WMAP
"WMAP is a general purpose web application scanning framework for Metasploit 3. The architecture is simple and its simplicity is what makes it powerful. It's a different approach compared to other open source alternatives and commercial scanners, as WMAP is not build around any browser or spider for data capture and manipulation."
STEP 1: load sqlite3 database
>load db_sqlite3
STEP 2: Create new database
>db_create wmapjack.db
STEP 3: Load wmap Database
>load db_wmap
STEP 4: Connect to wmap database
>db_connect wmap.db
Now just add web application target address
>wmap_targets -a http://127.0.0.1
Set it to the new target with the following command:
>wmap_targets -s 1
wmap_run - execute application mapping
The active modules are:
wmap_ssl_vhost WMAP_SERVER
frontpage_login WMAP_SERVER
version WMAP_SERVER
wmap_vhost_scanner WMAP_SERVER
wmap_file_same_name_dir WMAP_DIR - this will take a while (bruteforcing directory names)
wmap_reports - view web application report
Test your application
Posts
No comments:
Post a Comment