How To Use WMAP Web Scanner In Metasploit For Scanning Web Server Vulnerability

What WMAP is a feature-rich web application vulnerability scanner that was originally created from a tool named SQLMap. This tool is integrated with Metasploit and allows us to conduct web application scanning from within the Metasploit Framework.

Vulnerability Scanning with WMAP

We begin by first creating a new database to store our WMAP scan results in, load the wmap plugin, and run help to see what new commands are available to us.

 

msf >load wmap

Prior to running a web app scan, we first need to add a new target URL by passing the -a switch to wmap_sites. Afterwards, running wmap_sites -l will print out the available targets.

0   172.16.194.172  172.16.194.172  80    http   0        0

Next, we add the site as a target with wmap_targets.

Once added, we can view our list of targets by using the -l switch from the console.

Using the wmap_run command will scan the target system.

We first use the -t switch to list the modules that will be used to scan the remote system.

All that remains now is to actually run the WMAP scan against our target URL.

Once the scan has finished executing, we take a look at the database to see if WMAP found anything of interest.

Looking at the above output, we can see that WMAP has reported one vulnerability. Running vulns will list the details for us.

 

Because of our vulnerability scanning with WMAP, we can now use these results to gather further information on the reported vulnerability. As pen-testers, we would need to investigate each finding further and identify if there are potential methods for attack.