A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Overview

📡 WebMap

forthebadge made-with-python
A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

  • Perform A Network Scan using Nmap
  • Perform A Vulnerabity Scan Using Nikto
  • Perform A Directory Busting using Using Dirsearch
  • Generate Reports
  • Automate Web Penetration Using WebMap
  • Tested on Linux and Unix with Python 3


Webmap-Home

🛠 Installation

Linux & Unix

$ git clone https://github.com/Anteste/WebMap.git
$ cd WebMap
$ ./install.sh
$ webmap

Other

  • This project is free and open source, under the MIT.
  • You can contribute to this project by proposing pull requests.
Comments
  • `All the Scans` module not working

    `All the Scans` module not working

    I am able to use the tool for individual scan modules like 1. Nmap :white_check_mark: 2. Dirsearch :white_check_mark: 3. Nikto :white_check_mark:

    However, if I select Option A: All the Scans, I am getting the below error. :x:

    :large_blue_diamond: When tried with only google.com Unable to init server: Could not connect: Connection refused Failed to parse arguments: Cannot open display:

    image

    :large_blue_diamond: When tried with https://google.com File "webmap.py", line 130, in <module> ipall = socket.gethostbyname(targetall) socket.gaierror: [Errno -2] Name or service not known

    image

    Feature request 
    opened by GiJ03 10
  • Various fixes

    Various fixes

    Hello,

    I can see that this project is very young and there are a lot of things in the code that I think are suboptimal.

    Please note: I didn't run any of the code yet!!! But for a few months now I had in mind to do exactly this kind of software, so I feel like contributing.

    The main problem is that you assume too much, and take arbitrary decisions for the user, and this leads to software that is not portable. For instance, I'm using Archlinux, so your software will not work if I try to naively install it with install.sh, even if I have all the dependencies already in my $PATH.

    The fixes are just minor stuff that I found while browsing the source, but I hope they will help you improve your skills ;)

    Other things you might have:

    • use github actions to lint the code
    • use shellcheck on install.sh
    • use black and isort
    • add the licence and copyright in every file
    • add a CONTRIBUTING file
    • test the presence of dependencies before installing them
    • instead of git cloning directorysearch, consider adding it as a submodule
    • well there are many things you can do, but the first will be to review this PR ;)

    Commit message below:

    • remove chmod +x instruction from README as it's not needed (git keeps the permissions)
    • don't use sudo to execute the install script as it contains sudo commands
    • link to the MIT license in the README
    • replace tabs with spaces
    • remove trailing whitespaces
    • add newline at end of files

    In install.sh:

    • use a variable to hold the dependencies instead of repeating them
    • use the --user flag for pip install
    • use /usr/local/bin instead of /usr/bin for symlink
    • store dirsearch in ~/.opt instead of /opt: don't pollute the system with user software, don't use root to clone a git repository
    • use $() instead of backquotes
    • add quotes for variables
    • use env to find bash
    Bug 
    opened by NicolasCARPi 5
  • fix: change dirsearch option

    fix: change dirsearch option

    Hello,

    In the following PR, dirsearch option --simple-report was removed, which prevented Dirsearch Scan from working properly. I fixed this by changing it to the newly added option --output.

    https://github.com/maurosoria/dirsearch/pull/770

    no-pr-activity 
    opened by cotton-alta 3
  • Change to Target URL Format

    Change to Target URL Format

    (Thanks for sending a pull request! Please make sure you click the link above to view the contribution guidelines, then fill out the blanks below.)

    What does this implement/fix? Explain your changes.

    This fixes an issue with resolving IPs to hostnames using the conf.socket.gethostbyname(full_host) snippet.
    Albeit i feel this task is not necessary as most hardened environments (like in OSCP & CTFs) purposely do not allow DNS resolving, users within a VPN environment would still experience this issue.
    
    Owing to this i would like to make the following changes 
    1. In the input for asset to scan users should enter only IP Address or Hostname without http://
    2. Comment out full_ip = conf.socket.gethostbyname(full_host) in fullscan.py
    3. Change nmap {full_ip} to  {full_host}
    4. For nikto and dirsearch before {full_host} include http:// just to be http://{full_host}
    

    Does this close any currently open issues?

    Yes
    

    Any relevant logs, error output, etc?

    Traceback (most recent call last): File "/usr/local/bin/webmap", line 56, in <module> main() File "/usr/local/bin/webmap", line 48, in main conf.call_def(conf.full_scan) File "/home/kali/Desktop/TOOLS/WEB ATTACK/WebMap/conf/conf.py", line 80, in call_def func() File "/home/kali/Desktop/TOOLS/WEB ATTACK/WebMap/modules/fullscan.py", line 31, in full_scan full_ip = conf.socket.gethostbyname(full_host) socket.gaierror: [Errno -2] Name or service not known
    

    Any other comments?

    Where has this been tested?

    Operating System: kali Linux

    Platform:Kali Linux Python 3

    Target Platform: Ubuntu

    Python Version: Python 3

    opened by Johnng007 2
  • Merge pull request #12 from Anteste/1.0

    Merge pull request #12 from Anteste/1.0

    Merge pull request #11 from Anteste/1.x

    (Thanks for sending a pull request! Please make sure you click the link above to view the contribution guidelines, then fill out the blanks below.)

    What does this implement/fix? Explain your changes.

    Does this close any currently open issues?

    Any relevant logs, error output, etc?

    Any other comments?

    Where has this been tested?

    Operating System:

    Platform:

    Target Platform:

    Python Version:

    opened by Anteste 1
  • Merge pull request #11 from Anteste/1.x

    Merge pull request #11 from Anteste/1.x

    Change to Target URL Format

    (Thanks for sending a pull request! Please make sure you click the link above to view the contribution guidelines, then fill out the blanks below.)

    What does this implement/fix? Explain your changes.

    Does this close any currently open issues?

    Any relevant logs, error output, etc?

    Any other comments?

    Where has this been tested?

    Operating System:

    Platform:

    Target Platform:

    Python Version:

    opened by Anteste 1
  • Does not seem to scan IP based URLs

    Does not seem to scan IP based URLs

    Nice Tool but doesnt seem to scan IP based URLs like: http://10.12.1.23 Traceback (most recent call last): File "/usr/local/bin/webmap", line 56, in <module> main() File "/usr/local/bin/webmap", line 48, in main conf.call_def(conf.full_scan) File "/home/kali/Desktop/TOOLS/WEB ATTACK/WebMap/conf/conf.py", line 80, in call_def func() File "/home/kali/Desktop/TOOLS/WEB ATTACK/WebMap/modules/fullscan.py", line 31, in full_scan full_ip = conf.socket.gethostbyname(full_host) socket.gaierror: [Errno -2] Name or service not known

    opened by Johnng007 1
  • Update install.sh to install in other Systems

    Update install.sh to install in other Systems

    I've added more information so it can install on other linux distribution other than Debian flavours. Anything you can arrange. I've placed some comments on the file to be easy read

    Enhancement 
    opened by tfprelvas 1
  • Install.sh and reopen() function

    Install.sh and reopen() function

    I've added a shell script to simplify the installation process and made a new reopen() function so the script still works the old way, by executing it with python webmap.py

    Enhancement 
    opened by luizmlo 0
Releases(v1.0.7)
Owner
Iliass Alami Qammouri
💻 Web developer
Iliass Alami Qammouri
This is an open project to maintain a list of domain names that serve YouTube ads

The YouTube ads blocklist project This is an open project to maintain a list of domain names that serve YouTube ads. The original project only produce

Evan Pratten 574 Dec 30, 2022
A non-custodial oracle and escrow system for the lightning network. Make LN contracts more expressive.

Hodl contracts A non-custodial oracle and escrow system for the lightning network. Make LN contracts more expressive. If you fire it up, be aware: (1)

31 Nov 30, 2022
Multi-path load balancing is a method used by most of the real-time network to split the packets into different paths rather than transferring it through a single path

Multipath-Load-Balancing Method of managing incoming traffic by distributing and sharing load fairly among multiple routes from source to destination

Dharshan Kumar 6 Dec 10, 2022
An HTML interface for finetuning the sync map output from aeneas

finetuneas 3.0 finetuneas is a simple HTML interface for fine tuning sync maps output by aeneas Version 3.0 Easier adjusting time: following cells wil

Firat Özdemir 50 Mar 12, 2022
A benchmark for stateful fuzzing of network protocols

A benchmark for stateful fuzzing of network protocols

3 Apr 25, 2022
Build surface water network for MODFLOW's SFR Package

Surface water network Creates surface water network, which can be used to create MODFLOW's SFR. Python packages Python 3.6+ is required. Required geop

Mike Taves 20 Nov 22, 2022
A simple Tor switcher script switches tor nodes in interval of time

Tor_Switcher A simple Tor switcher script switches tor nodes in interval of time This script will switch tor nodes in every interval of time that you

d4rk sh4d0w 2 Nov 15, 2021
TLD records archive. Revisiting the original TLDR project by mandatoryprogrammer, on the hunt for more root nameserver changes.

tldr A(nother) continuously updated historical TLD records archive. This repository is updated approximately every three hours with the results from D

Chris Partridge 11 Dec 14, 2022
Python module to interface with Tuya WiFi smart devices

TinyTuya Python module to interface with Tuya WiFi smart devices Description This python module controls and monitors Tuya compatible WiFi Smart Devic

Jason Cox 365 Dec 26, 2022
A Python based command line ARP Spoofer utility, which takes input as arguments for the exact target IP and gateway IP for which you wish to Spoof ARP request

A Python based command line ARP Spoofer utility, which takes input as arguments for the exact target IP and gateway IP for which you wish to Spoof ARP request

Abhinandan Khurana 1 Feb 10, 2022
Tool written on Python that locate all up host on your subnet

HOSTSCAN Easy to use command line network host scanner. From noob to noobs. Dependencies Nmap 7.92 or superior Python 3.9 or superior All requirements

NexCreep 4 Feb 27, 2022
Remote vanilla PDB (over TCP sockets) done right: no extras, proper handling around connection failures and CI.

Overview docs tests package Remote vanilla PDB (over TCP sockets) done right: no extras, proper handling around connection failures and CI. Based on p

Ionel Cristian Mărieș 227 Dec 27, 2022
A repo with study material, exercises, examples, etc for Devnet SPAUTO

MPLS in the SDN Era -- DevNet SPAUTO All of the study notes have now been moved to use auto-generated documentation to build a static site with Githu

Hugo Tinoco 67 Nov 16, 2022
Initial code of an A3C network

A3C-network Initial code of an A3C network Open the python file named as "APL452 Project Report2" The following libraries and packages have been insta

Ayush Tanwar 0 Jun 11, 2022
🐛 SSH self spreading worm written in python3 to propagate a botnet.

Mirkat SSH self spreading worm written in python3 to propagate a botnet. Install tutorial. cd ./script && sh setup.sh Support me. ⚠️ If this reposito

Ѵιcнч 58 Nov 01, 2022
AdaFruit Funhouse publishing Temperature, Humidity and Pressure to MQTT / Apache Pulsar

pulsar-adafruit-funhouse AdaFruit Funhouse publishing Temperature, Humidity and Pressure to MQTT / Apache Pulsar Device Get your own from adafruit Ada

Timothy Spann 1 Dec 30, 2021
This Tool can help enginners and biggener in network, the tool help you to find of any ip with subnet mask that can calucate them and show you ( Availble IP's , Subnet Mask, Network-ID, Broadcast-ID )

This Tool can help enginners and biggener in network, the tool help you to find of any ip with subnet mask that can calucate them and show you ( Availble IP's , Subnet Mask, Network-ID, Broadcast-ID

12 Dec 13, 2022
Proxlist - Retrieve proxy servers.

Finding and storing a list of proxies can be taxing - especially ones that are free and may not work only minutes from now. proxlist will validate the proxy and return a rotating random proxy to you

Justin Hammond 2 Mar 17, 2022
A light-weight open-source project CLI utility for showing services running on ports in a host

Portable Port Scanner (ppscanner) Portable Port Scanner (ppscanner) is a light-weight open-source CLI utility that leverages on nmap to make quick and

1 Oct 30, 2021
It can be used both locally and remotely (indicating IP and port)

It can be used both locally and remotely (indicating IP and port). It automatically finds the offset to the Instruction Pointer stored in the stack.

DiegoAltF4 13 Dec 29, 2022