Metasploit modules that can be used to exploit SUN products
-
WinRM Login Utility
First seen: 2020-04-26auxiliary/scanner/winrm/winrm_loginThis module attempts to authenticate to a WinRM service. It currently works only if the remote end allows Negotiate(NTLM) authentication. Kerberos is not currently supported. Please note: in order to use this module without SSL, the 'AllowUnencrypted' winrm option must be set. Otherwise adjust the port and set the SSL options in the module as appropriate. Authors: - thelightcosine - smashery -
GlassFish Brute Force Utility
First seen: 2020-04-26auxiliary/scanner/http/glassfish_loginThis module attempts to login to GlassFish instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also try to do an authentication bypass against older versions of GlassFish. Note: by default, GlassFish 4.0 requires HTTPS, which means you must set the SSL option to true, and SSLVersion to TLS1. It also needs Secure Admin to access the DAS remotely. Authors: - Joshua Abraham <jabra@spl0it.org> - sinn3r <sinn3r@metasploit.com> -
PcAnywhere Login Scanner
First seen: 2020-04-26auxiliary/scanner/pcanywhere/pcanywhere_loginThis module will test pcAnywhere logins on a range of machines and report successful logins. Authors: - theLightCosine <theLightCosine@metasploit.com> -
Brocade Enable Login Check Scanner
First seen: 2020-04-26auxiliary/scanner/telnet/brocade_enable_loginThis module will test a range of Brocade network devices for a privileged logins and report successes. The device authentication mode must be set as 'aaa authentication enable default local'. Telnet authentication, e.g. 'enable telnet authentication', should not be enabled in the device configuration. This module has been tested against the following devices: ICX6450-24 SWver 07.4.00bT311, FastIron WS 624 SWver 07.2.02fT7e1 Authors: - h00die <mike@shorebreaksecurity.com> -
rsh Authentication Scanner
First seen: 2020-04-26auxiliary/scanner/rservices/rsh_loginThis module will test a shell (rsh) service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024). Authors: - jduck <jduck@metasploit.com> -
FTP Authentication Scanner
First seen: 2020-04-26auxiliary/scanner/ftp/ftp_loginThis module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. Authors: - todb <todb@metasploit.com> -
D-Link DIR-300A / DIR-320 / DIR-615D HTTP Login Utility
First seen: 2020-04-26auxiliary/scanner/http/dlink_dir_300_615_http_loginThis module attempts to authenticate to different D-Link HTTP management services. It has been tested on D-Link DIR-300 Hardware revision A, D-Link DIR-615 Hardware revision D and D-Link DIR-320 devices. It is possible that this module also works with other models. Authors: - hdm <x@hdm.io> - Michael Messner <devnull@s3cur1ty.de> -
NNTP Login Utility
First seen: 2020-04-26auxiliary/scanner/nntp/nntp_loginThis module attempts to authenticate to NNTP services which support the AUTHINFO authentication extension. This module supports AUTHINFO USER/PASS authentication, but does not support AUTHINFO GENERIC or AUTHINFO SASL authentication methods. Authors: - bcoles <bcoles@gmail.com> -
SSH Login Check Scanner
First seen: 2020-04-26auxiliary/scanner/ssh/ssh_loginThis module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. Authors: - todb <todb@metasploit.com> -
PostgreSQL Login Utility
First seen: 2020-04-26auxiliary/scanner/postgres/postgres_loginThis module attempts to authenticate against a PostgreSQL instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Note that passwords may be either plaintext or MD5 formatted hashes. Authors: - todb <todb@metasploit.com> -
Joomla Bruteforce Login Utility
First seen: 2020-04-26auxiliary/scanner/http/joomla_bruteforce_loginThis module attempts to authenticate to Joomla 2.5. or 3.0 through bruteforce attacks Authors: - luisco100 <luisco100@gmail.com> -
Telnet Login Check Scanner
First seen: 2020-04-26auxiliary/scanner/telnet/telnet_loginThis module will test a telnet login on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. Authors: - egypt <egypt@metasploit.com> -
DB2 Authentication Brute Force Utility
First seen: 2020-04-26auxiliary/scanner/db2/db2_authThis module attempts to authenticate against a DB2 instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Authors: - todb <todb@metasploit.com> -
Wordpress XML-RPC Username/Password Login Scanner
First seen: 2020-04-26auxiliary/scanner/http/wordpress_xmlrpc_loginThis module attempts to authenticate against a Wordpress-site (via XMLRPC) using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Authors: - Cenk Kalpakoglu <cenk.kalpakoglu@gmail.com> -
Tomcat Application Manager Login Utility
First seen: 2020-04-26auxiliary/scanner/http/tomcat_mgr_loginThis module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass. Authors: - MC <mc@metasploit.com> - Matteo Cantoni <goony@nothink.org> - jduck <jduck@metasploit.com> -
D-Link DIR-300B / DIR-600B / DIR-815 / DIR-645 HTTP Login Utility
First seen: 2020-04-26auxiliary/scanner/http/dlink_dir_session_cgi_http_loginThis module attempts to authenticate to different D-Link HTTP management services. It has been tested successfully on D-Link DIR-300 Hardware revision B, D-Link DIR-600 Hardware revision B, D-Link DIR-815 Hardware revision A and DIR-645 Hardware revision A devices. It is possible that this module also works with other models. Authors: - hdm <x@hdm.io> - Michael Messner <devnull@s3cur1ty.de> -
HTTP Login Utility
First seen: 2020-04-26auxiliary/scanner/http/http_loginThis module attempts to authenticate to an HTTP service. Authors: - hdm <x@hdm.io> -
MySQL Login Utility
First seen: 2020-04-26auxiliary/scanner/mysql/mysql_loginThis module simply queries the MySQL instance for a specific user/pass (default is root with blank). Authors: - Bernardo Damele A. G. <bernardo.damele@gmail.com> -
D-Link DIR-615H HTTP Login Utility
First seen: 2020-04-26auxiliary/scanner/http/dlink_dir_615h_http_loginThis module attempts to authenticate to different D-Link HTTP management services. It has been tested successfully on D-Link DIR-615 Hardware revision H devices. It is possible that this module also works with other models. Authors: - hdm <x@hdm.io> - Michael Messner <devnull@s3cur1ty.de> -
VMWare Web Login Scanner
First seen: 2020-04-26auxiliary/scanner/vmware/vmware_http_loginThis module attempts to authenticate to the VMWare HTTP service for VmWare Server, ESX, and ESXI Authors: - theLightCosine <theLightCosine@metasploit.com>
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details