Fsociety Tool in Kali Linux

Fsociety is a free and open-source information-gathering tool that can be downloaded from GitHub. It is well-versed in scanning websites for data collection and identifying flaws in websites and web applications. Fsociety is one of the simplest and most valuable tools for performing reconnaissance on website and web applications. This tool is also available for Windows, Linux, and Android phones (termux) coded in bash and Python. Fsociety offers a command-line interface that we can run on Kali Linux. We can use this tool to get our target (domain) information. With the help of Fsociety, we can target any domain. The interactive console has a various useful feature, including contextual help and command completion. Fsociety is based upon Mr. Robotincludes series.

Menu of Fsociety:

1. Information Gathering

The primary step to security assessment or ethical hacking is gathering all the possible information related to the target; that the reason why this Fsociety offers some well-known information-gathering tools such as:

• Setoolkit
• WPScan
• Crips
• Nmap
• CMS Scanner
• XSStrike
• Host To IP
• Dork-Google Dorks Passive Vulnerability Auditor
• Scan A server's Users

2. Password Attacks

Fsociety includes primarily two tools for performing any kind of password attack. Those are Cupp- to generate password lists Nc rack-network Authentication protocol.

3. Wireless Testing

It also provides tools for performing wireless attacks, such as Reaver Pixiewps and Bluetooth Honeypot.

4. Exploitation Tools

After we have gathered all of our information and identified any vulnerabilities, the next thing we have to do is to exploit those vulnerabilities. The following tools are offered by Fsociety to exploit vulnerabilities:

• ATSCAN
• JBoss Autopwn
• Sqlmap
• Shellnoob
• Commix
• FTP Auto Bypass

5. Sniffing & Spoofing

Fsociety allows us to perform Sniffing and Spoofing using a variety of tools such as:

• Setoolkit
• SMTP Mailer
• pyPISHER
• SSLtrip

6. Web Hacking

Fsociety also has tools for web hacking and web pentesting. The following are the tools.

• WordPress Exploit Scanner
• WordPress Plugins Scanner
• WordPress & Joomla Scanner
• Inurlbr
• Drupal Hacking
• Joomla! 1.5-3.4.5 remote code execution
• Arachni- Web Application Security Scanner Framework
• Shell and Directory Finder
• BruteX-Automatically brute force all service running on a target
• Vbulletin 5.X remote code execution
• Gravity Form Scanner
• File Upload Checker

7. Private Web Hacking

Fsociety also contains some private Web Hacking Tool such as:

• Zip Files Finder
• SQLi Scanner
• Control Panel Finder
• Ports Scan (range of ports)
• Ports Scan (common ports)
• Get Joomla websites
• Get all websites
• Bypass Cloudflare
• Get Server users
• Get server info
• Upload File Finder
• Get WordPress websites

8. Post-Exploitation

After we have finished exploitation, we will need to perform some post-exploitation attacks to keep permanent access to the system. According to our need, Fsociety also offers some tools like Shell checker, Weema, POET.

9. Contributors

Contain a contributors list.

10. Installation & Update is used to update the framework.

How to Install Fsociety Tool in Kali Linux

In order to install Fsociety, we have to use the following commands:

Step 1: First, we have to open the Kali Linux terminal and run the following command to install the tool from GitHub.

Step 2: Now, the tool has been downloaded, and we have to move it to the directory with the help of the following command.

Step 3: Next, we have to install the tool with the help of the following command.

Step 4: After we have downloaded all of the dependencies, we have to run the tool using the following command.

Usage

Example 1: We can use the Fsociety framework in order to perform reconnaissance in a domain.

After that, we will select nmap.

Enter the IP address of the target.

Then we need to type 2 for the port scan.

The framework has started nmap, and this is how we can perform on our target IP address.

Example 2: Use the Fsociety framework tool to find the domain's IP address.

Enter the hostname after selecting the host for the IP tool in the framework. The host's IP address will be revealed by the tool.