Monday, July 29, 2024

Hacking Tools for Penetration Testing – Fsociety in Kali Linux

 

Hacking Tools for Penetration Testing – Fsociety in Kali Linux


Fsociety is a free and open-source tool available on GitHub which is used as an information-gathering tool. Fsociety is used to scanning websites for information gathering and finding vulnerabilities in websites and web apps. Fsociety is one of the easiest and useful tools for performing reconnaissance on websites and web apps. The Fsociety tool is also available for Linux, Windows, and Android phones ( termux ), which is coded in both bash and Python. Fsociety provides a command-line interface that you can run on Kali Linux. This tool can be used to get information about our target(domain). We can target any domain using Fsociety. The interactive console provides a number of helpful features, such as command completion and contextual help. Fsociety is based upon Mr. Robotincludes series. 

Menu of Fsociety :

1. Information gathering

The first step to security assessment or ethical hacking is collecting all the possible information about the target, and that is why this Fsociety provides some famous information-gathering tools such as:

  • Nmap
  • Setoolkit
  • Host To IP
  • WPScan
  • CMS Scanner
  • XSStrike
  • Dork – Google Dorks Passive Vulnerability Auditor
  • Scan A server’s Users
  • Crips

2. Password Attacks

For performing any kind of password attack, Fsociety has mainly 2 tools. Those are  Cupp – for generating password lists, Nc rack – network Authentication protocol.

3. Wireless Testing

It also has tools such as Reaver Pixiewps and Bluetooth Honeypot for performing any kind of wireless attack.

4. Exploitation Tools

After you are done with information gathering and finding any kind of vulnerabilities, the next thing you have to do is to exploit those vulnerabilities, so for exploiting the vulnerabilities Fsociety provides the following tools:

  • sqlmap
  • ATSCAN
  • Shellnoob
  • Commix
  • FTP Auto Bypass
  • JBoss Autopwn

5. Sniffing & Spoofing

Fsociety lets you perform Sniffing and Spoofing by providing several numbers of tools such as:

  • Setoolkit
  • SSLtrip
  • pyPISHER
  • SMTP Mailer

6. Web Hacking

Web hacking and Web pentestings tools are also available in Fsociety These are the following tools:

  • Drupal Hacking
  • Inurlbr
  • WordPress & Joomla Scanner
  • Gravity Form Scanner
  • File Upload Checker
  • WordPress Exploit Scanner
  • WordPress Plugins Scanner
  • Shell and Directory Finder
  • Joomla! 1.5 – 3.4.5 remote code execution
  • Vbulletin 5.X remote code execution
  • BruteX – Automatically brute force all services running on a target
  • Arachni – Web Application Security Scanner Framework

7. Private Web Hacking

It also includes some private Web hacking tools such as:

  • Get all websites
  • Get joomla websites
  • Get wordpress websites
  • Control Panel Finder
  • Zip Files Finder
  • Upload File Finder
  • Get server users
  • SQli Scanner
  • Ports Scan (range of ports)
  • Ports Scan (common ports)
  • Get server Info
  • Bypass Cloudflare

8. Post-Exploitation

After you are done with exploitation you have to perform some post-exploitation attacks to maintain persistent access to the system according to your need so for that also Fsociety provides some tools such as  Shell Checker, POET, Weema.

9. Contributors – Contain a contributors list.

10. Install & Update is used to update the framework.

Installation

Step 1: Open your kali linux operating system and use the following command to install the tool from GitHub.

git clone https://github.com/Manisso/fsociety.git

Step 2: The tool has been downloaded and now move it to the directory using the following command.

cd fsociety
ls

Step 3: Now install the tool using the following command.

./install.sh

Step 4: All the dependencies have been downloaded and now run the tool using the following command.

./fsociety.py

Usage:

Example 1: Use the Fsociety framework to perform reconnaissance in a domain.

1

After that, select nmap.

1

enter the IP address of the target.

Type 2 for port scan.

2

The framework has started nmap and this is how you can also perform on your target ip address.

Example 2: Use the Fsociety framework tool to find the IP address of a domain.

Select the host for IP tool in the framework, then enter the hostname. The tool will give you the IP address of the host.

No comments:

Post a Comment

TOP 20 PYTHON MODULES

 Python has a rich ecosystem of modules and libraries that extend its capabilities. Here’s a list of 20 popular Python modules along with br...