OWASP Web Mapper

OWASP Web Mapper Project

What if there are quite a few web applications under your organization, but nobody seems to know all of them (before the talk of application risk assessment)? Then this project may be a right fit for you.

This project is designed to perform the web application asset discovery and auto tracking with scale.

Description

A pure Ruby library for the web application asset discovery and tracking. The tool is useful when you’re handling a larger size organization with multiple Internet domains and networks registered under the name. Where both legacy and new web applications are omni-present but nobody seems to be able to provide a complete list of application URLs to you. Yes you can always do it the old way by using tool sets such as NMAP, OWASP Zap web crawler, along with others. But such tool sets could quickly become too much manual-driven and inaccurate, if not impossible. In the contrary, once setup, this project will help you quickly identify all the ‘unknown’ web application asset, and keep track of them automatically. If you are serious about your organization’s Internet web application exposure, this might be the perfect all-in-one foot-printing tool you’re looking for.

Built as an open source project, the source code is both free and scalable. You’re welcome to keep building on top of the current code base, or include it as part of your larger project distribution.

Demo

The complete product is deployed into a demo instance at www.wmap.io. You can logon to it by using demo user ‘admin’ and password ‘admin123’.

News and Events

  • [Jan 2020] OWASP Web Maper project support docker build for fast deployment.
  • [May 1 2019] OWASP Web Mapper demo web application major facelift complete.
  • [January 1 2018] OWASP Web Mapper demo web application released.
  • [August 1 2015] OWASP Web Mapper Project created.

Licensing

The OWASP Security Principles are licensed under the Apache 2.0 license. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


Example

The complete product is deployed into a demo instance at www.wmap.io. You can logon to it by using demo user ‘admin’ and password ‘admin123’.