Xerosploit is a
Python-based penetration testing toolkit that enables security professionals to perform
MITM attacks, network scanning, vulnerability exploitation, and post-exploitation activities. The
2025 version introduces new modules, improved evasion techniques, and enhanced automation.
Key Features & Capabilities
1. Advanced Man-in-the-Middle (MITM) Attacks
- ARP Spoofing (Redirects traffic through attacker’s machine)
- DNS Spoofing (Redirects domain requests to malicious servers)
- Session Hijacking (Steals cookies, login credentials)
- SSL Stripping (Downgrades HTTPS to HTTP for interception)
2. Exploitation Modules
- Browser Exploitation (Injecting malicious JavaScript)
- Download Replacer (Forces victim to download malicious files)
- Code Injection (HTML, JavaScript, or PowerShell payloads)
3. Network Scanning & Reconnaissance
- Port Scanning (Detects open ports & services)
- OS Fingerprinting (Identifies target OS)
- Network Sniffing (Captures unencrypted traffic)
4. Post-Exploitation & Persistence
- Backdoor Installation (Maintains access to compromised systems)
- Keylogging (Captures keystrokes from victims)
- Screenshot Capture (Takes screenshots of victim’s desktop)
5. Evasion & Anti-Detection Features (New in 2025)
- Bypasses modern IDS/IPS systems
- Randomized MAC Address Spoofing
- Encrypted C2 (Command & Control) Communication
