How to use Kali Websploit framework

Websploit Framework – it is part of the tool set in [easyazon_link identifier=”1782163123″ locale=”US” tag=”wn0d5-20″] KALI Linux [/easyazon_link] distribution and it is a tool, framework designed for vulnerability analysis and penetration testing of web applications. This tool is very similar with functionality to [easyazon_link identifier=”1782162224″ locale=”US” tag=”wn0d5-20″] Metasploit [/easyazon_link] tool and incorporates many of its plugins to add more functionalities.

Once you have your [easyazon_link identifier=”1783982144″ locale=”US” tag=”wn0d5-20″] KALI [/easyazon_link] distribution running to launch Websploit follow up this path:

Applications | Kali Linux | Web Applications | Web Application Fuzzers | Websploit

Your first step should be to run update so you get the latest bits of the framework and this is accomplished by issuing simple update command in the console.

[*] Updating Websploit framework,
Please Wait ...

Next steps once you have updated Websploit framwork, check and show available modules by issuing following command

wsf>show modules

This will list and show you all available modules in the Websploit framework for your use. Here is a list of available modules for your fun :

Web Modules Description
——————- ———————
web/apache_users Scan Directory Of Apache Users
web/dir_scanner Directory Scanner
web/wmap Information Gathering From Victim Web Using (Metasploit Wmap)
web/pma PHPMyAdmin Login Page Scanner
 Network Modules Description
——————- ———————
network/arp_dos ARP Cache Denial Of Service Attack
network/mfod Middle Finger Of Doom Attack
network/mitm Man In The Middle Attack
network/mlitm Man Left In The Middle Attack
network/webkiller TCP Kill Attack
network/fakeupdate Fake Update Attack Using DNS Spoof
network/fakeap Fake Access Point
Exploit Modules Description
——————- ———————
exploit/autopwn Metasploit Autopwn Service
exploit/browser_autopwn Metasploit Browser Autopwn Service
exploit/java_applet Java Applet Attack (Using HTML)
Wireless Modules Description
——————- ———————
wifi/wifi_jammer Wifi Jammer
wifi/wifi_dos Wifi Dos Attack


Lets try few of them – lets run web directory scan against sample web


wsf>use web/dir_scanner
wsf:Dir_Scanner>show options
wsf:Dir_Scanner>set TARGET

And now sit and watch the Websploit do its work with directory scanner module on the target website Another module for example – how about to find out PHP Admin page on the target website.

wsf>use web/pma
wsf:PMA>set TARGET

Here are 2 simple uses of the Websploit framework. Spend some time to play around those available modules and options. It takes some time to master this tool.

[easyazon_image align=”none” height=”160″ identifier=”1782163123″ locale=”US” src=”” tag=”wn0d5-20″ width=”130″]

Leave a Reply