How to use Websploit
WebSploit Is an Open Source command line tool for vulnerability assessment.It is a powerful tool for social engineering,scans,automatic exploitations and wide range of network attacks,
Features of WebSploit
- Social Engineering Works.
- Scan,Crawler & Analysis Web.
- Automatic Exploiter.
- Support Network Attacks.
- Autopwn - Used From Metasploit For Scan and Exploit Target Service.
- wmap - Scan,Crawler Target Used From Metasploit wmap plugin.
- format infector - inject reverse & bind payload into file format.
- phpmyadmin Scanner.
- MLITM Attack - Man Left In The Middle, XSS Phishing Attacks.
- MITM - The Middle Attack.
- Java Applet Attack.
- Web Killer Attack.
- MFOD Attack Vector.
- Fake Update Attack.
In this article we will be using websploit . For this tutorial we will be using module directory scanner . Directory scanner scans for directories on a server. So open your terminal and type the following command:
Step 2: Type show modules and press enter. This command will display all the modules inside websploit.As you can see there plenty of attacks you can choose from. For the demonstration purpose i am going to show you how to use PHPMyAdmin Login Page Scanner.The exploit finds login pages of websites(Only PHP).
Now write the following command to use PHPMyAdmin module.
wsf > use web/pma
Now type the following command to see the configurations to set the attack.By default it's google you can set your own. It requires only one option that is url.Set your URL.
wsf:PMA > show options Options Value --------- -------------- TARGET http://google.com
Set your target.write your target url after the TARGET .
wsf:PMA > set TARGET www.yourtarget.com
Everything is good just run the following command.Now just wait until it finds login page.
wsf:PMA > run
i hope it helped thanks.