Metasploit for website pentest using wmap. This is a short tutorial on using the wmap module inside metasploit. Wmap is a web application scanner that runs within metasploit. We can use wmap to get an outline of the application we are probing.
If you enjoy this tutorial, please check out my metasploit tutorials below
Metasploit tutorial for beginners
Metasploit for website pentest
Using metasploit to scan for vulnerabilities
Metasploitable with Vagrant
Importing Nessus results into MetaSploit
OpenVAS with MetaSploit
Start dvwa inside vagrant
In this tutorial I’ll be using the excellent dvwa in vagrant as my lab-based target as not to harm any real machines (and also because it can be started when I need it and stopped when I don’t – meaning that I don’t run a vulnerable system on my network if I don’t need to)
Great writeup Jonathan!
Only caveat I found was that the url needed to be an IP, even though sites are resolved to IPs.
And File/Dir testing at the ‘404’ stage takes forever! :)