A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

Overview

📡 WebMap

forthebadge made-with-python
A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

  • Perform A Network Scan using Nmap
  • Perform A Vulnerabity Scan Using Nikto
  • Perform A Directory Busting using Using Dirsearch
  • Generate Reports
  • Automate Web Penetration Using WebMap
  • Tested on Linux and Unix with Python 3


Webmap-Home

🛠 Installation

Linux & Unix

$ git clone https://github.com/Anteste/WebMap.git
$ cd WebMap
$ ./install.sh
$ webmap

Other

  • This project is free and open source, under the MIT.
  • You can contribute to this project by proposing pull requests.
Comments
  • `All the Scans` module not working

    `All the Scans` module not working

    I am able to use the tool for individual scan modules like 1. Nmap :white_check_mark: 2. Dirsearch :white_check_mark: 3. Nikto :white_check_mark:

    However, if I select Option A: All the Scans, I am getting the below error. :x:

    :large_blue_diamond: When tried with only google.com Unable to init server: Could not connect: Connection refused Failed to parse arguments: Cannot open display:

    image

    :large_blue_diamond: When tried with https://google.com File "webmap.py", line 130, in <module> ipall = socket.gethostbyname(targetall) socket.gaierror: [Errno -2] Name or service not known

    image

    Feature request 
    opened by GiJ03 10
  • Various fixes

    Various fixes

    Hello,

    I can see that this project is very young and there are a lot of things in the code that I think are suboptimal.

    Please note: I didn't run any of the code yet!!! But for a few months now I had in mind to do exactly this kind of software, so I feel like contributing.

    The main problem is that you assume too much, and take arbitrary decisions for the user, and this leads to software that is not portable. For instance, I'm using Archlinux, so your software will not work if I try to naively install it with install.sh, even if I have all the dependencies already in my $PATH.

    The fixes are just minor stuff that I found while browsing the source, but I hope they will help you improve your skills ;)

    Other things you might have:

    • use github actions to lint the code
    • use shellcheck on install.sh
    • use black and isort
    • add the licence and copyright in every file
    • add a CONTRIBUTING file
    • test the presence of dependencies before installing them
    • instead of git cloning directorysearch, consider adding it as a submodule
    • well there are many things you can do, but the first will be to review this PR ;)

    Commit message below:

    • remove chmod +x instruction from README as it's not needed (git keeps the permissions)
    • don't use sudo to execute the install script as it contains sudo commands
    • link to the MIT license in the README
    • replace tabs with spaces
    • remove trailing whitespaces
    • add newline at end of files

    In install.sh:

    • use a variable to hold the dependencies instead of repeating them
    • use the --user flag for pip install
    • use /usr/local/bin instead of /usr/bin for symlink
    • store dirsearch in ~/.opt instead of /opt: don't pollute the system with user software, don't use root to clone a git repository
    • use $() instead of backquotes
    • add quotes for variables
    • use env to find bash
    Bug 
    opened by NicolasCARPi 5
  • fix: change dirsearch option

    fix: change dirsearch option

    Hello,

    In the following PR, dirsearch option --simple-report was removed, which prevented Dirsearch Scan from working properly. I fixed this by changing it to the newly added option --output.

    https://github.com/maurosoria/dirsearch/pull/770

    no-pr-activity 
    opened by cotton-alta 3
  • Change to Target URL Format

    Change to Target URL Format

    (Thanks for sending a pull request! Please make sure you click the link above to view the contribution guidelines, then fill out the blanks below.)

    What does this implement/fix? Explain your changes.

    This fixes an issue with resolving IPs to hostnames using the conf.socket.gethostbyname(full_host) snippet.
    Albeit i feel this task is not necessary as most hardened environments (like in OSCP & CTFs) purposely do not allow DNS resolving, users within a VPN environment would still experience this issue.
    
    Owing to this i would like to make the following changes 
    1. In the input for asset to scan users should enter only IP Address or Hostname without http://
    2. Comment out full_ip = conf.socket.gethostbyname(full_host) in fullscan.py
    3. Change nmap {full_ip} to  {full_host}
    4. For nikto and dirsearch before {full_host} include http:// just to be http://{full_host}
    

    Does this close any currently open issues?

    Yes
    

    Any relevant logs, error output, etc?

    Traceback (most recent call last): File "/usr/local/bin/webmap", line 56, in <module> main() File "/usr/local/bin/webmap", line 48, in main conf.call_def(conf.full_scan) File "/home/kali/Desktop/TOOLS/WEB ATTACK/WebMap/conf/conf.py", line 80, in call_def func() File "/home/kali/Desktop/TOOLS/WEB ATTACK/WebMap/modules/fullscan.py", line 31, in full_scan full_ip = conf.socket.gethostbyname(full_host) socket.gaierror: [Errno -2] Name or service not known
    

    Any other comments?

    Where has this been tested?

    Operating System: kali Linux

    Platform:Kali Linux Python 3

    Target Platform: Ubuntu

    Python Version: Python 3

    opened by Johnng007 2
  • Merge pull request #12 from Anteste/1.0

    Merge pull request #12 from Anteste/1.0

    Merge pull request #11 from Anteste/1.x

    (Thanks for sending a pull request! Please make sure you click the link above to view the contribution guidelines, then fill out the blanks below.)

    What does this implement/fix? Explain your changes.

    Does this close any currently open issues?

    Any relevant logs, error output, etc?

    Any other comments?

    Where has this been tested?

    Operating System:

    Platform:

    Target Platform:

    Python Version:

    opened by Anteste 1
  • Merge pull request #11 from Anteste/1.x

    Merge pull request #11 from Anteste/1.x

    Change to Target URL Format

    (Thanks for sending a pull request! Please make sure you click the link above to view the contribution guidelines, then fill out the blanks below.)

    What does this implement/fix? Explain your changes.

    Does this close any currently open issues?

    Any relevant logs, error output, etc?

    Any other comments?

    Where has this been tested?

    Operating System:

    Platform:

    Target Platform:

    Python Version:

    opened by Anteste 1
  • Does not seem to scan IP based URLs

    Does not seem to scan IP based URLs

    Nice Tool but doesnt seem to scan IP based URLs like: http://10.12.1.23 Traceback (most recent call last): File "/usr/local/bin/webmap", line 56, in <module> main() File "/usr/local/bin/webmap", line 48, in main conf.call_def(conf.full_scan) File "/home/kali/Desktop/TOOLS/WEB ATTACK/WebMap/conf/conf.py", line 80, in call_def func() File "/home/kali/Desktop/TOOLS/WEB ATTACK/WebMap/modules/fullscan.py", line 31, in full_scan full_ip = conf.socket.gethostbyname(full_host) socket.gaierror: [Errno -2] Name or service not known

    opened by Johnng007 1
  • Update install.sh to install in other Systems

    Update install.sh to install in other Systems

    I've added more information so it can install on other linux distribution other than Debian flavours. Anything you can arrange. I've placed some comments on the file to be easy read

    Enhancement 
    opened by tfprelvas 1
  • Install.sh and reopen() function

    Install.sh and reopen() function

    I've added a shell script to simplify the installation process and made a new reopen() function so the script still works the old way, by executing it with python webmap.py

    Enhancement 
    opened by luizmlo 0
Releases(v1.0.7)
Owner
Iliass Alami Qammouri
💻 Web developer
Iliass Alami Qammouri
Control your Puffco Peak Pro from your computer!

PuffcoPC Control your Puffco Peak Pro from your computer! Contributions Pull requests are welcome. For major changes, please open an issue first to di

Bryan Muschter 5 Nov 02, 2022
PyBERT is a serial communication link bit error rate tester simulator with a graphical user interface (GUI).

PyBERT PyBERT is a serial communication link bit error rate tester simulator with a graphical user interface (GUI). It uses the Traits/UI package of t

David Banas 59 Dec 23, 2022
Jogo da forca simples com conexão entre cliente e servidor utilizando TCP.

JogoDaForcaTCP Um jogo da forca simples com conexão entre cliente e servidor utilizando o protocólo TCP. Como jogar: Habilite a porta 20000, inicie o

Kelvin Santos 1 Dec 01, 2021
Data Exfiltration without ever making a connection. Using TCP header space.

TCPwned PoC toy code to exfiltrate data without ever making a TCP connection. This will never show up in firewall logs, much less, actually be monitor

2 Nov 21, 2022
Utility for converting IP Fabric webhooks into a Teams format.

IP Fabric Webhook Integration for Microsoft Teams and/or Slack Setup IP Fabric Setup Go to Settings Webhooks Add webhook Provide a name URL will b

Community Fabric 1 Jan 26, 2022
Herramienta para transferir eventos de Shadowserver REST API hacia Azure Blob Storage.

Herramienta para transferir eventos de Shadowserver REST API hacia Azure Blob Storage.

CSIRT-RD 1 Feb 04, 2022
A simple, personal chat program that runs on a single computer. No Internet, just you.

MultiChat A simple, personal chat program that runs on a single computer. No Internet, just you. Simple and Local MultiChat was created with ease of u

Owls 2 Aug 19, 2022
An curated collection of awesome resources about networking in cybersecurity

An ongoing curated collection of awesome software, libraries, frameworks, talks & videos, best practices, learning tutorials and important practical resources about networking in cybersecurity

Paul Veillard, P. Eng 7 Nov 30, 2022
A Python module that allows you to create and use simple sockets.

EasySockets A Python module that allows you to create and use simple sockets. Installation The easysockets module can be installed using pip. pip inst

Matthias Wijnsma 2 Jan 16, 2022
A simple tool to utilize the basic functionality of the Private API From Virus Total

Welcome To VT-SCAN (viurs total api) Information This is a simple tool to utilize the basic functionality of the Private API From Virus Total. with th

0X0ŽĒR∅⁰ 1 Sep 21, 2022
Find information about an IP address, such as its location, ISP, hostname, region, country, and city.

Find information about an IP address, such as its location, ISP, hostname, region, country, and city. An IP address can be traced, tracked, and located.

Sachit Yadav 2 Jul 09, 2022
No-dependency, single file NNTP server library for developing modern, rfc3977-compliant (bridge) NNTP servers.

nntpserver.py No-dependency, single file NNTP server library for developing modern, rfc3977-compliant (bridge) NNTP servers for python =3.7. Develope

Manos Pitsidianakis 44 Nov 14, 2022
This program ingests a Cisco "sh ip arp" as a text file and produces the list of vendors seen in the file

IP-ARP-Vendor_lookup This program ingests a Cisco "sh ip arp" as a text file and produces the list of vendors seen in the file Why? Answers the questi

Stew Alexander 1 Dec 24, 2022
A simple, configurable application and set of services to monitor multiple raspberry pi's on a network.

rpi-info-monitor A simple, configurable application and set of services to monitor multiple raspberry pi's on a network. It can be used in a terminal

Kevin Kirchhoff 11 May 22, 2022
Module for convenient work with TCP sockets.

m_socket-py Module for convenient work with TCP sockets. Contributing Pool Request is supported! Ask questions in the Issues section. License Copyrigh

Egor Arskiy 5 Mar 09, 2022
Socket programming is a way of connecting two nodes on a network to communicate with each other

Socket Programming in Python Socket programming is a way of connecting two nodes on a network to communicate with each other. One socket(node) listens

Janak raikhola 1 Jul 05, 2022
BlueHawk is an HTTP/1.1 compliant web server developed in python

This project is done as a part of Computer Networks course. It aims at the implementation of the HTTP/1.1 Protocol based on RFC 2616 and includes the basic HTTP methods of GET, POST, PUT, DELETE and

2 Nov 11, 2022
This script aims to make the dynamic public ip of your local server, public.

EZ DDNS CLOUDFLARE This script aims to make the dynamic ip of your local server, public. It does this by regularly updating cloudflare's dns record. B

3 Feb 13, 2022
NetworkX is a Python package for the creation, manipulation, and study of the structure, dynamics, and functions of complex networks.

NetworkX is a Python package for the creation, manipulation, and study of the structure, dynamics, and functions of complex networks.

NetworkX 12k Jan 02, 2023
An ftp syncing python package that I use to sync pokemon saves between my hacked 3ds running ftpd and my server

Sync file pairs over ftp and apply patches to them. Useful for using ftpd to transfer ROM save files to and from your DS if you also play on an emulator. Setup a cron job to check for your DS's ftp s

17 Jan 04, 2023