Also see Kali/Wordlists

Info

In addition to the default wordlists that come with Kali Linux (see Kali/Wordlists), Metasploit also comes bundled with wordlists.

Note that these are much smaller, and mostly contain factory-default or trivially simple username and password combinations.

The principal utility of Metasploit wordlists consists in its matching of usernames and default passwords with services.

root@morpheus:~# ls -lh /usr/share/metasploit-framework/data/wordlists/
total 1.3M
-rw-r--r-- 1 root root 7.4K Jan  1 03:29 av_hips_executables.txt
-rw-r--r-- 1 root root  754 Jan  1 03:29 av-update-urls.txt
-rw-r--r-- 1 root root 7.3K Jan  1 03:29 burnett_top_1024.txt
-rw-r--r-- 1 root root 3.6K Jan  1 03:29 burnett_top_500.txt
-rwxr-xr-x 1 root root  236 Jan  1 03:29 cms400net_default_userpass.txt
-rwxr-xr-x 1 root root   68 Jan  1 03:29 db2_default_pass.txt
-rwxr-xr-x 1 root root  124 Jan  1 03:29 db2_default_userpass.txt
-rwxr-xr-x 1 root root   41 Jan  1 03:29 db2_default_user.txt
-rw-r--r-- 1 root root 8.9K Jan  1 03:29 default_pass_for_services_unhash.txt
-rw-r--r-- 1 root root  23K Jan  1 03:29 default_userpass_for_services_unhash.txt
-rw-r--r-- 1 root root 6.7K Jan  1 03:29 default_users_for_services_unhash.txt
-rw-r--r-- 1 root root  496 Jan  1 03:29 dlink_telnet_backdoor_userpass.txt
-rwxr-xr-x 1 root root 1.4K Jan  1 03:29 hci_oracle_passwords.csv
-rwxr-xr-x 1 root root  119 Jan  1 03:29 http_default_pass.txt
-rwxr-xr-x 1 root root  155 Jan  1 03:29 http_default_userpass.txt
-rwxr-xr-x 1 root root   92 Jan  1 03:29 http_default_users.txt
-rw-r--r-- 1 root root  100 Jan  1 03:29 http_owa_common.txt
-rw-r--r-- 1 root root   23 Jan  1 03:29 idrac_default_pass.txt
-rw-r--r-- 1 root root   17 Jan  1 03:29 idrac_default_user.txt
-rw-r--r-- 1 root root 8.5K Jan  1 03:29 ipmi_passwords.txt
-rw-r--r-- 1 root root   44 Jan  1 03:29 ipmi_users.txt
-rwxr-xr-x 1 root root  26K Jan  1 03:29 joomla.txt
-rw-r--r-- 1 root root  177 Jan  1 03:29 keyboard-patterns.txt
-rw-r--r-- 1 root root  69K Jan  1 03:29 malicious_urls.txt
-rwxr-xr-x 1 root root  383 Jan  1 03:29 multi_vendor_cctv_dvr_pass.txt
-rwxr-xr-x 1 root root   11 Jan  1 03:29 multi_vendor_cctv_dvr_users.txt
-rwxr-xr-x 1 root root  12K Jan  1 03:29 namelist.txt
-rwxr-xr-x 1 root root  17K Jan  1 03:29 oracle_default_hashes.txt
-rwxr-xr-x 1 root root  58K Jan  1 03:29 oracle_default_passwords.csv
-rwxr-xr-x 1 root root 7.6K Jan  1 03:29 oracle_default_userpass.txt
-rwxr-xr-x 1 root root   31 Jan  1 03:29 postgres_default_pass.txt
-rwxr-xr-x 1 root root   78 Jan  1 03:29 postgres_default_userpass.txt
-rwxr-xr-x 1 root root   22 Jan  1 03:29 postgres_default_user.txt
-rwxr-xr-x 1 root root  631 Jan  1 03:29 root_userpass.txt
-rw-r--r-- 1 root root 5.7K Jan  1 03:29 routers_userpass.txt
-rwxr-xr-x 1 root root  17K Jan  1 03:29 rpc_names.txt
-rwxr-xr-x 1 root root   36 Jan  1 03:29 rservices_from_users.txt
-rwxr-xr-x 1 root root  117 Jan  1 03:29 sap_common.txt
-rw-r--r-- 1 root root  280 Jan  1 03:29 sap_default.txt
-rwxr-xr-x 1 root root  11K Jan  1 03:29 sap_icm_paths.txt
-rwxr-xr-x 1 root root  206 Jan  1 03:29 sensitive_files.txt
-rw-r--r-- 1 root root  176 Jan  1 03:29 sensitive_files_win.txt
-rwxr-xr-x 1 root root 3.8K Jan  1 03:29 sid.txt
-rwxr-xr-x 1 root root  839 Jan  1 03:29 snmp_default_pass.txt
-rwxr-xr-x 1 root root 3.4K Jan  1 03:29 tftp.txt
-rwxr-xr-x 1 root root   39 Jan  1 03:29 tomcat_mgr_default_pass.txt
-rwxr-xr-x 1 root root  118 Jan  1 03:29 tomcat_mgr_default_userpass.txt
-rwxr-xr-x 1 root root   37 Jan  1 03:29 tomcat_mgr_default_users.txt
-rwxr-xr-x 1 root root 7.7K Jan  1 03:29 unix_passwords.txt
-rwxr-xr-x 1 root root  759 Jan  1 03:29 unix_users.txt
-rwxr-xr-x 1 root root    9 Jan  1 03:29 vnc_passwords.txt
-rwxr-xr-x 1 root root 563K Jan  1 03:29 vxworks_collide_20.txt
-rwxr-xr-x 1 root root 225K Jan  1 03:29 vxworks_common_20.txt

Flags

Metasploit any and all resources related to metasploit on this wiki MSF - on the metasploit framework generally Category:Metasploit - pages labeled with the "Metasploit" category label MSF/Wordlists - wordlists that come bundled with Metasploit MSFVenom - msfvenom is used to craft payloads Meterpreter - the shell you'll have when you use MSF to craft a remote shell payload. Category:Security  · Category:Metasploit  · Category:Kali Flags  · Template:MetasploitFlag  · e

Metasploitable: The Red Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the RED TEAM's tools and routes of attack. Metasploitable Databases: Exploiting MySQL with Metasploit: Metasploitable/MySQL Exploiting PostgreSQL with Metasploit: Metasploitable/Postgres Metasploitable Networking: Exploiting VSFTP Backdoor: Metasploitable/VSFTP SSH Penetration by Brute Force: Metasploitable/SSH/Brute Force SSH Penetration with Keys: Metasploitable/SSH/Keys SSH Penetration with Metasploit: Metasploitable/SSH/Exploits Brute-Forcing /etc/shadow File: Metasploitable/John Shadow File Exploiting NFS: Metasploitable/NFS Exploiting DNS Bind Server: Metasploitable/DNS Bind Metasploitable Services: distcc: Metasploitable/distcc Metasploitable Apache: Exploiting Apache (with Metasploit): Metasploitable/Apache Exploiting Apache (with Python): Metasploitable/Apache/Python Tor's Hammer DoS Attack: Metasploitable/TorsHammer * Apache DAV: Metasploitable/Apache/DAV * Apache Tomcat and Coyote: Metasploitable/Apache/Tomcat and Coyote Metasploitable Memory: General approach to memory-based attacks: Metasploitable/Memory Investigating memory data: Metasploitable/Volatile Data Investigation Dumping Memory from Metasploit: Metasploitable/Dumping Memory Metasploitable Fuzzing: (Have not done much work on fuzzing Metasploitable...) Fuzzing  · American Fuzzy Lop Category:Security  · Category:Metasploit  · Category:Metasploitable  · Category:Kali Flags  · Template:MetasploitableRedTeamFlag  · e

Metasploitablue: The Blue Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the BLUE TEAM's methods for defending Metasploitable: defending against and responding to intrusions. Hence the name, Metasploita-blue. Overview: Metasploitable/Defenses Metasploitable/Defenses/Stopping  · Metasploitable/Defenses/Detecting Metasploitable On-Machine Defenses: Linux Volatile Data System Investigation: Metasploitable/Volatile Data Investigation Linux Artifact Investigation: Metasploitable/Artifact Investigation Linux Iptables Essentials: Metasploitable/Iptables Firewall Assurance and Testing: Metasploitable/Firewall Password Assessment: Metasploitable/Password Assessment Standard Unix Ports: Unix/Ports Metasploitable Networking Defenses: Netcat and Cryptcat (Blue Team): Metasploitable/Netcat and Metasploitable/Cryptcat Nmap (Blue Team): Metasploitable/Nmap Network Traffic Analysis: Metasploitable/Network Traffic Analysis Suspicious Traffic Patterns: Metasploitable/Suspicious Traffic Patterns Snort IDS: Metasploitable/Snort Category:Security  · Category:Metasploit  · Category:Metasploitable  · Category:Kali Flags  · Template:MetasploitableBlueTeamFlag  · e

john the ripper password generator and all-around cracking tool. John the Ripper  · Category:John the Ripper Installing John the Ripper on Kali 2.0: Kali 2.0/John the Ripper Testing John: John the Ripper/Benchmarking Using John on /etc/shadow files: John the Ripper/Shadow File Password generation using rules and modes: John the Ripper/Password Generation Installing some useful password rules: John the Ripper/Rules Using John to feed password guesses to Aircrack: Aircrack and John the Ripper John the Ripper on AWS: Ubuntu/Barebones to JtR Getting Passwords from John: John the Ripper/Password Recovery Category:Kali  · Category:Security  · Category:Passwords Flags  · Template:JohnFlag  · e