Upgrade, fix errors in wmap documentation
git-svn-id: file:///home/svn/framework3/trunk@5708 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
67a25b6ce8
commit
2dcffdc3ed
|
@ -8,7 +8,7 @@
|
||||||
WMAP is a general purpose web application scanning framework for
|
WMAP is a general purpose web application scanning framework for
|
||||||
Metasploit 3. The architechture is simple and its simplicity is what makes
|
Metasploit 3. The architechture is simple and its simplicity is what makes
|
||||||
it powerfull. It's a different approach compared to other open source
|
it powerfull. It's a different approach compared to other open source
|
||||||
alternatives and commercial scanners as WMAP is not build around any browser
|
alternatives and commercial scanners, as WMAP is not build around any browser
|
||||||
or spider for data capture and manipulation.
|
or spider for data capture and manipulation.
|
||||||
|
|
||||||
|
|
||||||
|
@ -28,7 +28,8 @@ stored in the WMAP database. (See figure.)
|
||||||
WMAP is a Metasploit plugin and will interact with the database, reading all
|
WMAP is a Metasploit plugin and will interact with the database, reading all
|
||||||
gathered traffic, processing it and launching the different tests
|
gathered traffic, processing it and launching the different tests
|
||||||
implemented as modules. As WMAP Modules are MSF Modules they can be easily
|
implemented as modules. As WMAP Modules are MSF Modules they can be easily
|
||||||
implemented, be run manually from the command line or automatically via WMAP.
|
implemented, and can be run manually from the command line or automatically
|
||||||
|
via WMAP.
|
||||||
|
|
||||||
As you may see this simple architecture allows you to have different
|
As you may see this simple architecture allows you to have different
|
||||||
distributed clients and even different proxies all storing data to the
|
distributed clients and even different proxies all storing data to the
|
||||||
|
@ -43,12 +44,13 @@ The test modules implemented at this time are basic and will improve over
|
||||||
time not only in quality and quantity, so you are more than welcome to
|
time not only in quality and quantity, so you are more than welcome to
|
||||||
submit new modules.
|
submit new modules.
|
||||||
|
|
||||||
Each module has a WMAP type, this determine when the module is lunched and
|
Each module has a WMAP type, this determine when the module is launched and
|
||||||
to a certain degree, the minimum type of information it requires to be
|
to a certain degree, the minimum type of information it requires to be
|
||||||
executed. The best way to develop a new test for WMAP, use already
|
executed. The best way to develop a new test for WMAP, is to use already
|
||||||
implemented modules and develop a normal MSF module that can be run
|
implemented modules as a base and then develop a normal MSF module that can
|
||||||
manually from the command line. To enable a module to be run automatically
|
be run manually from the command line. To enable a module to be run
|
||||||
via WMAP is just include the mixin that determine the type of the module.
|
automatically via WMAP just include the mixin that determine the type
|
||||||
|
of the module.
|
||||||
|
|
||||||
Example:
|
Example:
|
||||||
|
|
||||||
|
@ -60,6 +62,8 @@ listed in the order WMAP runs them:
|
||||||
WMAPScanServer - Run once against the target Web Server
|
WMAPScanServer - Run once against the target Web Server
|
||||||
WMAPScanDir - Runs for every directory found in the target
|
WMAPScanDir - Runs for every directory found in the target
|
||||||
WMAPScanFile - Runs for every file found in the target
|
WMAPScanFile - Runs for every file found in the target
|
||||||
|
WMAPScanUniqueQuery - Runs for every unique query found in each request to the
|
||||||
|
target
|
||||||
WMAPScanQuery - Runs for every query found in each request to the target
|
WMAPScanQuery - Runs for every query found in each request to the target
|
||||||
WMAPScanBody - Runs for every Body found in each request to the target
|
WMAPScanBody - Runs for every Body found in each request to the target
|
||||||
WMAPScanHeaders - Runs for every Header found in each request to the target
|
WMAPScanHeaders - Runs for every Header found in each request to the target
|
||||||
|
|
Loading…
Reference in New Issue