Hacking Tools for Penetration Testing – Fsociety in Kali Linux
Fsociety is a free and open-source tool available on GitHub which is used as an information-gathering tool. Fsociety is used to scanning websites for information gathering and finding vulnerabilities in websites and web apps. Fsociety is one of the easiest and useful tools for performing reconnaissance on websites and web apps. The Fsociety tool is also available for Linux, Windows, and Android phones ( termux ), which is coded in both bash and Python. Fsociety provides a command-line interface that you can run on Kali Linux. This tool can be used to get information about our target(domain). We can target any domain using Fsociety. The interactive console provides a number of helpful features, such as command completion and contextual help. Fsociety is based upon Mr. Robotincludes series.
Menu of Fsociety :
1. Information gathering
The first step to security assessment or ethical hacking is collecting all the possible information about the target, and that is why this Fsociety provides some famous information-gathering tools such as:
- Nmap
- Setoolkit
- Host To IP
- WPScan
- CMS Scanner
- XSStrike
- Dork – Google Dorks Passive Vulnerability Auditor
- Scan A server’s Users
- Crips
2. Password Attacks
For performing any kind of password attack, Fsociety has mainly 2 tools. Those are Cupp – for generating password lists, Nc rack – network Authentication protocol.
3. Wireless Testing
It also has tools such as Reaver Pixiewps and Bluetooth Honeypot for performing any kind of wireless attack.
4. Exploitation Tools
After you are done with information gathering and finding any kind of vulnerabilities, the next thing you have to do is to exploit those vulnerabilities, so for exploiting the vulnerabilities Fsociety provides the following tools:
- sqlmap
- ATSCAN
- Shellnoob
- Commix
- FTP Auto Bypass
- JBoss Autopwn
5. Sniffing & Spoofing
Fsociety lets you perform Sniffing and Spoofing by providing several numbers of tools such as:
- Setoolkit
- SSLtrip
- pyPISHER
- SMTP Mailer
6. Web Hacking
Web hacking and Web pentestings tools are also available in Fsociety These are the following tools:
- Drupal Hacking
- Inurlbr
- WordPress & Joomla Scanner
- Gravity Form Scanner
- File Upload Checker
- WordPress Exploit Scanner
- WordPress Plugins Scanner
- Shell and Directory Finder
- Joomla! 1.5 – 3.4.5 remote code execution
- Vbulletin 5.X remote code execution
- BruteX – Automatically brute force all services running on a target
- Arachni – Web Application Security Scanner Framework
7. Private Web Hacking
It also includes some private Web hacking tools such as:
- Get all websites
- Get joomla websites
- Get wordpress websites
- Control Panel Finder
- Zip Files Finder
- Upload File Finder
- Get server users
- SQli Scanner
- Ports Scan (range of ports)
- Ports Scan (common ports)
- Get server Info
- Bypass Cloudflare
8. Post-Exploitation
After you are done with exploitation you have to perform some post-exploitation attacks to maintain persistent access to the system according to your need so for that also Fsociety provides some tools such as Shell Checker, POET, Weema.
9. Contributors – Contain a contributors list.
10. Install & Update is used to update the framework.
Installation
Step 1: Open your kali linux operating system and use the following command to install the tool from GitHub.
git clone https://github.com/Manisso/fsociety.git
Step 2: The tool has been downloaded and now move it to the directory using the following command.
cd fsociety ls
Step 3: Now install the tool using the following command.
./install.sh
Step 4: All the dependencies have been downloaded and now run the tool using the following command.
./fsociety.py
Usage:
Example 1: Use the Fsociety framework to perform reconnaissance in a domain.
1
After that, select nmap.
1
enter the IP address of the target.
Type 2 for port scan.
2
The framework has started nmap and this is how you can also perform on your target ip address.
Example 2: Use the Fsociety framework tool to find the IP address of a domain.
Select the host for IP tool in the framework, then enter the hostname. The tool will give you the IP address of the host.
No comments:
Post a Comment