Tod Beardsley<p>Something like 10 years ago, I noticed that if you looked at the commit counts on <a href="https://infosec.exchange/tags/Metasploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Metasploit</span></a> modules, you'd get a good idea of what modules people were actually using and wanting to improve. The idea being, these were modules that pentesters were actually using on site, and something about them bugged someone enough to put in a fix (maybe a missing target, or more options, or whatever).</p><p>I just looked again today after a conversation with <span class="h-card" translate="no"><a href="https://infosec.exchange/@sawaba" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>sawaba</span></a></span>, and also looked at <a href="https://infosec.exchange/tags/Nuclei" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nuclei</span></a> templates. Here's the top 10 of each, limited to the last 5 years worth of commits, excluding GitHub actions.</p><p>Whatcha think? Interesting?</p><pre><code>exploits/multi/http/papercut_ng_auth_bypass.rb 38<br>exploits/multi/http/open_web_analytics_rce.rb 37<br>exploits/windows/local/bits_ntlm_token_impersonation.rb 37<br>exploits/windows/http/manageengine_adaudit_plus_cve_2022_28219.rb 32<br>exploits/linux/local/sudo_baron_samedit.rb 31<br>exploits/unix/webapp/openmediavault_rpc_rce.rb 29<br>exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb 28<br>exploits/linux/http/empire_skywalker.rb 28<br>exploits/multi/http/log4shell_header_injection.rb 26<br>exploits/windows/http/exchange_proxylogon_rce.rb 26<br><br><br>./http/cves/2019/CVE-2019-17382.yaml 27<br>./http/cves/2021/CVE-2021-40822.yaml 27<br>./http/cves/2023/CVE-2023-27034.yaml 27<br>./http/cves/2021/CVE-2021-43798.yaml 27<br>./http/cves/2023/CVE-2023-32243.yaml 27<br>./http/cves/2021/CVE-2021-40870.yaml 26<br>./network/cves/2016/CVE-2016-3510.yaml 26<br>./http/cves/2021/CVE-2021-28164.yaml 26<br>./network/cves/2020/CVE-2020-1938.yaml 26<br>./http/cves/2022/CVE-2022-23854.yaml 25<br></code></pre>