Web vulnerability scanning modules in Metasploit

 

Information gathering web server scanning module

  • Module auxiliary/scanner/http/http_version
  • Module auxiliary/scanner/http/open_proxy
  • Module auxiliary/scanner/http/robots_txt
  • Module auxiliary/scanner/http/frontpage_login
  • Module auxiliary/admin/http/tomcat_administration
  • Module auxiliary/admin/http/tomcat_utf8_traversal
  • Module auxiliary/scanner/http/options
  • Module auxiliary/scanner/http/drupal_views_user_enum
  • Module auxiliary/scanner/http/scraper
  • Module auxiliary/scanner/http/svn_scanner
  • Module auxiliary/scanner/http/trace
  • Module auxiliary/scanner/http/vhost_scanner
  • Module auxiliary/scanner/http/webdav_internal_ip
  • Module auxiliary/scanner/http/webdav_scanner
  • Module auxiliary/scanner/http/webdav_website_content

 

File directory scan module

  • Module auxiliary/dos/http/apache_range_dos
  • Module auxiliary/scanner/http/backup_file
  • Module auxiliary/scanner/http/brute_dirs
  • Module auxiliary/scanner/http/copy_of_file
  • Module auxiliary/scanner/http/dir_listing
  • Module auxiliary/scanner/http/dir_scanner
  • Module auxiliary/scanner/http/dir_webdav_unicode_bypass
  • Module auxiliary/scanner/http/file_same_name_dir
  • Module auxiliary/scanner/http/files_dir
  • Module auxiliary/scanner/http/http_put
  • Module auxiliary/scanner/http/ms09_020_webdav_unicode_bypass
  • Module auxiliary/scanner/http/prev_dir_same_name_file
  • Module auxiliary/scanner/http/replace_ext
  • Module auxiliary/scanner/http/soap_xml
  • Module auxiliary/scanner/http/trace_axd
  • Module auxiliary/scanner/http/verb_auth_bypass

 

Web application vulnerability scanning module

  • Module auxiliary/scanner/http/blind_sql_query
  • Module auxiliary/scanner/http/error_sql_injection
  • Module auxiliary/scanner/http/http_traversal
  • Module auxiliary/scanner/http/rails_mass_assignment
  • Module exploit/multi/http/lcms_php_exec

Loading