Metasploit for website pentest

If you dont have dvwa setup inside vagrant [or running on a box on your network, eg through proxmox or opencloud or even bare metal] yet, follow the link above to go to my tutorial, otherwise

cd /path/to/vagrantfile
vagrant up

Start metasploit

Following the start of my metasploit tutorial for beginners, before starting the metasploit console, we will start the database service and set up the metasploit database if not already done:

This Post Has One Comment

  1. Will Meek

    Great writeup Jonathan!

    Only caveat I found was that the url needed to be an IP, even though sites are resolved to IPs.

    And File/Dir testing at the ‘404’ stage takes forever! :)

Leave a Reply