Xerosploit is a python-based framework that combines the power of Bettercap and Nmap to create powerful Man-in-the-Middle attacks.
Xerosploit is a penetration testing toolkit with the goal of executing man-in-the-middle attacks for the purpose of testing. It includes a number of modules that allow for efficient attacks, as well as denial-of-service attacks and port scanning. This tool is powered by Bettercap and Nmap.
For more information on Xerosploit, visit the “https://github.com/LionSec/xerosploit” page.
Copy the downloadable link and clone it in the “/opt” directory.
Ex: (root@kali:/opt# git clone https://github.com/LionSec/xerosploit.git).
Navigate into the “xerosploit” folder and run the installation file.
Ex: (root@kali:/opt/xerosploit# ./install.py).
When the installation process is complete, you can start the tool by running the “xerosploit.py” file.
Ex: (root@kali:/opt/xerosploit# ./xerosploit.py).
Here it will show your network configuration, including IP address, MAC address, gateway, interface, and hostname. Type the “help” command in the console to view all available options.
Xerosploit will display a rundown of commands for the assault. In this example, we will pick the “scan” option in this subsequent stage for examining the entire network.
The scanning option will check the entire network and will discover all possible hosts on your system. To perform a MITM attack, we need to pick the target IP address from the given outcome. For this tutorial, we chose 10.10.10.6.
In the next comment, it will ask for the module you want to load for the man in the middle attack. To list all available modules, type the “help” operator and hit “Enter.”
Let’s start with the “pscan” module, which is a port scanner. It will show you all the open ports on the network computer and recover the version of the programs running on the recognized ports.
Then, type the “run” command to execute the pscan module, and it will show you all open ports of the victim’s device.
You may also inject HTML codes using the “injecthtml” module. HTML infusion is the weakness inside any site that happens when the client information isn’t adequately secured, or the output isn’t encoded, and the assailant can infuse substantial HTML code into a vulnerable webpage. There are so many techniques which could utilize element and attributes to submit HTML content.
For this example, we used our basic HTML code, which is saved as an “index.html” file in the “/root/Document/” directory.
You have been hacked darling!
Now run the “injecthtml” module and after that type the “run” command to execute it.
Next, enter the path where you have saved the HTML file and then hit “Enter.”
Whenever the victim browses something on the internet, the page will be redirected and display the output of the HTML code you have injected.
Now run the “injectjs” module and after that type the “run” command to execute it.
To view all the activities and the traffic on the network, you can use the “sniff” module. After this module is specified, type “run” to execute it. Then it will ask you if you want to use SSLstrip to strip the HTTPS URLs to HTTP so that you can capture the login credentials in cleartext. Type “y” for yes and start the sniffing process.
All logs will be saved in the “opt/xerosploit/xerosniff” directory for further investigation.