background image

Metasploit Auxiliary Modules

125

   gather/citrix_published_applications

normal 

Citrix MetaFrame ICA Published 

Applications Scanner

   gather/citrix_published_bruteforce

normal 

Citrix MetaFrame ICA Published

Applications Bruteforcer

   gather/dns_enum

normal

DNS Enumeration Module

   gather/search_email_collector

normal

Search Engine Domain Email Address 

Collector

   pdf/foxit/authbypass

normal

Foxit Reader Authorization Bypass

   scanner/backdoor/energizer_duo_detect normal

Energizer DUO Trojan Scanner

   scanner/db2/db2_auth

normal

DB2 Authentication Brute Force Utility

   scanner/db2/db2_version

normal

DB2 Probe Utility

As you can see in this trimmed output, the auxiliary modules are orga-

nized by category. At your disposal are the DNS enumeration module, Wi-Fi 
fuzzers, and even a module to locate and abuse the Trojan backdoor that was 
included on Energizer USB battery chargers.

Using an auxiliary module is similar to using any exploit within the 

Framework—simply issue the 

use

 command followed by the module name. 

For example, to use the 

webdav_scanner

 module (explored in “Auxiliary Mod-

ules in Use” on page 126), you would run 

use scanner/http/webdav_scanner 

as 

shown below. 

NOTE

In auxiliary modules, the basic options are slightly different with an 

RHOSTS

 option to tar-

get multiple machines and a 

THREADS

 value to fine-tune the speed of your scanning.

 msf > 

use scanner/http/webdav_scanner

 msf auxiliary(webdav_scanner) > 

info

       Name: HTTP WebDAV Scanner
    Version: 9179
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  et <et@metasploit.com>

Basic options:
  Name     Current Setting  Required  Description
  ----     ---------------  --------  -----------
  Proxies                   no        Use a proxy chain

  RHOSTS 

yes       The target address range or CIDR identifier

  RPORT    80               yes       The target port

  THREADS  1 

yes       The number of concurrent threads

  VHOST                     no        HTTP server virtual host

Description:
  Detect webservers with WebDAV enabled

msf auxiliary(webdav_scanner) >