As you have seen, auxiliary modules can have a wide range of uses. The infrastructure provided by the Metasploit Framework can produce a wide array of tools in a very short time. Using Metasploit’s auxiliary modules, you can scan an IP address range to determine which hosts are alive and which services are running on each host. You can then leverage this information to determine vulnerable services, such as in the WebDAV example, or even log in via brute force on a remote server.
Although you can easily create custom auxiliary modules, don’t discount the existing auxiliary modules in the Framework. These modules may be the exact one-off tool you need.
The auxiliary modules provide a wide range of potential additional avenues. For a web application, the auxiliary modules offer more than 40 additional checks or attacks that you can perform. In some instances, you may want to brute force a web server to see which servers are listing directories. Or you may want to scan the web server to see if it can act as an open proxy and relay traffic out to the Internet. Regardless of your needs, the auxiliary modules can provide additional enumeration information, attack vectors, or vulnerabilities.