Metasploit modules guide. Auxiliary

Cover image

Article Metadata

Category: CTI
Source article: https://medium.com/@1200km/metasploit-modules-guide-auxiliary-1821db1712f0
Published: 2024-11-18
Preserved media: 24 image(s), including cover images, screenshots, diagrams, and infographics where present.
Preserved technical blocks: 30 code/configuration block(s).

Ecosystem Fit

This page mirrors the original Medium article into the 1200km.com Docusaurus ecosystem. The original article flow, images, screenshots, infographics, and technical blocks are preserved from the export.

Complete Explanation of Auxiliary Mode in Metasploit

Comprehensive Guide to Metasploit. Part 1

The Ultimate Guide to Metasploit. Part 2

Introduction

Theauxiliary modein Metasploit is a non-exploit-focused category of modules designed for tasks such as reconnaissance, scanning, enumeration, password brute-forcing, and testing. These modules help gather information, identify vulnerabilities, and assess systems without actively exploiting them. They are essential in the early stages of penetration testing and for non-destructive assessments.

If you want to see all auxiliary modules, open Metasploit and run next command:

show
 auxiliary

Standart commands:

Search module:

search 
<
name
>

Use module from list by ID

use
 
0

Use module by name

use <
module
 name>

Show configuration options:

show
 options

Set parameters:

set
 
<
name 
of
 
parameter
>
 
<
parameter
>

Run module

run

Now real life examples of usage

Scanners
Enumerators
Brute-Forcers
Vulnerability Scanners
Network Discovery
Denial of Service (DoS)

1. Scanners

Purpose: Identify open ports, active services, and vulnerabilities in networks or systems.

Examples :

auxiliary/scanner/portscan/tcp: Scans for open TCP ports.

search auxiliary/scanner/portscan/tcp

use
 
0
show options

set
 RHOST 192.168.126.130
run

auxiliary/scanner/http/http_version: Detects the HTTP server version:

search auxiliary/scanner/http/http_version

use
 
0
show options

set
 RHOSTS https://juice-shop.herokuapp.com/
set
 RPORT 443
set
 SSL 
true
run

2. Enumerators

Purpose: Gather detailed information about services, configurations, and resources on a system.

Examples :

auxiliary/scanner/smb/smb_enumshares: Lists shared folders in SMB.

search auxiliary/scanner/smb/smb_enumshares

use
 
0
show options

set
 RHOST 182.x.x.x
run

auxiliary/scanner/http/dir_scanner: Finds hidden web directories.

search
 auxiliary
/
scanner
/
http
/
dir_scanner
use 
0
show
 options

set
 RHOST https://juice-shop.herokuapp.com/
set
 RPORT 443

You can use custom directions dictionaries.

For example:

set
 DICTIONARY /usr/share/dirbuster/wordlists/directory-list-lowercase-2.3-medium.txt

3. Brute-Forcers

More information about brute force attacks here

Purpose: Automate password brute-forcing for authentication protocols like SSH, FTP, and HTTP.
Examples:

auxiliary/scanner/ssh/ssh_login: Brute-forces SSH credentials.

search auxiliary/scanner/ssh/ssh_login

use
 
0
show options

set
 ANONYMOUS_LOGIN 
true
set
 PASS_FILE ~/Documents/PasswordCracking/Dictionaries/short.txt
set
 RHOSTS 192.168.126.130
set
 USER_FILE ~/Documents/PasswordCracking/Dictionaries/1000_usernames.txt
run

Succsess

auxiliary/scanner/ftp/ftp_login: Brute-forces FTP logins.

search auxiliary/scanner/ftp/ftp_login

use
 
0
show options

set
 ANONYMOUS_LOGIN 
true
set
 PASS_FILE ~/Documents/PasswordCracking/Dictionaries/short.txt
set
 RHOSTS 192.168.126.130
set
 USER_FILE ~/Documents/PasswordCracking/Dictionaries/1000_usernames.txt
run

4. Vulnerability Scanners

Purpose: Check for known vulnerabilities in services or protocols.

Examples:

auxiliary/scanner/smb/smb_ms17_010: Scans for EternalBlue vulnerability.

search
 auxiliary
/
scanner
/
smb
/
smb_ms17_010
use 
0
show
 options
set
 RHOSTS 
192.168
.126
.150
run

5. Network Discovery

Purpose: Identify hosts, devices, and network configurations.

Examples:

auxiliary/scanner/discovery/arp_sweep: Identifies active hosts on a subnet.

Run msfconsole as sudo

search
 auxiliary
/
scanner
/
discovery
/
arp_sweep
use 
0
show
 options
set
 INTERFACE vmnet8
set
 RHOSTS 
192.168
.126
.13
run

auxiliary/scanner/rdp/rdp_scanner: Scans for RDP-enabled devices.

search
 auxiliary
/
scanner
/
rdp
/
rdp_scanner
use 
0
 
show
 options
set
 RHOSTS 
192.168
.126
.130
run

6. Denial of Service (DoS)

Purpose: Test systems for susceptibility to DoS attacks.

Examples:

auxiliary/dos/http/slowloris: Simulates Slowloris DoS on HTTP servers.

search
 auxiliary
/
dos
/
http
/
slowloris
use 
0
show
 options
set
 rhost juice
-
shop.herokuapp.com
set
 rport 
443
sel ssl 
true
run

auxiliary/dos/tcp/synflood: Launches a TCP SYN flood attack.

search auxiliary/dos/tcp/synflood
use 0
set
 INTERFACE wlan0
set
 RHOSTS juice-shop.herokuapp.com
set
 RPORT 443
run

Search and try other modules!

Auxiliary Module Reference - Metasploit Unleashed *The Metasploit Framework includes hundreds of auxiliary modules that perform scanning, fuzzing, sniffing, and much…*www.offsec.com

Good luck!

1200km@gmail.com

Ecosystem Fit​

Complete Explanation of Auxiliary Mode in Metasploit​

Introduction​

Standart commands:​

Now real life examples of usage​

1. Scanners​

Examples :​

2. Enumerators​

Examples :​

3. Brute-Forcers​

4. Vulnerability Scanners​

5. Network Discovery​

6. Denial of Service (DoS)​

Search and try other modules!​

Good luck!​

Ecosystem Fit

Complete Explanation of Auxiliary Mode in Metasploit

Introduction

Standart commands:

Now real life examples of usage

1. Scanners

Examples :

2. Enumerators

Examples :

3. Brute-Forcers

4. Vulnerability Scanners

5. Network Discovery

6. Denial of Service (DoS)

Search and try other modules!

Good luck!