We have already seen some auxiliary modules back in Chapter 2, Information Gathering and Scanning, so in this recipe we will focus on some of the most used and helpful auxiliary modules.
To list available auxiliary modules, we can use the show auxiliary
command within msfconsole
:
With almost 1,000 auxiliary modules, Metasploit is probably one of the most complete penetration frameworks out there.
We will start with one of the most useful HTTP auxiliary modules, the HTTP Directory Scanner. This module identifies the existence of interesting directories in a given directory path. By default, it uses the wmap_dirs.txt
word dictionary but you can specify your own; to run the module we need to set the target IP address, range, or CIDR identifier.
- In this example, I used the IP address of the Metasploitable 2 target machine:
msf > use auxiliary/scanner/http/dir_scanner msf auxiliary(scanner/http/dir_scanner) > set RHOSTS 192.168.216.129...