Metasploit Goes Web

Presented at DEF CON 17 (2009), Aug. 1, 2009, noon (20 minutes).

This topic will present and discuss the new Metasploit plugin for web exploitation and assessment. WMAP is part of the Metasploit framework and it is build with a different approach compared to other open source alternatives and commercial scanners. WMAP is not build around any browser or spider for data capture and manipulation and as test modules are implemented as auxiliary modules they can interact with any other MSF components including the database, exploits and plugins. Forget about this being another scanner, think of it as new building blocks for massive pwnage that crosses protocol boundaries.


Presenters:

  • Efrain Torres - Metasploit Team
    Efrain 'ET' Torres is a Colombian security researcher that likes to break web applications and dislikes security certifications. Efrain currently works for one of the Big 4's IT Advisory practice in Houston, TX. Prior to coming to the US (5 years ago) he was an independent security consultant while trying to figure it out how to graduate from college.

Links:

Similar Presentations: