-
The HTTP header detection module grabs the HTTP headers in the server response. If the administrator has already blocked/removed the HTTP header, this module will not provide you with any output. The module works fine.
-
By default, the Metasploit web interface comes with NMAP version 4.x (pre-installed) in the package, which is used to perform host discovery and port scans. For better results, you can install and use the latest version of NMAP.
-
Yes, you can. The web interface only provides a Graphical User Interface (GUI) for the Metasploit framework, so you can add your own custom modules as well.
- You can place a reverse proxy in front of the page. You'll have to first authenticate yourself with an HTTP basic authentication mechanism and then you can use the login page to authenticate with the Metasploit web interface. For further information, check the documentation at https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/.