• Wmap Web Portal
• Demo
  • Demo Instance Access
• Technology Stacks
• Build and Run in Docker
  • Why Docker
  • Run In Docker
  • Docker Trouble-shooting
  • Build In Docker (Optional)
• Linux Deployment
• Usage
• LDAP Support
• To Dos

The web app is part of the OWASP Web Mapper Project. It's developed to help discover and keep track of web application asset with scale.

To further explore the full power of OWASP Wmap library, please refer to the WMAP backend library Git repository.

Click to watch the Youtube video below to see how to perform a successful application asset discovery:

The application is deployed into a demo instance at www.wmap.cloud. You can logon to it by using demo user 'admin' and password 'admin123'.

WMAP Web Portal depends on a number of open source projects to work properly:

• Ruby on Rails 5.x - A web-application framework that includes everything.
• Devise - Rails authentication and user session management solution.
• Twitter Bootstrap - A great UI boilerplate for modern web apps.
• jQuery - Great JavaScript library for JavaScript integration.
• CodeMirror - CodeMirror is a versatile text editor implemented in JavaScript.
• jstree - jsTree is a JavaScript based tree UI implementation.
• Sidekiq - A background processing manager (asynchronous and non-blocking IO) for RoR.
• Redis - A high performance in-memory key value pair data store.
• MariaDB - A community supported fork of MySQL relational database.
• wmap - Backend Web Mapper gem for the heavy lifting.
• Postfix - Background email notification service.

If you have docker engine ready, you can have the app build and run in no time.

The docker is becoming popular in the development community. Because it can standadize the developing, building for everyone. The technology may also help deploy your customize app into your favorite cloud infrastructure later on.

Use docker command 'docker-compose up' - it would run the app from the pre-build container images. (Please ensure your account has sufficient administrator / or sudo privilege to docker daemon and the host OS system resources) It should produce the output similar to below:

$ git clone https://github.com/yangsec888/www_wmap.git
$ cd www_wmap
$ docker-compose up -d
Starting wmap_db    ... done
Starting wmap_redis ... done
Starting www_wmap_sidekiq_1 ... done
Starting wmap_web           ... done
Starting www_wmap_nginx_1   ... done
Attaching to wmap_db, wmap_redis, www_wmap_sidekiq_1, wmap_web, www_wmap_nginx_1
wmap_db    | mariadb 20:25:19.20
...

Open a local browser and point it at 'http://localhost/'. You will see the app in action.

Following the onscreen error log when you bring up the containers. You can use the following docker command to verify the containers are running in your host

$ docker ps
CONTAINER ID   IMAGE                                COMMAND                  CREATED          STATUS          PORTS                    NAMES
8d4681f9dfef   yangsec888/www_wmap_sidekiq:latest   "sh ./config/docker/…"   48 minutes ago   Up 48 minutes   3000/tcp                 www_wmap_sidekiq_1
59769eec9fbb   nginx:1.16.1                         "nginx -g 'daemon of…"   2 hours ago      Up 48 minutes   0.0.0.0:80->80/tcp       www_wmap_nginx_1
6845611441b5   yangsec888/www_wmap_web:latest       "sh ./config/docker/…"   2 hours ago      Up 48 minutes   0.0.0.0:3000->3000/tcp   wmap_web
a1158c1d52e5   redis:alpine                         "docker-entrypoint.s…"   4 hours ago      Up 48 minutes   6379/tcp                 wmap_redis
293f77c2c5f5   bitnami/mariadb:10.3                 "/opt/bitnami/script…"   4 hours ago      Up 48 minutes   0.0.0.0:3306->3306/tcp   wmap_db

If you running into problem, you can refer to the docker online document for further assistance.

You might want to customize the application to your organization need. In that case, you might want to re-build the docker image after the code change. You might also need to modify docker-compose.yml file after the change, before proceeding to the rebuild.

$ cd www_wmap
$ docker build . -t yangsec888/www_wmap_web:latest

In the above exmaple, docker command 'docker build . -t yangsec888/www_wmap_web:latest' will rebuild the main app image 'www_wmap_web' for me.

The project can be built, deployed and run in the linux distribution natively. For more information on local installation, please use the deployment example at Setup.md for your reference.

Under the home page, click on "Start" button to start. Follow the on-screen instructions, in order to launch a successfully WMAP discovery. The discovery result should be tracked under the "Discovery" menu tab.

The application use devise_ldap_authenticatable module for Enterprise Single-Sign-On support. You would need to customize the ldap.yml file for such integration.

• Package this up into a docker containers
• Write (integration, deployment) tests
• Enhance performance (squeeze the next bit out of cpu / network IO )
• Upgrade to Rails 6.x
• Fix bugs!