WMAP is a web application scanner plugin that is used for scanning web application vulnerabilities. It's not a real scanner like Burp Suite or Acunetix, but it does have its own advantages. Before going into detail about WMAP, let's try to understand its architecture first.

The WMAP architecture is simple yet powerful. WMAP is a mini-framework that is loaded into MSF as a plugin. It connects with the Metasploit database to fetch the results of any previously completed scans. The results loaded from the database (such as hostnames, URLs, IPs, and so on) will then be used in the web application scan. WMAP uses Metasploit modules (as we can see in the following diagram) to run the scan and the modules can be of any type – auxiliary, exploits, and so on. Once WMAP starts the scanning of the targets, all the artifacts and crucial information found gets stored in the MSF database. One of the most powerful features of WMAP is its distributed (clustered) scanning feature (covered in the Clustered scanning using WMAP section of this chapter), which helps WMAP to scan any number of web applications through n number of nodes (MSF slave).

Before going into detail about how to use WMAP, let's understand the process first.