WebMap – Nmap Web Dashboard And Reporting

WebMap - Nmap Web Dashboard And Reporting

A Web Dashbord for Nmap XML Report

You ought to use this with docker, simply by sending this command:

$ mkdir /tmp/webmap
$ docker run -d 
         --name webmap 
         -h webmap 
         -p 8000:8000 
         -v /tmp/webmap:/choose/xml 

$ # now you possibly can run Nmap and save the XML Report on /tmp/webmap
$ nmap -sT -A -T4 -oX /tmp/webmap/myscan.xml

Now level your browser to http://localhost:8000

Quick and Dirty

$ curl -sL http://bit.ly/webmapsetup | bash

Upgrade from earlier launch

$ # cease working webmap container
$ docker cease webmap

$ # take away webmap container
$ docker rm webmap

$ # pull new picture from dockerhub
$ docker pull rev3rse/webmap

$ # run WebMap
$ curl -sL http://bit.ly/webmapsetup | bash

Run with out Docker
This venture is designed to run on a Docker container. IMHO it is not a good suggestion to run this on a customized Django set up, however if you happen to want it you could find all constructing steps contained in the Dockerfile.


  • Import and parse Nmap XML recordsdata
  • Statistics and Charts on found companies, ports, OS, and so on…
  • Inspect a single host by clicking on its IP deal with
  • Attach labels on a bunch
  • Insert notes for a selected host
  • Create a PDF Report with charts, particulars, labels and notes
  • Copy to clipboard as Nikto, Curl or Telnet instructions
  • Search for CVE and Exploits based mostly on CPE collected by Nmap

Changes on v2.1

  • Better utilization of Django template
  • Fixed some Nmap XML parse issues
  • Fixed CVE and Exploit amassing issues
  • Add new Network View

PDF Report

XML Filenames
When creating the PDF model of the Nmap XML Report, the XML filename is used as doc title on the primary web page. WebMap will substitute some components of the filename as following:

  • _ will changed by an area ()
  • .xml shall be eliminated

Example: ACME_Ltd..xml
PDF title: ACME Ltd.

CVE and Exploits
because of the wonderful API companies by circl.lu, WebMap is ready to searching for CVE and Exploits for every CPE collected by Nmap. Not all CPE are checked over the circl.lu API, however solely when a selected model is specified (for instance: cpe:/a:microsoft:iis:7.5 and never cpe:/o:microsoft:home windows).

Network View

Third Parts

Security Issues
This app is just not supposed to be uncovered on the web. Please, DO NOT expose this app to the web, use your localhost or, in case you possibly can’t do it, take care to filter who and what can entry to WebMap with a firewall rule or one thing like that. Exposing this app to the entire web may lead not solely to a saved XSS but additionally to a leakage of delicate/important/non-public informations about your port scan. Please, be good.

This venture is at present a beta, and I’m not tremendous expert on Django so, each sort of contribution is appreciated. I’ll point out all contributors on this part of the README file.

Contributors List

  • s3th_0x @adubaldo (bug on single host report)
  • Neetx @Neetx (bug on xml with no host up)

In order to obtain updates about this venture, please observe me on twitter:
Twitter: @Menin_TheMiddle
YouTube: Rev3rseSecurity

MoreTip.com MoreTip.com


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.