XeroSploit: Efficient and Advanced MiTM Framework

Last Release: 07/30/2016    

XeroSploit: Efficient and Advanced MiTM Framework

XeroSploit is an open-source pentesting framework able to perform Man in the middle attacks on the network which is being targeted. This pentesting toolkit also has a variety of modules which makes it very efficient in DoS attacks and port scanning. XeroSploit is and is python based, powered by nmap and bettercap.

XeroSploit: An Advanced Man in the Middle Framework

With this tool, you can perform a number of MiTM attack on a network of your choosing. Depending on what you intend to do, XeroSploit allows you to launch scans on available ports, perform sniffing, and also mapping of the network in question. An attacker can also use XeroSploit to launch simulated cyber-attacks like DoS, JavaScript code Injection, HTML code injection, DNS spoofing, etc.

How it works?

As a penetration testing toolkit, XeroSploit begins its penetration operations by fetching all the needed information about the machine being targeted. This may include things like the configuration of the victim’s operating system. Such information can be obtained through the use of specific commands which give a user easy access to all the resources available in XeroSploit. You can view the full list of the available commands by applying the help command.
By using the scan command, which is one of the main commands, you can map the targeted network and discover all the hosts connected to the network. Other commands included in XeroSploit are rmlog, iface, start, and gateway. You can target a specific IP address and skip the whole scanning process by using the start command. Since XeroSploit is set to log all the data obtained by default you can choose to remove log records through the use of the rmlog command.
After a scan has been done on a network you can load any of the modules that will meet your attack requirements.


  • Drifnet
  • Port scanning
  • Sniffing
  • Dos attack
  • HTML code injection
  • Image replacement
  • Webpage defacement
  • JS code Injection
  • Network mapping
  • Intercaption download and replacement
  • Dns spoofing
  • Audio reproduction (background)
  • And much more…


  • move 
  • pscan 
  • injecthtml
  • replace 
  • deface
  • injectjs 
  • sniff    
  • driftnet 
  • rdownload
  • ping
  • dspoof
  • dos 

Tested on the following OSs:


  • hping3, nmap, libpcap-dev, libgmp3-dev, build-essential, tabulate, terminaltables, ruby-dev

XeroSploit Install

Clone the repo:

$ git clone https://github.com/LionSec/xerosploit.git
$ cd xerosploit && sudo python install.py 
$ sudo xerosploit 

Use help to list all available options.

Choose module and type run to execute. Example:

$ pscan run
Download Box