Vulnerability Scanning

Finding vulnerabilities using Metasploit will rely heavily on your ability to scan and fingerprint the target. The better you are at these stages, the more options Metasploit may provide you. For example, if you identify a VNC service running on the target, you may use the search function on Metasploit to list useful modules. The results will contain payload and post modules. At this stage, these results are not very useful as we have not discovered a potential exploit to use just yet. However, in the case of VNC, there are several scanner modules that we can use.

Example: VNC scanning modules

msf6 > use auxiliary/scanner/vnc/
use auxiliary/scanner/vnc/ard_root_pw
use auxiliary/scanner/vnc/vnc_login
use auxiliary/scanner/vnc/vnc_none_auth
msf6 > use auxiliary/scanner/vnc/

You can use the info command for any module to have a better understanding of its use and purpose.

VNC login scanner

msf6 auxiliary(scanner/vnc/vnc_login) > info

       Name: VNC Authentication Scanner
     Module: auxiliary/scanner/vnc/vnc_login
    License: Metasploit Framework License (BSD)
       Rank: Normal

.
.
.

Description:
  This module will test a VNC server on a range of machines and report 
  successful logins. Currently it supports RFB protocol version 3.3, 
  3.7, 3.8 and 4.001 using the VNC challenge response authentication 
  method.
.
.
.

msf6 auxiliary(scanner/vnc/vnc_login) >

As you can see, the vnc_login module can help us find login details for the VNC service.