简介
Xerosploit是一个渗透测试工具包,它的目的是实现中间人攻击。它附带着各种有效的攻击模块,并且还允许执行拒绝服务攻击和端口扫描
安装
- 下载
git clone https://github.com/LionSec/xerosploit.git - 安装
cd xerosploit && sudo python install.py
root@7c81645eb6d8:~# cd xerosploit && sudo python install.py
┌══════════════════════════════════════════════════════════════┐
█ █
█ Xerosploit Installer █
█ █
└══════════════════════════════════════════════════════════════┘
[++] Please choose your operating system.
1) Ubuntu / Kali linux / Others
2) Parrot OS
>>> 1
输入对应的系统就可以自动安装了
Xerosploit has been sucessfuly instaled. Execute 'xerosploit' in your terminal.
显示这个表示安装成功
使用
输入
xerosploit
打开工具
██╗ ██╗███████╗██████╗ ██████╗ ███████╗██████╗ ██╗ ██████╗ ██╗████████╗
╚██╗██╔╝██╔════╝██╔══██╗██╔═══██╗██╔════╝██╔══██╗██║ ██╔═══██╗██║╚══██╔══╝
╚███╔╝ █████╗ ██████╔╝██║ ██║███████╗██████╔╝██║ ██║ ██║██║ ██║
██╔██╗ ██╔══╝ ██╔══██╗██║ ██║╚════██║██╔═══╝ ██║ ██║ ██║██║ ██║
██╔╝ ██╗███████╗██║ ██║╚██████╔╝███████║██║ ███████╗╚██████╔╝██║ ██║
╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═╝
[+]═══════════[ Author : @LionSec1 _-\|/-_ Website: lionsec.net ]═══════════[+]
[ Powered by Bettercap and Nmap ]
┌═════════════════════════════════════════════════════════════════════════════┐
█ █
█ Your Network Configuration █
█ █
└═════════════════════════════════════════════════════════════════════════════┘
╒══════════════╤═══════════════════╤═══════════╤═════════╤════════════╕
│ IP Address │ MAC Address │ Gateway │ Iface │ Hostname │
╞══════════════╪═══════════════════╪═══════════╪═════════╪════════════╡
│ │ │ │ │ │
├──────────────┼───────────────────┼───────────┼─────────┼────────────┤
│ 1.1.1.11 │ 08:00:27:7B:3D:E7 │ 1.1.1.1 │ eth0 │ kali │
╘══════════════╧═══════════════════╧═══════════╧═════════╧════════════╛
╔═════════════╦════════════════════════════════════════════════════════════════════╗
║ ║ XeroSploit is a penetration testing toolkit whose goal is to ║
║ Information ║ perform man in the middle attacks for testing purposes. ║
║ ║ It brings various modules that allow to realise efficient attacks. ║
║ ║ This tool is Powered by Bettercap and Nmap. ║
╚═════════════╩════════════════════════════════════════════════════════════════════╝
[+] Please type 'help' to view commands.
Xero ➮
如果你要实现中间人攻击,比如你要让受害者访问的网站的图片全部变为固定的一张照片,你可以这样做
输入help查看下菜单选项
Xero ➮ help
╔══════════╦════════════════════════════════════════════════════════════════╗
║ ║ ║
║ ║ scan : Map your network. ║
║ ║ ║
║ ║ iface : Manually set your network interface. ║
║ COMMANDS ║ ║
║ ║ gateway : Manually set your gateway. ║
║ ║ ║
║ ║ start : Skip scan and directly set your target IP address. ║
║ ║ ║
║ ║ rmlog : Delete all xerosploit logs. ║
║ ║ ║
║ ║ help : Display this help message. ║
║ ║ ║
║ ║ exit : Close Xerosploit. ║
║ ║ ║
╚══════════╩════════════════════════════════════════════════════════════════╝
[+] Please type 'help' to view commands.
Xero ➮
输入scan扫描一下网络
Xero ➮ scan
[++] Mapping your network ...
[+]═══════════[ Devices found on your network ]═══════════[+]
╔════════════╦═══════════════════╦══════════════════════════════╗
║ IP Address ║ Mac Address ║ Manufacturer ║
╠════════════╬═══════════════════╬══════════════════════════════╣
║ 1.1.1.1 ║ B8:F8:83:76:7E:E5 ║ (Tp-link Technologies) ║
║ 1.1.1.2 ║ A0:8C:FD:D1:2C:C6 ║ (Hewlett Packard) ║
║ 1.1.1.3 ║ A0:8C:FD:D2:25:B8 ║ (Hewlett Packard) ║
║ 1.1.1.5 ║ C0:CC:F8:42:DD:D5 ║ (Apple) ║
║ 1.1.1.6 ║ A0:8C:FD:D1:E1:8E ║ (Hewlett Packard) ║
║ 1.1.1.7 ║ A0:8C:FD:D5:81:DD ║ (Hewlett Packard) ║
║ 1.1.1.9 ║ C8:6F:1D:22:37:A2 ║ (Apple) ║
║ 1.1.1.10 ║ 08:00:37:A1:64:05 ║ (Fuji-xerox) ║
║ 1.1.1.12 ║ 7C:DD:90:DE:A1:34 ║ (Shenzhen OgemrayTechnology) ║
║ 1.1.1.14 ║ B0:E2:35:43:62:43 ║ (Xiaomi Communications) ║
║ 1.1.1.11 ║ 08:00:27:7B:3D:E7 ║ (This device) ║
║ 1.1.1.254 ║ ║ ║
║ ║ ║ ║
╚════════════╩═══════════════════╩══════════════════════════════╝
[+] Please choose a target (e.g. 192.168.1.10). Enter 'help' for more information.
Xero ➮
扫描的信息很详细,连一些基础的设备信息都扫描出来了
接下来输入各种信息,看下面就好
Xero ➮ 1.1.1.12
[++] 1.1.1.12 has been targeted.
[+] Which module do you want to load ? Enter 'help' for more information.
Xero»modules ➮ help
╔═════════╦══════════════════════════════════════════════════════════════════════╗
║ ║ ║
║ ║ pscan : Port Scanner ║
║ ║ ║
║ ║ dos : DoS Attack ║
║ ║ ║
║ ║ ping : Ping Request ║
║ ║ ║
║ ║ injecthtml : Inject Html code ║
║ ║ ║
║ ║ injectjs : Inject Javascript code ║
║ ║ ║
║ ║ rdownload : Replace files being downloaded ║
║ ║ ║
║ ║ sniff : Capturing information inside network packets ║
║ MODULES ║ ║
║ ║ dspoof : Redirect all the http traffic to the specified one IP ║
║ ║ ║
║ ║ yplay : Play background sound in target browser ║
║ ║ ║
║ ║ replace : Replace all web pages images with your own one ║
║ ║ ║
║ ║ driftnet : View all images requested by your targets ║
║ ║ ║
║ ║ move : Shaking Web Browser content ║
║ ║ ║
║ ║ deface : Overwrite all web pages with your HTML code ║
║ ║ ║
╚═════════╩══════════════════════════════════════════════════════════════════════╝
[+] Which module do you want to load ? Enter 'help' for more information.
Xero»modules ➮ replace
┌══════════════════════════════════════════════════════════════┐
█ █
█ Image Replace █
█ █
█ Replace all web pages images with your own one █
└══════════════════════════════════════════════════════════════┘
[+] Enter 'run' to execute the 'replace' command.
Xero»modules»replace ➮ run
[+] Insert your image path. (e.g. /home/capitansalami/pictures/fun.png)
Xero»modules»replace ➮ /root/a.png
[++] All images will be replaced by /root/a.png
[++] Press 'Ctrl + C' to stop .
效果类似下面这样
评价
在公司里还是挺好玩的,好评,各种中间人攻击的东西几乎都有
Having Fun