Pentru acest scanner, vom avea nevoie de sistemul de operare Kali Linux.
Dupa ce am pornit fara problem sistemul de operare, va trebui sa intram in Metasploit framework.
Ca sa pornim metasploit, mai intai trebuie sa ii pornim serviciul care contine baza lui de date.
In terminal, executam comanda : service PostgreSQL start
Dupa ce am pornit serviciul, executam metasploit
1.Dupa ce am intrat in metasploit, trebuie sa incarcam plug-in-ul WMAP prin comanda : load wmap
msf > load wmap msf > load wmap .-.-.-..-.-.-..---..---.
| | | || | | || | || |-'
`-----'`-'-'-'`-^-'`-' [WMAP 1.5.1] === et [ ] metasploit.com 2012 [*] Successfully loaded plugin: wmap
msf help wmap Commands
=============
Command Description
------- -----------
wmap_modules Manage wmap modules
wmap_nodes Manage nodes
wmap_run Test targets
wmap_sites Manage sites
wmap_targets Manage targets
wmap_vulns Display web vulns ...snip...
2.Pentru a porni scanarea, mai intai trebuie sa adaugam in site tinta prin wmap_sites -a (Ip-ul site-ului)
msf > wmap_sites -h [*] Usage: wmap_targets [options]
-h Display this help text
-a Add site (vhost,url)
-l List all available sites
-s [id] Display site structure (vhost,url|ids) (level)
msf > wmap_sites -a http://172.16.194.172 [*] Site created.
msf > wmap_sites -l [*] Available sites
===============
Id Host Vhost Port Proto # Pages # Forms
-- ---- ----- ---- ----- ------- -------
0 172.16.194.172 172.16.194.172 80 http 0 0
3.Apoi, trebuie sa adaugam site-ul ca tinta prin comanda wmap_targets -t [IP]
msf > wmap_targets -h [*] Usage: wmap_targets [options]
-h Display this help text
-t [urls] Define target sites (vhost1,url[space]vhost2,url)
-d [ids] Define target sites (id1, id2, id3 ...)
-c Clean target sites list
-l List all target sites
msf > wmap_targets -t http://172.16.194.172/mutillidae/index.php
4.Acum, vom utiliza wmap_run -t pentru a vedea toate modulele ce vor fi applicate site-ului tinta:
msf > wmap_run -t [*] Testing target: [*] Site: 192.168.1.100 (192.168.1.100) [*] Port: 80 SSL: false [*] ============================================================ [*] Testing started. 2012-01-16 15:46:42 -0500 [*] =[ SSL testing ]= [*] ============================================================ [*] Target is not SSL. SSL modules disabled. [*] =[ Web Server testing ]= [*] ============================================================ [*] Loaded auxiliary/admin/http/contentkeeper_fileaccess ... [*] Loaded auxiliary/admin/http/tomcat_administration ... [*] Loaded auxiliary/admin/http/tomcat_utf8_traversal ... [*] Loaded auxiliary/admin/http/trendmicro_dlp_traversal ... ..snip...
4.Tot ceea ce ne mai ramane acum, este sa rulam scanarea. wmap_run -e
msf > wmap_run -t [*] Testing target: [*] Site: 192.168.1.100 (192.168.1.100) [*] Port: 80 SSL: false [*] ============================================================ [*] Testing started. 2012-01-16 15:46:42 -0500 [*] =[ SSL testing ]= [*] ============================================================ [*] Target is not SSL. SSL modules disabled. [*] =[ Web Server testing ]= [*] ============================================================ [*] Loaded auxiliary/admin/http/contentkeeper_fileaccess ... [*] Loaded auxiliary/admin/http/tomcat_administration ... [*] Loaded auxiliary/admin/http/tomcat_utf8_traversal ... [*] Loaded auxiliary/admin/http/trendmicro_dlp_traversal ... ..snip...
5. Dupa ce s-a terminat scanarea, putem vedea vulnerabilitatile gasite de scanner prin comanda. wmap_vulns -l
6.Daca la pct 5 scanerul a detectat ceva, putem intra din nou in msf si sa rulam comanda vulns, acolo vom primi detail despre vulnerabilitate si in potential mod de atac.