Websploit Framework – it is part of the tool set in KALI Linux distribution and it is a tool, framework designed for vulnerability analysis and penetration testing of web applications. This tool is very similar with functionality to Metasploit tool and incorporates many of its plugins to add more functionalities.
Once you have your KALI distribution running to launch Websploit follow up this path:
Applications | Kali Linux | Web Applications | Web Application Fuzzers | Websploit
Your first step should be to run update so you get the latest bits of the framework and this is accomplished by issuing simple update command in the console.
wsf>update [*] Updating Websploit framework, Please Wait ...
Next steps once you have updated Websploit framwork, check and show available modules by issuing following command
This will list and show you all available modules in the Websploit framework for your use. Here is a list of available modules for your fun :
wsf>use web/dir_scanner wsf:Dir_Scanner>show options wsf:Dir_Scanner>set TARGET www.mytarget.com wsf:Dir_Scanner>run
And now sit and watch the Websploit do its work with directory scanner module on the target website www.mytarget.com. Another module for example – how about to find out PHP Admin page on the target website.
wsf>use web/pma wsf:PMA>set TARGET www.mytarget.com wsf:PMA>run
Here are 2 simple uses of the Websploit framework. Spend some time to play around those available modules and options. It takes some time to master this tool.