SonicWall firewalls are a well-established line of network security appliances designed to protect businesses of various sizes from cyber threats. SNv Firewalls are designed for deployment in cloud and virtualized environments, providing the same level of security as their physical counterparts. Considering these are widely used appliances, it should be of an interest for many companies that Metasploit has released module for brute forcing HTTP and SSLVPN login page.
“Adding HTTP Login Scanner for SonicWall NSv. The SonicWall class can attack both admin accounts and SSLVPN users. For attacking only admin account, the parameter DOMAIN should be unset. SSLVPN accounts can be attacked, if DOMAIN is specified. The default value is LocalDomain.”
Steps for the usage:
use auxiliary/scanner/sonicwall/login_scannerset RHOSTS [IP]- either
set USERNAME [username]orset USERPASS_FILE [usernames file] - either
set PASSWORD [password]orset PASS_FILE [passwords file] set DOMAIN [domain to attack/empty string to attack admin account]run
This module is making much more easier for pen testers then using hydra and crafting payload but, also for malicious actors.