Using Auxiliary Modules related to Web Applications

In this subsection, we'll see the usage of different kinds of auxiliary modules that will help us in reconnaissance of the target.

Mainly, reconnaissance-related auxiliary modules will be listed under the auxiliary/scanner/http/ structure of the framework. This will be similar to the following screenshot:

Using Auxiliary Modules related to Web Applications

Let us now use an auxiliary module to brute-force for directories. For this, I'll use the auxiliary/scanner/http/brute_dirs module.

We need to fireup the MSFConsole and hit the following command:

use auxiliary/scanner/http/brute_dirs

Running show options shows a comprehensive list of options supported ...

Get Mastering Modern Web Penetration Testing now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.