HACK INFORMATION OF ANY WEBSITE USING WEBKILLER

INTRODUCTION
For hacking any website or web application, information gathering phase about the target is must. Hackers use
different tools for collecting unique information about the target. Web killer is another information-gathering tool
with nice options to scan the target. In this tool, we have all the option to perform information gathering and this
tool is completely built on the python programming language.

ENVIRONMENT
 OS: Ubuntu 18.04.4, 64 bit
 Kernel version: 5.3.0-45-generic

INSTALLATION STEPS
 Use this command to clone the file. git clone https://github.com/ultrasecurity/webkiller

root@ubuntu-VirtualBox:/home/iicybersecurity# git clone

https://github.com/ultrasecurity/webkiller

Cloning into 'webkiller'…

remote: Enumerating objects: 3, done.

remote: Counting objects: 100% (3/3), done.

remote: Compressing objects: 100% (3/3), done.

remote: Total 160 (delta 0), reused 0 (delta 0), pack-reused 157

Receiving objects: 100% (160/160), 97.63 KiB | 254.00 KiB/s, done.

Resolving deltas: 100% (56/56), done.

 Use the cd command to enter into the webkiller directory.

o cd webkiller/

root@ubuntu-VirtualBox:/home/iicybersecurity# cd webkiller/

root@ubuntu-VirtualBox:/home/iicybersecurity/webkiller#

 Next, use this command to install the requirements.txt

o pip3 install -r requirement.txt
 Now, use this command to launch the tool
o python3 webkiller.py
 Here we see the 3 options, Information gathering, CMS Detection, and Developer. Choose the required
option.

INFORMATION GATHERING
Information Gathering is just like collecting information about the target it can be a web application or a
network, which are publicly available on the internet.

In the information gathering, we have 14 options.

 Now, we will show some unique option.

BYPASS CLOUD FLARE

Cloud Flare acts as a reverse proxy between the website and website users. These are the countries where
cloud Flare services are available.
 So, most of the websites are using cloud flare services.

 Choose option 1, select cloud flare and enter the domain name.
 Here we got the URLs about the targeted website.
 Now, open the URL in our browser. To check whether the URL takes us working.

 Here, we got the admin’s page of website.

PORT SCAN
The port scan is to check open ports in a domain/IP.

 Choose option 5, to start the port scan.

 For scanning the domain/IP, this webkiller is using the Nmap tool.
 Here, we see the ports, state and service on the target domain.

TRACE TOUTE
Trace Toute is a tool that records the data packet traveling from host computer to destination via the internet.

 Now, choose option 3 for Trace Toute

 Here, we see the packets and the average time on each hop.

CMS DETECTION
In the webkiller we have an option called CMS Detection. The main aim of this is to detect the target website
CMS (content management system).

 Choose option 2 and select option 1 for WordPress.

 Select option 1 for plugins
In the above picture, we can see two URLs. Open this URLs in the browser and let’s check whether we get any
information.
Here, we can see the admin’s data. Now let me open the API-keys.js and check whether we find any
information in these folders.
CONCLUSION
Information gathering phase is very important phase of doing pentesting, this tool is easy to use and can be
used to craft further attacks.
Contact https://www.securitynewspaper.com/

MEXICO
538, Homero #303, Chapultepec Morales,
Mexico D.F (Distrito Federal) 11570

INDIA
Fifth Floor, HB Twin Tower
Netaji Subhash Place, Delhi NCR, 110034