Using Metasploit WMAP

简介: Open the Metasploit Framework Console (msfconsole):$ msfconsole o ...

Open the Metasploit Framework Console (msfconsole):

$ msfconsole
                 o                       8         o   o
                 8                       8             8
ooYoYo. .oPYo.  o8P .oPYo. .oPYo. .oPYo. 8 .oPYo. o8  o8P
8' 8  8 8oooo8   8  .oooo8 Yb..   8    8 8 8    8  8   8
8  8  8 8.       8  8    8   'Yb. 8    8 8 8    8  8   8
8  8  8 `Yooo'   8  `YooP8 `YooP' 8YooP' 8 `YooP'  8   8
..:..:..:.....:::..::.....::.....:8.....:..:.....::..::..:
::::::::::::::::::::::::::::::::::8:::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

       =[ metasploit v3.3.3-dev [core:3.3 api:1.0]
+ -- --=[ 469 exploits - 219 auxiliary
+ -- --=[ 192 payloads - 22 encoders - 8 nops
       =[ svn r7844 updated today (2009.12.13)

Create a database

msf> db_create wmap_test
[*] Creating a new database instance...
[*] Successfully connected to the database
[*] File: wmap_test

Load the WMAP plugin

msf > load db_wmap 
[*] =[ WMAP v0.6 - et [  ] metasploit.com
[*] Successfully loaded plugin: db_wmap

Add and select a target

msf > wmap_targets -a http://www.example.com/
[*] Added target www.example.com 80 0
[*] Added request www.example.com

msf > wmap_targets  -p
[*]    Id. Host                                 Port    SSL
[*]    1. www.example.com                       80      

msf > wmap_targets  -s 1

msf > wmap_targets  -p
[*]    Id. Host                                 Port    SSL
[*] => 1. www.example.com                       80      

Running WMAP modules

Now that a target has been selected, we can obtain a list of what WMAP modules are available using the wmap_run -t command:

msf > wmap_run -t
[*] Loaded auxiliary/admin/http/tomcat_administration ...
[*] Loaded auxiliary/admin/http/tomcat_manager ...
[*] Loaded auxiliary/scanner/http/frontpage_login ...
[*] Loaded auxiliary/scanner/http/options ...
[*] Loaded auxiliary/scanner/http/version ...
[*] Loaded auxiliary/scanner/http/wmap_cert ...
[*] Loaded auxiliary/scanner/http/wmap_robots_txt ...
[*] Loaded auxiliary/scanner/http/wmap_soap_xml ...
[*] Loaded auxiliary/scanner/http/wmap_ssl ...
[*] Loaded auxiliary/scanner/http/wmap_svn_scanner ...
[*] Loaded auxiliary/scanner/http/wmap_verb_auth_bypass ...
[*] Loaded auxiliary/scanner/http/wmap_vhost_scanner ...
[*] Loaded auxiliary/scanner/http/wmap_webdav_internal_ip ...
[*] Loaded auxiliary/scanner/http/wmap_webdav_scanner ...
[*] Loaded auxiliary/scanner/http/wmap_webdav_website_content ...
[*] Loaded auxiliary/scanner/http/ms09_020_webdav_unicode_bypass ...
[*] Loaded auxiliary/scanner/http/wmap_backup_file ...
[*] Loaded auxiliary/scanner/http/wmap_brute_dirs ...
[*] Loaded auxiliary/scanner/http/wmap_copy_of_file ...
[*] Loaded auxiliary/scanner/http/wmap_dir_listing ...
[*] Loaded auxiliary/scanner/http/wmap_dir_scanner ...
[*] Loaded auxiliary/scanner/http/wmap_dir_webdav_unicode_bypass ...
[*] Loaded auxiliary/scanner/http/wmap_file_same_name_dir ...
[*] Loaded auxiliary/scanner/http/wmap_files_dir ...
[*] Loaded auxiliary/scanner/http/wmap_prev_dir_same_name_file ...
[*] Loaded auxiliary/scanner/http/wmap_replace_ext ...
[*] Loaded auxiliary/scanner/http/writable ...
[*] Loaded auxiliary/scanner/http/wmap_blind_sql_query ...
[*] Loaded auxiliary/scanner/http/wmap_error_sql_injection ...

To actually run the modules, we execute wmap_run with the -e parameter:

msf > wmap_run -e

Reporting

Currently, the results of the WMAP scan are stored in the database. The database can be used to build custom reporting tools, or queried directly from the console:

msf > db_notes
msf > db_vulns

Configuration

If a test module requires a specific parameter to be set or you want to modify the value of a predefined variable, this can be done with the 'setg' command. Example:

msf > setg VHOST www.targetco.com
msf > setg DOMAIN targetco.com
msf > setg EXT .asp
msf > setg WMAP_EXCLUDE_FILE <regex_to_exclude_testing_files>

If you would like to limit the WMAP test to a specific set of modules, you can use a profile file. Profiles can be specified via additional arguments to the wmap_run command.

msf > wmap_run -e path/to/profile/file

The profile file contains the list of modules to execute. See data/wmap/wmap_sample.profile for a sample.

 

URL:http://www.metasploit.com/redmine/projects/framework/wiki/WMAP

 

 

目录
相关文章
|
5月前
|
安全 Shell
Metasploit系列(二) -- 漏洞利用
Metasploit系列(二) -- 漏洞利用
58 0
|
2天前
|
安全 网络安全 Windows
Kali渗透测试:Metasploit 6.0 中的Evasion模块 原创
Kali渗透测试:Metasploit 6.0 中的Evasion模块 原创
24 0
|
5月前
|
安全 Unix 网络安全
Metasploit
Metasploit
94 10
|
安全 测试技术 网络安全
如何使用Metasploit进行漏洞利用?
如何使用Metasploit进行漏洞利用?
180 0
|
安全 Linux 测试技术
肥肠恐布--探索Kali Linux中的Metasploit Framework(MSF听说肾透大佬经常用)
Metasploit Framework(MSF)是一款功能强大的漏洞利用工具,广泛用于网络渗透测试和安全评估。在Kali Linux中,Metasploit是一个集成的框架,为安全研究人员提供了一套丰富的工具和资源,以便于发现和利用系统中的漏洞。本篇博客将带您了解Metasploit的基本原理和使用方法。
260 0
|
安全 Ubuntu 关系型数据库
Metasploit -- 攻击Metasploitable2靶机
Metasploit -- 攻击Metasploitable2靶机
494 0
Metasploit -- 攻击Metasploitable2靶机
|
开发框架 安全 Java
19 MSF框架之linux攻击
Thinkphp 5.0.20漏洞利用
19 MSF框架之linux攻击
|
安全 网络协议 Linux
基于Metasploit完成Samba服务漏洞复现
基于Metasploit完成Samba服务漏洞复现
基于Metasploit完成Samba服务漏洞复现
|
SQL 网络协议 关系型数据库