WMAP是一款基于Metasploit的通用的web应用程序扫描框架,它是一个简单，但强大的架构。WMAP不依赖于浏览器或是蜘蛛程序去捕获和操作数据。事实上WMAP的设计可以使任何工具变成数据采集工具。你可以选择使用浏览器或是蜘蛛程序。WMAP是一个metasploit插件，它能与数据库交互，读取所有采集的数据包并处理，然后加载不同的模块。
工具更多信息及下载：http://www.metasploit.com/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WMAP is a general purpose web application scanning framework for Metasploit. It has a simple, yet powerful architecture. It does not depend on or implement a browser or spider for data capture and manipulation. Infact, with the WMAP design, any tool can become a data gathering tool. You can have your favorite browser and/or spider to be used as an attack proxy and can be modified to store all the traffic between the different clients! Not only that a client may be used to store data too!

WMAP is a Metasploit plugin and will interact with the database, reading all gathered traffic, processing it and launching the different tests implemented as modules. As tests are MSF Modules they can be easily implemented, and can be run manually from the command line or automatically via WMAP. This allows you to have different distributed clients and even different proxies all storing data to the central repository. Remember everything is based on Metasploit, the test modules are implemented as auxiliary modules and they can interact with any other MSF component including the database, exploits and plugins.