Scripts
| afp-path-vuln |
Detects the Mac OS X AFP directory traversal vulnerability, CVE-2010-0533. |
| distcc-cve2004-2687 |
Detects and exploits a remote code execution vulnerability in the distributed compiler daemon distcc. The vulnerability was disclosed in 2002, but is still present in modern implementation due to poor configuration of the service. |
| ftp-proftpd-backdoor |
Tests for the presence of the ProFTPD 1.3.3c backdoor reported as OSVDB-ID 69562. This script attempts to exploit the backdoor using the innocuous |
| ftp-vsftpd-backdoor |
Tests for the presence of the vsFTPd 2.3.4 backdoor reported on 2011-07-04
(CVE-2011-2523). This script attempts to exploit the backdoor using the
innocuous |
| http-awstatstotals-exec |
Exploits a remote code execution vulnerability in Awstats Totals 1.0 up to 1.14 and possibly other products based on it (CVE: 2008-3922). |
| http-axis2-dir-traversal |
Exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter |
| http-barracuda-dir-traversal |
Attempts to retrieve the configuration settings from a Barracuda Networks Spam & Virus Firewall device using the directory traversal vulnerability described at http://seclists.org/fulldisclosure/2010/Oct/119. |
| http-huawei-hg5xx-vuln |
Detects Huawei modems models HG530x, HG520x, HG510x (and possibly others...) vulnerable to a remote credential and information disclosure vulnerability. It also extracts the PPPoE credentials and other interesting configuration values. |
| http-litespeed-sourcecode-download |
Exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333). |
| http-majordomo2-dir-traversal |
Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. (CVE-2011-0049). |
| http-tplink-dir-traversal |
Exploits a directory traversal vulnerability existing in several TP-Link wireless routers. Attackers may exploit this vulnerability to read any of the configuration and password files remotely and without authentication. |
| http-vuln-cve2009-3960 |
Exploits cve-2009-3960 also known as Adobe XML External Entity Injection. |
| http-vuln-cve2012-1823 |
Detects PHP-CGI installations that are vulnerable to CVE-2012-1823, This critical vulnerability allows attackers to retrieve source code and execute code remotely. |
| irc-unrealircd-backdoor |
Checks if an IRC server is backdoored by running a time-based command (ping) and checking how long it takes to respond. |
| jdwp-exec |
Attempts to exploit java's remote debugging port. When remote debugging port is left open, it is possible to inject java bytecode and achieve remote code execution. This script abuses this to inject and execute a Java class file that executes the supplied shell command and returns its output. |
| jdwp-inject |
Attempts to exploit java's remote debugging port. When remote debugging port is left open, it is possible to inject java bytecode and achieve remote code execution. This script allows injection of arbitrary class files. |
| smb-check-vulns |
Checks for vulnerabilities:
|
| smtp-vuln-cve2010-4344 |
Checks for and/or exploits a heap overflow within versions of Exim prior to version 4.69 (CVE-2010-4344) and a privilege escalation vulnerability in Exim 4.72 and prior (CVE-2010-4345). |