Websploit Framework - Kali Linux Tutorial

Websploit is an automatic vulnerability assessment, web crawler and exploiter tool. It is an open source command line utility that composed on modular structure. At the time of writing, there are 16 modules are available on Websploit, it can be downloaded from sourceforge project website but it is available on Kali Linux by default.


 

 
Websploit can be synchronize with Metasploit WMAP project for web vulnerability scanning, there are four categories of modular are available and they are:
 
 

  • Web Modules
  • Network Modules
  • Exploit Modules
  • Wireless Modules
 
 

In Wireless module we can run some interesting WiFi attacking vector including the WiFi jammer and WiFi DDOS attack. For exploitation, websploit is working on the basis of Metasploit Autopwn service and metasploit browser autopwn service. A large number of interesting attacking vectors are available on the network modules, and they are but not limited to:
 
 

  • ARP cache DOS attack
  • Middle Finger Of Doom Attack
  • Man In The Middle Attack
  • Man Left In The Middle Attack
  • Fake Update Attack Using DNS Spoof
  • And more....
 
 

Some modules of websploit are depends on Metasploit for example
 
 

  • Information Gathering From Victim Web Using (Metasploit Wmap)
 
 

So it is recommended to configure Metasploit before using these modules, the demonstration of every modules are not possible on this single article, but the basic command and usage of the software mentioned below and it surely help you to use websploit in a professional manner.
 

 
If you are on Kali Linux, then click on Applications → Kali Linux → Web Applications → Web Vulnerability Scanners → Websploit
 

 

 

 
The list of commands that can applicable on websploit are:
 

 
Commands                   Description
 
---------------                  ----------------
 
set                              Set Value Of Options To Modules
 
scan                            Scan Wifi (Wireless Modules)
 
stop                            Stop Attack & Scan (Wireless Modules)
 
run                             Execute Module
 
use                             Select Module For Use
 
os                               Run Linux Commands(ex : os ifconfig)
 
back                           Exit Current Module
 
show modules            Show Modules of Current Database
 
show options              Show Current Options Of Selected Module
 
upgrade                     Get New Version
 
update                        Update Websploit Framework
 

 
In the demonstration mentioned below: the web directory scanner attack will be performed.


 

 
wsf > show modules
 

 
..
 
..
 
wsf > use web/dir_scanner
 
wsf:Dir_Scanner > show options
 
 
Options Value
 
--------- --------------
 
TARGET http://google.com
 
 
wsf:Dir_Scanner > set TARGET http://ehacking.net
 
TARGET => ehacking.net
 
wsf:Dir_Scanner > run
 
[*] Your Target : ehacking.net
 
[*]Loading Path List ... Please Wait ...
 
[index] ... [404 Not Found]
 
[images] ... [404 Not Found]
 
[download] ... [404 Not Found]
 
..
 
..
 
..


The commands to perform other attacking vector are same, just follow the steps mentioned above.
- See more at: http://www.ehacking.net/2013/05/kali-linux-tutorial-websploit-framework.html#sthash.sTPecDoN.dpuf