How to Conduct a Pentest on Android Using Metasploit Auxiliary Scanners

Metasploit Auxiliary Scanners are valuable tools for any pentest, providing an array of modules designed to scan networks, identify vulnerabilities, and gather critical information to aid in penetration testing efforts. These scanners allow security professionals to probe various services, protocols, and devices within a network, helping them assess the security posture of their targets. Using them within Termux, a versatile terminal emulator for Android, enables you to convert your mobile device into a full-fledged penetration testing platform that is both portable and powerful. This setup is ideal for conducting pentests on the go, making security assessments more flexible and convenient.

This article will walk you through the steps needed to leverage Metasploit Auxiliary Scanners within Termux for an effective pentest. You’ll learn how to install, configure, and run auxiliary scanners to perform comprehensive scans, uncover hidden vulnerabilities, and gather detailed data on your target systems.

Whether you are a seasoned security researcher looking to streamline your mobile pentest processes or a beginner eager to explore the world of penetration testing, this guide will provide practical insights to help you maximize the potential of Metasploit’s auxiliary scanners. By the end of this tutorial, you will have the knowledge and tools to turn your Android device into a powerful and portable pentesting solution, capable of uncovering critical vulnerabilities and improving the security of networks and systems.


Table of Contents


Prerequisites

Before conducting a pentest, ensure you have the following:

  • Termux installed on your Android device
  • Metasploit Framework properly installed in Termux
  • A basic understanding of networking and penetration testing tools

For detailed installation instructions, check out our Metasploit installation guide.


Step 1: Updating Metasploit and Required Modules

To ensure you’re ready for a pentest, make sure your Metasploit Framework is up-to-date. Run the following commands:

apt update && apt upgrade
msfupdate

Test Output:

Hit:1 https://dl.bintray.com/termux/termux-packages-24 stable InRelease
Reading package lists... Done
All packages are up to date.
Updating Metasploit Framework...
[*] Metasploit Framework has been updated to version 6.0.47.

Step 2: Exploring Available Auxiliary Scanners for Pentest

To explore all auxiliary scanners available for your pentest:

msfconsole
search auxiliary/scanner

Test Output:

msf6 > search auxiliary/scanner

Matching Modules
================

   #  Name                                              Disclosure Date  Rank       Check  Description
   -  ----                                              ---------------  ----       -----  -----------
   0  auxiliary/scanner/http/http_version                               normal     No     HTTP Version Detection
   1  auxiliary/scanner/ssh/ssh_version                                 normal     No     SSH Version Detection
   2  auxiliary/scanner/smb/smb_version                                 normal     No     SMB Version Detection
   ...

Step 3: Using an Auxiliary Scanner for Your Pentest

Let’s walk through using the HTTP version scanner for a pentest. Here’s how you can do it:

use auxiliary/scanner/http/http_version

Test Output:

msf6 auxiliary(scanner/http/http_version) >

Set the target IP address:

set RHOSTS 192.168.1.100
RHOSTS => 192.168.1.100

Review available options:

show options
Module options (auxiliary/scanner/http/http_version):
   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOSTS   192.168.1.100    yes       The target address range or CIDR identifier
   RPORT    80               yes       The target port (TCP)
   THREADS  1                yes       The number of concurrent threads (max one per host)

Run the scanner:

run

Test Output:

[*] 192.168.1.100:80        Apache/2.4.41 (Ubuntu)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

By following these steps, you can gather critical information for your pentest.


Step 4: Running Multiple Auxiliary Scanners in a Pentest

One of the best features of Metasploit’s auxiliary modules is that you can run multiple scanners at the same time, increasing the speed and coverage of your pentest. For instance, to scan both HTTP and SSH versions on a target, load and configure each scanner in separate sessions.

Load SSH version scanner:

use auxiliary/scanner/ssh/ssh_version 

Test Output:

msf6 auxiliary(scanner/ssh/ssh_version) >

Set target IP and run the scanner

set RHOSTS 192.168.1.100 
run 

Test Output:

[*] 192.168.1.100:22        SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Now, your pentest includes results from both HTTP and SSH version scans.


Step 5: Automating Your Pentest with Resource Scripts

To streamline repetitive tasks during a pentest, use resource scripts to automate common scans. Here’s how to create and execute a resource script:

Create a file named scanner.rc and add the following:

use auxiliary/scanner/http/http_version
set RHOSTS 192.168.1.100
run
use auxiliary/scanner/ssh/ssh_version
set RHOSTS 192.168.1.100
run

Run the script with:

bashCopy codemsfconsole -r scanner.rc
msfconsole -r scanner.rc

Test Output:

[*] Processing scanner.rc for ERB directives.
resource (scanner.rc)> use auxiliary/scanner/http/http_version
resource (scanner.rc)> set RHOSTS 192.168.1.100
RHOSTS => 192.168.1.100
resource (scanner.rc)> run
[*] 192.168.1.100:80        Apache/2.4.41 (Ubuntu)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
resource (scanner.rc)> use auxiliary/scanner/ssh/ssh_version
resource (scanner.rc)> set RHOSTS 192.168.1.100
RHOSTS => 192.168.1.100
resource (scanner.rc)> run
[*] 192.168.1.100:22        SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

By using scripts like this, you can automate critical steps in your pentest process, saving time and ensuring consistency.


Conclusion

Using Metasploit Auxiliary Scanners in Termux can significantly enhance your pentest efforts. Whether you’re scanning a single target or automating a series of scans, this mobile-friendly setup empowers you to perform efficient penetration testing tasks directly from your Android device.

Explore more auxiliary scanners and keep experimenting to elevate your pentest skills.

Leave a Comment