Killshot is used as an information-gathering tool. It is used to scan websites for information gathering and finding vulnerabilities in websites and webapps. It is one of the easiest and useful tools for performing reconnaissance on websites and web apps. It is available for Linux, window, and android phones ( termux ) that is coded in both bash and ruby languages.
Killshot interface is very similar to Metasploit 1 and Metasploit. Killshot provide a command-line interface that you can run on Linux. This tool can be used to get information about our target(domain). We can target any domain using Killshot. The interactive console provides a number of helpful features, such as command completion and contextual help. This tool is written in ruby language. You must have the ruby language installed in your Kali Linux to use this tool.
Killshot can detect WordPress, Drupal, Joomla, and Magento CMS, WordPress sensitive files, and WordPress version-related vulnerabilities. Killshot uses different modules for doing all the scannings. The whois data collection gives us information about Geoip lookup, Banner grabbing, DNS lookup, port scanning, sub-domain information, reverse IP, and MX records lookup.
Features and uses of Killshot :
- killshot is a free and open-source tool.
- killshot is a complete package of information gathering modules.
- killshot works and acts as a web application/website scanner.
- killshot is one of the easiest and useful tools for performing reconnaissance.
- killshot is written in ruby language.
- killshot can be used to find the IP Addresses of the target.
- killshot can be used to look for error-based SQL injections.
- killshot can be used to find sensitive files such as robots.txt.
Installation of killshot :
Step 1: Open your Kali Linux operating system and install the tool using the following command.
git clone https://github.com/bahaabdelwahed/killshot cd killshot
Step 2: Now install the dependencies using the following command,
sudo ruby setup.rb
Step 3: All the installation has been done. Now to run the tool use the following command.
ruby Killshot.rb
The tool is running successfully. Now let’s see an example of how to use the tool for reconnaissance.
Example 1. Scan the website google.com find the IP address, country, HTTP server details, redirect location, x-xss protection, languages website using.
Step 1: Open the tool and type the following command.
help
Step 3: Use the following command to scan the site.
site google.com
Once you enter google.com into the site. The tool will search all the details. The tool will gather all the information.
You can see that we got all the details of google.com. You can also use your target to gather information. The information is p address, country, HTTP server details, redirect location, x-xss protection, languages that the website is using.