Vulnerability Scanning

Malware/ Security Check

VirusTotalVirusTotal
LogoURL and website scanner - urlscan.iourlscan.io
LogoBrowserleaks - Check your browser for privacy leaksBrowserLeaks

NIKTO

Nuclei

WMAP Metasploit extension

The WMAP extension is typically used to automate the process of performing web server enumeration and also automates the process of identifying misconfigurations and vulnerabilities on a web server.

msfconsole

To begin with, we will need to load the WMAP extension, this can be done by running the following command:

Command:

load wmap

We can now add the WMAP site by running the following command:

Command:

wmap_sites -a 192.157.89.3

We will also need to add the target IP address as a target site, this can be done by running the following command:

Command:

wmap_targets -t http://192.157.89.3

As shown in the following screenshot, you can view the available sites by running the following command:

Command:

wmap_sites -l

You can also view the list of defined targets, this can be done by running the following command:

Command:

wmap_targets -l

We can begin performing the web app vulnerability scan by running the following command:

Command:

wmap_run -t

As shown in the following screenshots, this will begin testing the target and will display a list of available modules that can be run against the target web server.

Now that we have been able to identify what modules can be run against the target web server, we can perform a web app vulnerability scan on the target by running the following command:

Command:

wmap_run -e

As shown in the following screenshot, this will run all enabled modules against the target web server and will display the results of the modules.

Take a few minutes to analyze the results produced by WMAP to identify misconfigurations and vulnerabilities on the web server that can be exploited.

PreviousSubdomains EnumerationNextAuthentication Flaws

Last updated