Aerosol Posted December 15, 2014 Report Posted December 15, 2014 WMAP is a framework to run scanning against Web applications, designed to be used as a plugin of MetaSploit Framework, has a simple, but extremely powerful architecture in comparison with other alternatives open source or commercial currently on the market, the simplicity of this plugin is that depends not on any search engine or web browser to capture data and manipulate them.The libraries that must be installed before proceeding with the execution of the plugin on a Debian/Ubuntu system are:sudo apt-get install libxml-rubysudo apt-get install libxml2-devsudo apt-get install libxslt-devsudo apt-get install libnokogiri-rubygem install libxslt-rubygem install msgpackPostgreSQLThe first thing we will do is create a new database to store the results of analicis.stuxnet@stuxnet:~$ sudo su postgres[sudo] password for stuxnet:postgres@stuxnet:/home/stuxnet$ createuser metasploit -PEnter password for new role:Enter it again:Shall the new role be a superuser? (y/n) ypostgres@stuxnet:/home/stuxnet$ createdb --owner=metasploit metasploit Then in a terminal, type the following:sudo /etc/init.d/./postgresql start After having created the database we will open the metasploit console and typemsf > db_connect metasploit:metasploit@127.0.0.1:5432/metasploit Where:User: metasploit (Replace with your user )Passwd: metasploit (Replace with your password) After having created the database we will charge WMAP.msf > load wmapWe then proceed to covertirlo to targetmsf > wmap_sites -s 0 1 msf > wmap_targets -t www.twitter.com,199.59.148.10msf > set DOMIAN www.twitter.commsf > wmap_targets -l We then proceed to launch modules of exploitation that will be charged.msf > msf > wmap_run -t Once loaded the modules we proceed to throw them at the target site to make the test of security.msf > wmap_run -e Completion of all the exploration we will check if there is any vulnerability.msf > hosts -c address,svcs,vulns Credit's to : JB Quote
