Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 1 - 10 of 3643 in total

Steamed Hams Exploit

Disclosed: August 01, 2018

but it's a Metasploit Module

Mac OS X APFS Encrypted Volume Password Disclosure Exploit

Disclosed: March 21, 2018

This module exploits a flaw in OSX 10.13 through 10.13.3 that discloses the passwords of encrypted APFS volumes. In OSX a normal user can use the 'log' command to view the system logs. In OSX 10.13 to 10.13.2 when a user creates an encrypted APFS volume the password is visible in plaintext within these logs.

Etcd Keys API Information Gathering Exploit

Disclosed: March 16, 2018

This module queries the etcd API to recursively retrieve all of the stored key value pairs. Etcd by default does not utilize authentication.

Etcd Version Scanner Exploit

Disclosed: March 16, 2018

This module connections to etcd API endpoints, typically on 2379/TCP, and attempts to obtain the version of etcd.

ManageEngine Applications Manager Remote Code Execution Exploit

Disclosed: March 07, 2018

This module exploits command injection vulnerability in the ManageEngine Application Manager product. An unauthenticated user can execute a operating system command under the context of privileged user. Publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessi...

ClipBucket beats_uploader Unauthenticated Arbitrary File Upload Exploit

Disclosed: March 03, 2018

This module exploits a vulnerability found in ClipBucket versions before 4.0.0 (Release 4902). A malicious file can be uploaded using an unauthenticated arbitrary file upload vulnerability. It is possible for an attacker to upload a malicious script to issue operating system commands. This issue is caused by improper sess...

Memcached Stats Amplification Scanner Exploit

Disclosed: February 27, 2018

This module can be used to discover Memcached servers which expose the unrestricted UDP port 11211. A basic "stats" request is executed to check if an amplification attack is possible against a third party.

Eclipse Equinoxe OSGi Console Command Execution Exploit

Disclosed: February 13, 2018

Exploit Eclipse Equinoxe OSGi (Open Service Gateway initiative) console 'fork' command to execute arbitrary commands on the remote system..

Exodus Wallet (ElectronJS Framework) remote Code Execution Exploit

Disclosed: January 25, 2018

This module exploits a Remote Code Execution vulnerability in Exodus Wallet, a vulnerability in the ElectronJS Framework protocol handler can be used to get arbitrary command execution if the user clicks on a specially crafted URL.

AsusWRT LAN Unauthenticated Remote Code Execution Exploit

Disclosed: January 22, 2018

The HTTP server in AsusWRT has a flaw where it allows an unauthenticated client to perform a POST in certain cases. This can be combined with another vulnerability in the VPN configuration upload routine that sets NVRAM configuration variables directly from the POST request to enable a special command mode. This command m...