Skip to content

How to get started with writing an auxiliary module

sinn3r edited this page Aug 2, 2014 · 27 revisions

Metasploit is known for its free, open-source exploits - modules that pop shells. But in reality, penetration testers rely more on auxiliary modules, and often a successful pentest can be done without firing a single exploit. They're just more handy, and the punishment for a failed attempt is generally lower. Professionals actually love auxiliary modules.

Another interesting fact about auxiliary modules is that some of them aren't so different from being exploits. The main difference is how Metasploit defines it: if a module pops a shell, it's an exploit. If not, even though it takes advantage of a vulnerability, it still belongs to the auxiliary category. But hey, we like of like shells, so always try to make your module an exploit when possible.

Metasploit Wiki Pages


Clone this wiki locally