WebMap project is designed to run on a Docker container With Nmap Web Dashboard . IMHO it isn’t a good idea to run this on a custom Django installation.
Also ReadDocker-Inurlbr : Exploit GET / POST Capturing Emails & Urls
You should use this with docker, just by sending this command:
$ mkdir /tmp/webmap
$ docker run -d \
--name webmap \
-h webmap \
-p 8000:8000 \
-v /tmp/webmap:/opt/xml \
rev3rse/webmap
$ # now you can run Nmap and save the XML Report on /tmp/webmap
$ nmap -sT -A -T4 -oX /tmp/webmap/myscan.xml 192.168.1.0/24 Now point your browser to http://localhost:8000
$ curl -sL http://bit.ly/webmapsetup | bash $ # stop running webmap container
$ docker stop webmap
$ # remove webmap container
$ docker rm webmap
$ # pull new image from dockerhub
$ docker pull rev3rse/webmap
$ # run WebMap
$ curl -sL http://bit.ly/webmapsetup | bash The HTML template changes often. This video could not be up to date with the latest version.
When creating the PDF version of the Nmap XML Report, the XML filename is used as document title on the first page. WebMap will replace some parts of the filename as following:
_ will replaced by a space ().xml will be removedExample: ACME_Ltd..xml
PDF title: ACME Ltd.
thanks to the amazing API services by circl.lu, WebMap is able to looking for CVE and Exploits for each CPE collected by Nmap. Not all CPE are checked over the circl.lu API, but only when a specific version is specified (for example: cpe:/a:microsoft:iis:7.5 and not cpe:/o:microsoft:windows).
From v2.1 WebMap has a RESTful API frontend that makes users able to query their scan files with something like:
curl -s 'http://localhost:8000/api/v1/scan'
"webmap_version": "v2.1/master",
"scans": {
"scanme.nmap.org.xml": {
"filename": "scanme.nmap.org.xml",
"startstr": "Sun Nov 4 16:22:46 2018",
"nhost": "1",
"port_stats": {
"open": 42,
"closed": 0,
"filtered": 0
}
},
"hackthebox.xml": {
"filename": "hackthebox.xml",
"startstr": "Mon Oct 8 20:56:32 2018",
"nhost": "256",
"port_stats": {
"open": 67,
"closed": 0,
"filtered": 2
}
}
}
} A user can get information about a single scan by append to the URL the XML filename:
curl -v 'http://localhost:8000/api/v1/scan/hackthebox.xml'
{
"file": "hackthebox.xml",
"hosts": {
"10.10.10.2": {
"hostname": {},
"label": "",
"notes": ""
},
"10.10.10.72": {
"hostname": {
"PTR": "streetfighterclub.htb"
},
"label": "",
"notes": ""
},
"10.10.10.76": {
"hostname": {},
"label": "",
"notes": ""
},
"10.10.10.77": {
"hostname": {},
"label": "Vulnerable",
"notes": "PHNwYW4gY2xhc3M9ImxhYmVsIGdyZWVuIj5SRU1FRElBVElPTjwvc3Bhbj4gVXBncmFkZSB0byB0aGUgbGF0ZXN0IHZlcnNpb24g"
},
... and he can get all information about a single host by append the IP address to URL:
curl -v'http://localhost:8000/api/v1/scan/hackthebox.xml/10.10.10.87'
"file": "hackthebox.xml",
"hosts": {
"10.10.10.87": {
"ports": [
{
"port": "22",
"name": "ssh",
"state": "open",
"protocol": "tcp",
"reason": "syn-ack",
"product": "OpenSSH",
"version": "7.5",
"extrainfo": "protocol 2.0"
},
{
"port": "80",
"name": "http",
"state": "open",
"protocol": "tcp",
"reason": "syn-ack",
"product": "nginx",
"version": "1.12.2",
"extrainfo": ""
},
{
"port": "8888",
"name": "sun-answerbook",
"state": "filtered",
"protocol": "tcp",
"reason": "no-response",
"product": "",
"version": "",
"extrainfo": ""
}
],
"hostname": {},
"label": "Checked",
"notes": "",
"CVE": [
{
"Modified": "2018-08-17T15:29:00.253000",
"Published": "2018-08-17T15:29:00.223000",
"cvss": "5.0",
"cwe": "CWE-200",
"exploit-db": [
{
"description": "OpenSSH 7.7 - Username Enumeration. CVE-2018-15473. Remote exploit for Linux platform",
"file": "exploits/linux/remote/45233.py",
"id": "EDB-ID:45233",
"last seen": "2018-08-21",
"modified": "2018-08-21",
"platform": "linux",
"port": "",
"published": "2018-08-21",
"reporter": "Exploit-DB",
"source": "https://www.exploit-db.com/download/45233/",
"title": "OpenSSH 7.7 - Username Enumeration",
"type": "remote"
},
{
"id": "EDB-ID:45210"
}
],
"id": "CVE-2018-15473",
"last-modified": "2018-11-02T06:29:06.993000",
"metasploit": [
... This app is not intended to be exposed on the internet. Please, DO NOT expose this app to the internet, use your localhost or, in case you can’t do it, take care to filter who and what can access to WebMap with a firewall rule or something like that. Exposing this app to the whole internet could lead not only to a stored XSS but also to a leakage of sensitive/critical/private information about your port scan. Please, be smart.
bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…
Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…
Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…
Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…