中间人攻击工具(Xerosploit)
简介
Xerosploit是一个渗透测试工具包,它的目的是实现中间人攻击。它附带着各种有效的攻击模块,并且还允许执行拒绝服务攻击和端口扫描
安装
- 下载
git clone https://github.com/LionSec/xerosploit.git
- 安装
cd xerosploit && sudo python install.py
root@7c81645eb6d8:~# cd xerosploit && sudo python install.py
┌══════════════════════════════════════════════════════════════┐
█ █
█ Xerosploit Installer █
█ █
└══════════════════════════════════════════════════════════════┘
[++] Please choose your operating system.
1) Ubuntu / Kali linux / Others
2) Parrot OS
>>> 1
输入对应的系统就可以自动安装了
Xerosploit has been sucessfuly instaled. Execute 'xerosploit' in your terminal.
显示这个表示安装成功
使用
输入
xerosploit
打开工具
██╗ ██╗███████╗██████╗ ██████╗ ███████╗██████╗ ██╗ ██████╗ ██╗████████╗
╚██╗██╔╝██╔════╝██╔══██╗██╔═══██╗██╔════╝██╔══██╗██║ ██╔═══██╗██║╚══██╔══╝╚███╔╝ █████╗ ██████╔╝██║ ██║███████╗██████╔╝██║ ██║ ██║██║ ██║ ██╔██╗ ██╔══╝ ██╔══██╗██║ ██║╚════██║██╔═══╝ ██║ ██║ ██║██║ ██║
██╔╝ ██╗███████╗██║ ██║╚██████╔╝███████║██║ ███████╗╚██████╔╝██║ ██║
╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═╝ [+]═══════════[ Author : @LionSec1 _-\|/-_ Website: lionsec.net ]═══════════[+][ Powered by Bettercap and Nmap ]┌═════════════════════════════════════════════════════════════════════════════┐
█ █
█ Your Network Configuration █
█ █
└═════════════════════════════════════════════════════════════════════════════┘ ╒══════════════╤═══════════════════╤═══════════╤═════════╤════════════╕
│ IP Address │ MAC Address │ Gateway │ Iface │ Hostname │
╞══════════════╪═══════════════════╪═══════════╪═════════╪════════════╡
│ │ │ │ │ │
├──────────────┼───────────────────┼───────────┼─────────┼────────────┤
│ 1.1.1.11 │ 08:00:27:7B:3D:E7 │ 1.1.1.1 │ eth0 │ kali │
╘══════════════╧═══════════════════╧═══════════╧═════════╧════════════╛╔═════════════╦════════════════════════════════════════════════════════════════════╗
║ ║ XeroSploit is a penetration testing toolkit whose goal is to ║
║ Information ║ perform man in the middle attacks for testing purposes. ║
║ ║ It brings various modules that allow to realise efficient attacks. ║
║ ║ This tool is Powered by Bettercap and Nmap. ║
╚═════════════╩════════════════════════════════════════════════════════════════════╝[+] Please type 'help' to view commands.Xero
如果你要实现中间人攻击,比如你要让受害者访问的网站的图片全部变为固定的一张照片,你可以这样做
输入help查看下菜单选项
Xero help╔══════════╦════════════════════════════════════════════════════════════════╗
║ ║ ║
║ ║ scan : Map your network. ║
║ ║ ║
║ ║ iface : Manually set your network interface. ║
║ COMMANDS ║ ║
║ ║ gateway : Manually set your gateway. ║
║ ║ ║
║ ║ start : Skip scan and directly set your target IP address. ║
║ ║ ║
║ ║ rmlog : Delete all xerosploit logs. ║
║ ║ ║
║ ║ help : Display this help message. ║
║ ║ ║
║ ║ exit : Close Xerosploit. ║
║ ║ ║
╚══════════╩════════════════════════════════════════════════════════════════╝[+] Please type 'help' to view commands.Xero
输入scan扫描一下网络
Xero scan[++] Mapping your network ... [+]═══════════[ Devices found on your network ]═══════════[+]╔════════════╦═══════════════════╦══════════════════════════════╗
║ IP Address ║ Mac Address ║ Manufacturer ║
╠════════════╬═══════════════════╬══════════════════════════════╣
║ 1.1.1.1 ║ B8:F8:83:76:7E:E5 ║ (Tp-link Technologies) ║
║ 1.1.1.2 ║ A0:8C:FD:D1:2C:C6 ║ (Hewlett Packard) ║
║ 1.1.1.3 ║ A0:8C:FD:D2:25:B8 ║ (Hewlett Packard) ║
║ 1.1.1.5 ║ C0:CC:F8:42:DD:D5 ║ (Apple) ║
║ 1.1.1.6 ║ A0:8C:FD:D1:E1:8E ║ (Hewlett Packard) ║
║ 1.1.1.7 ║ A0:8C:FD:D5:81:DD ║ (Hewlett Packard) ║
║ 1.1.1.9 ║ C8:6F:1D:22:37:A2 ║ (Apple) ║
║ 1.1.1.10 ║ 08:00:37:A1:64:05 ║ (Fuji-xerox) ║
║ 1.1.1.12 ║ 7C:DD:90:DE:A1:34 ║ (Shenzhen OgemrayTechnology) ║
║ 1.1.1.14 ║ B0:E2:35:43:62:43 ║ (Xiaomi Communications) ║
║ 1.1.1.11 ║ 08:00:27:7B:3D:E7 ║ (This device) ║
║ 1.1.1.254 ║ ║ ║
║ ║ ║ ║
╚════════════╩═══════════════════╩══════════════════════════════╝[+] Please choose a target (e.g. 192.168.1.10). Enter 'help' for more information.Xero
扫描的信息很详细,连一些基础的设备信息都扫描出来了
接下来输入各种信息,看下面就好
Xero 1.1.1.12[++] 1.1.1.12 has been targeted. [+] Which module do you want to load ? Enter 'help' for more information.Xero»modules help╔═════════╦══════════════════════════════════════════════════════════════════════╗
║ ║ ║
║ ║ pscan : Port Scanner ║
║ ║ ║
║ ║ dos : DoS Attack ║
║ ║ ║
║ ║ ping : Ping Request ║
║ ║ ║
║ ║ injecthtml : Inject Html code ║
║ ║ ║
║ ║ injectjs : Inject Javascript code ║
║ ║ ║
║ ║ rdownload : Replace files being downloaded ║
║ ║ ║
║ ║ sniff : Capturing information inside network packets ║
║ MODULES ║ ║
║ ║ dspoof : Redirect all the http traffic to the specified one IP ║
║ ║ ║
║ ║ yplay : Play background sound in target browser ║
║ ║ ║
║ ║ replace : Replace all web pages images with your own one ║
║ ║ ║
║ ║ driftnet : View all images requested by your targets ║
║ ║ ║
║ ║ move : Shaking Web Browser content ║
║ ║ ║
║ ║ deface : Overwrite all web pages with your HTML code ║
║ ║ ║
╚═════════╩══════════════════════════════════════════════════════════════════════╝[+] Which module do you want to load ? Enter 'help' for more information.Xero»modules replace┌══════════════════════════════════════════════════════════════┐
█ █
█ Image Replace █
█ █
█ Replace all web pages images with your own one █
└══════════════════════════════════════════════════════════════┘ [+] Enter 'run' to execute the 'replace' command.Xero»modules»replace run[+] Insert your image path. (e.g. /home/capitansalami/pictures/fun.png)Xero»modules»replace /root/a.png[++] All images will be replaced by /root/a.png[++] Press 'Ctrl + C' to stop .
效果类似下面这样
评价
在公司里还是挺好玩的,好评,各种中间人攻击的东西几乎都有
Having Fun
中间人攻击工具(Xerosploit)相关推荐
- 更便捷的中间人攻击框架Xerosploit
文章首发于FreeBuf 0×00 前言 偶然间,在国外网站的一篇文章中发现有提到这款中间人框架,顺藤摸瓜拿来实践一番,发现确实很可以,确实很方便,不敢独享,特来抛砖引玉,不足之处还望斧正~ 0×01 ...
- 最好用的中间人攻击工具mitmproxy
mitmproxy 是 man-in-the-middle attack proxy 的简称,译为中间人攻击工具,可以用来拦截.修改.保存 HTTP/HTTPS 请求.做爬虫离不开这些工具,特别是基于 ...
- 自动化中间人攻击工具subterfuge小实验
Subterfuge是一款用python写的中间人攻击框架,它集成了一个前端和收集了一些著名的可用于中间人攻击的安全工具. Subterfuge主要调用的是sslstrip,sslstrip 是08 ...
- 强大的中间人攻击工具(Bettercap)
目录 前言 安装 常用功能及模块介绍 实战应用 ARP欺骗 DNS欺骗 注入脚本 替换下载文件 ~~~~~~~~ 因为想要面对一个新的开始,一个人必须有梦想.有希望.有对未来的憧憬.如 ...
- linux中间人攻击工具,Ettercap:“中间人攻击”神器
作者:{XJ}@ArkTeam 1.Ettercap介绍 Ettercap是一款开源的网络嗅探工具,是实现局域网内中间人攻击的神器,结合众多强大的插件,可以发起ARP欺骗.DNS欺骗.DHCP欺骗.会 ...
- xerosploit中间人攻击软件安装及简易使用
简介 Xerosploit是一款强大的渗透测试工具包,它的目的是实现中间人攻击.它附带着各种有效的攻击载荷,并且还允许执行拒绝服务攻击和端口扫描.我们可以用这款工具来执行拒绝服务攻击和中间人攻击,Xe ...
- SSL/TLS中间人攻击
准备:kali.xp kali ip:192.168.14.157 目标ip:192.168.14.158 目标网关:192.168.14.2 使用工具:ettercap.sslstrip.arpsp ...
- GitHub被“中介”攻击了?啥是中间人攻击?
点击上方蓝色"程序猿DD",选择"设为星标" 回复"资源"获取独家整理的学习资料! 来源 | 公众号「开源中国」 26 日-27 日,国内无 ...
- 中间人攻击-http流量嗅探
文章目录 arp攻击 工具使用 防御方案 arp攻击 ARP协议 ARP(Address Resolution Protocol)地址转换协议,工作在OSI模型的数据链路层,在以太网中,网络设备之间互 ...
最新文章
- ES6学习(五) -- 箭头函数
- 一个域名可以对应多个ip地址吗_域名解析 | A记录 ,CNAME,MX,NS 你懂了吗
- HashMap中提到的散列是什么?
- 【Linux】一步一步学Linux——tail命令(42)
- linux下面mysql不监听3306
- TempDB为什么要根据CPU数目来决定文件个数
- nmon Analyser服务器资源分析仪
- How to remove replication in Syteline
- linux批量创建系统,linux系统批量创建用户
- 3.Linux/Unix 系统编程手册(上) -- 系统编程概念
- 计算机一些常见名词解释
- python做服务器需要什么模块_用Python自带的包建立简单的web服务器
- STM32F4 OLED详解
- Linux下bochs的安装与使用
- 工作感想——离开公司
- 移动端rem字体大小适配
- U盘中毒后里面的数据怎样恢复
- B: 火车站(stack)
- ecshop小京东的模板切换到smarty3.1.3之去掉原生的php语法
- 3. 自建DNS(bind9)
热门文章
- 怎样用matlab产生泊松分布随机数
- 硬盘分区魔术师易我分区大师,磁盘分区问题不发愁!
- qc35 说明书_教你Bose QC35耳机的使用方法
- (超长文)Hive Sql基本操作
- 功能简单的erp软件
- FL Studio里一起安装的ASIO4ALL有什么用?
- Meta元宇宙内容VP:VR游戏与元宇宙关系紧密,社交并非全部
- 记录一次工作中的问题以及解决(POI对于Excel的数据导出覆盖问题)
- source insight 4.0 配色方案及配置方法
- 分享一个ubuntu18.04(20.04)的MacOS美化主题和下载,作者很用心也写得很详细。