WMAP(web application vulnerability scanner)

WMAP is a web application vulnerability scanner that allows to conduct and automate web server enumeration and scanning from within the Metasploit Framework.

Available as a fully integrated MSF plugin
Utilizes the in-built MSF auxiliary modules

Load WMAP extension within msfconsole

load wmap

Add WMAP site

wmap_sites -a 192.28.60.3

Specify the target URL

wmap_targets -t http://192.28.60.3

wmap_sites -l
wmap_targets -l

Show only the MSF modules that will be able to be run against target

wmap_run -t

Run the web app vulnerability scan
- this will run all enabled modules against the target web server

wmap_run -e

Analyze the results produced by WMAP.

List WMAP found vulnerabilities

wmap_vulns -l

PreviousVulnerability Scanning NextNessus

Last updated 1 year ago