Finding Web vulnerabilities with Metasploit's Wmap
Wmap is not a vulnerability scanner by itself. It is a Metasploit module that uses all the Web-vulnerability and Web-server related modules in the framework and coordinates their loading and execution against the target server. Its results are not presented as a report but as entries to Metasploit's database.
In this recipe, we will use Wmap to look for vulnerabilities in our vulnerable_vm and check the results using Metasploit console commands.
Getting ready
Before we run the Metasploit console, we need to start the database server that it connects to, to save the results we generate:
service postgresql start
How to do it...
Start a terminal and run the Metasploit console:
msfconsoleOnce it loads, load the Wmap module:
load wmapNow, we add a site to Wmap:
wmap_sites -a http://192.168.56.102/WackoPicko/If we want to see the registered sites:
wmap_sites -lNow, we set that site as a target for scanning:
wmap_targets -d 0If we want to check the...
