Been taking a look at another one of the newer Metasploit features tonight. WMAP is looking to integrate web application scanning functionality into Metasploit. There's a couple of good overviews Here, Here and Here
Getting it up and running is a little bit finicky at the moment, as you need to used a patched copy of ratproxy to collect the base URLs for the scanner (quick note is that my fairly new Ubuntu Intrepid install was missing libssl-dev which is a pre-requisite for compiling ratproxy so worth checking for if you get make errors when setting it up).
Once you've gathered URLs and fed them in to the database getting the scanner to start running is straightforward (examples in the links at the top so I won't go into it). From an initial look, some of the plugins seem to do some directory/file brute-forcing which can take ages to run, but if it's going on too long you can use CTRL-C to interrupt just that plug-in and Metasploit will catch the interrupt gracefully and move on to the next directory or plugin...
Leave a comment