Some good Web vulnerability scanning modules in Metasploit

Information gathering web server scanning module

• Module auxiliary/scanner/http/http_version
• Module auxiliary/scanner/http/open_proxy
• Module auxiliary/scanner/http/robots_txt
• Module auxiliary/scanner/http/frontpage_login
• Module auxiliary/admin/http/tomcat_administration
• Module auxiliary/admin/http/tomcat_utf8_traversal
• Module auxiliary/scanner/http/options
• Module auxiliary/scanner/http/drupal_views_user_enum
• Module auxiliary/scanner/http/scraper
• Module auxiliary/scanner/http/svn_scanner
• Module auxiliary/scanner/http/trace
• Module auxiliary/scanner/http/vhost_scanner
• Module auxiliary/scanner/http/webdav_internal_ip
• Module auxiliary/scanner/http/webdav_scanner
• Module auxiliary/scanner/http/webdav_website_content

File directory scan module

• Module auxiliary/dos/http/apache_range_dos
• Module auxiliary/scanner/http/backup_file
• Module auxiliary/scanner/http/brute_dirs
• Module auxiliary/scanner/http/copy_of_file
• Module auxiliary/scanner/http/dir_listing
• Module auxiliary/scanner/http/dir_scanner
• Module auxiliary/scanner/http/dir_webdav_unicode_bypass
• Module auxiliary/scanner/http/file_same_name_dir
• Module auxiliary/scanner/http/files_dir
• Module auxiliary/scanner/http/http_put
• Module auxiliary/scanner/http/ms09_020_webdav_unicode_bypass
• Module auxiliary/scanner/http/prev_dir_same_name_file
• Module auxiliary/scanner/http/replace_ext
• Module auxiliary/scanner/http/soap_xml
• Module auxiliary/scanner/http/trace_axd
• Module auxiliary/scanner/http/verb_auth_bypass

Web application vulnerability scanning module

• Module auxiliary/scanner/http/blind_sql_query
• Module auxiliary/scanner/http/error_sql_injection
• Module auxiliary/scanner/http/http_traversal
• Module auxiliary/scanner/http/rails_mass_assignment
• Module exploit/multi/http/lcms_php_exec