WEBSPLOIT TUTORIAL MITM ATTACK ::: KALI LINUX

Websploit is an automatic vulnerability assessment, web crawler and exploiter tool. It is an open source command line utility that composed on modular structure. At the time of writing, there are 16 modules are available on Websploit, it can be downloaded from sourceforge project website but it is available on Kali Linux by default.

Websploit can be synchronize with Metasploit WMAP project for web vulnerability scanning, there are four categories of modular are available and they are:

• Web Modules
• Network Modules
• Exploit Modules
• Wireless Modules

In Wireless module we can run some interesting WiFi attacking vector including the WiFi jammer and WiFi DDOS attack. For exploitation, websploit is working on the basis of Metasploit Autopwn service and metasploit browser autopwn service. A large number of interesting attacking vectors are available on the network modules, and they are but not limited to:

• ARP cache DOS attack
• Middle Finger Of Doom Attack
• Man In The Middle Attack
• Man Left In The Middle Attack
• Fake Update Attack Using DNS Spoof
• And more....

Some modules of websploit are depends on Metasploit for example

• Information Gathering From Victim Web Using (Metasploit Wmap)

So it is recommended to configure Metasploit before using these modules, the demonstration of every modules are not possible on this single article, but the basic command and usage of the software mentioned below and it surely help you to use websploit in a professional manner.

If you are on Kali Linux, then click on Applications → Kali Linux → Web Applications → Web Vulnerability Scanners → Websploit

The list of commands that can applicable on websploit are:

Commands                   Description

---------------                  ----------------

set                              Set Value Of Options To Modules

scan                            Scan Wifi (Wireless Modules)

stop                            Stop Attack & Scan (Wireless Modules)

run                             Execute Module

use                             Select Module For Use

os                               Run Linux Commands(ex : os ifconfig)

back                           Exit Current Module

show modules            Show Modules of Current Database

show options              Show Current Options Of Selected Module

upgrade                     Get New Version

update                        Update Websploit Framework

In the demonstration mentioned below: the web directory scanner attack will be performed.

wsf > show modules

..

..

wsf > use web/dir_scanner

wsf:Dir_Scanner > show options

Options Value

--------- --------------

TARGET http://google.com

wsf:Dir_Scanner > set TARGET http://ehacking.net

TARGET => ehacking.net

wsf:Dir_Scanner > run

[*] Your Target : ehacking.net

[*]Loading Path List ... Please Wait ...

[index] ... [404 Not Found]

[images] ... [404 Not Found]

[download] ... [404 Not Found]

..

..

..

The commands to perform other attacking vector are same, just follow the steps mentioned above.