How to use Kali Websploit framework

Websploit Framework – it is part of the tool set in KALI Linux distribution and it is a tool, framework designed for vulnerability analysis and penetration testing of web applications. This tool is very similar with functionality to Metasploit tool and incorporates many of its plugins to add more functionalities.

Once you have your KALI distribution running to launch Websploit follow up this path:

Applications | Kali Linux | Web Applications | Web Application Fuzzers | Websploit

Your first step should be to run update so you get the latest bits of the framework and this is accomplished by issuing simple update command in the console.

[*] Updating Websploit framework,
Please Wait ...

Next steps once you have updated Websploit framwork, check and show available modules by issuing following command

wsf>show modules

This will list and show you all available modules in the Websploit framework for your use. Here is a list of available modules for your fun :

Web Modules Description
——————- ———————
web/apache_users Scan Directory Of Apache Users
web/dir_scanner Directory Scanner
web/wmap Information Gathering From Victim Web Using (Metasploit Wmap)
web/pma PHPMyAdmin Login Page Scanner
 Network Modules Description
——————- ———————
network/arp_dos ARP Cache Denial Of Service Attack
network/mfod Middle Finger Of Doom Attack
network/mitm Man In The Middle Attack
network/mlitm Man Left In The Middle Attack
network/webkiller TCP Kill Attack
network/fakeupdate Fake Update Attack Using DNS Spoof
network/fakeap Fake Access Point
Exploit Modules Description
——————- ———————
exploit/autopwn Metasploit Autopwn Service
exploit/browser_autopwn Metasploit Browser Autopwn Service
exploit/java_applet Java Applet Attack (Using HTML)
Wireless Modules Description
——————- ———————
wifi/wifi_jammer Wifi Jammer
wifi/wifi_dos Wifi Dos Attack


Lets try few of them – lets run web directory scan against sample web


wsf>use web/dir_scanner
wsf:Dir_Scanner>show options
wsf:Dir_Scanner>set TARGET

And now sit and watch the Websploit do its work with directory scanner module on the target website Another module for example – how about to find out PHP Admin page on the target website.

wsf>use web/pma
wsf:PMA>set TARGET

Here are 2 simple uses of the Websploit framework. Spend some time to play around those available modules and options. It takes some time to master this tool.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.