Skip to content

AMRAP Security

WMAP

AMRAP Security

Home
📱 Mobile Security
📱 Mobile Security
- Android
  Android
  - Frida Scripts
    Frida Scripts
    
    Overview
    
    Cryptography
    Cryptography
    
    Cryptography
    
    Random
    
    Data Storage
    Data Storage
    
    Log
    
    Print Stream
    
    Shared Preferences
    
    SQLite Database
    
    TextView
    
    Network
    Network
    
    HTTP Connection
    
    Read/Write Data
    
    SSL Pinning
    
    Platform Interaction
    Platform Interaction
    
    Permissions
  - Uncrackable L1
🕸️ Web Applications Security
🕸️ Web Applications Security
- Introduction
- Client Side Attacks
  Client Side Attacks
- Content Management Systems (CMS)
  Content Management Systems (CMS)
  - Introduction
  - WordPress
- Injection Attacks
  Injection Attacks
  - SQL Injection
- Tools
🌐 Network Security
🌐 Network Security
- Network Fundamentals
- Services And Protocols
  Services And Protocols
  - FTP
  - HTTP
  - MySQL
  - PostgreSQL
  - RDP
  - Rejetto HFS
  - SMB
  - SMTP
  - SNMP
  - SSH
  - WebDAV
  - WinRM
- Active Directory
- Information Gathering
  Information Gathering
- Exploitation
  Exploitation
  - Introduction
  - Remote Shells
  - Linux
    Linux
    
    Haraka
    
    libssh
    
    PHP CGI
    
    Samba
    
    Shellshock
    
    Tomcat
    
    vsftpd
- Windows
  Windows
- Post Exploitation
  Post Exploitation
  - Pivoting
  - Linux
    Linux
    
    Enumeration
    
    Privilege Escalation
    
    Persistence
    
    Hash Dumping
    
    Clearing Tracks
  - Windows
    Windows
    
    Overview
    
    Enumeration
    
    Privilege Escalation
    
    Persistence
    
    Hash Dumping
    
    Clearing Tracks
- Tools
  Tools
  - CrackMapExec
  - Empire
  - Metasploit
  - Mimikatz
  - Msfvenom
  - Nessus
  - Netcat
  - Nmap
  - Searchsploit
  - Socat
  - WMAP
⚡ Cheatsheets
⚡ Cheatsheets
- Network Security
- Web App Security

WMAP

WMAP is a web application vulnerability scanner that can be used to automate web server enumeration and scan web applications for vulnerabilities.

It is available as an MSF plugin and can be loaded directly into MSF.

service postgresql start

msfconsole -q

workspace -a WORKSPACE_NAME

setg RHOSTS TARGET_IP

# Load WMAP
load wmap

# Add site
wmap_sites -a TARGET_IP

# Define target IP
wmap_targets -t http://TARGET_IP/

# List sites
wmap_sites -l

# List targets
wmap_targets -l

# Check for the auxiliary modules that would make sense in the target system
wmap_run -t

# Run wmap
wmap_run -e

# List detected vulnerabilities
wmap_vulns -l