{"id":13845291,"url":"https://github.com/SECUREFOREST/WebMap","last_synced_at":"2025-07-12T01:32:36.867Z","repository":{"id":50255743,"uuid":"216325263","full_name":"SECUREFOREST/WebMap","owner":"SECUREFOREST","description":"Nmap Web Interface including XML parsing, maps and reports","archived":false,"fork":false,"pushed_at":"2021-05-31T08:59:16.000Z","size":988,"stargazers_count":48,"open_issues_count":2,"forks_count":13,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-08-05T17:44:14.500Z","etag":null,"topics":["docker","nmap","nmap-analyzer","nmap-parser","nmap-results-analyse","nmap-scripts","nmap-xml","webapp"],"latest_commit_sha":null,"homepage":"https://github.com/SECUREFOREST/WebMap","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SECUREFOREST.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-10-20T07:41:09.000Z","updated_at":"2024-07-20T13:40:08.000Z","dependencies_parsed_at":"2022-09-20T01:13:12.564Z","dependency_job_id":null,"html_url":"https://github.com/SECUREFOREST/WebMap","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SECUREFOREST%2FWebMap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SECUREFOREST%2FWebMap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SECUREFOREST%2FWebMap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SECUREFOREST%2FWebMap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SECUREFOREST","download_url":"https://codeload.github.com/SECUREFOREST/WebMap/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225784373,"owners_count":17523632,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","nmap","nmap-analyzer","nmap-parser","nmap-results-analyse","nmap-scripts","nmap-xml","webapp"],"created_at":"2024-08-04T17:03:19.117Z","updated_at":"2024-11-21T18:31:03.338Z","avatar_url":"https://github.com/SECUREFOREST.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\nA Web Dashboard for Nmap XML Report\n\u003c/p\u003e\n\nCurrent version: 2.3b\n\n## Table Of Contents\n- [Usage](#usage)\n- [Features](#features)\n- [XML Filenames](#xml-filenames)\n- [CVE and Exploits](#cve-and-exploits)\n- [RESTful API](#restful-api)\n- [Third Parts](#third-parts)\n- [Security Issues](#security-issues)\n- [Contributors](#contributors)\n- [Contacts](#contacts)\n\n## Usage\nYou should use this with docker, just by sending this command:\n```bash\n$ mkdir /tmp/webmap\n$ docker run -d \\\n --name webmap \\\n -h webmap \\\n -p 8000:8000 \\\n -v /tmp/webmap:/opt/xml \\\n secureforest/webmap\n\n$ # now you can run Nmap and save the XML Report on /tmp/webmap\n$ nmap -sT -A -T4 -oX /tmp/webmap/myscan.xml 192.168.1.0/24\n```\nNow point your browser to http://localhost:8000\n\n### Generate new token\nIn order to access to the WebMap dashboard, you need a token. You can create a new token with:\n```bash\n$ docker exec -ti webmap /root/token\n```\n\n### Quick and Dirty\n```bash\n$ curl -sL http://bit.ly/wmsetup | bash\n```\n\n### Upgrade from previous release\n```bash\n$ # stop running webmap container\n$ docker stop webmap\n\n$ # remove webmap container\n$ docker rm webmap\n\n$ # pull new image from dockerhub\n$ docker pull secureforest/webmap\n\n$ # run WebMap\n$ curl -sL http://bit.ly/wmsetup | bash\n```\n\n### Run without Docker\nThis project is designed to run on a Docker container. IMHO it isn't a good idea to run this on a custom Django installation, \nbut if you need it you can find all building steps inside the [Dockerfile](https://raw.githubusercontent.com/SECUREFOREST/WebMap/master/docker/Dockerfile).\n\n## Features\n- Import and parse Nmap XML files\n- Run and Schedule Nmap Scan from dashboard\n- Statistics and Charts on discovered services, ports, OS, etc...\n- Inspect a single host by clicking on its IP address\n- Attach labels on a host\n- Insert notes for a specific host\n- Create a PDF Report with charts, details, labels and notes\n- Copy to clipboard as Nikto, Curl or Telnet commands\n- Search for CVE and Exploits based on CPE collected by Nmap\n- RESTful API\n\n## Roadmap for v2.4x\nYou love WebMap and you know python? We need your help! This is what we want deploy for the v2.4:\n\n- [todo] Improve API: create a documentation/wiki about it\n- [todo] Wiki: create WebMap User Guide on GitHub\n- [todo] Zaproxy: Perform web scan using the OWASP ZAP API\n\n\n## Changes on v2.3b\n- Docker fixes\n\n## Changes on v2.3a\n- [In progress] Improve template: try to define better the html template and charts\n- [In progress] Various bug fixes\n\n## Changes on v2.3\n- Scan diff: show difference between two scheduled nmap scan report\n- Authentication or something that could blocks access to WebMap if != localhost\n## Changes on v2.2\n- fixed bug on missing services\n- Run nmap from WebMap\n- Schedule nmap run\n- Add custom NSE scripts section\n\n## Changes on v2.1\n- Better usage of Django template\n- Fixed some Nmap XML parse problems\n- Fixed CVE and Exploit collecting problems\n- Add new Network View\n- Add RESTful API\n\n## XML Filenames\nWhen creating the PDF version of the Nmap XML Report, the XML filename is used as document title on the first page. \nWebMap will replace some parts of the filename as following:\n\n- `_` will replaced by a space (` `)\n- `.xml` will be removed\n\nExample: `ACME_Ltd..xml`\u003cbr\u003e\nPDF title: `ACME Ltd.`\n\n## CVE and Exploits\nthanks to the amazing API services by circl.lu, WebMap is able to looking for CVE and Exploits for each CPE collected by Nmap. \nNot all CPE are checked over the circl.lu API, but only when a specific version is specified \n(for example: `cpe:/a:microsoft:iis:7.5` and not `cpe:/o:microsoft:windows`).\n\n## RESTful API\nFrom `v2.1` WebMap has a RESTful API frontend that makes users able to query their scan files with something like:\n\n```bash\ncurl -s 'http://localhost:8000/api/v1/scan?token=\u003ctoken\u003e'\n\n \"webmap_version\": \"v2.3/master\",\n \"scans\": {\n \"scanme.nmap.org.xml\": {\n \"filename\": \"scanme.nmap.org.xml\",\n \"startstr\": \"Sun Nov 4 16:22:46 2018\",\n \"nhost\": \"1\",\n \"port_stats\": {\n \"open\": 42,\n \"closed\": 0,\n \"filtered\": 0\n }\n },\n \"hackthebox.xml\": {\n \"filename\": \"hackthebox.xml\",\n \"startstr\": \"Mon Oct 8 20:56:32 2018\",\n \"nhost\": \"256\",\n \"port_stats\": {\n \"open\": 67,\n \"closed\": 0,\n \"filtered\": 2\n }\n }\n }\n}\n```\n\nA user can get information about a single scan by append to the URL the XML filename:\n\n```bash\ncurl -v 'http://localhost:8000/api/v1/scan/hackthebox.xml?token=\u003ctoken\u003e'\n\n{\n \"file\": \"hackthebox.xml\",\n \"hosts\": {\n \"10.10.10.2\": {\n \"hostname\": {},\n \"label\": \"\",\n \"notes\": \"\"\n },\n \"10.10.10.72\": {\n \"hostname\": {\n \"PTR\": \"streetfighterclub.htb\"\n },\n \"label\": \"\",\n \"notes\": \"\"\n },\n \"10.10.10.76\": {\n \"hostname\": {},\n \"label\": \"\",\n \"notes\": \"\"\n },\n \"10.10.10.77\": {\n \"hostname\": {},\n \"label\": \"Vulnerable\",\n \"notes\": \"PHNwYW4gY2xhc3M9ImxhYmVsIGdyZWVuIj5SRU1FRElBVElPTjwvc3Bhbj4gVXBncmFkZSB0byB0aGUgbGF0ZXN0IHZlcnNpb24g\"\n },\n...\n```\n\nand he can get all information about a single host by append the IP address to URL:\n\n```bash\ncurl -v 'http://localhost:8000/api/v1/scan/hackthebox.xml/10.10.10.87?token=\u003ctoken\u003e'\n\n \"file\": \"hackthebox.xml\",\n \"hosts\": {\n \"10.10.10.87\": {\n \"ports\": [\n {\n \"port\": \"22\",\n \"name\": \"ssh\",\n \"state\": \"open\",\n \"protocol\": \"tcp\",\n \"reason\": \"syn-ack\",\n \"product\": \"OpenSSH\",\n \"version\": \"7.5\",\n \"extrainfo\": \"protocol 2.0\"\n },\n {\n \"port\": \"80\",\n \"name\": \"http\",\n \"state\": \"open\",\n \"protocol\": \"tcp\",\n \"reason\": \"syn-ack\",\n \"product\": \"nginx\",\n \"version\": \"1.12.2\",\n \"extrainfo\": \"\"\n },\n {\n \"port\": \"8888\",\n \"name\": \"sun-answerbook\",\n \"state\": \"filtered\",\n \"protocol\": \"tcp\",\n \"reason\": \"no-response\",\n \"product\": \"\",\n \"version\": \"\",\n \"extrainfo\": \"\"\n }\n ],\n \"hostname\": {},\n \"label\": \"Checked\",\n \"notes\": \"\",\n \"CVE\": [\n {\n \"Modified\": \"2018-08-17T15:29:00.253000\",\n \"Published\": \"2018-08-17T15:29:00.223000\",\n \"cvss\": \"5.0\",\n \"cwe\": \"CWE-200\",\n \"exploit-db\": [\n {\n \"description\": \"OpenSSH 7.7 - Username Enumeration. CVE-2018-15473. Remote exploit for Linux platform\",\n \"file\": \"exploits/linux/remote/45233.py\",\n \"id\": \"EDB-ID:45233\",\n \"last seen\": \"2018-08-21\",\n \"modified\": \"2018-08-21\",\n \"platform\": \"linux\",\n \"port\": \"\",\n \"published\": \"2018-08-21\",\n \"reporter\": \"Exploit-DB\",\n \"source\": \"https://www.exploit-db.com/download/45233/\",\n \"title\": \"OpenSSH 7.7 - Username Enumeration\",\n \"type\": \"remote\"\n },\n {\n \"id\": \"EDB-ID:45210\"\n }\n ],\n \"id\": \"CVE-2018-15473\",\n \"last-modified\": \"2018-11-02T06:29:06.993000\",\n \"metasploit\": [\n...\n```\n\n## Third Parts\n- [Django](https://www.djangoproject.com)\n- [Materialize CSS](https://materializecss.com)\n- [Clipboard.js](https://clipboardjs.com)\n- [Chart.js](https://www.chartjs.org)\n- [Wkhtmltopdf](https://wkhtmltopdf.org)\n- [API cve.circl.lu](https://cve.circl.lu)\n- [vis.js](http://visjs.org/)\n\n## Security Issues\nThis app is not intended to be exposed to the internet, but to be used as localhost web application. Please, **DO NOT expose** this app to the internet, use your localhost or, \nin case you can't do it, take care to filter who and what can access to WebMap with a firewall rule or something like that. \nExposing this app to the whole internet could lead not only to a stored XSS but also to a leakage of sensitive/critical/private \ninformations about your port scan. Please, be smart.\n\n## Contributors\nThis project is currently a beta, and I'm not super skilled on Django so, every type of contribution is appreciated. \nI'll mention all contributors on the [CONTRIBUTORS](CONTRIBUTORS.md) file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSECUREFOREST%2FWebMap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSECUREFOREST%2FWebMap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSECUREFOREST%2FWebMap/lists"}