Identifying and Scanning Targets

We learned the basics of Metasploit in the Chapter 1, Getting Started with Metasploit. Let us now shift our focus to an essential aspect of every penetration test, that is, the scanning phase. One of the most critical aspects of penetration testing, the scanning phase involves identification of various software and services running on the target, hence, making it the most time consuming and the most crucial aspect of a professional penetration test. They say, and I quote, "If you know the enemy and know yourself, you need not fear the result of a hundred battles". If you want to gain access to the target by exploiting vulnerable software, the first step for you to take is to figure out if a particular version of the software is running on the target. The scanning and identification should be conducted thoroughly, so that you don't end up performing a DOS attack on the wrong version of the software.

In this chapter, we will try uncovering the scanning aspects of Metasploit and we will try gaining hands-on knowledge of various scanning modules. We will cover the following key aspects of scanning:

• Working with scanning modules for services such as FTP, MSSQL, and so on
• Scanning SNMP services and making use of them
• Finding out SSL and HTTP information with Metasploit auxiliaries
• Essentials required in developing a customized module for scanning
• Making use of existing modules to create custom scanners

Let's run a basic FTP scanner module against a target network and analyze its functionality in detail.