fsociety – Mr Robot Penetration Testing Framework

fsociety is a penetration testing framework consists of all penetration testing tools that a hacker needs. It includes all the tools that involved in the Mr. Robot Series.

Installing fsociety

The tool consist of a huge tools list starting form Information gathering to Post Exploitation.

To clone the tool from Github


Then provide executable permission for install.sh

root@kali:~/fsociety# chmod +x install.sh

To run fsociety

root@kali:~# fsociety

Also read: How hackers bruteforce and techniques used

Fsociety Tools List

Information Gathering

Information gathering is a solid phase for every penetration testing, the package covers following tools Nmap, Setoolkit Port Scanning, Host To IP, WordPress user, CMS scanner, XSStrike, Dork – Google Dorks Passive Vulnerability Auditor
Scan A server’s Users, Crips.

  • Nmap
  • Setoolkit
  • Host To IP
  • WPScan
  • CMS Scanner
  • XSStrike
  • Dork – Google Dorks Passive Vulnerability Auditor
  • Scan A server’s Users
  • Crips

Password Attacks:

For password attacks, the package consists of Cupp – To generate password list, Ncrack – network Authentication protocol.

  • Cupp
  • Ncrack

Wireless Testing:

For Wireless penetration testing, it has reaver, the pixiewps effective tool to attack WPS PINS.

  • Reaver
  • Pixiewps
  • Bluetooth Honeypot

Exploitation Tools:

It allows you to take advantages of the vulnerabilities present in other services.The package consists of ATSCAN, sqlmap, Shellnoob, commix, FTP Auto Bypass, JBoss-autopwn, Blind SQL Automatic Injection And Exploit. Bruteforce the Android Passcode given the hash and salt, Joomla SQL injection Scanner.

  • sqlmap
  • Shellnoob
  • commix
  • FTP Auto Bypass
  • JBoss Autopwn

Sniffing & Spoofing:

Sniffing includes catching, translating, inspecting and interpreting the data inside a network packet on a TCP/IP arrange.The package consists of Setoolkit, SSLStrip, pyPISHER, SMTP Mailer.

  • Setoolkit
  • SSLtrip
  • pyPISHER
  • SMTP Mailer

Web Hacking:

It consists of powerful tools for web penetration testing and also for CMS. Consist of tools Drupal Hacking, Inurlbr, WordPress & Joomla Scanner, Gravity Form Scanner, File Upload Checker, WordPress Exploit Scanner, WordPress Plugins Scanner, Shell and Directory Finder, Joomla! 1.5 – 3.4.5 remote code execution, Vbulletin 5.X remote code execution. BruteX – Automatically brute force all services running on a target, Arachni – Web Application Security Scanner Framework.

  • Drupal Hacking
  • Inurlbr
  • WordPress & Joomla Scanner
  • Gravity Form Scanner
  • File Upload Checker
  • WordPress Exploit Scanner
  • WordPress Plugins Scanner
  • Shell and Directory Finder
  • Joomla! 1.5 – 3.4.5 remote code execution
  • Vbulletin 5.X remote code execution
  • BruteX – Automatically brute force all services running on a target
  • Arachni – Web Application Security Scanner Framework

fsociety Private Web Hacking:

Under Private Web hacking, it consists of following tools Get all websites, Get Joomla websites, Get WordPress websites Control Panel Finder, Zip Files Finder, Upload File Finder, Get server users, SQli Scanner, Ports Scan (range of ports) ports Scan (common ports), Get server Info, Bypass Cloudflare.

  • Get all websites
  • Get Joomla websites
  • Get WordPress websites
  • Control Panel Finder
  • Zip Files Finder
  • Upload File Finder
  • Get server users
  • SQli Scanner
  • Ports Scan (range of ports)
  • ports Scan (common ports)
  • Get server Info
  • Bypass Cloudflare

Post Exploitation:

For Post Exploitation it consists of Shell Checker, POET, Weeman.
  • Shell Checker
  • POET
  • Weeman

Leave a Reply

Your email address will not be published. Required fields are marked *