Understanding WMAP – Metasploit's Web Application Security Scanner
WMAP is a fast, light, and feature-packed script present inside Metasploit. This was originally forked off from SQLMap. I don't encourage automated scanning to find vulnerabilities, built-in scanners like this come in very handy for finding low hanging vulnerabilities in web applications. Imagine you have to conduct a security assessment of a large network mostly comprising of web applications, tools like this can give an insight to how weak the web applications actually are, since if the scanner picks up or discovers vulnerabilities (excluding false positives) in a quick time then it is a big red flag telling you that the web applications have poor security. This is made much clearer by the fact that automated scanners can't really find tricky bugs; so if it finds a good set of bugs then you know how to handle the assessment further.
Coming back, to start WMAP we'll first need to start MSFconsole as it will be our choice...
