Upgrade, fix errors in wmap documentation
git-svn-id: file:///home/svn/framework3/trunk@5708 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
67a25b6ce8
commit
2dcffdc3ed
|
@ -8,7 +8,7 @@
|
|||
WMAP is a general purpose web application scanning framework for
|
||||
Metasploit 3. The architechture is simple and its simplicity is what makes
|
||||
it powerfull. It's a different approach compared to other open source
|
||||
alternatives and commercial scanners as WMAP is not build around any browser
|
||||
alternatives and commercial scanners, as WMAP is not build around any browser
|
||||
or spider for data capture and manipulation.
|
||||
|
||||
|
||||
|
@ -28,7 +28,8 @@ stored in the WMAP database. (See figure.)
|
|||
WMAP is a Metasploit plugin and will interact with the database, reading all
|
||||
gathered traffic, processing it and launching the different tests
|
||||
implemented as modules. As WMAP Modules are MSF Modules they can be easily
|
||||
implemented, be run manually from the command line or automatically via WMAP.
|
||||
implemented, and can be run manually from the command line or automatically
|
||||
via WMAP.
|
||||
|
||||
As you may see this simple architecture allows you to have different
|
||||
distributed clients and even different proxies all storing data to the
|
||||
|
@ -43,12 +44,13 @@ The test modules implemented at this time are basic and will improve over
|
|||
time not only in quality and quantity, so you are more than welcome to
|
||||
submit new modules.
|
||||
|
||||
Each module has a WMAP type, this determine when the module is lunched and
|
||||
Each module has a WMAP type, this determine when the module is launched and
|
||||
to a certain degree, the minimum type of information it requires to be
|
||||
executed. The best way to develop a new test for WMAP, use already
|
||||
implemented modules and develop a normal MSF module that can be run
|
||||
manually from the command line. To enable a module to be run automatically
|
||||
via WMAP is just include the mixin that determine the type of the module.
|
||||
executed. The best way to develop a new test for WMAP, is to use already
|
||||
implemented modules as a base and then develop a normal MSF module that can
|
||||
be run manually from the command line. To enable a module to be run
|
||||
automatically via WMAP just include the mixin that determine the type
|
||||
of the module.
|
||||
|
||||
Example:
|
||||
|
||||
|
@ -60,6 +62,8 @@ listed in the order WMAP runs them:
|
|||
WMAPScanServer - Run once against the target Web Server
|
||||
WMAPScanDir - Runs for every directory found in the target
|
||||
WMAPScanFile - Runs for every file found in the target
|
||||
WMAPScanUniqueQuery - Runs for every unique query found in each request to the
|
||||
target
|
||||
WMAPScanQuery - Runs for every query found in each request to the target
|
||||
WMAPScanBody - Runs for every Body found in each request to the target
|
||||
WMAPScanHeaders - Runs for every Header found in each request to the target
|
||||
|
|
Loading…
Reference in New Issue