Good day, we will not rant for a long time, straight to the point.
Description of Xerosploit
Xerosploit is a penetration testing toolkit whose goal is to perform man-in-the-middle attacks for testing purposes. It provides various modules that enable effective attacks, and also enables denial of service attacks and port scans. Powered by bestcap and nmap.
Possibilities:
Installing Xerosploit:
During the installation of the dependencies, the program will ask which OS it is running on, select 1.
Launching and using Xerosploit:
The program requires superuser privileges to run:
Start by scanning:
A list of local network IPs will be compiled:
Select and enter one of these IPs, type help to display a list of modules:
Select the desired module. For example, to view all requested images:
Run the module:
Press Ctrl + C to end the attack.
To select another module:
To capture credentials:
When launched, the program will ask: Do you want to load sslstrip? (y / n).
Those. Should I run SSLstrip? Enter y if yes and n if not.
(sslstrip is a tool that subtly intercepts HTTP traffic on the network)
After the end of the attack, the program will ask: Do you want to save logs? (y / n).
(Translated as "Do you want to save the logs?")
Xerosploit Help:
Commands:
scan: Scan the network.
iface: Manually set up a network interface.
gateway: Manually set the gateway.
start: Skip scan and set target IP address directly.
rmlog: Delete all xerosploit logs.
back: refuse to use the selected module
home: return to the "home" window
help: Show help.
exit: Close Xerosploit.
Modules:
pscan: Port Scanner
dos: DoS attack
ping: Ping request
injecthtml: Inject Html code
injectjs: Inject Javascript code
rdownload: Replace downloaded files
sniff: Capture information inside network packets
dspoof: Redirect all http to specified IP
yplay: Play background audio in target browser
replace: Replace all images in web pages with your own
driftnet: View all images requested by the target
move: Shaking web browser content
deface: Rewrite all web pages with your HTML code
Description of Xerosploit
Xerosploit is a penetration testing toolkit whose goal is to perform man-in-the-middle attacks for testing purposes. It provides various modules that enable effective attacks, and also enables denial of service attacks and port scans. Powered by bestcap and nmap.
Possibilities:
- port scanning
- network mapping
- DoS attack
- HTML code injection
- JavaScript code injection
- intercept and replace downloads
- sniffing (data interception)
- DNS spoofing (spoofing)
- background sound playback
- image replacement
- Driftnet (A program that listens for network traffic)
- web page replacement and more.
Installing Xerosploit:
Code:
git clone https://github.com/LionSec/xerosploit
cd xerosploit && sudo python install.py
sudo xerosploitDuring the installation of the dependencies, the program will ask which OS it is running on, select 1.
Launching and using Xerosploit:
The program requires superuser privileges to run:
Code:
sudo xerosploitStart by scanning:
Code:
scanA list of local network IPs will be compiled:
Select and enter one of these IPs, type help to display a list of modules:
Select the desired module. For example, to view all requested images:
Code:
driftnetRun the module:
Code:
runPress Ctrl + C to end the attack.
To select another module:
Code:
backTo capture credentials:
Code:
sniff
runWhen launched, the program will ask: Do you want to load sslstrip? (y / n).
Those. Should I run SSLstrip? Enter y if yes and n if not.
(sslstrip is a tool that subtly intercepts HTTP traffic on the network)
After the end of the attack, the program will ask: Do you want to save logs? (y / n).
(Translated as "Do you want to save the logs?")
Xerosploit Help:
Commands:
scan: Scan the network.
iface: Manually set up a network interface.
gateway: Manually set the gateway.
start: Skip scan and set target IP address directly.
rmlog: Delete all xerosploit logs.
back: refuse to use the selected module
home: return to the "home" window
help: Show help.
exit: Close Xerosploit.
Modules:
pscan: Port Scanner
dos: DoS attack
ping: Ping request
injecthtml: Inject Html code
injectjs: Inject Javascript code
rdownload: Replace downloaded files
sniff: Capture information inside network packets
dspoof: Redirect all http to specified IP
yplay: Play background audio in target browser
replace: Replace all images in web pages with your own
driftnet: View all images requested by the target
move: Shaking web browser content
deface: Rewrite all web pages with your HTML code
