This topic will present and discuss the new Metasploit plugin for web exploitation and assessment. WMAP is part of the Metasploit framework and it is build with a different approach compared to other open source alternatives and commercial scanners. WMAP is not build around any browser or spider for data capture and manipulation and as test modules are implemented as auxiliary modules they can interact with any other MSF components including the database, exploits and plugins. Forget about this being another scanner, think of it as new building blocks for massive pwnage that crosses protocol boundaries.