What are Auxiliary Modules in Metasploit?
In Metasploit, any module that is not an exploit is an auxiliary module. Exploit modules always have a payload. Auxiliary modules are a fascinating feature of the framework allowing it to extend for a variety of purposes other than exploitation. You can create your own quick vulnerability scanners, and port scanners, make MSF work as an FTP, HTTP, or SMTP client, and do a whole lot of other cool stuff. You have a ready-to-use code library at your disposal enabling quick development of such tools.
Auxiliary modules are a fascinating feature of the framework allowing it to extend for a variety of purposes other than exploitation:
- admin: Modules that modify, operate, or manipulate something on the target machine.
- analyze: We initially created this folder for password-cracking modules that require analysis time.
- client: We initially created this folder for an SMTP module for social-engineering purposes.
- dos: Pretty self-explanatory: denial-of-service modules.
- fuzzers: If your module is a fuzzer, this is where it belongs. Make sure to place it in the correct sub-directory based on the protocol.
- gather: Modules that gather, collect or enumerate data from a single target.
- scanner: Modules that use the Msf::Auxiliary::Scanner mixin almost always go here. Make sure to place yours in the correct sub-directory based on the protocol.
- server: Modules that are servers.
- sniffer: Modules that are sniffers.
Usage of Auxiliary Modules
Step 1: First, start the Metasploit framework by just running the command msfconsole on the terminal.
Step 2: Now to see all the auxiliary modules available in Metasploit just type the command:
show auxiliary
With almost 1,000 auxiliary modules, Metasploit is probably one of the most complete penetration frameworks out there.
List of Auxiliary Module Reference in Metasploit
The Metasploit Project is a computer security project that provides data about security vulnerabilities and assists in penetration testing. It is owned by Rapid7, a US-based cybersecurity firm. A notable subproject of Metasploit is the open-source Metasploit Framework—a tool used to develop and run exploit code on remote target systems.