WebMap - A Dashboard For Nmap Scans

HackerSploit · Intermediate ·🔐 Cybersecurity ·7y ago

Key Takeaways

The video demonstrates the use of WebMap, a web dashboard for Nmap scans, and explores its features and functionalities for cybersecurity purposes, specifically for intermediate learners.

Full Transcript

[Laughter] hey guys hackersploit here back again with another video and in this video we're going to be looking at webmap now i know i am supposed to upload the ctf challenge today and that video will be coming shortly after this and the reason i wanted to cover this video first is because again i wanted to go over the web map tool and that's because i am going to be using it in the next ctf challenge just to show you how important it can be all right so without any further ado right so without any further ado let's get started so the first thing you might be asking yourself is what exactly exactly is web map and all credits go to the author reverse security uh the github link will be in the description uh so again uh you might be asking yourself what exactly is web map and how can it help us or how can it help me as a mission tester well as you can see right over here tells you that uh web map is essentially a web dashboard for your nmap xml reports so what does that mean so for those of you who are penetration testers and you have done a few reports you know that it is vitally important to save your scan results this is when you're doing uh what i would say a professional a penetration test now most of you uh who actually do hack the box challenges and one knob challenges and you know usually those ctf challenges go you know for days or even weeks on end before you actually find a solution you need to have a way to save your scans now by default nmap already has this functionality you can output your scan results in the form of uh a normal file a text file an and an xml file the more uh the more robust of these is the xml file because it allows you to manipulate the your results in a form that can be presentable so usually when generating reports either for ctf challenge or when you're performing a professional penetration test and you're ready to uh to essentially display your results to the to to whom it matters then uh you know usually use your xml reports to essentially display uh what you found during your scans all that good stuff i'm not really going to go into that although i am i do want to cover reporting in terms of penetration testing something i'm really interested in all right so you can see that this is a web dashboard for your nmap xml reports now this does much more than that as you can see so if i scroll all the way down the github repository is extremely comprehensive in terms of uh if in terms of how it explains to you how to get it set up and how to get it up and running so you can see you have your usage uh you can see that it tells you you should use this with docker so make sure you have docker installed on your system it's really very simple to to get it installed you can use your aptitude package manager or you can use the synaptic the synaptic package manager all right so uh you can go ahead and and run it with docker it'll give you the instructions right over you can clone the repository or you can go the dirty route as you can see right over here where you get the file and you essentially run it and that's what i've done and what it'll do it'll it'll set the files in your temp folder under web map and that's very important because i'm going to explain why that uh why that is very useful so uh you can see you can also run it without docker although i don't recommend that and uh that's pretty much it so you can go ahead and look at the features so it allows you to import and pass and map xml files it shows you statistics and charts on discovered services ports and operating systems uh it allows you to inspect a single host by clicking on its ip address so you can run your scans on an entire network attaches labels to host inserts notes for a specific host really awesome allows you to generate a pdf report with charts details labels and notes that's excellent and it allows you to copy to clipboard uh you know such as nikto curl or telnet commands uh you have your cvn exploits based on cp collected by nmap so you can run your cv uh searches for the for the services that you've discovered on your target which is also what i would say is very light uh vulnerability analysis so this is really awesome because it also gives you another another viewing angle of viewpoint in terms when it comes down to analyzing your scans and finally it has the restful api so i really talked a lot and setting up setting it up is really easy you can go ahead and do it uh directly from docker so that you can just clone the repository or you can run it quick and dirty and what that will do is it will essentially i can just show you what that is going to do so if i'm to just copy this right over here and if i just open up my terminal and i just paste that in there what you'll see is i already have uh the web map folder inside my temp folder and i should have shown you that before we actually get started but you can see that web map is already in the container and what it'll do is once you run it of course it's not going to give you this error right over here is it's going to uh it's going to essentially start the interface or the web dashboard on your local host on port 8000 now when i talked about the um the temp folder the or the web map folder that exists in the uh the temp and web map folder and in here is where you'll be inserting uh your xml scans and i'll show you how to do that right now so what i'm going to do is i'm just going to run a very simple scan so i'm just going to say nmap and of course this is all dependent on you this is just really a web dashboard uh when it comes down to your own scans and as i've mentioned in the next ctf challenge i'll be using this and i'll show you how awesome this uh this web dashboard is in terms of analyzing your scan results now of course zen map does it as well but uh this really does it extremely well so i'll show you what i'm talking about so i'll run sv and we'll run also an sc there so we can also use the default scripts and i'll run it on one of my windows operating systems not really vulnerable but i'll run the scan and you can see that i've done something incredibly stupid over there i have not output the scan results so what i would recommend is that if you are a penetration tester always get into the habit of uh outputting your results so uh if you remember the commands for outputting i don't know whether i've covered them so we use the output x which means we're outputting it in the form of an xml in xml format so then we specify uh where we want to save it so i'm going to say temp and web map and i'm going to give it a name so i'm going to give it a name 192.168.1.103.xml always go to specify the file extension and we hit enter all right so that is going to start the nmap scan and once that is done what i need to do is i essentially need to go to my web to the web map dashboard right over here and refresh it and that is going to display all the xml files and we can start analyzing uh the results from there so while we're waiting for the nmap scan to complete uh you can see that this is web map 2.1 and this is on the master branch the project is currently in beta so do not expose web map to the internet and this version is not production ready so uh you know kudos to the developer uh reverse security really really awesome tool i will be tweeting it at him because this is really a fantastic tool when it comes down to you know your uh your scanning analyzing your scans so uh let's check if we are done with the nmap scan hopefully it is done but i yeah i did use a pretty heavy i did run a pretty heavy scan on the target so we'll wait for that to complete uh and yeah i'll get back to you when the scan is complete so the scan is complete and as you can see it was quite a comprehensive scan and it was able to discover quite a lot of services so you can see uh that i'm running a lot of services i have my net biosport uh http which is pretty weird but and i think i know what uh what that is for and finally we have the script results so it's giving us uh quite a bit of information so you know in terms of these the smb os discovery and map script you can see that we got our os right over here and yeah so you pretty much get the idea nmap is doing all of the work in terms of generating the rep in terms of scanning your target and web map is really awesome at displaying them to you or essentially displaying them in a way that you can understand them even more and again as i mentioned perform some very light vulnerability analysis on them now hopefully uh this will get improved but again it's something that i really i find really really awesome so i just clicked on the target right over there and it gives you uh the type of scan you performed as you can see when you performed it the type of scan the scanned protocol whether it was tcp or udp the nmap commands used which is awesome this is really fantastic and the port status so you can see we have uh oh well all of the posts that it did scan were open uh we didn't have any filtered ones and we didn't have any closed ones all right so in terms of the tcp port services it also sorts them out in terms of color so port 135 is red port 139 is green and so on and so forth now it comes when it comes down to the um to the services you can see that it displays them for you right over here in terms of um in terms of how many they are so uh for for each of the services you can see for msrpc we have two net bios one microsoft ds1 and http 1 all right so it also gives you your os type list which is right over here so it gives us uh it sort of guesses as nmap would have done uh using the different scripts that's if you did run a script if you did use the nmap scripting engine for your scan so it's all dependent on your scans what i'm what i'm trying to show you here is is how this is how our web map is sorting out your nmap scans for you and once you go down right over here you have your you you can add your notes really so if i click on actions uh you can essentially insert your notes right over here or and you can also add labels to your target so for example if you were performing a scan on a network and this machine was extremely vulnerable you can you essentially add um you can add a label uh or called vulnerable right over there if you had a critical machine you know you get the idea so this one is not really vulnerable to anything so far so i'll just hit checked and yeah pretty much so i can just insert my note right over here and i'm just going to call this my windows windows workstation and i use this for rendering uh rendering videos oops sorry for rendering videos and i'm just going to hit save all right so that's an example now again it's going to tell you to reload it and yeah pretty much that's how you go about doing that now when it comes down to generating your pdf report which is really awesome so you can click on that right over there and i'll show you this in a second you can also check for cv and exploits dependent on the services that you are able to discover from your scan so i click on that and it's going to say done reload this page by clicking on the reload button now i i this machine really isn't vulnerable to anything so it's not going to display anything worthwhile or worthwhile here so uh when it comes down to uh to me using this functionality i'm going to be doing that in the next video where i'll be using it in a ctf challenge and we'll see if any of the uh of the services running are vulnerable which would be really awesome and then you have your network view which essentially displays it similar to what you would have uh with map where you have the topology and this is in terms of the port and you get this really cool animation here where you can essentially just click on the different ports and again all that that is really awesome so if i click right over here on netbios it gives you the version uh and we click here on hopefully that opens up and can i drag these excellent that that is so cool man look at that all right so this is really awesome and i'll get back to that in a second i really don't want to go into that right now when it comes down to the pdf report i can click on that and it's going to start generating the pdf report and it does this cool thing where it tells you your pdf not ready yet pdf not ready yet and this keeps on going until the pdf is ready so we're just going to wait for that to complete and once that is done it's going to do as it just mentioned it's going to generate a pdf report for you all right so we're just going to wait for this to completely usually uh it usually is able to generate the pdf report right at the bottom over here let's see if i'm right uh there we are it did it earlier so it keeps on uh enumerating that message and here we are so here's the pdf report now this is really awesome i don't know whether uh the developer of the tool uh plans to to to essentially offer right to to essentially offer customization in terms of customizing the logo or if they're going to leave this as it is in terms of branding so i i'm really i really don't know that uh it gives you your scan arguments that you specified the scan when the scan was launched or initiated at the scan type and the nmap version you used and it gives you this little this little disclaimer right over here which is really awesome and you have your ports and services so it sorts that it sorted out in terms of your ports and services right over here and we can go ahead and just go through the entire report and it gives you all this information in terms of the services running on the different ports etc etc so really really awesome to see this uh you know to see this awesome tool being used in such a in such a great way and finally it gives you uh the the last page right over here generated by webmap and it has the github link over there so yeah i don't mind uh branding uh you know it's a really great tool and hopefully we can see a really good uh you know production version of this uh of this system and of course you can run as many scans as you want and import them as i mentioned just make sure you copy the xml scans into the temp web map folder or if you have the directory elsewhere make sure it is in the web map folder so yeah you can import as many scans as you like for as many or as complex a network as you have or as you have scanned for and uh you know just go ahead and try it and let me know what you think i really want to know what you guys think about this and whether or not it helps you so that's going to be it for this video guys i'll be seeing you in the next video with the ctf challenge and yeah if you found value in this video please leave a like down below if you have any questions or suggestions let me know in the comment section on my social networks on my website and i'll be seeing you in the next video peace guys [Music] you

Original Description

Hey guys! HackerSploit here back again with another video, in this video, I will be taking a look at WebMap a web dashboard for Nmap scans. Github Link: https://github.com/Rev3rseSecurity/WebMap ⭐Help Support HackerSploit by using the following links: 🔗 NordVPN: https://nordvpn.org/hacker Use the link above or the code below for 77% Off your order Promo Code: hacker Patreon: http://patreon.com/hackersploit I Hope you enjoy/enjoyed the video. If you have any questions or suggestions feel free to ask them in the comments section or on my social networks. 🔗 HackerSploit Website: https://hsploit.com/ 🔹 Support The Channel NordVPN Affiliate Link: https://nordvpn.org/hacker Patreon: http://patreon.com/hackersploit 🔹 Get Our Courses Get a special discount on our courses: The Complete Deep Web Course 2018: https://www.udemy.com/the-complete-deep-web-course-2017/?couponCode=DWCBP2017 🔹 SOCIAL NETWORKS - Connect With Us! ------------------------------- Facebook: https://www.facebook.com/HackerSploit/ Twitter: https://twitter.com/HackerSploit Instagram: https://www.instagram.com/hackersploit/ Patreon: http://patreon.com/hackersploit -------------------------------- Thanks for watching! Благодаря за гледането Kiitos katsomisesta Danke fürs Zuschauen! 感谢您观看 Merci d'avoir regardé Grazie per la visione Gracias por ver شكرا للمشاهدة دیکھنے کے لیے شکریہ देखने के लिए धन्यवाद #Hacking#WebMap#linux#Nmap
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from HackerSploit · HackerSploit · 0 of 60

← Previous Next →
1 How To Install Kali Linux 2.0 On Virtual Box
How To Install Kali Linux 2.0 On Virtual Box
HackerSploit
2 100 Subscriber Q&A! - How I Learned Ethical Hacking
100 Subscriber Q&A! - How I Learned Ethical Hacking
HackerSploit
3 BlackArch Linux Review - Better Than Kali Linux?
BlackArch Linux Review - Better Than Kali Linux?
HackerSploit
4 How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
HackerSploit
5 Wireshark Tutorial for Beginners - Installation
Wireshark Tutorial for Beginners - Installation
HackerSploit
6 Wireshark Tutorial for Beginners - Overview of the environment
Wireshark Tutorial for Beginners - Overview of the environment
HackerSploit
7 Wireshark Tutorial for Beginners - Capture options
Wireshark Tutorial for Beginners - Capture options
HackerSploit
8 Wireshark Tutorial for Beginners - Filters
Wireshark Tutorial for Beginners - Filters
HackerSploit
9 Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
HackerSploit
10 Complete Ethical Hacking Course #2 - Installing Kali Linux
Complete Ethical Hacking Course #2 - Installing Kali Linux
HackerSploit
11 Parrot OS 3.5 Review | The Best Kali Linux Alternative
Parrot OS 3.5 Review | The Best Kali Linux Alternative
HackerSploit
12 Nmap Tutorial For Beginners - 1 - What is Nmap?
Nmap Tutorial For Beginners - 1 - What is Nmap?
HackerSploit
13 Katoolin | How To Install Pentesting Tools On Any Linux Distro
Katoolin | How To Install Pentesting Tools On Any Linux Distro
HackerSploit
14 Nmap Tutorial For Beginners - 2 - Advanced Scanning
Nmap Tutorial For Beginners - 2 - Advanced Scanning
HackerSploit
15 Nmap Tutorial For Beginners - 3 - Aggressive Scanning
Nmap Tutorial For Beginners - 3 - Aggressive Scanning
HackerSploit
16 Zenmap Tutorial For Beginners
Zenmap Tutorial For Beginners
HackerSploit
17 How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
HackerSploit
18 How To Setup Proxychains In Kali Linux - #2 - Change Your IP
How To Setup Proxychains In Kali Linux - #2 - Change Your IP
HackerSploit
19 How To Change Mac Address In Kali Linux | Macchanger
How To Change Mac Address In Kali Linux | Macchanger
HackerSploit
20 How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
HackerSploit
21 Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
HackerSploit
22 VPN And DNS For Beginners | Kali Linux
VPN And DNS For Beginners | Kali Linux
HackerSploit
23 Tails OS Installation And Review - Access The Deep Web/Dark Net
Tails OS Installation And Review - Access The Deep Web/Dark Net
HackerSploit
24 Steganography Tutorial - Hide Messages In Images
Steganography Tutorial - Hide Messages In Images
HackerSploit
25 The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
HackerSploit
26 Best Linux Distributions For Penetration Testing
Best Linux Distributions For Penetration Testing
HackerSploit
27 Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
HackerSploit
28 Gaining Access - Web Server Hacking - Metasploitable - #1
Gaining Access - Web Server Hacking - Metasploitable - #1
HackerSploit
29 Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
HackerSploit
30 How To Install Kali Linux On VMware  - Complete Guide 2018
How To Install Kali Linux On VMware - Complete Guide 2018
HackerSploit
31 Q&A #1 - Best Cyber-security Certifications?
Q&A #1 - Best Cyber-security Certifications?
HackerSploit
32 Terminator - Kali Linux - Multiple Terminals
Terminator - Kali Linux - Multiple Terminals
HackerSploit
33 Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
HackerSploit
34 Q&A #2 - Mr Robot?
Q&A #2 - Mr Robot?
HackerSploit
35 Metasploit Community Web GUI  - Installation And Overview
Metasploit Community Web GUI - Installation And Overview
HackerSploit
36 Linux Expl0rer - Forensics Toolbox - Installation & Configuration
Linux Expl0rer - Forensics Toolbox - Installation & Configuration
HackerSploit
37 QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
HackerSploit
38 Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
HackerSploit
39 Metasploit For Beginners - #2 - Understanding Metasploit Modules
Metasploit For Beginners - #2 - Understanding Metasploit Modules
HackerSploit
40 Kali Linux Quick Tips - #1 - Adding a non-root user
Kali Linux Quick Tips - #1 - Adding a non-root user
HackerSploit
41 Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
HackerSploit
42 Spectre Meltdown Vulnerability  - How To Check Your System
Spectre Meltdown Vulnerability - How To Check Your System
HackerSploit
43 Metasploit For Beginners - #4 - Basic Exploitation
Metasploit For Beginners - #4 - Basic Exploitation
HackerSploit
44 ARP Spoofing With arpspoof - MITM
ARP Spoofing With arpspoof - MITM
HackerSploit
45 WordPress Vulnerability Scanning With WPScan
WordPress Vulnerability Scanning With WPScan
HackerSploit
46 Generating A PHP Backdoor with weevely
Generating A PHP Backdoor with weevely
HackerSploit
47 Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
HackerSploit
48 How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
HackerSploit
49 Stacer - System Optimizer And Monitoring Tool For Linux
Stacer - System Optimizer And Monitoring Tool For Linux
HackerSploit
50 Kali Linux 2018.1 - Kernel Updates & Patches
Kali Linux 2018.1 - Kernel Updates & Patches
HackerSploit
51 MITM With Ettercap - ARP Poisoning
MITM With Ettercap - ARP Poisoning
HackerSploit
52 Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
HackerSploit
53 How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
HackerSploit
54 Channel Updates - How To Post Questions & Video Suggestions
Channel Updates - How To Post Questions & Video Suggestions
HackerSploit
55 Web App Penetration Testing - #1 - Setting Up Burp Suite
Web App Penetration Testing - #1 - Setting Up Burp Suite
HackerSploit
56 Web App Penetration Testing - #2 - Spidering & DVWA
Web App Penetration Testing - #2 - Spidering & DVWA
HackerSploit
57 Cl0neMast3r - GitHub Repository Cloning Tool
Cl0neMast3r - GitHub Repository Cloning Tool
HackerSploit
58 Kali Linux On Windows 10 Official - WSL - Installation & Configuration
Kali Linux On Windows 10 Official - WSL - Installation & Configuration
HackerSploit
59 DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
HackerSploit
60 Web App Penetration Testing - #3 - Brute Force With Burp Suite
Web App Penetration Testing - #3 - Brute Force With Burp Suite
HackerSploit

The video showcases WebMap, a web-based dashboard for managing Nmap scans, and provides an overview of its features and use cases for cybersecurity. Viewers can learn how to use WebMap to streamline their network scanning and vulnerability assessment workflows. The video is geared towards intermediate learners with some background in cybersecurity and Linux.

Key Takeaways
  1. Install WebMap from GitHub
  2. Configure WebMap for Nmap scans
  3. Run Nmap scans using WebMap
  4. Analyze scan results in WebMap
  5. Integrate WebMap with other security tools
💡 WebMap provides a user-friendly interface for managing Nmap scans and analyzing results, making it easier to identify vulnerabilities and perform penetration testing.

Related Reads

📰
Why Philippine SMEs Are the #1 Target for Ransomware Attacks in 2026
Philippine SMEs are the primary target for ransomware attacks, with 73% of cyberattacks in 2025 targeting them, and only 12% fully recovering without paying a ransom
Dev.to AI
📰
Your MCP database server needs a tool allowlist
Learn why an allowlist is crucial for your MCP database server and how to implement it for improved security
Dev.to · Mads Hansen
📰
The Hidden Wiki
Learn about the Hidden Wiki, a directory of hidden spaces on the internet, and its significance in the context of cybersecurity and online privacy
Medium · Cybersecurity
📰
The Single Point of Failure Hiding Inside Almost Every Digital Life
A single point of failure can bring down an entire digital system, highlighting the importance of cybersecurity and robust design
Medium · Cybersecurity
Up next
Driving Security Culture Evolution for Business Growth
Eye on Tech
Watch →