Metasploitable/Apache
From charlesreid1
HTTP Modules
First, here's a list of the scanner modules related to HTTP: https://www.offensive-security.com/metasploit-unleashed/scanner-http-auxiliary-modules/
This has a number of interesting modules to do the following:
- check if https certificates are expired
- check if directory listings are enabled on servers
- scan for directories
- bypass authentication using webdav unicode vulnerability [1]
- use delicious.com to farm links
- use archive.org to farm links
- check for presence of interesting files
- brute-force https login
- look for open proxy servers
- query IP addresses for web servers and capabilities
- find robots.txt
- grab SSL certificate information
- get web server version
- brute-force tomcat manager application login
- bpyass authentication using different HTTP verbs
- scan servers for webdav, content disclosure via webdav
- brute-force Wordpress logins
Whew!
Apache Modules
Searching for Apache-specific modules yields more specific exploits:
auxiliary/dos/http/apache_commons_fileupload_dos 2014-02-06 normal Apache Commons FileUpload and Apache Tomcat DoS auxiliary/dos/http/apache_mod_isapi 2010-03-05 normal Apache mod_isapi Dangling Pointer auxiliary/dos/http/apache_range_dos 2011-08-19 normal Apache Range Header DoS (Apache Killer) auxiliary/dos/http/apache_tomcat_transfer_encoding 2010-07-09 normal Apache Tomcat Transfer-Encoding Information Disclosure and DoS auxiliary/gather/apache_rave_creds normal Apache Rave User Information Disclosure auxiliary/gather/impersonate_ssl normal HTTP SSL Certificate Impersonation auxiliary/scanner/http/apache_activemq_source_disclosure normal Apache ActiveMQ JSP Files Source Disclosure auxiliary/scanner/http/apache_activemq_traversal normal Apache ActiveMQ Directory Traversal auxiliary/scanner/http/apache_mod_cgi_bash_env 2014-09-24 normal Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner auxiliary/scanner/http/apache_userdir_enum normal Apache "mod_userdir" User Enumeration auxiliary/scanner/http/axis_local_file_include normal Apache Axis2 v1.4.1 Local File Inclusion auxiliary/scanner/http/axis_login normal Apache Axis2 Brute Force Utility auxiliary/scanner/http/mod_negotiation_brute normal Apache HTTPD mod_negotiation Filename Bruter auxiliary/scanner/http/mod_negotiation_scanner normal Apache HTTPD mod_negotiation Scanner auxiliary/scanner/http/rewrite_proxy_bypass normal Apache Reverse Proxy Bypass Vulnerability Scanner auxiliary/scanner/http/tomcat_enum normal Apache Tomcat User Enumeration exploit/multi/http/apache_mod_cgi_bash_env_exec 2014-09-24 excellent Apache mod_cgi Bash Environment Variable Code Injection (Shellshock) exploit/multi/http/apache_roller_ognl_injection 2013-10-31 excellent Apache Roller OGNL Injection exploit/multi/http/struts_code_exec 2010-07-13 good Apache Struts Remote Command Execution exploit/multi/http/struts_code_exec_classloader 2014-03-06 manual Apache Struts ClassLoader Manipulation Remote Code Execution exploit/multi/http/struts_code_exec_exception_delegator 2012-01-06 excellent Apache Struts Remote Command Execution exploit/multi/http/struts_code_exec_parameters 2011-10-01 excellent Apache Struts ParametersInterceptor Remote Code Execution exploit/multi/http/struts_default_action_mapper 2013-07-02 excellent Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution exploit/multi/http/struts_dev_mode 2012-01-06 excellent Apache Struts 2 Developer Mode OGNL Execution exploit/multi/http/struts_include_params 2013-05-24 great Apache Struts includeParams Remote Code Execution exploit/multi/http/tomcat_mgr_deploy 2009-11-09 excellent Apache Tomcat Manager Application Deployer Authenticated Code Execution exploit/multi/http/tomcat_mgr_upload 2009-11-09 excellent Apache Tomcat Manager Authenticated Upload Code Execution