00:04
except we're gonna perform a scam with any man.
00:06
A lot of people don't don't know that any map can be used as a vulnerability scanner as well,
00:15
very surprising for a lot of people. But
00:18
you're gonna be more knowledgeable with and map after this.
00:22
So our syntax for this scan will be n map Tak p denotes the port number. So we're gonna run against Port 80
00:31
and then we're gonna call the script
00:33
by typing Tak Tak script
00:37
in the script that we're gonna be using is an http sequel injection script that's shown here.
00:43
Next, we'll put tack, tack, script tak are eggs, and what that does is it lets us customize script even further. And what we're gonna be using to customize the script even further is an https spider,
00:59
uh, script argument,
01:00
which will initiate a spider ring of the page and give us a max page count.
01:08
And we'll give us back all the pages up to 200 pages.
01:14
And then at the end, you'll take the target i p address. So
01:18
let's go check it out.
01:19
So here we are in our Callie environment,
01:26
and, uh, let's execute it and see what we get back,
01:34
all right? It was a fairly quick scan that we get from a map,
01:42
why you need to use multiple tools and I just focus on one toe so and map didn't provide back the exact results that we want it.
01:53
it's not to say that it won't get successful results on another page that we might try. It just means that and map isn't really set up. Thio identify the sequel injection that is present
02:09
in the pen tester lab, so
02:13
you always need Thio to use multiple tools here. You can see here, however, that
02:19
it did identify some possible
02:23
locations of sequel injections,
02:28
and it did also give us back the Mac address, and
02:30
lesson at the host is up
02:34
didn't give us give results back this time. That's not to say that
02:38
it won't give you good results back another time against a different resource