Frameworks Vulnerability scanner

RoxySploit – Penetration Testing Framework

Written by Mubassir patel

RoxySploit – Penetration Testing Framework

  • Roxysploit is a hacker framework and penetration testing framework. Roxysploit is a automated script which will decrease your time to run single single command for finding vulnerabilities.

How to install RoxySploit

$ git clone; cd roxysploit; sudo /bin/bash install



Executing plugins examples

rsf > use Picklock
rsf (plugins/picklock) > help

Core Commands

  Command         Description
  -------         -----------
  help            show help menu
  execute         run the plugin
  exit            exit the current plugin

rsf (plugins/picklock) > execute
[?] OS :: Select the devices os

*0) Android :: Bruteforce 4digit pincode usb debugging
 1) Linux   :: Bruteforce Encrypted partions

[+] device: [0]:
rsf > use Poppy
rsf (plugins/poppy) > execute
[?] Interface :: Your interface
[+] interface: [wlan0]: wlp6s0
[?] Target :: Enter the targets ip
[+] target: [192.326.1.25]:
[?] Gateway :: Enter the gateway/router ip
[+] router: []:
[?] Function :: Would you like to setup dns spoofing?

*0) no :: Disable dns spoofing
 1) yes :: Enable dns spoofing

[+] function: [0]:
[?] Configuring Plugin

Name             Set Value
----             ----------
Interface        wlp6s0
Plugin           plugins/poppy

[?] Execute Plugins? [yes]:  
[*] Enabling IP Forwarding...
[*] Poisoning Targets...

What operating systems support roxysploit?

  • All Linux distros are currently supported, it is recomended for a prebuilt pentesting os like kali linux although.

What is roxysploit?

  • roxysploit is a community-supported, open-source and penetration testing suite that supports attacks for numerous scenarios. conducting attacks in the field.

Some containing Plugins in roxysploit

  • Scan is a automated Information gathering plugin it gives the user the ability to have a rest while the best Information gathering plugin can be executed.
    Jailpwn is a useful plugin for any iphone device that has been jailbroken it will attempt to login to the ssh using its default password giving you a full shell.
    Eternalblue is a recent plugin we added it Exploits a vulnerability on SMBv1/SMBv2 protocols these were collected from the nsa cyberweapons.
    Internalroute Exploits multiple vulnerabilities in routers this can become very useful such as hotel wifi’s.
    Aurora this is a old plugin that can become very useful for pen-testers it exploits Internet Explorer 6 URL vulnerability.
    Doublepulsar is giving you the ability to Remotely inject a malicious dll backdoor into a windows computer.
    Kodi is a fantastic movie streaming platform but however it runs on linux we have Created a malicious addon(backdoor) via
    Bleed uses a mass vulnerability check on finding any SSL Vulnerabilities.
    Tresspass is a way of managing your php backdoor and gaining shell or even doing single commands it requires password authentication stopping any lurker.
    Handler is commonly used to create a listener on a port.
    Poppy is a mitm plugin allowing you to Arp spoof and sniff unencrypted passwords on all protocals such as ftp and http.
    Redcarpet is a nice plugin keeping you safe from malicious hackers this will Encrypt a user directory.
    Picklock is a local bruteforce plugin that you can Picklock/bruteforce Mulitple devices Pincodes such as android usb debugging.
    Passby can load a usb to steal all credentials from a windows computer in seconds.
    Dnsspoof is common for man in the middle attacks, it can redirect any http requests to your dns.
    Smartremote this is more of a funny remote exploit you can Take over a smart tv’s remote control without authentication.
    Blueborne is a recent Bluetooth memory leak all devices even cars.
    Credswipe you have to have a card reader to clone them.
    Rfpwn suitable device to bruteforce a special AM OOK or raw binary signal.
    Ftpbrute Brute-force attack an ftp(file transfer protocol) server Wifijammer you can Deauth wifi networks around your area, meaning disconnecting all users connected to the network.

About the author

Mubassir patel

Mubassir is a founder and developer of this site. He is a computer science engineer. He has a very deep interest in ethical hacking, penetration testing, website development and including all technology topic.

Leave a Comment