRT LAN Unauthenticated Remote Code Execution |
| exploit/linux/http/atlassian_confluence_webwork_ognl_injection | Atlassian Confluence WebWork OGNL Injection |
| exploit/linux/http/atutor_filemanager_traversal | ATutor 2.2.1 Directory Traversal / Remote Code Execution |
| exploit/linux/http/axis_app_install | Axis IP Camera Application Upload |
| exploit/linux/http/axis_srv_parhand_rce | Axis Network Camera .srv-to-parhand RCE |
| exploit/linux/http/belkin_login_bof | Belkin Play N750 login.cgi Buffer Overflow |
| exploit/linux/http/bitbucket_git_cmd_injection | Bitbucket Git Command Injection |
| exploit/linux/http/bludit_upload_images_exec | Bludit Directory Traversal Image File Upload Vulnerability |
| exploit/linux/http/cayin_cms_ntp | Cayin CMS NTP Server RCE |
| exploit/linux/http/centreon_pollers_auth_rce | Centreon Poller Authenticated Remote Command Execution |
| exploit/linux/http/centreon_sqli_exec | Centreon SQL and Command Injection |
| exploit/linux/http/centreon_useralias_exec | Centreon Web Useralias Command Execution |
| exploit/linux/http/cfme_manageiq_evm_upload_exec | Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal |
| exploit/linux/http/cisco_asax_sfr_rce | Cisco ASA-X with FirePOWER Services Authenticated Command Injection |
| exploit/linux/http/cisco_firepower_useradd | Cisco Firepower Management Console 6.0 Post Authentication UserAdd Vulnerability |
| exploit/linux/http/cisco_hyperflex_file_upload_rce | Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE (CVE-2021-1499) |
| exploit/linux/http/cisco_hyperflex_hx_data_platform_cmd_exec | Cisco HyperFlex HX Data Platform Command Execution |
| exploit/linux/http/cisco_prime_inf_rce | Cisco Prime Infrastructure Unauthenticated Remote Code Execution |
| exploit/linux/http/cisco_rv32x_rce | Cisco RV320 and RV325 Unauthenticated Remote Code Execution |
| exploit/linux/http/cisco_rv_series_authbypass_and_rce | Cisco Small Business RV Series Authentication Bypass and Command Injection |
| exploit/linux/http/cisco_ucs_cloupia_script_rce | Cisco UCS Director Cloupia Script RCE |
| exploit/linux/http/cisco_ucs_rce | Cisco UCS Director Unauthenticated Remote Code Execution |
| exploit/linux/http/cpi_tararchive_upload | Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal Vulnerability |
| exploit/linux/http/crypttech_cryptolog_login_exec | Crypttech CryptoLog Remote Code Execution |
| exploit/linux/http/cve_2019_1663_cisco_rmi_rce | Cisco RV110W/RV130(W)/RV215W Routers Management Interface Remote Command Execution |
| exploit/linux/http/dcos_marathon | DC/OS Marathon UI Docker Exploit |
| exploit/linux/http/ddwrt_cgibin_exec | DD-WRT HTTP Daemon Arbitrary Command Execution |
| exploit/linux/http/denyall_waf_exec | DenyAll Web Application Firewall Remote Code Execution |
| exploit/linux/http/dlink_authentication_cgi_bof | D-Link authentication.cgi Buffer Overflow |
| exploit/linux/http/dlink_command_php_exec_noauth | D-Link Devices Unauthenticated Remote Command Execution |
| exploit/linux/http/dlink_dcs_930l_authenticated_remote_command_execution | D-Link DCS-930L Authenticated Remote Command Execution |
| exploit/linux/http/dlink_dcs931l_upload | D-Link DCS-931L File Upload |
| exploit/linux/http/dlink_diagnostic_exec_noauth | D-Link DIR-645 / DIR-815 diagnostic.php Command Execution |
| exploit/linux/http/dlink_dir300_exec_telnet | D-Link Devices Unauthenticated Remote Command Execution |
| exploit/linux/http/dlink_dir605l_captcha_bof | D-Link DIR-605L Captcha Handling Buffer Overflow |
| exploit/linux/http/dlink_dir615_up_exec | D-Link DIR615h OS Command Injection |
| exploit/linux/http/dlink_dir850l_unauth_exec | DIR-850L (Un)authenticated OS Command Exec |
| exploit/linux/http/dlink_dsl2750b_exec_noauth | D-Link DSL-2750B OS Command Injection |
| exploit/linux/http/dlink_dspw110_cookie_noauth_exec | D-Link Cookie Command Execution |
| exploit/linux/http/dlink_dspw215_info_cgi_bof | D-Link info.cgi POST Request Buffer Overflow |
| exploit/linux/http/dlink_dwl_2600_command_injection | DLINK DWL-2600 Authenticated Remote Command Injection |
| exploit/linux/http/dlink_hedwig_cgi_bof | D-Link hedwig.cgi Buffer Overflow in Cookie Header |
| exploit/linux/http/dlink_hnap_bof | D-Link HNAP Request Remote Buffer Overflow |
| exploit/linux/http/dlink_hnap_header_exec_noauth | D-Link Devices HNAP SOAPAction-Header Command Execution |
| exploit/linux/http/dlink_hnap_login_bof | Dlink DIR Routers Unauthenticated HNAP Login Stack Buffer Overflow |
| exploit/linux/http/dlink_upnp_exec_noauth | D-Link Devices UPnP SOAP Command Execution |
| exploit/linux/http/dnalims_admin_exec | dnaLIMS Admin Module Command Execution |
| exploit/linux/http/docker_daemon_tcp | Docker Daemon - Unprotected TCP Socket Exploit |
| exploit/linux/http/dolibarr_cmd_exec | Dolibarr ERP/CRM Post-Auth OS Command Injection |
| exploit/linux/http/dreambox_openpli_shell | OpenPLI Webif Arbitrary Command Execution |
| exploit/linux/http/efw_chpasswd_exec | Endian Firewall Proxy Password Change Command Injection |
| exploit/linux/http/elfinder_archive_cmd_injection | elFinder Archive Command Injection |
| exploit/linux/http/empire_skywalker | PowerShellEmpire Arbitrary File Upload (Skywalker) |
| exploit/linux/http/esva_exec | E-Mail Security Virtual Appliance learn-msg.cgi Command Injection |
| exploit/linux/http/eyesofnetwork_autodiscovery_rce | EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution |
| exploit/linux/http/f5_bigip_tmui_rce | F5 BIG-IP TMUI Directory Traversal and File Upload RCE |
| exploit/linux/http/f5_icall_cmd | F5 iControl iCall::Script Root Command Execution |
| exploit/linux/http/f5_icontrol_exec | F5 iControl Remote Root Command Execution |
| exploit/linux/http/f5_icontrol_rce | F5 BIG-IP iControl RCE via REST Authentication Bypass |
| exploit/linux/http/f5_icontrol_rest_ssrf_rce | F5 iControl REST Unauthenticated SSRF Token Generation RCE |
| exploit/linux/http/f5_icontrol_rpmspec_rce_cve_2022_41800 | F5 BIG-IP iControl Authenticated RCE via RPM Creator |
| exploit/linux/http/f5_icontrol_soap_csrf_rce_cve_2022_41622 | F5 BIG-IP iControl CSRF File Write SOAP API |
| exploit/linux/http/flir_ax8_unauth_rce_cve_2022_37061 | FLIR AX8 unauthenticated RCE |
| exploit/linux/http/foreman_openstack_satellite_code_exec | Foreman (Red Hat OpenStack/Satellite) bookmarks/create Code Injection |
| exploit/linux/http/fortinet_authentication_bypass_cve_2022_40684 | Fortinet FortiOS, FortiProxy, and FortiSwitchManager authentication bypass. |
| exploit/linux/http/fritzbox_echo_exec | Fritz!Box Webcm Unauthenticated Command Injection |
| exploit/linux/http/geutebruck_cmdinject_cve_2021_335xx | Geutebruck Multiple Remote Command Execution |
| exploit/linux/http/geutebruck_instantrec_bof | Geutebruck instantrec Remote Command Execution |
| exploit/linux/http/geutebruck_testaction_exec | Geutebruck testaction.cgi Remote Command Execution |
| exploit/linux/http/github_enterprise_secret | Github Enterprise Default Session Secret And Deserialization Vulnerability |
| exploit/linux/http/gitlist_exec | Gitlist Unauthenticated Remote Command Execution |
| exploit/linux/http/glpi_htmlawed_php_injection | GLPI htmLawed php command injection |
| exploit/linux/http/goahead_ldpreload | GoAhead Web Server LD_PRELOAD Arbitrary Module Load |
| exploit/linux/http/goautodial_3_rce_command_injection | GoAutoDial 3.3 Authentication Bypass / Command Injection |
| exploit/linux/http/gpsd_format_string | Berlios GPSD Format String Vulnerability |
| exploit/linux/http/grandstream_gxv3175_settimezone_unauth_cmd_exec | Grandstream GXV3175 'settimezone' Unauthenticated Command Execution |
| exploit/linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec | Grandstream GXV31XX 'settimezone' Unauthenticated Command Execution |
| exploit/linux/http/grandstream_ucm62xx_sendemail_rce | Grandstream UCM62xx IP PBX sendPasswordEmail RCE |
| exploit/linux/http/gravcms_exec | GravCMS Remote Command Execution |
| exploit/linux/http/groundwork_monarch_cmd_exec | GroundWork monarch_scan.cgi OS Command Injection |
| exploit/linux/http/hadoop_unauth_exec | Hadoop YARN ResourceManager Unauthenticated Command Execution |
| exploit/linux/http/hikvision_cve_2021_36260_blind | Hikvision IP Camera Unauthenticated Command Injection |
| exploit/linux/http/hp_system_management | HP System Management Anonymous Access Code Execution |
| exploit/linux/http/hp_van_sdn_cmd_inject | HP VAN SDN Controller Root Command Injection |
| exploit/linux/http/huawei_hg532n_cmdinject | Huawei HG532n Command Injection |
| exploit/linux/http/ibm_drm_rce | IBM Data Risk Manager Unauthenticated Remote Code Execution |
| exploit/linux/http/ibm_qradar_unauth_rce | IBM QRadar SIEM Unauthenticated Remote Code Execution |
| exploit/linux/http/imperva_securesphere_exec | Imperva SecureSphere PWS Command Injection |
| exploit/linux/http/ipfire_bashbug_exec | IPFire Bash Environment Variable Injection (Shellshock) |
| exploit/linux/http/ipfire_oinkcode_exec | IPFire proxy.cgi RCE |
| exploit/linux/http/ipfire_pakfire_exec | IPFire 2.25 Core Update 156 and Prior pakfire.cgi Authenticated RCE |
| exploit/linux/http/ipfire_proxy_exec | IPFire proxy.cgi RCE |
| exploit/linux/http/jenkins_cli_deserialization | Jenkins CLI Deserialization |
| exploit/linux/http/kaltura_unserialize_cookie_rce | Kaltura Remote PHP Code Execution over Cookie |
| exploit/linux/http/kaltura_unserialize_rce | Kaltura Remote PHP Code Execution |
| exploit/linux/http/klog_server_authenticate_user_unauth_command_injection | Klog Server authenticate.php user Unauthenticated Command Injection |
| exploit/linux/http/kloxo_sqli | Kloxo SQL Injection and Remote Code Execution |
| exploit/linux/http/librenms_addhost_cmd_inject | LibreNMS addhost Command Injection |
| exploit/linux/http/librenms_collectd_cmd_inject | LibreNMS Collectd Command Injection |
| exploit/linux/http/lifesize_uvc_ping_rce | LifeSize UVC Authenticated RCE via Ping |
| exploit/linux/http/linksys_apply_cgi | Linksys WRT54 Access Point apply.cgi Buffer Overflow |
| exploit/linux/http/linksys_e1500_apply_exec | Linksys E1500/E2500 apply.cgi Remote Command Injection |
| exploit/linux/http/linksys_themoon_exec | Linksys E-Series TheMoon Remote Command Injection |
| exploit/linux/http/linksys_wrt110_cmd_exec | Linksys Devices pingstr Remote Command Injection |
| exploit/linux/http/linksys_wrt160nv2_apply_exec | Linksys WRT160nv2 apply.cgi Remote Command Injection |
| exploit/linux/http/linksys_wrt54gl_apply_exec | Linksys WRT54GL apply.cgi Command Execution |
| exploit/linux/http/linksys_wvbr0_user_agent_exec_noauth | Linksys WVBR0-25 User-Agent Command Execution |
| exploit/linux/http/linuxki_rce | LinuxKI Toolset 6.01 Remote Command Execution |
| exploit/linux/http/logsign_exec | Logsign Remote Command Injection |
| exploit/linux/http/lucee_admin_imgprocess_file_write | Lucee Administrator imgProcess.cfm Arbitrary File Write |
| exploit/linux/http/mailcleaner_exec | Mailcleaner Remote Code Execution |
| exploit/linux/http/microfocus_obr_cmd_injection | Micro Focus Operations Bridge Reporter Unauthenticated Command Injection |
| exploit/linux/http/microfocus_secure_messaging_gateway | MicroFocus Secure Messaging Gateway Remote Code Execution |
| exploit/linux/http/mida_solutions_eframework_ajaxreq_rce | Mida Solutions eFramework ajaxreq.php Command Injection |
| exploit/linux/http/mobileiron_core_log4shell | MobileIron Core Unauthenticated JNDI Injection RCE (via Log4Shell) |
| exploit/linux/http/mobileiron_mdm_hessian_rce | MobileIron MDM Hessian-Based Java Deserialization RCE |
| exploit/linux/http/multi_ncc_ping_exec | D-Link/TRENDnet NCC Service Command Injection |
| exploit/linux/http/mutiny_frontend_upload | Mutiny 5 Arbitrary File Upload |
| exploit/linux/http/mvpower_dvr_shell_exec | MVPower DVR Shell Unauthenticated Command Execution |
| exploit/linux/http/nagios_xi_autodiscovery_webshell | Nagios XI Autodiscovery Webshell Upload |
| exploit/linux/http/nagios_xi_chained_rce_2_electric_boogaloo | Nagios XI Chained Remote Code Execution |
| exploit/linux/http/nagios_xi_chained_rce | Nagios XI Chained Remote Code Execution |
| exploit/linux/http/nagios_xi_magpie_debug | Nagios XI Magpie_debug.php Root Remote Code Execution |
| exploit/linux/http/nagios_xi_mibs_authenticated_rce | Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection |
| exploit/linux/http/nagios_xi_plugins_check_plugin_authenticated_rce | Nagios XI Prior to 5.6.6 getprofile.sh Authenticated Remote Command Execution |
| exploit/linux/http/nagios_xi_plugins_filename_authenticated_rce | Nagios XI Prior to 5.8.0 - Plugins Filename Authenticated Remote Code Exection |
| exploit/linux/http/nagios_xi_snmptrap_authenticated_rce | Nagios XI 5.5.0-5.7.3 - Snmptrap Authenticated Remote Code Exection |
| exploit/linux/http/netgear_dgn1000b_setup_exec | Netgear DGN1000B setup.cgi Remote Command Execution |
| exploit/linux/http/netgear_dgn1000_setup_unauth_exec | Netgear DGN1000 Setup.cgi Unauthenticated RCE |
| exploit/linux/http/netgear_dgn2200b_pppoe_exec | Netgear DGN2200B pppoe.cgi Remote Command Execution |
| exploit/linux/http/netgear_dnslookup_cmd_exec | Netgear DGN2200 dnslookup.cgi Command Injection |
| exploit/linux/http/netgear_r7000_cgibin_exec | Netgear R7000 and R6400 cgi-bin Command Injection |
| exploit/linux/http/netgear_readynas_exec | NETGEAR ReadyNAS Perl Code Evaluation |
| exploit/linux/http/netgear_unauth_exec | Netgear Devices Unauthenticated Remote Command Execution |
| exploit/linux/http/netgear_wnr2000_rce | NETGEAR WNR2000v5 (Un)authenticated hidden_lang_avi Stack Buffer Overflow |
| exploit/linux/http/netsweeper_webadmin_unixlogin | Netsweeper WebAdmin unixlogin.php Python Code Injection |
| exploit/linux/http/nexus_repo_manager_el_injection | Nexus Repository Manager Java EL Injection RCE |
| exploit/linux/http/nginx_chunked_size | Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow |
| exploit/linux/http/nuuo_nvrmini_auth_rce | NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance Authenticated Remote Code Execution |
| exploit/linux/http/nuuo_nvrmini_unauth_rce | NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution |
| exploit/linux/http/op5_config_exec | op5 v7.1.9 Configuration Command Execution |
| exploit/linux/http/openfiler_networkcard_exec | Openfiler v2.x NetworkCard Command Execution |
| exploit/linux/http/pandora_fms_events_exec | Pandora FMS Events Remote Command Execution |
| exploit/linux/http/pandora_fms_exec | Pandora FMS Remote Code Execution |
| exploit/linux/http/pandora_fms_sqli | Pandora FMS Default Credential / SQLi Remote Code Execution |
| exploit/linux/http/pandora_ping_cmd_exec | Pandora FMS Ping Authenticated Remote Code Execution |
| exploit/linux/http/panos_op_cmd_exec | Palo Alto Networks Authenticated Remote Code Execution |
| exploit/linux/http/panos_readsessionvars | Palo Alto Networks readSessionVarsFromFile() Session Corruption |
| exploit/linux/http/peercast_url | PeerCast URL Handling Buffer Overflow |
| exploit/linux/http/php_imap_open_rce | php imap_open Remote Code Execution |
| exploit/linux/http/pineapp_ldapsyncnow_exec | PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution |
| exploit/linux/http/pineapple_bypass_cmdinject | Hak5 WiFi Pineapple Preconfiguration Command Injection |
| exploit/linux/http/pineapple_preconfig_cmdinject | Hak5 WiFi Pineapple Preconfiguration Command Injection |
| exploit/linux/http/pineapp_livelog_exec | PineApp Mail-SeCure livelog.html Arbitrary Command Execution |
| exploit/linux/http/pineapp_test_li_conn_exec | PineApp Mail-SeCure test_li_connection.php Arbitrary Command Execution |
| exploit/linux/http/piranha_passwd_exec | RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution |
| exploit/linux/http/pulse_secure_cmd_exec | Pulse Secure VPN Arbitrary Command Execution |
| exploit/linux/http/pulse_secure_gzip_rce | Pulse Secure VPN gzip RCE |
| exploit/linux/http/qnap_qcenter_change_passwd_exec | QNAP Q'Center change_passwd Command Execution |
| exploit/linux/http/raidsonic_nas_ib5220_exec_noauth | Raidsonic NAS Devices Unauthenticated Remote Command Execution |
| exploit/linux/http/railo_cfml_rfi | Railo Remote File Include |
| exploit/linux/http/rancher_server | Rancher Server - Docker Exploit |
| exploit/linux/http/rconfig_ajaxarchivefiles_rce | Rconfig 3.x Chained Remote Code Execution |
| exploit/linux/http/rconfig_vendors_auth_file_upload_rce | rConfig Vendors Auth File Upload RCE |
| exploit/linux/http/realtek_miniigd_upnp_exec_noauth | Realtek SDK Miniigd UPnP SOAP Command Execution |
| exploit/linux/http/riverbed_netprofiler_netexpress_exec | Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution |
| exploit/linux/http/roxy_wi_exec | Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE |
| exploit/linux/http/saltstack_salt_api_cmd_exec | SaltStack Salt REST API Arbitrary Command Execution |
| exploit/linux/http/saltstack_salt_wheel_async_rce | SaltStack Salt API Unauthenticated RCE through wheel_async client |
| exploit/linux/http/samsung_srv_1670d_upload_exec | Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload |
| exploit/linux/http/seagate_nas_php_exec_noauth | Seagate Business NAS Unauthenticated Remote Command Execution |
| exploit/linux/http/smt_ipmi_close_window_bof | Supermicro Onboard IPMI close_window.cgi Buffer Overflow |
| exploit/linux/http/sonicwall_cve_2021_20039 | SonicWall SMA 100 Series Authenticated Command Injection |
| exploit/linux/http/sophos_utm_webadmin_sid_cmd_injection | Sophos UTM WebAdmin SID Command Injection |
| exploit/linux/http/sophos_wpa_iface_exec | Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution |
| exploit/linux/http/sophos_wpa_sblistpack_exec | Sophos Web Protection Appliance sblistpack Arbitrary Command Execution |
| exploit/linux/http/sourcegraph_gitserver_sshcmd | Sourcegraph gitserver sshCommand RCE |
| exploit/linux/http/spark_unauth_rce | Apache Spark Unauthenticated Command Execution |
| exploit/linux/http/spring_cloud_gateway_rce | Spring Cloud Gateway Remote Code Execution |
| exploit/linux/http/suitecrm_log_file_rce | SuiteCRM Log File Remote Code Execution |
| exploit/linux/http/supervisor_xmlrpc_exec | Supervisor XML-RPC Authenticated Remote Code Execution |
| exploit/linux/http/symantec_messaging_gateway_exec | Symantec Messaging Gateway Remote Code Execution |
| exploit/linux/http/symantec_web_gateway_exec | Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection |
| exploit/linux/http/symantec_web_gateway_file_upload | Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload Vulnerability |
| exploit/linux/http/symantec_web_gateway_lfi | Symantec Web Gateway 5.0.2.8 relfile File Inclusion Vulnerability |
| exploit/linux/http/symantec_web_gateway_pbcontrol | Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection |
| exploit/linux/http/symantec_web_gateway_restore | Symantec Web Gateway 5 restore.php Post Authentication Command Injection |
| exploit/linux/http/synology_dsm_sliceupload_exec_noauth | Synology DiskStation Manager SLICEUPLOAD Remote Command Execution |
| exploit/linux/http/synology_dsm_smart_exec_auth | Synology DiskStation Manager smart.cgi Remote Command Execution |
| exploit/linux/http/tiki_calendar_exec | Tiki-Wiki CMS Calendar Command Execution |
| exploit/linux/http/tp_link_ncxxx_bonjour_command_injection | TP-Link Cloud Cameras NCXXX Bonjour Command Injection |
| exploit/linux/http/tp_link_sc2020n_authenticated_telnet_injection | TP-Link SC2020n Authenticated Telnet Injection |
| exploit/linux/http/tr064_ntpserver_cmdinject | Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064 |
| exploit/linux/http/trend_micro_imsva_exec | Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution |
| exploit/linux/http/trendmicro_imsva_widget_exec | Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution |
| exploit/linux/http/trendmicro_sps_exec | Trend Micro Smart Protection Server Exec Remote Code Injection |
| exploit/linux/http/trendmicro_websecurity_exec | Trend Micro Web Security (Virtual Appliance) Remote Code Execution |
| exploit/linux/http/trueonline_billion_5200w_rce | TrueOnline / Billion 5200W-T Router Unauthenticated Command Injection |
| exploit/linux/http/trueonline_p660hn_v1_rce | TrueOnline / ZyXEL P660HN-T v1 Router Unauthenticated Command Injection |
| exploit/linux/http/trueonline_p660hn_v2_rce | TrueOnline / ZyXEL P660HN-T v2 Router Authenticated Command Injection |
| exploit/linux/http/ubiquiti_airos_file_upload | Ubiquiti airOS Arbitrary File Upload |
| exploit/linux/http/ueb_api_rce | Unitrends UEB http api remote code execution |
| exploit/linux/http/unraid_auth_bypass_exec | Unraid 6.8.0 Auth Bypass PHP Code Execution |
| exploit/linux/http/vap2500_tools_command_exec | Arris VAP2500 tools_command.php Command Execution |
| exploit/linux/http/vcms_upload | V-CMS PHP File Upload and Execute |
| exploit/linux/http/vestacp_exec | Vesta Control Panel Authenticated Remote Code Execution |
| exploit/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144 | VMware NSX Manager XStream unauthenticated RCE |
| exploit/linux/http/vmware_vcenter_analytics_file_upload | VMware vCenter Server Analytics (CEIP) Service File Upload |
| exploit/linux/http/vmware_vcenter_vsan_health_rce | VMware vCenter Server Virtual SAN Health Check Plugin RCE |
| exploit/linux/http/vmware_view_planner_4_6_uploadlog_rce | VMware View Planner Unauthenticated Log File Upload RCE |
| exploit/linux/http/vmware_vrops_mgr_ssrf_rce | VMware vRealize Operations (vROps) Manager SSRF RCE |
| exploit/linux/http/vmware_workspace_one_access_cve_2022_22954 | VMware Workspace ONE Access CVE-2022-22954 |
| exploit/linux/http/wanem_exec | WAN Emulator v2.3 Command Execution |
| exploit/linux/http/wd_mycloud_multiupload_upload | Western Digital MyCloud multi_uploadify File Upload Vulnerability |
| exploit/linux/http/webcalendar_settings_exec | WebCalendar 1.2.4 Pre-Auth Remote Code Injection |
| exploit/linux/http/webid_converter | WeBid converter.php Remote PHP Code Injection |
| exploit/linux/http/webmin_backdoor | Webmin password_change.cgi Backdoor |
| exploit/linux/http/webmin_file_manager_rce | Webmin File Manager RCE |
| exploit/linux/http/webmin_package_updates_rce | Webmin Package Updates RCE |
| exploit/linux/http/webmin_packageup_rce | Webmin Package Updates Remote Command Execution |
| exploit/linux/http/wepresent_cmd_injection | Barco WePresent file_transfer.cgi Command Injection |
| exploit/linux/http/wipg1000_cmd_injection | WePresent WiPG-1000 Command Injection |
| exploit/linux/http/xplico_exec | Xplico Remote Code Execution |
| exploit/linux/http/zabbix_sqli | Zabbix 2.0.8 SQL Injection and Remote Code Execution |
| exploit/linux/http/zen_load_balancer_exec | ZEN Load Balancer Filelog Command Execution |
| exploit/linux/http/zenoss_showdaemonxmlconfig_exec | Zenoss 3 showDaemonXMLConfig Command Execution |
| exploit/linux/http/zimbra_cpio_cve_2022_41352 | TAR Path Traversal in Zimbra (CVE-2022-41352) |
| exploit/linux/http/zimbra_mboximport_cve_2022_27925 | Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925) |
| exploit/linux/http/zimbra_unrar_cve_2022_30333 | UnRAR Path Traversal in Zimbra (CVE-2022-30333) |
| exploit/linux/http/zimbra_xxe_rce | Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF |
| exploit/linux/http/zyxel_ztp_rce | Zyxel Firewall ZTP Unauthenticated Command Injection |
| exploit/linux/ids/alienvault_centerd_soap_exec | AlienVault OSSIM av-centerd Command Injection |
| exploit/linux/ids/snortbopre | Snort Back Orifice Pre-Preprocessor Buffer Overflow |
| exploit/linux/imap/imap_uw_lsub | UoW IMAP Server LSUB Buffer Overflow |
| exploit/linux/local/abrt_raceabrt_priv_esc | ABRT raceabrt Privilege Escalation |
| exploit/linux/local/abrt_sosreport_priv_esc | ABRT sosreport Privilege Escalation |
| exploit/linux/local/af_packet_chocobo_root_priv_esc | AF_PACKET chocobo_root Privilege Escalation |
| exploit/linux/local/af_packet_packet_set_ring_priv_esc | AF_PACKET packet_set_ring Privilege Escalation |
| exploit/linux/local/apport_abrt_chroot_priv_esc | Apport / ABRT chroot Privilege Escalation |
| exploit/linux/local/apt_package_manager_persistence | APT Package Manager Persistence |
| exploit/linux/local/asan_suid_executable_priv_esc | AddressSanitizer (ASan) SUID Executable Privilege Escalation |
| exploit/linux/local/autostart_persistence | Autostart Desktop Item Persistence |
| exploit/linux/local/bash_profile_persistence | Bash Profile Persistence |
| exploit/linux/local/blueman_set_dhcp_handler_dbus_priv_esc | blueman set_dhcp_handler D-Bus Privilege Escalation |
| exploit/linux/local/bpf_priv_esc | Linux BPF doubleput UAF Privilege Escalation |
| exploit/linux/local/bpf_sign_extension_priv_esc | Linux BPF Sign Extension Local Privilege Escalation |
| exploit/linux/local/cpi_runrshell_priv_esc | Cisco Prime Infrastructure Runrshell Privilege Escalation |
| exploit/linux/local/cron_persistence | Cron Persistence |
| exploit/linux/local/cve_2021_3490_ebpf_alu32_bounds_check_lpe | Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE |
| exploit/linux/local/cve_2021_3493_overlayfs | 2021 Ubuntu Overlayfs LPE |
| exploit/linux/local/cve_2021_38648_omigod | Microsoft OMI Management Interface Authentication Bypass |
| exploit/linux/local/cve_2021_4034_pwnkit_lpe_pkexec | Local Privilege Escalation in polkits pkexec |
| exploit/linux/local/cve_2022_0847_dirtypipe | Dirty Pipe Local Privilege Escalation via CVE-2022-0847 |
| exploit/linux/local/cve_2022_0995_watch_queue | Watch Queue Out of Bounds Write |
| exploit/linux/local/desktop_privilege_escalation | Desktop Linux Password Stealer and Privilege Escalation |
| exploit/linux/local/diamorphine_rootkit_signal_priv_esc | Diamorphine Rootkit Signal Privilege Escalation |
| exploit/linux/local/docker_daemon_privilege_escalation | Docker Daemon Privilege Escalation |
| exploit/linux/local/docker_privileged_container_escape | Docker Privileged Container Escape |
| exploit/linux/local/docker_runc_escape | Docker Container Escape Via runC Overwrite |
| exploit/linux/local/exim4_deliver_message_priv_esc | Exim 4.87 - 4.91 Local Privilege Escalation |
| exploit/linux/local/glibc_ld_audit_dso_load_priv_esc | glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation |
| exploit/linux/local/glibc_origin_expansion_priv_esc | glibc '$ORIGIN' Expansion Privilege Escalation |
| exploit/linux/local/glibc_realpath_priv_esc | glibc 'realpath()' Privilege Escalation |
| exploit/linux/local/hp_smhstart | HP System Management Homepage Local Privilege Escalation |
| exploit/linux/local/hp_xglance_priv_esc | HP Performance Monitoring xglance Priv Esc |
| exploit/linux/local/juju_run_agent_priv_esc | Juju-run Agent Privilege Escalation |
| exploit/linux/local/kloxo_lxsuexec | Kloxo Local Privilege Escalation |
| exploit/linux/local/ktsuss_suid_priv_esc | ktsuss suid Privilege Escalation |
| exploit/linux/local/lastore_daemon_dbus_priv_esc | lastore-daemon D-Bus Privilege Escalation |
| exploit/linux/local/libuser_roothelper_priv_esc | Libuser roothelper Privilege Escalation |
| exploit/linux/local/nested_namespace_idmap_limit_priv_esc | Linux Nested User Namespace idmap Limit Local Privilege Escalation |
| exploit/linux/local/netfilter_nft_set_elem_init_privesc | Netfilter nft_set_elem_init Heap Overflow Privilege Escalation |
| exploit/linux/local/netfilter_priv_esc_ipv4 | Linux Kernel 4.6.3 Netfilter Privilege Escalation |
| exploit/linux/local/netfilter_xtables_heap_oob_write_priv_esc | Netfilter x_tables Heap OOB Write Privilege Escalation |
| exploit/linux/local/network_manager_vpnc_username_priv_esc | Network Manager VPNC Username Privilege Escalation |
| exploit/linux/local/ntfs3g_priv_esc | Debian/Ubuntu ntfs-3g Local Privilege Escalation |
| exploit/linux/local/omniresolve_suid_priv_esc | Micro Focus (HPE) Data Protector SUID Privilege Escalation |
| exploit/linux/local/overlayfs_priv_esc | Overlayfs Privilege Escalation |
| exploit/linux/local/pihole_remove_commands_lpe | Pi-Hole Remove Commands Linux Priv Esc |
| exploit/linux/local/pkexec | Linux PolicyKit Race Condition Privilege Escalation |
| exploit/linux/local/polkit_dbus_auth_bypass | Polkit D-Bus Authentication Bypass |
| exploit/linux/local/ptrace_sudo_token_priv_esc | ptrace Sudo Token Privilege Escalation |
| exploit/linux/local/ptrace_traceme_pkexec_helper | Linux Polkit pkexec helper PTRACE_TRACEME local root exploit |
| exploit/linux/local/rc_local_persistence | rc.local Persistence |
| exploit/linux/local/rds_atomic_free_op_null_pointer_deref_priv_esc | Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation |
| exploit/linux/local/rds_rds_page_copy_user_priv_esc | Reliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation |
| exploit/linux/local/recvmmsg_priv_esc | Linux Kernel recvmmsg Privilege Escalation |
| exploit/linux/local/reptile_rootkit_reptile_cmd_priv_esc | Reptile Rootkit reptile_cmd Privilege Escalation |
| exploit/linux/local/service_persistence | Service Persistence |
| exploit/linux/local/servu_ftp_server_prepareinstallation_priv_esc | Serv-U FTP Server prepareinstallation Privilege Escalation |
| exploit/linux/local/sock_sendpage | Linux Kernel Sendpage Local Privilege Escalation |
| exploit/linux/local/sophos_wpa_clear_keys | Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation |
| exploit/linux/local/sudo_baron_samedit | Sudo Heap-Based Buffer Overflow |
| exploit/linux/local/su_login | Login to Another User with Su on Linux / Unix Systems |
| exploit/linux/local/systemtap_modprobe_options_priv_esc | SystemTap MODPROBE_OPTIONS Privilege Escalation |
| exploit/linux/local/ubuntu_enlightenment_mount_priv_esc | Ubuntu Enlightenment Mount Priv Esc |
| exploit/linux/local/udev_netlink | Linux udev Netlink Local Privilege Escalation |
| exploit/linux/local/ueb_bpserverd_privesc | Unitrends Enterprise Backup bpserverd Privilege Escalation |
| exploit/linux/local/ufo_privilege_escalation | Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation |
| exploit/linux/local/vmware_alsa_config | VMware Workstation ALSA Config File Local Privilege Escalation |
| exploit/linux/local/vmware_mount | VMWare Setuid vmware-mount Unsafe popen(3) |
| exploit/linux/local/vmware_workspace_one_access_certproxy_lpe | VMware Workspace ONE Access CVE-2022-31660 |
| exploit/linux/local/yum_package_manager_persistence | Yum Package Manager Persistence |
| exploit/linux/local/zimbra_postfix_priv_esc | Zimbra sudo + postfix privilege escalation |
| exploit/linux/local/zimbra_slapper_priv_esc | Zimbra zmslapd arbitrary module load |
| exploit/linux/local/zpanel_zsudo | ZPanel zsudo Local Privilege Escalation Exploit |
| exploit/linux/local/zyxel_suid_cp_lpe | Zyxel Firewall SUID Binary Privilege Escalation |
| exploit/linux/misc/accellion_fta_mpipe2 | Accellion FTA MPIPE2 Command Execution |
| exploit/linux/misc/aerospike_database_udf_cmd_exec | Aerospike Database UDF Lua Code Execution |
| exploit/linux/misc/asus_infosvr_auth_bypass_exec | ASUS infosvr Auth Bypass Command Execution |
| exploit/linux/misc/cisco_rv340_sslvpn | Cisco RV340 SSL VPN Unauthenticated Remote Code Execution |
| exploit/linux/misc/cve_2020_13160_anydesk | AnyDesk GUI Format String Write |
| exploit/linux/misc/cve_2021_38647_omigod | Microsoft OMI Management Interface Authentication Bypass |
| exploit/linux/misc/gld_postfix | GLD (Greylisting Daemon) Postfix Buffer Overflow |
| exploit/linux/misc/hid_discoveryd_command_blink_on_unauth_rce | HID discoveryd command_blink_on Unauthenticated RCE |
| exploit/linux/misc/hikvision_rtsp_bof | Hikvision DVR RTSP Request Remote Code Execution |
| exploit/linux/misc/hp_data_protector_cmd_exec | HP Data Protector 6 EXEC_CMD Remote Code Execution |
| exploit/linux/misc/hp_jetdirect_path_traversal | HP Jetdirect Path Traversal Arbitrary Code Execution |
| exploit/linux/misc/hplip_hpssd_exec | HPLIP hpssd.py From Address Arbitrary Command Execution |
| exploit/linux/misc/hp_nnmi_pmd_bof | HP Network Node Manager I PMD Buffer Overflow |
| exploit/linux/misc/hp_vsa_login_bof | HP StorageWorks P4000 Virtual SAN Appliance Login Buffer Overflow |
| exploit/linux/misc/ib_inet_connect | Borland InterBase INET_connect() Buffer Overflow |
| exploit/linux/misc/ib_jrd8_create_database | Borland InterBase jrd8_create_database() Buffer Overflow |
| exploit/linux/misc/ib_open_marker_file | Borland InterBase open_marker_file() Buffer Overflow |
| exploit/linux/misc/ib_pwd_db_aliased | Borland InterBase PWD_db_aliased() Buffer Overflow |
| exploit/linux/misc/igel_command_injection | IGEL OS Secure VNC/Terminal Command Injection RCE |
| exploit/linux/misc/jenkins_java_deserialize | Jenkins CLI RMI Java Deserialization Vulnerability |
| exploit/linux/misc/jenkins_ldap_deserialize | Jenkins CLI HTTP Java Deserialization Vulnerability |
| exploit/linux/misc/lprng_format_string | LPRng use_syslog Remote Format String Vulnerability |
| exploit/linux/misc/mongod_native_helper | MongoDB nativeHelper.apply Remote Code Execution |
| exploit/linux/misc/nagios_nrpe_arguments | Nagios Remote Plugin Executor Arbitrary Command Execution |
| exploit/linux/misc/netcore_udp_53413_backdoor | Netcore Router Udp 53413 Backdoor |
| exploit/linux/misc/netsupport_manager_agent | NetSupport Manager Agent Remote Buffer Overflow |
| exploit/linux/misc/nimbus_gettopologyhistory_cmd_exec | Apache Storm Nimbus getTopologyHistory Unauthenticated Command Execution |
| exploit/linux/misc/novell_edirectory_ncp_bof | Novell eDirectory 8 Buffer Overflow |
| exploit/linux/misc/opennms_java_serialize | OpenNMS Java Object Unserialization Remote Code Execution |
| exploit/linux/misc/qnap_transcode_server | QNAP Transcode Server Command Execution |
| exploit/linux/misc/quest_pmmasterd_bof | Quest Privilege Manager pmmasterd Buffer Overflow |
| exploit/linux/misc/saltstack_salt_unauth_rce | SaltStack Salt Master/Minion Unauthenticated RCE |
| exploit/linux/misc/sercomm_exec | SerComm Device Remote Code Execution |
| exploit/linux/misc/tplink_archer_a7_c7_lan_rce | TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution |
| exploit/linux/misc/ueb9_bpserverd | Unitrends UEB bpserverd authentication bypass RCE |
| exploit/linux/misc/zabbix_server_exec | Zabbix Server Arbitrary Command Execution |
| exploit/linux/mysql/mysql_yassl_getname | MySQL yaSSL CertDecoder::GetName Buffer Overflow |
| exploit/linux/mysql/mysql_yassl_hello | MySQL yaSSL SSL Hello Message Buffer Overflow |
| exploit/linux/pop3/cyrus_pop3d_popsubfolders | Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow |
| exploit/linux/postgres/postgres_payload | PostgreSQL for Linux Payload Execution |
| exploit/linux/pptp/poptop_negative_read | Poptop Negative Read Overflow |
| exploit/linux/proxy/squid_ntlm_authenticate | Squid NTLM Authenticate Overflow |
| exploit/linux/redis/redis_debian_sandbox_escape | Redis Lua Sandbox Escape |
| exploit/linux/redis/redis_replication_cmd_exec | Redis Replication Code Execution |
| exploit/linux/samba/chain_reply | Samba chain_reply Memory Corruption (Linux x86) |
| exploit/linux/samba/is_known_pipename | Samba is_known_pipename() Arbitrary Module Load |
| exploit/linux/samba/lsa_transnames_heap | Samba lsa_io_trans_names Heap Overflow |
| exploit/linux/samba/setinfopolicy_heap | Samba SetInformationPolicy AuditEventsInfo Heap Overflow |
| exploit/linux/samba/trans2open | Samba trans2open Overflow (Linux x86) |
| exploit/linux/smtp/apache_james_exec | Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write |
| exploit/linux/smtp/exim4_dovecot_exec | Exim and Dovecot Insecure Configuration Command Injection |
| exploit/linux/smtp/exim_gethostbyname_bof | Exim GHOST (glibc gethostbyname) Buffer Overflow |
| exploit/linux/smtp/haraka | Haraka SMTP Command Injection |
| exploit/linux/snmp/awind_snmp_exec | AwindInc SNMP Service Command Injection |
| exploit/linux/snmp/net_snmpd_rw_access | Net-SNMPd Write Access SNMP-EXTEND-MIB arbitrary code execution |
| exploit/linux/ssh/ceragon_fibeair_known_privkey | Ceragon FibeAir IP-10 SSH Private Key Exposure |
| exploit/linux/ssh/cisco_ucs_scpuser | Cisco UCS Director default scpuser password |
| exploit/linux/ssh/exagrid_known_privkey | ExaGrid Known SSH Key and Default Password |
| exploit/linux/ssh/f5_bigip_known_privkey | F5 BIG-IP SSH Private Key Exposure |
| exploit/linux/ssh/ibm_drm_a3user | IBM Data Risk Manager a3user Default Password |
| exploit/linux/ssh/loadbalancerorg_enterprise_known_privkey | Loadbalancer.org Enterprise VA SSH Private Key Exposure |
| exploit/linux/ssh/mercurial_ssh_exec | Mercurial Custom hg-ssh Wrapper Remote Code Exec |
| exploit/linux/ssh/microfocus_obr_shrboadmin | Micro Focus Operations Bridge Reporter shrboadmin default password |
| exploit/linux/ssh/quantum_dxi_known_privkey | Quantum DXi V1000 SSH Private Key Exposure |
| exploit/linux/ssh/quantum_vmpro_backdoor | Quantum vmPRO Backdoor Command |
| exploit/linux/ssh/solarwinds_lem_exec | SolarWinds LEM Default SSH Password Remote Code Execution |
| exploit/linux/ssh/symantec_smg_ssh | Symantec Messaging Gateway 9.5 Default SSH Password Vulnerability |
| exploit/linux/ssh/vmware_vdp_known_privkey | VMware VDP Known SSH Key |
| exploit/linux/ssh/vyos_restricted_shell_privesc | VyOS restricted-shell Escape and Privilege Escalation |
| exploit/linux/telnet/netgear_telnetenable | NETGEAR TelnetEnable |
| exploit/linux/telnet/telnet_encrypt_keyid | Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow |
| exploit/linux/upnp/belkin_wemo_upnp_exec | Belkin Wemo UPnP Remote Code Execution |
| exploit/linux/upnp/dlink_dir859_exec_ssdpcgi | D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi |
| exploit/linux/upnp/dlink_dir859_subscribe_exec | D-Link DIR-859 Unauthenticated Remote Command Execution |
| exploit/linux/upnp/dlink_upnp_msearch_exec | D-Link Unauthenticated UPnP M-SEARCH Multicast Command Injection |
| exploit/linux/upnp/miniupnpd_soap_bof | MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution |
| exploit/mainframe/ftp/ftp_jcl_creds | FTP JCL Execution |
| exploit/multi/browser/adobe_flash_hacking_team_uaf | Adobe Flash Player ByteArray Use After Free |
| exploit/multi/browser/adobe_flash_nellymoser_bof | Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow |
| exploit/multi/browser/adobe_flash_net_connection_confusion | Adobe Flash Player NetConnection Type Confusion |
| exploit/multi/browser/adobe_flash_opaque_background_uaf | Adobe Flash opaqueBackground Use After Free |
| exploit/multi/browser/adobe_flash_pixel_bender_bof | Adobe Flash Player Shader Buffer Overflow |
| exploit/multi/browser/adobe_flash_shader_drawing_fill | Adobe Flash Player Drawing Fill Shader Memory Corruption |
| exploit/multi/browser/adobe_flash_shader_job_overflow | Adobe Flash Player ShaderJob Buffer Overflow |
| exploit/multi/browser/adobe_flash_uncompress_zlib_uaf | Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free |
| exploit/multi/browser/chrome_array_map | Google Chrome 72 and 73 Array.map exploit |
| exploit/multi/browser/chrome_cve_2021_21220_v8_insufficient_validation | Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE |
| exploit/multi/browser/chrome_jscreate_sideeffect | Google Chrome 80 JSCreate side-effect type confusion exploit |
| exploit/multi/browser/chrome_object_create | Google Chrome 67, 68 and 69 Object.create exploit |
| exploit/multi/browser/chrome_simplifiedlowering_overflow | Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase |
| exploit/multi/browser/firefox_escape_retval | Firefox 3.5 escape() Return Value Memory Corruption |
| exploit/multi/browser/firefox_jit_use_after_free | Firefox MCallGetProperty Write Side Effects Use After Free Exploit |
| exploit/multi/browser/firefox_pdfjs_privilege_escalation | Firefox PDF.js Privileged Javascript Injection |
| exploit/multi/browser/firefox_proto_crmfrequest | Firefox 5.0 - 15.0.1 exposedProps XCS Code Execution |
| exploit/multi/browser/firefox_proxy_prototype | Firefox Proxy Prototype Privileged Javascript Injection |
| exploit/multi/browser/firefox_queryinterface | Firefox location.QueryInterface() Code Execution |
| exploit/multi/browser/firefox_svg_plugin | Firefox 17.0.1 Flash Privileged Code Injection |
| exploit/multi/browser/firefox_tostring_console_injection | Firefox toString console.time Privileged Javascript Injection |
| exploit/multi/browser/firefox_webidl_injection | Firefox WebIDL Privileged Javascript Injection |
| exploit/multi/browser/firefox_xpi_bootstrapped_addon | Mozilla Firefox Bootstrapped Addon Social Engineering Code Execution |
| exploit/multi/browser/itms_overflow | Apple OS X iTunes 8.1.1 ITMS Overflow |
| exploit/multi/browser/java_atomicreferencearray | Java AtomicReferenceArray Type Violation Vulnerability |
| exploit/multi/browser/java_calendar_deserialize | Sun Java Calendar Deserialization Privilege Escalation |
| exploit/multi/browser/java_getsoundbank_bof | Sun Java JRE getSoundbank file:// URI Buffer Overflow |
| exploit/multi/browser/java_jre17_driver_manager | Java Applet Driver Manager Privileged toString() Remote Code Execution |
| exploit/multi/browser/java_jre17_exec | Java 7 Applet Remote Code Execution |
| exploit/multi/browser/java_jre17_glassfish_averagerangestatisticimpl | Java Applet AverageRangeStatisticImpl Remote Code Execution |
| exploit/multi/browser/java_jre17_jaxws | Java Applet JAX-WS Remote Code Execution |
| exploit/multi/browser/java_jre17_jmxbean_2 | Java Applet JMX Remote Code Execution |
| exploit/multi/browser/java_jre17_jmxbean | Java Applet JMX Remote Code Execution |
| exploit/multi/browser/java_jre17_method_handle | Java Applet Method Handle Remote Code Execution |
| exploit/multi/browser/java_jre17_provider_skeleton | Java Applet ProviderSkeleton Insecure Invoke Method |
| exploit/multi/browser/java_jre17_reflection_types | Java Applet Reflection Type Confusion Remote Code Execution |
| exploit/multi/browser/java_rhino | Java Applet Rhino Script Engine Remote Code Execution |
| exploit/multi/browser/java_rmi_connection_impl | Java RMIConnectionImpl Deserialization Privilege Escalation |
| exploit/multi/browser/java_setdifficm_bof | Sun Java JRE AWT setDiffICM Buffer Overflow |
| exploit/multi/browser/java_signed_applet | Java Signed Applet Social Engineering Code Execution |
| exploit/multi/browser/java_storeimagearray | Java storeImageArray() Invalid Array Indexing Vulnerability |
| exploit/multi/browser/java_trusted_chain | Java Statement.invoke() Trusted Method Chain Privilege Escalation |
| exploit/multi/browser/java_verifier_field_access | Java Applet Field Bytecode Verifier Cache Remote Code Execution |
| exploit/multi/browser/mozilla_compareto | Mozilla Suite/Firefox compareTo() Code Execution |
| exploit/multi/browser/mozilla_navigatorjava | Mozilla Suite/Firefox Navigator Object Code Execution |
| exploit/multi/browser/msfd_rce_browser | Metasploit msfd Remote Code Execution via Browser |
| exploit/multi/browser/opera_configoverwrite | Opera 9 Configuration Overwrite |
| exploit/multi/browser/opera_historysearch | Opera historysearch XSS |
| exploit/multi/browser/qtjava_pointer | Apple QTJava toQTPointer() Arbitrary Memory Access |
| exploit/multi/elasticsearch/script_mvel_rce | ElasticSearch Dynamic Script Arbitrary Java Execution |
| exploit/multi/elasticsearch/search_groovy_script | ElasticSearch Search Groovy Sandbox Bypass |
| exploit/multi/fileformat/adobe_u3d_meshcont | Adobe U3D CLODProgressiveMeshDeclaration Array Overrun |
| exploit/multi/fileformat/archive_tar_arb_file_write | PEAR Archive_Tar 1.4.10 Arbitrary File Write |
| exploit/multi/fileformat/evince_cbt_cmd_injection | Evince CBT File Command Injection |
| exploit/multi/fileformat/ghostscript_failed_restore | Ghostscript Failed Restore Command Execution |
| exploit/multi/fileformat/js_unpacker_eval_injection | Javascript Injection for Eval-based Unpackers |
| exploit/multi/fileformat/libreoffice_logo_exec | LibreOffice Macro Python Code Execution |
| exploit/multi/fileformat/libreoffice_macro_exec | LibreOffice Macro Code Execution |
| exploit/multi/fileformat/maple_maplet | Maple Maplet File Creation and Command Execution |
| exploit/multi/fileformat/nodejs_js_yaml_load_code_exec | Nodejs js-yaml load() Code Execution |
| exploit/multi/fileformat/office_word_macro | Microsoft Office Word Malicious Macro Execution |
| exploit/multi/fileformat/peazip_command_injection | PeaZip Zip Processing Command Injection |
| exploit/multi/fileformat/swagger_param_inject | JSON Swagger CodeGen Parameter Injector |
| exploit/multi/fileformat/zip_slip | Generic Zip Slip Traversal Vulnerability |
| exploit/multi/ftp/pureftpd_bash_env_exec | Pure-FTPd External Authentication Bash Environment Variable Code Injection (Shellshock) |
| exploit/multi/ftp/wuftpd_site_exec_format | WU-FTPD SITE EXEC/INDEX Format String Vulnerability |
| exploit/multi/gdb/gdb_server_exec | GDB Server Remote Payload Execution |
| exploit/multi/hams/steamed | Steamed Hams |
| exploit/multi/handler | Generic Payload Handler |
| exploit/multi/http/activecollab_chat | Active Collab "chat module" Remote PHP Code Injection Exploit |
| exploit/multi/http/agent_tesla_panel_rce | Agent Tesla Panel Remote Code Execution |
| exploit/multi/http/ajaxplorer_checkinstall_exec | AjaXplorer checkInstall.php Remote Command Execution |
| exploit/multi/http/apache_activemq_upload_jsp | ActiveMQ web shell upload |
| exploit/multi/http/apache_apisix_api_default_token_rce | APISIX Admin API default access token RCE |
| exploit/multi/http/apache_couchdb_erlang_rce | Apache Couchdb Erlang RCE |
| exploit/multi/http/apache_flink_jar_upload_exec | Apache Flink JAR Upload Java Code Execution |
| exploit/multi/http/apache_jetspeed_file_upload | Apache Jetspeed Arbitrary File Upload |
| exploit/multi/http/apache_mod_cgi_bash_env_exec | Apache mod_cgi Bash Environment Variable Code Injection (Shellshock) |
| exploit/multi/http/apache_nifi_processor_rce | Apache NiFi API Remote Code Execution |
| exploit/multi/http/apache_normalize_path_rce | Apache 2.4.49/2.4.50 Traversal RCE |
| exploit/multi/http/apache_roller_ognl_injection | Apache Roller OGNL Injection |
| exploit/multi/http/apprain_upload_exec | appRain CMF Arbitrary PHP File Upload Vulnerability |
| exploit/multi/http/atlassian_confluence_namespace_ognl_injection | Atlassian Confluence Namespace OGNL Injection |
| exploit/multi/http/atlassian_confluence_webwork_ognl_injection | Atlassian Confluence WebWork OGNL Injection |
| exploit/multi/http/atlassian_crowd_pdkinstall_plugin_upload_rce | Atlassian Crowd pdkinstall Unauthenticated Plugin Upload RCE |
| exploit/multi/http/atutor_sqli | ATutor 2.2.1 SQL Injection / Remote Code Execution |
| exploit/multi/http/atutor_upload_traversal | ATutor 2.2.4 - Directory Traversal / Remote Code Execution, |
| exploit/multi/http/auxilium_upload_exec | Auxilium RateMyPet Arbitrary File Upload Vulnerability |
| exploit/multi/http/axis2_deployer | Axis2 / SAP BusinessObjects Authenticated Code Execution (via SOAP) |
| exploit/multi/http/baldr_upload_exec | Baldr Botnet Panel Shell Upload Exploit |
| exploit/multi/http/bassmaster_js_injection | Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution |
| exploit/multi/http/bolt_file_upload | CMS Bolt File Upload Vulnerability |
| exploit/multi/http/builderengine_upload_exec | BuilderEngine Arbitrary File Upload Vulnerability and execution |
| exploit/multi/http/caidao_php_backdoor_exec | China Chopper Caidao PHP Backdoor Code Execution |
| exploit/multi/http/churchinfo_upload_exec | ChurchInfo 1.2.13-1.3.0 Authenticated RCE |
| exploit/multi/http/cisco_dcnm_upload_2019 | Cisco Data Center Network Manager Unauthenticated Remote Code Execution |
| exploit/multi/http/cisco_dcnm_upload | Cisco Prime Data Center Network Manager Arbitrary File Upload |
| exploit/multi/http/clipbucket_fileupload_exec | ClipBucket beats_uploader Unauthenticated Arbitrary File Upload |
| exploit/multi/http/cmsms_object_injection_rce | CMS Made Simple Authenticated RCE via object injection |
| exploit/multi/http/cmsms_showtime2_rce | CMS Made Simple (CMSMS) Showtime2 File Upload RCE |
| exploit/multi/http/cmsms_upload_rename_rce | CMS Made Simple Authenticated RCE via File Upload/Copy |
| exploit/multi/http/cockpit_cms_rce | Cockpit CMS NoSQLi to RCE |
| exploit/multi/http/coldfusion_ckeditor_file_upload | Adobe ColdFusion CKEditor unrestricted file upload |
| exploit/multi/http/coldfusion_rds_auth_bypass | Adobe ColdFusion RDS Authentication Bypass |
| exploit/multi/http/confluence_widget_connector | Atlassian Confluence Widget Connector Macro Velocity Template Injection |
| exploit/multi/http/cups_bash_env_exec | CUPS Filter Bash Environment Variable Code Injection (Shellshock) |
| exploit/multi/http/cuteflow_upload_exec | CuteFlow v2.11.2 Arbitrary File Upload Vulnerability |
| exploit/multi/http/cve_2021_35464_forgerock_openam | ForgeRock / OpenAM Jato Java Deserialization |
| exploit/multi/http/dexter_casinoloader_exec | Dexter (CasinoLoader) SQL Injection |
| exploit/multi/http/dotcms_file_upload_rce | DotCMS RCE via Arbitrary File Upload. |
| exploit/multi/http/drupal_drupageddon | Drupal HTTP Parameter Key/Value SQL Injection |
| exploit/multi/http/eaton_nsm_code_exec | Network Shutdown Module (sort_values) Remote PHP Code Injection |
| exploit/multi/http/eventlog_file_upload | ManageEngine Eventlog Analyzer Arbitrary File Upload |
| exploit/multi/http/extplorer_upload_exec | eXtplorer v2.1 Arbitrary File Upload Vulnerability |
| exploit/multi/http/familycms_less_exec | Family Connections less.php Remote Command Execution |
| exploit/multi/http/freenas_exec_raw | FreeNAS exec_raw.php Arbitrary Command Execution |
| exploit/multi/http/gestioip_exec | GestioIP Remote Command Execution |
| exploit/multi/http/getsimplecms_unauth_code_exec | GetSimpleCMS Unauthenticated RCE |
| exploit/multi/http/git_client_command_exec | Malicious Git and Mercurial HTTP Server For CVE-2014-9390 |
| exploit/multi/http/gitea_git_fetch_rce | Gitea Git Fetch Remote Code Execution |
| exploit/multi/http/gitea_git_hooks_rce | Gitea Git Hooks Remote Code Execution |
| exploit/multi/http/gitlab_exif_rce | GitLab Unauthenticated Remote ExifTool Command Injection |
| exploit/multi/http/gitlab_file_read_rce | GitLab File Read Remote Code Execution |
| exploit/multi/http/gitlab_shell_exec | Gitlab-shell Code Execution |
| exploit/multi/http/git_lfs_clone_command_exec | Git LFS Clone Command Exec |
| exploit/multi/http/gitlist_arg_injection | GitList v0.6.0 Argument Injection Vulnerability |
| exploit/multi/http/gitorious_graph | Gitorious Arbitrary Command Execution |
| exploit/multi/http/git_submodule_command_exec | Malicious Git HTTP Server For CVE-2017-1000117 |
| exploit/multi/http/git_submodule_url_exec | Malicious Git HTTP Server For CVE-2018-17456 |
| exploit/multi/http/glassfish_deployer | Sun/Oracle GlassFish Server Authenticated Code Execution |
| exploit/multi/http/glossword_upload_exec | Glossword v1.8.8 - 1.8.12 Arbitrary File Upload Vulnerability |
| exploit/multi/http/glpi_install_rce | GLPI install.php Remote Command Execution |
| exploit/multi/http/gogs_git_hooks_rce | Gogs Git Hooks Remote Code Execution |
| exploit/multi/http/horde_csv_rce | Horde CSV import arbitrary PHP code execution |
| exploit/multi/http/horde_form_file_upload | Horde Form File Upload Vulnerability |
| exploit/multi/http/horde_href_backdoor | Horde 3.3.12 Backdoor Arbitrary PHP Code Execution |
| exploit/multi/http/horizontcms_upload_exec | HorizontCMS Arbitrary PHP File Upload |
| exploit/multi/http/hp_sitescope_issuesiebelcmd | HP SiteScope issueSiebelCmd Remote Code Execution |
| exploit/multi/http/hp_sitescope_uploadfileshandler | HP SiteScope Remote Code Execution |
| exploit/multi/http/hp_sys_mgmt_exec | HP System Management Homepage JustGetSNMPQueue Command Injection |
| exploit/multi/http/hyperic_hq_script_console | VMware Hyperic HQ Groovy Script-Console Java Execution |
| exploit/multi/http/ibm_openadmin_tool_soap_welcomeserver_exec | IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution |
| exploit/multi/http/ispconfig_php_exec | ISPConfig Authenticated Arbitrary PHP Code Execution |
| exploit/multi/http/jboss_bshdeployer | JBoss JMX Console Beanshell Deployer WAR Upload and Deployment |
| exploit/multi/http/jboss_deploymentfilerepository | JBoss Java Class DeploymentFileRepository WAR Deployment |
| exploit/multi/http/jboss_invoke_deploy | JBoss DeploymentFileRepository WAR Deployment (via JMXInvokerServlet) |
| exploit/multi/http/jboss_maindeployer | JBoss JMX Console Deployer Upload and Execute |
| exploit/multi/http/jboss_seam_upload_exec | JBoss Seam 2 File Upload and Execute |
| exploit/multi/http/jenkins_metaprogramming | Jenkins ACL Bypass and Metaprogramming RCE |
| exploit/multi/http/jenkins_script_console | Jenkins-CI Script-Console Java Execution |
| exploit/multi/http/jenkins_xstream_deserialize | Jenkins XStream Groovy classpath Deserialization Vulnerability |
| exploit/multi/http/jira_hipchat_template | Atlassian HipChat for Jira Plugin Velocity Template Injection |
| exploit/multi/http/jira_plugin_upload | Atlassian Jira Authenticated Upload Code Execution |
| exploit/multi/http/joomla_http_header_rce | Joomla HTTP Header Unauthenticated Remote Code Execution |
| exploit/multi/http/kong_gateway_admin_api_rce | Kong Gateway Admin API Remote Code Execution |
| exploit/multi/http/kordil_edms_upload_exec | Kordil EDMS v2.2.60rc3 Unauthenticated Arbitrary File Upload Vulnerability |
| exploit/multi/http/lcms_php_exec | LotusCMS 3.0 eval() Remote Command Execution |
| exploit/multi/http/liferay_java_unmarshalling | Liferay Portal Java Unmarshalling via JSONWS RCE |
| exploit/multi/http/log1cms_ajax_create_folder | Log1 CMS writeInfo() PHP Code Injection |
| exploit/multi/http/log4shell_header_injection | Log4Shell HTTP Header Injection |
| exploit/multi/http/magento_unserialize | Magento 2.0.6 Unserialize Remote Code Execution |
| exploit/multi/http/makoserver_cmd_exec | Mako Server v2.5, 2.6 OS Command Injection RCE |
| exploit/multi/http/manageengine_auth_upload | ManageEngine Multiple Products Authenticated File Upload |
| exploit/multi/http/manage_engine_dc_pmp_sqli | ManageEngine Desktop Central / Password Manager LinkViewFetchServlet.dat SQL Injection |
| exploit/multi/http/manageengine_sd_uploader | ManageEngine ServiceDesk Plus Arbitrary File Upload |
| exploit/multi/http/manageengine_search_sqli | ManageEngine Security Manager Plus 5.5 Build 5505 SQL Injection |
| exploit/multi/http/mantisbt_manage_proj_page_rce | Mantis manage_proj_page PHP Code Execution |
| exploit/multi/http/mantisbt_php_exec | MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability |
| exploit/multi/http/maracms_upload_exec | MaraCMS Arbitrary PHP File Upload |
| exploit/multi/http/mediawiki_syntaxhighlight | MediaWiki SyntaxHighlight extension option injection vulnerability |
| exploit/multi/http/mediawiki_thumb | MediaWiki Thumb.php Remote Command Execution |
| exploit/multi/http/metasploit_static_secret_key_base | Metasploit Web UI Static secret_key_base Value |
| exploit/multi/http/metasploit_webui_console_command_execution | Metasploit Web UI Diagnostic Console Command Execution |
| exploit/multi/http/microfocus_obm_auth_rce | Micro Focus Operations Bridge Manager Authenticated Remote Code Execution |
| exploit/multi/http/microfocus_ucmdb_unauth_deser | Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution |
| exploit/multi/http/mma_backdoor_upload | Th3 MMA mma.php Backdoor Arbitrary File Upload |
| exploit/multi/http/mobilecartly_upload_exec | MobileCartly 1.0 Arbitrary File Creation Vulnerability |
| exploit/multi/http/monstra_fileupload_exec | Monstra CMS Authenticated Arbitrary File Upload |
| exploit/multi/http/moodle_admin_shell_upload | Moodle Admin Shell Upload |
| exploit/multi/http/moodle_cmd_exec | Moodle Remote Command Execution |
| exploit/multi/http/moodle_spelling_binary_rce | Moodle Authenticated Spelling Binary RCE |
| exploit/multi/http/moodle_spelling_path_rce | Moodle SpellChecker Path Authenticated Remote Command Execution |
| exploit/multi/http/moodle_teacher_enrollment_priv_esc_to_rce | Moodle Teacher Enrollment Privilege Escalation to RCE |
| exploit/multi/http/movabletype_upgrade_exec | Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution |
| exploit/multi/http/mutiny_subnetmask_exec | Mutiny Remote Command Execution |
| exploit/multi/http/mybb_rce_cve_2022_24734 | MyBB Admin Control Code Injection RCE |
| exploit/multi/http/nas4free_php_exec | NAS4Free Arbitrary Remote Code Execution |
| exploit/multi/http/navigate_cms_rce | Navigate CMS Unauthenticated Remote Code Execution |
| exploit/multi/http/netwin_surgeftp_exec | Netwin SurgeFTP Remote Command Execution |
| exploit/multi/http/nibbleblog_file_upload | Nibbleblog File Upload Vulnerability |
| exploit/multi/http/nostromo_code_exec | Nostromo Directory Traversal Remote Command Execution |
| exploit/multi/http/novell_servicedesk_rce | Novell ServiceDesk Authenticated File Upload |
| exploit/multi/http/nuuo_nvrmini_upgrade_rce | NUUO NVRmini upgrade_handle.php Remote Command Execution |
| exploit/multi/http/october_upload_bypass_exec | October CMS Upload Protection Bypass Code Execution |
| exploit/multi/http/op5_license | OP5 license.php Remote Command Execution |
| exploit/multi/http/op5_welcome | OP5 welcome Remote Command Execution |
| exploit/multi/http/openfire_auth_bypass | Openfire Admin Console Authentication Bypass |
| exploit/multi/http/openmediavault_cmd_exec | OpenMediaVault Cron Remote Command Execution |
| exploit/multi/http/openmrs_deserialization | OpenMRS Java Deserialization RCE |
| exploit/multi/http/openx_backdoor_php | OpenX Backdoor PHP Code Execution |
| exploit/multi/http/opmanager_socialit_file_upload | ManageEngine OpManager and Social IT Arbitrary File Upload |
| exploit/multi/http/opmanager_sumpdu_deserialization | ManageEngine OpManager SumPDU Java Deserialization |
| exploit/multi/http/oracle_ats_file_upload | Oracle ATS Arbitrary File Upload |
| exploit/multi/http/oracle_reports_rce | Oracle Forms and Reports Remote Code Execution |
| exploit/multi/http/oracle_weblogic_wsat_deserialization_rce | Oracle WebLogic wls-wsat Component Deserialization RCE |
| exploit/multi/http/orientdb_exec | OrientDB 2.2.x Remote Code Execution |
| exploit/multi/http/oscommerce_installer_unauth_code_exec | osCommerce Installer Unauthenticated Code Execution |
| exploit/multi/http/pandora_upload_exec | Pandora FMS v3.1 Auth Bypass and Arbitrary File Upload Vulnerability |
| exploit/multi/http/phoenix_exec | Phoenix Exploit Kit Remote Code Execution |
| exploit/multi/http/php_cgi_arg_injection | PHP CGI Argument Injection |
| exploit/multi/http/phpfilemanager_rce | phpFileManager 0.9.8 Remote Code Execution |
| exploit/multi/http/php_fpm_rce | PHP-FPM Underflow RCE |
| exploit/multi/http/phpldapadmin_query_engine | phpLDAPadmin query_engine Remote PHP Code Injection |
| exploit/multi/http/phpmailer_arg_injection | PHPMailer Sendmail Argument Injection |
| exploit/multi/http/phpmoadmin_exec | PHPMoAdmin 1.1.2 Remote Code Execution |
| exploit/multi/http/phpmyadmin_3522_backdoor | phpMyAdmin 3.5.2.2 server_sync.php Backdoor |
| exploit/multi/http/phpmyadmin_lfi_rce | phpMyAdmin Authenticated Remote Code Execution |
| exploit/multi/http/phpmyadmin_null_termination_exec | phpMyAdmin Authenticated Remote Code Execution |
| exploit/multi/http/phpmyadmin_preg_replace | phpMyAdmin Authenticated Remote Code Execution via preg_replace() |
| exploit/multi/http/phpscheduleit_start_date | phpScheduleIt PHP reserve.php start_date Parameter Arbitrary Code Injection |
| exploit/multi/http/phpstudy_backdoor_rce | PHPStudy Backdoor Remote Code execution |
| exploit/multi/http/phptax_exec | PhpTax pfilez Parameter Exec Remote Code Injection |
| exploit/multi/http/php_utility_belt_rce | PHP Utility Belt Remote Code Execution |
| exploit/multi/http/php_volunteer_upload_exec | PHP Volunteer Management System v1.0.2 Arbitrary File Upload Vulnerability |
| exploit/multi/http/phpwiki_ploticus_exec | Phpwiki Ploticus Remote Code Execution |
| exploit/multi/http/pimcore_unserialize_rce | Pimcore Unserialize RCE |
| exploit/multi/http/playsms_filename_exec | PlaySMS sendfromfile.php Authenticated "Filename" Field Code Execution |
| exploit/multi/http/playsms_template_injection | PlaySMS index.php Unauthenticated Template Injection Code Execution |
| exploit/multi/http/playsms_uploadcsv_exec | PlaySMS import.php Authenticated CSV File Upload Code Execution |
| exploit/multi/http/plone_popen2 | Plone and Zope XMLTools Remote Command Execution |
| exploit/multi/http/pmwiki_pagelist | PmWiki pagelist.php Remote PHP Code Injection Exploit |
| exploit/multi/http/polarcms_upload_exec | PolarBear CMS PHP File Upload Vulnerability |
| exploit/multi/http/processmaker_exec | ProcessMaker Open Source Authenticated PHP Code Execution |
| exploit/multi/http/processmaker_plugin_upload | ProcessMaker Plugin Upload |
| exploit/multi/http/qdpm_authenticated_rce | qdPM 9.1 Authenticated Arbitrary PHP File Upload (RCE) |
| exploit/multi/http/qdpm_upload_exec | qdPM v7 Arbitrary PHP File Upload Vulnerability |
| exploit/multi/http/rails_actionpack_inline_exec | Ruby on Rails ActionPack Inline ERB Code Execution |
| exploit/multi/http/rails_double_tap | Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability |
| exploit/multi/http/rails_dynamic_render_code_exec | Ruby on Rails Dynamic Render File Upload Remote Code Execution |
| exploit/multi/http/rails_json_yaml_code_exec | Ruby on Rails JSON Processor YAML Deserialization Code Execution |
| exploit/multi/http/rails_secret_deserialization | Ruby on Rails Known Secret Session Cookie Remote Code Execution |
| exploit/multi/http/rails_web_console_v2_code_exec | Ruby on Rails Web Console (v2) Whitelist Bypass Code Execution |
| exploit/multi/http/rails_xml_yaml_code_exec | Ruby on Rails XML Processor YAML Deserialization Code Execution |
| exploit/multi/http/rocket_servergraph_file_requestor_rce | Rocket Servergraph Admin Center fileRequestor Remote Code Execution |
| exploit/multi/http/sflog_upload_exec | Sflog! CMS 1.0 Arbitrary File Upload Vulnerability |
| exploit/multi/http/shiro_rememberme_v124_deserialize | Apache Shiro v1.2.4 Cookie RememberME Deserial RCE |
| exploit/multi/http/shopware_createinstancefromnamedarguments_rce | Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE |
| exploit/multi/http/simple_backdoors_exec | Simple Backdoor Shell Remote Code Execution |
| exploit/multi/http/sit_file_upload | Support Incident Tracker Remote Command Execution |
| exploit/multi/http/snortreport_exec | Snortreport nmap.php/nbtscan.php Remote Command Execution |
| exploit/multi/http/solarwinds_store_manager_auth_filter | SolarWinds Storage Manager Authentication Bypass |
| exploit/multi/http/solr_velocity_rce | Apache Solr Remote Code Execution via Velocity Template |
| exploit/multi/http/sonicwall_gms_upload | SonicWALL GMS 6 Arbitrary File Upload |
| exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli | Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection |
| exploit/multi/http/splunk_mappy_exec | Splunk Search Remote Code Execution |
| exploit/multi/http/splunk_upload_app_exec | Splunk Custom App Remote Code Execution |
| exploit/multi/http/spree_search_exec | Spreecommerce 0.60.1 Arbitrary Command Execution |
| exploit/multi/http/spree_searchlogic_exec | Spreecommerce Arbitrary Command Execution |
| exploit/multi/http/spring_cloud_function_spel_injection | Spring Cloud Function SpEL Injection |
| exploit/multi/http/spring_framework_rce_spring4shell | Spring Framework Class property RCE (Spring4Shell) |
| exploit/multi/http/struts2_code_exec_showcase | Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution |
| exploit/multi/http/struts2_content_type_ognl | Apache Struts Jakarta Multipart Parser OGNL Injection |
| exploit/multi/http/struts2_multi_eval_ognl | Apache Struts 2 Forced Multi OGNL Evaluation |
| exploit/multi/http/struts2_namespace_ognl | Apache Struts 2 Namespace Redirect OGNL Injection |
| exploit/multi/http/struts2_rest_xstream | Apache Struts 2 REST Plugin XStream RCE |
| exploit/multi/http/struts_code_exec_classloader | Apache Struts ClassLoader Manipulation Remote Code Execution |
| exploit/multi/http/struts_code_exec_exception_delegator | Apache Struts Remote Command Execution |
| exploit/multi/http/struts_code_exec | Apache Struts Remote Command Execution |
| exploit/multi/http/struts_code_exec_parameters | Apache Struts ParametersInterceptor Remote Code Execution |
| exploit/multi/http/struts_default_action_mapper | Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution |
| exploit/multi/http/struts_dev_mode | Apache Struts 2 Developer Mode OGNL Execution |
| exploit/multi/http/struts_dmi_exec | Apache Struts Dynamic Method Invocation Remote Code Execution |
| exploit/multi/http/struts_dmi_rest_exec | Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution |
| exploit/multi/http/struts_include_params | Apache Struts includeParams Remote Code Execution |
| exploit/multi/http/stunshell_eval | STUNSHELL Web Shell Remote PHP Code Execution |
| exploit/multi/http/stunshell_exec | STUNSHELL Web Shell Remote Code Execution |
| exploit/multi/http/sun_jsws_dav_options | Sun Java System Web Server WebDAV OPTIONS Buffer Overflow |
| exploit/multi/http/sysaid_auth_file_upload | SysAid Help Desk Administrator Portal Arbitrary File Upload |
| exploit/multi/http/sysaid_rdslogs_file_upload | SysAid Help Desk 'rdslogs' Arbitrary File Upload |
| exploit/multi/http/testlink_upload_exec | TestLink v1.9.3 Arbitrary File Upload Vulnerability |
| exploit/multi/http/tomcat_jsp_upload_bypass | Tomcat RCE via JSP Upload Bypass |
| exploit/multi/http/tomcat_mgr_deploy | Apache Tomcat Manager Application Deployer Authenticated Code Execution |
| exploit/multi/http/tomcat_mgr_upload | Apache Tomcat Manager Authenticated Upload Code Execution |
| exploit/multi/http/totaljs_cms_widget_exec | Total.js CMS 12 Widget JavaScript Code Injection |
| exploit/multi/http/traq_plugin_exec | Traq admincp/common.php Remote Code Execution |
| exploit/multi/http/trendmicro_threat_discovery_admin_sys_time_cmdi | Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution |
| exploit/multi/http/ubiquiti_unifi_log4shell | UniFi Network Application Unauthenticated JNDI Injection RCE (via Log4Shell) |
| exploit/multi/http/uptime_file_upload_1 | Idera Up.Time Monitoring Station 7.0 post2file.php Arbitrary File Upload |
| exploit/multi/http/uptime_file_upload_2 | Idera Up.Time Monitoring Station 7.4 post2file.php Arbitrary File Upload |
| exploit/multi/http/v0pcr3w_exec | v0pCr3w Web Shell Remote Code Execution |
| exploit/multi/http/vbseo_proc_deutf | vBSEO proc_deutf() Remote PHP Code Injection |
| exploit/multi/http/vbulletin_getindexablecontent | vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection |
| exploit/multi/http/vbulletin_unserialize | vBulletin 5.1.2 Unserialize Code Execution |
| exploit/multi/http/vbulletin_widgetconfig_rce | vBulletin widgetConfig RCE |
| exploit/multi/http/vbulletin_widget_template_rce | vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution. |
| exploit/multi/http/visual_mining_netcharts_upload | Visual Mining NetCharts Server Remote Code Execution |
| exploit/multi/http/vmware_vcenter_log4shell | VMware vCenter Server Unauthenticated JNDI Injection RCE (via Log4Shell) |
| exploit/multi/http/vmware_vcenter_uploadova_rce | VMware vCenter Server Unauthenticated OVA File Upload RCE |
| exploit/multi/http/vtiger_install_rce | Vtiger Install Unauthenticated Remote Command Execution |
| exploit/multi/http/vtiger_logo_upload_exec | Vtiger CRM - Authenticated Logo Upload RCE |
| exploit/multi/http/vtiger_php_exec | vTigerCRM v5.4.0/v5.3.0 Authenticated Remote Code Execution |
| exploit/multi/http/vtiger_soap_upload | vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload |
| exploit/multi/http/weblogic_admin_handle_rce | Oracle WebLogic Server Administration Console Handle RCE |
| exploit/multi/http/webnms_file_upload | WebNMS Framework Server Arbitrary File Upload |
| exploit/multi/http/webpagetest_upload_exec | WebPageTest Arbitrary PHP File Upload |
| exploit/multi/http/werkzeug_debug_rce | Werkzeug Debug Shell Command Execution |
| exploit/multi/http/wikka_spam_exec | WikkaWiki 1.3.2 Spam Logging PHP Injection |
| exploit/multi/http/wp_ait_csv_rce | WordPress AIT CSV Import Export Unauthenticated Remote Code Execution |
| exploit/multi/http/wp_catch_themes_demo_import | Wordpress Plugin Catch Themes Demo Import RCE |
| exploit/multi/http/wp_crop_rce | WordPress Crop-image Shell Upload |
| exploit/multi/http/wp_db_backup_rce | WP Database Backup RCE |
| exploit/multi/http/wp_dnd_mul_file_rce | Wordpress Drag and Drop Multi File Uploader RCE |
| exploit/multi/http/wp_file_manager_rce | WordPress File Manager Unauthenticated Remote Code Execution |
| exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload | WordPress Ninja Forms Unauthenticated File Upload |
| exploit/multi/http/wp_plugin_backup_guard_rce | Wordpress Plugin Backup Guard - Authenticated Remote Code Execution |
| exploit/multi/http/wp_plugin_elementor_auth_upload_rce | Wordpress Plugin Elementor Authenticated Upload Remote Code Execution |
| exploit/multi/http/wp_plugin_modern_events_calendar_rce | Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution |
| exploit/multi/http/wp_plugin_sp_project_document_rce | Wordpress Plugin SP Project and Document - Authenticated Remote Code Execution |
| exploit/multi/http/wp_popular_posts_rce | Wordpress Popular Posts Authenticated RCE |
| exploit/multi/http/wp_responsive_thumbnail_slider_upload | WordPress Responsive Thumbnail Slider Arbitrary File Upload |
| exploit/multi/http/wp_simple_file_list_rce | WordPress Simple File List Unauthenticated Remote Code Execution |
| exploit/multi/http/wso2_file_upload_rce | WSO2 Arbitrary File Upload to RCE |
| exploit/multi/http/x7chat2_php_exec | X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution |
| exploit/multi/http/zabbix_script_exec | Zabbix Authenticated Remote Command Execution |
| exploit/multi/http/zemra_panel_rce | Zemra Botnet CnC Web Panel Remote Code Execution |
| exploit/multi/http/zenworks_configuration_management_upload | Novell ZENworks Configuration Management Arbitrary File Upload |
| exploit/multi/http/zenworks_control_center_upload | Novell ZENworks Configuration Management Remote Execution |
| exploit/multi/http/zpanel_information_disclosure_rce | Zpanel Remote Unauthenticated RCE |
| exploit/multi/ids/snort_dce_rpc | Snort 2 DCE/RPC Preprocessor Buffer Overflow |
| exploit/multi/kubernetes/exec | Kubernetes authenticated code execution |
| exploit/multi/local/allwinner_backdoor | Allwinner 3.4 Legacy Kernel Local Privilege Escalation |
| exploit/multi/local/magnicomp_sysinfo_mcsiwrapper_priv_esc | MagniComp SysInfo mcsiwrapper Privilege Escalation |
| exploit/multi/local/vagrant_synced_folder_vagrantfile_breakout | Vagrant Synced Folder Vagrantfile Breakout |
| exploit/multi/local/xorg_x11_suid_server | Xorg X11 Server SUID logfile Privilege Escalation |
| exploit/multi/local/xorg_x11_suid_server_modulepath | Xorg X11 Server SUID modulepath Privilege Escalation |
| exploit/multi/misc/arkeia_agent_exec | Western Digital Arkeia Remote Code Execution |
| exploit/multi/misc/batik_svg_java | Squiggle 1.7 SVG Browser Java Code Execution |
| exploit/multi/misc/bmc_patrol_cmd_exec | BMC Patrol Agent Privilege Escalation Cmd Execution |
| exploit/multi/misc/bmc_server_automation_rscd_nsh_rce | BMC Server Automation RSCD Agent NSH Remote Command Execution |
| exploit/multi/misc/claymore_dual_miner_remote_manager_rce | Nanopool Claymore Dual Miner APIs RCE |
| exploit/multi/misc/consul_rexec_exec | Hashicorp Consul Remote Command Execution via Rexec |
| exploit/multi/misc/consul_service_exec | Hashicorp Consul Remote Command Execution via Services API |
| exploit/multi/misc/erlang_cookie_rce | Erlang Port Mapper Daemon Cookie RCE |
| exploit/multi/misc/freeswitch_event_socket_cmd_exec | FreeSWITCH Event Socket Command Execution |
| exploit/multi/misc/hp_data_protector_exec_integutil | HP Data Protector EXEC_INTEGUTIL Remote Code Execution |
| exploit/multi/misc/hp_vsa_exec | HP StorageWorks P4000 Virtual SAN Appliance Command Execution |
| exploit/multi/misc/ibm_tm1_unauth_rce | IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution |
| exploit/multi/misc/indesign_server_soap | Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution |
| exploit/multi/misc/java_jdwp_debugger | Java Debug Wire Protocol Remote Code Execution |
| exploit/multi/misc/java_jmx_server | Java JMX Server Insecure Configuration Java Code Execution |
| exploit/multi/misc/java_rmi_server | Java RMI Server Insecure Default Configuration Java Code Execution |
| exploit/multi/misc/jboss_remoting_unified_invoker_rce | JBOSS EAP/AS Remoting Unified Invoker RCE |
| exploit/multi/misc/legend_bot_exec | Legend Perl IRC Bot Remote Code Execution |
| exploit/multi/misc/msfd_rce_remote | Metasploit msfd Remote Code Execution |
| exploit/multi/misc/msf_rpc_console | Metasploit RPC Console Command Execution |
| exploit/multi/misc/nodejs_v8_debugger | NodeJS Debugger Command Injection |
| exploit/multi/misc/nomad_exec | HashiCorp Nomad Remote Command Execution |
| exploit/multi/misc/openoffice_document_macro | Apache OpenOffice Text Document Malicious Macro Execution |
| exploit/multi/misc/openview_omniback_exec | HP OpenView OmniBack II Command Execution |
| exploit/multi/misc/osgi_console_exec | Eclipse Equinox OSGi Console Command Execution |
| exploit/multi/misc/pbot_exec | PHP IRC Bot pbot eval() Remote Code Execution |
| exploit/multi/misc/persistent_hpca_radexec_exec | HP Client Automation Command Injection |
| exploit/multi/misc/qemu_monitor_hmp_migrate_cmd_exec | QEMU Monitor HMP 'migrate' Command Execution |
| exploit/multi/misc/ra1nx_pubcall_exec | Ra1NX PHP Bot PubCall Authentication Bypass Remote Code Execution |
| exploit/multi/misc/teamcity_agent_xmlrpc_exec | TeamCity Agent XML-RPC Command Execution |
| exploit/multi/misc/veritas_netbackup_cmdexec | VERITAS NetBackup Remote Command Execution |
| exploit/multi/misc/w3tw0rk_exec | w3tw0rk / Pitbul IRC Bot Remote Code Execution |
| exploit/multi/misc/weblogic_deserialize_asyncresponseservice | Oracle Weblogic Server Deserialization RCE - AsyncResponseService |
| exploit/multi/misc/weblogic_deserialize_badattr_extcomp | WebLogic Server Deserialization RCE BadAttributeValueExpException ExtComp |
| exploit/multi/misc/weblogic_deserialize_badattrval | WebLogic Server Deserialization RCE - BadAttributeValueExpException |
| exploit/multi/misc/weblogic_deserialize | Oracle Weblogic Server Deserialization RCE |
| exploit/multi/misc/weblogic_deserialize_marshalledobject | Oracle Weblogic Server Deserialization RCE - MarshalledObject |
| exploit/multi/misc/weblogic_deserialize_rawobject | Oracle Weblogic Server Deserialization RCE - Raw Object |
| exploit/multi/misc/weblogic_deserialize_unicastref | Oracle Weblogic Server Deserialization RCE - RMI UnicastRef |
| exploit/multi/misc/wireshark_lwres_getaddrbyname | Wireshark LWRES Dissector getaddrsbyname_request Buffer Overflow |
| exploit/multi/misc/wireshark_lwres_getaddrbyname_loop | Wireshark LWRES Dissector getaddrsbyname_request Buffer Overflow (loop) |
| exploit/multi/misc/xdh_x_exec | Xdh / LinuxNet Perlbot / fBot IRC Bot Remote Code Execution |
| exploit/multi/misc/zend_java_bridge | Zend Server Java Bridge Arbitrary Java Code Execution |
| exploit/multi/mysql/mysql_udf_payload | Oracle MySQL UDF Payload Execution |
| exploit/multi/ntp/ntp_overflow | NTP Daemon readvar Buffer Overflow |
| exploit/multi/php/ignition_laravel_debug_rce | Unauthenticated remote code execution in Ignition |
| exploit/multi/php/php_unserialize_zval_cookie | PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie) |
| exploit/multi/php/wp_duplicator_code_inject | Snap Creek Duplicator WordPress plugin code injection |
| exploit/multi/postgres/postgres_copy_from_program_cmd_exec | PostgreSQL COPY FROM PROGRAM Command Execution |
| exploit/multi/postgres/postgres_createlang | PostgreSQL CREATE LANGUAGE Execution |
| exploit/multi/realserver/describe | RealServer Describe Buffer Overflow |
| exploit/multi/samba/nttrans | Samba 2.2.2 - 2.2.6 nttrans Buffer Overflow |
| exploit/multi/samba/usermap_script | Samba "username map script" Command Execution |
| exploit/multi/sap/cve_2020_6207_solman_rs | SAP Solution Manager remote unauthorized OS commands execution |
| exploit/multi/sap/sap_mgmt_con_osexec_payload | SAP Management Console OSExecute Payload Execution |
| exploit/multi/sap/sap_soap_rfc_sxpg_call_system_exec | SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution |
| exploit/multi/sap/sap_soap_rfc_sxpg_command_exec | SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution |
| exploit/multi/scada/inductive_ignition_rce | Inductive Automation Ignition Remote Code Execution |
| exploit/multi/script/web_delivery | Script Web Delivery |
| exploit/multi/ssh/sshexec | SSH User Code Execution |
| exploit/multi/svn/svnserve_date | Subversion Date Svnserve |
| exploit/multi/upnp/libupnp_ssdp_overflow | Portable UPnP SDK unique_service_name() Remote Code Execution |
| exploit/multi/veritas/beagent_sha_auth_rce | Veritas Backup Exec Agent Remote Code Execution |
| exploit/multi/vnc/vnc_keyboard_exec | VNC Keyboard Remote Code Execution |
| exploit/multi/vpn/tincd_bof | Tincd Post-Authentication Remote TCP Stack Buffer Overflow |
| exploit/multi/wyse/hagent_untrusted_hsdata | Wyse Rapport Hagent Fake Hserver Command Execution |
| exploit/netware/smb/lsass_cifs | Novell NetWare LSASS CIFS.NLM Driver Stack Buffer Overflow |
| exploit/netware/sunrpc/pkernel_callit | NetWare 6.5 SunRPC Portmapper CALLIT Stack Buffer Overflow |
| exploit/openbsd/local/dynamic_loader_chpass_privesc | OpenBSD Dynamic Loader chpass Privilege Escalation |
| exploit/osx/afp/loginext | AppleFileServer LoginExt PathName Overflow |
| exploit/osx/arkeia/type77 | Arkeia Backup Client Type 77 Overflow (Mac OS X) |
| exploit/osx/browser/adobe_flash_delete_range_tl_op | Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion |
| exploit/osx/browser/mozilla_mchannel | Mozilla Firefox 3.6.16 mChannel Use-After-Free |
| exploit/osx/browser/osx_gatekeeper_bypass | macOS Gatekeeper check bypass |
| exploit/osx/browser/safari_file_policy | Apple Safari file:// Arbitrary Code Execution |
| exploit/osx/browser/safari_in_operator_side_effect | Safari in Operator Side Effect Exploit |
| exploit/osx/browser/safari_metadata_archive | Safari Archive Metadata Command Execution |
| exploit/osx/browser/safari_proxy_object_type_confusion | Safari Proxy Object Type Confusion |
| exploit/osx/browser/safari_user_assisted_applescript_exec | Safari User-Assisted Applescript Exec Attack |
| exploit/osx/browser/safari_user_assisted_download_launch | Safari User-Assisted Download and Run Attack |
| exploit/osx/browser/software_update | Apple OS X Software Update Command Execution |
| exploit/osx/email/mailapp_image_exec | Mail.app Image Attachment Command Execution |
| exploit/osx/ftp/webstar_ftp_user | WebSTAR FTP Server USER Overflow |
| exploit/osx/http/evocam_webserver | MacOS X EvoCam HTTP GET Buffer Overflow |
| exploit/osx/local/cfprefsd_race_condition | macOS cfprefsd Arbitrary File Write Local Privilege Escalation |
| exploit/osx/local/dyld_print_to_file_root | Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation |
| exploit/osx/local/feedback_assistant_root | Mac OS X Feedback Assistant Race Condition |
| exploit/osx/local/iokit_keyboard_root | Mac OS X IOKit Keyboard Driver Root Privilege Escalation |
| exploit/osx/local/libxpc_mitm_ssudo | Mac OS X libxpc MITM Privilege Escalation |
| exploit/osx/local/nfs_mount_root | Mac OS X NFS Mount Privilege Escalation Exploit |
| exploit/osx/local/persistence | Mac OS X Persistent Payload Installer |
| exploit/osx/local/root_no_password | Mac OS X Root Privilege Escalation |
| exploit/osx/local/rootpipe_entitlements | Apple OS X Entitlements Rootpipe Privilege Escalation |
| exploit/osx/local/rootpipe | Apple OS X Rootpipe Privilege Escalation |
| exploit/osx/local/rsh_libmalloc | Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation |
| exploit/osx/local/setuid_tunnelblick | Setuid Tunnelblick Privilege Escalation |
| exploit/osx/local/setuid_viscosity | Viscosity setuid-set ViscosityHelper Privilege Escalation |
| exploit/osx/local/sudo_password_bypass | Mac OS X Sudo Password Bypass |
| exploit/osx/local/timemachine_cmd_injection | Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation |
| exploit/osx/local/tpwn | Mac OS X "tpwn" Privilege Escalation |
| exploit/osx/local/vmware_bash_function_root | OS X VMWare Fusion Privilege Escalation via Bash Environment Code Injection (Shellshock) |
| exploit/osx/local/vmware_fusion_lpe | VMware Fusion USB Arbitrator Setuid Privilege Escalation |
| exploit/osx/mdns/upnp_location | Mac OS X mDNSResponder UPnP Location Overflow |
| exploit/osx/misc/ufo_ai | UFO: Alien Invasion IRC Client Buffer Overflow |
| exploit/osx/rtsp/quicktime_rtsp_content_type | MacOS X QuickTime RTSP Content-Type Overflow |
| exploit/osx/samba/lsa_transnames_heap | Samba lsa_io_trans_names Heap Overflow |
| exploit/osx/samba/trans2open | Samba trans2open Overflow (Mac OS X PPC) |
| exploit/qnx/local/ifwatchd_priv_esc | ifwatchd Privilege Escalation |
| exploit/qnx/qconn/qconn_exec | QNX qconn Command Execution |
| exploit/solaris/dtspcd/heap_noir | Solaris dtspcd Heap Overflow |
| exploit/solaris/local/extremeparr_dtappgather_priv_esc | Solaris 'EXTREMEPARR' dtappgather Privilege Escalation |
| exploit/solaris/local/libnspr_nspr_log_file_priv_esc | Solaris libnspr NSPR_LOG_FILE Privilege Escalation |
| exploit/solaris/local/rsh_stack_clash_priv_esc | Solaris RSH Stack Clash Privilege Escalation |
| exploit/solaris/local/xscreensaver_log_priv_esc | Solaris xscreensaver log Privilege Escalation |
| exploit/solaris/lpd/sendmail_exec | Solaris LPD Command Execution |
| exploit/solaris/samba/lsa_transnames_heap | Samba lsa_io_trans_names Heap Overflow |
| exploit/solaris/samba/trans2open | Samba trans2open Overflow (Solaris SPARC) |
| exploit/solaris/ssh/pam_username_bof | Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow |
| exploit/solaris/sunrpc/sadmind_adm_build_path | Sun Solaris sadmind adm_build_path() Buffer Overflow |
| exploit/solaris/sunrpc/sadmind_exec | Solaris sadmind Command Execution |
| exploit/solaris/sunrpc/ypupdated_exec | Solaris ypupdated Command Execution |
| exploit/solaris/telnet/fuser | Sun Solaris Telnet Remote Authentication Bypass Vulnerability |
| exploit/solaris/telnet/ttyprompt | Solaris in.telnetd TTYPROMPT Buffer Overflow |
| exploit/unix/dhcp/bash_environment | Dhclient Bash Environment Variable Injection (Shellshock) |
| exploit/unix/dhcp/rhel_dhcp_client_command_injection | DHCP Client Command Injection (DynoRoot) |
| exploit/unix/fileformat/exiftool_djvu_ant_perl_injection | ExifTool DjVu ANT Perl injection |
| exploit/unix/fileformat/ghostscript_type_confusion | Ghostscript Type Confusion Arbitrary Command Execution |
| exploit/unix/fileformat/imagemagick_delegate | ImageMagick Delegate Arbitrary Command Execution |
| exploit/unix/fileformat/metasploit_libnotify_cmd_injection | Metasploit Libnotify Plugin Arbitrary Command Execution |
| exploit/unix/fileformat/metasploit_msfvenom_apk_template_cmd_injection | Rapid7 Metasploit Framework msfvenom APK Template Command Injection |
| exploit/unix/ftp/proftpd_133c_backdoor | ProFTPD-1.3.3c Backdoor Command Execution |
| exploit/unix/ftp/proftpd_modcopy_exec | ProFTPD 1.3.5 Mod_Copy Command Execution |
| exploit/unix/ftp/vsftpd_234_backdoor | VSFTPD v2.3.4 Backdoor Command Execution |
| exploit/unix/http/cacti_filter_sqli_rce | Cacti color filter authenticated SQLi to RCE |
| exploit/unix/http/contentkeeperweb_mimencode | ContentKeeper Web Remote Command Execution |
| exploit/unix/http/ctek_skyrouter | CTEK SkyRouter 4200 and 4300 Command Execution |
| exploit/unix/http/dell_kace_k1000_upload | Dell KACE K1000 File Upload |
| exploit/unix/http/epmp1000_get_chart_cmd_shell | Cambium ePMP1000 'get_chart' Shell via Command Injection (v3.1-3.5-RC7) |
| exploit/unix/http/epmp1000_ping_cmd_shell | Cambium ePMP1000 'ping' Shell via Command Injection (up to v2.5) |
| exploit/unix/http/freepbx_callmenum | FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution |
| exploit/unix/http/laravel_token_unserialize_exec | PHP Laravel Framework token Unserialize Remote Command Execution |
| exploit/unix/http/lifesize_room | LifeSize Room Command Injection |
| exploit/unix/http/pfsense_clickjacking | Clickjacking Vulnerability In CSRF Error Page pfSense |
| exploit/unix/http/pfsense_diag_routes_webshell | pfSense Diag Routes Web Shell Upload |
| exploit/unix/http/pfsense_graph_injection_exec | pfSense authenticated graph status RCE |
| exploit/unix/http/pfsense_group_member_exec | pfSense authenticated group member RCE |
| exploit/unix/http/pfsense_pfblockerng_webshell | pfSense plugin pfBlockerNG unauthenticated RCE as root |
| exploit/unix/http/pihole_blocklist_exec | Pi-Hole heisenbergCompensator Blocklist OS Command Execution |
| exploit/unix/http/pihole_dhcp_mac_exec | Pi-Hole DHCP MAC OS Command Execution |
| exploit/unix/http/pihole_whitelist_exec | Pi-Hole Whitelist OS Command Execution |
| exploit/unix/http/quest_kace_systems_management_rce | Quest KACE Systems Management Command Injection |
| exploit/unix/http/schneider_electric_net55xx_encoder | Schneider Electric Pelco Endura NET55XX Encoder |
| exploit/unix/http/tnftp_savefile | tnftp "savefile" Arbitrary Command Execution |
| exploit/unix/http/twiki_debug_plugins | TWiki Debugenableplugins Remote Code Execution |
| exploit/unix/http/vmturbo_vmtadmin_exec_noauth | VMTurbo Operations Manager vmtadmin.cgi Remote Command Execution |
| exploit/unix/http/xdebug_unauth_exec | xdebug Unauthenticated OS Command Execution |
| exploit/unix/http/zivif_ipcheck_exec | Zivif Camera iptest.cgi Blind Remote Command Execution |
| exploit/unix/irc/unreal_ircd_3281_backdoor | UnrealIRCD 3.2.8.1 Backdoor Command Execution |
| exploit/unix/local/at_persistence | at(1) Persistence |
| exploit/unix/local/chkrootkit | Chkrootkit Local Privilege Escalation |
| exploit/unix/local/emacs_movemail | Emacs movemail Privilege Escalation |
| exploit/unix/local/exim_perl_startup | Exim "perl_startup" Privilege Escalation |
| exploit/unix/local/netbsd_mail_local | NetBSD mail.local Privilege Escalation |
| exploit/unix/local/opensmtpd_oob_read_lpe | OpenSMTPD OOB Read Local Privilege Escalation |
| exploit/unix/local/setuid_nmap | Setuid Nmap Exploit |
| exploit/unix/misc/distcc_exec | DistCC Daemon Command Execution |
| exploit/unix/misc/polycom_hdx_auth_bypass | Polycom Command Shell Authorization Bypass |
| exploit/unix/misc/polycom_hdx_traceroute_exec | Polycom Shell HDX Series Traceroute Command Execution |
| exploit/unix/misc/spamassassin_exec | SpamAssassin spamd Remote Command Execution |
| exploit/unix/misc/xerox_mfp | Xerox Multifunction Printers (MFP) "Patch" DLM Vulnerability |
| exploit/unix/misc/zabbix_agent_exec | Zabbix Agent net.tcp.listen Command Injection |
| exploit/unix/smtp/clamav_milter_blackhole | ClamAV Milter Blackhole-Mode Remote Code Execution |
| exploit/unix/smtp/exim4_string_format | Exim4 string_format Function Heap Buffer Overflow |
| exploit/unix/smtp/morris_sendmail_debug | Morris Worm sendmail Debug Mode Shell Escape |
| exploit/unix/smtp/opensmtpd_mail_from_rce | OpenSMTPD MAIL FROM Remote Code Execution |
| exploit/unix/smtp/qmail_bash_env_exec | Qmail SMTP Bash Environment Variable Injection (Shellshock) |
| exploit/unix/sonicwall/sonicwall_xmlrpc_rce | SonicWall Global Management System XMLRPC set_time_zone Unauth RCE |
| exploit/unix/ssh/arista_tacplus_shell | Arista restricted shell escape (with privesc) |
| exploit/unix/ssh/array_vxag_vapv_privkey_privesc | Array Networks vAPV and vxAG Private Key Privilege Escalation Code Execution |
| exploit/unix/ssh/tectia_passwd_changereq | Tectia SSH USERAUTH Change Request Password Reset Vulnerability |
| exploit/unix/webapp/actualanalyzer_ant_cookie_exec | ActualAnalyzer 'ant' Cookie Command Execution |
| exploit/unix/webapp/aerohive_netconfig_lfi_log_poison_rce | Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE |
| exploit/unix/webapp/ajenti_auth_username_cmd_injection | Ajenti auth username Command Injection |
| exploit/unix/webapp/arkeia_upload_exec | Western Digital Arkeia Remote Code Execution |
| exploit/unix/webapp/awstats_configdir_exec | AWStats configdir Remote Command Execution |
| exploit/unix/webapp/awstats_migrate_exec | AWStats migrate Remote Command Execution |
| exploit/unix/webapp/awstatstotals_multisort | AWStats Totals multisort Remote Command Execution |
| exploit/unix/webapp/barracuda_img_exec | Barracuda IMG.PL Remote Command Execution |
| exploit/unix/webapp/base_qry_common | BASE base_qry_common Remote File Include |
| exploit/unix/webapp/basilic_diff_exec | Basilic 1.5.14 diff.php Arbitrary Command Execution |
| exploit/unix/webapp/bolt_authenticated_rce | Bolt CMS 3.7.0 - Authenticated Remote Code Execution |
| exploit/unix/webapp/cacti_graphimage_exec | Cacti graph_view.php Remote Command Execution |
| exploit/unix/webapp/cakephp_cache_corruption | CakePHP Cache Corruption Code Execution |
| exploit/unix/webapp/carberp_backdoor_exec | Carberp Web Panel C2 Backdoor Remote PHP Code Execution |
| exploit/unix/webapp/citrix_access_gateway_exec | Citrix Access Gateway Command Execution |
| exploit/unix/webapp/clipbucket_upload_exec | ClipBucket Remote Code Execution |
| exploit/unix/webapp/coppermine_piceditor | Coppermine Photo Gallery picEditor.php Command Execution |
| exploit/unix/webapp/datalife_preview_exec | DataLife Engine preview.php PHP Code Injection |
| exploit/unix/webapp/dogfood_spell_exec | Dogfood CRM spell.php Remote Command Execution |
| exploit/unix/webapp/drupal_coder_exec | Drupal CODER Module Remote Command Execution |
| exploit/unix/webapp/drupal_drupalgeddon2 | Drupal Drupalgeddon 2 Forms API Property Injection |
| exploit/unix/webapp/drupal_restws_exec | Drupal RESTWS Module Remote PHP Code Execution |
| exploit/unix/webapp/drupal_restws_unserialize | Drupal RESTful Web Services unserialize() RCE |
| exploit/unix/webapp/egallery_upload_exec | EGallery PHP File Upload Vulnerability |
| exploit/unix/webapp/elfinder_php_connector_exiftran_cmd_injection | elFinder PHP Connector exiftran Command Injection |
| exploit/unix/webapp/flashchat_upload_exec | FlashChat Arbitrary File Upload |
| exploit/unix/webapp/foswiki_maketext | Foswiki MAKETEXT Remote Command Execution |
| exploit/unix/webapp/freepbx_config_exec | FreePBX config.php Remote Code Execution |
| exploit/unix/webapp/fusionpbx_exec_cmd_exec | FusionPBX Command exec.php Command Execution |
| exploit/unix/webapp/fusionpbx_operator_panel_exec_cmd_exec | FusionPBX Operator Panel exec.php Command Execution |
| exploit/unix/webapp/generic_exec | Generic Web Application Unix Command Execution |
| exploit/unix/webapp/get_simple_cms_upload_exec | GetSimpleCMS PHP File Upload Vulnerability |
| exploit/unix/webapp/google_proxystylesheet_exec | Google Appliance ProxyStyleSheet Command Execution |
| exploit/unix/webapp/graphite_pickle_exec | Graphite Web Unsafe Pickle Handling |
| exploit/unix/webapp/guestbook_ssi_exec | Matt Wright guestbook.pl Arbitrary Command Execution |
| exploit/unix/webapp/hastymail_exec | Hastymail 2.1.1 RC1 Command Injection |
| exploit/unix/webapp/havalite_upload_exec | Havalite CMS Arbitary File Upload Vulnerability |
| exploit/unix/webapp/horde_unserialize_exec | Horde Framework Unserialize PHP Code Execution |
| exploit/unix/webapp/hybridauth_install_php_exec | HybridAuth install.php PHP Code Execution |
| exploit/unix/webapp/instantcms_exec | InstantCMS 1.6 Remote PHP Code Execution |
| exploit/unix/webapp/invision_pboard_unserialize_exec | Invision IP.Board unserialize() PHP Code Execution |
| exploit/unix/webapp/joomla_akeeba_unserialize | Joomla Akeeba Kickstart Unserialize Remote Code Execution |
| exploit/unix/webapp/joomla_comfields_sqli_rce | Joomla Component Fields SQLi Remote Code Execution |
| exploit/unix/webapp/joomla_comjce_imgmanager | Joomla Component JCE File Upload Remote Code Execution |
| exploit/unix/webapp/joomla_contenthistory_sqli_rce | Joomla Content History SQLi Remote Code Execution |
| exploit/unix/webapp/joomla_media_upload_exec | Joomla Media Manager File Upload Vulnerability |
| exploit/unix/webapp/joomla_tinybrowser | Joomla 1.5.12 TinyBrowser File Upload Code Execution |
| exploit/unix/webapp/jquery_file_upload | blueimp's jQuery (Arbitrary) File Upload |
| exploit/unix/webapp/kimai_sqli | Kimai v0.9.2 'db_restore.php' SQL Injection |
| exploit/unix/webapp/libretto_upload_exec | LibrettoCMS File Manager Arbitary File Upload Vulnerability |
| exploit/unix/webapp/maarch_letterbox_file_upload | Maarch LetterBox Unrestricted File Upload |
| exploit/unix/webapp/mambo_cache_lite | Mambo Cache_Lite Class mosConfig_absolute_path Remote File Include |
| exploit/unix/webapp/mitel_awc_exec | Mitel Audio and Web Conferencing Command Injection |
| exploit/unix/webapp/moinmoin_twikidraw | MoinMoin twikidraw Action Traversal File Upload |
| exploit/unix/webapp/mybb_backdoor | myBB 1.6.4 Backdoor Arbitrary Command Execution |
| exploit/unix/webapp/nagios3_history_cgi | Nagios3 history.cgi Host Command Execution |
| exploit/unix/webapp/nagios3_statuswml_ping | Nagios3 statuswml.cgi Ping Command Execution |
| exploit/unix/webapp/nagios_graph_explorer | Nagios XI Network Monitor Graph Explorer Component Command Injection |
| exploit/unix/webapp/narcissus_backend_exec | Narcissus Image Configuration Passthru Vulnerability |
| exploit/unix/webapp/openemr_sqli_privesc_upload | OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution |
| exploit/unix/webapp/openemr_upload_exec | OpenEMR PHP File Upload Vulnerability |
| exploit/unix/webapp/open_flash_chart_upload_exec | Open Flash Chart v2 Arbitrary File Upload |
| exploit/unix/webapp/openmediavault_rpc_rce | OpenMediaVault rpc.php Authenticated PHP Code Injection |
| exploit/unix/webapp/opennetadmin_ping_cmd_injection | OpenNetAdmin Ping Command Injection |
| exploit/unix/webapp/opensis_chain_exec | openSIS Unauthenticated PHP Code Execution |
| exploit/unix/webapp/opensis_modname_exec | OpenSIS 'modname' PHP Code Execution |
| exploit/unix/webapp/openview_connectednodes_exec | HP Openview connectedNodes.ovpl Remote Command Execution |
| exploit/unix/webapp/openx_banner_edit | OpenX banner-edit.php File Upload PHP Code Execution |
| exploit/unix/webapp/oracle_vm_agent_utl | Oracle VM Server Virtual Server Agent Command Injection |
| exploit/unix/webapp/oscommerce_filemanager | osCommerce 2.2 Arbitrary PHP Code Execution |
| exploit/unix/webapp/pajax_remote_exec | PAJAX Remote Command Execution |
| exploit/unix/webapp/phpbb_highlight | phpBB viewtopic.php Arbitrary Code Execution |
| exploit/unix/webapp/php_charts_exec | PHP-Charts v1.0 PHP Code Execution Vulnerability |
| exploit/unix/webapp/phpcollab_upload_exec | phpCollab 2.5.1 Unauthenticated File Upload |
| exploit/unix/webapp/php_eval | Generic PHP Code Evaluation |
| exploit/unix/webapp/php_include | PHP Remote File Include Generic Code Execution |
| exploit/unix/webapp/phpmyadmin_config | PhpMyAdmin Config File Code Injection |
| exploit/unix/webapp/php_vbulletin_template | vBulletin misc.php Template Name Arbitrary Code Execution |
| exploit/unix/webapp/php_xmlrpc_eval | PHP XML-RPC Arbitrary Code Execution |
| exploit/unix/webapp/piwik_superuser_plugin_upload | Piwik Superuser Plugin Upload |
| exploit/unix/webapp/projectpier_upload_exec | Project Pier Arbitrary File Upload Vulnerability |
| exploit/unix/webapp/projectsend_upload_exec | ProjectSend Arbitrary File Upload |
| exploit/unix/webapp/qtss_parse_xml_exec | QuickTime Streaming Server parse_xml.cgi Remote Execution |
| exploit/unix/webapp/rconfig_install_cmd_exec | rConfig install Command Execution |
| exploit/unix/webapp/redmine_scm_exec | Redmine SCM Repository Arbitrary Command Execution |
| exploit/unix/webapp/seportal_sqli_exec | SePortal SQLi Remote Code Execution |
| exploit/unix/webapp/simple_e_document_upload_exec | Simple E-Document Arbitrary File Upload |
| exploit/unix/webapp/sixapart_movabletype_storable_exec | SixApart MovableType Storable Perl Code Execution |
| exploit/unix/webapp/skybluecanvas_exec | SkyBlueCanvas CMS Remote Code Execution |
| exploit/unix/webapp/sphpblog_file_upload | Simple PHP Blog Remote Command Execution |
| exploit/unix/webapp/spip_connect_exec | SPIP connect Parameter PHP Injection |
| exploit/unix/webapp/squash_yaml_exec | Squash YAML Code Execution |
| exploit/unix/webapp/squirrelmail_pgp_plugin | SquirrelMail PGP Plugin Command Execution (SMTP) |
| exploit/unix/webapp/sugarcrm_rest_unserialize_exec | SugarCRM REST Unserialize PHP Code Execution |
| exploit/unix/webapp/sugarcrm_unserialize_exec | SugarCRM unserialize() PHP Code Execution |
| exploit/unix/webapp/thinkphp_rce | ThinkPHP Multiple PHP Injection RCEs |
| exploit/unix/webapp/tikiwiki_graph_formula_exec | TikiWiki tiki-graph_formula Remote PHP Code Execution |
| exploit/unix/webapp/tikiwiki_jhot_exec | TikiWiki jhot Remote Command Execution |
| exploit/unix/webapp/tikiwiki_unserialize_exec | Tiki Wiki unserialize() PHP Code Execution |
| exploit/unix/webapp/tikiwiki_upload_exec | Tiki Wiki Unauthenticated File Upload Vulnerability |
| exploit/unix/webapp/trixbox_ce_endpoint_devicemap_rce | TrixBox CE endpoint_devicemap.php Authenticated Command Execution |
| exploit/unix/webapp/trixbox_langchoice | Trixbox langChoice PHP Local File Inclusion |
| exploit/unix/webapp/tuleap_rest_unserialize_exec | Tuleap 9.6 Second-Order PHP Object Injection |
| exploit/unix/webapp/tuleap_unserialize_exec | Tuleap PHP Unserialize Code Execution |
| exploit/unix/webapp/twiki_history | TWiki History TWikiUsers rev Parameter Command Execution |
| exploit/unix/webapp/twiki_maketext | TWiki MAKETEXT Remote Command Execution |
| exploit/unix/webapp/twiki_search | TWiki Search Function Arbitrary Command Execution |
| exploit/unix/webapp/vbulletin_vote_sqli_exec | vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection |
| exploit/unix/webapp/vicidial_manager_send_cmd_exec | VICIdial Manager Send OS Command Injection |
| exploit/unix/webapp/vicidial_user_authorization_unauth_cmd_exec | VICIdial user_authorization Unauthenticated Command Execution |
| exploit/unix/webapp/webmin_show_cgi_exec | Webmin /file/show.cgi Remote Command Execution |
| exploit/unix/webapp/webmin_upload_exec | Webmin Upload Authenticated RCE |
| exploit/unix/webapp/webtester_exec | WebTester 5.x Command Execution |
| exploit/unix/webapp/wp_admin_shell_upload | WordPress Admin Shell Upload |
| exploit/unix/webapp/wp_advanced_custom_fields_exec | WordPress Plugin Advanced Custom Fields Remote File Inclusion |
| exploit/unix/webapp/wp_ajax_load_more_file_upload | Wordpress Ajax Load More PHP Upload Vulnerability |
| exploit/unix/webapp/wp_asset_manager_upload_exec | WordPress Asset-Manager PHP File Upload Vulnerability |
| exploit/unix/webapp/wp_creativecontactform_file_upload | Wordpress Creative Contact Form Upload Vulnerability |
| exploit/unix/webapp/wp_downloadmanager_upload | Wordpress Download Manager (download-manager) Unauthenticated File Upload |
| exploit/unix/webapp/wp_easycart_unrestricted_file_upload | WordPress WP EasyCart Unrestricted File Upload |
| exploit/unix/webapp/wp_foxypress_upload | WordPress Plugin Foxypress uploadify.php Arbitrary Code Execution |
| exploit/unix/webapp/wp_frontend_editor_file_upload | Wordpress Front-end Editor File Upload |
| exploit/unix/webapp/wp_google_document_embedder_exec | WordPress Plugin Google Document Embedder Arbitrary File Disclosure |
| exploit/unix/webapp/wp_holding_pattern_file_upload | WordPress Holding Pattern Theme Arbitrary File Upload |
| exploit/unix/webapp/wp_inboundio_marketing_file_upload | Wordpress InBoundio Marketing PHP Upload Vulnerability |
| exploit/unix/webapp/wp_infinitewp_auth_bypass | WordPress InfiniteWP Client Authentication Bypass |
| exploit/unix/webapp/wp_infusionsoft_upload | Wordpress InfusionSoft Upload Vulnerability |
| exploit/unix/webapp/wp_lastpost_exec | WordPress cache_lastpostdate Arbitrary Code Execution |
| exploit/unix/webapp/wp_mobile_detector_upload_execute | WordPress WP Mobile Detector 3.5 Shell Upload |
| exploit/unix/webapp/wp_nmediawebsite_file_upload | Wordpress N-Media Website Contact Form Upload Vulnerability |
| exploit/unix/webapp/wp_optimizepress_upload | WordPress OptimizePress Theme File Upload Vulnerability |
| exploit/unix/webapp/wp_photo_gallery_unrestricted_file_upload | WordPress Photo Gallery Unrestricted File Upload |
| exploit/unix/webapp/wp_phpmailer_host_header | WordPress PHPMailer Host Header Command Injection |
| exploit/unix/webapp/wp_pie_register_bypass_rce | WordPress Plugin Pie Register Auth Bypass to RCE |
| exploit/unix/webapp/wp_pixabay_images_upload | WordPress Pixabay Images PHP Code Upload |
| exploit/unix/webapp/wp_plainview_activity_monitor_rce | Wordpress Plainview Activity Monitor RCE |
| exploit/unix/webapp/wp_platform_exec | WordPress Platform Theme File Upload Vulnerability |
| exploit/unix/webapp/wp_property_upload_exec | WordPress WP-Property PHP File Upload Vulnerability |
| exploit/unix/webapp/wp_reflexgallery_file_upload | Wordpress Reflex Gallery Upload Vulnerability |
| exploit/unix/webapp/wp_revslider_upload_execute | WordPress RevSlider File Upload and Execute Vulnerability |
| exploit/unix/webapp/wp_slideshowgallery_upload | Wordpress SlideShow Gallery Authenticated File Upload |
| exploit/unix/webapp/wp_symposium_shell_upload | WordPress WP Symposium 14.11 Shell Upload |
| exploit/unix/webapp/wp_total_cache_exec | WordPress W3 Total Cache PHP Code Execution |
| exploit/unix/webapp/wp_worktheflow_upload | Wordpress Work The Flow Upload Vulnerability |
| exploit/unix/webapp/wp_wpdiscuz_unauthenticated_file_upload | WordPress wpDiscuz Unauthenticated File Upload Vulnerability |
| exploit/unix/webapp/wp_wpshop_ecommerce_file_upload | WordPress WPshop eCommerce Arbitrary File Upload Vulnerability |
| exploit/unix/webapp/wp_wptouch_file_upload | WordPress WPTouch Authenticated File Upload |
| exploit/unix/webapp/wp_wysija_newsletters_upload | Wordpress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload |
| exploit/unix/webapp/xoda_file_upload | XODA 0.4.5 Arbitrary PHP File Upload Vulnerability |
| exploit/unix/webapp/xymon_useradm_cmd_exec | Xymon useradm Command Execution |
| exploit/unix/webapp/zeroshell_exec | ZeroShell Remote Code Execution |
| exploit/unix/webapp/zimbra_lfi | Zimbra Collaboration Server LFI |
| exploit/unix/webapp/zoneminder_lang_exec | ZoneMinder Language Settings Remote Code Execution |
| exploit/unix/webapp/zoneminder_packagecontrol_exec | ZoneMinder Video Server packageControl Command Execution |
| exploit/unix/webapp/zpanel_username_exec | ZPanel 10.0.0.2 htpasswd Module Username Command Execution |
| exploit/unix/x11/x11_keyboard_exec | X11 Keyboard Command Injection |
| exploit/windows/antivirus/ams_hndlrsvc | Symantec System Center Alert Management System (hndlrsvc.exe) Arbitrary Command Execution |
| exploit/windows/antivirus/ams_xfr | Symantec System Center Alert Management System (xfr.exe) Arbitrary Command Execution |
| exploit/windows/antivirus/symantec_endpoint_manager_rce | Symantec Endpoint Protection Manager /servlet/ConsoleServlet Remote Command Execution |
| exploit/windows/antivirus/symantec_iao | Symantec Alert Management System Intel Alert Originator Service Buffer Overflow |
| exploit/windows/antivirus/symantec_rtvscan | Symantec Remote Management Buffer Overflow |
| exploit/windows/antivirus/symantec_workspace_streaming_exec | Symantec Workspace Streaming ManagementAgentServer.putFile XMLRPC Request Arbitrary File Upload |
| exploit/windows/antivirus/trendmicro_serverprotect_createbinding | Trend Micro ServerProtect 5.58 CreateBinding() Buffer Overflow |
| exploit/windows/antivirus/trendmicro_serverprotect_earthagent | Trend Micro ServerProtect 5.58 EarthAgent.EXE Buffer Overflow |
| exploit/windows/antivirus/trendmicro_serverprotect | Trend Micro ServerProtect 5.58 Buffer Overflow |
| exploit/windows/arkeia/type77 | Arkeia Backup Client Type 77 Overflow (Win32) |
| exploit/windows/backdoor/energizer_duo_payload | Energizer DUO USB Battery Charger Arucer.dll Trojan Code Execution |
| exploit/windows/backupexec/name_service | Veritas Backup Exec Name Service Overflow |
| exploit/windows/backupexec/remote_agent | Veritas Backup Exec Windows Remote Agent Overflow |
| exploit/windows/backupexec/ssl_uaf | Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free |
| exploit/windows/brightstor/ca_arcserve_342 | Computer Associates ARCserve REPORTREMOTEEXECUTECML Buffer Overflow |
| exploit/windows/brightstor/discovery_tcp | CA BrightStor Discovery Service TCP Overflow |
| exploit/windows/brightstor/discovery_udp | CA BrightStor Discovery Service Stack Buffer Overflow |
| exploit/windows/brightstor/etrust_itm_alert | Computer Associates Alert Notification Buffer Overflow |
| exploit/windows/brightstor/hsmserver | CA BrightStor HSM Buffer Overflow |
| exploit/windows/brightstor/lgserver | CA BrightStor ARCserve for Laptops and Desktops LGServer Buffer Overflow |
| exploit/windows/brightstor/lgserver_multi | CA BrightStor ARCserve for Laptops and Desktops LGServer Multiple Commands Buffer Overflow |
| exploit/windows/brightstor/lgserver_rxrlogin | CA BrightStor ARCserve for Laptops and Desktops LGServer Buffer Overflow |
| exploit/windows/brightstor/lgserver_rxssetdatagrowthscheduleandfilter | CA BrightStor ARCserve for Laptops and Desktops LGServer rxsSetDataGrowthScheduleAndFilter Buffer Overflow |
| exploit/windows/brightstor/lgserver_rxsuselicenseini | CA BrightStor ARCserve for Laptops and Desktops LGServer Buffer Overflow |
| exploit/windows/brightstor/license_gcr | CA BrightStor ARCserve License Service GCR NETWORK Buffer Overflow |
| exploit/windows/brightstor/mediasrv_sunrpc | CA BrightStor ArcServe Media Service Stack Buffer Overflow |
| exploit/windows/brightstor/message_engine_72 | CA BrightStor ARCserve Message Engine 0x72 Buffer Overflow |
| exploit/windows/brightstor/message_engine_heap | CA BrightStor ARCserve Message Engine Heap Overflow |
| exploit/windows/brightstor/message_engine | CA BrightStor ARCserve Message Engine Buffer Overflow |
| exploit/windows/brightstor/sql_agent | CA BrightStor Agent for Microsoft SQL Overflow |
| exploit/windows/brightstor/tape_engine_0x8a | CA BrightStor ARCserve Tape Engine 0x8A Buffer Overflow |
| exploit/windows/brightstor/tape_engine | CA BrightStor ARCserve Tape Engine Buffer Overflow |
| exploit/windows/brightstor/universal_agent | CA BrightStor Universal Agent Overflow |
| exploit/windows/browser/adobe_cooltype_sing | Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow |
| exploit/windows/browser/adobe_flash_avm2 | Adobe Flash Player Integer Underflow Remote Code Execution |
| exploit/windows/browser/adobe_flash_casi32_int_overflow | Adobe Flash Player casi32 Integer Overflow |
| exploit/windows/browser/adobe_flash_copy_pixels_to_byte_array | Adobe Flash Player copyPixelsToByteArray Method Integer Overflow |
| exploit/windows/browser/adobe_flash_domain_memory_uaf | Adobe Flash Player domainMemory ByteArray Use After Free |
| exploit/windows/browser/adobe_flash_filters_type_confusion | Adobe Flash Player Type Confusion Remote Code Execution |
| exploit/windows/browser/adobe_flash_mp4_cprt | Adobe Flash Player MP4 'cprt' Overflow |
| exploit/windows/browser/adobe_flash_otf_font | Adobe Flash Player 11.3 Kern Table Parsing Integer Overflow |
| exploit/windows/browser/adobe_flash_pcre | Adobe Flash Player PCRE Regex Vulnerability |
| exploit/windows/browser/adobe_flashplayer_arrayindexing | Adobe Flash Player AVM Verification Logic Array Indexing Code Execution |
| exploit/windows/browser/adobe_flashplayer_avm | Adobe Flash Player AVM Bytecode Verification Vulnerability |
| exploit/windows/browser/adobe_flashplayer_flash10o | Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability |
| exploit/windows/browser/adobe_flashplayer_newfunction | Adobe Flash Player "newfunction" Invalid Pointer Use |
| exploit/windows/browser/adobe_flash_regex_value | Adobe Flash Player Regular Expression Heap Overflow |
| exploit/windows/browser/adobe_flash_rtmp | Adobe Flash Player Object Type Confusion |
| exploit/windows/browser/adobe_flash_sps | Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow |
| exploit/windows/browser/adobe_flash_uncompress_zlib_uninitialized | Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory |
| exploit/windows/browser/adobe_flash_worker_byte_array_uaf | Adobe Flash Player ByteArray With Workers Use After Free |
| exploit/windows/browser/adobe_flatedecode_predictor02 | Adobe FlateDecode Stream Predictor 02 Integer Overflow |
| exploit/windows/browser/adobe_geticon | Adobe Collab.getIcon() Buffer Overflow |
| exploit/windows/browser/adobe_jbig2decode | Adobe JBIG2Decode Heap Corruption |
| exploit/windows/browser/adobe_media_newplayer | Adobe Doc.media.newPlayer Use After Free Vulnerability |
| exploit/windows/browser/adobe_shockwave_rcsl_corruption | Adobe Shockwave rcsL Memory Corruption |
| exploit/windows/browser/adobe_toolbutton | Adobe Reader ToolButton Use After Free |
| exploit/windows/browser/adobe_utilprintf | Adobe util.printf() Buffer Overflow |
| exploit/windows/browser/advantech_webaccess_dvs_getcolor | Advantech WebAccess dvs.ocx GetColor Buffer Overflow |
| exploit/windows/browser/aim_goaway | AOL Instant Messenger goaway Overflow |
| exploit/windows/browser/aladdin_choosefilepath_bof | Aladdin Knowledge System Ltd ChooseFilePath Buffer Overflow |
| exploit/windows/browser/amaya_bdo | Amaya Browser v11.0 'bdo' Tag Overflow |
| exploit/windows/browser/aol_ampx_convertfile | AOL Radio AmpX ActiveX Control ConvertFile() Buffer Overflow |
| exploit/windows/browser/aol_icq_downloadagent | America Online ICQ ActiveX Control Arbitrary File Download and Execute |
| exploit/windows/browser/apple_itunes_playlist | Apple ITunes 4.7 Playlist Buffer Overflow |
| exploit/windows/browser/apple_quicktime_marshaled_punk | Apple QuickTime 7.6.7 _Marshaled_pUnk Code Execution |
| exploit/windows/browser/apple_quicktime_mime_type | Apple QuickTime 7.7.2 MIME Type Buffer Overflow |
| exploit/windows/browser/apple_quicktime_rdrf | Apple Quicktime 7 Invalid Atom Length Buffer Overflow |
| exploit/windows/browser/apple_quicktime_rtsp | Apple QuickTime 7.1.3 RTSP URI Buffer Overflow |
| exploit/windows/browser/apple_quicktime_smil_debug | Apple QuickTime 7.6.6 Invalid SMIL URI Buffer Overflow |
| exploit/windows/browser/apple_quicktime_texml_font_table | Apple QuickTime 7.7.2 TeXML Style Element font-table Field Stack Buffer Overflow |
| exploit/windows/browser/ask_shortformat | Ask.com Toolbar askBar.dll ActiveX Control Buffer Overflow |
| exploit/windows/browser/asus_net4switch_ipswcom | ASUS Net4Switch ipswcom.dll ActiveX Stack Buffer Overflow |
| exploit/windows/browser/athocgov_completeinstallation | AtHocGov IWSAlerts ActiveX Control Buffer Overflow |
| exploit/windows/browser/autodesk_idrop | Autodesk IDrop ActiveX Control Heap Memory Corruption |
| exploit/windows/browser/aventail_epi_activex | SonicWALL Aventail epi.dll AuthCredential Format String |
| exploit/windows/browser/awingsoft_web3d_bof | AwingSoft Winds3D Player SceneURL Buffer Overflow |
| exploit/windows/browser/awingsoft_winds3d_sceneurl | AwingSoft Winds3D Player 3.5 SceneURL Download and Execute |
| exploit/windows/browser/baofeng_storm_onbeforevideodownload | BaoFeng Storm mps.dll ActiveX OnBeforeVideoDownload Buffer Overflow |
| exploit/windows/browser/barcode_ax49 | RKD Software BarCodeAx.dll v4.9 ActiveX Remote Stack Buffer Overflow |
| exploit/windows/browser/blackice_downloadimagefileurl | Black Ice Cover Page ActiveX Control Arbitrary File Download |
| exploit/windows/browser/c6_messenger_downloaderactivex | Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute |
| exploit/windows/browser/ca_brightstor_addcolumn | CA BrightStor ARCserve Backup AddColumn() ActiveX Buffer Overflow |
| exploit/windows/browser/chilkat_crypt_writefile | Chilkat Crypt ActiveX WriteFile Unsafe Method |
| exploit/windows/browser/chrome_filereader_uaf | Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86 |
| exploit/windows/browser/cisco_anyconnect_exec | Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute |
| exploit/windows/browser/cisco_playerpt_setsource | Cisco Linksys PlayerPT ActiveX Control Buffer Overflow |
| exploit/windows/browser/cisco_playerpt_setsource_surl | Cisco Linksys PlayerPT ActiveX Control SetSource sURL Argument Buffer Overflow |
| exploit/windows/browser/cisco_webex_ext | Cisco WebEx Chrome Extension RCE (CVE-2017-3823) |
| exploit/windows/browser/citrix_gateway_actx | Citrix Gateway ActiveX Control Stack Based Buffer Overflow Vulnerability |
| exploit/windows/browser/clear_quest_cqole | IBM Rational ClearQuest CQOle Remote Code Execution |
| exploit/windows/browser/communicrypt_mail_activex | CommuniCrypt Mail 1.16 SMTP ActiveX Stack Buffer Overflow |
| exploit/windows/browser/creative_software_cachefolder | Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow |
| exploit/windows/browser/crystal_reports_printcontrol | Crystal Reports CrystalPrintControl ActiveX ServerResourceVersion Property Overflow |
| exploit/windows/browser/dell_webcam_crazytalk | Dell Webcam CrazyTalk ActiveX BackImage Vulnerability |
| exploit/windows/browser/dxstudio_player_exec | Worldweaver DX Studio Player shell.execute() Command Execution |
| exploit/windows/browser/ea_checkrequirements | Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflow |
| exploit/windows/browser/ebook_flipviewer_fviewerloading | FlipViewer FViewerLoading ActiveX Control Buffer Overflow |
| exploit/windows/browser/enjoysapgui_comp_download | EnjoySAP SAP GUI ActiveX Control Arbitrary File Download |
| exploit/windows/browser/enjoysapgui_preparetoposthtml | EnjoySAP SAP GUI ActiveX Control Buffer Overflow |
| exploit/windows/browser/exodus | Exodus Wallet (ElectronJS Framework) remote Code Execution |
| exploit/windows/browser/facebook_extractiptc | Facebook Photo Uploader 4 ActiveX Control Buffer Overflow |
| exploit/windows/browser/firefox_smil_uaf | Firefox nsSMILTimeContainer::NotifyTimeChange() RCE |
| exploit/windows/browser/foxit_reader_plugin_url_bof | Foxit Reader Plugin URL Processing Buffer Overflow |
| exploit/windows/browser/getgodm_http_response_bof | GetGo Download Manager HTTP Response Buffer Overflow |
| exploit/windows/browser/gom_openurl | GOM Player ActiveX Control Buffer Overflow |
| exploit/windows/browser/greendam_url | Green Dam URL Processing Buffer Overflow |
| exploit/windows/browser/honeywell_hscremotedeploy_exec | Honeywell HSC Remote Deployer ActiveX Remote Code Execution |
| exploit/windows/browser/honeywell_tema_exec | Honeywell Tema Remote Installer ActiveX Remote Code Execution |
| exploit/windows/browser/hp_alm_xgo_setshapenodetype_exec | HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType() Remote Code Execution |
| exploit/windows/browser/hp_easy_printer_care_xmlcachemgr | HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution |
| exploit/windows/browser/hp_easy_printer_care_xmlsimpleaccessor | HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution |
| exploit/windows/browser/hp_loadrunner_addfile | Persits XUpload ActiveX AddFile Buffer Overflow |
| exploit/windows/browser/hp_loadrunner_addfolder | HP LoadRunner 9.0 ActiveX AddFolder Buffer Overflow |
| exploit/windows/browser/hp_loadrunner_writefilebinary | HP LoadRunner lrFileIOService ActiveX Remote Code Execution |
| exploit/windows/browser/hp_loadrunner_writefilestring | HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution |
| exploit/windows/browser/hpmqc_progcolor | HP Mercury Quality Center ActiveX Control ProgColor Buffer Overflow |
| exploit/windows/browser/hyleos_chemviewx_activex | Hyleos ChemView ActiveX Control Stack Buffer Overflow |
| exploit/windows/browser/ibmegath_getxmlvalue | IBM Access Support ActiveX Control Buffer Overflow |
| exploit/windows/browser/ibmlotusdomino_dwa_uploadmodule | IBM Lotus Domino Web Access Upload Module Buffer Overflow |
| exploit/windows/browser/ibm_spss_c1sizer | IBM SPSS SamplePower C1Tab ActiveX Heap Overflow |
| exploit/windows/browser/ibm_tivoli_pme_activex_bof | IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile() Method Overflow |
| exploit/windows/browser/ie_cbutton_uaf | MS13-008 Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability |
| exploit/windows/browser/ie_cgenericelement_uaf | MS13-038 Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability |
| exploit/windows/browser/ie_createobject | MS06-014 Microsoft Internet Explorer COM CreateObject Code Execution |
| exploit/windows/browser/ie_execcommand_uaf | MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability |
| exploit/windows/browser/ie_iscomponentinstalled | Microsoft Internet Explorer isComponentInstalled Overflow |
| exploit/windows/browser/ie_setmousecapture_uaf | MS13-080 Microsoft Internet Explorer SetMouseCapture Use-After-Free |
| exploit/windows/browser/ie_unsafe_scripting | Microsoft Internet Explorer Unsafe Scripting Misconfiguration |
| exploit/windows/browser/imgeviewer_tifmergemultifiles | Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control |
| exploit/windows/browser/indusoft_issymbol_internationalseparator | InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow |
| exploit/windows/browser/inotes_dwa85w_bof | IBM Lotus iNotes dwa85W ActiveX Buffer Overflow |
| exploit/windows/browser/intrust_annotatex_add | Quest InTrust Annotation Objects Uninitialized Pointer |
| exploit/windows/browser/java_basicservice_impl | Sun Java Web Start BasicServiceImpl Code Execution |
| exploit/windows/browser/java_cmm | Java CMM Remote Code Execution |
| exploit/windows/browser/java_codebase_trust | Sun Java Applet2ClassLoader Remote Code Execution |
| exploit/windows/browser/java_docbase_bof | Sun Java Runtime New Plugin docbase Buffer Overflow |
| exploit/windows/browser/java_mixer_sequencer | Java MixerSequencer Object GM_Song Structure Handling Vulnerability |
| exploit/windows/browser/java_ws_arginject_altjvm | Sun Java Web Start Plugin Command Line Argument Injection |
| exploit/windows/browser/java_ws_double_quote | Sun Java Web Start Double Quote Injection |
| exploit/windows/browser/java_ws_vmargs | Sun Java Web Start Plugin Command Line Argument Injection |
| exploit/windows/browser/juniper_sslvpn_ive_setupdll | Juniper SSL-VPN IVE JuniperSetupDLL.dll ActiveX Control Buffer Overflow |
| exploit/windows/browser/kazaa_altnet_heap | Kazaa Altnet Download Manager ActiveX Control Buffer Overflow |
| exploit/windows/browser/keyhelp_launchtripane_exec | KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability |
| exploit/windows/browser/logitechvideocall_start | Logitech VideoCall ActiveX Control Buffer Overflow |
| exploit/windows/browser/lpviewer_url | iseemedia / Roxio / MGI Software LPViewer ActiveX Control Buffer Overflow |
| exploit/windows/browser/macrovision_downloadandexecute | Macrovision InstallShield Update Service Buffer Overflow |
| exploit/windows/browser/macrovision_unsafe | Macrovision InstallShield Update Service ActiveX Unsafe Method |
| exploit/windows/browser/malwarebytes_update_exec | Malwarebytes Anti-Malware and Anti-Exploit Update Remote Code Execution |
| exploit/windows/browser/maxthon_history_xcs | Maxthon3 about:history XCS Trusted Zone Code Execution |
| exploit/windows/browser/mcafee_mcsubmgr_vsprintf | McAfee Subscription Manager Stack Buffer Overflow |
| exploit/windows/browser/mcafee_mvt_exec | McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability |
| exploit/windows/browser/mcafeevisualtrace_tracetarget | McAfee Visual Trace ActiveX Control Buffer Overflow |
| exploit/windows/browser/mirc_irc_url | mIRC IRC URL Buffer Overflow |
| exploit/windows/browser/mozilla_attribchildremoved | Firefox 8/9 AttributeChildRemoved() Use-After-Free |
| exploit/windows/browser/mozilla_firefox_onreadystatechange | Firefox onreadystatechange Event DocumentViewerImpl Use After Free |
| exploit/windows/browser/mozilla_firefox_xmlserializer | Firefox XMLSerializer Use After Free |
| exploit/windows/browser/mozilla_interleaved_write | Mozilla Firefox Interleaved document.write/appendChild Memory Corruption |
| exploit/windows/browser/mozilla_mchannel | Mozilla Firefox 3.6.16 mChannel Use-After-Free Vulnerability |
| exploit/windows/browser/mozilla_nssvgvalue | Firefox nsSVGValue Out-of-Bounds Access Vulnerability |
| exploit/windows/browser/mozilla_nstreerange | Mozilla Firefox "nsTreeRange" Dangling Pointer Vulnerability |
| exploit/windows/browser/mozilla_reduceright | Mozilla Firefox Array.reduceRight() Integer Overflow |
| exploit/windows/browser/ms03_020_ie_objecttype | MS03-020 Microsoft Internet Explorer Object Type |
| exploit/windows/browser/ms05_054_onload | MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution |
| exploit/windows/browser/ms06_001_wmf_setabortproc | Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution |
| exploit/windows/browser/ms06_013_createtextrange | MS06-013 Microsoft Internet Explorer createTextRange() Code Execution |
| exploit/windows/browser/ms06_055_vml_method | MS06-055 Microsoft Internet Explorer VML Fill Method Code Execution |
| exploit/windows/browser/ms06_057_webview_setslice | MS06-057 Microsoft Internet Explorer WebViewFolderIcon setSlice() Overflow |
| exploit/windows/browser/ms06_067_keyframe | MS06-067 Microsoft Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability |
| exploit/windows/browser/ms06_071_xml_core | MS06-071 Microsoft Internet Explorer XML Core Services HTTP Request Handling |
| exploit/windows/browser/ms07_017_ani_loadimage_chunksize | Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP) |
| exploit/windows/browser/ms08_041_snapshotviewer | Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download |
| exploit/windows/browser/ms08_053_mediaencoder | Windows Media Encoder 9 wmex.dll ActiveX Buffer Overflow |
| exploit/windows/browser/ms08_070_visual_studio_msmask | Microsoft Visual Studio Mdmask32.ocx ActiveX Buffer Overflow |
| exploit/windows/browser/ms08_078_xml_corruption | MS08-078 Microsoft Internet Explorer Data Binding Memory Corruption |
| exploit/windows/browser/ms09_002_memory_corruption | MS09-002 Microsoft Internet Explorer 7 CFunctionPointer Uninitialized Memory Corruption |
| exploit/windows/browser/ms09_043_owc_htmlurl | Microsoft OWC Spreadsheet HTMLURL Buffer Overflow |
| exploit/windows/browser/ms09_043_owc_msdso | Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption |
| exploit/windows/browser/ms09_072_style_object | MS09-072 Microsoft Internet Explorer Style getElementsByTagName Memory Corruption |
| exploit/windows/browser/ms10_002_aurora | MS10-002 Microsoft Internet Explorer "Aurora" Memory Corruption |
| exploit/windows/browser/ms10_002_ie_object | MS10-002 Microsoft Internet Explorer Object Memory Use-After-Free |
| exploit/windows/browser/ms10_018_ie_behaviors | MS10-018 Microsoft Internet Explorer DHTML Behaviors Use After Free |
| exploit/windows/browser/ms10_018_ie_tabular_activex | MS10-018 Microsoft Internet Explorer Tabular Data Control ActiveX Memory Corruption |
| exploit/windows/browser/ms10_022_ie_vbscript_winhlp32 | MS10-022 Microsoft Internet Explorer Winhlp32.exe MsgBox Code Execution |
| exploit/windows/browser/ms10_026_avi_nsamplespersec | MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow |
| exploit/windows/browser/ms10_042_helpctr_xss_cmd_exec | Microsoft Help Center XSS and Command Execution |
| exploit/windows/browser/ms10_046_shortcut_icon_dllloader | Microsoft Windows Shell LNK Code Execution |
| exploit/windows/browser/ms10_090_ie_css_clip | MS10-090 Microsoft Internet Explorer CSS SetUserClip Memory Corruption |
| exploit/windows/browser/ms11_003_ie_css_import | MS11-003 Microsoft Internet Explorer CSS Recursive Import Use After Free |
| exploit/windows/browser/ms11_050_mshtml_cobjectelement | MS11-050 IE mshtml!CObjectElement Use After Free |
| exploit/windows/browser/ms11_081_option | MS11-081 Microsoft Internet Explorer Option Element Use-After-Free |
| exploit/windows/browser/ms11_093_ole32 | MS11-093 Microsoft Windows OLE Object File Handling Remote Code Execution |
| exploit/windows/browser/ms12_004_midi | MS12-004 midiOutPlayNextPolyEvent Heap Overflow |
| exploit/windows/browser/ms12_037_ie_colspan | MS12-037 Microsoft Internet Explorer Fixed Table Col Span Heap Overflow |
| exploit/windows/browser/ms12_037_same_id | MS12-037 Microsoft Internet Explorer Same ID Property Deleted Object Handling Memory Corruption |
| exploit/windows/browser/ms13_009_ie_slayoutrun_uaf | MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free |
| exploit/windows/browser/ms13_022_silverlight_script_object | MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access |
| exploit/windows/browser/ms13_037_svg_dashstyle | MS13-037 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow |
| exploit/windows/browser/ms13_055_canchor | MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free |
| exploit/windows/browser/ms13_059_cflatmarkuppointer | MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free |
| exploit/windows/browser/ms13_069_caret | MS13-069 Microsoft Internet Explorer CCaret Use-After-Free |
| exploit/windows/browser/ms13_080_cdisplaypointer | MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free |
| exploit/windows/browser/ms13_090_cardspacesigninhelper | MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow |
| exploit/windows/browser/ms14_012_cmarkup_uaf | MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free |
| exploit/windows/browser/ms14_012_textrange | MS14-012 Microsoft Internet Explorer TextRange Use-After-Free |
| exploit/windows/browser/ms14_064_ole_code_execution | MS14-064 Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution |
| exploit/windows/browser/ms16_051_vbscript | Internet Explorer 11 VBScript Engine Memory Corruption |
| exploit/windows/browser/msvidctl_mpeg2 | Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption |
| exploit/windows/browser/mswhale_checkforupdates | Microsoft Whale Intelligent Application Gateway ActiveX Control Buffer Overflow |
| exploit/windows/browser/msxml_get_definition_code_exec | MS12-043 Microsoft XML Core Services MSXML Uninitialized Memory Corruption |
| exploit/windows/browser/nctaudiofile2_setformatlikesample | NCTAudioFile2 v2.x ActiveX Control SetFormatLikeSample() Buffer Overflow |
| exploit/windows/browser/nis2004_antispam | Norton AntiSpam 2004 SymSpamHelper ActiveX Control Buffer Overflow |
| exploit/windows/browser/nis2004_get | Symantec Norton Internet Security 2004 ActiveX Control Buffer Overflow |
| exploit/windows/browser/notes_handler_cmdinject | IBM Lotus Notes Client URL Handler Command Injection |
| exploit/windows/browser/novell_groupwise_gwcls1_actvx | Novell GroupWise Client gwcls1.dll ActiveX Remote Code Execution |
| exploit/windows/browser/novelliprint_callbackurl | Novell iPrint Client ActiveX Control call-back-url Buffer Overflow |
| exploit/windows/browser/novelliprint_datetime | Novell iPrint Client ActiveX Control Date/Time Buffer Overflow |
| exploit/windows/browser/novelliprint_executerequest_dbg | Novell iPrint Client ActiveX Control ExecuteRequest debug Buffer Overflow |
| exploit/windows/browser/novelliprint_executerequest | Novell iPrint Client ActiveX Control ExecuteRequest Buffer Overflow |
| exploit/windows/browser/novelliprint_getdriversettings_2 | Novell iPrint Client ActiveX Control Buffer Overflow |
| exploit/windows/browser/novelliprint_getdriversettings | Novell iPrint Client ActiveX Control Buffer Overflow |
| exploit/windows/browser/novelliprint_target_frame | Novell iPrint Client ActiveX Control target-frame Buffer Overflow |
| exploit/windows/browser/ntr_activex_check_bof | NTR ActiveX Control Check() Method Buffer Overflow |
| exploit/windows/browser/ntr_activex_stopmodule | NTR ActiveX Control StopModule() Remote Code Execution |
| exploit/windows/browser/oracle_autovue_setmarkupmode | Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow |
| exploit/windows/browser/oracle_dc_submittoexpress | Oracle Document Capture 10g ActiveX Control Buffer Overflow |
| exploit/windows/browser/oracle_webcenter_checkoutandopen | Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Remote Code Execution |
| exploit/windows/browser/orbit_connecting | Orbit Downloader Connecting Log Creation Buffer Overflow |
| exploit/windows/browser/ovftool_format_string | VMWare OVF Tools Format String Vulnerability |
| exploit/windows/browser/pcvue_func | PcVue 10.0 SV.UIGrdCtrl.1 'LoadObject()/SaveObject()' Trusted DWORD Vulnerability |
| exploit/windows/browser/persits_xupload_traversal | Persits XUpload ActiveX MakeHttpRequest Directory Traversal |
| exploit/windows/browser/quickr_qp2_bof | IBM Lotus QuickR qp2 ActiveX Buffer Overflow |
| exploit/windows/browser/real_arcade_installerdlg | Real Networks Arcade Games StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution |
| exploit/windows/browser/realplayer_cdda_uri | RealNetworks RealPlayer CDDA URI Initialization Vulnerability |
| exploit/windows/browser/realplayer_console | RealPlayer rmoc3260.dll ActiveX Control Heap Corruption |
| exploit/windows/browser/realplayer_import | RealPlayer ierpplug.dll ActiveX Control Playlist Name Buffer Overflow |
| exploit/windows/browser/realplayer_qcp | RealNetworks Realplayer QCP Parsing Heap Overflow |
| exploit/windows/browser/realplayer_smil | RealNetworks RealPlayer SMIL Buffer Overflow |
| exploit/windows/browser/roxio_cineplayer | Roxio CinePlayer ActiveX Control Buffer Overflow |
| exploit/windows/browser/safari_xslt_output | Apple Safari Webkit libxslt Arbitrary File Creation |
| exploit/windows/browser/samsung_neti_wiewer_backuptoavi_bof | Samsung NET-i Viewer Multiple ActiveX BackupToAvi() Remote Overflow |
| exploit/windows/browser/samsung_security_manager_put | Samsung Security Manager 1.4 ActiveMQ Broker Service PUT Method Remote Code Execution |
| exploit/windows/browser/sapgui_saveviewtosessionfile | SAP AG SAPgui EAI WebViewer3D Buffer Overflow |
| exploit/windows/browser/siemens_solid_edge_selistctrlx | Siemens Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution |
| exploit/windows/browser/softartisans_getdrivename | SoftArtisans XFile FileManager ActiveX Control Buffer Overflow |
| exploit/windows/browser/sonicwall_addrouteentry | SonicWall SSL-VPN NetExtender ActiveX Control Buffer Overflow |
| exploit/windows/browser/symantec_altirisdeployment_downloadandinstall | Symantec Altiris Deployment Solution ActiveX Control Arbitrary File Download and Execute |
| exploit/windows/browser/symantec_altirisdeployment_runcmd | Symantec Altiris Deployment Solution ActiveX Control Buffer Overflow |
| exploit/windows/browser/symantec_appstream_unsafe | Symantec AppStream LaunchObj ActiveX Control Arbitrary File Download and Execute |
| exploit/windows/browser/symantec_backupexec_pvcalendar | Symantec BackupExec Calendar Control Buffer Overflow |
| exploit/windows/browser/symantec_consoleutilities_browseandsavefile | Symantec ConsoleUtilities ActiveX Control Buffer Overflow |
| exploit/windows/browser/synactis_connecttosynactis_bof | Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow |
| exploit/windows/browser/systemrequirementslab_unsafe | Husdawg, LLC. System Requirements Lab ActiveX Unsafe Method |
| exploit/windows/browser/teechart_pro | TeeChart Professional ActiveX Control Trusted Integer Dereference |
| exploit/windows/browser/tom_sawyer_tsgetx71ex552 | Tom Sawyer Software GET Extension Factory Remote Code Execution |
| exploit/windows/browser/trendmicro_extsetowner | Trend Micro Internet Security Pro 2010 ActiveX extSetOwner() Remote Code Execution |
| exploit/windows/browser/trendmicro_officescan | Trend Micro OfficeScan Client ActiveX Control Buffer Overflow |
| exploit/windows/browser/tumbleweed_filetransfer | Tumbleweed FileTransfer vcst_eu.dll ActiveX Control Buffer Overflow |
| exploit/windows/browser/ubisoft_uplay_cmd_exec | Ubisoft uplay 2.0.3 ActiveX Control Arbitrary Code Execution |
| exploit/windows/browser/ultramjcam_openfiledig_bof | TRENDnet SecurView Internet Camera UltraMJCam OpenFileDlg Buffer Overflow |
| exploit/windows/browser/ultraoffice_httpupload | Ultra Shareware Office Control ActiveX HttpUpload Buffer Overflow |
| exploit/windows/browser/verypdf_pdfview | VeryPDF PDFView OCX ActiveX OpenPDF Heap Overflow |
| exploit/windows/browser/viscom_movieplayer_drawtext | Viscom Software Movie Player Pro SDK ActiveX 6.8 |
| exploit/windows/browser/vlc_amv | VLC AMV Dangling Pointer Vulnerability |
| exploit/windows/browser/vlc_mms_bof | VLC MMS Stream Handling Buffer Overflow |
| exploit/windows/browser/webdav_dll_hijacker | WebDAV Application DLL Hijacker |
| exploit/windows/browser/webex_ucf_newobject | WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow |
| exploit/windows/browser/wellintech_kingscada_kxclientdownload | KingScada kxClientDownload.ocx ActiveX Remote Code Execution |
| exploit/windows/browser/winamp_playlist_unc | Winamp Playlist UNC Path Computer Name Overflow |
| exploit/windows/browser/winamp_ultravox | Winamp Ultravox Streaming Metadata (in_mp3.dll) Buffer Overflow |
| exploit/windows/browser/windvd7_applicationtype | WinDVD7 IASystemInfo.DLL ActiveX Control Buffer Overflow |
| exploit/windows/browser/winzip_fileview | WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow |
| exploit/windows/browser/wmi_admintools | Microsoft WMI Administration Tools ActiveX Buffer Overflow |
| exploit/windows/browser/x360_video_player_set_text_bof | X360 VideoPlayer ActiveX Control Buffer Overflow |
| exploit/windows/browser/xmplay_asx | XMPlay 3.3.0.4 (ASX Filename) Buffer Overflow |
| exploit/windows/browser/yahoomessenger_fvcom | Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow |
| exploit/windows/browser/yahoomessenger_server | Yahoo! Messenger 8.1.0.249 ActiveX Control Buffer Overflow |
| exploit/windows/browser/zenturiprogramchecker_unsafe | Zenturi ProgramChecker ActiveX Control Arbitrary File Download |
| exploit/windows/browser/zenworks_helplauncher_exec | AdminStudio LaunchHelp.dll ActiveX Arbitrary Code Execution |
| exploit/windows/dcerpc/cve_2021_1675_printnightmare | Print Spooler Remote DLL Injection |
| exploit/windows/dcerpc/ms03_026_dcom | MS03-026 Microsoft RPC DCOM Interface Overflow |
| exploit/windows/dcerpc/ms05_017_msmq | MS05-017 Microsoft Message Queueing Service Path Overflow |
| exploit/windows/dcerpc/ms07_029_msdns_zonename | MS07-029 Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP) |
| exploit/windows/dcerpc/ms07_065_msmq | MS07-065 Microsoft Message Queueing Service DNS Name Path Overflow |
| exploit/windows/email/ms07_017_ani_loadimage_chunksize | Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP) |
| exploit/windows/email/ms10_045_outlook_ref_only | Outlook ATTACH_BY_REF_ONLY File Execution |
| exploit/windows/email/ms10_045_outlook_ref_resolve | Outlook ATTACH_BY_REF_RESOLVE File Execution |
| exploit/windows/emc/alphastor_agent | EMC AlphaStor Agent Buffer Overflow |
| exploit/windows/emc/alphastor_device_manager_exec | EMC AlphaStor Device Manager Opcode 0x75 Command Injection |
| exploit/windows/emc/networker_format_string | EMC Networker Format String |
| exploit/windows/emc/replication_manager_exec | EMC Replication Manager Command Execution |
| exploit/windows/fileformat/abbs_amp_lst | ABBS Audio Media Player .LST Buffer Overflow |
| exploit/windows/fileformat/acdsee_fotoslate_string | ACDSee FotoSlate PLP File id Parameter Overflow |
| exploit/windows/fileformat/acdsee_xpm | ACDSee XPM File Section Buffer Overflow |
| exploit/windows/fileformat/actfax_import_users_bof | ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow |
| exploit/windows/fileformat/activepdf_webgrabber | activePDF WebGrabber ActiveX Control Buffer Overflow |
| exploit/windows/fileformat/adobe_collectemailinfo | Adobe Collab.collectEmailInfo() Buffer Overflow |
| exploit/windows/fileformat/adobe_cooltype_sing | Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow |
| exploit/windows/fileformat/adobe_flashplayer_button | Adobe Flash Player "Button" Remote Code Execution |
| exploit/windows/fileformat/adobe_flashplayer_newfunction | Adobe Flash Player "newfunction" Invalid Pointer Use |
| exploit/windows/fileformat/adobe_flatedecode_predictor02 | Adobe FlateDecode Stream Predictor 02 Integer Overflow |
| exploit/windows/fileformat/adobe_geticon | Adobe Collab.getIcon() Buffer Overflow |
| exploit/windows/fileformat/adobe_illustrator_v14_eps | Adobe Illustrator CS4 v14.0.0 |
| exploit/windows/fileformat/adobe_jbig2decode | Adobe JBIG2Decode Memory Corruption |
| exploit/windows/fileformat/adobe_libtiff | Adobe Acrobat Bundled LibTIFF Integer Overflow |
| exploit/windows/fileformat/adobe_media_newplayer | Adobe Doc.media.newPlayer Use After Free Vulnerability |
| exploit/windows/fileformat/adobe_pdf_embedded_exe | Adobe PDF Embedded EXE Social Engineering |
| exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs | Adobe PDF Escape EXE Social Engineering (No JavaScript) |
| exploit/windows/fileformat/adobe_reader_u3d | Adobe Reader U3D Memory Corruption Vulnerability |
| exploit/windows/fileformat/adobe_toolbutton | Adobe Reader ToolButton Use After Free |
| exploit/windows/fileformat/adobe_u3d_meshdecl | Adobe U3D CLODProgressiveMeshDeclaration Array Overrun |
| exploit/windows/fileformat/adobe_utilprintf | Adobe util.printf() Buffer Overflow |
| exploit/windows/fileformat/allplayer_m3u_bof | ALLPlayer M3U Buffer Overflow |
| exploit/windows/fileformat/altap_salamander_pdb | Altap Salamander 2.5 PE Viewer Buffer Overflow |
| exploit/windows/fileformat/aol_desktop_linktag | AOL Desktop 9.6 RTX Buffer Overflow |
| exploit/windows/fileformat/aol_phobos_bof | AOL 9.5 Phobos.Playlist Import() Stack-based Buffer Overflow |
| exploit/windows/fileformat/a_pdf_wav_to_mp3 | A-PDF WAV to MP3 v1.0.0 Buffer Overflow |
| exploit/windows/fileformat/apple_quicktime_pnsize | Apple QuickTime PICT PnSize Buffer Overflow |
| exploit/windows/fileformat/apple_quicktime_rdrf | Apple Quicktime 7 Invalid Atom Length Buffer Overflow |
| exploit/windows/fileformat/apple_quicktime_texml | Apple QuickTime TeXML Style Element Stack Buffer Overflow |
| exploit/windows/fileformat/audio_coder_m3u | AudioCoder .M3U Buffer Overflow |
| exploit/windows/fileformat/audiotran_pls_1424 | Audiotran PLS File Stack Buffer Overflow |
| exploit/windows/fileformat/audiotran_pls | Audiotran 1.4.1 (PLS File) Stack Buffer Overflow |
| exploit/windows/fileformat/audio_wkstn_pls | Audio Workstation 6.4.2.4.3 pls Buffer Overflow |
| exploit/windows/fileformat/aviosoft_plf_buf | Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow |
| exploit/windows/fileformat/bacnet_csv | BACnet OPC Client Buffer Overflow |
| exploit/windows/fileformat/beetel_netconfig_ini_bof | Beetel Connection Manager NetConfig.ini Buffer Overflow |
| exploit/windows/fileformat/blazedvd_hdtv_bof | BlazeVideo HDTV Player Pro v6.6 Filename Handling Vulnerability |
| exploit/windows/fileformat/blazedvd_plf | BlazeDVD 6.1 PLF Buffer Overflow |
| exploit/windows/fileformat/boxoft_wav_to_mp3 | Boxoft WAV to MP3 Converter v1.1 Buffer Overflow |
| exploit/windows/fileformat/bpftp_client_bps_bof | BulletProof FTP Client BPS Buffer Overflow |
| exploit/windows/fileformat/bsplayer_m3u | BS.Player 2.57 Buffer Overflow (Unicode SEH) |
| exploit/windows/fileformat/ca_cab | CA Antivirus Engine CAB Buffer Overflow |
| exploit/windows/fileformat/cain_abel_4918_rdp | Cain and Abel RDP Buffer Overflow |
| exploit/windows/fileformat/ccmplayer_m3u_bof | CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow |
| exploit/windows/fileformat/chasys_draw_ies_bmp_bof | Chasys Draw IES Buffer Overflow |
| exploit/windows/fileformat/coolpdf_image_stream_bof | Cool PDF Image Stream Buffer Overflow |
| exploit/windows/fileformat/corelpdf_fusion_bof | Corel PDF Fusion Stack Buffer Overflow |
| exploit/windows/fileformat/csound_getnum_bof | Csound hetro File Handling Stack Buffer Overflow |
| exploit/windows/fileformat/cutezip_bof | GlobalSCAPE CuteZIP Stack Buffer Overflow |
| exploit/windows/fileformat/cve_2017_8464_lnk_rce | LNK Code Execution Vulnerability |
| exploit/windows/fileformat/cyberlink_lpp_bof | CyberLink LabelPrint 2.5 Stack Buffer Overflow |
| exploit/windows/fileformat/cyberlink_p2g_bof | CyberLink Power2Go name Attribute (p2g) Stack Buffer Overflow Exploit |
| exploit/windows/fileformat/cytel_studio_cy3 | Cytel Studio 9.0 (CY3 File) Stack Buffer Overflow |
| exploit/windows/fileformat/deepburner_path | AstonSoft DeepBurner (DBR File) Path Buffer Overflow |
| exploit/windows/fileformat/destinymediaplayer16 | Destiny Media Player 1.61 PLS M3U Buffer Overflow |
| exploit/windows/fileformat/digital_music_pad_pls | Digital Music Pad Version 8.2.3.3.4 Stack Buffer Overflow |
| exploit/windows/fileformat/djstudio_pls_bof | DJ Studio Pro 5.1 .pls Stack Buffer Overflow |
| exploit/windows/fileformat/djvu_imageurl | DjVu DjVu_ActiveX_MSOffice.dll ActiveX ComponentBuffer Overflow |
| exploit/windows/fileformat/documalis_pdf_editor_and_scanner | Documalis Free PDF Editor and Scanner JPEG Stack Buffer Overflow |
| exploit/windows/fileformat/dupscout_xml | Dup Scout Enterprise v10.4.16 - Import Command Buffer Overflow |
| exploit/windows/fileformat/dvdx_plf_bof | DVD X Player 5.5 .plf PlayList Buffer Overflow |
| exploit/windows/fileformat/easycdda_pls_bof | Easy CD-DA Recorder PLS Buffer Overflow |
| exploit/windows/fileformat/emc_appextender_keyworks | EMC ApplicationXtender (KeyWorks) ActiveX Control Buffer Overflow |
| exploit/windows/fileformat/erdas_er_viewer_bof | ERS Viewer 2011 ERS File Handling Buffer Overflow |
| exploit/windows/fileformat/erdas_er_viewer_rf_report_error | ERS Viewer 2013 ERS File Handling Buffer Overflow |
| exploit/windows/fileformat/esignal_styletemplate_bof | eSignal and eSignal Pro File Parsing Buffer Overflow in QUO |
| exploit/windows/fileformat/etrust_pestscan | CA eTrust PestPatrol ActiveX Control Buffer Overflow |
| exploit/windows/fileformat/ezip_wizard_bof | eZip Wizard 3.0 Stack Buffer Overflow |
| exploit/windows/fileformat/fatplayer_wav | Fat Player Media Player 0.6b0 Buffer Overflow |
| exploit/windows/fileformat/fdm_torrent | Free Download Manager Torrent Parsing Buffer Overflow |
| exploit/windows/fileformat/feeddemon_opml | FeedDemon Stack Buffer Overflow |
| exploit/windows/fileformat/foxit_reader_filewrite | Foxit PDF Reader 4.2 Javascript File Write |
| exploit/windows/fileformat/foxit_reader_launch | Foxit Reader 3.0 Open Execute Action Stack Based Buffer Overflow |
| exploit/windows/fileformat/foxit_reader_uaf | Foxit PDF Reader Pointer Overwrite UAF |
| exploit/windows/fileformat/foxit_title_bof | Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow |
| exploit/windows/fileformat/free_mp3_ripper_wav | Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow |
| exploit/windows/fileformat/galan_fileformat_bof | gAlan 0.2.1 Buffer Overflow |
| exploit/windows/fileformat/gsm_sim | GSM SIM Editor 5.15 Buffer Overflow |
| exploit/windows/fileformat/gta_samp | GTA SA-MP server.cfg Buffer Overflow |
| exploit/windows/fileformat/hhw_hhp_compiledfile_bof | HTML Help Workshop 4.74 (hhp Project File) Buffer Overflow |
| exploit/windows/fileformat/hhw_hhp_contentfile_bof | HTML Help Workshop 4.74 (hhp Project File) Buffer Overflow |
| exploit/windows/fileformat/hhw_hhp_indexfile_bof | HTML Help Workshop 4.74 (hhp Project File) Buffer Overflow |
| exploit/windows/fileformat/homm3_h3m | Heroes of Might and Magic III .h3m Map file Buffer Overflow |
| exploit/windows/fileformat/ht_mp3player_ht3_bof | HT-MP3Player 1.0 HT3 File Parsing Buffer Overflow |
| exploit/windows/fileformat/ibm_forms_viewer_fontname | IBM Forms Viewer Unicode Buffer Overflow |
| exploit/windows/fileformat/ibm_pcm_ws | IBM Personal Communications iSeries Access WorkStation 5.9 Profile |
| exploit/windows/fileformat/icofx_bof | IcoFX Stack Buffer Overflow |
| exploit/windows/fileformat/ideal_migration_ipj | PointDev IDEAL Migration Buffer Overflow |
| exploit/windows/fileformat/iftp_schedule_bof | i-FTP Schedule Buffer Overflow |
| exploit/windows/fileformat/irfanview_jpeg2000_bof | Irfanview JPEG2000 jp2 Stack Buffer Overflow |
| exploit/windows/fileformat/ispvm_xcf_ispxcf | Lattice Semiconductor ispVM System XCF File Handling Overflow |
| exploit/windows/fileformat/kingview_kingmess_kvl | KingView Log File Parsing Buffer Overflow |
| exploit/windows/fileformat/lattice_pac_bof | Lattice Semiconductor PAC-Designer 6.21 Symbol Value Buffer Overflow |
| exploit/windows/fileformat/lotusnotes_lzh | Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh Attachment) |
| exploit/windows/fileformat/magix_musikmaker_16_mmm | Magix Musik Maker 16 .mmm Stack Buffer Overflow |
| exploit/windows/fileformat/mcafee_hercules_deletesnapshot | McAfee Remediation Client ActiveX Control Buffer Overflow |
| exploit/windows/fileformat/mcafee_showreport_exec | McAfee SaaS MyCioScan ShowReport Remote Command Execution |
| exploit/windows/fileformat/mediacoder_m3u | MediaCoder .M3U Buffer Overflow |
| exploit/windows/fileformat/mediajukebox | Media Jukebox 8.0.400 Buffer Overflow (SEH) |
| exploit/windows/fileformat/microp_mppl | MicroP 0.1.1.1600 (MPPL File) Stack Buffer Overflow |
| exploit/windows/fileformat/microsoft_windows_contact | Microsoft Windows Contact File Format Arbitary Code Execution |
| exploit/windows/fileformat/millenium_mp3_pls | Millenium MP3 Studio 2.0 (PLS File) Stack Buffer Overflow |
| exploit/windows/fileformat/mini_stream_pls_bof | Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow |
| exploit/windows/fileformat/mjm_coreplayer2011_s3m | MJM Core Player 2011 .s3m Stack Buffer Overflow |
| exploit/windows/fileformat/mjm_quickplayer_s3m | MJM QuickPlayer 1.00 Beta 60a / QuickPlayer 2010 .s3m Stack Buffer Overflow |
| exploit/windows/fileformat/moxa_mediadbplayback | MOXA MediaDBPlayback ActiveX Control Buffer Overflow |
| exploit/windows/fileformat/mplayer_m3u_bof | MPlayer Lite M3U Buffer Overflow |
| exploit/windows/fileformat/mplayer_sami_bof | MPlayer SAMI Subtitle File Buffer Overflow |
| exploit/windows/fileformat/ms09_067_excel_featheader | MS09-067 Microsoft Excel Malformed FEATHEADER Record Vulnerability |
| exploit/windows/fileformat/ms10_004_textbytesatom | MS10-004 Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow |
| exploit/windows/fileformat/ms10_038_excel_obj_bof | MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow |
| exploit/windows/fileformat/ms10_087_rtf_pfragments_bof | MS10-087 Microsoft Word RTF pFragments Stack Buffer Overflow (File Format) |
| exploit/windows/fileformat/ms11_006_createsizeddibsection | MS11-006 Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow |
| exploit/windows/fileformat/ms11_021_xlb_bof | MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow |
| exploit/windows/fileformat/ms12_005 | MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability |
| exploit/windows/fileformat/ms12_027_mscomctl_bof | MS12-027 MSCOMCTL ActiveX Buffer Overflow |
| exploit/windows/fileformat/ms13_071_theme | MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution |
| exploit/windows/fileformat/ms14_017_rtf | MS14-017 Microsoft Word RTF Object Confusion |
| exploit/windows/fileformat/ms14_060_sandworm | MS14-060 Microsoft Windows OLE Package Manager Code Execution |
| exploit/windows/fileformat/ms14_064_packager_python | MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python |
| exploit/windows/fileformat/ms14_064_packager_run_as_admin | MS14-064 Microsoft Windows OLE Package Manager Code Execution |
| exploit/windows/fileformat/ms15_020_shortcut_icon_dllloader | Microsoft Windows Shell LNK Code Execution |
| exploit/windows/fileformat/ms15_100_mcl_exe | MS15-100 Microsoft Windows Media Center MCL Vulnerability |
| exploit/windows/fileformat/ms_visual_basic_vbp | Microsoft Visual Basic VBP Buffer Overflow |
| exploit/windows/fileformat/mswin_tiff_overflow | MS13-096 Microsoft Tagged Image File Format (TIFF) Integer Overflow |
| exploit/windows/fileformat/msworks_wkspictureinterface | Microsoft Works 7 WkImgSrv.dll WKsPictureInterface() ActiveX Code Execution |
| exploit/windows/fileformat/mymp3player_m3u | Steinberg MyMP3Player 3.0 Buffer Overflow |
| exploit/windows/fileformat/netop | NetOp Remote Control Client 9.5 Buffer Overflow |
| exploit/windows/fileformat/nitro_reader_jsapi | Nitro Pro PDF Reader 11.0.3.173 Javascript API Remote Code Execution |
| exploit/windows/fileformat/nuance_pdf_launch_overflow | Nuance PDF Reader v6.0 Launch Stack Buffer Overflow |
| exploit/windows/fileformat/office_dde_delivery | Microsoft Office DDE Payload Delivery |
| exploit/windows/fileformat/office_excel_slk | Microsoft Excel .SLK Payload Delivery |
| exploit/windows/fileformat/office_ms17_11882 | Microsoft Office CVE-2017-11882 |
| exploit/windows/fileformat/office_ole_multiple_dll_hijack | Office OLE Multiple DLL Side Loading Vulnerabilities |
| exploit/windows/fileformat/office_word_hta | Microsoft Office Word Malicious Hta Execution |
| exploit/windows/fileformat/openoffice_ole | OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow |
| exploit/windows/fileformat/orbital_viewer_orb | Orbital Viewer ORB File Parsing Buffer Overflow |
| exploit/windows/fileformat/orbit_download_failed_bof | Orbit Downloader URL Unicode Conversion Overflow |
| exploit/windows/fileformat/ovf_format_string | VMWare OVF Tools Format String Vulnerability |
| exploit/windows/fileformat/proshow_cellimage_bof | ProShow Gold v4.0.2549 (PSH File) Stack Buffer Overflow |
| exploit/windows/fileformat/proshow_load_bof | Photodex ProShow Producer 5.0.3256 load File Handling Buffer Overflow |
| exploit/windows/fileformat/publishit_pui | Publish-It PUI Buffer Overflow (SEH) |
| exploit/windows/fileformat/real_networks_netzip_bof | Real Networks Netzip Classic 7.5.1 86 File Parsing Buffer Overflow Vulnerability |
| exploit/windows/fileformat/real_player_url_property_bof | RealPlayer RealMedia File Handling Buffer Overflow |
| exploit/windows/fileformat/realplayer_ver_attribute_bof | RealNetworks RealPlayer Version Attribute Buffer Overflow |
| exploit/windows/fileformat/safenet_softremote_groupname | SafeNet SoftRemote GROUPNAME Buffer Overflow |
| exploit/windows/fileformat/sascam_get | SasCam Webcam Server v.2.6.5 Get() Method Buffer Overflow |
| exploit/windows/fileformat/scadaphone_zip | ScadaTEC ScadaPhone Stack Buffer Overflow |
| exploit/windows/fileformat/shadow_stream_recorder_bof | Shadow Stream Recorder 3.0.1.7 Buffer Overflow |
| exploit/windows/fileformat/shaper_pdf_bof | PDF Shaper Buffer Overflow |
| exploit/windows/fileformat/somplplayer_m3u | S.O.M.P.L 1.0 Player Buffer Overflow |
| exploit/windows/fileformat/subtitle_processor_m3u_bof | Subtitle Processor 7.7.1 .M3U SEH Unicode Buffer Overflow |
| exploit/windows/fileformat/syncbreeze_xml | Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow |
| exploit/windows/fileformat/tfm_mmplayer_m3u_ppl_bof | TFM MMPlayer (m3u/ppl File) Buffer Overflow |
| exploit/windows/fileformat/total_video_player_ini_bof | Total Video Player 1.3.1 (Settings.ini) - SEH Buffer Overflow |
| exploit/windows/fileformat/tugzip | TugZip 3.5 Zip File Parsing Buffer Overflow Vulnerability |
| exploit/windows/fileformat/ultraiso_ccd | UltraISO CCD File Parsing Buffer Overflow |
| exploit/windows/fileformat/ultraiso_cue | UltraISO CUE File Parsing Buffer Overflow |
| exploit/windows/fileformat/ursoft_w32dasm | URSoft W32Dasm Disassembler Function Buffer Overflow |
| exploit/windows/fileformat/varicad_dwb | VariCAD 2010-2.05 EN (DWB File) Stack Buffer Overflow |
| exploit/windows/fileformat/videocharge_studio | VideoCharge Studio Buffer Overflow (SEH) |
| exploit/windows/fileformat/videolan_tivo | VideoLAN VLC TiVo Buffer Overflow |
| exploit/windows/fileformat/videospirit_visprj | VeryTools Video Spirit Pro |
| exploit/windows/fileformat/visio_dxf_bof | Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability |
| exploit/windows/fileformat/visiwave_vwr_type | VisiWave VWR File Parsing Vulnerability |
| exploit/windows/fileformat/vlc_mkv | VLC Media Player MKV Use After Free |
| exploit/windows/fileformat/vlc_modplug_s3m | VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow |
| exploit/windows/fileformat/vlc_realtext | VLC Media Player RealText Subtitle Overflow |
| exploit/windows/fileformat/vlc_smb_uri | VideoLAN Client (VLC) Win32 smb:// URI Buffer Overflow |
| exploit/windows/fileformat/vlc_webm | VideoLAN VLC MKV Memory Corruption |
| exploit/windows/fileformat/vuplayer_cue | VUPlayer CUE Buffer Overflow |
| exploit/windows/fileformat/vuplayer_m3u | VUPlayer M3U Buffer Overflow |
| exploit/windows/fileformat/watermark_master | Watermark Master Buffer Overflow (SEH) |
| exploit/windows/fileformat/winamp_maki_bof | Winamp MAKI Buffer Overflow |
| exploit/windows/fileformat/winrar_ace | RARLAB WinRAR ACE Format Input Validation Remote Code Execution |
| exploit/windows/fileformat/winrar_name_spoofing | WinRAR Filename Spoofing |
| exploit/windows/fileformat/wireshark_mpeg_overflow | Wireshark wiretap/mpeg.c Stack Buffer Overflow |
| exploit/windows/fileformat/wireshark_packet_dect | Wireshark packet-dect.c Stack Buffer Overflow (local) |
| exploit/windows/fileformat/wm_downloader_m3u | WM Downloader 3.1.2.2 Buffer Overflow |
| exploit/windows/fileformat/word_msdtjs_rce | Microsoft Office Word MSDTJS |
| exploit/windows/fileformat/word_mshtml_rce | Microsoft Office Word Malicious MSHTML RCE |
| exploit/windows/fileformat/xenorate_xpl_bof | Xenorate 2.50 (.xpl) Universal Local Buffer Overflow (SEH) |
| exploit/windows/fileformat/xion_m3u_sehbof | Xion Audio Player 1.0.126 Unicode Stack Buffer Overflow |
| exploit/windows/fileformat/xradio_xrl_sehbof | xRadio 0.95b Buffer Overflow |
| exploit/windows/fileformat/zahir_enterprise_plus_csv | Zahir Enterprise Plus 6 Stack Buffer Overflow |
| exploit/windows/fileformat/zinfaudioplayer221_pls | Zinf Audio Player 2.2.1 (PLS File) Stack Buffer Overflow |
| exploit/windows/firewall/blackice_pam_icq | ISS PAM.dll ICQ Parser Buffer Overflow |
| exploit/windows/firewall/kerio_auth | Kerio Firewall 2.1.4 Authentication Packet Overflow |
| exploit/windows/ftp/32bitftp_list_reply | 32bit FTP Client Stack Buffer Overflow |
| exploit/windows/ftp/3cdaemon_ftp_user | 3Com 3CDaemon 2.0 FTP Username Overflow |
| exploit/windows/ftp/aasync_list_reply | AASync v2.2.1.0 (Win32) Stack Buffer Overflow (LIST) |
| exploit/windows/ftp/ability_server_stor | Ability Server 2.34 STOR Command Stack Buffer Overflow |
| exploit/windows/ftp/absolute_ftp_list_bof | AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow |
| exploit/windows/ftp/ayukov_nftp | Ayukov NFTP FTP Client Buffer Overflow |
| exploit/windows/ftp/bison_ftp_bof | BisonWare BisonFTP Server Buffer Overflow |
| exploit/windows/ftp/cesarftp_mkd | Cesar FTP 0.99g MKD Command Buffer Overflow |
| exploit/windows/ftp/comsnd_ftpd_fmtstr | ComSndFTP v1.3.7 Beta USER Format String (Write4) Vulnerability |
| exploit/windows/ftp/dreamftp_format | BolinTech Dream FTP Server 1.02 Format String |
| exploit/windows/ftp/easyfilesharing_pass | Easy File Sharing FTP Server 2.0 PASS Overflow |
| exploit/windows/ftp/easyftp_cwd_fixret | EasyFTP Server CWD Command Stack Buffer Overflow |
| exploit/windows/ftp/easyftp_list_fixret | EasyFTP Server LIST Command Stack Buffer Overflow |
| exploit/windows/ftp/easyftp_mkd_fixret | EasyFTP Server MKD Command Stack Buffer Overflow |
| exploit/windows/ftp/filecopa_list_overflow | FileCopa FTP Server Pre 18 Jul Version |
| exploit/windows/ftp/filewrangler_list_reply | FileWrangler 5.30 Stack Buffer Overflow |
| exploit/windows/ftp/freefloatftp_user | Free Float FTP Server USER Command Buffer Overflow |
| exploit/windows/ftp/freefloatftp_wbem | FreeFloat FTP Server Arbitrary File Upload |
| exploit/windows/ftp/freeftpd_pass | freeFTPd PASS Command Buffer Overflow |
| exploit/windows/ftp/freeftpd_user | freeFTPd 1.0 Username Overflow |
| exploit/windows/ftp/ftpgetter_pwd_reply | FTPGetter Standard v3.55.0.05 Stack Buffer Overflow (PWD) |
| exploit/windows/ftp/ftppad_list_reply | FTPPad 1.2.0 Stack Buffer Overflow |
| exploit/windows/ftp/ftpshell51_pwd_reply | FTPShell 5.1 Stack Buffer Overflow |
| exploit/windows/ftp/ftpshell_cli_bof | FTPShell client 6.70 (Enterprise edition) Stack Buffer Overflow |
| exploit/windows/ftp/ftpsynch_list_reply | FTP Synchronizer Professional 4.0.73.274 Stack Buffer Overflow |
| exploit/windows/ftp/gekkomgr_list_reply | Gekko Manager FTP Client Stack Buffer Overflow |
| exploit/windows/ftp/globalscapeftp_input | GlobalSCAPE Secure FTP Server Input Overflow |
| exploit/windows/ftp/goldenftp_pass_bof | GoldenFTP PASS Stack Buffer Overflow |
| exploit/windows/ftp/httpdx_tolog_format | HTTPDX tolog() Function Format String Vulnerability |
| exploit/windows/ftp/kmftp_utility_cwd | Konica Minolta FTP Utility 1.00 Post Auth CWD Command SEH Overflow |
| exploit/windows/ftp/labf_nfsaxe | LabF nfsAxe 3.7 FTP Client Stack Buffer Overflow |
| exploit/windows/ftp/leapftp_list_reply | LeapFTP 3.0.1 Stack Buffer Overflow |
| exploit/windows/ftp/leapftp_pasv_reply | LeapWare LeapFTP v2.7.3.600 PASV Reply Client Overflow |
| exploit/windows/ftp/ms09_053_ftpd_nlst | MS09-053 Microsoft IIS FTP Server NLST Response Overflow |
| exploit/windows/ftp/netterm_netftpd_user | NetTerm NetFTPD USER Buffer Overflow |
| exploit/windows/ftp/odin_list_reply | Odin Secure FTP 4.1 Stack Buffer Overflow (LIST) |
| exploit/windows/ftp/open_ftpd_wbem | Open-FTPD 1.2 Arbitrary File Upload |
| exploit/windows/ftp/oracle9i_xdb_ftp_pass | Oracle 9i XDB FTP PASS Overflow (win32) |
| exploit/windows/ftp/oracle9i_xdb_ftp_unlock | Oracle 9i XDB FTP UNLOCK Overflow (win32) |
| exploit/windows/ftp/pcman_put | PCMAN FTP Server Buffer Overflow - PUT Command |
| exploit/windows/ftp/pcman_stor | PCMAN FTP Server Post-Authentication STOR Command Stack Buffer Overflow |
| exploit/windows/ftp/proftp_banner | ProFTP 2.9 Banner Remote Buffer Overflow |
| exploit/windows/ftp/quickshare_traversal_write | QuickShare File Server 1.2.1 Directory Traversal Vulnerability |
| exploit/windows/ftp/ricoh_dl_bof | Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow |
| exploit/windows/ftp/sami_ftpd_list | Sami FTP Server LIST Command Buffer Overflow |
| exploit/windows/ftp/sami_ftpd_user | KarjaSoft Sami FTP Server v2.0.2 USER Overflow |
| exploit/windows/ftp/sasser_ftpd_port | Sasser Worm avserve FTP PORT Buffer Overflow |
| exploit/windows/ftp/scriptftp_list | ScriptFTP LIST Remote Buffer Overflow |
| exploit/windows/ftp/seagull_list_reply | Seagull FTP v3.3 Build 409 Stack Buffer Overflow |
| exploit/windows/ftp/servu_chmod | Serv-U FTP Server Buffer Overflow |
| exploit/windows/ftp/servu_mdtm | Serv-U FTPD MDTM Overflow |
| exploit/windows/ftp/slimftpd_list_concat | SlimFTPd LIST Concatenation Overflow |
| exploit/windows/ftp/trellian_client_pasv | Trellian FTP Client 3.01 PASV Remote Buffer Overflow |
| exploit/windows/ftp/turboftp_port | Turbo FTP Server 1.30.823 PORT Overflow |
| exploit/windows/ftp/vermillion_ftpd_port | Vermillion FTP Daemon PORT Command Memory Corruption |
| exploit/windows/ftp/warftpd_165_pass | War-FTPD 1.65 Password Overflow |
| exploit/windows/ftp/warftpd_165_user | War-FTPD 1.65 Username Overflow |
| exploit/windows/ftp/wftpd_size | Texas Imperial Software WFTPD 3.23 SIZE Overflow |
| exploit/windows/ftp/winaxe_server_ready | WinaXe 7.7 FTP Client Remote Buffer Overflow |
| exploit/windows/ftp/wing_ftp_admin_exec | Wing FTP Server Authenticated Command Execution |
| exploit/windows/ftp/wsftp_server_503_mkd | WS-FTP Server 5.03 MKD Overflow |
| exploit/windows/ftp/wsftp_server_505_xmd5 | Ipswitch WS_FTP Server 5.05 XMD5 Overflow |
| exploit/windows/ftp/xftp_client_pwd | Xftp FTP Client 3.0 PWD Remote Buffer Overflow |
| exploit/windows/ftp/xlink_client | Xlink FTP Client Buffer Overflow |
| exploit/windows/ftp/xlink_server | Xlink FTP Server Buffer Overflow |
| exploit/windows/games/mohaa_getinfo | Medal of Honor Allied Assault getinfo Stack Buffer Overflow |
| exploit/windows/games/racer_503beta5 | Racer v0.5.3 Beta 5 Buffer Overflow |
| exploit/windows/games/ut2004_secure | Unreal Tournament 2004 "secure" Overflow (Win32) |
| exploit/windows/http/adobe_robohelper_authbypass | Adobe RoboHelp Server 8 Arbitrary File Upload and Execute |
| exploit/windows/http/advantech_iview_networkservlet_cmd_inject | Advantech iView NetworkServlet Command Injection |
| exploit/windows/http/advantech_iview_unauth_rce | Advantech iView Unauthenticated Remote Code Execution |
| exploit/windows/http/altn_securitygateway | Alt-N SecurityGateway username Buffer Overflow |
| exploit/windows/http/altn_webadmin | Alt-N WebAdmin USER Buffer Overflow |
| exploit/windows/http/amlibweb_webquerydll_app | Amlibweb NetOpacs webquery.dll Stack Buffer Overflow |
| exploit/windows/http/apache_activemq_traversal_upload | Apache ActiveMQ 5.x-5.11.1 Directory Traversal Shell Upload |
| exploit/windows/http/apache_chunked | Apache Win32 Chunked Encoding |
| exploit/windows/http/apache_modjk_overflow | Apache mod_jk 1.2.20 Buffer Overflow |
| exploit/windows/http/apache_mod_rewrite_ldap | Apache Module mod_rewrite LDAP Protocol Buffer Overflow |
| exploit/windows/http/apache_tika_jp2_jscript | Apache Tika Header Command Injection |
| exploit/windows/http/avaya_ccr_imageupload_exec | Avaya IP Office Customer Call Reporter ImageUpload.ashx Remote Command Execution |
| exploit/windows/http/badblue_ext_overflow | BadBlue 2.5 EXT.dll Buffer Overflow |
| exploit/windows/http/badblue_passthru | BadBlue 2.72b PassThru Buffer Overflow |
| exploit/windows/http/bea_weblogic_jsessionid | BEA WebLogic JSESSIONID Cookie Value Overflow |
| exploit/windows/http/bea_weblogic_post_bof | Oracle Weblogic Apache Connector POST Request Buffer Overflow |
| exploit/windows/http/bea_weblogic_transfer_encoding | BEA Weblogic Transfer-Encoding Buffer Overflow |
| exploit/windows/http/belkin_bulldog | Belkin Bulldog Plus Web Service Buffer Overflow |
| exploit/windows/http/ca_arcserve_rpc_authbypass | CA Arcserve D2D GWT RPC Credential Information Disclosure |
| exploit/windows/http/ca_igateway_debug | CA iTechnology iGateway Debug Mode Buffer Overflow |
| exploit/windows/http/ca_totaldefense_regeneratereports | CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection |
| exploit/windows/http/cayin_xpost_sql_rce | Cayin xPost wayfinder_seqid SQLi to RCE |
| exploit/windows/http/cogent_datahub_command | Cogent DataHub Command Injection |
| exploit/windows/http/cogent_datahub_request_headers_bof | Cogent DataHub HTTP Server Buffer Overflow |
| exploit/windows/http/coldfusion_fckeditor | ColdFusion 8.0.1 Arbitrary File Upload and Execute |
| exploit/windows/http/cyclope_ess_sqli | Cyclope Employee Surveillance Solution v6 SQL Injection |
| exploit/windows/http/desktopcentral_deserialization | ManageEngine Desktop Central Java Deserialization |
| exploit/windows/http/desktopcentral_file_upload | ManageEngine Desktop Central AgentLogUpload Arbitrary File Upload |
| exploit/windows/http/desktopcentral_statusupdate_upload | ManageEngine Desktop Central StatusUpdate Arbitrary File Upload |
| exploit/windows/http/diskboss_get_bof | DiskBoss Enterprise GET Buffer Overflow |
| exploit/windows/http/disk_pulse_enterprise_bof | Disk Pulse Enterprise Login Buffer Overflow |
| exploit/windows/http/disk_pulse_enterprise_get | Disk Pulse Enterprise GET Buffer Overflow |
| exploit/windows/http/disksavvy_get_bof | DiskSavvy Enterprise GET Buffer Overflow |
| exploit/windows/http/disksorter_bof | Disk Sorter Enterprise GET Buffer Overflow |
| exploit/windows/http/dlink_central_wifimanager_rce | D-Link Central WiFi Manager CWM(100) RCE |
| exploit/windows/http/dnn_cookie_deserialization_rce | DotNetNuke Cookie Deserialization Remote Code Excecution |
| exploit/windows/http/dup_scout_enterprise_login_bof | Dup Scout Enterprise Login Buffer Overflow |
| exploit/windows/http/dupscts_bof | Dup Scout Enterprise GET Buffer Overflow |
| exploit/windows/http/easychatserver_seh | Easy Chat Server User Registeration Buffer Overflow (SEH) |
| exploit/windows/http/easyfilesharing_post | Easy File Sharing HTTP Server 7.2 POST Buffer Overflow |
| exploit/windows/http/easyfilesharing_seh | Easy File Sharing HTTP Server 7.2 SEH Overflow |
| exploit/windows/http/easyftp_list | EasyFTP Server list.html path Stack Buffer Overflow |
| exploit/windows/http/edirectory_host | Novell eDirectory NDS Server Host Header Overflow |
| exploit/windows/http/edirectory_imonitor | eDirectory 8.7.3 iMonitor Remote Stack Buffer Overflow |
| exploit/windows/http/efs_easychatserver_username | EFS Easy Chat Server Authentication Request Handling Buffer Overflow |
| exploit/windows/http/efs_fmws_userid_bof | Easy File Management Web Server Stack Buffer Overflow |
| exploit/windows/http/ektron_xslt_exec | Ektron 8.02 XSLT Transform Remote Code Execution |
| exploit/windows/http/ektron_xslt_exec_ws | Ektron 8.5, 8.7, 9.0 XSLT Transform Remote Code Execution |
| exploit/windows/http/ericom_access_now_bof | Ericom AccessNow Server Buffer Overflow |
| exploit/windows/http/exchange_chainedserializationbinder_denylist_typo_rce | Microsoft Exchange Server ChainedSerializationBinder Deny List Typo RCE |
| exploit/windows/http/exchange_chainedserializationbinder_rce | Microsoft Exchange Server ChainedSerializationBinder RCE |
| exploit/windows/http/exchange_ecp_dlp_policy | Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE |
| exploit/windows/http/exchange_ecp_viewstate | Exchange Control Panel ViewState Deserialization |
| exploit/windows/http/exchange_proxylogon_rce | Microsoft Exchange ProxyLogon RCE |
| exploit/windows/http/exchange_proxynotshell_rce | Microsoft Exchange ProxyNotShell RCE |
| exploit/windows/http/exchange_proxyshell_rce | Microsoft Exchange ProxyShell RCE |
| exploit/windows/http/ezserver_http | EZHomeTech EzServer Stack Buffer Overflow Vulnerability |
| exploit/windows/http/fdm_auth_header | Free Download Manager Remote Control Server Buffer Overflow |
| exploit/windows/http/file_sharing_wizard_seh | File Sharing Wizard - POST SEH Overflow |
| exploit/windows/http/flexdotnetcms_upload_exec | FlexDotnetCMS Arbitrary ASP File Upload |
| exploit/windows/http/fortilogger_arbitrary_fileupload | FortiLogger Arbitrary File Upload Exploit |
| exploit/windows/http/generic_http_dll_injection | Generic Web Application DLL Injection |
| exploit/windows/http/geutebrueck_gcore_x64_rce_bo | Geutebrueck GCore - GCoreServer.exe Buffer Overflow RCE |
| exploit/windows/http/git_lfs_rce | Git Remote Code Execution via git-lfs (CVE-2020-27955) |
| exploit/windows/http/gitstack_rce | GitStack Unsanitized Argument RCE |
| exploit/windows/http/hp_autopass_license_traversal | HP AutoPass License Server File Upload |
| exploit/windows/http/hpe_sim_76_amf_deserialization | HPE Systems Insight Manager AMF Deserialization RCE |
| exploit/windows/http/hp_imc_bims_upload | HP Intelligent Management Center BIMS UploadServlet Directory Traversal |
| exploit/windows/http/hp_imc_java_deserialize | HP Intelligent Management Java Deserialization RCE |
| exploit/windows/http/hp_imc_mibfileupload | HP Intelligent Management Center Arbitrary File Upload |
| exploit/windows/http/hp_loadrunner_copyfiletoserver | HP LoadRunner EmulationAdmin Web Service Directory Traversal |
| exploit/windows/http/hp_mpa_job_acct | HP Managed Printing Administration jobAcct Remote Command Execution |
| exploit/windows/http/hp_nnm_getnnmdata_hostname | HP OpenView Network Node Manager getnnmdata.exe (Hostname) CGI Buffer Overflow |
| exploit/windows/http/hp_nnm_getnnmdata_icount | HP OpenView Network Node Manager getnnmdata.exe (ICount) CGI Buffer Overflow |
| exploit/windows/http/hp_nnm_getnnmdata_maxage | HP OpenView Network Node Manager getnnmdata.exe (MaxAge) CGI Buffer Overflow |
| exploit/windows/http/hp_nnm_nnmrptconfig_nameparams | HP OpenView NNM nnmRptConfig nameParams Buffer Overflow |
| exploit/windows/http/hp_nnm_nnmrptconfig_schdparams | HP OpenView NNM nnmRptConfig.exe schdParams Buffer Overflow |
| exploit/windows/http/hp_nnm_openview5 | HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow |
| exploit/windows/http/hp_nnm_ovalarm_lang | HP OpenView Network Node Manager ovalarm.exe CGI Buffer Overflow |
| exploit/windows/http/hp_nnm_ovas | HP OpenView NNM 7.53, 7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow |
| exploit/windows/http/hp_nnm_ovbuildpath_textfile | HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow |
| exploit/windows/http/hp_nnm_ovwebhelp | HP OpenView Network Node Manager OvWebHelp.exe CGI Buffer Overflow |
| exploit/windows/http/hp_nnm_ovwebsnmpsrv_main | HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow |
| exploit/windows/http/hp_nnm_ovwebsnmpsrv_ovutil | HP OpenView Network Node Manager ovwebsnmpsrv.exe ovutil Buffer Overflow |
| exploit/windows/http/hp_nnm_ovwebsnmpsrv_uro | HP OpenView Network Node Manager ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow |
| exploit/windows/http/hp_nnm_snmp | HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow |
| exploit/windows/http/hp_nnm_snmpviewer_actapp | HP OpenView Network Node Manager snmpviewer.exe Buffer Overflow |
| exploit/windows/http/hp_nnm_toolbar_01 | HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow |
| exploit/windows/http/hp_nnm_toolbar_02 | HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow |
| exploit/windows/http/hp_nnm_webappmon_execvp | HP OpenView Network Node Manager execvp_nc Buffer Overflow |
| exploit/windows/http/hp_nnm_webappmon_ovjavalocale | HP NNM CGI webappmon.exe OvJavaLocale Buffer Overflow |
| exploit/windows/http/hp_openview_insight_backdoor | HP OpenView Performance Insight Server Backdoor Account Code Execution |
| exploit/windows/http/hp_pcm_snac_update_certificates | HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload |
| exploit/windows/http/hp_pcm_snac_update_domain | HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload |
| exploit/windows/http/hp_power_manager_filename | HP Power Manager 'formExportDataLogs' Buffer Overflow |
| exploit/windows/http/hp_power_manager_login | Hewlett-Packard Power Manager Administration Buffer Overflow |
| exploit/windows/http/hp_sitescope_dns_tool | HP SiteScope DNS Tool Command Injection |
| exploit/windows/http/hp_sitescope_runomagentcommand | HP SiteScope Remote Code Execution |
| exploit/windows/http/httpdx_handlepeer | HTTPDX h_handlepeer() Function Buffer Overflow |
| exploit/windows/http/httpdx_tolog_format | HTTPDX tolog() Function Format String Vulnerability |
| exploit/windows/http/ia_webmail | IA WebMail 3.x Buffer Overflow |
| exploit/windows/http/ibm_tivoli_endpoint_bof | IBM Tivoli Endpoint Manager POST Query Buffer Overflow |
| exploit/windows/http/ibm_tpmfosd_overflow | IBM TPM for OS Deployment 5.1.0.x rembo.exe Buffer Overflow |
| exploit/windows/http/ibm_tsm_cad_header | IBM Tivoli Storage Manager Express CAD Service Buffer Overflow |
| exploit/windows/http/icecast_header | Icecast Header Overwrite |
| exploit/windows/http/integard_password_bof | Race River Integard Home/Pro LoginAdmin Password Stack Buffer Overflow |
| exploit/windows/http/intersystems_cache | InterSystems Cache UtilConfigHome.csp Argument Buffer Overflow |
| exploit/windows/http/intrasrv_bof | Intrasrv 1.0 Buffer Overflow |
| exploit/windows/http/ipswitch_wug_maincfgret | Ipswitch WhatsUp Gold 8.03 Buffer Overflow |
| exploit/windows/http/jira_collector_traversal | JIRA Issues Collector Directory Traversal |
| exploit/windows/http/kaseya_uploader | Kaseya VSA uploader.aspx Arbitrary File Upload |
| exploit/windows/http/kaseya_uploadimage_file_upload | Kaseya uploadImage Arbitrary File Upload |
| exploit/windows/http/kentico_staging_syncserver | Kentico CMS Staging SyncServer Unserialize Remote Command Execution |
| exploit/windows/http/kolibri_http | Kolibri HTTP Server HEAD Buffer Overflow |
| exploit/windows/http/landesk_thinkmanagement_upload_asp | LANDesk Lenovo ThinkManagement Console Remote Command Execution |
| exploit/windows/http/lexmark_markvision_gfd_upload | Lexmark MarkVision Enterprise Arbitrary File Upload |
| exploit/windows/http/mailenable_auth_header | MailEnable Authorization Header Buffer Overflow |
| exploit/windows/http/manageengine_adaudit_plus_cve_2022_28219 | ManageEngine ADAudit Plus CVE-2022-28219 |
| exploit/windows/http/manageengine_adselfservice_plus_cve_2021_40539 | ManageEngine ADSelfService Plus CVE-2021-40539 |
| exploit/windows/http/manageengine_adselfservice_plus_cve_2022_28810 | ManageEngine ADSelfService Plus Custom Script Execution |
| exploit/windows/http/manageengine_adshacluster_rce | Manage Engine Exchange Reporter Plus Unauthenticated RCE |
| exploit/windows/http/manageengine_appmanager_exec | ManageEngine Applications Manager Remote Code Execution |
| exploit/windows/http/manageengine_apps_mngr | ManageEngine Applications Manager Authenticated Code Execution |
| exploit/windows/http/manageengine_connectionid_write | ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability |
| exploit/windows/http/manage_engine_opmanager_rce | ManageEngine OpManager Remote Code Execution |
| exploit/windows/http/manageengine_servicedesk_plus_cve_2021_44077 | ManageEngine ServiceDesk Plus CVE-2021-44077 |
| exploit/windows/http/maxdb_webdbm_database | MaxDB WebDBM Database Parameter Overflow |
| exploit/windows/http/maxdb_webdbm_get_overflow | MaxDB WebDBM GET Buffer Overflow |
| exploit/windows/http/mcafee_epolicy_source | McAfee ePolicy Orchestrator / ProtectionPilot Overflow |
| exploit/windows/http/mdaemon_worldclient_form2raw | MDaemon WorldClient form2raw.cgi Stack Buffer Overflow |
| exploit/windows/http/minishare_get_overflow | Minishare 1.4.1 Buffer Overflow |
| exploit/windows/http/miniweb_upload_wbem | MiniWeb (Build 300) Arbitrary File Upload |
| exploit/windows/http/navicopa_get_overflow | NaviCOPA 2.0.1 URL Handling Buffer Overflow |
| exploit/windows/http/netdecision_http_bof | NetDecision 4.5.1 HTTP Server Buffer Overflow |
| exploit/windows/http/netgear_nms_rce | NETGEAR ProSafe Network Management System 300 Arbitrary File Upload |
| exploit/windows/http/netmotion_mobility_mvcutil_deserialization | NetMotion Mobility Server MvcUtil Java Deserialization |
| exploit/windows/http/novell_imanager_upload | Novell iManager getMultiPartParameters Arbitrary File Upload |
| exploit/windows/http/novell_mdm_lfi | Novell Zenworks Mobile Managment MDM.php Local File Inclusion Vulnerability |
| exploit/windows/http/novell_messenger_acceptlang | Novell Messenger Server 2.0 Accept-Language Overflow |
| exploit/windows/http/nowsms | Now SMS/MMS Gateway Buffer Overflow |
| exploit/windows/http/nscp_authenticated_rce | NSClient++ 0.5.2.35 - ExternalScripts Authenticated Remote Code Execution |
| exploit/windows/http/oats_weblogic_console | Oracle Application Testing Suite WebLogic Server Administration Console War Deployment |
| exploit/windows/http/octopusdeploy_deploy | Octopus Deploy Authenticated Code Execution |
| exploit/windows/http/oracle9i_xdb_pass | Oracle 9i XDB HTTP PASS Overflow (win32) |
| exploit/windows/http/oracle_beehive_evaluation | Oracle BeeHive 2 voice-servlet processEvaluation() Vulnerability |
| exploit/windows/http/oracle_beehive_prepareaudiotoplay | Oracle BeeHive 2 voice-servlet prepareAudioToPlay() Arbitrary File Upload |
| exploit/windows/http/oracle_btm_writetofile | Oracle Business Transaction Management FlashTunnelService Remote Code Execution |
| exploit/windows/http/oracle_endeca_exec | Oracle Endeca Server Remote Command Execution |
| exploit/windows/http/oracle_event_processing_upload | Oracle Event Processing FileUploadServlet Arbitrary File Upload |
| exploit/windows/http/osb_uname_jlist | Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability |
| exploit/windows/http/peercast_url | PeerCast URL Handling Buffer Overflow |
| exploit/windows/http/php_apache_request_headers_bof | PHP apache_request_headers Function Buffer Overflow |
| exploit/windows/http/plesk_mylittleadmin_viewstate | Plesk/myLittleAdmin ViewState .NET Deserialization |
| exploit/windows/http/plex_unpickle_dict_rce | Plex Unpickle Dict Windows RCE |
| exploit/windows/http/privatewire_gateway | Private Wire Gateway Buffer Overflow |
| exploit/windows/http/prtg_authenticated_rce | PRTG Network Monitor Authenticated RCE |
| exploit/windows/http/psoproxy91_overflow | PSO Proxy v0.91 Stack Buffer Overflow |
| exploit/windows/http/rabidhamster_r4_log | RabidHamster R4 Log Entry sprintf() Buffer Overflow |
| exploit/windows/http/rejetto_hfs_exec | Rejetto HttpFileServer Remote Command Execution |
| exploit/windows/http/sambar6_search_results | Sambar 6 Search Results Buffer Overflow |
| exploit/windows/http/sap_configservlet_exec_noauth | SAP ConfigServlet Remote Code Execution |
| exploit/windows/http/sapdb_webtools | SAP DB 7.4 WebTools Buffer Overflow |
| exploit/windows/http/sap_host_control_cmd_exec | SAP NetWeaver HostControl Command Injection |
| exploit/windows/http/savant_31_overflow | Savant 3.1 Web Server Overflow |
| exploit/windows/http/sepm_auth_bypass_rce | Symantec Endpoint Protection Manager Authentication Bypass and Code Execution |
| exploit/windows/http/serviio_checkstreamurl_cmd_exec | Serviio Media Server checkStreamUrl Command Execution |
| exploit/windows/http/servu_session_cookie | Rhinosoft Serv-U Session Cookie Buffer Overflow |
| exploit/windows/http/sharepoint_data_deserialization | SharePoint DataSet / DataTable Deserialization |
| exploit/windows/http/sharepoint_ssi_viewstate | Microsoft SharePoint Server-Side Include and ViewState RCE |
| exploit/windows/http/sharepoint_unsafe_control | Microsoft SharePoint Unsafe Control and ViewState RCE |
| exploit/windows/http/sharepoint_workflows_xoml | SharePoint Workflows XOML Injection |
| exploit/windows/http/shoutcast_format | SHOUTcast DNAS/win32 1.9.4 File Request Format String Overflow |
| exploit/windows/http/shttpd_post | SHTTPD URI-Encoded POST Request Overflow |
| exploit/windows/http/sitecore_xp_cve_2021_42237 | Sitecore Experience Platform (XP) PreAuth Deserialization RCE |
| exploit/windows/http/solarwinds_fsm_userlogin | Solarwinds Firewall Security Manager 6.6.5 Client Session Handling Vulnerability |
| exploit/windows/http/solarwinds_storage_manager_sql | Solarwinds Storage Manager 5.1.0 SQL Injection |
| exploit/windows/http/sonicwall_scrutinizer_sqli | Dell SonicWALL (Plixer) Scrutinizer 9 SQL Injection |
| exploit/windows/http/ssrs_navcorrector_viewstate | SQL Server Reporting Services (SSRS) ViewState Deserialization |
| exploit/windows/http/steamcast_useragent | Streamcast HTTP User-Agent Buffer Overflow |
| exploit/windows/http/sws_connection_bof | Simple Web Server Connection Header Buffer Overflow |
| exploit/windows/http/sybase_easerver | Sybase EAServer 5.2 Remote Stack Buffer Overflow |
| exploit/windows/http/syncbreeze_bof | Sync Breeze Enterprise GET Buffer Overflow |
| exploit/windows/http/sysax_create_folder | Sysax Multi Server 5.64 Create Folder Buffer Overflow |
| exploit/windows/http/telerik_rau_deserialization | Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization |
| exploit/windows/http/tomcat_cgi_cmdlineargs | Apache Tomcat CGIServlet enableCmdLineArguments Vulnerability |
| exploit/windows/http/trackercam_phparg_overflow | TrackerCam PHP Argument Buffer Overflow |
| exploit/windows/http/trackit_file_upload | Numara / BMC Track-It! FileStorageService Arbitrary File Upload |
| exploit/windows/http/trendmicro_officescan | Trend Micro OfficeScan Remote Stack Buffer Overflow |
| exploit/windows/http/trendmicro_officescan_widget_exec | Trend Micro OfficeScan Remote Code Execution |
| exploit/windows/http/ultraminihttp_bof | Ultra Mini HTTPD Stack Buffer Overflow |
| exploit/windows/http/umbraco_upload_aspx | Umbraco CMS Remote Command Execution |
| exploit/windows/http/vmware_vcenter_chargeback_upload | VMware vCenter Chargeback Manager ImageUploadServlet Arbitrary File Upload |
| exploit/windows/http/vxsrchs_bof | VX Search Enterprise GET Buffer Overflow |
| exploit/windows/http/webster_http | Webster HTTP Server GET Buffer Overflow |
| exploit/windows/http/xampp_webdav_upload_php | XAMPP WebDAV PHP Upload |
| exploit/windows/http/xitami_if_mod_since | Xitami 2.5c2 Web Server If-Modified-Since Overflow |
| exploit/windows/http/zentao_pro_rce | ZenTao Pro 8.8.2 Remote Code Execution |
| exploit/windows/http/zenworks_assetmgmt_uploadservlet | Novell ZENworks Asset Management Remote Execution |
| exploit/windows/http/zenworks_uploadservlet | Novell ZENworks Configuration Management Remote Execution |
| exploit/windows/http/zoho_password_manager_pro_xml_rpc_rce | Zoho Password Manager Pro XML-RPC Java Deserialization |
| exploit/windows/ibm/ibm_was_dmgr_java_deserialization_rce | IBM Websphere Application Server Network Deployment Untrusted Data Deserialization Remote Code Execution |
| exploit/windows/iis/iis_webdav_scstoragepathfromurl | Microsoft IIS WebDav ScStoragePathFromUrl Overflow |
| exploit/windows/iis/iis_webdav_upload_asp | Microsoft IIS WebDAV Write Access Code Execution |
| exploit/windows/iis/ms01_023_printer | MS01-023 Microsoft IIS 5.0 Printer Host Header Overflow |
| exploit/windows/iis/ms01_026_dbldecode | MS01-026 Microsoft IIS/PWS CGI Filename Double Decode Command Execution |
| exploit/windows/iis/ms01_033_idq | MS01-033 Microsoft IIS 5.0 IDQ Path Overflow |
| exploit/windows/iis/ms02_018_htr | MS02-018 Microsoft IIS 4.0 .HTR Path Overflow |
| exploit/windows/iis/ms02_065_msadc | MS02-065 Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow |
| exploit/windows/iis/ms03_007_ntdll_webdav | MS03-007 Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow |
| exploit/windows/iis/msadc | MS99-025 Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution |
| exploit/windows/imap/eudora_list | Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow |
| exploit/windows/imap/imail_delete | IMail IMAP4D Delete Overflow |
| exploit/windows/imap/ipswitch_search | Ipswitch IMail IMAP SEARCH Buffer Overflow |
| exploit/windows/imap/mailenable_login | MailEnable IMAPD (2.34/2.35) Login Request Buffer Overflow |
| exploit/windows/imap/mailenable_status | MailEnable IMAPD (1.54) STATUS Request Buffer Overflow |
| exploit/windows/imap/mailenable_w3c_select | MailEnable IMAPD W3C Logging Buffer Overflow |
| exploit/windows/imap/mdaemon_cram_md5 | Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow |
| exploit/windows/imap/mdaemon_fetch | MDaemon 9.6.4 IMAPD FETCH Buffer Overflow |
| exploit/windows/imap/mercur_imap_select_overflow | Mercur v5.0 IMAP SP3 SELECT Buffer Overflow |
| exploit/windows/imap/mercur_login | Mercur Messaging 2005 IMAP Login Buffer Overflow |
| exploit/windows/imap/mercury_login | Mercury/32 4.01 IMAP LOGIN SEH Buffer Overflow |
| exploit/windows/imap/mercury_rename | Mercury/32 v4.01a IMAP RENAME Buffer Overflow |
| exploit/windows/imap/novell_netmail_append | Novell NetMail IMAP APPEND Buffer Overflow |
| exploit/windows/imap/novell_netmail_auth | Novell NetMail IMAP AUTHENTICATE Buffer Overflow |
| exploit/windows/imap/novell_netmail_status | Novell NetMail IMAP STATUS Buffer Overflow |
| exploit/windows/imap/novell_netmail_subscribe | Novell NetMail IMAP SUBSCRIBE Buffer Overflow |
| exploit/windows/isapi/ms00_094_pbserver | MS00-094 Microsoft IIS Phone Book Service Overflow |
| exploit/windows/isapi/ms03_022_nsiislog_post | MS03-022 Microsoft IIS ISAPI nsiislog.dll ISAPI POST Overflow |
| exploit/windows/isapi/ms03_051_fp30reg_chunked | MS03-051 Microsoft IIS ISAPI FrontPage fp30reg.dll Chunked Overflow |
| exploit/windows/isapi/rsa_webagent_redirect | Microsoft IIS ISAPI RSA WebAgent Redirect Overflow |
| exploit/windows/isapi/w3who_query | Microsoft IIS ISAPI w3who.dll Query String Overflow |
| exploit/windows/ldap/imail_thc | IMail LDAP Service Buffer Overflow |
| exploit/windows/ldap/pgp_keyserver7 | Network Associates PGP KeyServer 7 LDAP Buffer Overflow |
| exploit/windows/license/calicclnt_getconfig | Computer Associates License Client GETCONFIG Overflow |
| exploit/windows/license/calicserv_getconfig | Computer Associates License Server GETCONFIG Overflow |
| exploit/windows/license/flexnet_lmgrd_bof | FlexNet License Server Manager lmgrd Buffer Overflow |
| exploit/windows/license/sentinel_lm7_udp | SentinelLM UDP Buffer Overflow |
| exploit/windows/local/adobe_sandbox_adobecollabsync | AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass |
| exploit/windows/local/agnitum_outpost_acs | Agnitum Outpost Internet Security Local Privilege Escalation |
| exploit/windows/local/alpc_taskscheduler | Microsoft Windows ALPC Task Scheduler Local Privilege Elevation |
| exploit/windows/local/always_install_elevated | Windows AlwaysInstallElevated MSI |
| exploit/windows/local/anyconnect_lpe | Cisco AnyConnect Privilege Escalations (CVE-2020-3153 and CVE-2020-3433) |
| exploit/windows/local/applocker_bypass | AppLocker Execution Prevention Bypass |
| exploit/windows/local/appxsvc_hard_link_privesc | AppXSvc Hard Link Privilege Escalation |
| exploit/windows/local/ask | Windows Escalate UAC Execute RunAs |
| exploit/windows/local/bits_ntlm_token_impersonation | SYSTEM token impersonation through NTLM bits authentication on missing WinRM Service. |
| exploit/windows/local/bthpan | MS14-062 Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation |
| exploit/windows/local/bypassuac_comhijack | Windows Escalate UAC Protection Bypass (Via COM Handler Hijack) |
| exploit/windows/local/bypassuac_dotnet_profiler | Windows Escalate UAC Protection Bypass (Via dot net profiler) |
| exploit/windows/local/bypassuac_eventvwr | Windows Escalate UAC Protection Bypass (Via Eventvwr Registry Key) |
| exploit/windows/local/bypassuac_fodhelper | Windows UAC Protection Bypass (Via FodHelper Registry Key) |
| exploit/windows/local/bypassuac | Windows Escalate UAC Protection Bypass |
| exploit/windows/local/bypassuac_injection | Windows Escalate UAC Protection Bypass (In Memory Injection) |
| exploit/windows/local/bypassuac_injection_winsxs | Windows Escalate UAC Protection Bypass (In Memory Injection) abusing WinSXS |
| exploit/windows/local/bypassuac_sdclt | Windows Escalate UAC Protection Bypass (Via Shell Open Registry Key) |
| exploit/windows/local/bypassuac_silentcleanup | Windows Escalate UAC Protection Bypass (Via SilentCleanup) |
| exploit/windows/local/bypassuac_sluihijack | Windows UAC Protection Bypass (Via Slui File Handler Hijack) |
| exploit/windows/local/bypassuac_vbs | Windows Escalate UAC Protection Bypass (ScriptHost Vulnerability) |
| exploit/windows/local/bypassuac_windows_store_filesys | Windows 10 UAC Protection Bypass Via Windows Store (WSReset.exe) |
| exploit/windows/local/bypassuac_windows_store_reg | Windows 10 UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry |
| exploit/windows/local/canon_driver_privesc | Canon Driver Privilege Escalation |
| exploit/windows/local/capcom_sys_exec | Windows Capcom.sys Kernel Execution Exploit (x64 only) |
| exploit/windows/local/comahawk | Microsoft UPnP Local Privilege Elevation Vulnerability |
| exploit/windows/local/current_user_psexec | PsExec via Current User Token |
| exploit/windows/local/cve_2017_8464_lnk_lpe | LNK Code Execution Vulnerability |
| exploit/windows/local/cve_2018_8453_win32k_priv_esc | Windows NtUserSetWindowFNID Win32k User Callback |
| exploit/windows/local/cve_2019_1458_wizardopium | Microsoft Windows Uninitialized Variable Local Privilege Elevation |
| exploit/windows/local/cve_2020_0668_service_tracing | Service Tracing Privilege Elevation Vulnerability |
| exploit/windows/local/cve_2020_0787_bits_arbitrary_file_move | Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability |
| exploit/windows/local/cve_2020_0796_smbghost | SMBv3 Compression Buffer Overflow |
| exploit/windows/local/cve_2020_1048_printerdemon | Microsoft Spooler Local Privilege Elevation Vulnerability |
| exploit/windows/local/cve_2020_1054_drawiconex_lpe | Microsoft Windows DrawIconEx OOB Write Local Privilege Elevation |
| exploit/windows/local/cve_2020_1313_system_orchestrator | Windows Update Orchestrator unchecked ScheduleWork call |
| exploit/windows/local/cve_2020_1337_printerdemon | Microsoft Spooler Local Privilege Elevation Vulnerability |
| exploit/windows/local/cve_2020_17136 | CVE-2020-1170 Cloud Filter Arbitrary File Creation EOP |
| exploit/windows/local/cve_2021_1732_win32k | Win32k ConsoleControl Offset Confusion |
| exploit/windows/local/cve_2021_21551_dbutil_memmove | Dell DBUtil_2_3.sys IOCTL memmove |
| exploit/windows/local/cve_2021_40449 | Win32k NtGdiResetDC Use After Free Local Privilege Elevation |
| exploit/windows/local/cve_2022_21882_win32k | Win32k ConsoleControl Offset Confusion |
| exploit/windows/local/cve_2022_21999_spoolfool_privesc | CVE-2022-21999 SpoolFool Privesc |
| exploit/windows/local/cve_2022_26904_superprofile | User Profile Arbitrary Junction Creation Local Privilege Elevation |
| exploit/windows/local/dnsadmin_serverlevelplugindll | DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation |
| exploit/windows/local/docker_credential_wincred | Docker-Credential-Wincred.exe Privilege Escalation |
| exploit/windows/local/druva_insync_insynccphwnet64_rcp_type_5_priv_esc | Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation |
| exploit/windows/local/gog_galaxyclientservice_privesc | GOG GalaxyClientService Privilege Escalation |
| exploit/windows/local/ikeext_service | IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) Missing DLL |
| exploit/windows/local/ipass_launch_app | iPass Mobile Client Service Privilege Escalation |
| exploit/windows/local/lenovo_systemupdate | Lenovo System Update Privilege Escalation |
| exploit/windows/local/lexmark_driver_privesc | Lexmark Driver Privilege Escalation |
| exploit/windows/local/microfocus_operations_privesc | Micro Focus Operations Bridge Manager / Reporter Local Privilege Escalation |
| exploit/windows/local/mov_ss | Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability |
| exploit/windows/local/mqac_write | MQAC.sys Arbitrary Write Privilege Escalation |
| exploit/windows/local/ms10_015_kitrap0d | Windows SYSTEM Escalation via KiTrap0D |
| exploit/windows/local/ms10_092_schelevator | Windows Escalate Task Scheduler XML Privilege Escalation |
| exploit/windows/local/ms11_080_afdjoinleaf | MS11-080 AfdJoinLeaf Privilege Escalation |
| exploit/windows/local/ms13_005_hwnd_broadcast | MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation |
| exploit/windows/local/ms13_053_schlamperei | Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei) |
| exploit/windows/local/ms13_081_track_popup_menu | Windows TrackPopupMenuEx Win32k NULL Page |
| exploit/windows/local/ms13_097_ie_registry_symlink | MS13-097 Registry Symlink IE Sandbox Escape |
| exploit/windows/local/ms14_009_ie_dfsvc | MS14-009 .NET Deployment Service IE Sandbox Escape |
| exploit/windows/local/ms14_058_track_popup_menu | Windows TrackPopupMenu Win32k NULL Pointer Dereference |
| exploit/windows/local/ms14_070_tcpip_ioctl | MS14-070 Windows tcpip!SetAddrOptions NULL Pointer Dereference |
| exploit/windows/local/ms15_004_tswbproxy | MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape |
| exploit/windows/local/ms15_051_client_copy_image | Windows ClientCopyImage Win32k Exploit |
| exploit/windows/local/ms15_078_atmfd_bof | MS15-078 Microsoft Windows Font Driver Buffer Overflow |
| exploit/windows/local/ms16_014_wmi_recv_notif | Windows WMI Receive Notification Exploit |
| exploit/windows/local/ms16_016_webdav | MS16-016 mrxdav.sys WebDav Local Privilege Escalation |
| exploit/windows/local/ms16_032_secondary_logon_handle_privesc | MS16-032 Secondary Logon Handle Privilege Escalation |
| exploit/windows/local/ms16_075_reflection | Windows Net-NTLMv2 Reflection DCOM/RPC |
| exploit/windows/local/ms16_075_reflection_juicy | Windows Net-NTLMv2 Reflection DCOM/RPC (Juicy) |
| exploit/windows/local/ms18_8120_win32k_privesc | Windows SetImeInfoEx Win32k NULL Pointer Dereference |
| exploit/windows/local/ms_ndproxy | MS14-002 Microsoft Windows ndproxy.sys Local Privilege Escalation |
| exploit/windows/local/novell_client_nicm | Novell Client 2 SP3 nicm.sys Local Privilege Escalation |
| exploit/windows/local/novell_client_nwfs | Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation |
| exploit/windows/local/nscp_pe | NSClient++ 0.5.2.35 - Privilege escalation |
| exploit/windows/local/ntapphelpcachecontrol | MS15-001 Microsoft Windows NtApphelpCacheControl Improper Authorization Check |
| exploit/windows/local/ntusermndragover | Microsoft Windows NtUserMNDragOver Local Privilege Elevation |
| exploit/windows/local/nvidia_nvsvc | Nvidia (nvsvc) Display Driver Service Local Privilege Escalation |
| exploit/windows/local/panda_psevents | Panda Security PSEvents Privilege Escalation |
| exploit/windows/local/payload_inject | Windows Manage Memory Payload Injection |
| exploit/windows/local/persistence | Windows Persistent Registry Startup Payload Installer |
| exploit/windows/local/persistence_image_exec_options | Windows Silent Process Exit Persistence |
| exploit/windows/local/persistence_service | Windows Persistent Service Installer |
| exploit/windows/local/plantronics_hub_spokesupdateservice_privesc | Plantronics Hub SpokesUpdateService Privilege Escalation |
| exploit/windows/local/powershell_cmd_upgrade | Windows Command Shell Upgrade (Powershell) |
| exploit/windows/local/powershell_remoting | Powershell Remoting Remote Command Execution |
| exploit/windows/local/ppr_flatten_rec | Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation |
| exploit/windows/local/ps_persist | Powershell Payload Execution |
| exploit/windows/local/ps_wmi_exec | Authenticated WMI Exec via Powershell |
| exploit/windows/local/pxeexploit | PXE Exploit Server |
| exploit/windows/local/razer_zwopenprocess | Razer Synapse rzpnk.sys ZwOpenProcess |
| exploit/windows/local/registry_persistence | Windows Registry Only Persistence |
| exploit/windows/local/ricoh_driver_privesc | Ricoh Driver Privilege Escalation |
| exploit/windows/local/run_as | Windows Run Command As User |
| exploit/windows/local/s4u_persistence | Windows Manage User Level Persistent Payload Installer |
| exploit/windows/local/service_permissions | Windows Escalate Service Permissions Local Privilege Escalation |
| exploit/windows/local/srclient_dll_hijacking | Windows Server 2012 SrClient DLL hijacking |
| exploit/windows/local/tokenmagic | Windows Privilege Escalation via TokenMagic (UAC Bypass) |
| exploit/windows/local/unquoted_service_path | Windows Unquoted Service Path Privilege Escalation |
| exploit/windows/local/virtual_box_guest_additions | VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation |
| exploit/windows/local/virtual_box_opengl_escape | VirtualBox 3D Acceleration Virtual Machine Escape |
| exploit/windows/local/vss_persistence | Persistent Payload in Windows Volume Shadow Copy |
| exploit/windows/local/webexec | WebEx Local Service Permissions Exploit |
| exploit/windows/local/windscribe_windscribeservice_priv_esc | Windscribe WindscribeService Named Pipe Privilege Escalation |
| exploit/windows/local/wmi | Windows Management Instrumentation (WMI) Remote Command Execution |
| exploit/windows/local/wmi_persistence | WMI Event Subscription Persistence |
| exploit/windows/lotus/domino_http_accept_language | IBM Lotus Domino Web Server Accept-Language Stack Buffer Overflow |
| exploit/windows/lotus/domino_icalendar_organizer | IBM Lotus Domino iCalendar MAILTO Buffer Overflow |
| exploit/windows/lotus/domino_sametime_stmux | IBM Lotus Domino Sametime STMux.exe Stack Buffer Overflow |
| exploit/windows/lotus/lotusnotes_lzh | Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh Attachment) |
| exploit/windows/lpd/hummingbird_exceed | Hummingbird Connectivity 10 SP5 LPD Buffer Overflow |
| exploit/windows/lpd/niprint | NIPrint LPD Request Overflow |
| exploit/windows/lpd/saplpd | SAP SAPLPD 6.28 Buffer Overflow |
| exploit/windows/lpd/wincomlpd_admin | WinComLPD Buffer Overflow |
| exploit/windows/misc/achat_bof | Achat Unicode SEH Buffer Overflow |
| exploit/windows/misc/actfax_raw_server_bof | ActFax 5.01 RAW Server Buffer Overflow |
| exploit/windows/misc/agentxpp_receive_agentx | AgentX++ Master AgentX::receive_agentx Stack Buffer Overflow |
| exploit/windows/misc/ahsay_backup_fileupload | Ahsay Backup v7.x-v8.1.1.50 (authenticated) file upload |
| exploit/windows/misc/ais_esel_server_rce | AIS logistics ESEL-Server Unauth SQL Injection RCE |
| exploit/windows/misc/allmediaserver_bof | ALLMediaServer 0.8 Buffer Overflow |
| exploit/windows/misc/altiris_ds_sqli | Symantec Altiris DS SQL Injection |
| exploit/windows/misc/apple_quicktime_rtsp_response | Apple QuickTime 7.3 RTSP Response Header Buffer Overflow |
| exploit/windows/misc/asus_dpcproxy_overflow | Asus Dpcproxy Buffer Overflow |
| exploit/windows/misc/avaya_winpmd_unihostrouter | Avaya WinPMD UniteHostRouter Buffer Overflow |
| exploit/windows/misc/avidphoneticindexer | Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow |
| exploit/windows/misc/bakbone_netvault_heap | BakBone NetVault Remote Heap Overflow |
| exploit/windows/misc/bcaaa_bof | Blue Coat Authentication and Authorization Agent (BCAAA) 5 Buffer Overflow |
| exploit/windows/misc/bigant_server_250 | BigAnt Server 2.50 SP1 Buffer Overflow |
| exploit/windows/misc/bigant_server_dupf_upload | BigAnt Server DUPF Command Arbitrary File Upload |
| exploit/windows/misc/bigant_server | BigAnt Server 2.2 Buffer Overflow |
| exploit/windows/misc/bigant_server_sch_dupf_bof | BigAnt Server 2 SCH And DUPF Buffer Overflow |
| exploit/windows/misc/bigant_server_usv | BigAnt Server 2.52 USV Buffer Overflow |
| exploit/windows/misc/bomberclone_overflow | Bomberclone 0.11.6 Buffer Overflow |
| exploit/windows/misc/bopup_comm | Bopup Communications Server Buffer Overflow |
| exploit/windows/misc/borland_interbase | Borland Interbase Create-Request Buffer Overflow |
| exploit/windows/misc/borland_starteam | Borland CaliberRM StarTeam Multicast Service Buffer Overflow |
| exploit/windows/misc/citrix_streamprocess_data_msg | Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow |
| exploit/windows/misc/citrix_streamprocess_get_boot_record_request | Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020004 Buffer Overflow |
| exploit/windows/misc/citrix_streamprocess_get_footer | Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020002 Buffer Overflow |
| exploit/windows/misc/citrix_streamprocess_get_objects | Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020006 Buffer Overflow |
| exploit/windows/misc/citrix_streamprocess | Citrix Provisioning Services 5.6 streamprocess.exe Buffer Overflow |
| exploit/windows/misc/cloudme_sync | CloudMe Sync v1.10.9 |
| exploit/windows/misc/commvault_cmd_exec | Commvault Communications Service (cvd) Command Injection |
| exploit/windows/misc/crosschex_device_bof | Anviz CrossChex Buffer Overflow |
| exploit/windows/misc/cve_2022_28381_allmediaserver_bof | ALLMediaServer 1.6 SEH Buffer Overflow |
| exploit/windows/misc/disk_savvy_adm | Disk Savvy Enterprise v10.4.18 |
| exploit/windows/misc/doubletake | DoubleTake/HP StorageWorks Storage Mirroring Service Authentication Overflow |
| exploit/windows/misc/eiqnetworks_esa | eIQNetworks ESA License Manager LICMGR_ADDLICENSE Overflow |
| exploit/windows/misc/eiqnetworks_esa_topology | eIQNetworks ESA Topology DELETEDEVICE Overflow |
| exploit/windows/misc/enterasys_netsight_syslog_bof | Enterasys NetSight nssyslogd.exe Buffer Overflow |
| exploit/windows/misc/eureka_mail_err | Eureka Email 2.2q ERR Remote Buffer Overflow |
| exploit/windows/misc/fb_cnct_group | Firebird Relational Database CNCT Group Number Buffer Overflow |
| exploit/windows/misc/fb_isc_attach_database | Firebird Relational Database isc_attach_database() Buffer Overflow |
| exploit/windows/misc/fb_isc_create_database | Firebird Relational Database isc_create_database() Buffer Overflow |
| exploit/windows/misc/fb_svc_attach | Firebird Relational Database SVC_attach() Buffer Overflow |
| exploit/windows/misc/gh0st | Gh0st Client buffer Overflow |
| exploit/windows/misc/gimp_script_fu | GIMP script-fu Server Buffer Overflow |
| exploit/windows/misc/hp_dataprotector_cmd_exec | HP Data Protector 8.10 Remote Command Execution |
| exploit/windows/misc/hp_dataprotector_crs | HP Data Protector Cell Request Service Buffer Overflow |
| exploit/windows/misc/hp_dataprotector_dtbclslogin | HP Data Protector DtbClsLogin Buffer Overflow |
| exploit/windows/misc/hp_dataprotector_encrypted_comms | HP Data Protector Encrypted Communication Remote Command Execution |
| exploit/windows/misc/hp_dataprotector_exec_bar | HP Data Protector Backup Client Service Remote Code Execution |
| exploit/windows/misc/hp_dataprotector_install_service | HP Data Protector 6.10/6.11/6.20 Install Service |
| exploit/windows/misc/hp_dataprotector_new_folder | HP Data Protector Create New Folder Buffer Overflow |
| exploit/windows/misc/hp_dataprotector_traversal | HP Data Protector Backup Client Service Directory Traversal |
| exploit/windows/misc/hp_imc_dbman_restartdb_unauth_rce | HPE iMC dbman RestartDB Unauthenticated RCE |
| exploit/windows/misc/hp_imc_dbman_restoredbase_unauth_rce | HPE iMC dbman RestoreDBase Unauthenticated RCE |
| exploit/windows/misc/hp_imc_uam | HP Intelligent Management Center UAM Buffer Overflow |
| exploit/windows/misc/hp_loadrunner_magentproc_cmdexec | HP Mercury LoadRunner Agent magentproc.exe Remote Command Execution |
| exploit/windows/misc/hp_loadrunner_magentproc | HP LoadRunner magentproc.exe Overflow |
| exploit/windows/misc/hp_magentservice | HP Diagnostics Server magentservice.exe Overflow |
| exploit/windows/misc/hp_omniinet_1 | HP OmniInet.exe MSG_PROTOCOL Buffer Overflow |
| exploit/windows/misc/hp_omniinet_2 | HP OmniInet.exe MSG_PROTOCOL Buffer Overflow |
| exploit/windows/misc/hp_omniinet_3 | HP OmniInet.exe Opcode 27 Buffer Overflow |
| exploit/windows/misc/hp_omniinet_4 | HP OmniInet.exe Opcode 20 Buffer Overflow |
| exploit/windows/misc/hp_operations_agent_coda_34 | HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow |
| exploit/windows/misc/hp_operations_agent_coda_8c | HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow |
| exploit/windows/misc/hp_ovtrace | HP OpenView Operations OVTrace Buffer Overflow |
| exploit/windows/misc/hta_server | HTA Web Server |
| exploit/windows/misc/ib_isc_attach_database | Borland InterBase isc_attach_database() Buffer Overflow |
| exploit/windows/misc/ib_isc_create_database | Borland InterBase isc_create_database() Buffer Overflow |
| exploit/windows/misc/ibm_cognos_tm1admsd_bof | IBM Cognos tm1admsd.exe Overflow |
| exploit/windows/misc/ibm_director_cim_dllinject | IBM System Director Agent DLL Injection |
| exploit/windows/misc/ibm_tsm_cad_ping | IBM Tivoli Storage Manager Express CAD Service Buffer Overflow |
| exploit/windows/misc/ibm_tsm_rca_dicugetidentify | IBM Tivoli Storage Manager Express RCA Service Buffer Overflow |
| exploit/windows/misc/ibm_websphere_java_deserialize | IBM WebSphere RCE Java Deserialization Vulnerability |
| exploit/windows/misc/ib_svc_attach | Borland InterBase SVC_attach() Buffer Overflow |
| exploit/windows/misc/itunes_extm3u_bof | Apple iTunes 10 Extended M3U Stack Buffer Overflow |
| exploit/windows/misc/landesk_aolnsrvr | LANDesk Management Suite 8.7 Alert Service Buffer Overflow |
| exploit/windows/misc/lianja_db_net | Lianja SQL 1.0.0RC5.1 db_netserver Stack Buffer Overflow |
| exploit/windows/misc/manageengine_eventlog_analyzer_rce | ManageEngine EventLog Analyzer Remote Code Execution |
| exploit/windows/misc/mercury_phonebook | Mercury/32 PH Server Module Buffer Overflow |
| exploit/windows/misc/mini_stream | Mini-Stream 3.0.1.1 Buffer Overflow |
| exploit/windows/misc/mirc_privmsg_server | mIRC PRIVMSG Handling Stack Buffer Overflow |
| exploit/windows/misc/mobile_mouse_rce | Mobile Mouse RCE |
| exploit/windows/misc/ms07_064_sami | MS07-064 Microsoft DirectX DirectShow SAMI Buffer Overflow |
| exploit/windows/misc/ms10_104_sharepoint | MS10-104 Microsoft Office SharePoint Server 2007 Remote Code Execution |
| exploit/windows/misc/netcat110_nt | Netcat v1.10 NT Stack Buffer Overflow |
| exploit/windows/misc/nettransport | NetTransport Download Manager 2.90.510 Buffer Overflow |
| exploit/windows/misc/nvidia_mental_ray | Nvidia Mental Ray Satellite Service Arbitrary DLL Injection |
| exploit/windows/misc/plugx | PlugX Controller Stack Buffer Overflow |
| exploit/windows/misc/poisonivy_21x_bof | Poison Ivy 2.1.x C2 Buffer Overflow |
| exploit/windows/misc/poisonivy_bof | Poison Ivy Server Buffer Overflow |
| exploit/windows/misc/poppeeper_date | POP Peeper v3.4 DATE Buffer Overflow |
| exploit/windows/misc/poppeeper_uidl | POP Peeper v3.4 UIDL Buffer Overflow |
| exploit/windows/misc/realtek_playlist | Realtek Media Player Playlist Buffer Overflow |
| exploit/windows/misc/remote_control_collection_rce | Remote Control Collection RCE |
| exploit/windows/misc/remote_mouse_rce | Remote Mouse RCE |
| exploit/windows/misc/sap_2005_license | SAP Business One License Manager 2005 Buffer Overflow |
| exploit/windows/misc/sap_netweaver_dispatcher | SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow |
| exploit/windows/misc/shixxnote_font | ShixxNOTE 6.net Font Field Overflow |
| exploit/windows/misc/solidworks_workgroup_pdmwservice_file_write | SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write |
| exploit/windows/misc/splayer_content_type | SPlayer 3.7 Content-Type Buffer Overflow |
| exploit/windows/misc/stream_down_bof | CoCSoft StreamDown 6.8.0 Buffer Overflow |
| exploit/windows/misc/talkative_response | Talkative IRC v0.4.4.16 Response Buffer Overflow |
| exploit/windows/misc/tiny_identd_overflow | TinyIdentD 2.2 Stack Buffer Overflow |
| exploit/windows/misc/trendmicro_cmdprocessor_addtask | TrendMicro Control Manger CmdProcessor.exe Stack Buffer Overflow |
| exploit/windows/misc/ufo_ai | UFO: Alien Invasion IRC Client Buffer Overflow |
| exploit/windows/misc/unified_remote_rce | Unified Remote Auth Bypass to RCE |
| exploit/windows/misc/veeam_one_agent_deserialization | Veeam ONE Agent .NET Deserialization |
| exploit/windows/misc/vmhgfs_webdav_dll_sideload | DLL Side Loading Vulnerability in VMware Host Guest Client Redirector |
| exploit/windows/misc/webdav_delivery | Serve DLL via webdav server |
| exploit/windows/misc/wifi_mouse_rce | Wifi Mouse RCE |
| exploit/windows/misc/windows_rsh | Windows RSH Daemon Buffer Overflow |
| exploit/windows/misc/wireshark_lua | Wireshark console.lua Pre-Loading Script Execution |
| exploit/windows/misc/wireshark_packet_dect | Wireshark packet-dect.c Stack Buffer Overflow |
| exploit/windows/mmsp/ms10_025_wmss_connect_funnel | Windows Media Services ConnectFunnel Stack Buffer Overflow |
| exploit/windows/motorola/timbuktu_fileupload | Timbuktu Pro Directory Traversal/File Upload |
| exploit/windows/mssql/lyris_listmanager_weak_pass | Lyris ListManager MSDE Weak sa Password |
| exploit/windows/mssql/ms02_039_slammer | MS02-039 Microsoft SQL Server Resolution Overflow |
| exploit/windows/mssql/ms02_056_hello | MS02-056 Microsoft SQL Server Hello Overflow |
| exploit/windows/mssql/ms09_004_sp_replwritetovarbin | MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption |
| exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli | MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection |
| exploit/windows/mssql/mssql_clr_payload | Microsoft SQL Server Clr Stored Procedure Payload Execution |
| exploit/windows/mssql/mssql_linkcrawler | Microsoft SQL Server Database Link Crawling Command Execution |
| exploit/windows/mssql/mssql_payload | Microsoft SQL Server Payload Execution |
| exploit/windows/mssql/mssql_payload_sqli | Microsoft SQL Server Payload Execution via SQL Injection |
| exploit/windows/mysql/mysql_mof | Oracle MySQL for Microsoft Windows MOF Execution |
| exploit/windows/mysql/mysql_start_up | Oracle MySQL for Microsoft Windows FILE Privilege Abuse |
| exploit/windows/mysql/mysql_yassl_hello | MySQL yaSSL SSL Hello Message Buffer Overflow |
| exploit/windows/mysql/scrutinizer_upload_exec | Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential |
| exploit/windows/nfs/xlink_nfsd | Omni-NFS Server Buffer Overflow |
| exploit/windows/nimsoft/nimcontroller_bof | CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow |
| exploit/windows/nntp/ms05_030_nntp | MS05-030 Microsoft Outlook Express NNTP Response Parsing Buffer Overflow |
| exploit/windows/novell/file_reporter_fsfui_upload | NFR Agent FSFUI Record File Upload RCE |
| exploit/windows/novell/groupwisemessenger_client | Novell GroupWise Messenger Client Buffer Overflow |
| exploit/windows/novell/netiq_pum_eval | NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution |
| exploit/windows/novell/nmap_stor | Novell NetMail NMAP STOR Buffer Overflow |
| exploit/windows/novell/zenworks_desktop_agent | Novell ZENworks 6.5 Desktop/Server Management Overflow |
| exploit/windows/novell/zenworks_preboot_op21_bof | Novell ZENworks Configuration Management Preboot Service 0x21 Buffer Overflow |
| exploit/windows/novell/zenworks_preboot_op4c_bof | Novell ZENworks Configuration Management Preboot Service 0x4c Buffer Overflow |
| exploit/windows/novell/zenworks_preboot_op6_bof | Novell ZENworks Configuration Management Preboot Service 0x06 Buffer Overflow |
| exploit/windows/novell/zenworks_preboot_op6c_bof | Novell ZENworks Configuration Management Preboot Service 0x6c Buffer Overflow |
| exploit/windows/nuuo/nuuo_cms_fu | Nuuo Central Management Server Authenticated Arbitrary File Upload |
| exploit/windows/nuuo/nuuo_cms_sqli | Nuuo Central Management Authenticated SQL Server SQLi |
| exploit/windows/oracle/client_system_analyzer_upload | Oracle Database Client System Analyzer Arbitrary File Upload |
| exploit/windows/oracle/extjob | Oracle Job Scheduler Named Pipe Command Execution |
| exploit/windows/oracle/osb_ndmp_auth | Oracle Secure Backup NDMP_CONNECT_CLIENT_AUTH Buffer Overflow |
| exploit/windows/oracle/tns_arguments | Oracle 8i TNS Listener (ARGUMENTS) Buffer Overflow |
| exploit/windows/oracle/tns_auth_sesskey | Oracle 10gR2 TNS Listener AUTH_SESSKEY Buffer Overflow |
| exploit/windows/oracle/tns_service_name | Oracle 8i TNS Listener SERVICE_NAME Buffer Overflow |
| exploit/windows/pop3/seattlelab_pass | Seattle Lab Mail 5.5 POP3 Buffer Overflow |
| exploit/windows/postgres/postgres_payload | PostgreSQL for Microsoft Windows Payload Execution |
| exploit/windows/proxy/bluecoat_winproxy_host | Blue Coat WinProxy Host Header Overflow |
| exploit/windows/proxy/ccproxy_telnet_ping | CCProxy Telnet Proxy Ping Overflow |
| exploit/windows/proxy/proxypro_http_get | Proxy-Pro Professional GateKeeper 4.7 GET Request Overflow |
| exploit/windows/proxy/qbik_wingate_wwwproxy | Qbik WinGate WWW Proxy Server URL Processing Overflow |
| exploit/windows/rdp/cve_2019_0708_bluekeep_rce | CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free |
| exploit/windows/rdp/rdp_doublepulsar_rce | RDP DOUBLEPULSAR Remote Code Execution |
| exploit/windows/sage/x3_adxsrv_auth_bypass_cmd_exec | Sage X3 Administration Service Authentication Bypass Command Execution |
| exploit/windows/scada/abb_wserver_exec | ABB MicroSCADA wserver.exe Remote Code Execution |
| exploit/windows/scada/advantech_webaccess_dashboard_file_upload | Advantech WebAccess Dashboard Viewer uploadImageCommon Arbitrary File Upload |
| exploit/windows/scada/advantech_webaccess_webvrpcs_bof | Advantech WebAccess Webvrpcs Service Opcode 80061 Stack Buffer Overflow |
| exploit/windows/scada/citect_scada_odbc | CitectSCADA/CitectFacilities ODBC Buffer Overflow |
| exploit/windows/scada/codesys_gateway_server_traversal | SCADA 3S CoDeSys Gateway Server Directory Traversal |
| exploit/windows/scada/codesys_web_server | SCADA 3S CoDeSys CmpWebServer Stack Buffer Overflow |
| exploit/windows/scada/daq_factory_bof | DaqFactory HMI NETB Request Overflow |
| exploit/windows/scada/delta_ia_commgr_bof | Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow |
| exploit/windows/scada/factorylink_csservice | Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow |
| exploit/windows/scada/factorylink_vrn_09 | Siemens FactoryLink vrn.exe Opcode 9 Buffer Overflow |
| exploit/windows/scada/ge_proficy_cimplicity_gefebt | GE Proficy CIMPLICITY gefebt.exe Remote Code Execution |
| exploit/windows/scada/iconics_genbroker | Iconics GENESIS32 Integer Overflow Version 9.21.201.01 |
| exploit/windows/scada/iconics_webhmi_setactivexguid | ICONICS WebHMI ActiveX Buffer Overflow |
| exploit/windows/scada/igss9_igssdataserver_listall | 7-Technologies IGSS IGSSdataServer.exe Stack Buffer Overflow |
| exploit/windows/scada/igss9_igssdataserver_rename | 7-Technologies IGSS 9 IGSSdataServer .RMS Rename Buffer Overflow |
| exploit/windows/scada/igss9_misc | 7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities |
| exploit/windows/scada/igss_exec_17 | Interactive Graphical SCADA System Remote Command Injection |
| exploit/windows/scada/indusoft_webstudio_exec | InduSoft Web Studio Arbitrary Upload Remote Code Execution |
| exploit/windows/scada/moxa_mdmtool | MOXA Device Manager Tool 2.1 Buffer Overflow |
| exploit/windows/scada/procyon_core_server | Procyon Core Server HMI Coreservice.exe Stack Buffer Overflow |
| exploit/windows/scada/realwin | DATAC RealWin SCADA Server Buffer Overflow |
| exploit/windows/scada/realwin_on_fc_binfile_a | DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow |
| exploit/windows/scada/realwin_on_fcs_login | RealWin SCADA Server DATAC Login Buffer Overflow |
| exploit/windows/scada/realwin_scpc_initialize | DATAC RealWin SCADA Server SCPC_INITIALIZE Buffer Overflow |
| exploit/windows/scada/realwin_scpc_initialize_rf | DATAC RealWin SCADA Server SCPC_INITIALIZE_RF Buffer Overflow |
| exploit/windows/scada/realwin_scpc_txtevent | DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow |
| exploit/windows/scada/rockwell_factorytalk_rce | Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution |
| exploit/windows/scada/scadapro_cmdexe | Measuresoft ScadaPro Remote Command Execution |
| exploit/windows/scada/sunway_force_control_netdbsrv | Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57 |
| exploit/windows/scada/winlog_runtime_2 | Sielco Sistemi Winlog Buffer Overflow 2.07.14 - 2.07.16 |
| exploit/windows/scada/winlog_runtime | Sielco Sistemi Winlog Buffer Overflow |
| exploit/windows/scada/yokogawa_bkbcopyd_bof | Yokogawa CENTUM CS 3000 BKBCopyD.exe Buffer Overflow |
| exploit/windows/scada/yokogawa_bkesimmgr_bof | Yokogawa CS3000 BKESimmgr.exe Buffer Overflow |
| exploit/windows/scada/yokogawa_bkfsim_vhfd | Yokogawa CS3000 BKFSim_vhfd.exe Buffer Overflow |
| exploit/windows/scada/yokogawa_bkhodeq_bof | Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow |
| exploit/windows/sip/aim_triton_cseq | AIM Triton 1.0.4 CSeq Buffer Overflow |
| exploit/windows/sip/sipxezphone_cseq | SIPfoundry sipXezPhone 0.35a CSeq Field Overflow |
| exploit/windows/sip/sipxphone_cseq | SIPfoundry sipXphone 2.6.0.27 CSeq Buffer Overflow |
| exploit/windows/smb/cve_2020_0796_smbghost | SMBv3 Compression Buffer Overflow |
| exploit/windows/smb/generic_smb_dll_injection | Generic DLL Injection From Shared Resource |
| exploit/windows/smb/group_policy_startup | Group Policy Script Execution From Shared Resource |
| exploit/windows/smb/ipass_pipe_exec | IPass Control Pipe Remote Command Execution |
| exploit/windows/smb/ms03_049_netapi | MS03-049 Microsoft Workstation Service NetAddAlternateComputerName Overflow |
| exploit/windows/smb/ms04_007_killbill | MS04-007 Microsoft ASN.1 Library Bitstring Heap Overflow |
| exploit/windows/smb/ms04_011_lsass | MS04-011 Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow |
| exploit/windows/smb/ms04_031_netdde | MS04-031 Microsoft NetDDE Service Overflow |
| exploit/windows/smb/ms05_039_pnp | MS05-039 Microsoft Plug and Play Service Overflow |
| exploit/windows/smb/ms06_025_rasmans_reg | MS06-025 Microsoft RRAS Service RASMAN Registry Overflow |
| exploit/windows/smb/ms06_025_rras | MS06-025 Microsoft RRAS Service Overflow |
| exploit/windows/smb/ms06_040_netapi | MS06-040 Microsoft Server Service NetpwPathCanonicalize Overflow |
| exploit/windows/smb/ms06_066_nwapi | MS06-066 Microsoft Services nwapi32.dll Module Exploit |
| exploit/windows/smb/ms06_066_nwwks | MS06-066 Microsoft Services nwwks.dll Module Exploit |
| exploit/windows/smb/ms06_070_wkssvc | MS06-070 Microsoft Workstation Service NetpManageIPCConnect Overflow |
| exploit/windows/smb/ms07_029_msdns_zonename | MS07-029 Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB) |
| exploit/windows/smb/ms08_067_netapi | MS08-067 Microsoft Server Service Relative Path Stack Corruption |
| exploit/windows/smb/ms09_050_smb2_negotiate_func_index | MS09-050 Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference |
| exploit/windows/smb/ms10_046_shortcut_icon_dllloader | Microsoft Windows Shell LNK Code Execution |
| exploit/windows/smb/ms10_061_spoolss | MS10-061 Microsoft Print Spooler Service Impersonation Vulnerability |
| exploit/windows/smb/ms15_020_shortcut_icon_dllloader | Microsoft Windows Shell LNK Code Execution |
| exploit/windows/smb/ms17_010_eternalblue | MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption |
| exploit/windows/smb/ms17_010_eternalblue_win8 | MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption |
| exploit/windows/smb/ms17_010_psexec | MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution |
| exploit/windows/smb/netidentity_xtierrpcpipe | Novell NetIdentity Agent XTIERRPCPIPE Named Pipe Buffer Overflow |
| exploit/windows/smb/psexec | Microsoft Windows Authenticated User Code Execution |
| exploit/windows/smb/smb_delivery | SMB Delivery |
| exploit/windows/smb/smb_doublepulsar_rce | SMB DOUBLEPULSAR Remote Code Execution |
| exploit/windows/smb/smb_relay | MS08-068 Microsoft Windows SMB Relay Code Execution |
| exploit/windows/smb/smb_rras_erraticgopher | Microsoft Windows RRAS Service MIBEntryGet Overflow |
| exploit/windows/smb/smb_shadow | Microsoft Windows SMB Direct Session Takeover |
| exploit/windows/smb/timbuktu_plughntcommand_bof | Timbuktu PlughNTCommand Named Pipe Buffer Overflow |
| exploit/windows/smb/webexec | WebExec Authenticated User Code Execution |
| exploit/windows/smtp/mailcarrier_smtp_ehlo | TABS MailCarrier v2.51 SMTP EHLO Overflow |
| exploit/windows/smtp/mercury_cram_md5 | Mercury Mail SMTP AUTH CRAM-MD5 Buffer Overflow |
| exploit/windows/smtp/ms03_046_exchange2000_xexch50 | MS03-046 Exchange 2000 XEXCH50 Heap Overflow |
| exploit/windows/smtp/njstar_smtp_bof | NJStar Communicator 3.00 MiniSMTP Buffer Overflow |
| exploit/windows/smtp/sysgauge_client_bof | SysGauge SMTP Validation Buffer Overflow |
| exploit/windows/smtp/wmailserver | SoftiaCom WMailserver 1.0 Buffer Overflow |
| exploit/windows/smtp/ypops_overflow1 | YPOPS 0.6 Buffer Overflow |
| exploit/windows/ssh/freeftpd_key_exchange | FreeFTPd 1.0.10 Key Exchange Algorithm String Buffer Overflow |
| exploit/windows/ssh/freesshd_authbypass | Freesshd Authentication Bypass |
| exploit/windows/ssh/freesshd_key_exchange | FreeSSHd 1.0.9 Key Exchange Algorithm String Buffer Overflow |
| exploit/windows/ssh/putty_msg_debug | PuTTY Buffer Overflow |
| exploit/windows/ssh/securecrt_ssh1 | SecureCRT SSH1 Buffer Overflow |
| exploit/windows/ssh/sysax_ssh_username | Sysax 5.53 SSH Username Buffer Overflow |
| exploit/windows/ssl/ms04_011_pct | MS04-011 Microsoft Private Communications Transport Overflow |
| exploit/windows/telnet/gamsoft_telsrv_username | GAMSoft TelSrv 1.5 Username Buffer Overflow |
| exploit/windows/telnet/goodtech_telnet | GoodTech Telnet Server Buffer Overflow |
| exploit/windows/tftp/attftp_long_filename | Allied Telesyn TFTP Server 1.9 Long Filename Overflow |
| exploit/windows/tftp/distinct_tftp_traversal | Distinct TFTP 3.10 Writable Directory Traversal Execution |
| exploit/windows/tftp/dlink_long_filename | D-Link TFTP 1.0 Long Filename Buffer Overflow |
| exploit/windows/tftp/futuresoft_transfermode | FutureSoft TFTP Server 2000 Transfer-Mode Overflow |
| exploit/windows/tftp/netdecision_tftp_traversal | NetDecision 4.2 TFTP Writable Directory Traversal Execution |
| exploit/windows/tftp/opentftp_error_code | OpenTFTP SP 1.4 Error Packet Overflow |
| exploit/windows/tftp/quick_tftp_pro_mode | Quick FTP Pro 2.1 Transfer-Mode Overflow |
| exploit/windows/tftp/tftpd32_long_filename | TFTPD32 Long Filename Buffer Overflow |
| exploit/windows/tftp/tftpdwin_long_filename | TFTPDWIN v0.4.2 Long Filename Buffer Overflow |
| exploit/windows/tftp/tftpserver_wrq_bof | TFTP Server for Windows 1.4 ST WRQ Buffer Overflow |
| exploit/windows/tftp/threectftpsvc_long_mode | 3CTftpSvc TFTP Long Mode Buffer Overflow |
| exploit/windows/unicenter/cam_log_security | CA CAM log_security() Stack Buffer Overflow (Win32) |
| exploit/windows/vnc/realvnc_client | RealVNC 3.3.7 Client Buffer Overflow |
| exploit/windows/vnc/ultravnc_client | UltraVNC 1.0.1 Client Buffer Overflow |
| exploit/windows/vnc/ultravnc_viewer_bof | UltraVNC 1.0.2 Client (vncviewer.exe) Buffer Overflow |
| exploit/windows/vnc/winvnc_http_get | WinVNC Web Server GET Overflow |
| exploit/windows/vpn/safenet_ike_11 | SafeNet SoftRemote IKE Service Buffer Overflow |
| exploit/windows/winrm/winrm_script_exec | WinRM Script Exec Remote Code Execution |
| exploit/windows/wins/ms04_045_wins | MS04-045 Microsoft WINS Service Memory Overwrite |
| nop/aarch64/simple | Simple |
| nop/armle/simple | Simple |
| nop/cmd/generic | Generic Command Nop Generator |
| nop/mipsbe/better | Better |
| nop/php/generic | PHP Nop Generator |
| nop/ppc/simple | Simple |
| nop/sparc/random | SPARC NOP Generator |
| nop/tty/generic | TTY Nop Generator |
| nop/x64/simple | Simple |
| nop/x86/opty2 | Opty2 |
| nop/x86/single_byte | Single Byte |
| payload/aix/ppc/shell_bind_tcp | AIX Command Shell, Bind TCP Inline |
| payload/aix/ppc/shell_find_port | AIX Command Shell, Find Port Inline |
| payload/aix/ppc/shell_interact | AIX execve Shell for inetd |
| payload/aix/ppc/shell_reverse_tcp | AIX Command Shell, Reverse TCP Inline |
| payload/android/meterpreter/reverse_http | Android Meterpreter, Android Reverse HTTP Stager |
| payload/android/meterpreter_reverse_http | Android Meterpreter Shell, Reverse HTTP Inline |
| payload/android/meterpreter/reverse_https | Android Meterpreter, Android Reverse HTTPS Stager |
| payload/android/meterpreter_reverse_https | Android Meterpreter Shell, Reverse HTTPS Inline |
| payload/android/meterpreter/reverse_tcp | Android Meterpreter, Android Reverse TCP Stager |
| payload/android/meterpreter_reverse_tcp | Android Meterpreter Shell, Reverse TCP Inline |
| payload/android/shell/reverse_http | Command Shell, Android Reverse HTTP Stager |
| payload/android/shell/reverse_https | Command Shell, Android Reverse HTTPS Stager |
| payload/android/shell/reverse_tcp | Command Shell, Android Reverse TCP Stager |
| payload/apple_ios/aarch64/meterpreter_reverse_http | Apple_iOS Meterpreter, Reverse HTTP Inline |
| payload/apple_ios/aarch64/meterpreter_reverse_https | Apple_iOS Meterpreter, Reverse HTTPS Inline |
| payload/apple_ios/aarch64/meterpreter_reverse_tcp | Apple_iOS Meterpreter, Reverse TCP Inline |
| payload/apple_ios/aarch64/shell_reverse_tcp | Apple iOS aarch64 Command Shell, Reverse TCP Inline |
| payload/apple_ios/armle/meterpreter_reverse_http | Apple_iOS Meterpreter, Reverse HTTP Inline |
| payload/apple_ios/armle/meterpreter_reverse_https | Apple_iOS Meterpreter, Reverse HTTPS Inline |
| payload/apple_ios/armle/meterpreter_reverse_tcp | Apple_iOS Meterpreter, Reverse TCP Inline |
| payload/bsdi/x86/shell/bind_tcp | BSDi Command Shell, Bind TCP Stager |
| payload/bsdi/x86/shell_bind_tcp | BSDi Command Shell, Bind TCP Inline |
| payload/bsdi/x86/shell_find_port | BSDi Command Shell, Find Port Inline |
| payload/bsdi/x86/shell/reverse_tcp | BSDi Command Shell, Reverse TCP Stager |
| payload/bsdi/x86/shell_reverse_tcp | BSDi Command Shell, Reverse TCP Inline |
| payload/bsd/sparc/shell_bind_tcp | BSD Command Shell, Bind TCP Inline |
| payload/bsd/sparc/shell_reverse_tcp | BSD Command Shell, Reverse TCP Inline |
| payload/bsd/vax/shell_reverse_tcp | BSD Command Shell, Reverse TCP Inline |
| payload/bsd/x64/exec | BSD x64 Execute Command |
| payload/bsd/x64/shell_bind_ipv6_tcp | BSD x64 Command Shell, Bind TCP Inline (IPv6) |
| payload/bsd/x64/shell_bind_tcp | BSD x64 Shell Bind TCP |
| payload/bsd/x64/shell_bind_tcp_small | BSD x64 Command Shell, Bind TCP Inline |
| payload/bsd/x64/shell_reverse_ipv6_tcp | BSD x64 Command Shell, Reverse TCP Inline (IPv6) |
| payload/bsd/x64/shell_reverse_tcp | BSD x64 Shell Reverse TCP |
| payload/bsd/x64/shell_reverse_tcp_small | BSD x64 Command Shell, Reverse TCP Inline |
| payload/bsd/x86/exec | BSD Execute Command |
| payload/bsd/x86/metsvc_bind_tcp | FreeBSD Meterpreter Service, Bind TCP |
| payload/bsd/x86/metsvc_reverse_tcp | FreeBSD Meterpreter Service, Reverse TCP Inline |
| payload/bsd/x86/shell/bind_ipv6_tcp | BSD Command Shell, Bind TCP Stager (IPv6) |
| payload/bsd/x86/shell/bind_tcp | BSD Command Shell, Bind TCP Stager |
| payload/bsd/x86/shell_bind_tcp | BSD Command Shell, Bind TCP Inline |
| payload/bsd/x86/shell_bind_tcp_ipv6 | BSD Command Shell, Bind TCP Inline (IPv6) |
| payload/bsd/x86/shell_find_port | BSD Command Shell, Find Port Inline |
| payload/bsd/x86/shell/find_tag | BSD Command Shell, Find Tag Stager |
| payload/bsd/x86/shell_find_tag | BSD Command Shell, Find Tag Inline |
| payload/bsd/x86/shell/reverse_ipv6_tcp | BSD Command Shell, Reverse TCP Stager (IPv6) |
| payload/bsd/x86/shell/reverse_tcp | BSD Command Shell, Reverse TCP Stager |
| payload/bsd/x86/shell_reverse_tcp | BSD Command Shell, Reverse TCP Inline |
| payload/bsd/x86/shell_reverse_tcp_ipv6 | BSD Command Shell, Reverse TCP Inline (IPv6) |
| payload/cmd/mainframe/apf_privesc_jcl | JCL to Escalate Privileges |
| payload/cmd/mainframe/bind_shell_jcl | Z/OS (MVS) Command Shell, Bind TCP |
| payload/cmd/mainframe/generic_jcl | Generic JCL Test for Mainframe Exploits |
| payload/cmd/mainframe/reverse_shell_jcl | Z/OS (MVS) Command Shell, Reverse TCP |
| payload/cmd/unix/bind_awk | Unix Command Shell, Bind TCP (via AWK) |
| payload/cmd/unix/bind_busybox_telnetd | Unix Command Shell, Bind TCP (via BusyBox telnetd) |
| payload/cmd/unix/bind_inetd | Unix Command Shell, Bind TCP (inetd) |
| payload/cmd/unix/bind_jjs | Unix Command Shell, Bind TCP (via jjs) |
| payload/cmd/unix/bind_lua | Unix Command Shell, Bind TCP (via Lua) |
| payload/cmd/unix/bind_netcat_gaping | Unix Command Shell, Bind TCP (via netcat -e) |
| payload/cmd/unix/bind_netcat_gaping_ipv6 | Unix Command Shell, Bind TCP (via netcat -e) IPv6 |
| payload/cmd/unix/bind_netcat | Unix Command Shell, Bind TCP (via netcat) |
| payload/cmd/unix/bind_nodejs | Unix Command Shell, Bind TCP (via nodejs) |
| payload/cmd/unix/bind_perl | Unix Command Shell, Bind TCP (via Perl) |
| payload/cmd/unix/bind_perl_ipv6 | Unix Command Shell, Bind TCP (via perl) IPv6 |
| payload/cmd/unix/bind_r | Unix Command Shell, Bind TCP (via R) |
| payload/cmd/unix/bind_ruby | Unix Command Shell, Bind TCP (via Ruby) |
| payload/cmd/unix/bind_ruby_ipv6 | Unix Command Shell, Bind TCP (via Ruby) IPv6 |
| payload/cmd/unix/bind_socat_udp | Unix Command Shell, Bind UDP (via socat) |
| payload/cmd/unix/bind_stub | Unix Command Shell, Bind TCP (stub) |
| payload/cmd/unix/bind_zsh | Unix Command Shell, Bind TCP (via Zsh) |
| payload/cmd/unix/generic | Unix Command, Generic Command Execution |
| payload/cmd/unix/interact | Unix Command, Interact with Established Connection |
| payload/cmd/unix/pingback_bind | Unix Command Shell, Pingback Bind TCP (via netcat) |
| payload/cmd/unix/pingback_reverse | Unix Command Shell, Pingback Reverse TCP (via netcat) |
| payload/cmd/unix/python/meterpreter/bind_tcp | Python Exec, Python Meterpreter, Python Bind TCP Stager |
| payload/cmd/unix/python/meterpreter_bind_tcp | Python Exec, Python Meterpreter Shell, Bind TCP Inline |
| payload/cmd/unix/python/meterpreter/bind_tcp_uuid | Python Exec, Python Meterpreter, Python Bind TCP Stager with UUID Support |
| payload/cmd/unix/python/meterpreter/reverse_http | Python Exec, Python Meterpreter, Python Reverse HTTP Stager |
| payload/cmd/unix/python/meterpreter_reverse_http | Python Exec, Python Meterpreter Shell, Reverse HTTP Inline |
| payload/cmd/unix/python/meterpreter/reverse_https | Python Exec, Python Meterpreter, Python Reverse HTTPS Stager |
| payload/cmd/unix/python/meterpreter_reverse_https | Python Exec, Python Meterpreter Shell, Reverse HTTPS Inline |
| payload/cmd/unix/python/meterpreter/reverse_tcp | Python Exec, Python Meterpreter, Python Reverse TCP Stager |
| payload/cmd/unix/python/meterpreter_reverse_tcp | Python Exec, Python Meterpreter Shell, Reverse TCP Inline |
| payload/cmd/unix/python/meterpreter/reverse_tcp_ssl | Python Exec, Python Meterpreter, Python Reverse TCP SSL Stager |
| payload/cmd/unix/python/meterpreter/reverse_tcp_uuid | Python Exec, Python Meterpreter, Python Reverse TCP Stager with UUID Support |
| payload/cmd/unix/python/pingback_bind_tcp | Python Exec, Python Pingback, Bind TCP (via python) |
| payload/cmd/unix/python/pingback_reverse_tcp | Python Exec, Python Pingback, Reverse TCP (via python) |
| payload/cmd/unix/python/shell_bind_tcp | Python Exec, Command Shell, Bind TCP (via python) |
| payload/cmd/unix/python/shell_reverse_tcp | Python Exec, Command Shell, Reverse TCP (via python) |
| payload/cmd/unix/python/shell_reverse_tcp_ssl | Python Exec, Command Shell, Reverse TCP SSL (via python) |
| payload/cmd/unix/python/shell_reverse_udp | Python Exec, Command Shell, Reverse UDP (via python) |
| payload/cmd/unix/reverse_awk | Unix Command Shell, Reverse TCP (via AWK) |
| payload/cmd/unix/reverse_bash | Unix Command Shell, Reverse TCP (/dev/tcp) |
| payload/cmd/unix/reverse_bash_telnet_ssl | Unix Command Shell, Reverse TCP SSL (telnet) |
| payload/cmd/unix/reverse_bash_udp | Unix Command Shell, Reverse UDP (/dev/udp) |
| payload/cmd/unix/reverse | Unix Command Shell, Double Reverse TCP (telnet) |
| payload/cmd/unix/reverse_jjs | Unix Command Shell, Reverse TCP (via jjs) |
| payload/cmd/unix/reverse_ksh | Unix Command Shell, Reverse TCP (via Ksh) |
| payload/cmd/unix/reverse_lua | Unix Command Shell, Reverse TCP (via Lua) |
| payload/cmd/unix/reverse_ncat_ssl | Unix Command Shell, Reverse TCP (via ncat) |
| payload/cmd/unix/reverse_netcat_gaping | Unix Command Shell, Reverse TCP (via netcat -e) |
| payload/cmd/unix/reverse_netcat | Unix Command Shell, Reverse TCP (via netcat) |
| payload/cmd/unix/reverse_nodejs | Unix Command Shell, Reverse TCP (via nodejs) |
| payload/cmd/unix/reverse_openssl | Unix Command Shell, Double Reverse TCP SSL (openssl) |
| payload/cmd/unix/reverse_perl | Unix Command Shell, Reverse TCP (via Perl) |
| payload/cmd/unix/reverse_perl_ssl | Unix Command Shell, Reverse TCP SSL (via perl) |
| payload/cmd/unix/reverse_php_ssl | Unix Command Shell, Reverse TCP SSL (via php) |
| payload/cmd/unix/reverse_python | Unix Command Shell, Reverse TCP (via Python) |
| payload/cmd/unix/reverse_python_ssl | Unix Command Shell, Reverse TCP SSL (via python) |
| payload/cmd/unix/reverse_r | Unix Command Shell, Reverse TCP (via R) |
| payload/cmd/unix/reverse_ruby | Unix Command Shell, Reverse TCP (via Ruby) |
| payload/cmd/unix/reverse_ruby_ssl | Unix Command Shell, Reverse TCP SSL (via Ruby) |
| payload/cmd/unix/reverse_socat_udp | Unix Command Shell, Reverse UDP (via socat) |
| payload/cmd/unix/reverse_ssh | Unix Command Shell, Reverse TCP SSH |
| payload/cmd/unix/reverse_ssl_double_telnet | Unix Command Shell, Double Reverse TCP SSL (telnet) |
| payload/cmd/unix/reverse_stub | Unix Command Shell, Reverse TCP (stub) |
| payload/cmd/unix/reverse_tclsh | Unix Command Shell, Reverse TCP (via Tclsh) |
| payload/cmd/unix/reverse_zsh | Unix Command Shell, Reverse TCP (via Zsh) |
| payload/cmd/windows/adduser | Windows Execute net user /ADD CMD |
| payload/cmd/windows/bind_lua | Windows Command Shell, Bind TCP (via Lua) |
| payload/cmd/windows/bind_perl | Windows Command Shell, Bind TCP (via Perl) |
| payload/cmd/windows/bind_perl_ipv6 | Windows Command Shell, Bind TCP (via perl) IPv6 |
| payload/cmd/windows/bind_ruby | Windows Command Shell, Bind TCP (via Ruby) |
| payload/cmd/windows/download_eval_vbs | Windows Executable Download and Evaluate VBS |
| payload/cmd/windows/download_exec_vbs | Windows Executable Download and Execute (via .vbs) |
| payload/cmd/windows/generic | Windows Command, Generic Command Execution |
| payload/cmd/windows/jjs_reverse_tcp | Windows Shell, Reverse TCP (via jjs) |
| payload/cmd/windows/powershell/adduser | Powershell Exec |
| payload/cmd/windows/powershell_bind_tcp | Windows Interactive Powershell Session, Bind TCP |
| payload/cmd/windows/powershell/custom/bind_hidden_ipknock_tcp | Powershell Exec, Windows shellcode stage, Hidden Bind Ipknock TCP Stager |
| payload/cmd/windows/powershell/custom/bind_hidden_tcp | Powershell Exec, Windows shellcode stage, Hidden Bind TCP Stager |
| payload/cmd/windows/powershell/custom/bind_ipv6_tcp | Powershell Exec, Windows shellcode stage, Bind IPv6 TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/custom/bind_ipv6_tcp_uuid | Powershell Exec, Windows shellcode stage, Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/custom/bind_named_pipe | Powershell Exec, Windows shellcode stage, Windows x86 Bind Named Pipe Stager |
| payload/cmd/windows/powershell/custom/bind_nonx_tcp | Powershell Exec, Windows shellcode stage, Bind TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/custom/bind_tcp | Powershell Exec, Windows shellcode stage, Bind TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/custom/bind_tcp_rc4 | Powershell Exec, Windows shellcode stage, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/custom/bind_tcp_uuid | Powershell Exec, Windows shellcode stage, Bind TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/custom/find_tag | Powershell Exec, Windows shellcode stage, Find Tag Ordinal Stager |
| payload/cmd/windows/powershell/custom/reverse_hop_http | Powershell Exec, Windows shellcode stage, Reverse Hop HTTP/HTTPS Stager |
| payload/cmd/windows/powershell/custom/reverse_http | Powershell Exec, Windows shellcode stage, Windows Reverse HTTP Stager (wininet) |
| payload/cmd/windows/powershell/custom/reverse_http_proxy_pstore | Powershell Exec, Windows shellcode stage, Reverse HTTP Stager Proxy |
| payload/cmd/windows/powershell/custom/reverse_https | Powershell Exec, Windows shellcode stage, Windows Reverse HTTPS Stager (wininet) |
| payload/cmd/windows/powershell/custom/reverse_https_proxy | Powershell Exec, Windows shellcode stage, Reverse HTTPS Stager with Support for Custom Proxy |
| payload/cmd/windows/powershell/custom/reverse_ipv6_tcp | Powershell Exec, Windows shellcode stage, Reverse TCP Stager (IPv6) |
| payload/cmd/windows/powershell/custom/reverse_named_pipe | Powershell Exec, Windows shellcode stage, Windows x86 Reverse Named Pipe (SMB) Stager |
| payload/cmd/windows/powershell/custom/reverse_nonx_tcp | Powershell Exec, Windows shellcode stage, Reverse TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/custom/reverse_ord_tcp | Powershell Exec, Windows shellcode stage, Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/custom/reverse_tcp_allports | Powershell Exec, Windows shellcode stage, Reverse All-Port TCP Stager |
| payload/cmd/windows/powershell/custom/reverse_tcp_dns | Powershell Exec, Windows shellcode stage, Reverse TCP Stager (DNS) |
| payload/cmd/windows/powershell/custom/reverse_tcp | Powershell Exec, Windows shellcode stage, Reverse TCP Stager |
| payload/cmd/windows/powershell/custom/reverse_tcp_rc4_dns | Powershell Exec, Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/cmd/windows/powershell/custom/reverse_tcp_rc4 | Powershell Exec, Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/custom/reverse_tcp_uuid | Powershell Exec, Windows shellcode stage, Reverse TCP Stager with UUID Support |
| payload/cmd/windows/powershell/custom/reverse_udp | Powershell Exec, Windows shellcode stage, Reverse UDP Stager with UUID Support |
| payload/cmd/windows/powershell/custom/reverse_winhttp | Powershell Exec, Windows shellcode stage, Windows Reverse HTTP Stager (winhttp) |
| payload/cmd/windows/powershell/custom/reverse_winhttps | Powershell Exec, Windows shellcode stage, Windows Reverse HTTPS Stager (winhttp) |
| payload/cmd/windows/powershell/dllinject/bind_hidden_ipknock_tcp | Powershell Exec, Hidden Bind Ipknock TCP Stager |
| payload/cmd/windows/powershell/dllinject/bind_hidden_tcp | Powershell Exec, Hidden Bind TCP Stager |
| payload/cmd/windows/powershell/dllinject/bind_ipv6_tcp | Powershell Exec, Bind IPv6 TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/dllinject/bind_ipv6_tcp_uuid | Powershell Exec, Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/dllinject/bind_named_pipe | Powershell Exec, Windows x86 Bind Named Pipe Stager |
| payload/cmd/windows/powershell/dllinject/bind_nonx_tcp | Powershell Exec, Bind TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/dllinject/bind_tcp | Powershell Exec, Bind TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/dllinject/bind_tcp_rc4 | Powershell Exec, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/dllinject/bind_tcp_uuid | Powershell Exec, Bind TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/dllinject/find_tag | Powershell Exec, Find Tag Ordinal Stager |
| payload/cmd/windows/powershell/dllinject/reverse_hop_http | Powershell Exec, Reverse Hop HTTP/HTTPS Stager |
| payload/cmd/windows/powershell/dllinject/reverse_http | Powershell Exec, Windows Reverse HTTP Stager (wininet) |
| payload/cmd/windows/powershell/dllinject/reverse_http_proxy_pstore | Powershell Exec, Reverse HTTP Stager Proxy |
| payload/cmd/windows/powershell/dllinject/reverse_ipv6_tcp | Powershell Exec, Reverse TCP Stager (IPv6) |
| payload/cmd/windows/powershell/dllinject/reverse_nonx_tcp | Powershell Exec, Reverse TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/dllinject/reverse_ord_tcp | Powershell Exec, Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/dllinject/reverse_tcp_allports | Powershell Exec, Reverse All-Port TCP Stager |
| payload/cmd/windows/powershell/dllinject/reverse_tcp_dns | Powershell Exec, Reverse TCP Stager (DNS) |
| payload/cmd/windows/powershell/dllinject/reverse_tcp | Powershell Exec, Reverse TCP Stager |
| payload/cmd/windows/powershell/dllinject/reverse_tcp_rc4_dns | Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/cmd/windows/powershell/dllinject/reverse_tcp_rc4 | Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/dllinject/reverse_tcp_uuid | Powershell Exec, Reverse TCP Stager with UUID Support |
| payload/cmd/windows/powershell/dllinject/reverse_winhttp | Powershell Exec, Windows Reverse HTTP Stager (winhttp) |
| payload/cmd/windows/powershell/dns_txt_query_exec | Powershell Exec, DNS TXT Record Payload Download and Execution |
| payload/cmd/windows/powershell/download_exec | Powershell Exec, Windows Executable Download (http,https,ftp) and Execute |
| payload/cmd/windows/powershell/exec | Powershell Exec |
| payload/cmd/windows/powershell/format_all_drives | Powershell Exec |
| payload/cmd/windows/powershell/generic/debug_trap | Powershell Exec, Generic x86 Debug Trap |
| payload/cmd/windows/powershell/generic/tight_loop | Powershell Exec, Generic x86 Tight Loop |
| payload/cmd/windows/powershell/loadlibrary | Powershell Exec |
| payload/cmd/windows/powershell/messagebox | Powershell Exec, Windows MessageBox |
| payload/cmd/windows/powershell/meterpreter/bind_hidden_ipknock_tcp | Powershell Exec, Hidden Bind Ipknock TCP Stager |
| payload/cmd/windows/powershell/meterpreter/bind_hidden_tcp | Powershell Exec, Hidden Bind TCP Stager |
| payload/cmd/windows/powershell/meterpreter/bind_ipv6_tcp | Powershell Exec, Bind IPv6 TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/meterpreter/bind_ipv6_tcp_uuid | Powershell Exec, Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/meterpreter/bind_named_pipe | Powershell Exec, Windows x86 Bind Named Pipe Stager |
| payload/cmd/windows/powershell/meterpreter/bind_nonx_tcp | Powershell Exec, Bind TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/meterpreter/bind_tcp | Powershell Exec, Bind TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/meterpreter/bind_tcp_rc4 | Powershell Exec, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/meterpreter/bind_tcp_uuid | Powershell Exec, Bind TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/meterpreter/find_tag | Powershell Exec, Find Tag Ordinal Stager |
| payload/cmd/windows/powershell/meterpreter/reverse_hop_http | Powershell Exec, Reverse Hop HTTP/HTTPS Stager |
| payload/cmd/windows/powershell/meterpreter/reverse_http | Powershell Exec, Windows Reverse HTTP Stager (wininet) |
| payload/cmd/windows/powershell/meterpreter/reverse_http_proxy_pstore | Powershell Exec, Reverse HTTP Stager Proxy |
| payload/cmd/windows/powershell/meterpreter/reverse_https | Powershell Exec, Windows Reverse HTTPS Stager (wininet) |
| payload/cmd/windows/powershell/meterpreter/reverse_https_proxy | Powershell Exec, Reverse HTTPS Stager with Support for Custom Proxy |
| payload/cmd/windows/powershell/meterpreter/reverse_ipv6_tcp | Powershell Exec, Reverse TCP Stager (IPv6) |
| payload/cmd/windows/powershell/meterpreter/reverse_named_pipe | Powershell Exec, Windows x86 Reverse Named Pipe (SMB) Stager |
| payload/cmd/windows/powershell/meterpreter/reverse_nonx_tcp | Powershell Exec, Reverse TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/meterpreter/reverse_ord_tcp | Powershell Exec, Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/meterpreter/reverse_tcp_allports | Powershell Exec, Reverse All-Port TCP Stager |
| payload/cmd/windows/powershell/meterpreter/reverse_tcp_dns | Powershell Exec, Reverse TCP Stager (DNS) |
| payload/cmd/windows/powershell/meterpreter/reverse_tcp | Powershell Exec, Reverse TCP Stager |
| payload/cmd/windows/powershell/meterpreter/reverse_tcp_rc4_dns | Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/cmd/windows/powershell/meterpreter/reverse_tcp_rc4 | Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/meterpreter/reverse_tcp_uuid | Powershell Exec, Reverse TCP Stager with UUID Support |
| payload/cmd/windows/powershell/meterpreter/reverse_winhttp | Powershell Exec, Windows Reverse HTTP Stager (winhttp) |
| payload/cmd/windows/powershell/meterpreter/reverse_winhttps | Powershell Exec, Windows Reverse HTTPS Stager (winhttp) |
| payload/cmd/windows/powershell/metsvc_bind_tcp | Powershell Exec, Windows Meterpreter Service, Bind TCP |
| payload/cmd/windows/powershell/metsvc_reverse_tcp | Powershell Exec, Windows Meterpreter Service, Reverse TCP Inline |
| payload/cmd/windows/powershell/patchupdllinject/bind_hidden_ipknock_tcp | Powershell Exec, Hidden Bind Ipknock TCP Stager |
| payload/cmd/windows/powershell/patchupdllinject/bind_hidden_tcp | Powershell Exec, Hidden Bind TCP Stager |
| payload/cmd/windows/powershell/patchupdllinject/bind_ipv6_tcp | Powershell Exec, Bind IPv6 TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/patchupdllinject/bind_ipv6_tcp_uuid | Powershell Exec, Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/patchupdllinject/bind_named_pipe | Powershell Exec, Windows x86 Bind Named Pipe Stager |
| payload/cmd/windows/powershell/patchupdllinject/bind_nonx_tcp | Powershell Exec, Bind TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/patchupdllinject/bind_tcp | Powershell Exec, Bind TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/patchupdllinject/bind_tcp_rc4 | Powershell Exec, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/patchupdllinject/bind_tcp_uuid | Powershell Exec, Bind TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/patchupdllinject/find_tag | Powershell Exec, Find Tag Ordinal Stager |
| payload/cmd/windows/powershell/patchupdllinject/reverse_ipv6_tcp | Powershell Exec, Reverse TCP Stager (IPv6) |
| payload/cmd/windows/powershell/patchupdllinject/reverse_nonx_tcp | Powershell Exec, Reverse TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/patchupdllinject/reverse_ord_tcp | Powershell Exec, Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/patchupdllinject/reverse_tcp_allports | Powershell Exec, Reverse All-Port TCP Stager |
| payload/cmd/windows/powershell/patchupdllinject/reverse_tcp_dns | Powershell Exec, Reverse TCP Stager (DNS) |
| payload/cmd/windows/powershell/patchupdllinject/reverse_tcp | Powershell Exec, Reverse TCP Stager |
| payload/cmd/windows/powershell/patchupdllinject/reverse_tcp_rc4_dns | Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/cmd/windows/powershell/patchupdllinject/reverse_tcp_rc4 | Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/patchupdllinject/reverse_tcp_uuid | Powershell Exec, Reverse TCP Stager with UUID Support |
| payload/cmd/windows/powershell/patchupmeterpreter/bind_hidden_ipknock_tcp | Powershell Exec, Hidden Bind Ipknock TCP Stager |
| payload/cmd/windows/powershell/patchupmeterpreter/bind_hidden_tcp | Powershell Exec, Hidden Bind TCP Stager |
| payload/cmd/windows/powershell/patchupmeterpreter/bind_ipv6_tcp | Powershell Exec, Bind IPv6 TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/patchupmeterpreter/bind_ipv6_tcp_uuid | Powershell Exec, Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/patchupmeterpreter/bind_named_pipe | Powershell Exec, Windows x86 Bind Named Pipe Stager |
| payload/cmd/windows/powershell/patchupmeterpreter/bind_nonx_tcp | Powershell Exec, Bind TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/patchupmeterpreter/bind_tcp | Powershell Exec, Bind TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/patchupmeterpreter/bind_tcp_rc4 | Powershell Exec, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/patchupmeterpreter/bind_tcp_uuid | Powershell Exec, Bind TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/patchupmeterpreter/find_tag | Powershell Exec, Find Tag Ordinal Stager |
| payload/cmd/windows/powershell/patchupmeterpreter/reverse_ipv6_tcp | Powershell Exec, Reverse TCP Stager (IPv6) |
| payload/cmd/windows/powershell/patchupmeterpreter/reverse_nonx_tcp | Powershell Exec, Reverse TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/patchupmeterpreter/reverse_ord_tcp | Powershell Exec, Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp_allports | Powershell Exec, Reverse All-Port TCP Stager |
| payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp_dns | Powershell Exec, Reverse TCP Stager (DNS) |
| payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp | Powershell Exec, Reverse TCP Stager |
| payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp_rc4_dns | Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp_rc4 | Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp_uuid | Powershell Exec, Reverse TCP Stager with UUID Support |
| payload/cmd/windows/powershell/peinject/bind_hidden_ipknock_tcp | Powershell Exec, Hidden Bind Ipknock TCP Stager |
| payload/cmd/windows/powershell/peinject/bind_hidden_tcp | Powershell Exec, Hidden Bind TCP Stager |
| payload/cmd/windows/powershell/peinject/bind_ipv6_tcp | Powershell Exec, Bind IPv6 TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/peinject/bind_ipv6_tcp_uuid | Powershell Exec, Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/peinject/bind_named_pipe | Powershell Exec, Windows x86 Bind Named Pipe Stager |
| payload/cmd/windows/powershell/peinject/bind_nonx_tcp | Powershell Exec, Bind TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/peinject/bind_tcp | Powershell Exec, Bind TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/peinject/bind_tcp_rc4 | Powershell Exec, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/peinject/bind_tcp_uuid | Powershell Exec, Bind TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/peinject/find_tag | Powershell Exec, Find Tag Ordinal Stager |
| payload/cmd/windows/powershell/peinject/reverse_ipv6_tcp | Powershell Exec, Reverse TCP Stager (IPv6) |
| payload/cmd/windows/powershell/peinject/reverse_named_pipe | Powershell Exec, Windows x86 Reverse Named Pipe (SMB) Stager |
| payload/cmd/windows/powershell/peinject/reverse_nonx_tcp | Powershell Exec, Reverse TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/peinject/reverse_ord_tcp | Powershell Exec, Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/peinject/reverse_tcp_allports | Powershell Exec, Reverse All-Port TCP Stager |
| payload/cmd/windows/powershell/peinject/reverse_tcp_dns | Powershell Exec, Reverse TCP Stager (DNS) |
| payload/cmd/windows/powershell/peinject/reverse_tcp | Powershell Exec, Reverse TCP Stager |
| payload/cmd/windows/powershell/peinject/reverse_tcp_rc4_dns | Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/cmd/windows/powershell/peinject/reverse_tcp_rc4 | Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/peinject/reverse_tcp_uuid | Powershell Exec, Reverse TCP Stager with UUID Support |
| payload/cmd/windows/powershell/pingback_bind_tcp | Powershell Exec, Windows x86 Pingback, Bind TCP Inline |
| payload/cmd/windows/powershell/pingback_reverse_tcp | Powershell Exec, Windows x86 Pingback, Reverse TCP Inline |
| payload/cmd/windows/powershell/powershell_bind_tcp | Powershell Exec |
| payload/cmd/windows/powershell/powershell_reverse_tcp | Powershell Exec |
| payload/cmd/windows/powershell/powershell_reverse_tcp_ssl | Powershell Exec |
| payload/cmd/windows/powershell_reverse_tcp | Windows Interactive Powershell Session, Reverse TCP |
| payload/cmd/windows/powershell_reverse_tcp_ssl | Windows Interactive Powershell Session, Reverse TCP SSL |
| payload/cmd/windows/powershell/shell/bind_hidden_ipknock_tcp | Powershell Exec, Windows Command Shell, Hidden Bind Ipknock TCP Stager |
| payload/cmd/windows/powershell/shell/bind_hidden_tcp | Powershell Exec, Windows Command Shell, Hidden Bind TCP Stager |
| payload/cmd/windows/powershell/shell/bind_ipv6_tcp | Powershell Exec, Windows Command Shell, Bind IPv6 TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/shell/bind_ipv6_tcp_uuid | Powershell Exec, Windows Command Shell, Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/shell/bind_named_pipe | Powershell Exec, Windows Command Shell, Windows x86 Bind Named Pipe Stager |
| payload/cmd/windows/powershell/shell/bind_nonx_tcp | Powershell Exec, Windows Command Shell, Bind TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/shell/bind_tcp | Powershell Exec, Windows Command Shell, Bind TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/shell_bind_tcp | Powershell Exec, Windows Command Shell, Bind TCP Inline |
| payload/cmd/windows/powershell/shell/bind_tcp_rc4 | Powershell Exec, Windows Command Shell, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/shell/bind_tcp_uuid | Powershell Exec, Windows Command Shell, Bind TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/shell_bind_tcp_xpfw | Powershell Exec, Windows Disable Windows ICF, Command Shell, Bind TCP Inline |
| payload/cmd/windows/powershell/shell/find_tag | Powershell Exec, Windows Command Shell, Find Tag Ordinal Stager |
| payload/cmd/windows/powershell/shell_hidden_bind_tcp | Powershell Exec, Windows Command Shell, Hidden Bind TCP Inline |
| payload/cmd/windows/powershell/shell/reverse_ipv6_tcp | Powershell Exec, Windows Command Shell, Reverse TCP Stager (IPv6) |
| payload/cmd/windows/powershell/shell/reverse_nonx_tcp | Powershell Exec, Windows Command Shell, Reverse TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/shell/reverse_ord_tcp | Powershell Exec, Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/shell/reverse_tcp_allports | Powershell Exec, Windows Command Shell, Reverse All-Port TCP Stager |
| payload/cmd/windows/powershell/shell/reverse_tcp_dns | Powershell Exec, Windows Command Shell, Reverse TCP Stager (DNS) |
| payload/cmd/windows/powershell/shell/reverse_tcp | Powershell Exec, Windows Command Shell, Reverse TCP Stager |
| payload/cmd/windows/powershell/shell_reverse_tcp | Powershell Exec, Windows Command Shell, Reverse TCP Inline |
| payload/cmd/windows/powershell/shell/reverse_tcp_rc4_dns | Powershell Exec, Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/cmd/windows/powershell/shell/reverse_tcp_rc4 | Powershell Exec, Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/shell/reverse_tcp_uuid | Powershell Exec, Windows Command Shell, Reverse TCP Stager with UUID Support |
| payload/cmd/windows/powershell/shell/reverse_udp | Powershell Exec, Windows Command Shell, Reverse UDP Stager with UUID Support |
| payload/cmd/windows/powershell/speak_pwned | Powershell Exec |
| payload/cmd/windows/powershell/upexec/bind_hidden_ipknock_tcp | Powershell Exec, Windows Upload/Execute, Hidden Bind Ipknock TCP Stager |
| payload/cmd/windows/powershell/upexec/bind_hidden_tcp | Powershell Exec, Windows Upload/Execute, Hidden Bind TCP Stager |
| payload/cmd/windows/powershell/upexec/bind_ipv6_tcp | Powershell Exec, Windows Upload/Execute, Bind IPv6 TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/upexec/bind_ipv6_tcp_uuid | Powershell Exec, Windows Upload/Execute, Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/upexec/bind_named_pipe | Powershell Exec, Windows Upload/Execute, Windows x86 Bind Named Pipe Stager |
| payload/cmd/windows/powershell/upexec/bind_nonx_tcp | Powershell Exec, Windows Upload/Execute, Bind TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/upexec/bind_tcp | Powershell Exec, Windows Upload/Execute, Bind TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/upexec/bind_tcp_rc4 | Powershell Exec, Windows Upload/Execute, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/upexec/bind_tcp_uuid | Powershell Exec, Windows Upload/Execute, Bind TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/upexec/find_tag | Powershell Exec, Windows Upload/Execute, Find Tag Ordinal Stager |
| payload/cmd/windows/powershell/upexec/reverse_ipv6_tcp | Powershell Exec, Windows Upload/Execute, Reverse TCP Stager (IPv6) |
| payload/cmd/windows/powershell/upexec/reverse_nonx_tcp | Powershell Exec, Windows Upload/Execute, Reverse TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/upexec/reverse_ord_tcp | Powershell Exec, Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/upexec/reverse_tcp_allports | Powershell Exec, Windows Upload/Execute, Reverse All-Port TCP Stager |
| payload/cmd/windows/powershell/upexec/reverse_tcp_dns | Powershell Exec, Windows Upload/Execute, Reverse TCP Stager (DNS) |
| payload/cmd/windows/powershell/upexec/reverse_tcp | Powershell Exec, Windows Upload/Execute, Reverse TCP Stager |
| payload/cmd/windows/powershell/upexec/reverse_tcp_rc4_dns | Powershell Exec, Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/cmd/windows/powershell/upexec/reverse_tcp_rc4 | Powershell Exec, Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/upexec/reverse_tcp_uuid | Powershell Exec, Windows Upload/Execute, Reverse TCP Stager with UUID Support |
| payload/cmd/windows/powershell/upexec/reverse_udp | Powershell Exec, Windows Upload/Execute, Reverse UDP Stager with UUID Support |
| payload/cmd/windows/powershell/vncinject/bind_hidden_ipknock_tcp | Powershell Exec, Hidden Bind Ipknock TCP Stager |
| payload/cmd/windows/powershell/vncinject/bind_hidden_tcp | Powershell Exec, Hidden Bind TCP Stager |
| payload/cmd/windows/powershell/vncinject/bind_ipv6_tcp | Powershell Exec, Bind IPv6 TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/vncinject/bind_ipv6_tcp_uuid | Powershell Exec, Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/vncinject/bind_named_pipe | Powershell Exec, Windows x86 Bind Named Pipe Stager |
| payload/cmd/windows/powershell/vncinject/bind_nonx_tcp | Powershell Exec, Bind TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/vncinject/bind_tcp | Powershell Exec, Bind TCP Stager (Windows x86) |
| payload/cmd/windows/powershell/vncinject/bind_tcp_rc4 | Powershell Exec, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/vncinject/bind_tcp_uuid | Powershell Exec, Bind TCP Stager with UUID Support (Windows x86) |
| payload/cmd/windows/powershell/vncinject/find_tag | Powershell Exec, Find Tag Ordinal Stager |
| payload/cmd/windows/powershell/vncinject/reverse_hop_http | Powershell Exec, Reverse Hop HTTP/HTTPS Stager |
| payload/cmd/windows/powershell/vncinject/reverse_http | Powershell Exec, Windows Reverse HTTP Stager (wininet) |
| payload/cmd/windows/powershell/vncinject/reverse_http_proxy_pstore | Powershell Exec, Reverse HTTP Stager Proxy |
| payload/cmd/windows/powershell/vncinject/reverse_ipv6_tcp | Powershell Exec, Reverse TCP Stager (IPv6) |
| payload/cmd/windows/powershell/vncinject/reverse_nonx_tcp | Powershell Exec, Reverse TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/vncinject/reverse_ord_tcp | Powershell Exec, Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/cmd/windows/powershell/vncinject/reverse_tcp_allports | Powershell Exec, Reverse All-Port TCP Stager |
| payload/cmd/windows/powershell/vncinject/reverse_tcp_dns | Powershell Exec, Reverse TCP Stager (DNS) |
| payload/cmd/windows/powershell/vncinject/reverse_tcp | Powershell Exec, Reverse TCP Stager |
| payload/cmd/windows/powershell/vncinject/reverse_tcp_rc4_dns | Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/cmd/windows/powershell/vncinject/reverse_tcp_rc4 | Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/vncinject/reverse_tcp_uuid | Powershell Exec, Reverse TCP Stager with UUID Support |
| payload/cmd/windows/powershell/vncinject/reverse_winhttp | Powershell Exec, Windows Reverse HTTP Stager (winhttp) |
| payload/cmd/windows/powershell/x64/custom/bind_ipv6_tcp | Powershell Exec, Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager |
| payload/cmd/windows/powershell/x64/custom/bind_ipv6_tcp_uuid | Powershell Exec, Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager with UUID Support |
| payload/cmd/windows/powershell/x64/custom/bind_named_pipe | Powershell Exec, Windows shellcode stage, Windows x64 Bind Named Pipe Stager |
| payload/cmd/windows/powershell/x64/custom/bind_tcp | Powershell Exec, Windows shellcode stage, Windows x64 Bind TCP Stager |
| payload/cmd/windows/powershell/x64/custom/bind_tcp_rc4 | Powershell Exec, Windows shellcode stage, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/x64/custom/bind_tcp_uuid | Powershell Exec, Windows shellcode stage, Bind TCP Stager with UUID Support (Windows x64) |
| payload/cmd/windows/powershell/x64/custom/reverse_http | Powershell Exec, Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet) |
| payload/cmd/windows/powershell/x64/custom/reverse_https | Powershell Exec, Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet) |
| payload/cmd/windows/powershell/x64/custom/reverse_named_pipe | Powershell Exec, Windows shellcode stage, Windows x64 Reverse Named Pipe (SMB) Stager |
| payload/cmd/windows/powershell/x64/custom/reverse_tcp | Powershell Exec, Windows shellcode stage, Windows x64 Reverse TCP Stager |
| payload/cmd/windows/powershell/x64/custom/reverse_tcp_rc4 | Powershell Exec, Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/x64/custom/reverse_tcp_uuid | Powershell Exec, Windows shellcode stage, Reverse TCP Stager with UUID Support (Windows x64) |
| payload/cmd/windows/powershell/x64/custom/reverse_winhttp | Powershell Exec, Windows shellcode stage, Windows x64 Reverse HTTP Stager (winhttp) |
| payload/cmd/windows/powershell/x64/custom/reverse_winhttps | Powershell Exec, Windows shellcode stage, Windows x64 Reverse HTTPS Stager (winhttp) |
| payload/cmd/windows/powershell/x64/exec | Powershell Exec, Windows x64 Execute Command |
| payload/cmd/windows/powershell/x64/loadlibrary | Powershell Exec, Windows x64 LoadLibrary Path |
| payload/cmd/windows/powershell/x64/messagebox | Powershell Exec, Windows MessageBox x64 |
| payload/cmd/windows/powershell/x64/meterpreter/bind_ipv6_tcp | Powershell Exec, Windows x64 IPv6 Bind TCP Stager |
| payload/cmd/windows/powershell/x64/meterpreter/bind_ipv6_tcp_uuid | Powershell Exec, Windows x64 IPv6 Bind TCP Stager with UUID Support |
| payload/cmd/windows/powershell/x64/meterpreter/bind_named_pipe | Powershell Exec, Windows x64 Bind Named Pipe Stager |
| payload/cmd/windows/powershell/x64/meterpreter/bind_tcp | Powershell Exec, Windows x64 Bind TCP Stager |
| payload/cmd/windows/powershell/x64/meterpreter/bind_tcp_rc4 | Powershell Exec, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/x64/meterpreter/bind_tcp_uuid | Powershell Exec, Bind TCP Stager with UUID Support (Windows x64) |
| payload/cmd/windows/powershell/x64/meterpreter/reverse_http | Powershell Exec, Windows x64 Reverse HTTP Stager (wininet) |
| payload/cmd/windows/powershell/x64/meterpreter/reverse_https | Powershell Exec, Windows x64 Reverse HTTP Stager (wininet) |
| payload/cmd/windows/powershell/x64/meterpreter/reverse_named_pipe | Powershell Exec, Windows x64 Reverse Named Pipe (SMB) Stager |
| payload/cmd/windows/powershell/x64/meterpreter/reverse_tcp | Powershell Exec, Windows x64 Reverse TCP Stager |
| payload/cmd/windows/powershell/x64/meterpreter/reverse_tcp_rc4 | Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/x64/meterpreter/reverse_tcp_uuid | Powershell Exec, Reverse TCP Stager with UUID Support (Windows x64) |
| payload/cmd/windows/powershell/x64/meterpreter/reverse_winhttp | Powershell Exec, Windows x64 Reverse HTTP Stager (winhttp) |
| payload/cmd/windows/powershell/x64/meterpreter/reverse_winhttps | Powershell Exec, Windows x64 Reverse HTTPS Stager (winhttp) |
| payload/cmd/windows/powershell/x64/peinject/bind_ipv6_tcp | Powershell Exec, Windows x64 IPv6 Bind TCP Stager |
| payload/cmd/windows/powershell/x64/peinject/bind_ipv6_tcp_uuid | Powershell Exec, Windows x64 IPv6 Bind TCP Stager with UUID Support |
| payload/cmd/windows/powershell/x64/peinject/bind_named_pipe | Powershell Exec, Windows x64 Bind Named Pipe Stager |
| payload/cmd/windows/powershell/x64/peinject/bind_tcp | Powershell Exec, Windows x64 Bind TCP Stager |
| payload/cmd/windows/powershell/x64/peinject/bind_tcp_rc4 | Powershell Exec, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/x64/peinject/bind_tcp_uuid | Powershell Exec, Bind TCP Stager with UUID Support (Windows x64) |
| payload/cmd/windows/powershell/x64/peinject/reverse_named_pipe | Powershell Exec, Windows x64 Reverse Named Pipe (SMB) Stager |
| payload/cmd/windows/powershell/x64/peinject/reverse_tcp | Powershell Exec, Windows x64 Reverse TCP Stager |
| payload/cmd/windows/powershell/x64/peinject/reverse_tcp_rc4 | Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/x64/peinject/reverse_tcp_uuid | Powershell Exec, Reverse TCP Stager with UUID Support (Windows x64) |
| payload/cmd/windows/powershell/x64/pingback_reverse_tcp | Powershell Exec, Windows x64 Pingback, Reverse TCP Inline |
| payload/cmd/windows/powershell/x64/powershell_bind_tcp | Powershell Exec |
| payload/cmd/windows/powershell/x64/powershell_reverse_tcp | Powershell Exec |
| payload/cmd/windows/powershell/x64/powershell_reverse_tcp_ssl | Powershell Exec |
| payload/cmd/windows/powershell/x64/shell/bind_ipv6_tcp | Powershell Exec, Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager |
| payload/cmd/windows/powershell/x64/shell/bind_ipv6_tcp_uuid | Powershell Exec, Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager with UUID Support |
| payload/cmd/windows/powershell/x64/shell/bind_named_pipe | Powershell Exec, Windows x64 Command Shell, Windows x64 Bind Named Pipe Stager |
| payload/cmd/windows/powershell/x64/shell/bind_tcp | Powershell Exec, Windows x64 Command Shell, Windows x64 Bind TCP Stager |
| payload/cmd/windows/powershell/x64/shell_bind_tcp | Powershell Exec, Windows x64 Command Shell, Bind TCP Inline |
| payload/cmd/windows/powershell/x64/shell/bind_tcp_rc4 | Powershell Exec, Windows x64 Command Shell, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/x64/shell/bind_tcp_uuid | Powershell Exec, Windows x64 Command Shell, Bind TCP Stager with UUID Support (Windows x64) |
| payload/cmd/windows/powershell/x64/shell/reverse_tcp | Powershell Exec, Windows x64 Command Shell, Windows x64 Reverse TCP Stager |
| payload/cmd/windows/powershell/x64/shell_reverse_tcp | Powershell Exec, Windows x64 Command Shell, Reverse TCP Inline |
| payload/cmd/windows/powershell/x64/shell/reverse_tcp_rc4 | Powershell Exec, Windows x64 Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/x64/shell/reverse_tcp_uuid | Powershell Exec, Windows x64 Command Shell, Reverse TCP Stager with UUID Support (Windows x64) |
| payload/cmd/windows/powershell/x64/vncinject/bind_ipv6_tcp | Powershell Exec, Windows x64 IPv6 Bind TCP Stager |
| payload/cmd/windows/powershell/x64/vncinject/bind_ipv6_tcp_uuid | Powershell Exec, Windows x64 IPv6 Bind TCP Stager with UUID Support |
| payload/cmd/windows/powershell/x64/vncinject/bind_named_pipe | Powershell Exec, Windows x64 Bind Named Pipe Stager |
| payload/cmd/windows/powershell/x64/vncinject/bind_tcp | Powershell Exec, Windows x64 Bind TCP Stager |
| payload/cmd/windows/powershell/x64/vncinject/bind_tcp_rc4 | Powershell Exec, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/x64/vncinject/bind_tcp_uuid | Powershell Exec, Bind TCP Stager with UUID Support (Windows x64) |
| payload/cmd/windows/powershell/x64/vncinject/reverse_http | Powershell Exec, Windows x64 Reverse HTTP Stager (wininet) |
| payload/cmd/windows/powershell/x64/vncinject/reverse_https | Powershell Exec, Windows x64 Reverse HTTP Stager (wininet) |
| payload/cmd/windows/powershell/x64/vncinject/reverse_tcp | Powershell Exec, Windows x64 Reverse TCP Stager |
| payload/cmd/windows/powershell/x64/vncinject/reverse_tcp_rc4 | Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/cmd/windows/powershell/x64/vncinject/reverse_tcp_uuid | Powershell Exec, Reverse TCP Stager with UUID Support (Windows x64) |
| payload/cmd/windows/powershell/x64/vncinject/reverse_winhttp | Powershell Exec, Windows x64 Reverse HTTP Stager (winhttp) |
| payload/cmd/windows/powershell/x64/vncinject/reverse_winhttps | Powershell Exec, Windows x64 Reverse HTTPS Stager (winhttp) |
| payload/cmd/windows/reverse_lua | Windows Command Shell, Reverse TCP (via Lua) |
| payload/cmd/windows/reverse_perl | Windows Command, Double Reverse TCP Connection (via Perl) |
| payload/cmd/windows/reverse_powershell | Windows Command Shell, Reverse TCP (via Powershell) |
| payload/cmd/windows/reverse_ruby | Windows Command Shell, Reverse TCP (via Ruby) |
| payload/firefox/exec | Firefox XPCOM Execute Command |
| payload/firefox/shell_bind_tcp | Command Shell, Bind TCP (via Firefox XPCOM script) |
| payload/firefox/shell_reverse_tcp | Command Shell, Reverse TCP (via Firefox XPCOM script) |
| payload/generic/custom | Custom Payload |
| payload/generic/debug_trap | Generic x86 Debug Trap |
| payload/generic/shell_bind_tcp | Generic Command Shell, Bind TCP Inline |
| payload/generic/shell_reverse_tcp | Generic Command Shell, Reverse TCP Inline |
| payload/generic/ssh/interact | Interact with Established SSH Connection |
| payload/generic/tight_loop | Generic x86 Tight Loop |
| payload/java/jsp_shell_bind_tcp | Java JSP Command Shell, Bind TCP Inline |
| payload/java/jsp_shell_reverse_tcp | Java JSP Command Shell, Reverse TCP Inline |
| payload/java/meterpreter/bind_tcp | Java Meterpreter, Java Bind TCP Stager |
| payload/java/meterpreter/reverse_http | Java Meterpreter, Java Reverse HTTP Stager |
| payload/java/meterpreter/reverse_https | Java Meterpreter, Java Reverse HTTPS Stager |
| payload/java/meterpreter/reverse_tcp | Java Meterpreter, Java Reverse TCP Stager |
| payload/java/shell/bind_tcp | Command Shell, Java Bind TCP Stager |
| payload/java/shell/reverse_tcp | Command Shell, Java Reverse TCP Stager |
| payload/java/shell_reverse_tcp | Java Command Shell, Reverse TCP Inline |
| payload/linux/aarch64/meterpreter_reverse_http | Linux Meterpreter, Reverse HTTP Inline |
| payload/linux/aarch64/meterpreter_reverse_https | Linux Meterpreter, Reverse HTTPS Inline |
| payload/linux/aarch64/meterpreter/reverse_tcp | Linux Meterpreter, Reverse TCP Stager |
| payload/linux/aarch64/meterpreter_reverse_tcp | Linux Meterpreter, Reverse TCP Inline |
| payload/linux/aarch64/shell/reverse_tcp | Linux dup2 Command Shell, Reverse TCP Stager |
| payload/linux/aarch64/shell_reverse_tcp | Linux Command Shell, Reverse TCP Inline |
| payload/linux/armbe/meterpreter_reverse_http | Linux Meterpreter, Reverse HTTP Inline |
| payload/linux/armbe/meterpreter_reverse_https | Linux Meterpreter, Reverse HTTPS Inline |
| payload/linux/armbe/meterpreter_reverse_tcp | Linux Meterpreter, Reverse TCP Inline |
| payload/linux/armbe/shell_bind_tcp | Linux ARM Big Endian Command Shell, Bind TCP Inline |
| payload/linux/armle/adduser | Linux Add User |
| payload/linux/armle/exec | Linux Execute Command |
| payload/linux/armle/meterpreter/bind_tcp | Linux Meterpreter, Bind TCP Stager |
| payload/linux/armle/meterpreter_reverse_http | Linux Meterpreter, Reverse HTTP Inline |
| payload/linux/armle/meterpreter_reverse_https | Linux Meterpreter, Reverse HTTPS Inline |
| payload/linux/armle/meterpreter/reverse_tcp | Linux Meterpreter, Reverse TCP Stager |
| payload/linux/armle/meterpreter_reverse_tcp | Linux Meterpreter, Reverse TCP Inline |
| payload/linux/armle/shell/bind_tcp | Linux dup2 Command Shell, Bind TCP Stager |
| payload/linux/armle/shell_bind_tcp | Linux Command Shell, Reverse TCP Inline |
| payload/linux/armle/shell/reverse_tcp | Linux dup2 Command Shell, Reverse TCP Stager |
| payload/linux/armle/shell_reverse_tcp | Linux Command Shell, Reverse TCP Inline |
| payload/linux/mips64/meterpreter_reverse_http | Linux Meterpreter, Reverse HTTP Inline |
| payload/linux/mips64/meterpreter_reverse_https | Linux Meterpreter, Reverse HTTPS Inline |
| payload/linux/mips64/meterpreter_reverse_tcp | Linux Meterpreter, Reverse TCP Inline |
| payload/linux/mipsbe/exec | Linux Execute Command |
| payload/linux/mipsbe/meterpreter_reverse_http | Linux Meterpreter, Reverse HTTP Inline |
| payload/linux/mipsbe/meterpreter_reverse_https | Linux Meterpreter, Reverse HTTPS Inline |
| payload/linux/mipsbe/meterpreter/reverse_tcp | Linux Meterpreter, Reverse TCP Stager |
| payload/linux/mipsbe/meterpreter_reverse_tcp | Linux Meterpreter, Reverse TCP Inline |
| payload/linux/mipsbe/reboot | Linux Reboot |
| payload/linux/mipsbe/shell_bind_tcp | Linux Command Shell, Bind TCP Inline |
| payload/linux/mipsbe/shell/reverse_tcp | Linux Command Shell, Reverse TCP Stager |
| payload/linux/mipsbe/shell_reverse_tcp | Linux Command Shell, Reverse TCP Inline |
| payload/linux/mipsle/exec | Linux Execute Command |
| payload/linux/mipsle/meterpreter_reverse_http | Linux Meterpreter, Reverse HTTP Inline |
| payload/linux/mipsle/meterpreter_reverse_https | Linux Meterpreter, Reverse HTTPS Inline |
| payload/linux/mipsle/meterpreter/reverse_tcp | Linux Meterpreter, Reverse TCP Stager |
| payload/linux/mipsle/meterpreter_reverse_tcp | Linux Meterpreter, Reverse TCP Inline |
| payload/linux/mipsle/reboot | Linux Reboot |
| payload/linux/mipsle/shell_bind_tcp | Linux Command Shell, Bind TCP Inline |
| payload/linux/mipsle/shell/reverse_tcp | Linux Command Shell, Reverse TCP Stager |
| payload/linux/mipsle/shell_reverse_tcp | Linux Command Shell, Reverse TCP Inline |
| payload/linux/ppc64le/meterpreter_reverse_http | Linux Meterpreter, Reverse HTTP Inline |
| payload/linux/ppc64le/meterpreter_reverse_https | Linux Meterpreter, Reverse HTTPS Inline |
| payload/linux/ppc64le/meterpreter_reverse_tcp | Linux Meterpreter, Reverse TCP Inline |
| payload/linux/ppc64/shell_bind_tcp | Linux Command Shell, Bind TCP Inline |
| payload/linux/ppc64/shell_find_port | Linux Command Shell, Find Port Inline |
| payload/linux/ppc64/shell_reverse_tcp | Linux Command Shell, Reverse TCP Inline |
| payload/linux/ppce500v2/meterpreter_reverse_http | Linux Meterpreter, Reverse HTTP Inline |
| payload/linux/ppce500v2/meterpreter_reverse_https | Linux Meterpreter, Reverse HTTPS Inline |
| payload/linux/ppce500v2/meterpreter_reverse_tcp | Linux Meterpreter, Reverse TCP Inline |
| payload/linux/ppc/meterpreter_reverse_http | Linux Meterpreter, Reverse HTTP Inline |
| payload/linux/ppc/meterpreter_reverse_https | Linux Meterpreter, Reverse HTTPS Inline |
| payload/linux/ppc/meterpreter_reverse_tcp | Linux Meterpreter, Reverse TCP Inline |
| payload/linux/ppc/shell_bind_tcp | Linux Command Shell, Bind TCP Inline |
| payload/linux/ppc/shell_find_port | Linux Command Shell, Find Port Inline |
| payload/linux/ppc/shell_reverse_tcp | Linux Command Shell, Reverse TCP Inline |
| payload/linux/x64/exec | Linux Execute Command |
| payload/linux/x64/meterpreter/bind_tcp | Linux Mettle x64, Bind TCP Stager |
| payload/linux/x64/meterpreter_reverse_http | Linux Meterpreter, Reverse HTTP Inline |
| payload/linux/x64/meterpreter_reverse_https | Linux Meterpreter, Reverse HTTPS Inline |
| payload/linux/x64/meterpreter/reverse_tcp | Linux Mettle x64, Reverse TCP Stager |
| payload/linux/x64/meterpreter_reverse_tcp | Linux Meterpreter, Reverse TCP Inline |
| payload/linux/x64/pingback_bind_tcp | Linux x64 Pingback, Bind TCP Inline |
| payload/linux/x64/pingback_reverse_tcp | Linux x64 Pingback, Reverse TCP Inline |
| payload/linux/x64/shell_bind_ipv6_tcp | Linux x64 Command Shell, Bind TCP Inline (IPv6) |
| payload/linux/x64/shell/bind_tcp | Linux Command Shell, Bind TCP Stager |
| payload/linux/x64/shell_bind_tcp | Linux Command Shell, Bind TCP Inline |
| payload/linux/x64/shell_bind_tcp_random_port | Linux Command Shell, Bind TCP Random Port Inline |
| payload/linux/x64/shell_find_port | Linux Command Shell, Find Port Inline |
| payload/linux/x64/shell_reverse_ipv6_tcp | Linux x64 Command Shell, Reverse TCP Inline (IPv6) |
| payload/linux/x64/shell/reverse_tcp | Linux Command Shell, Reverse TCP Stager |
| payload/linux/x64/shell_reverse_tcp | Linux Command Shell, Reverse TCP Inline |
| payload/linux/x86/adduser | Linux Add User |
| payload/linux/x86/chmod | Linux Chmod |
| payload/linux/x86/exec | Linux Execute Command |
| payload/linux/x86/meterpreter/bind_ipv6_tcp | Linux Mettle x86, Bind IPv6 TCP Stager (Linux x86) |
| payload/linux/x86/meterpreter/bind_ipv6_tcp_uuid | Linux Mettle x86, Bind IPv6 TCP Stager with UUID Support (Linux x86) |
| payload/linux/x86/meterpreter/bind_nonx_tcp | Linux Mettle x86, Bind TCP Stager |
| payload/linux/x86/meterpreter/bind_tcp | Linux Mettle x86, Bind TCP Stager (Linux x86) |
| payload/linux/x86/meterpreter/bind_tcp_uuid | Linux Mettle x86, Bind TCP Stager with UUID Support (Linux x86) |
| payload/linux/x86/meterpreter/find_tag | Linux Mettle x86, Find Tag Stager |
| payload/linux/x86/meterpreter_reverse_http | Linux Meterpreter, Reverse HTTP Inline |
| payload/linux/x86/meterpreter_reverse_https | Linux Meterpreter, Reverse HTTPS Inline |
| payload/linux/x86/meterpreter/reverse_ipv6_tcp | Linux Mettle x86, Reverse TCP Stager (IPv6) |
| payload/linux/x86/meterpreter/reverse_nonx_tcp | Linux Mettle x86, Reverse TCP Stager |
| payload/linux/x86/meterpreter/reverse_tcp | Linux Mettle x86, Reverse TCP Stager |
| payload/linux/x86/meterpreter_reverse_tcp | Linux Meterpreter, Reverse TCP Inline |
| payload/linux/x86/meterpreter/reverse_tcp_uuid | Linux Mettle x86, Reverse TCP Stager |
| payload/linux/x86/metsvc_bind_tcp | Linux Meterpreter Service, Bind TCP |
| payload/linux/x86/metsvc_reverse_tcp | Linux Meterpreter Service, Reverse TCP Inline |
| payload/linux/x86/read_file | Linux Read File |
| payload/linux/x86/shell/bind_ipv6_tcp | Linux Command Shell, Bind IPv6 TCP Stager (Linux x86) |
| payload/linux/x86/shell_bind_ipv6_tcp | Linux Command Shell, Bind TCP Inline (IPv6) |
| payload/linux/x86/shell/bind_ipv6_tcp_uuid | Linux Command Shell, Bind IPv6 TCP Stager with UUID Support (Linux x86) |
| payload/linux/x86/shell/bind_nonx_tcp | Linux Command Shell, Bind TCP Stager |
| payload/linux/x86/shell/bind_tcp | Linux Command Shell, Bind TCP Stager (Linux x86) |
| payload/linux/x86/shell_bind_tcp | Linux Command Shell, Bind TCP Inline |
| payload/linux/x86/shell_bind_tcp_random_port | Linux Command Shell, Bind TCP Random Port Inline |
| payload/linux/x86/shell/bind_tcp_uuid | Linux Command Shell, Bind TCP Stager with UUID Support (Linux x86) |
| payload/linux/x86/shell_find_port | Linux Command Shell, Find Port Inline |
| payload/linux/x86/shell/find_tag | Linux Command Shell, Find Tag Stager |
| payload/linux/x86/shell_find_tag | Linux Command Shell, Find Tag Inline |
| payload/linux/x86/shell/reverse_ipv6_tcp | Linux Command Shell, Reverse TCP Stager (IPv6) |
| payload/linux/x86/shell/reverse_nonx_tcp | Linux Command Shell, Reverse TCP Stager |
| payload/linux/x86/shell/reverse_tcp | Linux Command Shell, Reverse TCP Stager |
| payload/linux/x86/shell_reverse_tcp | Linux Command Shell, Reverse TCP Inline |
| payload/linux/x86/shell_reverse_tcp_ipv6 | Linux Command Shell, Reverse TCP Inline (IPv6) |
| payload/linux/x86/shell/reverse_tcp_uuid | Linux Command Shell, Reverse TCP Stager |
| payload/linux/zarch/meterpreter_reverse_http | Linux Meterpreter, Reverse HTTP Inline |
| payload/linux/zarch/meterpreter_reverse_https | Linux Meterpreter, Reverse HTTPS Inline |
| payload/linux/zarch/meterpreter_reverse_tcp | Linux Meterpreter, Reverse TCP Inline |
| payload/mainframe/shell_reverse_tcp | Z/OS (MVS) Command Shell, Reverse TCP Inline |
| payload/multi/meterpreter/reverse_http | Architecture-Independent Meterpreter Stage, Reverse HTTP Stager (Multiple Architectures) |
| payload/multi/meterpreter/reverse_https | Architecture-Independent Meterpreter Stage, Reverse HTTPS Stager (Multiple Architectures) |
| payload/netware/shell/reverse_tcp | NetWare Command Shell, Reverse TCP Stager |
| payload/nodejs/shell_bind_tcp | Command Shell, Bind TCP (via nodejs) |
| payload/nodejs/shell_reverse_tcp | Command Shell, Reverse TCP (via nodejs) |
| payload/nodejs/shell_reverse_tcp_ssl | Command Shell, Reverse TCP SSL (via nodejs) |
| payload/osx/armle/execute/bind_tcp | OS X Write and Execute Binary, Bind TCP Stager |
| payload/osx/armle/execute/reverse_tcp | OS X Write and Execute Binary, Reverse TCP Stager |
| payload/osx/armle/shell/bind_tcp | OS X Command Shell, Bind TCP Stager |
| payload/osx/armle/shell_bind_tcp | Apple iOS Command Shell, Bind TCP Inline |
| payload/osx/armle/shell/reverse_tcp | OS X Command Shell, Reverse TCP Stager |
| payload/osx/armle/shell_reverse_tcp | Apple iOS Command Shell, Reverse TCP Inline |
| payload/osx/armle/vibrate | Apple iOS iPhone Vibrate |
| payload/osx/ppc/shell/bind_tcp | OS X Command Shell, Bind TCP Stager |
| payload/osx/ppc/shell_bind_tcp | OS X Command Shell, Bind TCP Inline |
| payload/osx/ppc/shell/find_tag | OS X Command Shell, Find Tag Stager |
| payload/osx/ppc/shell/reverse_tcp | OS X Command Shell, Reverse TCP Stager |
| payload/osx/ppc/shell_reverse_tcp | OS X Command Shell, Reverse TCP Inline |
| payload/osx/x64/dupandexecve/bind_tcp | OS X dup2 Command Shell, Bind TCP Stager |
| payload/osx/x64/dupandexecve/reverse_tcp | OS X dup2 Command Shell, Reverse TCP Stager |
| payload/osx/x64/dupandexecve/reverse_tcp_uuid | OS X dup2 Command Shell, Reverse TCP Stager with UUID Support (OSX x64) |
| payload/osx/x64/exec | OS X x64 Execute Command |
| payload/osx/x64/meterpreter/bind_tcp | OSX Meterpreter, Bind TCP Stager |
| payload/osx/x64/meterpreter_reverse_http | OSX Meterpreter, Reverse HTTP Inline |
| payload/osx/x64/meterpreter_reverse_https | OSX Meterpreter, Reverse HTTPS Inline |
| payload/osx/x64/meterpreter/reverse_tcp | OSX Meterpreter, Reverse TCP Stager |
| payload/osx/x64/meterpreter_reverse_tcp | OSX Meterpreter, Reverse TCP Inline |
| payload/osx/x64/meterpreter/reverse_tcp_uuid | OSX Meterpreter, Reverse TCP Stager with UUID Support (OSX x64) |
| payload/osx/x64/say | OS X x64 say Shellcode |
| payload/osx/x64/shell_bind_tcp | OS X x64 Shell Bind TCP |
| payload/osx/x64/shell_find_tag | OSX Command Shell, Find Tag Inline |
| payload/osx/x64/shell_reverse_tcp | OS X x64 Shell Reverse TCP |
| payload/osx/x86/bundleinject/bind_tcp | Mac OS X Inject Mach-O Bundle, Bind TCP Stager |
| payload/osx/x86/bundleinject/reverse_tcp | Mac OS X Inject Mach-O Bundle, Reverse TCP Stager |
| payload/osx/x86/exec | OS X Execute Command |
| payload/osx/x86/isight/bind_tcp | Mac OS X x86 iSight Photo Capture, Bind TCP Stager |
| payload/osx/x86/isight/reverse_tcp | Mac OS X x86 iSight Photo Capture, Reverse TCP Stager |
| payload/osx/x86/shell_bind_tcp | OS X Command Shell, Bind TCP Inline |
| payload/osx/x86/shell_find_port | OS X Command Shell, Find Port Inline |
| payload/osx/x86/shell_reverse_tcp | OS X Command Shell, Reverse TCP Inline |
| payload/osx/x86/vforkshell/bind_tcp | OS X (vfork) Command Shell, Bind TCP Stager |
| payload/osx/x86/vforkshell_bind_tcp | OS X (vfork) Command Shell, Bind TCP Inline |
| payload/osx/x86/vforkshell/reverse_tcp | OS X (vfork) Command Shell, Reverse TCP Stager |
| payload/osx/x86/vforkshell_reverse_tcp | OS X (vfork) Command Shell, Reverse TCP Inline |
| payload/php/bind_perl | PHP Command Shell, Bind TCP (via Perl) |
| payload/php/bind_perl_ipv6 | PHP Command Shell, Bind TCP (via perl) IPv6 |
| payload/php/bind_php | PHP Command Shell, Bind TCP (via PHP) |
| payload/php/bind_php_ipv6 | PHP Command Shell, Bind TCP (via php) IPv6 |
| payload/php/download_exec | PHP Executable Download and Execute |
| payload/php/exec | PHP Execute Command |
| payload/php/meterpreter/bind_tcp | PHP Meterpreter, Bind TCP Stager |
| payload/php/meterpreter/bind_tcp_ipv6 | PHP Meterpreter, Bind TCP Stager IPv6 |
| payload/php/meterpreter/bind_tcp_ipv6_uuid | PHP Meterpreter, Bind TCP Stager IPv6 with UUID Support |
| payload/php/meterpreter/bind_tcp_uuid | PHP Meterpreter, Bind TCP Stager with UUID Support |
| payload/php/meterpreter/reverse_tcp | PHP Meterpreter, PHP Reverse TCP Stager |
| payload/php/meterpreter_reverse_tcp | PHP Meterpreter, Reverse TCP Inline |
| payload/php/meterpreter/reverse_tcp_uuid | PHP Meterpreter, PHP Reverse TCP Stager |
| payload/php/reverse_perl | PHP Command, Double Reverse TCP Connection (via Perl) |
| payload/php/reverse_php | PHP Command Shell, Reverse TCP (via PHP) |
| payload/php/shell_findsock | PHP Command Shell, Find Sock |
| payload/python/meterpreter/bind_tcp | Python Meterpreter, Python Bind TCP Stager |
| payload/python/meterpreter_bind_tcp | Python Meterpreter Shell, Bind TCP Inline |
| payload/python/meterpreter/bind_tcp_uuid | Python Meterpreter, Python Bind TCP Stager with UUID Support |
| payload/python/meterpreter/reverse_http | Python Meterpreter, Python Reverse HTTP Stager |
| payload/python/meterpreter_reverse_http | Python Meterpreter Shell, Reverse HTTP Inline |
| payload/python/meterpreter/reverse_https | Python Meterpreter, Python Reverse HTTPS Stager |
| payload/python/meterpreter_reverse_https | Python Meterpreter Shell, Reverse HTTPS Inline |
| payload/python/meterpreter/reverse_tcp | Python Meterpreter, Python Reverse TCP Stager |
| payload/python/meterpreter_reverse_tcp | Python Meterpreter Shell, Reverse TCP Inline |
| payload/python/meterpreter/reverse_tcp_ssl | Python Meterpreter, Python Reverse TCP SSL Stager |
| payload/python/meterpreter/reverse_tcp_uuid | Python Meterpreter, Python Reverse TCP Stager with UUID Support |
| payload/python/pingback_bind_tcp | Python Pingback, Bind TCP (via python) |
| payload/python/pingback_reverse_tcp | Python Pingback, Reverse TCP (via python) |
| payload/python/shell_bind_tcp | Command Shell, Bind TCP (via python) |
| payload/python/shell_reverse_tcp | Command Shell, Reverse TCP (via python) |
| payload/python/shell_reverse_tcp_ssl | Command Shell, Reverse TCP SSL (via python) |
| payload/python/shell_reverse_udp | Command Shell, Reverse UDP (via python) |
| payload/r/shell_bind_tcp | R Command Shell, Bind TCP |
| payload/r/shell_reverse_tcp | R Command Shell, Reverse TCP |
| payload/ruby/pingback_bind_tcp | Ruby Pingback, Bind TCP |
| payload/ruby/pingback_reverse_tcp | Ruby Pingback, Reverse TCP |
| payload/ruby/shell_bind_tcp | Ruby Command Shell, Bind TCP |
| payload/ruby/shell_bind_tcp_ipv6 | Ruby Command Shell, Bind TCP IPv6 |
| payload/ruby/shell_reverse_tcp | Ruby Command Shell, Reverse TCP |
| payload/ruby/shell_reverse_tcp_ssl | Ruby Command Shell, Reverse TCP SSL |
| payload/solaris/sparc/shell_bind_tcp | Solaris Command Shell, Bind TCP Inline |
| payload/solaris/sparc/shell_find_port | Solaris Command Shell, Find Port Inline |
| payload/solaris/sparc/shell_reverse_tcp | Solaris Command Shell, Reverse TCP Inline |
| payload/solaris/x86/shell_bind_tcp | Solaris Command Shell, Bind TCP Inline |
| payload/solaris/x86/shell_find_port | Solaris Command Shell, Find Port Inline |
| payload/solaris/x86/shell_reverse_tcp | Solaris Command Shell, Reverse TCP Inline |
| payload/tty/unix/interact | Unix TTY, Interact with Established Connection |
| payload/windows/adduser | Windows Execute net user /ADD |
| payload/windows/custom/bind_hidden_ipknock_tcp | Windows shellcode stage, Hidden Bind Ipknock TCP Stager |
| payload/windows/custom/bind_hidden_tcp | Windows shellcode stage, Hidden Bind TCP Stager |
| payload/windows/custom/bind_ipv6_tcp | Windows shellcode stage, Bind IPv6 TCP Stager (Windows x86) |
| payload/windows/custom/bind_ipv6_tcp_uuid | Windows shellcode stage, Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/windows/custom/bind_named_pipe | Windows shellcode stage, Windows x86 Bind Named Pipe Stager |
| payload/windows/custom/bind_nonx_tcp | Windows shellcode stage, Bind TCP Stager (No NX or Win7) |
| payload/windows/custom/bind_tcp | Windows shellcode stage, Bind TCP Stager (Windows x86) |
| payload/windows/custom/bind_tcp_rc4 | Windows shellcode stage, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/custom/bind_tcp_uuid | Windows shellcode stage, Bind TCP Stager with UUID Support (Windows x86) |
| payload/windows/custom/find_tag | Windows shellcode stage, Find Tag Ordinal Stager |
| payload/windows/custom/reverse_hop_http | Windows shellcode stage, Reverse Hop HTTP/HTTPS Stager |
| payload/windows/custom/reverse_http | Windows shellcode stage, Windows Reverse HTTP Stager (wininet) |
| payload/windows/custom/reverse_http_proxy_pstore | Windows shellcode stage, Reverse HTTP Stager Proxy |
| payload/windows/custom/reverse_https | Windows shellcode stage, Windows Reverse HTTPS Stager (wininet) |
| payload/windows/custom/reverse_https_proxy | Windows shellcode stage, Reverse HTTPS Stager with Support for Custom Proxy |
| payload/windows/custom/reverse_ipv6_tcp | Windows shellcode stage, Reverse TCP Stager (IPv6) |
| payload/windows/custom/reverse_named_pipe | Windows shellcode stage, Windows x86 Reverse Named Pipe (SMB) Stager |
| payload/windows/custom/reverse_nonx_tcp | Windows shellcode stage, Reverse TCP Stager (No NX or Win7) |
| payload/windows/custom/reverse_ord_tcp | Windows shellcode stage, Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/windows/custom/reverse_tcp_allports | Windows shellcode stage, Reverse All-Port TCP Stager |
| payload/windows/custom/reverse_tcp_dns | Windows shellcode stage, Reverse TCP Stager (DNS) |
| payload/windows/custom/reverse_tcp | Windows shellcode stage, Reverse TCP Stager |
| payload/windows/custom/reverse_tcp_rc4_dns | Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/windows/custom/reverse_tcp_rc4 | Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/custom/reverse_tcp_uuid | Windows shellcode stage, Reverse TCP Stager with UUID Support |
| payload/windows/custom/reverse_udp | Windows shellcode stage, Reverse UDP Stager with UUID Support |
| payload/windows/custom/reverse_winhttp | Windows shellcode stage, Windows Reverse HTTP Stager (winhttp) |
| payload/windows/custom/reverse_winhttps | Windows shellcode stage, Windows Reverse HTTPS Stager (winhttp) |
| payload/windows/dllinject/bind_hidden_ipknock_tcp | Reflective DLL Injection, Hidden Bind Ipknock TCP Stager |
| payload/windows/dllinject/bind_hidden_tcp | Reflective DLL Injection, Hidden Bind TCP Stager |
| payload/windows/dllinject/bind_ipv6_tcp | Reflective DLL Injection, Bind IPv6 TCP Stager (Windows x86) |
| payload/windows/dllinject/bind_ipv6_tcp_uuid | Reflective DLL Injection, Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/windows/dllinject/bind_named_pipe | Reflective DLL Injection, Windows x86 Bind Named Pipe Stager |
| payload/windows/dllinject/bind_nonx_tcp | Reflective DLL Injection, Bind TCP Stager (No NX or Win7) |
| payload/windows/dllinject/bind_tcp | Reflective DLL Injection, Bind TCP Stager (Windows x86) |
| payload/windows/dllinject/bind_tcp_rc4 | Reflective DLL Injection, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/dllinject/bind_tcp_uuid | Reflective DLL Injection, Bind TCP Stager with UUID Support (Windows x86) |
| payload/windows/dllinject/find_tag | Reflective DLL Injection, Find Tag Ordinal Stager |
| payload/windows/dllinject/reverse_hop_http | Reflective DLL Injection, Reverse Hop HTTP/HTTPS Stager |
| payload/windows/dllinject/reverse_http | Reflective DLL Injection, Windows Reverse HTTP Stager (wininet) |
| payload/windows/dllinject/reverse_http_proxy_pstore | Reflective DLL Injection, Reverse HTTP Stager Proxy |
| payload/windows/dllinject/reverse_ipv6_tcp | Reflective DLL Injection, Reverse TCP Stager (IPv6) |
| payload/windows/dllinject/reverse_nonx_tcp | Reflective DLL Injection, Reverse TCP Stager (No NX or Win7) |
| payload/windows/dllinject/reverse_ord_tcp | Reflective DLL Injection, Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/windows/dllinject/reverse_tcp_allports | Reflective DLL Injection, Reverse All-Port TCP Stager |
| payload/windows/dllinject/reverse_tcp_dns | Reflective DLL Injection, Reverse TCP Stager (DNS) |
| payload/windows/dllinject/reverse_tcp | Reflective DLL Injection, Reverse TCP Stager |
| payload/windows/dllinject/reverse_tcp_rc4_dns | Reflective DLL Injection, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/windows/dllinject/reverse_tcp_rc4 | Reflective DLL Injection, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/dllinject/reverse_tcp_uuid | Reflective DLL Injection, Reverse TCP Stager with UUID Support |
| payload/windows/dllinject/reverse_winhttp | Reflective DLL Injection, Windows Reverse HTTP Stager (winhttp) |
| payload/windows/dns_txt_query_exec | DNS TXT Record Payload Download and Execution |
| payload/windows/download_exec | Windows Executable Download (http,https,ftp) and Execute |
| payload/windows/exec | Windows Execute Command |
| payload/windows/format_all_drives | Windows Drive Formatter |
| payload/windows/loadlibrary | Windows LoadLibrary Path |
| payload/windows/messagebox | Windows MessageBox |
| payload/windows/meterpreter/bind_hidden_ipknock_tcp | Windows Meterpreter (Reflective Injection), Hidden Bind Ipknock TCP Stager |
| payload/windows/meterpreter/bind_hidden_tcp | Windows Meterpreter (Reflective Injection), Hidden Bind TCP Stager |
| payload/windows/meterpreter/bind_ipv6_tcp | Windows Meterpreter (Reflective Injection), Bind IPv6 TCP Stager (Windows x86) |
| payload/windows/meterpreter/bind_ipv6_tcp_uuid | Windows Meterpreter (Reflective Injection), Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/windows/meterpreter/bind_named_pipe | Windows Meterpreter (Reflective Injection), Windows x86 Bind Named Pipe Stager |
| payload/windows/meterpreter_bind_named_pipe | Windows Meterpreter Shell, Bind Named Pipe Inline |
| payload/windows/meterpreter/bind_nonx_tcp | Windows Meterpreter (Reflective Injection), Bind TCP Stager (No NX or Win7) |
| payload/windows/meterpreter/bind_tcp | Windows Meterpreter (Reflective Injection), Bind TCP Stager (Windows x86) |
| payload/windows/meterpreter_bind_tcp | Windows Meterpreter Shell, Bind TCP Inline |
| payload/windows/meterpreter/bind_tcp_rc4 | Windows Meterpreter (Reflective Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/meterpreter/bind_tcp_uuid | Windows Meterpreter (Reflective Injection), Bind TCP Stager with UUID Support (Windows x86) |
| payload/windows/meterpreter/find_tag | Windows Meterpreter (Reflective Injection), Find Tag Ordinal Stager |
| payload/windows/meterpreter/reverse_hop_http | Windows Meterpreter (Reflective Injection), Reverse Hop HTTP/HTTPS Stager |
| payload/windows/meterpreter/reverse_http | Windows Meterpreter (Reflective Injection), Windows Reverse HTTP Stager (wininet) |
| payload/windows/meterpreter_reverse_http | Windows Meterpreter Shell, Reverse HTTP Inline |
| payload/windows/meterpreter/reverse_http_proxy_pstore | Windows Meterpreter (Reflective Injection), Reverse HTTP Stager Proxy |
| payload/windows/meterpreter/reverse_https | Windows Meterpreter (Reflective Injection), Windows Reverse HTTPS Stager (wininet) |
| payload/windows/meterpreter_reverse_https | Windows Meterpreter Shell, Reverse HTTPS Inline |
| payload/windows/meterpreter/reverse_https_proxy | Windows Meterpreter (Reflective Injection), Reverse HTTPS Stager with Support for Custom Proxy |
| payload/windows/meterpreter/reverse_ipv6_tcp | Windows Meterpreter (Reflective Injection), Reverse TCP Stager (IPv6) |
| payload/windows/meterpreter_reverse_ipv6_tcp | Windows Meterpreter Shell, Reverse TCP Inline (IPv6) |
| payload/windows/meterpreter/reverse_named_pipe | Windows Meterpreter (Reflective Injection), Windows x86 Reverse Named Pipe (SMB) Stager |
| payload/windows/meterpreter/reverse_nonx_tcp | Windows Meterpreter (Reflective Injection), Reverse TCP Stager (No NX or Win7) |
| payload/windows/meterpreter/reverse_ord_tcp | Windows Meterpreter (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/windows/meterpreter/reverse_tcp_allports | Windows Meterpreter (Reflective Injection), Reverse All-Port TCP Stager |
| payload/windows/meterpreter/reverse_tcp_dns | Windows Meterpreter (Reflective Injection), Reverse TCP Stager (DNS) |
| payload/windows/meterpreter/reverse_tcp | Windows Meterpreter (Reflective Injection), Reverse TCP Stager |
| payload/windows/meterpreter_reverse_tcp | Windows Meterpreter Shell, Reverse TCP Inline |
| payload/windows/meterpreter/reverse_tcp_rc4_dns | Windows Meterpreter (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/windows/meterpreter/reverse_tcp_rc4 | Windows Meterpreter (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/meterpreter/reverse_tcp_uuid | Windows Meterpreter (Reflective Injection), Reverse TCP Stager with UUID Support |
| payload/windows/meterpreter/reverse_winhttp | Windows Meterpreter (Reflective Injection), Windows Reverse HTTP Stager (winhttp) |
| payload/windows/meterpreter/reverse_winhttps | Windows Meterpreter (Reflective Injection), Windows Reverse HTTPS Stager (winhttp) |
| payload/windows/metsvc_bind_tcp | Windows Meterpreter Service, Bind TCP |
| payload/windows/metsvc_reverse_tcp | Windows Meterpreter Service, Reverse TCP Inline |
| payload/windows/patchupdllinject/bind_hidden_ipknock_tcp | Windows Inject DLL, Hidden Bind Ipknock TCP Stager |
| payload/windows/patchupdllinject/bind_hidden_tcp | Windows Inject DLL, Hidden Bind TCP Stager |
| payload/windows/patchupdllinject/bind_ipv6_tcp | Windows Inject DLL, Bind IPv6 TCP Stager (Windows x86) |
| payload/windows/patchupdllinject/bind_ipv6_tcp_uuid | Windows Inject DLL, Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/windows/patchupdllinject/bind_named_pipe | Windows Inject DLL, Windows x86 Bind Named Pipe Stager |
| payload/windows/patchupdllinject/bind_nonx_tcp | Windows Inject DLL, Bind TCP Stager (No NX or Win7) |
| payload/windows/patchupdllinject/bind_tcp | Windows Inject DLL, Bind TCP Stager (Windows x86) |
| payload/windows/patchupdllinject/bind_tcp_rc4 | Windows Inject DLL, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/patchupdllinject/bind_tcp_uuid | Windows Inject DLL, Bind TCP Stager with UUID Support (Windows x86) |
| payload/windows/patchupdllinject/find_tag | Windows Inject DLL, Find Tag Ordinal Stager |
| payload/windows/patchupdllinject/reverse_ipv6_tcp | Windows Inject DLL, Reverse TCP Stager (IPv6) |
| payload/windows/patchupdllinject/reverse_nonx_tcp | Windows Inject DLL, Reverse TCP Stager (No NX or Win7) |
| payload/windows/patchupdllinject/reverse_ord_tcp | Windows Inject DLL, Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/windows/patchupdllinject/reverse_tcp_allports | Windows Inject DLL, Reverse All-Port TCP Stager |
| payload/windows/patchupdllinject/reverse_tcp_dns | Windows Inject DLL, Reverse TCP Stager (DNS) |
| payload/windows/patchupdllinject/reverse_tcp | Windows Inject DLL, Reverse TCP Stager |
| payload/windows/patchupdllinject/reverse_tcp_rc4_dns | Windows Inject DLL, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/windows/patchupdllinject/reverse_tcp_rc4 | Windows Inject DLL, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/patchupdllinject/reverse_tcp_uuid | Windows Inject DLL, Reverse TCP Stager with UUID Support |
| payload/windows/patchupmeterpreter/bind_hidden_ipknock_tcp | Windows Meterpreter (skape/jt Injection), Hidden Bind Ipknock TCP Stager |
| payload/windows/patchupmeterpreter/bind_hidden_tcp | Windows Meterpreter (skape/jt Injection), Hidden Bind TCP Stager |
| payload/windows/patchupmeterpreter/bind_ipv6_tcp | Windows Meterpreter (skape/jt Injection), Bind IPv6 TCP Stager (Windows x86) |
| payload/windows/patchupmeterpreter/bind_ipv6_tcp_uuid | Windows Meterpreter (skape/jt Injection), Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/windows/patchupmeterpreter/bind_named_pipe | Windows Meterpreter (skape/jt Injection), Windows x86 Bind Named Pipe Stager |
| payload/windows/patchupmeterpreter/bind_nonx_tcp | Windows Meterpreter (skape/jt Injection), Bind TCP Stager (No NX or Win7) |
| payload/windows/patchupmeterpreter/bind_tcp | Windows Meterpreter (skape/jt Injection), Bind TCP Stager (Windows x86) |
| payload/windows/patchupmeterpreter/bind_tcp_rc4 | Windows Meterpreter (skape/jt Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/patchupmeterpreter/bind_tcp_uuid | Windows Meterpreter (skape/jt Injection), Bind TCP Stager with UUID Support (Windows x86) |
| payload/windows/patchupmeterpreter/find_tag | Windows Meterpreter (skape/jt Injection), Find Tag Ordinal Stager |
| payload/windows/patchupmeterpreter/reverse_ipv6_tcp | Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (IPv6) |
| payload/windows/patchupmeterpreter/reverse_nonx_tcp | Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (No NX or Win7) |
| payload/windows/patchupmeterpreter/reverse_ord_tcp | Windows Meterpreter (skape/jt Injection), Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/windows/patchupmeterpreter/reverse_tcp_allports | Windows Meterpreter (skape/jt Injection), Reverse All-Port TCP Stager |
| payload/windows/patchupmeterpreter/reverse_tcp_dns | Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (DNS) |
| payload/windows/patchupmeterpreter/reverse_tcp | Windows Meterpreter (skape/jt Injection), Reverse TCP Stager |
| payload/windows/patchupmeterpreter/reverse_tcp_rc4_dns | Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/windows/patchupmeterpreter/reverse_tcp_rc4 | Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/patchupmeterpreter/reverse_tcp_uuid | Windows Meterpreter (skape/jt Injection), Reverse TCP Stager with UUID Support |
| payload/windows/peinject/bind_hidden_ipknock_tcp | Windows Inject PE Files, Hidden Bind Ipknock TCP Stager |
| payload/windows/peinject/bind_hidden_tcp | Windows Inject PE Files, Hidden Bind TCP Stager |
| payload/windows/peinject/bind_ipv6_tcp | Windows Inject PE Files, Bind IPv6 TCP Stager (Windows x86) |
| payload/windows/peinject/bind_ipv6_tcp_uuid | Windows Inject PE Files, Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/windows/peinject/bind_named_pipe | Windows Inject PE Files, Windows x86 Bind Named Pipe Stager |
| payload/windows/peinject/bind_nonx_tcp | Windows Inject PE Files, Bind TCP Stager (No NX or Win7) |
| payload/windows/peinject/bind_tcp | Windows Inject PE Files, Bind TCP Stager (Windows x86) |
| payload/windows/peinject/bind_tcp_rc4 | Windows Inject PE Files, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/peinject/bind_tcp_uuid | Windows Inject PE Files, Bind TCP Stager with UUID Support (Windows x86) |
| payload/windows/peinject/find_tag | Windows Inject PE Files, Find Tag Ordinal Stager |
| payload/windows/peinject/reverse_ipv6_tcp | Windows Inject PE Files, Reverse TCP Stager (IPv6) |
| payload/windows/peinject/reverse_named_pipe | Windows Inject PE Files, Windows x86 Reverse Named Pipe (SMB) Stager |
| payload/windows/peinject/reverse_nonx_tcp | Windows Inject PE Files, Reverse TCP Stager (No NX or Win7) |
| payload/windows/peinject/reverse_ord_tcp | Windows Inject PE Files, Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/windows/peinject/reverse_tcp_allports | Windows Inject PE Files, Reverse All-Port TCP Stager |
| payload/windows/peinject/reverse_tcp_dns | Windows Inject PE Files, Reverse TCP Stager (DNS) |
| payload/windows/peinject/reverse_tcp | Windows Inject PE Files, Reverse TCP Stager |
| payload/windows/peinject/reverse_tcp_rc4_dns | Windows Inject PE Files, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/windows/peinject/reverse_tcp_rc4 | Windows Inject PE Files, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/peinject/reverse_tcp_uuid | Windows Inject PE Files, Reverse TCP Stager with UUID Support |
| payload/windows/pingback_bind_tcp | Windows x86 Pingback, Bind TCP Inline |
| payload/windows/pingback_reverse_tcp | Windows x86 Pingback, Reverse TCP Inline |
| payload/windows/powershell_bind_tcp | Windows Interactive Powershell Session, Bind TCP |
| payload/windows/powershell_reverse_tcp | Windows Interactive Powershell Session, Reverse TCP |
| payload/windows/powershell_reverse_tcp_ssl | Windows Interactive Powershell Session, Reverse TCP SSL |
| payload/windows/shell/bind_hidden_ipknock_tcp | Windows Command Shell, Hidden Bind Ipknock TCP Stager |
| payload/windows/shell/bind_hidden_tcp | Windows Command Shell, Hidden Bind TCP Stager |
| payload/windows/shell/bind_ipv6_tcp | Windows Command Shell, Bind IPv6 TCP Stager (Windows x86) |
| payload/windows/shell/bind_ipv6_tcp_uuid | Windows Command Shell, Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/windows/shell/bind_named_pipe | Windows Command Shell, Windows x86 Bind Named Pipe Stager |
| payload/windows/shell/bind_nonx_tcp | Windows Command Shell, Bind TCP Stager (No NX or Win7) |
| payload/windows/shell/bind_tcp | Windows Command Shell, Bind TCP Stager (Windows x86) |
| payload/windows/shell_bind_tcp | Windows Command Shell, Bind TCP Inline |
| payload/windows/shell/bind_tcp_rc4 | Windows Command Shell, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/shell/bind_tcp_uuid | Windows Command Shell, Bind TCP Stager with UUID Support (Windows x86) |
| payload/windows/shell_bind_tcp_xpfw | Windows Disable Windows ICF, Command Shell, Bind TCP Inline |
| payload/windows/shell/find_tag | Windows Command Shell, Find Tag Ordinal Stager |
| payload/windows/shell_hidden_bind_tcp | Windows Command Shell, Hidden Bind TCP Inline |
| payload/windows/shell/reverse_ipv6_tcp | Windows Command Shell, Reverse TCP Stager (IPv6) |
| payload/windows/shell/reverse_nonx_tcp | Windows Command Shell, Reverse TCP Stager (No NX or Win7) |
| payload/windows/shell/reverse_ord_tcp | Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/windows/shell/reverse_tcp_allports | Windows Command Shell, Reverse All-Port TCP Stager |
| payload/windows/shell/reverse_tcp_dns | Windows Command Shell, Reverse TCP Stager (DNS) |
| payload/windows/shell/reverse_tcp | Windows Command Shell, Reverse TCP Stager |
| payload/windows/shell_reverse_tcp | Windows Command Shell, Reverse TCP Inline |
| payload/windows/shell/reverse_tcp_rc4_dns | Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/windows/shell/reverse_tcp_rc4 | Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/shell/reverse_tcp_uuid | Windows Command Shell, Reverse TCP Stager with UUID Support |
| payload/windows/shell/reverse_udp | Windows Command Shell, Reverse UDP Stager with UUID Support |
| payload/windows/speak_pwned | Windows Speech API - Say "You Got Pwned!" |
| payload/windows/upexec/bind_hidden_ipknock_tcp | Windows Upload/Execute, Hidden Bind Ipknock TCP Stager |
| payload/windows/upexec/bind_hidden_tcp | Windows Upload/Execute, Hidden Bind TCP Stager |
| payload/windows/upexec/bind_ipv6_tcp | Windows Upload/Execute, Bind IPv6 TCP Stager (Windows x86) |
| payload/windows/upexec/bind_ipv6_tcp_uuid | Windows Upload/Execute, Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/windows/upexec/bind_named_pipe | Windows Upload/Execute, Windows x86 Bind Named Pipe Stager |
| payload/windows/upexec/bind_nonx_tcp | Windows Upload/Execute, Bind TCP Stager (No NX or Win7) |
| payload/windows/upexec/bind_tcp | Windows Upload/Execute, Bind TCP Stager (Windows x86) |
| payload/windows/upexec/bind_tcp_rc4 | Windows Upload/Execute, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/upexec/bind_tcp_uuid | Windows Upload/Execute, Bind TCP Stager with UUID Support (Windows x86) |
| payload/windows/upexec/find_tag | Windows Upload/Execute, Find Tag Ordinal Stager |
| payload/windows/upexec/reverse_ipv6_tcp | Windows Upload/Execute, Reverse TCP Stager (IPv6) |
| payload/windows/upexec/reverse_nonx_tcp | Windows Upload/Execute, Reverse TCP Stager (No NX or Win7) |
| payload/windows/upexec/reverse_ord_tcp | Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/windows/upexec/reverse_tcp_allports | Windows Upload/Execute, Reverse All-Port TCP Stager |
| payload/windows/upexec/reverse_tcp_dns | Windows Upload/Execute, Reverse TCP Stager (DNS) |
| payload/windows/upexec/reverse_tcp | Windows Upload/Execute, Reverse TCP Stager |
| payload/windows/upexec/reverse_tcp_rc4_dns | Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/windows/upexec/reverse_tcp_rc4 | Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/upexec/reverse_tcp_uuid | Windows Upload/Execute, Reverse TCP Stager with UUID Support |
| payload/windows/upexec/reverse_udp | Windows Upload/Execute, Reverse UDP Stager with UUID Support |
| payload/windows/vncinject/bind_hidden_ipknock_tcp | VNC Server (Reflective Injection), Hidden Bind Ipknock TCP Stager |
| payload/windows/vncinject/bind_hidden_tcp | VNC Server (Reflective Injection), Hidden Bind TCP Stager |
| payload/windows/vncinject/bind_ipv6_tcp | VNC Server (Reflective Injection), Bind IPv6 TCP Stager (Windows x86) |
| payload/windows/vncinject/bind_ipv6_tcp_uuid | VNC Server (Reflective Injection), Bind IPv6 TCP Stager with UUID Support (Windows x86) |
| payload/windows/vncinject/bind_named_pipe | VNC Server (Reflective Injection), Windows x86 Bind Named Pipe Stager |
| payload/windows/vncinject/bind_nonx_tcp | VNC Server (Reflective Injection), Bind TCP Stager (No NX or Win7) |
| payload/windows/vncinject/bind_tcp | VNC Server (Reflective Injection), Bind TCP Stager (Windows x86) |
| payload/windows/vncinject/bind_tcp_rc4 | VNC Server (Reflective Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/vncinject/bind_tcp_uuid | VNC Server (Reflective Injection), Bind TCP Stager with UUID Support (Windows x86) |
| payload/windows/vncinject/find_tag | VNC Server (Reflective Injection), Find Tag Ordinal Stager |
| payload/windows/vncinject/reverse_hop_http | VNC Server (Reflective Injection), Reverse Hop HTTP/HTTPS Stager |
| payload/windows/vncinject/reverse_http | VNC Server (Reflective Injection), Windows Reverse HTTP Stager (wininet) |
| payload/windows/vncinject/reverse_http_proxy_pstore | VNC Server (Reflective Injection), Reverse HTTP Stager Proxy |
| payload/windows/vncinject/reverse_ipv6_tcp | VNC Server (Reflective Injection), Reverse TCP Stager (IPv6) |
| payload/windows/vncinject/reverse_nonx_tcp | VNC Server (Reflective Injection), Reverse TCP Stager (No NX or Win7) |
| payload/windows/vncinject/reverse_ord_tcp | VNC Server (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7) |
| payload/windows/vncinject/reverse_tcp_allports | VNC Server (Reflective Injection), Reverse All-Port TCP Stager |
| payload/windows/vncinject/reverse_tcp_dns | VNC Server (Reflective Injection), Reverse TCP Stager (DNS) |
| payload/windows/vncinject/reverse_tcp | VNC Server (Reflective Injection), Reverse TCP Stager |
| payload/windows/vncinject/reverse_tcp_rc4_dns | VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm) |
| payload/windows/vncinject/reverse_tcp_rc4 | VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/vncinject/reverse_tcp_uuid | VNC Server (Reflective Injection), Reverse TCP Stager with UUID Support |
| payload/windows/vncinject/reverse_winhttp | VNC Server (Reflective Injection), Windows Reverse HTTP Stager (winhttp) |
| payload/windows/x64/custom/bind_ipv6_tcp | Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager |
| payload/windows/x64/custom/bind_ipv6_tcp_uuid | Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager with UUID Support |
| payload/windows/x64/custom/bind_named_pipe | Windows shellcode stage, Windows x64 Bind Named Pipe Stager |
| payload/windows/x64/custom/bind_tcp | Windows shellcode stage, Windows x64 Bind TCP Stager |
| payload/windows/x64/custom/bind_tcp_rc4 | Windows shellcode stage, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/x64/custom/bind_tcp_uuid | Windows shellcode stage, Bind TCP Stager with UUID Support (Windows x64) |
| payload/windows/x64/custom/reverse_http | Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet) |
| payload/windows/x64/custom/reverse_https | Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet) |
| payload/windows/x64/custom/reverse_named_pipe | Windows shellcode stage, Windows x64 Reverse Named Pipe (SMB) Stager |
| payload/windows/x64/custom/reverse_tcp | Windows shellcode stage, Windows x64 Reverse TCP Stager |
| payload/windows/x64/custom/reverse_tcp_rc4 | Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/x64/custom/reverse_tcp_uuid | Windows shellcode stage, Reverse TCP Stager with UUID Support (Windows x64) |
| payload/windows/x64/custom/reverse_winhttp | Windows shellcode stage, Windows x64 Reverse HTTP Stager (winhttp) |
| payload/windows/x64/custom/reverse_winhttps | Windows shellcode stage, Windows x64 Reverse HTTPS Stager (winhttp) |
| payload/windows/x64/exec | Windows x64 Execute Command |
| payload/windows/x64/loadlibrary | Windows x64 LoadLibrary Path |
| payload/windows/x64/messagebox | Windows MessageBox x64 |
| payload/windows/x64/meterpreter/bind_ipv6_tcp | Windows Meterpreter (Reflective Injection x64), Windows x64 IPv6 Bind TCP Stager |
| payload/windows/x64/meterpreter/bind_ipv6_tcp_uuid | Windows Meterpreter (Reflective Injection x64), Windows x64 IPv6 Bind TCP Stager with UUID Support |
| payload/windows/x64/meterpreter/bind_named_pipe | Windows Meterpreter (Reflective Injection x64), Windows x64 Bind Named Pipe Stager |
| payload/windows/x64/meterpreter_bind_named_pipe | Windows Meterpreter Shell, Bind Named Pipe Inline (x64) |
| payload/windows/x64/meterpreter/bind_tcp | Windows Meterpreter (Reflective Injection x64), Windows x64 Bind TCP Stager |
| payload/windows/x64/meterpreter_bind_tcp | Windows Meterpreter Shell, Bind TCP Inline (x64) |
| payload/windows/x64/meterpreter/bind_tcp_rc4 | Windows Meterpreter (Reflective Injection x64), Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/x64/meterpreter/bind_tcp_uuid | Windows Meterpreter (Reflective Injection x64), Bind TCP Stager with UUID Support (Windows x64) |
| payload/windows/x64/meterpreter/reverse_http | Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTP Stager (wininet) |
| payload/windows/x64/meterpreter_reverse_http | Windows Meterpreter Shell, Reverse HTTP Inline (x64) |
| payload/windows/x64/meterpreter/reverse_https | Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTP Stager (wininet) |
| payload/windows/x64/meterpreter_reverse_https | Windows Meterpreter Shell, Reverse HTTPS Inline (x64) |
| payload/windows/x64/meterpreter_reverse_ipv6_tcp | Windows Meterpreter Shell, Reverse TCP Inline (IPv6) (x64) |
| payload/windows/x64/meterpreter/reverse_named_pipe | Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse Named Pipe (SMB) Stager |
| payload/windows/x64/meterpreter/reverse_tcp | Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse TCP Stager |
| payload/windows/x64/meterpreter_reverse_tcp | Windows Meterpreter Shell, Reverse TCP Inline x64 |
| payload/windows/x64/meterpreter/reverse_tcp_rc4 | Windows Meterpreter (Reflective Injection x64), Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/x64/meterpreter/reverse_tcp_uuid | Windows Meterpreter (Reflective Injection x64), Reverse TCP Stager with UUID Support (Windows x64) |
| payload/windows/x64/meterpreter/reverse_winhttp | Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTP Stager (winhttp) |
| payload/windows/x64/meterpreter/reverse_winhttps | Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTPS Stager (winhttp) |
| payload/windows/x64/peinject/bind_ipv6_tcp | Windows Inject Reflective PE Files, Windows x64 IPv6 Bind TCP Stager |
| payload/windows/x64/peinject/bind_ipv6_tcp_uuid | Windows Inject Reflective PE Files, Windows x64 IPv6 Bind TCP Stager with UUID Support |
| payload/windows/x64/peinject/bind_named_pipe | Windows Inject Reflective PE Files, Windows x64 Bind Named Pipe Stager |
| payload/windows/x64/peinject/bind_tcp | Windows Inject Reflective PE Files, Windows x64 Bind TCP Stager |
| payload/windows/x64/peinject/bind_tcp_rc4 | Windows Inject Reflective PE Files, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/x64/peinject/bind_tcp_uuid | Windows Inject Reflective PE Files, Bind TCP Stager with UUID Support (Windows x64) |
| payload/windows/x64/peinject/reverse_named_pipe | Windows Inject Reflective PE Files, Windows x64 Reverse Named Pipe (SMB) Stager |
| payload/windows/x64/peinject/reverse_tcp | Windows Inject Reflective PE Files, Windows x64 Reverse TCP Stager |
| payload/windows/x64/peinject/reverse_tcp_rc4 | Windows Inject Reflective PE Files, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/x64/peinject/reverse_tcp_uuid | Windows Inject Reflective PE Files, Reverse TCP Stager with UUID Support (Windows x64) |
| payload/windows/x64/pingback_reverse_tcp | Windows x64 Pingback, Reverse TCP Inline |
| payload/windows/x64/powershell_bind_tcp | Windows Interactive Powershell Session, Bind TCP |
| payload/windows/x64/powershell_reverse_tcp | Windows Interactive Powershell Session, Reverse TCP |
| payload/windows/x64/powershell_reverse_tcp_ssl | Windows Interactive Powershell Session, Reverse TCP SSL |
| payload/windows/x64/shell/bind_ipv6_tcp | Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager |
| payload/windows/x64/shell/bind_ipv6_tcp_uuid | Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager with UUID Support |
| payload/windows/x64/shell/bind_named_pipe | Windows x64 Command Shell, Windows x64 Bind Named Pipe Stager |
| payload/windows/x64/shell/bind_tcp | Windows x64 Command Shell, Windows x64 Bind TCP Stager |
| payload/windows/x64/shell_bind_tcp | Windows x64 Command Shell, Bind TCP Inline |
| payload/windows/x64/shell/bind_tcp_rc4 | Windows x64 Command Shell, Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/x64/shell/bind_tcp_uuid | Windows x64 Command Shell, Bind TCP Stager with UUID Support (Windows x64) |
| payload/windows/x64/shell/reverse_tcp | Windows x64 Command Shell, Windows x64 Reverse TCP Stager |
| payload/windows/x64/shell_reverse_tcp | Windows x64 Command Shell, Reverse TCP Inline |
| payload/windows/x64/shell/reverse_tcp_rc4 | Windows x64 Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/x64/shell/reverse_tcp_uuid | Windows x64 Command Shell, Reverse TCP Stager with UUID Support (Windows x64) |
| payload/windows/x64/vncinject/bind_ipv6_tcp | Windows x64 VNC Server (Reflective Injection), Windows x64 IPv6 Bind TCP Stager |
| payload/windows/x64/vncinject/bind_ipv6_tcp_uuid | Windows x64 VNC Server (Reflective Injection), Windows x64 IPv6 Bind TCP Stager with UUID Support |
| payload/windows/x64/vncinject/bind_named_pipe | Windows x64 VNC Server (Reflective Injection), Windows x64 Bind Named Pipe Stager |
| payload/windows/x64/vncinject/bind_tcp | Windows x64 VNC Server (Reflective Injection), Windows x64 Bind TCP Stager |
| payload/windows/x64/vncinject/bind_tcp_rc4 | Windows x64 VNC Server (Reflective Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/x64/vncinject/bind_tcp_uuid | Windows x64 VNC Server (Reflective Injection), Bind TCP Stager with UUID Support (Windows x64) |
| payload/windows/x64/vncinject/reverse_http | Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (wininet) |
| payload/windows/x64/vncinject/reverse_https | Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (wininet) |
| payload/windows/x64/vncinject/reverse_tcp | Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse TCP Stager |
| payload/windows/x64/vncinject/reverse_tcp_rc4 | Windows x64 VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm) |
| payload/windows/x64/vncinject/reverse_tcp_uuid | Windows x64 VNC Server (Reflective Injection), Reverse TCP Stager with UUID Support (Windows x64) |
| payload/windows/x64/vncinject/reverse_winhttp | Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (winhttp) |
| payload/windows/x64/vncinject/reverse_winhttps | Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTPS Stager (winhttp) |
| post/aix/hashdump | AIX Gather Dump Password Hashes |
| post/android/capture/screen | Android Screen Capture |
| post/android/gather/hashdump | Android Gather Dump Password Hashes for Android Systems |
| post/android/gather/sub_info | extracts subscriber info from target device |
| post/android/gather/wireless_ap | Displays wireless SSIDs and PSKs |
| post/android/local/koffee | KOFFEE - Kia OFFensivE Exploit |
| post/android/manage/remove_lock | Android Settings Remove Device Locks (4.0-4.3) |
| post/android/manage/remove_lock_root | Android Root Remove Device Locks (root) |
| post/apple_ios/gather/ios_image_gather | iOS Image Gatherer |
| post/apple_ios/gather/ios_text_gather | iOS Text Gatherer |
| post/bsd/gather/hashdump | BSD Dump Password Hashes |
| post/firefox/gather/cookies | Firefox Gather Cookies from Privileged Javascript Shell |
| post/firefox/gather/history | Firefox Gather History from Privileged Javascript Shell |
| post/firefox/gather/passwords | Firefox Gather Passwords from Privileged Javascript Shell |
| post/firefox/gather/xss | Firefox XSS |
| post/firefox/manage/webcam_chat | Firefox Webcam Chat on Privileged Javascript Shell |
| post/hardware/automotive/can_flood | CAN Flood |
| post/hardware/automotive/canprobe | Module to Probe Different Data Points in a CAN Packet |
| post/hardware/automotive/diagnostic_state | Diagnostic State |
| post/hardware/automotive/ecu_hard_reset | ECU Hard Reset |
| post/hardware/automotive/getvinfo | Get the Vehicle Information Such as the VIN from the Target Module |
| post/hardware/automotive/identifymodules | Scan CAN Bus for Diagnostic Modules |
| post/hardware/automotive/malibu_overheat | Sample Module to Flood Temp Gauge on 2006 Malibu |
| post/hardware/automotive/mazda_ic_mover | Mazda 2 Instrument Cluster Accelorometer Mover |
| post/hardware/automotive/pdt | Check For and Prep the Pyrotechnic Devices (Airbags, Battery Clamps, etc.) |
| post/hardware/rftransceiver/rfpwnon | Brute Force AM/OOK (ie: Garage Doors) |
| post/hardware/rftransceiver/transmitter | RF Transceiver Transmitter |
| post/hardware/zigbee/zstumbler | Sends Beacons to Scan for Active ZigBee Networks |
| post/linux/busybox/enum_connections | BusyBox Enumerate Connections |
| post/linux/busybox/enum_hosts | BusyBox Enumerate Host Names |
| post/linux/busybox/jailbreak | BusyBox Jailbreak |
| post/linux/busybox/ping_net | BusyBox Ping Network Enumeration |
| post/linux/busybox/set_dmz | BusyBox DMZ Configuration |
| post/linux/busybox/set_dns | BusyBox DNS Configuration |
| post/linux/busybox/smb_share_root | BusyBox SMB Sharing |
| post/linux/busybox/wget_exec | BusyBox Download and Execute |
| post/linux/dos/xen_420_dos | Linux DoS Xen 4.2.0 2012-5525 |
| post/linux/gather/checkcontainer | Linux Gather Container Detection |
| post/linux/gather/checkvm | Linux Gather Virtual Environment Detection |
| post/linux/gather/ecryptfs_creds | Gather eCryptfs Metadata |
| post/linux/gather/enum_commands | Testing commands needed in a function |
| post/linux/gather/enum_configs | Linux Gather Configurations |
| post/linux/gather/enum_containers | Linux Container Enumeration |
| post/linux/gather/enum_nagios_xi | Nagios XI Enumeration |
| post/linux/gather/enum_network | Linux Gather Network Information |
| post/linux/gather/enum_protections | Linux Gather Protection Enumeration |
| post/linux/gather/enum_psk | Linux Gather 802-11-Wireless-Security Credentials |
| post/linux/gather/enum_system | Linux Gather System and User Information |
| post/linux/gather/enum_users_history | Linux Gather User History |
| post/linux/gather/gnome_commander_creds | Linux Gather Gnome-Commander Creds |
| post/linux/gather/gnome_keyring_dump | Gnome-Keyring Dump |
| post/linux/gather/haserl_read | Haserl Arbitrary File Reader |
| post/linux/gather/hashdump | Linux Gather Dump Password Hashes for Linux Systems |
| post/linux/gather/manageengine_password_manager_creds | Linux Gather ManageEngine Password Manager Pro Password Extractor |
| post/linux/gather/mimipenguin | MimiPenguin |
| post/linux/gather/mount_cifs_creds | Linux Gather Saved mount.cifs/mount.smbfs Credentials |
| post/linux/gather/openvpn_credentials | OpenVPN Gather Credentials |
| post/linux/gather/phpmyadmin_credsteal | Phpmyadmin credentials stealer |
| post/linux/gather/pptpd_chap_secrets | Linux Gather PPTP VPN chap-secrets Credentials |
| post/linux/gather/tor_hiddenservices | Linux Gather TOR Hidden Services |
| post/linux/gather/vcenter_secrets_dump | VMware vCenter Secrets Dump |
| post/linux/manage/dns_spoofing | Native DNS Spoofing module |
| post/linux/manage/download_exec | Linux Manage Download and Execute |
| post/linux/manage/geutebruck_post_exp | Geutebruck Camera Deface |
| post/linux/manage/iptables_removal | IPTABLES rules removal |
| post/linux/manage/pseudo_shell | Pseudo-Shell Post-Exploitation Module |
| post/linux/manage/sshkey_persistence | SSH Key Persistence |
| post/multi/escalate/aws_create_iam_user | Create an AWS IAM User |
| post/multi/escalate/cups_root_file_read | CUPS 1.6.1 Root File Read |
| post/multi/escalate/metasploit_pcaplog | Multi Escalate Metasploit pcap_log Local Privilege Escalation |
| post/multi/gather/apple_ios_backup | Windows Gather Apple iOS MobileSync Backup File Collection |
| post/multi/gather/aws_ec2_instance_metadata | Gather AWS EC2 Instance Metadata |
| post/multi/gather/aws_keys | UNIX Gather AWS Keys |
| post/multi/gather/check_malware | Multi Gather Malware Verifier |
| post/multi/gather/chrome_cookies | Chrome Gather Cookies |
| post/multi/gather/dbvis_enum | Multi Gather DbVisualizer Connections Settings |
| post/multi/gather/dns_bruteforce | Multi Gather DNS Forward Lookup Bruteforce |
| post/multi/gather/dns_reverse_lookup | Multi Gather DNS Reverse Lookup Scan |
| post/multi/gather/dns_srv_lookup | Multi Gather DNS Service Record Lookup Scan |
| post/multi/gather/docker_creds | Multi Gather Docker Credentials Collection |
| post/multi/gather/enum_hexchat | Linux Gather HexChat/XChat Enumeration |
| post/multi/gather/enum_software_versions | Multiplatform Installed Software Version Enumerator |
| post/multi/gather/enum_vbox | Multi Gather VirtualBox VM Enumeration |
| post/multi/gather/env | Multi Gather Generic Operating System Environment Settings |
| post/multi/gather/fetchmailrc_creds | UNIX Gather .fetchmailrc Credentials |
| post/multi/gather/filezilla_client_cred | Multi Gather FileZilla FTP Client Credential Collection |
| post/multi/gather/find_vmx | Multi Gather VMWare VM Identification |
| post/multi/gather/firefox_creds | Multi Gather Firefox Signon Credential Collection |
| post/multi/gather/gpg_creds | Multi Gather GnuPG Credentials Collection |
| post/multi/gather/grub_creds | Gather GRUB Password |
| post/multi/gather/irssi_creds | Multi Gather IRSSI IRC Password(s) |
| post/multi/gather/jboss_gather | Jboss Credential Collector |
| post/multi/gather/jenkins_gather | Jenkins Credential Collector |
| post/multi/gather/lastpass_creds | LastPass Vault Decryptor |
| post/multi/gather/maven_creds | Multi Gather Maven Credentials Collection |
| post/multi/gather/multi_command | Multi Gather Run Shell Command Resource File |
| post/multi/gather/netrc_creds | UNIX Gather .netrc Credentials |
| post/multi/gather/pgpass_creds | Multi Gather pgpass Credentials |
| post/multi/gather/pidgin_cred | Multi Gather Pidgin Instant Messenger Credential Collection |
| post/multi/gather/ping_sweep | Multi Gather Ping Sweep |
| post/multi/gather/remmina_creds | UNIX Gather Remmina Credentials |
| post/multi/gather/resolve_hosts | Multi Gather Resolve Hosts |
| post/multi/gather/rsyncd_creds | UNIX Gather RSYNC Credentials |
| post/multi/gather/rubygems_api_key | Multi Gather RubyGems API Key |
| post/multi/gather/run_console_rc_file | Multi Gather Run Console Resource File |
| post/multi/gather/saltstack_salt | SaltStack Salt Information Gatherer |
| post/multi/gather/skype_enum | Multi Gather Skype User Data Enumeration |
| post/multi/gather/ssh_creds | Multi Gather OpenSSH PKI Credentials Collection |
| post/multi/gather/thunderbird_creds | Multi Gather Mozilla Thunderbird Signon Credential Collection |
| post/multi/gather/tomcat_gather | Gather Tomcat Credentials |
| post/multi/gather/ubiquiti_unifi_backup | Multi Gather Ubiquiti UniFi Controller Backup |
| post/multi/gather/unix_cached_ad_hashes | UNIX Gather Cached AD Hashes |
| post/multi/gather/unix_kerberos_tickets | UNIX Gather Kerberos Tickets |
| post/multi/gather/wlan_geolocate | Multiplatform WLAN Enumeration and Geolocation |
| post/multi/general/close | Multi Generic Operating System Session Close |
| post/multi/general/execute | Multi Generic Operating System Session Command Execution |
| post/multi/general/wall | Write Messages to Users |
| post/multi/manage/autoroute | Multi Manage Network Route via Meterpreter Session |
| post/multi/manage/dbvis_add_db_admin | Multi Manage DbVisualizer Add Db Admin |
| post/multi/manage/dbvis_query | Multi Manage DbVisualizer Query |
| post/multi/manage/fileshare | Browse the session filesystem in a Web Browser |
| post/multi/manage/hsts_eraser | Web browsers HSTS entries eraser |
| post/multi/manage/multi_post | Multi Manage Post Module Macro Execution |
| post/multi/manage/open | Open a file or URL on the target computer |
| post/multi/manage/play_youtube | Multi Manage YouTube Broadcast |
| post/multi/manage/record_mic | Multi Manage Record Microphone |
| post/multi/manage/screensaver | Multi Manage the screensaver of the target computer |
| post/multi/manage/screenshare | Multi Manage the screen of the target meterpreter session |
| post/multi/manage/set_wallpaper | Multi Manage Set Wallpaper |
| post/multi/manage/shell_to_meterpreter | Shell to Meterpreter Upgrade |
| post/multi/manage/sudo | Multiple Linux / Unix Post Sudo Upgrade Shell |
| post/multi/manage/system_session | Multi Manage System Remote TCP Shell Session |
| post/multi/manage/upload_exec | Upload and Execute |
| post/multi/manage/zip | Multi Manage File Compressor |
| post/multi/recon/local_exploit_suggester | Multi Recon Local Exploit Suggester |
| post/multi/recon/multiport_egress_traffic | Generate TCP/UDP Outbound Traffic On Multiple Ports |
| post/multi/recon/reverse_lookup | Reverse Lookup IP Addresses |
| post/multi/recon/sudo_commands | Sudo Commands |
| post/multi/sap/smdagent_get_properties | Diagnostics Agent in Solution Manager, stores unencrypted credentials for Solution Manager server |
| post/networking/gather/enum_brocade | Brocade Gather Device General Information |
| post/networking/gather/enum_cisco | Cisco Gather Device General Information |
| post/networking/gather/enum_f5 | F5 Gather Device General Information |
| post/networking/gather/enum_juniper | Juniper Gather Device General Information |
| post/networking/gather/enum_mikrotik | Mikrotik Gather Device General Information |
| post/networking/gather/enum_vyos | VyOS Gather Device General Information |
| post/osx/admin/say | OS X Text to Speech Utility |
| post/osx/capture/keylog_recorder | OSX Capture Userspace Keylogger |
| post/osx/capture/screen | OSX Screen Capture |
| post/osx/escalate/tccbypass | Bypass the macOS TCC Framework |
| post/osx/gather/apfs_encrypted_volume_passwd | Mac OS X APFS Encrypted Volume Password Disclosure |
| post/osx/gather/autologin_password | OSX Gather Autologin Password as Root |
| post/osx/gather/enum_adium | OS X Gather Adium Enumeration |
| post/osx/gather/enum_airport | OS X Gather Airport Wireless Preferences |
| post/osx/gather/enum_chicken_vnc_profile | OS X Gather Chicken of the VNC Profile |
| post/osx/gather/enum_colloquy | OS X Gather Colloquy Enumeration |
| post/osx/gather/enum_keychain | OS X Gather Keychain Enumeration |
| post/osx/gather/enum_messages | OS X Gather Messages |
| post/osx/gather/enum_osx | OS X Gather Mac OS X System Information Enumeration |
| post/osx/gather/gitignore | Git Ignore Retriever |
| post/osx/gather/hashdump | OS X Gather Mac OS X Password Hash Collector |
| post/osx/gather/password_prompt_spoof | OSX Password Prompt Spoof |
| post/osx/gather/safari_lastsession | OSX Gather Safari LastSession.plist |
| post/osx/gather/vnc_password_osx | OS X Display Apple VNC Password |
| post/osx/manage/mount_share | OSX Network Share Mounter |
| post/osx/manage/record_mic | OSX Manage Record Microphone |
| post/osx/manage/sonic_pi | OS X Manage Sonic Pi |
| post/osx/manage/vpn | OSX VPN Manager |
| post/osx/manage/webcam | OSX Manage Webcam |
| post/solaris/escalate/pfexec | Solaris pfexec Upgrade Shell |
| post/solaris/escalate/srsexec_readline | Solaris srsexec Arbitrary File Reader |
| post/solaris/gather/checkvm | Solaris Gather Virtual Environment Detection |
| post/solaris/gather/enum_packages | Solaris Gather Installed Packages |
| post/solaris/gather/enum_services | Solaris Gather Configured Services |
| post/solaris/gather/hashdump | Solaris Gather Dump Password Hashes for Solaris Systems |
| post/windows/capture/keylog_recorder | Windows Capture Keystroke Recorder |
| post/windows/capture/lockout_keylogger | Windows Capture Winlogon Lockout Credential Keylogger |
| post/windows/escalate/droplnk | Windows Escalate SMB Icon LNK Dropper |
| post/windows/escalate/getsystem | Windows Escalate Get System via Administrator |
| post/windows/escalate/golden_ticket | Windows Escalate Golden Ticket |
| post/windows/escalate/ms10_073_kbdlayout | Windows Escalate NtUserLoadKeyboardLayoutEx Privilege Escalation |
| post/windows/escalate/screen_unlock | Windows Escalate Locked Desktop Unlocker |
| post/windows/escalate/unmarshal_cmd_exec | Windows unmarshal post exploitation |
| post/windows/gather/ad_to_sqlite | AD Computer, Group and Recursive User Membership to Local SQLite DB |
| post/windows/gather/arp_scanner | Windows Gather ARP Scanner |
| post/windows/gather/avast_memory_dump | Avast AV Memory Dumping Utility |
| post/windows/gather/bitcoin_jacker | Windows Gather Bitcoin Wallet |
| post/windows/gather/bitlocker_fvek | Bitlocker Master Key (FVEK) Extraction |
| post/windows/gather/bloodhound | BloodHound Ingestor |
| post/windows/gather/cachedump | Windows Gather Credential Cache Dump |
| post/windows/gather/checkvm | Windows Gather Virtual Environment Detection |
| post/windows/gather/credentials/aim | Aim credential gatherer |
| post/windows/gather/credentials/avira_password | Windows Gather Avira Password Extraction |
| post/windows/gather/credentials/bulletproof_ftp | Windows Gather BulletProof FTP Client Saved Password Extraction |
| post/windows/gather/credentials/chrome | Chrome credential gatherer |
| post/windows/gather/credentials/comodo | Comodo credential gatherer |
| post/windows/gather/credentials/coolnovo | Coolnovo credential gatherer |
| post/windows/gather/credentials/coreftp | Windows Gather CoreFTP Saved Password Extraction |
| post/windows/gather/credentials/credential_collector | Windows Gather Credential Collector |
| post/windows/gather/credentials/digsby | Digsby credential gatherer |
| post/windows/gather/credentials/domain_hashdump | Windows Domain Controller Hashdump |
| post/windows/gather/credentials/dynazip_log | Windows Gather DynaZIP Saved Password Extraction |
| post/windows/gather/credentials/dyndns | Windows Gather DynDNS Client Password Extractor |
| post/windows/gather/credentials/enum_cred_store | Windows Gather Credential Store Enumeration and Decryption Module |
| post/windows/gather/credentials/enum_laps | Windows Gather Credentials Local Administrator Password Solution |
| post/windows/gather/credentials/enum_picasa_pwds | Windows Gather Google Picasa Password Extractor |
| post/windows/gather/credentials/epo_sql | Windows Gather McAfee ePO 4.6 Config SQL Credentials |
| post/windows/gather/credentials/filezilla_server | Windows Gather FileZilla FTP Server Credential Collection |
| post/windows/gather/credentials/flashfxp | Windows Gather FlashFXP Saved Password Extraction |
| post/windows/gather/credentials/flock | Flock credential gatherer |
| post/windows/gather/credentials/ftpnavigator | Windows Gather FTP Navigator Saved Password Extraction |
| post/windows/gather/credentials/ftpx | Windows Gather FTP Explorer (FTPX) Credential Extraction |
| post/windows/gather/credentials/gadugadu | Gadugadu credential gatherer |
| post/windows/gather/credentials/gpp | Windows Gather Group Policy Preference Saved Passwords |
| post/windows/gather/credentials/heidisql | Windows Gather HeidiSQL Saved Password Extraction |
| post/windows/gather/credentials/icq | ICQ credential gatherer |
| post/windows/gather/credentials/idm | Windows Gather Internet Download Manager (IDM) Password Extractor |
| post/windows/gather/credentials/ie | Ie credential gatherer |
| post/windows/gather/credentials/imail | Windows Gather IPSwitch iMail User Data Enumeration |
| post/windows/gather/credentials/imvu | Windows Gather Credentials IMVU Game Client |
| post/windows/gather/credentials/incredimail | Incredimail credential gatherer |
| post/windows/gather/credentials/kakaotalk | KakaoTalk credential gatherer |
| post/windows/gather/credentials/kmeleon | Kmeleon credential gatherer |
| post/windows/gather/credentials/line | LINE credential gatherer |
| post/windows/gather/credentials/maxthon | Maxthon credential gatherer |
| post/windows/gather/credentials/mcafee_vse_hashdump | McAfee Virus Scan Enterprise Password Hashes Dump |
| post/windows/gather/credentials/mdaemon_cred_collector | Windows Gather MDaemonEmailServer Credential Cracking |
| post/windows/gather/credentials/meebo | Windows Gather Meebo Password Extractor |
| post/windows/gather/credentials/miranda | Miranda credential gatherer |
| post/windows/gather/credentials/moba_xterm | Windows Gather MobaXterm Passwords |
| post/windows/gather/credentials/mremote | Windows Gather mRemote Saved Password Extraction |
| post/windows/gather/credentials/mssql_local_hashdump | Windows Gather Local SQL Server Hash Dump |
| post/windows/gather/credentials/navicat | Windows Gather Navicat Passwords |
| post/windows/gather/credentials/nimbuzz | Windows Gather Nimbuzz Instant Messenger Password Extractor |
| post/windows/gather/credentials/opera | Opera credential gatherer |
| post/windows/gather/credentials/operamail | Operamail credential gatherer |
| post/windows/gather/credentials/outlook | Windows Gather Microsoft Outlook Saved Password Extraction |
| post/windows/gather/credentials/postbox | Postbox credential gatherer |
| post/windows/gather/credentials/pulse_secure | Windows Pulse Secure Connect Client Saved Password Extractor |
| post/windows/gather/credentials/purevpn_cred_collector | Windows Gather PureVPN Client Credential Collector |
| post/windows/gather/credentials/qq | QQ credential gatherer |
| post/windows/gather/credentials/razer_synapse | Windows Gather Razer Synapse Password Extraction |
| post/windows/gather/credentials/razorsql | Windows Gather RazorSQL Credentials |
| post/windows/gather/credentials/rdc_manager_creds | Windows Gather Remote Desktop Connection Manager Saved Password Extraction |
| post/windows/gather/credentials/redis_desktop_manager | RedisDesktopManager credential gatherer |
| post/windows/gather/credentials/safari | Safari credential gatherer |
| post/windows/gather/credentials/seamonkey | Seamonkey credential gatherer |
| post/windows/gather/credentials/securecrt | Windows SecureCRT Session Information Enumeration |
| post/windows/gather/credentials/skype | Windows Gather Skype Saved Password Hash Extraction |
| post/windows/gather/credentials/smartermail | Windows Gather SmarterMail Password Extraction |
| post/windows/gather/credentials/smartftp | Windows Gather SmartFTP Saved Password Extraction |
| post/windows/gather/credentials/spark_im | Windows Gather Spark IM Password Extraction |
| post/windows/gather/credentials/srware | Srware credential gatherer |
| post/windows/gather/credentials/sso | Windows Single Sign On Credential Collector (Mimikatz) |
| post/windows/gather/credentials/steam | Windows Gather Steam Client Session Collector. |
| post/windows/gather/credentials/tango | Tango credential gatherer |
| post/windows/gather/credentials/teamviewer_passwords | Windows Gather TeamViewer Passwords |
| post/windows/gather/credentials/thunderbird | Chrome credential gatherer |
| post/windows/gather/credentials/thycotic_secretserver_dump | Delinea Thycotic Secret Server Dump |
| post/windows/gather/credentials/tlen | Tlen credential gatherer |
| post/windows/gather/credentials/tortoisesvn | Windows Gather TortoiseSVN Saved Password Extraction |
| post/windows/gather/credentials/total_commander | Windows Gather Total Commander Saved Password Extraction |
| post/windows/gather/credentials/trillian | Windows Gather Trillian Password Extractor |
| post/windows/gather/credentials/viber | Viber credential gatherer |
| post/windows/gather/credentials/vnc | Windows Gather VNC Password Extraction |
| post/windows/gather/credentials/windows_autologin | Windows Gather AutoLogin User Credential Extractor |
| post/windows/gather/credentials/windowslivemail | Windows Live Mail credential gatherer |
| post/windows/gather/credentials/windows_sam_hivenightmare | Windows SAM secrets leak - HiveNightmare |
| post/windows/gather/credentials/winscp | Windows Gather WinSCP Saved Password Extraction |
| post/windows/gather/credentials/wsftp_client | Windows Gather WS_FTP Saved Password Extraction |
| post/windows/gather/credentials/xchat | Xchat credential gatherer |
| post/windows/gather/credentials/xshell_xftp_password | Windows Gather Xshell and Xftp Passwords |
| post/windows/gather/dnscache_dump | Windows Gather DNS Cache |
| post/windows/gather/dumplinks | Windows Gather Dump Recent Files lnk Info |
| post/windows/gather/enum_ad_bitlocker | Windows Gather Active Directory BitLocker Recovery |
| post/windows/gather/enum_ad_computers | Windows Gather Active Directory Computers |
| post/windows/gather/enum_ad_groups | Windows Gather Active Directory Groups |
| post/windows/gather/enum_ad_managedby_groups | Windows Gather Active Directory Managed Groups |
| post/windows/gather/enum_ad_service_principal_names | Windows Gather Active Directory Service Principal Names |
| post/windows/gather/enum_ad_to_wordlist | Windows Active Directory Wordlist Builder |
| post/windows/gather/enum_ad_user_comments | Windows Gather Active Directory User Comments |
| post/windows/gather/enum_ad_users | Windows Gather Active Directory Users |
| post/windows/gather/enum_applications | Windows Gather Installed Application Enumeration |
| post/windows/gather/enum_artifacts | Windows Gather File and Registry Artifacts Enumeration |
| post/windows/gather/enum_av_excluded | Windows Antivirus Exclusions Enumeration |
| post/windows/gather/enum_av | Windows Installed AntiVirus Enumeration |
| post/windows/gather/enum_chocolatey_applications | Windows Gather Installed Application Within Chocolatey Enumeration |
| post/windows/gather/enum_chrome | Windows Gather Google Chrome User Data Enumeration |
| post/windows/gather/enum_computers | Windows Gather Enumerate Computers |
| post/windows/gather/enum_db | Windows Gather Database Instance Enumeration |
| post/windows/gather/enum_devices | Windows Gather Hardware Enumeration |
| post/windows/gather/enum_dirperms | Windows Gather Directory Permissions Enumeration |
| post/windows/gather/enum_domain_group_users | Windows Gather Enumerate Domain Group |
| post/windows/gather/enum_domain | Windows Gather Enumerate Domain |
| post/windows/gather/enum_domains | Windows Gather Domain Enumeration |
| post/windows/gather/enum_domain_tokens | Windows Gather Enumerate Domain Tokens |
| post/windows/gather/enum_domain_users | Windows Gather Enumerate Active Domain Users |
| post/windows/gather/enum_emet | Windows Gather EMET Protected Paths |
| post/windows/gather/enum_files | Windows Gather Generic File Collection |
| post/windows/gather/enum_hostfile | Windows Gather Windows Host File Enumeration |
| post/windows/gather/enum_hyperv_vms | Windows Hyper-V VM Enumeration |
| post/windows/gather/enum_ie | Windows Gather Internet Explorer User Data Enumeration |
| post/windows/gather/enum_logged_on_users | Windows Gather Logged On User Enumeration (Registry) |
| post/windows/gather/enum_ms_product_keys | Windows Gather Product Key |
| post/windows/gather/enum_muicache | Windows Gather Enum User MUICache |
| post/windows/gather/enum_onedrive | OneDrive Sync Provider Enumeration Module |
| post/windows/gather/enum_patches | Windows Gather Applied Patches |
| post/windows/gather/enum_powershell_env | Windows Gather Powershell Environment Setting Enumeration |
| post/windows/gather/enum_prefetch | Windows Gather Prefetch File Information |
| post/windows/gather/enum_proxy | Windows Gather Proxy Setting |
| post/windows/gather/enum_putty_saved_sessions | PuTTY Saved Sessions Enumeration Module |
| post/windows/gather/enum_services | Windows Gather Service Info Enumeration |
| post/windows/gather/enum_shares | Windows Gather SMB Share Enumeration via Registry |
| post/windows/gather/enum_snmp | Windows Gather SNMP Settings Enumeration (Registry) |
| post/windows/gather/enum_termserv | Windows Gather Terminal Server Client Connection Information Dumper |
| post/windows/gather/enum_tokens | Windows Gather Enumerate Domain Admin Tokens (Token Hunter) |
| post/windows/gather/enum_tomcat | Windows Gather Apache Tomcat Enumeration |
| post/windows/gather/enum_trusted_locations | Windows Gather Microsoft Office Trusted Locations |
| post/windows/gather/enum_unattend | Windows Gather Unattended Answer File Enumeration |
| post/windows/gather/exchange | Windows Gather Exchange Server Mailboxes |
| post/windows/gather/file_from_raw_ntfs | Windows File Gather File from Raw NTFS |
| post/windows/gather/forensics/browser_history | Windows Gather Skype, Firefox, and Chrome Artifacts |
| post/windows/gather/forensics/duqu_check | Windows Gather Forensics Duqu Registry Check |
| post/windows/gather/forensics/enum_drives | Windows Gather Physical Drives and Logical Volumes |
| post/windows/gather/forensics/fanny_bmp_check | FannyBMP or DementiaWheel Detection Registry Check |
| post/windows/gather/forensics/imager | Windows Gather Forensic Imaging |
| post/windows/gather/forensics/nbd_server | Windows Gather Local NBD Server |
| post/windows/gather/forensics/recovery_files | Windows Gather Deleted Files Enumeration and Recovering |
| post/windows/gather/get_bookmarks | Bookmarked Sites Retriever |
| post/windows/gather/hashdump | Windows Gather Local User Account Password Hashes (Registry) |
| post/windows/gather/local_admin_search_enum | Windows Gather Local Admin Search |
| post/windows/gather/lsa_secrets | Windows Enumerate LSA Secrets |
| post/windows/gather/make_csv_orgchart | Generate CSV Organizational Chart Data Using Manager Information |
| post/windows/gather/memory_dump | Windows Process Memory Dump |
| post/windows/gather/memory_grep | Windows Gather Process Memory Grep |
| post/windows/gather/netlm_downgrade | Windows NetLM Downgrade Attack |
| post/windows/gather/ntds_grabber | NTDS Grabber |
| post/windows/gather/ntds_location | Post Windows Gather NTDS.DIT Location |
| post/windows/gather/outlook | Windows Gather Outlook Email Messages |
| post/windows/gather/phish_windows_credentials | Windows Gather User Credentials (phishing) |
| post/windows/gather/psreadline_history | Windows Gather PSReadline History |
| post/windows/gather/resolve_sid | Windows Gather Local User Account SID Lookup |
| post/windows/gather/reverse_lookup | Windows Gather IP Range Reverse Lookup |
| post/windows/gather/screen_spy | Windows Gather Screen Spy |
| post/windows/gather/smart_hashdump | Windows Gather Local and Domain Controller Account Password Hashes |
| post/windows/gather/tcpnetstat | Windows Gather TCP Netstat |
| post/windows/gather/usb_history | Windows Gather USB Drive History |
| post/windows/gather/win_privs | Windows Gather Privileges Enumeration |
| post/windows/gather/wmic_command | Windows Gather Run Specified WMIC Command |
| post/windows/gather/word_unc_injector | Windows Gather Microsoft Office Word UNC Path Injector |
| post/windows/manage/add_user | Windows Manage Add User to the Domain and/or to a Domain Group |
| post/windows/manage/archmigrate | Architecture Migrate |
| post/windows/manage/change_password | Windows Manage Change Password |
| post/windows/manage/clone_proxy_settings | Windows Manage Proxy Setting Cloner |
| post/windows/manage/delete_user | Windows Manage Local User Account Deletion |
| post/windows/manage/dell_memory_protect | Dell DBUtilDrv2.sys Memory Protection Modifier |
| post/windows/manage/download_exec | Windows Manage Download and/or Execute |
| post/windows/manage/driver_loader | Windows Manage Driver Loader |
| post/windows/manage/enable_rdp | Windows Manage Enable Remote Desktop |
| post/windows/manage/enable_support_account | Windows Manage Trojanize Support Account |
| post/windows/manage/exec_powershell | Windows Powershell Execution Post Module |
| post/windows/manage/execute_dotnet_assembly | Execute .net Assembly (x64 only) |
| post/windows/manage/forward_pageant | Forward SSH Agent Requests To Remote Pageant |
| post/windows/manage/hashcarve | Windows Local User Account Hash Carver |
| post/windows/manage/ie_proxypac | Windows Manage Proxy PAC File |
| post/windows/manage/inject_ca | Windows Manage Certificate Authority Injection |
| post/windows/manage/inject_host | Windows Manage Hosts File Injection |
| post/windows/manage/install_python | Install Python for Windows |
| post/windows/manage/install_ssh | Install OpenSSH for Windows |
| post/windows/manage/killav | Windows Post Kill Antivirus and Hips |
| post/windows/manage/migrate | Windows Manage Process Migration |
| post/windows/manage/mssql_local_auth_bypass | Windows Manage Local Microsoft SQL Server Authorization Bypass |
| post/windows/manage/multi_meterpreter_inject | Windows Manage Inject in Memory Multiple Payloads |
| post/windows/manage/nbd_server | Windows Manage Local NBD Server for Remote Disks |
| post/windows/manage/peinjector | Peinjector |
| post/windows/manage/persistence_exe | Windows Manage Persistent EXE Payload Installer |
| post/windows/manage/portproxy | Windows Manage Set Port Forwarding With PortProxy |
| post/windows/manage/powershell/build_net_code | Powershell .NET Compiler |
| post/windows/manage/powershell/exec_powershell | Windows Manage PowerShell Download and/or Execute |
| post/windows/manage/powershell/load_script | Load Scripts Into PowerShell Session |
| post/windows/manage/pptp_tunnel | Windows Manage Remote Point-to-Point Tunneling Protocol |
| post/windows/manage/priv_migrate | Windows Manage Privilege Based Process Migration |
| post/windows/manage/pxeexploit | Windows Manage PXE Exploit Server |
| post/windows/manage/reflective_dll_inject | Windows Manage Reflective DLL Injection Module |
| post/windows/manage/remove_ca | Windows Manage Certificate Authority Removal |
| post/windows/manage/remove_host | Windows Manage Host File Entry Removal |
| post/windows/manage/rid_hijack | Windows Manage RID Hijacking |
| post/windows/manage/rollback_defender_signatures | Disable Windows Defender Signatures |
| post/windows/manage/rpcapd_start | Windows Manage Remote Packet Capture Service Starter |
| post/windows/manage/run_as | Windows Manage Run Command As User |
| post/windows/manage/run_as_psh | Windows 'Run As' Using Powershell |
| post/windows/manage/sdel | Windows Manage Safe Delete |
| post/windows/manage/shellcode_inject | Windows Manage Memory Shellcode Injection Module |
| post/windows/manage/sshkey_persistence | SSH Key Persistence |
| post/windows/manage/sticky_keys | Sticky Keys Persistance Module |
| post/windows/manage/vmdk_mount | Windows Manage VMDK Mount Drive |
| post/windows/manage/vss_create | Windows Manage Create Shadow Copy |
| post/windows/manage/vss | Windows Manage Volume Shadow Copies |
| post/windows/manage/vss_list | Windows Manage List Shadow Copies |
| post/windows/manage/vss_mount | Windows Manage Mount Shadow Copy |
| post/windows/manage/vss_set_storage | Windows Manage Set Shadow Copy Storage Space |
| post/windows/manage/vss_storage | Windows Manage Get Shadow Copy Storage Info |
| post/windows/manage/wdigest_caching | Windows Post Manage WDigest Credential Caching |
| post/windows/manage/webcam | Windows Manage Webcam |
| post/windows/recon/computer_browser_discovery | Windows Recon Computer Browser Discovery |
| post/windows/recon/outbound_ports | Windows Outbound-Filtering Rules |
| post/windows/recon/resolve_ip | Windows Recon Resolve IP |
| post/windows/wlan/wlan_bss_list | Windows Gather Wireless BSS Info |
| post/windows/wlan/wlan_current_connection | Windows Gather Wireless Current Connection Info |
| post/windows/wlan/wlan_disconnect | Windows Disconnect Wireless Connection |
| post/windows/wlan/wlan_probe_request | Windows Send Probe Request Packets |
| post/windows/wlan/wlan_profile | Windows Gather Wireless Profile |
