Many applications and services lack custom modules in Metasploit. Thankfully, the Framework has many features that can be useful when you’re building a custom scanner, including offering access to all of its exploit classes and methods, and support for proxies, Secure Sockets Layer (SSL), reporting, and threading. It can be very useful to write your own scanner during security assessments, because doing so will allow you to locate every instance of a bad password or unpatched service quickly on a target system.

The Metasploit Framework scanner modules include various mixins, such as exploit mixins for TCP, SMB, and so on, and the auxiliary scanner mixin that is built into the Framework. Mixins are portions of code with ...