Using Auxiliary Modules related to Web Applications

In this subsection, we'll see the usage of different kinds of auxiliary modules that will help us in reconnaissance of the target.

Mainly, reconnaissance-related auxiliary modules will be listed under the auxiliary/scanner/http/ structure of the framework. This will be similar to the following screenshot:

Using Auxiliary Modules related to Web Applications

Let us now use an auxiliary module to brute-force for directories. For this, I'll use the auxiliary/scanner/http/brute_dirs module.

We need to fireup the MSFConsole and hit the following command:

use auxiliary/scanner/http/brute_dirs

Running show options shows a comprehensive list of options supported ...

Get Mastering Modern Web Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.