WebSploit es un proyecto OpenSource para la búsqueda de vulnerabilidades en sistemas remotos.
Aqui vemos algunas de sus funciones principales:
[+]Autopwn – Used From Metasploit For Scan and Exploit Target Service
[+]wmap – Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector – inject reverse & bind payload into file format
[+]phpmyadmin – Search Target phpmyadmin login page
[+]lfi – Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF
[+]apache users – search server username directory (if use from apache webserver)
[+]Dir Bruter – brute target directory with wordlist
[+]admin finder – search admin & login page of target
[+]MLITM Attack – Man Left In The Middle, XSS Phishing Attacks
[+]MITM – Man In The Middle Attack
[+]Java Applet Attack – Java Signed Applet Attack
[+]MFOD Attack Vector – Middle Finger Of Doom Attack Vector
[+]USB Infection Attack – Create Executable Backdoor For Infect USB For Windows
Podemos descargar WebSploit desde:
http://sourceforge.net/projects/websploit/
Damos permisos de ejecución y ejecutamos
rokitoh@red-orbita:/opt/WebSploit Toolkit V.1.5# chmod u+x websploit.pl rokitoh@red-orbita:/opt/WebSploit Toolkit V.1.5# ./websploit.pl
Un saludo, rokitoh!