Xerosploit is a penetration testing tool which is used to do so many tasks like MITM(Man In The Middle Attack), Network mapping, Port Scanning, HTML Code Injection, Java Code Injection, Sniffing, DNS Spoofing, Image Replacement, Driftnet, Web Page Defacement and so much. This tool is not pre-installed in Kali Linux. So, you have to download this tool.
You can download this tool by typing below command in your terminal and you can download this tool by clicking here.
git clone https://github.com/LionSec/xerosploit.git
Let’s Hacking Start 😉
I’m typing some command which we use in this attack:
- scan:- To scan your Local network.
- run:- To execute the module
- back:- To exit from a particular module
- help:- To see all the available modules of this tool.
Once your download is completed then you have to install this tool by typing.
This will install this tool in your Kali. After successful installation of xerosploit tool type
to run this tool.
To scan your network. Type
This command will display all the devices which are connected to your network and you can perform this attack on any of them.
I’m going to attack on my windows Pc. The IP of windows PC is 192.168.0.100. I found this by scanning network. To select your windows machine simply type your windows machine IP there and hit enter.
Type help to see all the modules which you can execute.
You can see here so many modules are present which you can use to attack windows machine. You can use any of them simply by typing the name of the module(which you want to use). and then type run to execute that module. For ex:- I use here port scanner by typing
As you can see here I don’t have any open ports in my windows. Now, type back to exit this module.
Here, some more interesting modules which you can use like rdownload. If your victim is downloading a file then this module will replace that file with your trojan file.
It’s a very simple tool to use. Simply, type module name and then type run.
Here is the explanation of all the modules of this tool.
pscan:- It scans all the ports of the victim’s machine and show you the list of all the open ports.
DOS:- This module will make your victim’s machine unresponsive. After this attack, the victim’s machine hangs and don’t give any response.
ping:- To ensure that your victim is reachable or not.
injecthtml:- Ths module inject a HTML code in your victim’s machine and whenever your victim opens a website your HTML code will also show there.
sniff:- It sniff the packets of your victim’s machine.
dspoof:- It will redirect all HTTP traffic to a specific Website which you specified in this module.
yplay:- Whenever your victim opens any website then a sound play in the background which you specified in this module.
replace:- This is also interesting. I replace all the images of the victim’s browser with a specific image which you gives.
driftnet:- This module will capture every image which is seen by your victim.
move:- This module will start moving everything in the web browser of your victim’s machine.
deface:- This tool overwrite every web pages with your particular HTML page.
You can perform these all task by this tool. Hope you like this tutorial. If you want practical demo of any of the module then comment it below, I’ll definetely upload it.