1 / 11

HACK INFORMATION OF ANY WEBSITE USING WEBKILLER

For hacking any website or web application, information gathering phase about the target is must. Hackers use different tools for collecting unique information about the target. Web killer is another information-gathering tool with nice options to scan the target. In this tool, we have all the option to perform information gathering and this tool is completely built on the python programming language.

Download Presentation

HACK INFORMATION OF ANY WEBSITE USING WEBKILLER

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. HACK INFORMATION OF ANY WEBSITE USING WEBKILLER INTRODUCTION For hacking any website or web application, information gathering phase about the target is must. Hackers use different tools for collecting unique information about the target. Web killer is another information-gathering tool with nice options to scan the target. In this tool, we have all the option to perform information gathering and this tool is completely built on the python programming language. ENVIRONMENT   OS: Ubuntu 18.04.4, 64 bit Kernel version: 5.3.0-45-generic INSTALLATION STEPS  Use this command to clone the file. git clone https://github.com/ultrasecurity/webkiller root@ubuntu-VirtualBox:/home/iicybersecurity# git clone https://github.com/ultrasecurity/webkiller Cloning into 'webkiller'… remote: Enumerating objects: 3, done. remote: Counting objects: 100% (3/3), done. remote: Compressing objects: 100% (3/3), done. remote: Total 160 (delta 0), reused 0 (delta 0), pack-reused 157 Receiving objects: 100% (160/160), 97.63 KiB | 254.00 KiB/s, done. Resolving deltas: 100% (56/56), done.  Use the cd command to enter into the webkiller directory. o cd webkiller/ root@ubuntu-VirtualBox:/home/iicybersecurity# cd webkiller/ root@ubuntu-VirtualBox:/home/iicybersecurity/webkiller#  Next, use this command to install the requirements.txt o pip3 install -r requirement.txt Now, use this command to launch the tool o python3 webkiller.py 

  2. Here we see the 3 options, Information gathering, CMS Detection, and Developer. Choose the required option. INFORMATION GATHERING Information Gathering is just like collecting information about the target it can be a web application or a network, which are publicly available on the internet. In the information gathering, we have 14 options.

  3. Now, we will show some unique option. BYPASS CLOUD FLARE Cloud Flare acts as a reverse proxy between the website and website users. These are the countries where cloud Flare services are available.

  4. So, most of the websites are using cloud flare services.  Choose option 1, select cloud flare and enter the domain name.

  5.  Here we got the URLs about the targeted website. Now, open the URL in our browser. To check whether the URL takes us working.  Here, we got the admin’s page of website. PORT SCAN The port scan is to check open ports in a domain/IP.   Choose option 5, to start the port scan. For scanning the domain/IP, this webkiller is using the Nmap tool.

  6. Here, we see the ports, state and service on the target domain. TRACE TOUTE Trace Toute is a tool that records the data packet traveling from host computer to destination via the internet.  Now, choose option 3 for Trace Toute

  7. Here, we see the packets and the average time on each hop. CMS DETECTION In the webkiller we have an option called CMS Detection. The main aim of this is to detect the target website CMS (content management system).   Choose option 2 and select option 1 for WordPress. Select option 1 for plugins

  8. In the above picture, we can see two URLs. Open this URLs in the browser and let’s check whether we get any information.

  9. Here, we can see the admin’s data. Now let me open the API-keys.js and check whether we find any information in these folders.

  10. CONCLUSION Information gathering phase is very important phase of doing pentesting, this tool is easy to use and can be used to craft further attacks.

  11. Contact https://www.securitynewspaper.com/ MEXICO 538, Homero #303, Chapultepec Morales, Mexico D.F (Distrito Federal) 11570 INDIA Fifth Floor, HB Twin Tower Netaji Subhash Place, Delhi NCR, 110034

More Related