Browse Exploit & Auxiliary Modules

The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.

Search for modules

Open Source Vulnerability DataBase ID
Bugtraq ID
Full Text Search
Common Vulnerabilities Exposures ID
Microsoft Security Bulletin ID
 
Search Modules

Module Browser

Android Content Provider File Disclosure

This module exploits a cross-domain issue within the Android web browser to exfiltrate files from a vulnerable device.

CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure

This module sends a query to the port 264/TCP on CheckPoint Firewall-1 firewalls to obtain the firewall name and management station (such as SmartCenter) name via a pre-authentication topology request. Note that the SecuriTeam reference listed here is not the same vulnerabilty, but it does discus the same protocol and is somewhat related to this information disclosure.

Citrix MetaFrame ICA Published Applications Scanner

This module attempts to query Citrix Metaframe ICA server to obtain a published list of applications.

Citrix MetaFrame ICA Published Applications Bruteforcer

This module attempts to brute force program names within the Citrix Metaframe ICA server.

CorpWatch Company ID Information Search

This module interfaces with the CorpWatch API to get publicly available info for a given CorpWatch ID of the company. If you don't know the CorpWatch ID, please use the corpwatch_lookup_name module first.

CorpWatch Company Name Information Search

This module interfaces with the CorpWatch API to get publicly available info for a given company name. Please note that by using CorpWatch API, you acknolwdge the limitations of the data CorpWatch provides, and should always verify the information with the official SEC filings before taking any action.

General Electric D20 Password Recovery

The General Electric D20ME and possibly other units (D200?) feature TFTP readable configurations with plaintext passwords. This module retrieves the username, password, and authentication level list.

DNS Enumeration Module

This module can be used to enumerate various types of information about a domain from a specific DNS server.

NAT-PMP External address scanner

Scan NAT devices for their external address using NAT-PMP

Search Engine Domain Email Address Collector

This module uses Google, Bing and Yahoo to create a list of valid email addresses for the target domain.

Shodan Search

This module uses the SHODAN API to query the database and returns the first 50 IPs. SHODAN accounts are free & output can be sent to a file for use by another program. Results can also populated into the services table in the database. NOTE: SHODAN filters (port, hostname, os, geo, city) can be used in queries, but the free API does not allow net, country, before, and after filters. An unlimited API key can be purchased from the Shodan site to use those queries. The 50 result limit can also be raised to 10,000 for a small fee. API: http://www.shodanhq.com/api_doc FILTERS: http://www.shodanhq.com/help/filters