WebSploit

WebSploit is an open source project designed as an automatic vulnerability assessment, web scanner, and exploiter tool. It supports scanning and analysis of remote systems to find multiple types of vulnerabilities, making it a powerful tool for penetration testers and security researchers. The framework is particularly useful for web-based attacks and man-in-the-middle scenarios.

The tool operates through a command-line console with a modular structure, allowing users to select and configure specific modules for different attack vectors. It includes capabilities like directory scanning, WiFi network scanning, and other web exploitation techniques. WebSploit is composed of 19 available modules as of version 2.0.5 BETA.

Use cases include reconnaissance of web directories, vulnerability discovery on remote hosts, and wireless network enumeration during penetration testing engagements. It requires root privileges and is installed via standard Kali Linux package management.

WebSploit functions as a Python-based command-line framework with a Metasploit-like interface. Users launch the console with 'websploit', then use commands like 'show' to list modules, 'use <module_name>' to select one, 'options' to view settings, and 'set' to configure parameters such as TARGET. Modules execute specific techniques: dir_scanner sends HTTP requests to detect directories and files, returning status codes like 200 or 400; scan_wifi performs wireless network discovery showing SSID, BSSID, channel, signal, and security details. The modular design loads paths/lists and performs protocol-specific scans or exploits.