NetworkWeb Application Security

WebMap – Web Dashbord for Nmap XML Report

0

WebMap This project is designed to run on a Docker container. However, doing it on a custom installation of Django is not a good idea. However, if you need it, you will find all the steps of the build in the Docker file.

Features

  • Import and parse Nmap XML files
  • Run and Schedule Nmap Scan from dashboard
  • Statistics and Charts on discovered services, ports, OS, etc…
  • Inspect a single host by clicking on its IP address
  • Attach labels on a host
  • Insert notes for a specific host
  • Create a PDF Report with charts, details, labels and notes
  • Copy to clipboard as Nikto, Curl or Telnet commands
  • Search for CVE and Exploits based on CPE collected by Nmap
  • RESTful API

You should use this with docker, just by sending this command:

$ mkdir /tmp/webmap
$ docker run -d \
         --name webmap \
         -h webmap \
         -p 8000:8000 \
         -v /tmp/webmap:/opt/xml \
         rev3rse/webmap

$ # now you can run Nmap and save the XML Report on /tmp/webmap
$ nmap -sT -A -T4 -oX /tmp/webmap/myscan.xml 192.168.1.0/24

Now point your browser to http://localhost:8000

Generate new token

In order to access to the WebMap dashboard, you need a token. You can create a new token with:

$ docker exec -ti webmap /root/token

Quick and Dirty

$ curl -sL http://bit.ly/webmapsetup | bash

Upgrade from previous release

$ # stop running webmap container
$ docker stop webmap

$ # remove webmap container
$ docker rm webmap

$ # pull new image from dockerhub
$ docker pull rev3rse/webmap

$ # run WebMap
$ curl -sL http://bit.ly/webmapsetup | bash

Run without Docker

This project is designed to run on a Docker container. IMHO it isn’t a good idea to run this on a custom Django installation, but if you need it you can find all building steps inside the Dockerfile.

Video

The HTML template changes often. This video could not be up to date with the latest version.

Version v2.3:
coming soon…

HackerSploit Video about WebMap v2.2:
HackerSploit

Roadmap for v2.3x

You love WebMap and you know python? We need your help! This is what we want deploy for the v2.3:

  • [todo] Improve template: try to define better the html template and charts
  • [todo] Improve API: create a documentation/wiki about it
  • [todo] Wiki: create WebMap User Guide on GitHub
  • [working] Authentication or something that could blocks access to WebMap if != localhost
  • [working] Scan diff: show difference between two scheduled nmap scan report
  • [todo] Zaproxy: Perform web scan using the OWASP ZAP API

Github

Pyattck – A Python Module To Interact With The Mitre ATT&CK Framework

Previous article

Fuzzilli – A JavaScript Engine Fuzzer

Next article

You may also like

Comments

Leave a reply

Your email address will not be published. Required fields are marked *

More in Network