From 21c6da5e120a65d06c3d7a1ad741ad2da42d7d69 Mon Sep 17 00:00:00 2001
From: Efrain Torres <etlownoise@gmail.com>
Date: Mon, 20 Feb 2012 22:59:26 -0600
Subject: [PATCH] Added wmap_vuln to see web_vulns table results. Basic
 reporting at this time.

---
 plugins/wmap.rb | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/plugins/wmap.rb b/plugins/wmap.rb
index a8949804ad..8c62d485ff 100644
--- a/plugins/wmap.rb
+++ b/plugins/wmap.rb
@@ -41,9 +41,33 @@ class Plugin::Wmap < Msf::Plugin
 				"wmap_nodes" => "Manage nodes",
 				"wmap_run"   => "Test targets",
 				"wmap_modules"  => "Manage wmap modules",
+				"wmap_vulns"  => "Display web vulns",
 			}
 		end
 		
+		def cmd_wmap_vulns(*args)
+			args.push("-h") if args.length == 0
+
+			while (arg = args.shift)
+				case arg
+				when '-l'
+					view_vulns
+					return
+				when '-h'
+					print_status("Usage: wmap_vulns [options]")
+					print_line("\t-h 		Display this help text")
+					print_line("\t-l 		Display web vulns table")
+
+					print_line("")
+					return
+				else
+					print_error("Unknown flag.")
+					return
+				end
+			end
+		end
+
+		
 		def cmd_wmap_modules(*args)
 			args.push("-h") if args.length == 0
 
@@ -2171,6 +2195,20 @@ class Plugin::Wmap < Msf::Plugin
 				print_status("#{idx} wmap enabled modules loaded.")
 			end	
 		end
+		
+		def view_vulns
+			framework.db.hosts.each do |host|
+				host.services.each do |serv|	
+					serv.web_sites.each do |site|
+						site.web_vulns.each do |wv|
+							print_status("+ [#{host.address}] (#{site.vhost}): #{wv.category} #{wv.path}")
+							print_status("\t#{wv.name} #{wv.description}")
+							print_status("\t#{wv.method} #{wv.proof}")
+						end
+					end	
+				end
+			end
+		end
 	end
 
 	class WebTarget < ::Hash