Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning.
With the help of Xerosploit, you can easily perform MITM attack and can sniff all the username and passwords in less than 1 minute.
Xerosploit has so many modules like Ping, Dos, Scan Ports, Sniffer, Inject HTML/JS etc.
Installation of Xerosploit in Kali Linux –
You can easily install Xerosploit tool which is available on Github Repository by typing the following command in your terminal:
Command: git clone https://github.com/LionSec/xerosploit
There are some dependencies which Xerosploit needs are as: nmap, hping3, build-essential, ruby-dev, libpcap-dev
libgmp3-dev, tabulate, terminaltables.
To install these dependencies, type the following command:
Command: cd xerosploit
Command: sudo python install.py
Now you can directly launch the tool by just typing “xerosploit” from the terminal which shows you some kind of welcome screen and your network configuration details like Your IP Address, Gateway Address, Interface and Mac Address.
Type “help” to see all the possible commands used by xerosploit tool.
- scan – Map your network
- iface – Manually set your network interface
- gateway – Manually set your gateway
- start – Skip scan and directly set your target IP address
- rmlog – Delete all xerosploit logs
- help – Display this help message
- exit – Close xerosploit
To scan your network, type “scan” in same terminal which shows you all the available machines/devices connected with your network.
Let’s for example: your target/victim IP address is “192.168.179.148“, so simply to set your target address, type the same IP in your xero command terminal.
Now you need to select the module which you want to launch against your target.
There are various modules are available which you can see by just typing again “help” command.
- pscan – Port Scanner
- dos – Dos Attack
- ping – Ping Request
- injecthtml – Inject HTML code
- injectjs – Inject Javascript code
- rdownload – Replace files being downloaded
- sniff – Capturing information inside network packets
- dspoof – Redirect all the http traffic to the specified one IP
- yplay – Play background sound in target browser
- replace – Replace all web pages images with your own one
- driftnet – View all images requested by your targets
- move – Shaking Web Browser Content
- deface – Overwrite all web pages with your HTML code
For port scanning, type “pscan” in same terminal followed by “run” command.
For sniffing, type “sniff” in same terminal followed by “run” command and type y if you want to use sslstrip for sniffing HTTPS packets.
For DOS (Denial of Service) attack, type “dos” followed by run command.
You may also like:
- Most Common DNS Record Types and Their Roles
- Top Skills Needed to Become a Cybersecurity Analyst
- Mastering Windows Management with WMIC Commands – Top 20 Examples
- Edit and Compile Code with the Best 5 Code Editors
- 50+ Top DevSecOps Tools You Need To Know
- Learn How to Add Proxy and Multiple Accounts in MoreLogin
- Some Useful PowerShell Cmdlets
- Create Free SSL Certificate – ZEROSSL.COM [2020 Tutorial]
- Generate Self-Signed SSL Certificate with OPENSSL in Kali Linux
- RDP – CredSSP Encryption Oracle Remediation Solution 2020