Browse Exploit & Auxiliary Modules

The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.

Search for modules

Open Source Vulnerability DataBase ID
Bugtraq ID
Full Text Search
Common Vulnerabilities Exposures ID
Microsoft Security Bulletin ID
 
Search Modules

Module Browser

ARP Spoof

Spoof ARP replies and poison remote ARP caches to conduct IP address spoofing or a denial of service.

Forge Cisco DTP Packets

This module forges DTP packets to initialize a trunk port.

DNS BailiWicked Domain Attack

This exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed ~Jul 2008. This exploit replaces the target domains nameserver entries in a vulnerable DNS cache server. This attack works by sending random hostname queries to the target DNS server coupled with spoofed replies to those queries from the authoritative nameservers for that domain. Eventually, a guessed ID will match, the spoofed packet will get accepted, and the nameserver entries for the target domain will be replaced by the server specified in the NEWDNS option of this exploit.

DNS BailiWicked Host Attack

This exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed ~Jul 2008. This exploit caches a single malicious host entry into the target nameserver by sending random hostname queries to the target DNS server coupled with spoofed replies to those queries from the authoritative nameservers for that domain. Eventually, a guessed ID will match, the spoofed packet will get accepted, and due to the additional hostname entry being within bailiwick constraints of the original request the malicious host entry will get cached.

DNS Lookup Result Comparison

This module can be used to determine differences in the cache entries between two DNS servers. This is primarily useful for detecting cache poisoning attacks, but can also be used to detect geo-location loadbalancing.

NetBIOS Name Service Spoofer

This module forges NetBIOS Name Service (NBNS) responses. It will listen for NBNS requests sent to the local subnet's broadcast address and spoof a response, redirecting the querying machine to an IP of the attacker's choosing. Combined with auxiliary/capture/server/smb or capture/server/http_ntlm it is a highly effective means of collecting crackable hashes on common networks. This module must be run as root and will bind to tcp/137 on all interfaces.

Pcap replay utility

replay a pcap capture file

Airpwn TCP hijack

TCP streams are 'protected' only in so much as the sequence number is not guessable. Wifi is shared media. Got your nose. Responses which do not begin with Header: Value assumed to be HTML only and will have Header:Value data prepended. Responses which do not include a Content-Length header will have one generated.

DNSpwn DNS hijack

Race DNS responses and replace DNS queries