用websploit获取管理员后台地址

1, use web/dir_scanner

2, set TARGET http://www.****.com

3, run

---

SOURCE: https://sourceforge.net/projects/websploit/

 

 

WebSploit Advanced MITM Framework

[+]Autopwn – Used From Metasploit For Scan and Exploit Target Service

[+]wmap – Scan,Crawler Target Used From Metasploit wmap plugin

[+]format infector – inject reverse & bind payload into file format

[+]phpmyadmin Scanner

[+]CloudFlare resolver

[+]LFI Bypasser

[+]Apache Users Scanner

[+]Dir Bruter

[+]admin finder

[+]MLITM Attack – Man Left In The Middle, XSS Phishing Attacks

[+]MITM – Man In The Middle Attack

[+]Java Applet Attack

[+]MFOD Attack Vector

[+]ARP Dos Attack

[+]Web Killer Attack

[+]Fake Update Attack

[+]Fake Access point Attack

[+]Wifi Honeypot

[+]Wifi Jammer

[+]Wifi Dos

[+]Wifi Mass De-Authentication Attack

[+]Bluetooth POD Attack

 

# cd /root

# git clone https://github.com/websploit/websploit.git

# cd websploit

# ./wsf-update.py

# ./websploit

         (  (               )             (             )

         )\))(   ‘   (   ( /(             )\     (   ( /(

        ((_)()\ )   ))\  )\()) (   `  )  ((_) (  )\  )\())

        _(())\_)() /((_)((_)\  )\  /(/(   _   )\((_)(_))/

        \ \((_)/ /(_))  | |(_)((_)((_)_\ | | ((_)(_)| |_

         \ \/\/ / / -_) | ‘_ \(_-<| ‘_ \)| |/ _ \| ||  _|

          \_/\_/  \___| |_.__//__/| .__/ |_|\___/|_| \__|

                                  

                –=[WebSploit Advanced MITM Framework

        +—**—==[Version :3.0.0

        +—**—==[Codename :Katana

        +—**—==[Available Modules : 20

                –=[Update Date : [r3.0.0-000 20.9.2014]

wsf > help

Commands                Description

—————         —————-

set                     Set Value Of Options To Modules

scan                    Scan Wifi (Wireless Modules)

stop                    Stop Attack & Scan (Wireless Modules)

run                     Execute Module

use                     Select Module For Use

os                      Run Linux Commands(ex : os ifconfig)

back                    Exit Current Module

show modules            Show Modules of Current Database

show options            Show Current Options Of Selected Module

upgrade                 Get New Version

update                  Update Websploit Framework

about                   About US

 

wsf > upgrade

[*]Checking For New Version, Please Wait …

[*]New Version Not Available, This Is Latest Version Of The WebSploit Framework.

 

wsf > show modules

Web Modules                     Description

——————-             ———————

web/apache_users                Scan Directory Of Apache Users

web/dir_scanner                 Directory Scanner

web/wmap                        Information Gathering From Victim Web Using (Metasploit Wmap)

web/pma                         PHPMyAdmin Login Page Scanner

web/cloudflare_resolver         CloudFlare Resolver

 

Network Modules                 Description

——————-             ———————

network/arp_dos                 ARP Cache Denial Of Service Attack

network/mfod                    Middle Finger Of Doom Attack

network/mitm                    Man In The Middle Attack

network/mlitm                   Man Left In The Middle Attack

network/webkiller               TCP Kill Attack

network/fakeupdate              Fake Update Attack Using DNS Spoof

network/arp_poisoner            Arp Poisoner

 

Exploit Modules                 Description

——————-             ———————

exploit/autopwn                 Metasploit Autopwn Service

exploit/browser_autopwn         Metasploit Browser Autopwn Service

exploit/java_applet             Java Applet Attack (Using HTML)

 

Wireless / Bluetooth Modules    Description

——————-             ———————

wifi/wifi_jammer                Wifi Jammer

wifi/wifi_dos                   Wifi Dos Attack

wifi/wifi_honeypot              Wireless Honeypot(Fake AP)

wifi/mass_deauth                Mass Deauthentication Attack

bluetooth/bluetooth_pod         Bluetooth Ping Of Death Attack