Home metasploit Enumeration How to use HTTP enumeration in Metasploit

How to use HTTP enumeration in Metasploit

HTTP enumeration – HTTP is a stateless application layer protocol typically using TCP port 80 and communicating over the world wide web.

You can trace the TTP service and get a lot of information about the target system to get to it.

MSF has HTTP modules in addition to MSF modules that enumerate HTTP service information. They will also help you look for backup files in the webserver list directory, check the validity of the SSL certificate displayed on the web server, but mostly the authentication helper modules will be listed under the helper HTTP enumeration.

And one more thing about the port: HTTP uses 80, and when it comes to HTTPS, it uses 443, but both ports are optional. Why you’re asking? Administrators can easily change the port on which the web application is served, so be careful.

HTTP enumeration in Metasploit

Step 1:

First, we need to open the Metasploit so type the following command.

					msfconsole -q

After that, we need to find the HTTP enumeration modules so type the below quires in the Metasploit Terminal

					search http type:auxiliary
How to use HTTP enumeration in Metasploit

Step 2:

Now choose which module you want to execute. I choose the auxiliary/scanner/http/crawler module. If you select a module means to set that module with the use command

					use auxiliary/scanner/http/crawler

After that type the below quires that will help you to guide how to use the selected module

					show options
How to use HTTP enumeration in Metasploit

Step 3:

Now we need to set the required parameter, for example, in our selected module it needs RHOST, so I set RHOST using the set command.

					set RHOSTS

Step 4:

After setting the required parameters, enter the run command.

This is a format, so you can use any HTTP enumeration module, but it will set the required parameter correctly to only return the result; otherwise, an error will be displayed.


No Comments

Leave A Reply

Please enter your comment!
Please enter your name here