-
SSH User Code Execution
Disclosure Date: 1999-01-01First seen: 2020-04-26exploit/multi/ssh/sshexecThis module connects to the target system and executes the necessary commands to run the specified payload via SSH. If a native payload is specified, an appropriate stager will be used. Authors: - Spencer McIntyre - Brandon Knight -
WinRM Login Utility
First seen: 2020-04-26auxiliary/scanner/winrm/winrm_loginThis module attempts to authenticate to a WinRM service. It currently works only if the remote end allows Negotiate(NTLM) authentication. Kerberos is not currently supported. Please note: in order to use this module without SSL, the 'AllowUnencrypted' winrm option must be set. Otherwise adjust the port and set the SSL options in the module as appropriate. Authors: - thelightcosine - smashery -
Dell iDRAC Default Login
First seen: 2020-04-26auxiliary/scanner/http/dell_idracThis module attempts to login to a iDRAC webserver instance using default username and password. Tested against Dell Remote Access Controller 6 - Express version 1.50 and 1.85, Controller 7 - Enterprise 2.63.60.62 Controller 8 - Enterprise 2.83.05 Controller 9 - Enterprise 4.40.00.00 Authors: - Cristiano Maruti <cmaruti@gmail.com> - h00die -
Oracle RDBMS Login Utility
First seen: 2020-04-26auxiliary/scanner/oracle/oracle_loginThis module attempts to authenticate against an Oracle RDBMS instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Due to a bug in nmap versions 6.50-7.80 may not work. Authors: - Patrik Karlsson <patrik@cqure.net> - todb <todb@metasploit.com> -
rlogin Authentication Scanner
First seen: 2020-04-26auxiliary/scanner/rservices/rlogin_loginThis module will test an rlogin service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024). Authors: - jduck <jduck@metasploit.com> -
VMWare Web Login Scanner
First seen: 2020-04-26auxiliary/scanner/vmware/vmware_http_loginThis module attempts to authenticate to the VMWare HTTP service for VmWare Server, ESX, and ESXI Authors: - theLightCosine <theLightCosine@metasploit.com> -
D-Link DIR-615H HTTP Login Utility
First seen: 2020-04-26auxiliary/scanner/http/dlink_dir_615h_http_loginThis module attempts to authenticate to different D-Link HTTP management services. It has been tested successfully on D-Link DIR-615 Hardware revision H devices. It is possible that this module also works with other models. Authors: - hdm <x@hdm.io> - Michael Messner <devnull@s3cur1ty.de> -
MySQL Login Utility
First seen: 2020-04-26auxiliary/scanner/mysql/mysql_loginThis module simply queries the MySQL instance for a specific user/pass (default is root with blank). Authors: - Bernardo Damele A. G. <bernardo.damele@gmail.com> -
HTTP Login Utility
First seen: 2020-04-26auxiliary/scanner/http/http_loginThis module attempts to authenticate to an HTTP service. Authors: - hdm <x@hdm.io> -
D-Link DIR-300B / DIR-600B / DIR-815 / DIR-645 HTTP Login Utility
First seen: 2020-04-26auxiliary/scanner/http/dlink_dir_session_cgi_http_loginThis module attempts to authenticate to different D-Link HTTP management services. It has been tested successfully on D-Link DIR-300 Hardware revision B, D-Link DIR-600 Hardware revision B, D-Link DIR-815 Hardware revision A and DIR-645 Hardware revision A devices. It is possible that this module also works with other models. Authors: - hdm <x@hdm.io> - Michael Messner <devnull@s3cur1ty.de> -
Tomcat Application Manager Login Utility
First seen: 2020-04-26auxiliary/scanner/http/tomcat_mgr_loginThis module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass. Authors: - MC <mc@metasploit.com> - Matteo Cantoni <goony@nothink.org> - jduck <jduck@metasploit.com> -
Wordpress XML-RPC Username/Password Login Scanner
First seen: 2020-04-26auxiliary/scanner/http/wordpress_xmlrpc_loginThis module attempts to authenticate against a Wordpress-site (via XMLRPC) using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Authors: - Cenk Kalpakoglu <cenk.kalpakoglu@gmail.com> -
rexec Authentication Scanner
First seen: 2020-04-26auxiliary/scanner/rservices/rexec_loginThis module will test an rexec service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024). Authors: - jduck <jduck@metasploit.com> -
VMWare Authentication Daemon Login Scanner
First seen: 2020-04-26auxiliary/scanner/vmware/vmauthd_loginThis module will test vmauthd logins on a range of machines and report successful logins. Authors: - theLightCosine <theLightCosine@metasploit.com> -
PcAnywhere Login Scanner
First seen: 2020-04-26auxiliary/scanner/pcanywhere/pcanywhere_loginThis module will test pcAnywhere logins on a range of machines and report successful logins. Authors: - theLightCosine <theLightCosine@metasploit.com> -
Brocade Enable Login Check Scanner
First seen: 2020-04-26auxiliary/scanner/telnet/brocade_enable_loginThis module will test a range of Brocade network devices for a privileged logins and report successes. The device authentication mode must be set as 'aaa authentication enable default local'. Telnet authentication, e.g. 'enable telnet authentication', should not be enabled in the device configuration. This module has been tested against the following devices: ICX6450-24 SWver 07.4.00bT311, FastIron WS 624 SWver 07.2.02fT7e1 Authors: - h00die <mike@shorebreaksecurity.com> -
rsh Authentication Scanner
First seen: 2020-04-26auxiliary/scanner/rservices/rsh_loginThis module will test a shell (rsh) service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024). Authors: - jduck <jduck@metasploit.com> -
FTP Authentication Scanner
First seen: 2020-04-26auxiliary/scanner/ftp/ftp_loginThis module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. Authors: - todb <todb@metasploit.com> -
D-Link DIR-300A / DIR-320 / DIR-615D HTTP Login Utility
First seen: 2020-04-26auxiliary/scanner/http/dlink_dir_300_615_http_loginThis module attempts to authenticate to different D-Link HTTP management services. It has been tested on D-Link DIR-300 Hardware revision A, D-Link DIR-615 Hardware revision D and D-Link DIR-320 devices. It is possible that this module also works with other models. Authors: - hdm <x@hdm.io> - Michael Messner <devnull@s3cur1ty.de> -
NNTP Login Utility
First seen: 2020-04-26auxiliary/scanner/nntp/nntp_loginThis module attempts to authenticate to NNTP services which support the AUTHINFO authentication extension. This module supports AUTHINFO USER/PASS authentication, but does not support AUTHINFO GENERIC or AUTHINFO SASL authentication methods. Authors: - bcoles <bcoles@gmail.com>
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details