How To Use WMAP Web Scanner In Metasploit For Scanning Web Server Vulnerability
What WMAP is a feature-rich web application vulnerability scanner that was originally created from a tool named SQLMap . This tool is integrated with Metasploit and allows us to conduct web application scanning from within the Metasploit Framework. Vulnerability Scanning with WMAP We begin by first creating a new database to store our WMAP scan results in, load the wmap plugin, and run help to see what new commands are available to us. msf >load wmap Prior to running a web app scan, we first need to add a new target URL by passing the -a switch to wmap_sites . Afterwards, running wmap_sites -l will print out the available targets. 0 172.16.194.172 172.16.194.172 80 http 0 0 Next, we add the site as a target with wmap_targets . Once added, we can view our list of targets by using the -l switch from the console. Using the wmap_run command will scan the target system.