MSF WEB应用扫描器
wmap
msf > load wmap #load wmap模块
msf > help #查看wmap可用命令
wmap Commands
=============
Command Description
------- -----------
wmap_modules Manage wmap modules
wmap_nodes Manage nodes
wmap_run Test targets
wmap_sites Manage sites
wmap_targets Manage targets
wmap_vulns Display web vulns
msf > wmap_sites -h #wmap站点指定帮助
[*] Usage: wmap_sites [options]
-h Display this help text
-a [url] Add site (vhost,url)
-d [ids] Delete sites (separate ids with space)
-l List all available sites
-s [id] Display site structure (vhost,url|ids) (level) (unicode output true/false)
msf > wmap_sites -a http://192.168.56.101 #指定wmap扫描站点
msf > wmap_sites -l #列出站点
msf > wmap_sites -d 0 #删除指定站点
msf > wmap_targets -h #wmap目标指定帮助
[*] Usage: wmap_targets [options]
-h Display this help text
-t [urls] Define target sites (vhost1,url[space]vhost2,url)
-d [ids] Define target sites (id1, id2, id3 ...)
-c Clean target sites list
-l List all target sites
msf > wmap_targets -t http://192.168.56.101/mutillidae/index.php #指定wmap扫描目标
msf > wmap_run -h #wmap运行帮助
[*] Usage: wmap_run [options]
-h Display this help text
-t Show all enabled modules
-m [regex] Launch only modules that name match provided regex.
-p [regex] Only test path defined by regex.
-e [/path/to/profile] Launch profile modules against all matched targets.
(No profile file runs all enabled modules.)
msf > wmap_run -t #查看可调用扫描模块
msf > wmap_run -e #调用可用模块扫描