WMAP is a fast, light, and feature-packed script present inside Metasploit. This was originally forked off from SQLMap. I don't encourage automated scanning to find vulnerabilities, built-in scanners like this come in very handy for finding low hanging vulnerabilities in web applications. Imagine you have to conduct a security assessment of a large network mostly comprising of web applications, tools like this can give an insight to how weak the web applications actually are, since if the scanner picks up or discovers vulnerabilities (excluding false positives) in a quick time then it is a big red flag telling you that the web applications have poor security. This is made much ...