O'Reilly logo

Mastering Modern Web Penetration Testing by Prakhar Prasad

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using Auxiliary Modules related to Web Applications

In this subsection, we'll see the usage of different kinds of auxiliary modules that will help us in reconnaissance of the target.

Mainly, reconnaissance-related auxiliary modules will be listed under the auxiliary/scanner/http/ structure of the framework. This will be similar to the following screenshot:

Using Auxiliary Modules related to Web Applications

Let us now use an auxiliary module to brute-force for directories. For this, I'll use the auxiliary/scanner/http/brute_dirs module.

We need to fireup the MSFConsole and hit the following command:

use auxiliary/scanner/http/brute_dirs

Running show options shows a comprehensive list of options supported ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required