Metasploit for website pentest

Metasploit for website pentest using wmap. This is a short tutorial on using the wmap module inside metasploit. Wmap is a web application scanner that runs within metasploit. We can use wmap to get an outline of the application we are probing.

If you enjoy this tutorial, please check out my metasploit tutorials below

Start dvwa inside vagrant

In this tutorial I’ll be using the excellent dvwa in vagrant as my lab-based target as not to harm any real machines (and also because it can be started when I need it and stopped when I don’t – meaning that I don’t run a vulnerable system on my network if I don’t need to)

This Post Has One Comment

  1. Will Meek

    Great writeup Jonathan!

    Only caveat I found was that the url needed to be an IP, even though sites are resolved to IPs.

    And File/Dir testing at the ‘404’ stage takes forever! :)

Leave a Reply