Websploit is an open-source framework for testing websites and networks. It is a simple to use written in Python. It makes use of modules to perform activities such as directory scanning, wireless attacks and man-in-the-middle. In this guide, we are looking at how to install and use Websploit on Linux.

Install Websploit on Ubuntu Linux

Run the below command to install websploit framework on Ubuntu and Debian systems

sudo apt-get update
sudo apt-get install websploit

Once installed, we should be able to run the tool. We simply run the command ‘websploit’ on the terminal to launch it.

$ websploit
[*] Internal update/upgrade system is disabled on Debian systems. Please, use the update system provided by your distro. 

   ____    __    ____                                                                                                                                                                                                                                                          
   \   \  /  \  /   /     |    Welcome to Websploit                                                                                                                                                                                                                            
    \   \/    \/   /      |    Version : 4.0.4                                                                                                                                                                                                                                 
     \            /       |    https://github.com/websploit/websploit                                                                                                                                                                                                          
      \    /\    /        |    Author : Fardin Allahverdinazhand                                                                                                                                                                                                               
       \__/  \__/         |    Codename : Reborn
                                                                                          
 
wsf > 

You will notice that Websploit works in the same way as Metasploit. Both use modules, similar commands and have a welcome banner. If you are familiar with Metasploit, you should not find any difficulty using websploit.

To show commands to use with Websploit, simply type ‘help’ at the interactive prompt.

wsf > help 

Commands 
======== 
about  exit  help  show  update  use

Another good thing about Websploit just like metasploit is that you don’t have to exit websploit interactive mode in order to run operating system commands. What you have to do is to type the commands as usual from the websploit interactive shell. Example, show your system network settings.

wsf > ip address 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 
   inet 127.0.0.1/8 scope host lo 
      valid_lft forever preferred_lft forever 
   inet6 ::1/128 scope host  
      valid_lft forever preferred_lft forever 
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 
   link/ether 1e:00:e1:00:00:ae brd ff:ff:ff:ff:ff:ff 
   inet 10.10.2.15/24 brd 10.10.2.255 scope global dynamic eth0 
      valid_lft 2165001sec preferred_lft 2165001sec 
   inet6 fe80::1c00:e1ff:fe00:ae/64 scope link  
      valid_lft forever preferred_lft forever

To check available modules, run the command below:

wsf > show modules 
Modules                 Description          
--------------------    -------------------------- 
arp_spoof               ARP Cache poisoning 
http_sniffer            Sniff HTTP traffic 
scan_network            Scan IP range for new devices  
scan_wifi               Scan Wireless devices  
wifi_deauth             Force device to disconnect from WIFI - De-authentication attack  
wifi_fap                Start Fake Access point (AP)  
wifi_fap_spam           Spamming Fake access points 

To use a module use the command as ‘use’ together with the module you wish to use. Example as below:

wsf > use scan_network 
wsf > scan_network > 

You can then show the options that are available within the module as below:

wsf > scan_network > options 
Option                  Value                
----------------        ----------------     
ip                      192.168.1.1/24     

You can set now set your target using the IP you want to reach

wsf > scan_network > set target 192.168.1.5 
target 192.168.1.5

Run the module using ‘execute’ command

wsf > scan_network > execute

You have successfully installed Websploit Framework on Ubuntu/ Debian. I hope you enjoy using it to perform systems scans. Refer to Websploit documentation for more insights.

Below are more interesting guides you would definitely want to look at:

LEAVE A REPLY

Please enter your comment!
Please enter your name here

fifteen − ten =