In penetration testing and bug bounty fields, scanning a website for vulnerabilities is the most crucial part. In our previous articles we had talk about some website or web application scanner like SkipFish and Wapiti, but in our this article we are going to talk about scan website using Metasploit Framework.
Metasploit is very famous for searching and using exploits, but now we can scan for vulnerabilities using Metasploit. To do this we are going to use a plugin called WMAP.
WMAP is a feature-rich web-application scanner that integrated with metasploit and allow us web application scanning. We are going to use it on our Kali Linux system.
Setting Up Metasploit Database
At first we need to setup Metasploit database. WMAP requires database support to run. So we need to set up database. We initialize Metasploit database using following command:
The above command will create a default database and user for Metasploit to interact with. The screenshot of the command is following:
Metasploit uses PostgreSQL database system, this database system is very useful to keep track of large amount data during penetration testing. So we start PostgreSQL by applying following command:
Database setup for Metasploit is complete now.Running WMAP
Before opening WMAP module we need to start metasploit framework by using following command:;
The above command will start Metasploit framework as we can see in the following screenshot;
After opening Metasploit framework console we can check if it is connected with database or not by applying db_status command:
In the following screenshot we can see that our database is connected with Metasploit.
Now we can load WMAP plugin by using following command:
Then the plugin will load as we can see in the following screenshot:
Now we can check WMAP help by using help or ? command:
In the following screenshot we can see WMAP's help menu:
Scanning Website using WMAP Metasploit Module
After checking the help options we can add sites on WMAP plugin. We use wmap_sites here. To check wmap_sites help we can simply use following command:
This will show us the help of wmap_sites, as we can see in the following screenshot:
To add a site we need to use -a flag following by the website URL.
Here for an example we are going to test our localhost web server for just an example. So the command will be following:
In the following screenshot we can see that the site is created.
We can see the listed website on our WMAP by using following command:We can see our added websites list here in the following screenshot:
Next, we need to set the specific target. Here we need to set the specify any part of website or the whole website (main URL). To set the target we need to use -t flag following wmap_targets, an example command to scan a specific part of a website is following:We an add more than one targets here by separating them with a comma (,). We can see the listed targeted website by using following command:
In the following screenshot we can see our pointed part of web application for scanning.
Now we can start the scan. Before scanning we check the help of scanning by using following command:We can see the options of this command in the following screenshot:
We can see the -t flag will show us all enabled modules in the scan.
The modules list shows in the following screenshot:
If we want to check more information of any module we can use info path/of/module command (optional).Finally, to run the scan we can use -e flag.
This command will start all the loaded modules against the target, as we can see in the following screenshot:
After completing the scan we can check the result of the scan by using following command:
The above command will show us the result of the scan, as we can see it on the following screenshot:
We can see in the above screenshot that we got some potentially interesting things about the target. We can now use these results to gather further information on the reported vulnerabilities. As penetration testers, we would want to investigate each finding further and identify if there are potential methods for attacks.
Here one thing we need to clear that our target was intentionally vulnerable, in the real world scenario things might be different.
WMAP might not provide us so much detailed results like other vulnerability scanners. But the fact is this comes with the Metasploit Framework and we can easily use it without installing. That makes it very useful website or web-application scanner.
Love our articles 💖 ? Make sure to subscribe our e-mail notification for free, then our new articles directly reached in inbox. We also have a Telegram Group to discuss things related Kali Linux and cyber security. To get our article and other updates follow our Twitter and GitHub.
For anything comment down in the comment section. We read each comment and we always reply.
This tutorial is for educational purpose only. Hacking website or web applications that we don't own is a serious crime. If anyone do any illegal activity then we are not responsible for that. We should take legal permission to attack before starting penetration testing..