KillShot to hack any website
4 min readMay 29, 2019
The KillShot tool can crawl target web applications and find backend web technologies, identify CMS (Content Management System) in use, and scan open ports with running services. KillShot is design to scan any website and gather information using other bunch of useful tools like — whatweb, dig, fierce, wafw00f and Identifies the CMS and to find the vulnerability using CMS Exploit Scanner && WebApp Vul Scanner. You can use the killShot to scan with other popular tools and these all are the part of ethical hacking classes offered by International Institute of Cyber Security.
Installation:
- This tool is tested on kali linux 2018.2
- Open terminal and type git clone https://github.com/bahaabdelwahed/killshot
- We are using www.hackthissite.org as a target
- After help option choose site (MAKE YOUR TARGET) and enter
root@kali:~/killshot#ruby Killshot.rb
██╗ ██╗██╗██╗ ██╗ ███████╗██╗ ██╗ ██████╗ ████████╗
██║ ██╔╝██║██║ ██║ ██╔════╝██║ ██║██╔═══██╗╚══██╔══╝
█████╔╝ ██║██║ ██║ ███████╗███████║██║ ██║ ██║
██╔═██╗ ██║██║ ██║ ╚════██║██╔══██║██║ ██║ ██║
██║ ██╗██║███████╗███████╗ ███████║██║ ██║╚██████╔╝ ██║
╚═╝ ╚═╝╚═╝╚══════╝╚══════╝ ╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═╝
<Track my Target> Gather information About Targets
track>>> : help
[site] MAKE YOUR TARGET
[help] show this MESSAGE
[targ] Search targets
[exit] exit the script
[uptd] Update KillShot
[anon] Run Anonymous Mode
[info] About killShot
track>>> :- Then enter the website which you want to scan . We are using
- www.hackthissite.org and hit enter
.n . . n. . .dP dP 9b 9b. . 4 qXb . dX Xb . dXp t dX. 9Xb .dXb __ __ dXb. dXP .Xb 9XXb._ _.dXXXXb dXXXXbo. .odXXXXb dXXXXb._ _.dXXP 9XXXXXXXXXXXXXXXXXXXVXXXXXXXXOo. .oOXXXXXXXXVXXXXXXXXXXXXXXXXXXXP `9XXXXXXXXXXXXXXXXXXXXX'~ ~`OOO8b d8OOO'~ ~`XXXXXXXXXXXXXXXXXXXXXP' `9XXXXXXXXXXXP' `9XX' Hide `98v8P' Hack `XXP' `9XXXXXXXXXXXP' ~~~~~~~ 9X. .db|db. .XP ~~~~~~~ )b. .dbo.dP'`v'`9b.odb. .dX{0} Spider
{1} Web technologie
{2} WebApp Vul Scanner
{3} Port Scanner
{4} CMS Scanner
{5} Fuzzers
{6} Cms Exploit Scanner
{7} Backdoor Generation
{8} Linux Log Clear
{9} Find MX/NS
info>>> :
- Now it will show the multiple options ,you can use any one of them
- Here we are using 0 spider
info>>> : 0
ip For www.hackthissite.org :: "137.74.187.104"
Links And Paths ::
Related domains and Parameters ::
https://www.hackthissite.org
irc://irc.hackthissite.org:+7000/
https://www.hackthissite.org/forums
https://www.cafepress.com/htsstore
https://hts.io
https://twitter.com/hackthissite
/
https://www.hackthissite.org/TNG355Q5B85cL3PDeI88H0dLCRYaA776flCTc4MX0u136lQ4hP94cZSnOFheqEU9zT8k6WDlcG17HglFDUi0Tg7kH42bzckCR4Q2ZQ
https://www.hackthissite.org/advertise/
/user/login
/register
/user/resetpass
https://www.hackthissite.org/donate/
/missions/basic/
/missions/realistic/
/missions/application/
/missions/programming/
/missions/phonephreaking/
/missions/javascript/
/missions/forensic/
/missions/playit/extbasic/0/
/missions/playit/stego/0/
irc://irc.hackthissite.org/htb
/blogs
/news
/pages/articles/article.php
/lectures
/pages/programs/programs.php
http://mirror.hackthissite.org/hackthiszine/info>>> : 1
[+]Basic WhatWeb Information ::
terminated with exception (report_on_exception is true):
Traceback (most recent call last):
2542: from /usr/bin/whatweb:981:in block (2 levels) in <main>' 2541: from /usr/bin/whatweb:981:inloop'
2540: from /usr/bin/whatweb:988:in block (3 levels) in <main>' 2539: from /usr/share/whatweb/lib/target.rb:96:inopen'
2538: from /usr/share/whatweb/lib/target.rb:188:in open_url' 2537: from /usr/lib/ruby/2.5.0/net/http.rb:1455:inrequest'
2536: from /usr/lib/ruby/2.5.0/net/http.rb:909:in start' 2535: from /usr/lib/ruby/2.5.0/net/http.rb:920:indo_start'
... 2530 levels...
4: from /usr/lib/ruby/2.5.0/resolv.rb:524:in block in fetch_resource' 3: from /usr/lib/ruby/2.5.0/resolv.rb:769:insender'
2: from /usr/lib/ruby/2.5.0/resolv.rb:629:in allocate_request_id' 1: from /usr/lib/ruby/2.5.0/resolv.rb:629:insynchronize'
/usr/lib/ruby/2.5.0/resolv.rb:630:in block in allocate_request_id': stack level too deep (SystemStackError) Traceback (most recent call last): 2542: from /usr/bin/whatweb:981:inblock (2 levels) in
'
.-------------------------SNIP---------------------------------------------
2541: from /usr/bin/whatweb:981:in loop' 2540: from /usr/bin/whatweb:988:inblock (3 levels) in '
2539: from /usr/share/whatweb/lib/target.rb:96:in open' 2538: from /usr/share/whatweb/lib/target.rb:188:inopen_url'
2537: from /usr/lib/ruby/2.5.0/net/http.rb:1455:in request' 2536: from /usr/lib/ruby/2.5.0/net/http.rb:909:instart'
2535: from /usr/lib/ruby/2.5.0/net/http.rb:920:in do_start' ... 2530 levels... 4: from /usr/lib/ruby/2.5.0/resolv.rb:524:inblock in fetch_resource'
3: from /usr/lib/ruby/2.5.0/resolv.rb:769:in sender' 2: from /usr/lib/ruby/2.5.0/resolv.rb:629:inallocate_request_id'
1: from /usr/lib/ruby/2.5.0/resolv.rb:629:in synchronize' /usr/lib/ruby/2.5.0/resolv.rb:630:inblock in allocate_request_id': stack level too deep (SystemStackError)
[+]Host Result ::
www.hackthissite.org has address 137.74.187.100
www.hackthissite.org has address 137.74.187.103
www.hackthissite.org has address 137.74.187.104
www.hackthissite.org has address 137.74.187.102
www.hackthissite.org has address 137.74.187.101
www.hackthissite.org has IPv6 address 2001:41d0:8:ccd8:137:74:187:102
www.hackthissite.org has IPv6 address 2001:41d0:8:ccd8:137:74:187:103
www.hackthissite.org has IPv6 address 2001:41d0:8:ccd8:137:74:187:101
www.hackthissite.org has IPv6 address 2001:41d0:8:ccd8:137:74:187:104
www.hackthissite.org has IPv6 address 2001:41d0:8:ccd8:137:74:187:100
[+]Dig Result About Dns::
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7021 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;8.8.8.8. IN A ;; AUTHORITY SECTION: . 6767 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019050800 1800 900 604800 86400 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5506
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;www.hackthissite.org. IN A
;; ANSWER SECTION:
www.hackthissite.org. 2440 IN A 137.74.187.100
www.hackthissite.org. 2440 IN A 137.74.187.103
www.hackthissite.org. 2440 IN A 137.74.187.104
www.hackthissite.org. 2440 IN A 137.74.187.102
www.hackthissite.org. 2440 IN A 137.74.187.101
[+]Trying zone transfer and Brute force ::
Option w is ambiguous (wide, wordlist)
Trying zone transfer first...
Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way... brute force
Checking for wildcard DNS...
Nope. Good.
Now performing 2280 test(s)...
Subnets found (may want to probe here using nmap or unicornscan):
Done with Fierce scan: http://ha.ckers.org/fierce/
Found 0 entries.
Have a nice day.
- This output will show the basic whatweb information of a website. Its scan detected application, web servers and other technologies. It also scan the web server HTTP headers and the HTML source of a target.
- Host result: its shows the host ip of the website and also scan IPv4 or IPv6 of a website .
- It also scan the Firewall And IDS on the target (No WAF detected by the generic detection) it means NO WAF (Web Application Firewall).
- dig tool is used for querying DNS nameservers, for information like host addresses, mail exchange, nameservers and related information. Its also find the A records of the target.
Note to get all the options don’t need to scroll down just type banner and it will show the options
nmap scan:
- Nmap TCP Scan shows the tcp open and closed ports, working concept behind these scans is one of the very interesting part of ethical hacking classes of International Institute of Cyber Security.
- And its also shows info of load balancer on target
- It also shows the rDNS records
unicon scan:
Now we are scanning with unicon scan. You have to follow all the steps to get the port scanning option and then select 1
connected 192.168.1.12:34682 -> 192.168.1.10:139
TCP open 192.168.1.10:139 ttl 128- Its also scan the TCP open ports and shows the services with ports
- Sender statistics 177.8 pps with 86528 packets sent total
- For scanning its uses the local network card as shown below.
using interface(s) eth0Originally published at https://www.securitynewspaper.com on May 29, 2019.
