Kali Linux WMAP Scan Small note

0x01 WMAP Introduction

WMAP itself is not a separate vulnerability scanner, but as a module of Metasploit, combined with web vulnerabilities and Web services related modules work together to complete the target Server Scan task, that is, If we want to use the WMAP module, we need to load it in Metasploit to be able to use it.

0x02 Metasploit Database Preparation

the new version of the Metasploit database connection method is different than the old version of Kali , so our database link method will also be in the old tutorial and some other

Before running the Metasploit terminal, we need to start the database service to store the scan results:

Service PostgreSQL Start

If this is the first time, you need to initialize and start the database:

Msfdb Initmsfdb Start

0x03 WMAP Use

First open a terminal, start Metasploit:

Msfconsole

Then wait for MSF to open, and we'll load the WMAP plugin into MSF:

Load WMAP

After the prompt appears, the WMAP is successfully loaded, and if an error occurs in general, MSF cannot connect to the database because of a database configuration

How to modify can refer to the configuration method in the second step, there is not much elaboration

Then let's take a quick look at some of the parameters of WMAP:

Help

After a brief initial understanding of WMAP, we started using WMAP to scan the site:

Wmap_site-a <target>

Here our locally built website link is 192.168.1.102, so we enter:

Wmap_sites-a http://192.168.0.102

, the setting is successful when the [*]site created. Typeface appears

Then we can take a look at our goals:

Wmap_sites-l

Here we can use if we want to remove some of the unwanted target sites:

WMAP _sites-d <Id>

After loading the site, we then enter the instructions to set up the scanned site:

<Id>

We previously loaded the site ID is 0, so we entered the wmap_targets-d 0, corresponding, if there are multiple to select the site we can use their ID to scan the list of different sites

After determining the scan site, let's look at the list of targets scanned:

Wmap_targets-l

After configuring the WMAP scan target, we first load some of the EXP modules to be used by the scan:

Wmap_run-t

After waiting for loading to complete, we start scanning the site:

Wmap_run-e

Here our scans are going to be slower than the previous steps, so we need to wait a while

When the interface appears, it indicates that the scan is complete:

After the scan is complete we need to see a summary of the scan results:

Vulns // You can also use Wmap_vulns-l to see that the two statements work the same way .

This completes the use of WMAP to scan the site process, I hope you can learn some knowledge, I have limited technical, if the article in the technical aspects of the loopholes or misleading, please contact me immediately, I will be the first time on the problem where the change, to avoid misleading readers

Kali Linux WMAP Scan Small note