KillShot to hack any website

Installation:

root@kali:~/killshot#ruby Killshot.rb
██╗ ██╗██╗██╗ ██╗ ███████╗██╗ ██╗ ██████╗ ████████╗
██║ ██╔╝██║██║ ██║ ██╔════╝██║ ██║██╔═══██╗╚══██╔══╝
█████╔╝ ██║██║ ██║ ███████╗███████║██║ ██║ ██║
██╔═██╗ ██║██║ ██║ ╚════██║██╔══██║██║ ██║ ██║
██║ ██╗██║███████╗███████╗ ███████║██║ ██║╚██████╔╝ ██║
╚═╝ ╚═╝╚═╝╚══════╝╚══════╝ ╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═╝
<Track my Target> Gather information About Targets
track>>> : help
[site] MAKE YOUR TARGET
[help] show this MESSAGE
[targ] Search targets
[exit] exit the script
[uptd] Update KillShot
[anon] Run Anonymous Mode
[info] About killShot
track>>> :
.n . . n. . .dP dP 9b 9b. . 4 qXb . dX Xb . dXp t dX. 9Xb .dXb __ __ dXb. dXP .Xb 9XXb._ _.dXXXXb dXXXXbo. .odXXXXb dXXXXb._ _.dXXP 9XXXXXXXXXXXXXXXXXXXVXXXXXXXXOo. .oOXXXXXXXXVXXXXXXXXXXXXXXXXXXXP `9XXXXXXXXXXXXXXXXXXXXX'~ ~`OOO8b d8OOO'~ ~`XXXXXXXXXXXXXXXXXXXXXP' `9XXXXXXXXXXXP' `9XX' Hide `98v8P' Hack `XXP' `9XXXXXXXXXXXP' ~~~~~~~ 9X. .db|db. .XP ~~~~~~~ )b. .dbo.dP'`v'`9b.odb. .dX{0} Spider
{1} Web technologie
{2} WebApp Vul Scanner
{3} Port Scanner
{4} CMS Scanner
{5} Fuzzers
{6} Cms Exploit Scanner
{7} Backdoor Generation
{8} Linux Log Clear
{9} Find MX/NS
info>>> :
  • Now it will show the multiple options ,you can use any one of them
  • Here we are using 0 spider
info>>> : 0
ip For www.hackthissite.org :: "137.74.187.104"
Links And Paths ::
Related domains and Parameters ::
https://www.hackthissite.org
irc://irc.hackthissite.org:+7000/
https://www.hackthissite.org/forums
https://www.cafepress.com/htsstore
https://hts.io
https://twitter.com/hackthissite
/
https://www.hackthissite.org/TNG355Q5B85cL3PDeI88H0dLCRYaA776flCTc4MX0u136lQ4hP94cZSnOFheqEU9zT8k6WDlcG17HglFDUi0Tg7kH42bzckCR4Q2ZQ
https://www.hackthissite.org/advertise/
/user/login
/register
/user/resetpass
https://www.hackthissite.org/donate/
/missions/basic/
/missions/realistic/
/missions/application/
/missions/programming/
/missions/phonephreaking/
/missions/javascript/
/missions/forensic/
/missions/playit/extbasic/0/
/missions/playit/stego/0/
irc://irc.hackthissite.org/htb
/blogs
/news
/pages/articles/article.php
/lectures
/pages/programs/programs.php
http://mirror.hackthissite.org/hackthiszine/
info>>> : 1
[+]Basic WhatWeb Information ::
terminated with exception (report_on_exception is true):
Traceback (most recent call last):
2542: from /usr/bin/whatweb:981:in block (2 levels) in <main>' 2541: from /usr/bin/whatweb:981:inloop'
2540: from /usr/bin/whatweb:988:in block (3 levels) in <main>' 2539: from /usr/share/whatweb/lib/target.rb:96:inopen'
2538: from /usr/share/whatweb/lib/target.rb:188:in open_url' 2537: from /usr/lib/ruby/2.5.0/net/http.rb:1455:inrequest'
2536: from /usr/lib/ruby/2.5.0/net/http.rb:909:in start' 2535: from /usr/lib/ruby/2.5.0/net/http.rb:920:indo_start'
... 2530 levels...
4: from /usr/lib/ruby/2.5.0/resolv.rb:524:in block in fetch_resource' 3: from /usr/lib/ruby/2.5.0/resolv.rb:769:insender'
2: from /usr/lib/ruby/2.5.0/resolv.rb:629:in allocate_request_id' 1: from /usr/lib/ruby/2.5.0/resolv.rb:629:insynchronize'
/usr/lib/ruby/2.5.0/resolv.rb:630:in block in allocate_request_id': stack level too deep (SystemStackError) Traceback (most recent call last): 2542: from /usr/bin/whatweb:981:inblock (2 levels) in
'
.-------------------------SNIP---------------------------------------------
2541: from /usr/bin/whatweb:981:in loop' 2540: from /usr/bin/whatweb:988:inblock (3 levels) in '
2539: from /usr/share/whatweb/lib/target.rb:96:in open' 2538: from /usr/share/whatweb/lib/target.rb:188:inopen_url'
2537: from /usr/lib/ruby/2.5.0/net/http.rb:1455:in request' 2536: from /usr/lib/ruby/2.5.0/net/http.rb:909:instart'
2535: from /usr/lib/ruby/2.5.0/net/http.rb:920:in do_start' ... 2530 levels... 4: from /usr/lib/ruby/2.5.0/resolv.rb:524:inblock in fetch_resource'
3: from /usr/lib/ruby/2.5.0/resolv.rb:769:in sender' 2: from /usr/lib/ruby/2.5.0/resolv.rb:629:inallocate_request_id'
1: from /usr/lib/ruby/2.5.0/resolv.rb:629:in synchronize' /usr/lib/ruby/2.5.0/resolv.rb:630:inblock in allocate_request_id': stack level too deep (SystemStackError)
[+]Host Result ::
www.hackthissite.org has address 137.74.187.100
www.hackthissite.org has address 137.74.187.103
www.hackthissite.org has address 137.74.187.104
www.hackthissite.org has address 137.74.187.102
www.hackthissite.org has address 137.74.187.101
www.hackthissite.org has IPv6 address 2001:41d0:8:ccd8:137:74:187:102
www.hackthissite.org has IPv6 address 2001:41d0:8:ccd8:137:74:187:103
www.hackthissite.org has IPv6 address 2001:41d0:8:ccd8:137:74:187:101
www.hackthissite.org has IPv6 address 2001:41d0:8:ccd8:137:74:187:104
www.hackthissite.org has IPv6 address 2001:41d0:8:ccd8:137:74:187:100
[+]Dig Result About Dns::
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7021 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;8.8.8.8. IN A ;; AUTHORITY SECTION: . 6767 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019050800 1800 900 604800 86400 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5506
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;www.hackthissite.org. IN A
;; ANSWER SECTION:
www.hackthissite.org. 2440 IN A 137.74.187.100
www.hackthissite.org. 2440 IN A 137.74.187.103
www.hackthissite.org. 2440 IN A 137.74.187.104
www.hackthissite.org. 2440 IN A 137.74.187.102
www.hackthissite.org. 2440 IN A 137.74.187.101
[+]Trying zone transfer and Brute force ::
Option w is ambiguous (wide, wordlist)
Trying zone transfer first...
Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way... brute force
Checking for wildcard DNS...
Nope. Good.
Now performing 2280 test(s)...
Subnets found (may want to probe here using nmap or unicornscan):
Done with Fierce scan: http://ha.ckers.org/fierce/
Found 0 entries.
Have a nice day.
  • This output will show the basic whatweb information of a website. Its scan detected application, web servers and other technologies. It also scan the web server HTTP headers and the HTML source of a target.
  • Host result: its shows the host ip of the website and also scan IPv4 or IPv6 of a website .
  • It also scan the Firewall And IDS on the target (No WAF detected by the generic detection) it means NO WAF (Web Application Firewall).
  • dig tool is used for querying DNS nameservers, for information like host addresses, mail exchange, nameservers and related information. Its also find the A records of the target.

nmap scan:

  • Nmap TCP Scan shows the tcp open and closed ports, working concept behind these scans is one of the very interesting part of ethical hacking classes of International Institute of Cyber Security.
  • And its also shows info of load balancer on target
  • It also shows the rDNS records

unicon scan:

Now we are scanning with unicon scan. You have to follow all the steps to get the port scanning option and then select 1

connected 192.168.1.12:34682 -> 192.168.1.10:139
TCP open 192.168.1.10:139 ttl 128
  • Its also scan the TCP open ports and shows the services with ports
  • Sender statistics 177.8 pps with 86528 packets sent total
  • For scanning its uses the local network card as shown below.
using interface(s) eth0

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store