Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning.
With the help of Xerosploit, you can easily perform MITM attack and can sniff all the username and passwords in less than 1 minute.
Xerosploit has so many modules like Ping, Dos, Scan Ports, Sniffer, Inject HTML/JS etc.
Installation of Xerosploit in Kali Linux –
You can easily install Xerosploit tool which is available on Github Repository by typing the following command in your terminal:
Command: git clone https://github.com/LionSec/xerosploit
There are some dependencies which Xerosploit needs are as: nmap, hping3, build-essential, ruby-dev, libpcap-dev
libgmp3-dev, tabulate, terminaltables.
To install these dependencies, type the following command:
Command: cd xerosploit
Command: sudo python install.py
Now you can directly launch the tool by just typing “xerosploit” from the terminal which shows you some kind of welcome screen and your network configuration details like Your IP Address, Gateway Address, Interface and Mac Address.
Type “help” to see all the possible commands used by xerosploit tool.
- scan – Map your network
- iface – Manually set your network interface
- gateway – Manually set your gateway
- start – Skip scan and directly set your target IP address
- rmlog – Delete all xerosploit logs
- help – Display this help message
- exit – Close xerosploit
To scan your network, type “scan” in same terminal which shows you all the available machines/devices connected with your network.
Let’s for example: your target/victim IP address is “192.168.179.148“, so simply to set your target address, type the same IP in your xero command terminal.
Now you need to select the module which you want to launch against your target.
There are various modules are available which you can see by just typing again “help” command.
- pscan – Port Scanner
- dos – Dos Attack
- ping – Ping Request
- injecthtml – Inject HTML code
- rdownload – Replace files being downloaded
- sniff – Capturing information inside network packets
- dspoof – Redirect all the http traffic to the specified one IP
- yplay – Play background sound in target browser
- replace – Replace all web pages images with your own one
- driftnet – View all images requested by your targets
- move – Shaking Web Browser Content
- deface – Overwrite all web pages with your HTML code
For port scanning, type “pscan” in same terminal followed by “run” command.
For sniffing, type “sniff” in same terminal followed by “run” command and type y if you want to use sslstrip for sniffing HTTPS packets.
For DOS (Denial of Service) attack, type “dos” followed by run command.