Web application pen testing is essential for identifying and addressing security vulnerabilities in online systems. With Metasploit, a well-known framework for penetration testing, users can exploit common vulnerabilities such as SQL injection, cross-site scripting (XSS), and remote file inclusion (RFI). When paired with Termux, an Android terminal emulator, Metasploit allows ethical hackers to perform comprehensive pen testing on web applications directly from their mobile devices.
In this guide, we’ll walk you through the process of web application pen testing using Metasploit modules in Termux. From scanning for vulnerabilities to executing custom exploits, this approach helps uncover potential threats and provides the necessary steps to address them. Whether you’re testing a personal web project or running tests for a client, these modules will help you conduct an effective pen test.
Table of Contents
Prerequisites
Before you start web application pen testing, ensure the following:
- Termux installed on your Android device.
- Metasploit framework installed in Termux.
- Basic understanding of web vulnerabilities and penetration testing.
For detailed steps on securing your Termux setup, refer to our guide on Tips for Securing Your Termux Environment.
Step 1: Installing Metasploit in Termux
If you haven’t installed Metasploit yet, follow these steps:
Update and upgrade your Termux environment:
pkg update && pkg upgradeInstall Metasploit using the following command:
pkg install unstable-repo pkg install metasploitOnce Metasploit is installed, you’re ready to begin pen testing.
Step 2: Using Metasploit to Identify Web Vulnerabilities
SQL Injection Vulnerabilities
SQL injection is one of the most common vulnerabilities in web applications. Metasploit’s auxiliary/scanner/http/sql_injection module can help identify potential SQL injection points. To use this module:
Run the Metasploit console:
msfconsoleUse the SQL injection scanner:
use auxiliary/scanner/http/sql_injection set RHOSTS <target> set RPORT 80 runTest Output Example:
[*] Starting SQL Injection scan against 192.168.1.10
[*] Vulnerable parameter found: id
[*] Possible SQL injection vulnerability detected on: /login.php?id=1Explanation: In this example, Metasploit scanned the target IP and found a possible SQL injection vulnerability in the id parameter of the login.php page. This means an attacker could potentially manipulate this input to access or alter the database. As a next step, the pen tester could attempt to exploit this vulnerability by crafting a custom SQL query.
For more insights on using Metasploit in other contexts, visit the Metasploit Project’s official documentation.
Cross-Site Scripting (XSS)
Cross-site scripting allows an attacker to inject malicious scripts into web pages viewed by other users. Metasploit’s auxiliary/scanner/http/xss_scanner can help detect XSS vulnerabilities:
Load the XSS scanner module:
use auxiliary/scanner/http/xss_scanner set RHOSTS <target> runTest Output Example:
[*] Scanning 192.168.1.10 for XSS vulnerabilities
[*] Vulnerable URL found: /search?q=<script>alert('XSS')</script>Explanation: The output indicates that the target web application has a potential XSS vulnerability in the search query parameter (q). The scanner injected a simple XSS payload (<script>alert('XSS')</script>) and detected that the web page failed to properly sanitize this input, leading to potential exploitation. This could allow attackers to run malicious JavaScript on users’ browsers.
For further examples of network diagnostics with Termux, check our guide on Using Termux for Network Diagnostics.
Remote File Inclusion (RFI) Vulnerabilities
Remote file inclusion occurs when a web application allows external files to be included in the URL. This can lead to arbitrary code execution. To detect this vulnerability with Metasploit:
use auxiliary/scanner/http/file_inclusion set RHOSTS <target> runTest Output Example:
[*] Scanning for File Inclusion vulnerabilities on 192.168.1.10
[*] Vulnerable URL found: /index.php?page=../../../../etc/passwdExplanation: In this output, the scanner found a file inclusion vulnerability on the target’s index.php page, where the page parameter allows access to files outside the web root. In this case, it could lead to the exposure of sensitive files like /etc/passwd, which contains user information on Linux systems. Exploiting this vulnerability could allow attackers to view system files or execute arbitrary code.
Step 3: Exploiting Web Vulnerabilities
After identifying vulnerabilities with Metasploit modules, the next step is to exploit them. For example, after detecting an SQL injection vulnerability, you can use the appropriate exploit module:
Load the SQL injection exploit module:
use exploit/multi/http/sql_injection set RHOSTS <target> set payload <desired_payload> runTest Output Example:
[*] Exploiting SQL injection on 192.168.1.10
[*] Dumping database content...
[+] Retrieved data: username=admin, password=123456Explanation: This output shows the successful exploitation of an SQL injection vulnerability, where the attacker was able to extract sensitive information from the database, such as usernames and passwords. This illustrates how a vulnerability could be leveraged to gain unauthorized access to the web application.
Best Practices for Web Application Pen Testing
- Stay Legal: Always ensure you have permission to perform pen testing on a web application.
- Test in Isolated Environments: Avoid testing in production environments to prevent unintended disruptions.
- Update Regularly: Keep Metasploit and your testing tools updated to ensure compatibility with modern systems and vulnerabilities.
Conclusion
Using Metasploit modules for web application pen testing on Termux is a powerful method for identifying and exploiting common vulnerabilities like SQL injection, XSS, and RFI. By leveraging these tools, you can conduct thorough assessments of web applications and uncover security risks. Always follow ethical guidelines and best practices when performing pen testing to ensure responsible use of these tools.
Ethical Hacking Archive
Welcome to the Termux Ethical Hacking Archive. This dedicated archive is your go-to resource for everything related to ethical hacking using Termux, a powerful terminal emulator for Android. Whether you’re a beginner or looking to deepen your expertise, this archive provides a complete collection of articles to guide you through the essential aspects of ethical hacking with Termux.
