Skip to content

0xcrow13/wmap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
internal
internal
 
 
.gitignore
.gitignore
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 
readme.md
readme.md
 
 
targets.txt.example
targets.txt.example
 
 

Repository files navigation

Y88b    e    / 888-~88e-~88e   /~~~8e  888-~88e  
 Y88b  d8b  /  888  888  888       88b 888  888b 
  Y888/Y88b/   888  888  888  e88~-888 888  8888 
   Y8/  Y8/    888  888  888 C888  888 888  888P 
    Y    Y     888  888  888  "88_-888 888-_88"  
                                       888

wmap

Active/passive network scanner and reconnaissance tool. Written in Go, zero external dependencies.

wmap <command> [options] <target | -l listfile>

Commands

Command Description
active TCP/UDP port scan with service/OS fingerprinting
passive Recon via Shodan, Censys, BinaryEdge, ZoomEye, HackerTarget
discover Ping-sweep a CIDR range for live hosts
update-db Test NVD API connectivity

Active Scan Options

Flag Description
-p <ports> TCP ports (comma/range, e.g. 80,443,8000-8080)
-P <ports> UDP ports (same syntax)
-sU Enable UDP scan (default UDP ports)
-sV Service/version banner grabbing
-O OS detection from banners
-A -sV -O shorthand
-T <1-5> Timing template (1=slow/20 threads … 5=insane/500)
--vuln Look up CVEs for detected services via NVD API
--exploit Filter vuln results to only EDBID entries
-o <file> Save results (CSV or JSON if name ends in .json)
-oJ Print JSON to stdout
-v Per-port progress during scan
-q Suppress banner, minimal output
--no-ping Assume all hosts online
--min-rate Min packets/sec (stored, not enforced)
--max-rate Max packets/sec (stored, not enforced)

Passive Scan Options

Flag Description
-o <file> Save passive recon report to file

Examples

wmap active scanme.nmap.org -sV
wmap active scanme.nmap.org -sV -O -p 22,80,443 --vuln
wmap active -l targets.txt -p 1-1000 -o results.csv
wmap passive example.com -o report.txt
wmap passive -l domains.txt
wmap discover 192.168.1.0/24

API Keys (Passive Mode)

Set environment variables for passive data sources. Unset sources are skipped:

export SHODAN_KEY=xxx
export CENSYS_ID=xxx
export CENSYS_SECRET=xxx
export BINARYEDGE_KEY=xxx
export ZOOMEYE_KEY=xxx

HackerTarget (nmap-style passive port listing) requires no key.

Vulnerability Detection

When --vuln or --exploit is used with -sV, the scanner queries the NVD API 2.0 (free, no key required, 5 req/30s limit). Results are cached in memory per (service, version). Only services with a concrete version number (2+ numeric components e.g. 1.18.0) are looked up — generic banner strings like AmazonS3 are skipped to avoid false positives.

Output

  • ANSI colors auto-disable when output is piped/redirected.
  • Banner suppressed with -q.
  • CSV output is host,port,proto,service,status (one row per port).
  • JSON output is {host, os, ports: [{port, service, version, banner, vulns}]}.

Install

go install github.com/Xwal13/wmap@latest

Requires Go 1.24+.

About

wmap is a modern, user-friendly network scanner and reconnaissance tool written in Go. It helps you discover live hosts, scan for open ports and services, identify running software and versions, check for vulnerabilities, and generate detailed reports—all with a focus on simplicity and flexibility.

Topics

scanner port nmap vulnerability scanning vulnerability-detection smap vulnerability-scanner

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages