background image

Metasploit Auxiliary Modules

133

When we check the Foursquare website, we see a successful result. Mod-

ules like these demonstrate that Metasploit allows us to implement nearly 
anything we can programmatically imagine.

Going Forward

As you have seen, auxiliary modules can have a wide range of uses. The infra-
structure provided by the Metasploit Framework can produce a wide array 
of tools in a very short time. Using Metasploit’s auxiliary modules, you can 
scan an IP address range to determine which hosts are alive and which ser-
vices are running on each host. You can then leverage this information to 
determine vulnerable services, such as in the WebDAV example, or even log 
in via brute force on a remote server.

Although you can easily create custom auxiliary modules, don’t discount 

the existing auxiliary modules in the Framework. These modules may be the 
exact one-off tool you need.

The auxiliary modules provide a wide range of potential additional ave-

nues. For a web application, the auxiliary modules offer more than 40 addi-
tional checks or attacks that you can perform. In some instances, you may 
want to brute force a web server to see which servers are listing directories. 
Or you may want to scan the web server to see if it can act as an open proxy 
and relay traffic out to the Internet. Regardless of your needs, the auxiliary 
modules can provide additional enumeration information, attack vectors, or 
vulnerabilities.