Part 3 - WMAP
Video Activity
In this video, we examine the WMAP Metasploitable scanner. This scanner is used to scan a target for vulnerable web applications. Many web apps run on port 80 such as web servers, phpMyAdmin, etc. Once such apps are discovered, then the next step is to scan them for vulnerabilities.
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
In this video, we examine the WMAP Metasploitable scanner. This scanner is used to scan a target for vulnerable web applications. Many web apps run on port 80 such as web servers, phpMyAdmin, etc. Once such apps are discovered, then the next step is to scan them for vulnerabilities.
Video Transcription
00:04
>> We know that our Metasploitable scan
00:04
produced a list of services.
00:04
We see that we've got port 80 listening here for HTTP.
00:04
We also had a couple of other things
00:04
>> that were discovered during a scan,
00:04
>> but port 80 is good enough to start with.
00:04
What we can try to do is go to our IP address.
00:04
We see that we've got a web server running.
00:04
Also included as part of the benefit of Metasploitable
00:04
>> are these five vulnerable web applications.
00:04
>> Each of these could be explored separately.
00:04
TWiki, there are some known vulnerabilities
00:04
>> with this particular web app.
00:04
>> There's phpMyAdmin;
00:04
>> again, a known vulnerable application
00:04
>> which is being hosted on Metasploitable.
00:04
Mutillidae; another vulnerable app.
00:04
This one actually contains
00:04
the top 10 vulnerabilities from OWASP.
00:04
So if you go to your OWASP top 10 menu,
00:04
you can explore all of these different vulnerabilities
00:04
like broken authentication, cross-site request forgery,
00:04
>> misconfiguration, and so on.
00:04
>> You can turn on hints and do some other things
00:04
>> to make your life a little bit easier
00:04
>> trying to discover the flaws with these applications.
00:04
>> We'll probably have a look at that later.
00:04
There's the Damn Vulnerable Web Application.
00:04
Notice, we get a little bit
00:04
>> of path name information here.
00:04
>> We also have web dev for our folder sharing.
00:04
But what we want to do now is
00:04
use some web applications scanning tools
00:04
>> to see if we can discover any vulnerabilities
00:04
>> on any of these five applications.
00:04
>> I'm going to use a tool called WMAP.
00:04
WMAP is a module that we can load directly,
00:04
but there's some other web crawlers
00:04
and other tools which can go investigate a site,
00:04
get you all the files and
00:04
folders information, all the directories,
00:04
and let you see in more detail
00:04
>> how that website is actually structured
00:04
>> and what its contents might be,
00:04
some hints at the contents anyway.
00:04
From within here,
00:04
I can run my help command.
00:04
I've got several WMAP commands.
00:04
I can manage my WMAP modules.
00:04
I can run tests against targets that I define.
00:04
I can create sites and targets
00:04
>> and then hopefully display some vulnerabilities.
00:04
>> We'll start off with the sites command.
00:04
I can add a site, virtual host, or URL.
00:04
I can delete them. I can list the available ones.
00:04
What I'm going to do is just do an add
00:04
>> and I'm going to specify
00:04
>> just the root folder of that system,
00:04
>> the Metasploitable system.
00:04
>> Now if I do a dash L,
00:04
I should be able to see that my site has been added.
00:04
Now I have to think about a target.
00:04
The target, as I was saying,
00:04
could be a folder, like /phpinfo/index.php.
00:04
But what I think I'd rather do is
00:04
>> use the entire root folder of the website
00:04
>> to see if I can get into all the different areas
00:04
>> and then do a search for vulnerabilities as a group.
00:04
>> I'm going to run the WMAP targets -t,
00:04
because I want to define a target site.
00:04
I'm just going to give it the same IP address.
00:04
If I run the WMAP targets -l,
00:04
I can see that my path is just the root.
00:04
No SSL was specified.
00:04
That's an option you can also do
00:04
but we don't need to do that for this particular demo.
00:04
Now we'll investigate the WMAP run command.
00:04
This will show me all of the enabled modules.
00:04
If I do a -t, which will be our first task.
00:04
Then you notice you can also do searches
00:04
>> by using regular expressions
00:04
>> for module names or for path names.
00:04
>> But we're just going to go find all the modules
00:04
which will be enabled
00:04
>> for a test against these five vulnerable applications
00:04
>> that are being hosted by Metasploitable.
00:04
This might take a moment to run.
00:04
I'm going to go ahead and pause our video.
Up Next
Similar Content
