What is WebSploit
WebSploit is a framework with some modules for network, web and more….
First we have to install the “dependencies”:
sudo apt-get install scapy
Next download WebSploit from their website.
$ wget http://downloads.sourceforge.net/project/websploit/WebSploit%20Framework%20V.2.0.4/WebSploit%20Framework%20V.2.0.4.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fwebsploit%2F&ts=1378135332&use_mirror=kent
Now unpack the file with the following command:
$ tar xzf WebSploit\ Framework\ V.X.X.X.tar.gz
Now change the directory to the “Easy Install” directory:
$ cd Easy\ Install
Next you have to run the install script as root:
$ sudo ./install.sh
[sudo] password for USER:
Welcome To Websploit Framework Easy Install Script
Installing , Please Wait ...
Installed Directory : /usr/share/websploit
Run From Terminal : sudo websploit
Now WebSploit has been installed to the directory “/usr/share/websploit/”.
We can run WebSploit by running the following command:
Now you will see a menu simlar to metasploit.
show modules you will get a list of all available attacks.
For example if you want to run the “PHPMyAdmin Login Page Scanner” that is used to search for a phpmyadmin page at the webserver you run
Now we have to set the options for the exploit so it knows what to do.
First we have to show the options by running
Now you get the list of all available options, in my example i just had to set one option.
You set an option by running the following:
set OPTION value
When you’re ready and already set all options you run the exploit by running
Now the exploit will run.
I hope you liked the Tutorial.