github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-16 01:21:15 +02:00
Code Releases Activity

Upgrade, fix errors in wmap documentation

Browse Source 
git-svn-id: file:///home/svn/framework3/trunk@5708 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
et 2008-10-02 02:36:01 +00:00
parent 67a25b6ce8
commit 2dcffdc3ed
1 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
documentation/wmap.txt
View File

@ -8,7 +8,7 @@
WMAP is a general purpose web application scanning framework for
Metasploit 3. The architechture is simple and its simplicity is what makes
it powerfull. It's a different approach compared to other open source
alternatives and commercial scanners as WMAP is not build around any browser
alternatives and commercial scanners, as WMAP is not build around any browser
or spider for data capture and manipulation.
@ -28,7 +28,8 @@ stored in the WMAP database. (See figure.)
WMAP is a Metasploit plugin and will interact with the database, reading all
gathered traffic, processing it and launching the different tests
implemented as modules. As WMAP Modules are MSF Modules they can be easily
implemented, be run manually from the command line or automatically via WMAP.
implemented, and can be run manually from the command line or automatically
via WMAP.
As you may see this simple architecture allows you to have different
distributed clients and even different proxies all storing data to the
@ -43,12 +44,13 @@ The test modules implemented at this time are basic and will improve over
time not only in quality and quantity, so you are more than welcome to
submit new modules.
Each module has a WMAP type, this determine when the module is lunched and
Each module has a WMAP type, this determine when the module is launched and
to a certain degree, the minimum type of information it requires to be
executed. The best way to develop a new test for WMAP, use already
implemented modules and develop a normal MSF module that can be run
manually from the command line. To enable a module to be run automatically
via WMAP is just include the mixin that determine the type of the module.
executed. The best way to develop a new test for WMAP, is to use already
implemented modules as a base and then develop a normal MSF module that can
be run manually from the command line. To enable a module to be run
automatically via WMAP just include the mixin that determine the type
of the module.
Example:
@ -60,6 +62,8 @@ listed in the order WMAP runs them:
WMAPScanServer - Run once against the target Web Server
WMAPScanDir - Runs for every directory found in the target
WMAPScanFile - Runs for every file found in the target
WMAPScanUniqueQuery - Runs for every unique query found in each request to the
target
WMAPScanQuery - Runs for every query found in each request to the target
WMAPScanBody - Runs for every Body found in each request to the target
WMAPScanHeaders - Runs for every Header found in each request to the target