Welcome

The VolatileMinds store offers exploits for known vulnerabilities, custom tools, and packs focused on open source and enterprise software. Our custom plugin extends the open-source Metasploit Framework, allowing you to search for and purchase material directly from the console. Free or purchased items can be synced and loaded automatically. Security engineers and penetration testers can use the plugin to more efficiently find, audit, and verify software on modern and dynamic enterprise networks.

Multiple types of products are available such as exploits, scanners, and tools for bruteforcing weak credentials. All scanners are free, so simply create an account, load the volatileminds plugin, then sync all the free scanners from the store to your local Metasploit installation.

Packs are collections of products, generally focused on a particular brand or piece of software. Purchasing a pack is always cheaper than purchasing its contents separately. You can then subscribe for a small fee to any purchased packs and automatically gain access to products added to the pack in the future at no extra cost.

New Products

Wordpress Hide & Security Enhancer Arbitrary File Read

This module exploits an unauthenticated arbitrary file read in vulnerable Wordpress instances.


3 credits
Evince .cbt Remote Command Execution

This module exploits a vulnerability in the Evince document reader in order to execute an arbitrary command.


4 credits
SuiteCRM Scanner

This module scans for instances of SuiteCRM on the network.


0 credits
SuiteCRM Bruteforce

This module attempts to bruteforce weak credentials on SuiteCRM instances.


3 credits

Top Products

Discourse Forums Bruteforce

This module bruteforces Discourse Forums credentials.


2 credits
MyBB Username/Salt/Password hash/Email Enumeration via Unathenticated SQL injection

This module enumerates MyBB usernames and password hashes on vulnerable instances.


1 credits
MediaWiki SyntaxHighlight Remote Code Execution

This modules exploits vulnerable instances in order to gain a remote shell.


7 credits
Joomla com_fields SQL Injection User Enumeration

This module exploits an unauthenticated SQL injection in Joomla in order to enumerate users and password hashes.


5 credits

Top Packs

Wordpress Pack

This pack focuses on Wordpress products


More info
Splunk Pack

This pack focuses on Splunk products


More info
Joomla Pack

This pack focuses on Joomla products


More info
MediaWiki Pack

This pack focuses on MediaWiki modules


More info

Top Categories

Wordpress   Enterprise   SQL Injection   Command Execution  

Stay up to date!

Sign up for our regular newsletter (usually weekly), detailing new products on the store.