Free Web Application Scanner - Metasploit's WMAP

WMAP is a lightweight web application security scanner available in the Metasploit framework which helps in the identification of web vulnerabilities.

Metasploit framework is preinstalled in Kali Linux. You can download Kali Linux virtual machine or virtual box from below link:

https://www.kali.org/downloads/

After completing the setup of Kali, open the terminal and type the below command to initialize the database to create a default database.

#msfdb init

Start PostgreSQLĀ service by using below command

#service postgresql start

Start Metasploit by using below command

#msfconsole

Must check database status whether it is loaded or not

msf > db_status

Now initialize WMAP scanner

msf > load wmap

Listing help options

msf > help

Add a website into WMAP to start web application security scanning

msf > wmap_sites http://192.168.198.130/

msf > wmap_sites -l

Add a target to wmap

msf > wmap_targets -t http://192.168.198.130

msf > wmap_targets -l

Now, run a vulnerability scan against the target and you will get an outputĀ similar to a below terminal snap

msf > wmap_run -t

You can launch a scanner by using below command

msf > wmap_run -e

List out identified vulnerabilities by using below command:

msf > wmap_vulns -l

Conclusion

Definitely, WMAP is a good vulnerability scanner to identify less severe issues in an application. However, this tool does not replace your primary scanner and manual effort to identify high severity security issues.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published.