infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated documentation with db_driver command 

git-svn-id: file:///home/svn/framework3/trunk@6446 4d416f70-5f16-0410-b530-b9f4589650da
unstable
et 2009-03-30 03:39:01 +00:00
parent 1b205ee0ee
commit 4646249e2e
1 changed files with 29 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
documentation/wmap.txt
View File

@ -88,8 +88,8 @@ Reporting key concepts:
+ Every report entry has a parent_id the top parent_id is 0 and only used
to create a report entry (this allows for the storage of multiple reports).
+ The report table is basically a type,name,value database.
+ This schema allows the storage of data/vulnerabilities with any
classification/naming convention. (very useful to store vulnerabilities
+ This schema allows the storage of data/vulnerabilities with any
classification/naming convention. (very useful to store vulnerabilities
discovered in year 2060).
So how it works:
@ -125,19 +125,20 @@ Reporting key concepts:
end
If you are connected to a database (db_connect) then reporting is active
and every module executed will store its results for reporting. Even if
you define a RHOSTS range then the results auto-magically will be organized
per host,port as wmap_base_report_id() returns the last available report
If you are connected to a database (db_connect) then reporting is active
and every module executed will store its results for reporting. Even if
you define a RHOSTS range then the results auto-magically will be organized
per host,port as wmap_base_report_id() returns the last available report
for the specified host,port,ssl target.
Anything can be represented and reported and other modules will have access
Anything can be represented and reported and other modules will have access
to this information to do whatever they want.
To view available reports use the 'wmap_reports' command:
msf > load db_sqlite3
[*] Successfully loaded plugin: db_sqlite3
msf > db_driver
[*] Active Driver: sqlite3
[*] Available: sqlite3, mysql
msf > load db_wmap
[*] =[ WMAP v0.3 - ET LoWNOISE
[*] Successfully loaded plugin: db_wmap
@ -188,7 +189,7 @@ The following are the basic steps for testing a web server/app using WMAP:
3. Browse the target by running your favorite spider/crawler/browser etc.
NOTE: Dont forget to configure the proxy;
4. In Metasploit load the db_<database> plugin;
4. In Metasploit select sqlite3 using the db_driver command;
$ ./msfconsole
@ -204,7 +205,9 @@ The following are the basic steps for testing a web server/app using WMAP:
+ -- --=[ 20 encoders - 6 nops
=[ 74 aux
msf > load db_sqlite3
msf > load db_driver
[*] Active Driver: sqlite3
[*] Available: sqlite3, mysql
msf > load db_wmap
[*] =[ WMAP v0.3 - ET LoWNOISE
[*] Successfully loaded plugin: db_wmap
@ -275,30 +278,30 @@ The following are the basic steps for testing a web server/app using WMAP:
this can be done with the 'setg' command.
Example:
msf > setg VHOST www.targetco.com
VHOST => www.targetco.com
msf > setg VHOST www.targetco.com
VHOST => www.targetco.com
msf > setg DOMAIN targetco.com
DOMAIN => targetco.com
msf > setg EXT .asp
EXT => .asp
msf > setg WMAP_EXCLUDE_FILE <regex_to_exclude_testing_files>
EXT => .asp
msf > setg WMAP_EXCLUDE_FILE <regex_to_exclude_testing_files>
NOTE: By default image files are not included in the tests.
11. Test the target;
msf > wmap_run -e
NOTE: If required profiles can be defined in the following way:
wmap_run -e path/to/profile/file
The profile file contains the list of modules to execute.
See data/wmap/wmap_sample.profile for a sample.
msf > wmap_run -e
NOTE: If required profiles can be defined in the following way:
wmap_run -e path/to/profile/file
The profile file contains the list of modules to execute.
See data/wmap/wmap_sample.profile for a sample.
[*] Launching auxiliary/scanner/http/wmap_vhost_scanner WMAP_SERVER against
www.target.com:80