Target service scanning with auxiliary modules
Let us now try out some targeted scanning for specific services running on a range of IP addresses, or on a single target host. Various service-based scans are available; VNC, FTP, SMB, and so on. Auxiliary modules can be really handy in such situations when we are looking for specific types of services on our target.
Getting ready
Let us find out what service-based scanning auxiliary modules are available to us. We can navigate through the following path:
root@bt:/pentest/exploits/framework3/modules/auxiliary/scanner# ls
backdoor emc ip mysql pop3 sap ssh vnc
db2 finger lotus netbios portscan sip telephony voice
dcerpc ftp misc nfs postgres smb telnet vxworks
dect http motorola ntp rogue smtp tftp x11
discovery imap mssql oracle rservices snmp upnp
As we can see, there are lots of options for service scan modules which can be very handy during penetration testing. Let us quickly work...
