Something like 10 years ago, I noticed that if you looked at the commit counts on #Metasploit modules, you'd get a good idea of what modules people were actually using and wanting to improve. The idea being, these were modules that pentesters were actually using on site, and something about them bugged someone enough to put in a fix (maybe a missing target, or more options, or whatever).

I just looked again today after a conversation with @sawaba, and also looked at #Nuclei templates. Here's the top 10 of each, limited to the last 5 years worth of commits, excluding GitHub actions.

Whatcha think? Interesting?

exploits/multi/http/papercut_ng_auth_bypass.rb               38
exploits/multi/http/open_web_analytics_rce.rb                37
exploits/windows/local/bits_ntlm_token_impersonation.rb      37
exploits/windows/http/manageengine_adaudit_plus_cve_2022_28219.rb 32
exploits/linux/local/sudo_baron_samedit.rb                   31
exploits/unix/webapp/openmediavault_rpc_rce.rb               29
exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb 28
exploits/linux/http/empire_skywalker.rb                      28
exploits/multi/http/log4shell_header_injection.rb            26
exploits/windows/http/exchange_proxylogon_rce.rb             26


./http/cves/2019/CVE-2019-17382.yaml                         27
./http/cves/2021/CVE-2021-40822.yaml                         27
./http/cves/2023/CVE-2023-27034.yaml                         27
./http/cves/2021/CVE-2021-43798.yaml                         27
./http/cves/2023/CVE-2023-32243.yaml                         27
./http/cves/2021/CVE-2021-40870.yaml                         26
./network/cves/2016/CVE-2016-3510.yaml                       26
./http/cves/2021/CVE-2021-28164.yaml                         26
./network/cves/2020/CVE-2020-1938.yaml                       26
./http/cves/2022/CVE-2022-23854.yaml                         25

Testing #BashCore #Injector on the worst laptop alive:
Acer Aspire One D160 (2009) – Atom 450, 2GB RAM.

Ubuntu Server + Injector = full CLI pentesting kit:
#nmap #amass #dirb
#hydra #sqlmap #metasploit
#tshark #proxychains4 #tor
#vim #curl #python3 #R + more.

Let’s see if this relic can still hack it

Review: Metasploit, 2nd Edition https://www.helpnetsecurity.com/2025/06/02/review-metasploit-2nd-edition/ #BinaryDefense #Metasploit #TrustedSec #Don'tmiss #Reviews #OffSec #Rapid7 #review #News #book

Go beyond just using Metasploit – learn to build with it.

This comprehensive 2nd Edition guides you with foundational commands through porting public exploits (Chapter 12), building your own modules in Ruby (Chapter 13), and even fuzzing for novel vulnerabilities (Chapter 14).

Elevate individual skills while enriching the broader field. #Metasploit #InfoSec #ExploitDev #CyberSecurity

https://nostarch.com/metasploit-2nd-edition

Metasploit Basics: Your First Stop in Ethical Exploitation

The Metasploit Framework is a powerful tool used by ethical hackers and penetration testers to identify and validate security vulnerabilities — all within authorized lab environments.

What you'll learn as a beginner:
• Launching msfconsole and navigating modules
• Using search, use, and show options commands
• Exploiting known vulnerabilities (e.g., MS08-067) in test environments
• Understanding payloads, listeners, and sessions
• Basics of Meterpreter for post-exploitation testing

Ideal for cybersecurity learners, OSCP candidates, and red teamers building foundational skills — ethically and safely.

Disclaimer: This content is intended for educational and ethical use only. Use Metasploit only in lab environments or with explicit permission.

Nmap, Metasploit, Hydra, Mimikatz, Netcat: Overview & Uses

#CyberSecurity #PenTesting #EthicalHacking #Nmap #Metasploit #Hydra #Netcat

Tutorial Hacking Servidores
https://wiki.acosadores.net/doku.php?id=tutorial:hacking-servidores
#hacking #redes #informática #fuzzing #nmap #curl #seclists #ffuf #feroxbuster #cewl #searchsploit #wpscan #metasploit #grep