WebMap v2.2 releases: Nmap Web Dashboard and Reporting

WebMap

Nmap Web Dashboard and Reporting

Features

  • Import and parse Nmap XML files
  • Run and Schedule Nmap Scan from dashboard
  • Statistics and Charts on discovered services, ports, OS, etc…
  • Inspect a single host by clicking on its IP address
  • Attach labels on a host
  • Insert notes for a specific host
  • Create a PDF Report with charts, details, labels and notes
  • Copy to clipboard as Nikto, Curl or Telnet commands
  • Search for CVE and Exploits based on CPE collected by Nmap
  • RESTful API

XML Filenames

When creating the PDF version of the Nmap XML Report, the XML filename is used as document title on the first page. WebMap will replace some parts of the filename as follows:

  • _ will be replaced by a space ( )
  • .xml will be removed

Example: ACME_Ltd..xml
PDF title: ACME Ltd.

CVE and Exploits

thanks to the amazing API services by circl.lu, WebMap is able to look for CVE and Exploits for each CPE collected by Nmap. Not all CPE are checked over the circl.lu API, but only when a specific version is specified (for example: cpe:/a:microsoft:iis:7.5 and not cpe:/o:microsoft:windows).

Changelog v2.2

  • fixed bug on missing services
  • Run nmap from WebMap
  • Schedule nmap run
  • Add custom NSE scripts section

Install

$ curl -sL http://bit.ly/webmapsetup | bash

Usage

You should use this with docker, just by sending this command:

Security Issues

This app is not intended to be exposed on the internet. Please, DO NOT expose this app to the internet, use your localhost or, in case you can’t do it, take care to filter who and what can access to WebMap with a firewall rule or something like that. Exposing this app to the whole internet could lead not only to a stored XSS but also to a leakage of sensitive/critical/private information about your port scan. Please, be smart.

Tutorial

Demo

Author:

Twitter: @Menin_TheMiddle
YouTube: Rev3rseSecurity

Source: https://github.com/Rev3rseSecurity/

Share