Upgrade, fix errors in wmap documentation
git-svn-id: file:///home/svn/framework3/trunk@5708 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
67a25b6ce8
commit
2dcffdc3ed
|
@ -8,7 +8,7 @@
|
||||||
WMAP is a general purpose web application scanning framework for
|
WMAP is a general purpose web application scanning framework for
|
||||||
Metasploit 3. The architechture is simple and its simplicity is what makes
|
Metasploit 3. The architechture is simple and its simplicity is what makes
|
||||||
it powerfull. It's a different approach compared to other open source
|
it powerfull. It's a different approach compared to other open source
|
||||||
alternatives and commercial scanners as WMAP is not build around any browser
|
alternatives and commercial scanners, as WMAP is not build around any browser
|
||||||
or spider for data capture and manipulation.
|
or spider for data capture and manipulation.
|
||||||
|
|
||||||
|
|
||||||
|
@ -28,7 +28,8 @@ stored in the WMAP database. (See figure.)
|
||||||
WMAP is a Metasploit plugin and will interact with the database, reading all
|
WMAP is a Metasploit plugin and will interact with the database, reading all
|
||||||
gathered traffic, processing it and launching the different tests
|
gathered traffic, processing it and launching the different tests
|
||||||
implemented as modules. As WMAP Modules are MSF Modules they can be easily
|
implemented as modules. As WMAP Modules are MSF Modules they can be easily
|
||||||
implemented, be run manually from the command line or automatically via WMAP.
|
implemented, and can be run manually from the command line or automatically
|
||||||
|
via WMAP.
|
||||||
|
|
||||||
As you may see this simple architecture allows you to have different
|
As you may see this simple architecture allows you to have different
|
||||||
distributed clients and even different proxies all storing data to the
|
distributed clients and even different proxies all storing data to the
|
||||||
|
@ -43,12 +44,13 @@ The test modules implemented at this time are basic and will improve over
|
||||||
time not only in quality and quantity, so you are more than welcome to
|
time not only in quality and quantity, so you are more than welcome to
|
||||||
submit new modules.
|
submit new modules.
|
||||||
|
|
||||||
Each module has a WMAP type, this determine when the module is lunched and
|
Each module has a WMAP type, this determine when the module is launched and
|
||||||
to a certain degree, the minimum type of information it requires to be
|
to a certain degree, the minimum type of information it requires to be
|
||||||
executed. The best way to develop a new test for WMAP, use already
|
executed. The best way to develop a new test for WMAP, is to use already
|
||||||
implemented modules and develop a normal MSF module that can be run
|
implemented modules as a base and then develop a normal MSF module that can
|
||||||
manually from the command line. To enable a module to be run automatically
|
be run manually from the command line. To enable a module to be run
|
||||||
via WMAP is just include the mixin that determine the type of the module.
|
automatically via WMAP just include the mixin that determine the type
|
||||||
|
of the module.
|
||||||
|
|
||||||
Example:
|
Example:
|
||||||
|
|
||||||
|
@ -57,12 +59,14 @@ via WMAP is just include the mixin that determine the type of the module.
|
||||||
The following are the types of modules implemented at this time and they are
|
The following are the types of modules implemented at this time and they are
|
||||||
listed in the order WMAP runs them:
|
listed in the order WMAP runs them:
|
||||||
|
|
||||||
WMAPScanServer - Run once against the target Web Server
|
WMAPScanServer - Run once against the target Web Server
|
||||||
WMAPScanDir - Runs for every directory found in the target
|
WMAPScanDir - Runs for every directory found in the target
|
||||||
WMAPScanFile - Runs for every file found in the target
|
WMAPScanFile - Runs for every file found in the target
|
||||||
WMAPScanQuery - Runs for every query found in each request to the target
|
WMAPScanUniqueQuery - Runs for every unique query found in each request to the
|
||||||
WMAPScanBody - Runs for every Body found in each request to the target
|
target
|
||||||
WMAPScanHeaders - Runs for every Header found in each request to the target
|
WMAPScanQuery - Runs for every query found in each request to the target
|
||||||
|
WMAPScanBody - Runs for every Body found in each request to the target
|
||||||
|
WMAPScanHeaders - Runs for every Header found in each request to the target
|
||||||
|
|
||||||
=[ Simple example.
|
=[ Simple example.
|
||||||
|
|
||||||
|
@ -75,12 +79,12 @@ The following are the basic steps for testing a web server/app using WMAP:
|
||||||
and at this time WMAP integrates very well with lcamtuf's ratproxy
|
and at this time WMAP integrates very well with lcamtuf's ratproxy
|
||||||
(via a patch located in the /external/ratproxy directory).
|
(via a patch located in the /external/ratproxy directory).
|
||||||
|
|
||||||
ratproxy (ratproxy_wmap.diff applied) basic example:
|
ratproxy (ratproxy_wmap.diff applied) basic example:
|
||||||
|
|
||||||
$ ./ratproxy -v metasploit3/data/wmap/ -b wmap_sqlite3.db
|
$ ./ratproxy -v metasploit3/data/wmap/ -b wmap_sqlite3.db
|
||||||
ratproxy version 1.51-beta by <lcamtuf@google.com>
|
ratproxy version 1.51-beta by <lcamtuf@google.com>
|
||||||
[*] Proxy configured successfully. Have fun, and please do not be evil.
|
[*] Proxy configured successfully. Have fun, and please do not be evil.
|
||||||
[+] Accepting connections on port 8080/tcp (local only)...
|
[+] Accepting connections on port 8080/tcp (local only)...
|
||||||
|
|
||||||
NOTE: If you want to use a different database than 'wmap_sqlite3.db'
|
NOTE: If you want to use a different database than 'wmap_sqlite3.db'
|
||||||
stored in /data/wmap/ or destroy it. You have to load the WMAP plugin
|
stored in /data/wmap/ or destroy it. You have to load the WMAP plugin
|
||||||
|
|
Loading…
Reference in New Issue