Metasploit Auxiliary Modules
133
When we check the Foursquare website, we see a successful result. Mod-
ules like these demonstrate that Metasploit allows us to implement nearly
anything we can programmatically imagine.
Going Forward
As you have seen, auxiliary modules can have a wide range of uses. The infra-
structure provided by the Metasploit Framework can produce a wide array
of tools in a very short time. Using Metasploit’s auxiliary modules, you can
scan an IP address range to determine which hosts are alive and which ser-
vices are running on each host. You can then leverage this information to
determine vulnerable services, such as in the WebDAV example, or even log
in via brute force on a remote server.
Although you can easily create custom auxiliary modules, don’t discount
the existing auxiliary modules in the Framework. These modules may be the
exact one-off tool you need.
The auxiliary modules provide a wide range of potential additional ave-
nues. For a web application, the auxiliary modules offer more than 40 addi-
tional checks or attacks that you can perform. In some instances, you may
want to brute force a web server to see which servers are listing directories.
Or you may want to scan the web server to see if it can act as an open proxy
and relay traffic out to the Internet. Regardless of your needs, the auxiliary
modules can provide additional enumeration information, attack vectors, or
vulnerabilities.