Metasploit for website pentest

Post author:jonathansblog
Post published:February 13, 2019
Post category:jonathansblog / Kali Linux / Metasploit / Pentest
Post comments:1 Comment

Metasploit for website pentest using wmap. This is a short tutorial on using the wmap module inside metasploit. Wmap is a web application scanner that runs within metasploit. We can use wmap to get an outline of the application we are probing.

If you enjoy this tutorial, please check out my metasploit tutorials below

Metasploit tutorial for beginners Metasploit for website pentest Using metasploit to scan for vulnerabilities Metasploitable with Vagrant Importing Nessus results into MetaSploit OpenVAS with MetaSploit

Start dvwa inside vagrant

In this tutorial I’ll be using the excellent dvwa in vagrant as my lab-based target as not to harm any real machines (and also because it can be started when I need it and stopped when I don’t – meaning that I don’t run a vulnerable system on my network if I don’t need to)

Pages: 1 2 3 4 5 6 7 8 9 10 11 12

Tags: Address, App, Book, Command, Connect, Default, Directory, Display, Error, File, Image, Index, Launch, Link, List, Local, metasploit, Mini, Multi, Multiple, Php, Scan, Screen, Server, Terminal, Text, Time, Tools, Tutorial, Url, Virtual, Vulnerability, Web, Website, Work

This Post Has One Comment

Will Meek September 10, 2019 Log in to Reply

Great writeup Jonathan!

Only caveat I found was that the url needed to be an IP, even though sites are resolved to IPs.

And File/Dir testing at the ‘404’ stage takes forever! :)

Start dvwa inside vagrant

You Might Also Like

MSc Thesis

Testing an API for hackers

Website crawler software kali linux

This Post Has One Comment

Leave a ReplyCancel reply