Hey guys,

a while ago I've postet the first release of a small script for auditing webservers ... now the 2nd release with some small improvements and some bugfixes is available.

It's a bash script which automates the basic metasploit (wmap) auditing stuff for a huge number of webservers ... quite nice to work with on a pentest where you are fighting with some more webservers ...

The script is quite easy but in my opinion very usefull on pentests with lots of servers ...

# Webserver version:
Metasploit Auxiliary Mode: auxiliary/scanner/http/http_version

# Webserver options:
Metasploit Auxiliary Mode: auxiliary/scanner/http/options

# write access
Metasploit Auxiliary Mode: auxiliary/scanner/http/writable

# searching for directories:
Metasploit Auxiliary Mode: auxiliary/scanner/http/wmap_dir_scanner

# searching for files
Metasploit Auxiliary Mode: auxiliary/scanner/http/wmap_files_dir

# analysing ssl ciphers
Metasploit Auxiliary Mode: auxiliary/scanner/http/wmap_ssl

# Nikto webaudit

have fun and feedback would be great ...

Download: basic Webaudit script v0.2 | www.s3cur1ty.de