Websploit is an open-source framework for testing websites and networks. It is a simple to use written in Python. It makes use of modules to perform activities such as directory scanning, wireless attacks and man-in-the-middle. In this guide, we are looking at how to install and use Websploit on Linux.
Install Websploit on Ubuntu Linux
Run the below command to install websploit framework on Ubuntu and Debian systems
sudo apt-get update
sudo apt-get install websploitOnce installed, we should be able to run the tool. We simply run the command ‘websploit’ on the terminal to launch it.
$ websploit
[*] Internal update/upgrade system is disabled on Debian systems. Please, use the update system provided by your distro.
____ __ ____
\ \ / \ / / | Welcome to Websploit
\ \/ \/ / | Version : 4.0.4
\ / | https://github.com/websploit/websploit
\ /\ / | Author : Fardin Allahverdinazhand
\__/ \__/ | Codename : Reborn
wsf > You will notice that Websploit works in the same way as Metasploit. Both use modules, similar commands and have a welcome banner. If you are familiar with Metasploit, you should not find any difficulty using websploit.
To show commands to use with Websploit, simply type ‘help’ at the interactive prompt.
wsf > help
Commands
========
about exit help show update useAnother good thing about Websploit just like metasploit is that you don’t have to exit websploit interactive mode in order to run operating system commands. What you have to do is to type the commands as usual from the websploit interactive shell. Example, show your system network settings.
wsf > ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 1e:00:e1:00:00:ae brd ff:ff:ff:ff:ff:ff
inet 10.10.2.15/24 brd 10.10.2.255 scope global dynamic eth0
valid_lft 2165001sec preferred_lft 2165001sec
inet6 fe80::1c00:e1ff:fe00:ae/64 scope link
valid_lft forever preferred_lft foreverTo check available modules, run the command below:
wsf > show modules
Modules Description
-------------------- --------------------------
arp_spoof ARP Cache poisoning
http_sniffer Sniff HTTP traffic
scan_network Scan IP range for new devices
scan_wifi Scan Wireless devices
wifi_deauth Force device to disconnect from WIFI - De-authentication attack
wifi_fap Start Fake Access point (AP)
wifi_fap_spam Spamming Fake access points To use a module use the command as ‘use’ together with the module you wish to use. Example as below:
wsf > use scan_network
wsf > scan_network > You can then show the options that are available within the module as below:
wsf > scan_network > options
Option Value
---------------- ----------------
ip 192.168.1.1/24 You can set now set your target using the IP you want to reach
wsf > scan_network > set target 192.168.1.5
target 192.168.1.5Run the module using ‘execute’ command
wsf > scan_network > executeYou have successfully installed Websploit Framework on Ubuntu/ Debian. I hope you enjoy using it to perform systems scans. Refer to Websploit documentation for more insights.
Below are more interesting guides you would definitely want to look at:
