In the previous article, we learned how to perform a network vulnerability assessment by using the OpenVAS plug-in. In this continuation, we will see how to perform a web application vulnerability assessment by using the wmap plug-in.
WMAP is a feature-rich web vulnerability scanner that was originally created from a tool named SQLMap. This tool is integrated with Metasploit and allows us to conduct webapp scanning from within the framework.
Ethical Hacking Training – Resources (InfoSec)
Launch msfconsole and type in load wmap.
It will load and open the wmap plug-in from its database. Now type in help and it will show all usage commands for wmap.
As can be seen in the above figure, the wmap_sites command is used for managing sites, so we are going to use this command. Type in wmap_sites -h and it will show all usage options for managing sites.
In the above figure, we can see that the -a option is for adding a site. So let us add a site by using this options. Type in wmap_site -a <target>. Here we hosted a web application in our local machine . That’s why our target IP is a local IP address: wmap_sites -a http://192.168.0.102
Once the site is created, we can check our added sites by typing wmap_sites -l and it will list all of them.
Our site is added; now we will add the target. First type in the wmap_targets -h command for listing all wmap_targets usage options.
As we can see in the usage options, we can add our target by using two options. One is -t, for which we have to provide the target URL. If we use -d, we have to give target site id. Here we will use the -d option. So our command is wmap_targets -d 0
After adding the target ID, we can see that it loaded the target address. Now we can check the list to see if our target is added or not; type in wmap_targets -l
Now everything is ready; the target is successfully added and we can run our wmap for scanning the web applications. The scanning command is wmap_run but, before running this command, check all the usage options. Type in wmap_run -h
As we can see in the usage options, -t is for checking all enabled modules, which is used for scanning. So type in wmap_run -t
After triggering this command, it will show all the various testing modules.
Now type in wmap_run -e and it will start scanning with all enabled modules.
It will take some time, depending on how big the application is. After completion of scanning, it will look like this.
Now we can check all vulnerabilities by typing vulns.
We can see in the above figure that the trace method is enabled on the application detected and the vulnerability references CVE ID, OSVD, BID, etc., are showing.
Hi Rohit,
Article is nice. But i have few Questions.
1. If the website needs login to access the page, then how to give the credentials in this tool?
2. It will find only SQL injection vul or for all kind of vulnerabilities?
Thanks.
i use wmap 2 time but the problem is that my old target is still in the list can you tell me how can i remove my 1 target for next scanning please help me
sorry for my english
@Ch M Osama try wmap_site -d
nice atricle good job!
msf > wmap_run -t
[*] Testing target:
[*] Site: 192.168.3.23 (192.168.3.23)
[*] Port: 80 SSL: false
============================================================
[*] Testing started. 2015-01-09 11:30:02 +0530
[*] Loading wmap modules…
[-] Error while running command wmap_run: uninitialized constant SocialEngineering
Call stack:
/opt/metasploit/apps/pro/modules/auxiliary/pro/social_engineering/email_track.rb:39:in `initialize’
/opt/metasploit/apps/pro/msf3/lib/msf/core/module_set.rb:55:in `new’
/opt/metasploit/apps/pro/msf3/lib/msf/core/module_set.rb:55:in `create’
/opt/metasploit/apps/pro/msf3/lib/msf/core/module_set.rb:224:in `block in demand_load_modules’
/opt/metasploit/apps/pro/msf3/lib/msf/core/module_set.rb:221:in `each_pair’
/opt/metasploit/apps/pro/msf3/lib/msf/core/module_set.rb:221:in `demand_load_modules’
/opt/metasploit/apps/pro/msf3/lib/msf/core/module_set.rb:88:in `each_module’
/opt/metasploit/apps/pro/msf3/plugins/wmap.rb:2203:in `block in load_wmap_modules’
/opt/metasploit/apps/pro/msf3/plugins/wmap.rb:2201:in `each’
/opt/metasploit/apps/pro/msf3/plugins/wmap.rb:2201:in `load_wmap_modules’
/opt/metasploit/apps/pro/msf3/plugins/wmap.rb:504:in `block in cmd_wmap_run’
/opt/metasploit/apps/pro/msf3/plugins/wmap.rb:463:in `each’
/opt/metasploit/apps/pro/msf3/plugins/wmap.rb:463:in `each_with_index’
/opt/metasploit/apps/pro/msf3/plugins/wmap.rb:463:in `cmd_wmap_run’
/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command’
/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single’
/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `each’
/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single’
/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/shell.rb:200:in `run’
/opt/metasploit/apps/pro/msf3/lib/metasploit/framework/command/console.rb:30:in `start’
/opt/metasploit/apps/pro/msf3/lib/metasploit/framework/command/base.rb:82:in `start’
/opt/metasploit/apps/pro/msf3/msfconsole:48:in `’
ㅋㅋ 형이 도와줄게 frist root > msfconsole -L -> reboot -> msf>reload_all -> msf>db_rebuild_cahe -> end good luck
I face the same question ,What should I do?
Error while running command wmap: uninitialized constant msf::Modules::Mod617578696c696172792f70726f2f617070732f73696e676c655f70617373776f72642f636f6d6d616
e646572::Metasploit3::BruteforceTask
Call stack:
/opt/metasploit/apps/pro/modules/auxiliary/pro/apps/single_password/commander.rb:42:in `initialize’9
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:54:in `new’
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:54:in `create’
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:223:in `block in demand_load_modules’
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:220:in `each_pair’
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:220:in `demand_load_modules’
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:87:in `each_module’
/usr/share/metasploit-framework/plugins/db_autopwn.rb:184:in `block in cmd_db_autopwn’.
/usr/share/metasploit-framework/plugins/db_autopwn.rb:183:in `each’
/usr/share/metasploit-framework/plugins/db_autopwn.rb:183:in `cmd_db_autopwn’
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command’
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single’
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:383:in `each’
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:200:in `run’
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:15:in `start’
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start’
/opt/metasploit/apps/pro/msf3/msfconsole:48:in `’
help!!! what should i do? i can not deal the problem
wmap_run -t
[*] Testing target:
[*] Site: 202.112.50.74 (202.112.50.74)
[*] Port: 80 SSL: false
============================================================
[*] Testing started. 2015-04-24 04:51:27 -0400
[*] Loading wmap modules…
[-] Error while running command wmap_run: uninitialized constant Msf::Modules::Mod617578696c696172792f70726f2f617070732f73696e676c655f70617373776f72642f636f6d6d616e646572::Metasploit3::BruteforceTask
Call stack:
/opt/metasploit/apps/pro/modules/auxiliary/pro/apps/single_password/commander.rb:41:in `initialize’
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:54:in `new’
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:54:in `create’
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:223:in `block in demand_load_modules’
something I can’t wrap my head around: how to do vulnerability scanning using Metasploit web console? Is it not possible?