A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Overview

📡 WebMap

forthebadge made-with-python
A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

  • Perform A Network Scan using Nmap
  • Perform A Vulnerabity Scan Using Nikto
  • Perform A Directory Busting using Using Dirsearch
  • Generate Reports
  • Automate Web Penetration Using WebMap
  • Tested on Linux and Unix with Python 3


Webmap-Home

🛠 Installation

Linux & Unix

$ git clone https://github.com/Anteste/WebMap.git
$ cd WebMap
$ ./install.sh
$ webmap

Other

  • This project is free and open source, under the MIT.
  • You can contribute to this project by proposing pull requests.
Comments
  • `All the Scans` module not working

    `All the Scans` module not working

    I am able to use the tool for individual scan modules like 1. Nmap :white_check_mark: 2. Dirsearch :white_check_mark: 3. Nikto :white_check_mark:

    However, if I select Option A: All the Scans, I am getting the below error. :x:

    :large_blue_diamond: When tried with only google.com Unable to init server: Could not connect: Connection refused Failed to parse arguments: Cannot open display:

    image

    :large_blue_diamond: When tried with https://google.com File "webmap.py", line 130, in <module> ipall = socket.gethostbyname(targetall) socket.gaierror: [Errno -2] Name or service not known

    image

    Feature request 
    opened by GiJ03 10
  • Various fixes

    Various fixes

    Hello,

    I can see that this project is very young and there are a lot of things in the code that I think are suboptimal.

    Please note: I didn't run any of the code yet!!! But for a few months now I had in mind to do exactly this kind of software, so I feel like contributing.

    The main problem is that you assume too much, and take arbitrary decisions for the user, and this leads to software that is not portable. For instance, I'm using Archlinux, so your software will not work if I try to naively install it with install.sh, even if I have all the dependencies already in my $PATH.

    The fixes are just minor stuff that I found while browsing the source, but I hope they will help you improve your skills ;)

    Other things you might have:

    • use github actions to lint the code
    • use shellcheck on install.sh
    • use black and isort
    • add the licence and copyright in every file
    • add a CONTRIBUTING file
    • test the presence of dependencies before installing them
    • instead of git cloning directorysearch, consider adding it as a submodule
    • well there are many things you can do, but the first will be to review this PR ;)

    Commit message below:

    • remove chmod +x instruction from README as it's not needed (git keeps the permissions)
    • don't use sudo to execute the install script as it contains sudo commands
    • link to the MIT license in the README
    • replace tabs with spaces
    • remove trailing whitespaces
    • add newline at end of files

    In install.sh:

    • use a variable to hold the dependencies instead of repeating them
    • use the --user flag for pip install
    • use /usr/local/bin instead of /usr/bin for symlink
    • store dirsearch in ~/.opt instead of /opt: don't pollute the system with user software, don't use root to clone a git repository
    • use $() instead of backquotes
    • add quotes for variables
    • use env to find bash
    Bug 
    opened by NicolasCARPi 5
  • fix: change dirsearch option

    fix: change dirsearch option

    Hello,

    In the following PR, dirsearch option --simple-report was removed, which prevented Dirsearch Scan from working properly. I fixed this by changing it to the newly added option --output.

    https://github.com/maurosoria/dirsearch/pull/770

    no-pr-activity 
    opened by cotton-alta 3
  • Change to Target URL Format

    Change to Target URL Format

    (Thanks for sending a pull request! Please make sure you click the link above to view the contribution guidelines, then fill out the blanks below.)

    What does this implement/fix? Explain your changes.

    This fixes an issue with resolving IPs to hostnames using the conf.socket.gethostbyname(full_host) snippet.
    Albeit i feel this task is not necessary as most hardened environments (like in OSCP & CTFs) purposely do not allow DNS resolving, users within a VPN environment would still experience this issue.
    
    Owing to this i would like to make the following changes 
    1. In the input for asset to scan users should enter only IP Address or Hostname without http://
    2. Comment out full_ip = conf.socket.gethostbyname(full_host) in fullscan.py
    3. Change nmap {full_ip} to  {full_host}
    4. For nikto and dirsearch before {full_host} include http:// just to be http://{full_host}
    

    Does this close any currently open issues?

    Yes
    

    Any relevant logs, error output, etc?

    Traceback (most recent call last): File "/usr/local/bin/webmap", line 56, in <module> main() File "/usr/local/bin/webmap", line 48, in main conf.call_def(conf.full_scan) File "/home/kali/Desktop/TOOLS/WEB ATTACK/WebMap/conf/conf.py", line 80, in call_def func() File "/home/kali/Desktop/TOOLS/WEB ATTACK/WebMap/modules/fullscan.py", line 31, in full_scan full_ip = conf.socket.gethostbyname(full_host) socket.gaierror: [Errno -2] Name or service not known
    

    Any other comments?

    Where has this been tested?

    Operating System: kali Linux

    Platform:Kali Linux Python 3

    Target Platform: Ubuntu

    Python Version: Python 3

    opened by Johnng007 2
  • Merge pull request #12 from Anteste/1.0

    Merge pull request #12 from Anteste/1.0

    Merge pull request #11 from Anteste/1.x

    (Thanks for sending a pull request! Please make sure you click the link above to view the contribution guidelines, then fill out the blanks below.)

    What does this implement/fix? Explain your changes.

    Does this close any currently open issues?

    Any relevant logs, error output, etc?

    Any other comments?

    Where has this been tested?

    Operating System:

    Platform:

    Target Platform:

    Python Version:

    opened by Anteste 1
  • Merge pull request #11 from Anteste/1.x

    Merge pull request #11 from Anteste/1.x

    Change to Target URL Format

    (Thanks for sending a pull request! Please make sure you click the link above to view the contribution guidelines, then fill out the blanks below.)

    What does this implement/fix? Explain your changes.

    Does this close any currently open issues?

    Any relevant logs, error output, etc?

    Any other comments?

    Where has this been tested?

    Operating System:

    Platform:

    Target Platform:

    Python Version:

    opened by Anteste 1
  • Does not seem to scan IP based URLs

    Does not seem to scan IP based URLs

    Nice Tool but doesnt seem to scan IP based URLs like: http://10.12.1.23 Traceback (most recent call last): File "/usr/local/bin/webmap", line 56, in <module> main() File "/usr/local/bin/webmap", line 48, in main conf.call_def(conf.full_scan) File "/home/kali/Desktop/TOOLS/WEB ATTACK/WebMap/conf/conf.py", line 80, in call_def func() File "/home/kali/Desktop/TOOLS/WEB ATTACK/WebMap/modules/fullscan.py", line 31, in full_scan full_ip = conf.socket.gethostbyname(full_host) socket.gaierror: [Errno -2] Name or service not known

    opened by Johnng007 1
  • Update install.sh to install in other Systems

    Update install.sh to install in other Systems

    I've added more information so it can install on other linux distribution other than Debian flavours. Anything you can arrange. I've placed some comments on the file to be easy read

    Enhancement 
    opened by tfprelvas 1
  • Install.sh and reopen() function

    Install.sh and reopen() function

    I've added a shell script to simplify the installation process and made a new reopen() function so the script still works the old way, by executing it with python webmap.py

    Enhancement 
    opened by luizmlo 0
Releases(v1.0.7)
Owner
Iliass Alami Qammouri
💻 Web developer
Iliass Alami Qammouri
A simple framwork to streamline the Domain Adaptation training process.

FastDA Introduction This is a simple framework for domain adaptation training. You can use it to build your own training process. It heavily relies on

Vincent Zhang 7 Nov 22, 2022
Geowifi 📡 💘 🌎 Search WiFi geolocation data by BSSID and SSID on different public databases.

Geowifi 📡 💘 🌎 Search WiFi geolocation data by BSSID and SSID on different public databases.

GOΠZO 441 Dec 23, 2022
OptiPLANT is a cloud-based based system that empowers professional and non-professional data scientists to build high-quality predictive models

OptiPLANT OptiPLANT is a cloud-based based system that empowers professional and non-professional data scientists to build high-quality predictive mod

Intellia ICT 1 Jan 26, 2022
A simple GitHub Action that physically puts your senses on alert when your build/release fails

GH Release Paniker A simple GitHub Action that physically puts your senses on alert when your build/release fails Usage Requirements: Raspberry Pi, LE

Hemanth Krishna 5 Dec 20, 2021
An HTML interface for finetuning the sync map output from aeneas

finetuneas 3.0 finetuneas is a simple HTML interface for fine tuning sync maps output by aeneas Version 3.0 Easier adjusting time: following cells wil

Firat Özdemir 50 Mar 12, 2022
track IP Address

ipX Table of Contents ipX Welcome Features Uses Author 📝 License Welcome find the location of an IP address. Specifically, you can get the following

Ali Shahid 15 Sep 26, 2022
A protocol or procedure that connects an ever-changing IP address to a fixed physical machine address

p0znMITM ARP Poisoning Tool What is ARP? Address Resolution Protocol (ARP) is a protocol or procedure that connects an ever-changing IP address to a f

Furkan OZKAN 9 Sep 18, 2022
👨🏼‍💻 ‎‎‎‏‏ A customizable man-in-the-middle TCP proxy with out-of-the-box support for HTTP & HTTPS.

👨‍💻 mitm A customizable man-in-the-middle TCP proxy with out-of-the-box support for HTTP & HTTPS. Installing pip install mitm Note that OpenSSL 1.1

Felipe 92 Jan 05, 2023
DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.

What is DNSStager? DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. DNSStager will create a malic

Askar 547 Dec 20, 2022
EV: IDS Evasion via Packet Manipulation

EV: IDS Evasion via TCP/IP Packet Manipulation 中文文档 Introduction EV is a tool that allows you crafting TCP packets and leveraging some well-known TCP/

256 Dec 08, 2022
A simple Tor switcher script switches tor nodes in interval of time

Tor_Switcher A simple Tor switcher script switches tor nodes in interval of time This script will switch tor nodes in every interval of time that you

d4rk sh4d0w 2 Nov 15, 2021
A python 3 library which helps in using nmap port scanner.

A python 3 library which helps in using nmap port scanner. This is done by converting each nmap command into a callable python3 method or function. System administrators can now automatic nmap scans

Nmmapper 179 Dec 19, 2022
A Python framework for interacting with Solana's Pyth network.

Pyth Network A basic Python framework for reading and decoding data regarding the Pyth network

1 Nov 29, 2021
A light-weight open-source project CLI utility for showing services running on ports in a host

Portable Port Scanner (ppscanner) Portable Port Scanner (ppscanner) is a light-weight open-source CLI utility that leverages on nmap to make quick and

1 Oct 30, 2021
An API for controlling Wi-Fi connections on Balena devices.

Description An API for controlling Wi-Fi connections on Balena devices. It does not contain an interface, instead it provides API endpoints to send re

8 Dec 25, 2022
A Python3 discord trojan, utilizing discord webhooks for sending information.

Vape-Lite-RAT A Python3 discord trojan, utilizing discord webhooks for sending information. What you do with this code / project / idea is non of my b

NightTab 12 Oct 15, 2022
Azure-function-proxy - Basic proxy as an azure function serverless app

azure function proxy (for phishing) here are config files for using *[.]azureweb

17 Nov 09, 2022
Publish GPU miner info to MQTT

Miner2MQTT Доступ к вашему GPU майнеру через MQTT. Изменения 1.0 EXE файл для Windows 1.1 Управление вентиляторами видеокарт (Linux) Упраление power l

Dmitry Bukhvalov 5 Aug 21, 2022
Easy-to-use sync library for handy proxy parse

Proxy Parser About Synchronous library, for convenient and fast parsing of proxies from different sources. Uses Scrapy as a parser. At the moment the

Michael Mironov 2 Nov 22, 2022
Qtas(Quite a Storage)is an experimental distributed storage system developed by Q-team in BJFU Advanced Computer Network sources.

Qtas(Quite a Storage)is a experimental distributed storage system developed by Q-team in BJFU Advanced Computer Network sources.

Jiaming Zhang 3 Jan 12, 2022