MSF学习笔记（6）

MSF WEB应用扫描器

wmap

msf > load wmap #load wmap模块msf > help  #查看wmap可用命令wmap Commands =============    Command       Description    -------       -----------    wmap_modules  Manage wmap modules    wmap_nodes    Manage nodes    wmap_run      Test targets    wmap_sites    Manage sites    wmap_targets  Manage targets    wmap_vulns    Display web vulnsmsf > wmap_sites -h #wmap站点指定帮助[*] Usage: wmap_sites [options]    -h        Display this help text    -a [url]  Add site (vhost,url)    -d [ids]  Delete sites (separate ids with space)    -l        List all available sites    -s [id]   Display site structure (vhost,url|ids) (level) (unicode output true/false)msf > wmap_sites -a http://192.168.56.101   #指定wmap扫描站点msf > wmap_sites -l #列出站点msf > wmap_sites -d 0   #删除指定站点msf > wmap_targets -h   #wmap目标指定帮助[*] Usage: wmap_targets [options]    -h      Display this help text    -t [urls]   Define target sites (vhost1,url[space]vhost2,url)     -d [ids]    Define target sites (id1, id2, id3 ...)    -c      Clean target sites list    -l          List all target sitesmsf > wmap_targets -t http://192.168.56.101/mutillidae/index.php    #指定wmap扫描目标msf > wmap_run -h   #wmap运行帮助[*] Usage: wmap_run [options]    -h                        Display this help text    -t                        Show all enabled modules    -m [regex]                Launch only modules that name match provided regex.    -p [regex]                Only test path defined by regex.    -e [/path/to/profile]     Launch profile modules against all matched targets.                              (No profile file runs all enabled modules.)msf > wmap_run -t   #查看可调用扫描模块msf > wmap_run -e   #调用可用模块扫描