Browse Exploit & Auxiliary Modules

The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.

Search for modules

Open Source Vulnerability DataBase ID
Bugtraq ID
Full Text Search
Common Vulnerabilities Exposures ID
Microsoft Security Bulletin ID
 
Search Modules

Module Browser

Authentication Capture: FTP

This module provides a fake FTP service that is designed to capture authentication credentials.

Authentication Capture: HTTP

This module provides a fake HTTP service that is designed to capture authentication credentials.

HTTP Client MS Credential Catcher

This module attempts to quietly catch NTLM/LM Challenge hashes.

Authentication Capture: IMAP

This module provides a fake IMAP service that is designed to capture authentication credentials.

Authentication Capture: POP3

This module provides a fake POP3 service that is designed to capture authentication credentials.

Authentication Capture: SMB

This module provides a SMB service that can be used to capture the challenge-response password hashes of SMB client systems. Responses sent by this service have by default the configurable challenge string (\x11\x22\x33\x44\x55\x66\x77\x88), allowing for easy cracking using Cain & Abel, L0phtcrack or John the ripper (with jumbo patch). To exploit this, the target system must try to authenticate to this module. The easiest way to force a SMB authentication attempt is by embedding a UNC path (\\SERVER\SHARE) into a web page or email message. When the victim views the web page or email, their system will automatically connect to the server specified in the UNC share (the IP address of the system running this module) and attempt to authenticate.

Authentication Capture: SMTP

This module provides a fake SMTP service that is designed to capture authentication credentials.

Authentication Capture: Telnet

This module provides a fake Telnet service that is designed to capture authentication credentials. DONTs and WONTs are sent to the client for all option negotiations, except for ECHO at the time of the password prompt since the server controls that for a bit more realism.