Wmap Web Scanner MetasploitWMAP is a framework to run scanning against Web applications, designed to be used as a plugin of MetaSploit Framework, has a simple, but extremely powerful architecture in comparison with other alternatives open source or commercial currently on the market, the simplicity of this plugin is that depends not on any search engine or web browser to capture data and manipulate them. The libraries that must be installed before proceeding with the execution of the plugin on a Debian/Ubuntu system are: sudo apt-get install libxml-ruby The first thing we will do is create a new database to store the results of analicis.
Code:
stuxnet@stuxnet:~$ sudo su postgres [sudo] password for stuxnet: postgres@stuxnet:/home/stuxnet$ createuser metasploit -P Enter password for new role: Enter it again: Shall the new role be a superuser? (y/n) y postgres@stuxnet:/home/stuxnet$ createdb --owner=metasploit metasploit Then in a terminal, type the following: Code:
sudo /etc/init.d/./postgresql start After having created the database we will open the metasploit console and type Code:
msf > db_connect metasploit:metasploit@127.0.0.1:5432/metasploit Where: Code:
User: metasploit (Replace with your user ) Passwd: metasploit (Replace with your password) After having created the database we will charge WMAP. Code:
msf > load wmap
Code:
msf > wmap_sites -s 0 1 Code:
msf > wmap_targets -t www.twitter.com,199.59.148.10 Code:
msf > set DOMIAN www.twitter.com Code:
msf > wmap_targets -l
Code:
msf > msf > wmap_run -t
Code:
msf > wmap_run -e Completion of all the exploration we will check if there is any vulnerability. Code:
msf > hosts -c address,svcs,vulns |
OUR MENU
Statistics
Total online: 1 Guests: 1 Users: 0 |