Hack any website with All in One Tool and get information about your target

Internet is the hub of web applications. Many past developers has made numerous web applications to use internet more effectively. Internet has become more easy to use but complex to handle. Because it show case the lots of vulnerabilities. For gathering vulnerabilities we need an information gathering tool. That’s why we use information gathering or network reconnaissance tools. These tools gives basic information about the target. So that information can be used to build another scenario to exploit the target, explain ethical hacking investigators. Here comes Mercury tool which is used in information gathering of the target.

According to ethical hacking researcher of International Institute of Cyber Security says Mercury comes in bundle of other information gathering tools that’s why while testing a web application you don’t need to install separate tools.

Mercury is the tool to collect information about the target. It comprises of various small tools which are used to gather information. For showing you we have tested this tool on Kali Linux.

Before installing this tool make sure you have selenium in your Kali Linux. For that type sudo apt-get update
Type sudo apt-get install selenium
Type git clone https://github.com/MetaChar/Mercury.git
Then type ls
Type cd Mercury
Type pip install -r requirements.txt

pip install -r requirements.txt
 Requirement already satisfied: colorama in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 1))
 Collecting hashlib (from -r requirements.txt (line 2))
   Using cached https://files.pythonhosted.org/packages/74/bb/9003d081345e9f0451884146e9ea2cff6e4cc4deac9ffd4a9ee98b318a49/hashlib-20081119.zip
     Complete output from command python setup.py egg_info:
     Traceback (most recent call last):
       File "", line 1, in 
       File "/usr/lib/python2.7/dist-packages/setuptools/init.py", line 12, in 
         import setuptools.version
       File "/usr/lib/python2.7/dist-packages/setuptools/version.py", line 1, in 
         import pkg_resources
       File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 36, in 
         import email.parser
       File "/usr/lib/python2.7/email/parser.py", line 12, in 
         from email.feedparser import FeedParser
       File "/usr/lib/python2.7/email/feedparser.py", line 27, in 
         from email import message
       File "/usr/lib/python2.7/email/message.py", line 16, in 
         import email.charset
       File "/usr/lib/python2.7/email/charset.py", line 13, in 
         import email.base64mime
       File "/usr/lib/python2.7/email/base64mime.py", line 40, in 
         from email.utils import fix_eols
       File "/usr/lib/python2.7/email/utils.py", line 27, in 
         import random
       File "/usr/lib/python2.7/random.py", line 49, in 
         import hashlib as _hashlib
       File "hashlib.py", line 115, in 
         f()
     TypeError: 'frozenset' object is not callable
 
---------------------------------------- 
 
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-hK3fYS/hashlib/

The above command shows the error because some of the libraries are not inherited inside the code of the mercury.
But still some of the main features of the mercury which are used in information gathering can be used.
Type python Mercury.py

The above are the list of tools used in information gathering.

Checking Website Online/Offline :-

Type 5
Then type https://hack.me

Enter a choice  ~# 5

Enter a host name include https: https://www.hack.me

Attempt 1 at host: https://www.hack.me: online

Attempt 2 at host: https://www.hack.me: online

Attempt 3 at host: https://www.hack.me: online

Attempt 4 at host: https://www.hack.me: online

Attempt 5 at host: https://www.hack.me: online

The above command shows that target website is online. Mercury tries to ping on the target to showcase that the target is online.
The above is the basic method used in initial phase of information gathering.

Getting An IP address of the Target :-

Type 10
Type hack.me

Enter a choice  ~# 10
 Enter a website url hack.me
 74.50.111.244

The above command shows the IP address of the target.

Creating an Hash Value of the Word :-

Type 12
Then type testword or any word of your choice.

Enter a choice  ~# 12
          Please Enter a Word/String To Hash: testword
         97d7f037cc3360e21991849c0dff4985

The above command can be helpful to create an hash encode of target. The hash encode can be helpful to attack using other hacking activities.

Download Tools Using Mercury :-

There are many tools in mercury which you can download and use them in information gathering. Some of the tools do include in Kali Linux and some are the basic tools that can be used.
Type 13

Enter a choice  ~# 13

Then type any number of which you want to install the tool.
Type 6

    [0] Metasploit          [9] Aircrack
    [1] Mercury             [10] Wifite
    [2] Nmap                [11] Hammer
    [3] Lazy script         [12] Xerxes
    [4] fsociety            [13] XSStrike
    [5] Reaver              [14] Wpscan
    [6] InstaBrute          [15] Cupp
    [7] Cl0neMas3r          [16] Hydra
    [8] Sqlmap


    [100] Install All       [99] Exit submenu

Tools ~# 6

Then the tool will be downloaded and can be used in other hacking activities.

Use Mercury For DOS Attack :-

Type 23
Type 192.168.1.105 target IP address.

 Enter a choice  ~# 23
 Enter an ip address: 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105
 Bytes Sent to 192.168.1.105

The above command is useful in DOS attack. DOS is the most popular attacks. This method can be used in other hacking activities.

Finding Admin Panel :-

Type 22
Then type www.hack.me
Type https

Enter a choice  ~# 22
 Enter a site to scan just www: www.hack.me
 Is the link https or https: https
 https://www.hack.me/a
 https://www.hack.me/dm
 https://www.hack.me/in.
 https://www.hack.me/php
 https://www.hack.me/
 https://www.hack.me/admin.
 https://www.hack.me/html 
 https://www.hack.me/index.ph
 https://www.hack.me/p 
 https://www.hack.me/login.php
 https://www.hack.me/

The above command tries to find the admin panel of target. This method can be used in other hacking activities.
Mercury uses its own wordlist for creating an most common admin panel links.

Using NMAP in Mercury :-

Type 14
Type y if you have nmap install if not type n.
Then type 192.168.1.105

Enter a choice  ~# 14
 Have you already installed nmap? y/n y
 Enter an ip: 192.168.1.105
 Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-31 04:00 EST
 NSE: Loaded 148 scripts for scanning.
 NSE: Script Pre-scanning.
 Initiating NSE at 04:00
 Completed NSE at 04:00, 0.00s elapsed
 Initiating NSE at 04:00
 Completed NSE at 04:00, 0.00s elapsed
 Initiating ARP Ping Scan at 04:00
 Scanning 192.168.1.105 [1 port]
 Completed ARP Ping Scan at 04:00, 0.07s elapsed (1 total hosts)
 Initiating Parallel DNS resolution of 1 host. at 04:00
 Completed Parallel DNS resolution of 1 host. at 04:00, 0.09s elapsed
 Initiating SYN Stealth Scan at 04:00
 Scanning dvwa (192.168.1.105) [1000 ports]
 Discovered open port 80/tcp on 192.168.1.105
 Discovered open port 443/tcp on 192.168.1.105
 Discovered open port 3306/tcp on 192.168.1.105
 Discovered open port 21/tcp on 192.168.1.105
 Discovered open port 22/tcp on 192.168.1.105
 Completed SYN Stealth Scan at 04:00, 0.16s elapsed (1000 total ports)
 Initiating Service scan at 04:00
 Scanning 5 services on dvwa (192.168.1.105)
 Completed Service scan at 04:01, 12.10s elapsed (5 services on 1 host)
 Initiating OS detection (try #1) against dvwa (192.168.1.105)
 NSE: Script scanning 192.168.1.105.
 Initiating NSE at 04:01
 Completed NSE at 04:01, 1.58s elapsed
 Initiating NSE at 04:01
 Completed NSE at 04:01, 0.00s elapsed
 Nmap scan report for dvwa (192.168.1.105)
 Host is up (0.00100s latency).
 Not shown: 995 closed ports
 PORT     STATE SERVICE  VERSION
 21/tcp   open  ftp      ProFTPD 1.3.2c
 22/tcp   open  ssh      OpenSSH 5.3p1 Debian 3ubuntu4 (Ubuntu Linux; protocol 2.0)
 80/tcp   open  http     Apache httpd 2.2.14 ((Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
 | http-cookie-flags:
 |   /:
 |     PHPSESSID:
 |_      httponly flag not set
 |http-favicon: Unknown favicon MD5: 69C728902A3F1DF75CF9EAC73BD55556 | http-methods: |  Supported Methods: GET HEAD POST OPTIONS
 | http-robots.txt: 1 disallowed entry
 |/ |_http-server-header: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 | http-title: Damn Vulnerable Web App (DVWA) - Login |_Requested resource was login.php 443/tcp  open  ssl/http Apache httpd 2.2.14 ((Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1) | http-cookie-flags: |   /: |     PHPSESSID: |      httponly flag not set
 |http-favicon: Unknown favicon MD5: 69C728902A3F1DF75CF9EAC73BD55556 | http-methods: |  Supported Methods: GET HEAD POST OPTIONS
 | http-robots.txt: 1 disallowed entry
 |/ |_http-server-header: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 | http-title: Damn Vulnerable Web App (DVWA) - Login |_Requested resource was login.php | ssl-cert: Subject: commonName=localhost/organizationName=Apache Friends/stateOrProvinceName=Berlin/countryName=DE | Issuer: commonName=localhost/organizationName=Apache Friends/stateOrProvinceName=Berlin/countryName=DE | Public Key type: rsa | Public Key bits: 1024 | Signature Algorithm: md5WithRSAEncryption | Not valid before: 2004-10-01T09:10:30 | Not valid after:  2010-09-30T09:10:30 | MD5:   b181 18f6 1a4d cb51 df5e 189c 40dd 3280 |_SHA-1: c4c9 a1dc 528d 41ac 1988 f65d b62f 9ca9 22fb e711 |_ssl-date: 2018-12-31T09:01:11+00:00; +4s from scanner time. | sslv2: |   SSLv2 supported |   ciphers: |     SSL2_DES_64_CBC_WITH_MD5 |     SSL2_RC4_128_WITH_MD5 |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 |     SSL2_DES_192_EDE3_CBC_WITH_MD5 |     SSL2_IDEA_128_CBC_WITH_MD5 |     SSL2_RC4_128_EXPORT40_WITH_MD5 |    SSL2_RC2_128_CBC_WITH_MD5
 3306/tcp open  mysql    MySQL (unauthorized)
 MAC Address: 00:0C:29:58:9E:B1 (VMware)
 Device type: general purpose
 Running: Linux 2.6.X
 OS CPE: cpe:/o:linux:linux_kernel:2.6
 OS details: Linux 2.6.17 - 2.6.36
 Uptime guess: 0.049 days (since Mon Dec 31 02:50:06 2018)
 Network Distance: 1 hop
 TCP Sequence Prediction: Difficulty=198 (Good luck!)
 IP ID Sequence Generation: All zeros
 Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

 
Host script results:
 |_clock-skew: mean: 3s, deviation: 0s, median: 3s 
 
 TRACEROUTE
 HOP RTT     ADDRESS
 1   1.00 ms dvwa (192.168.1.105)  

 
NSE: Script Post-scanning.
 Initiating NSE at 04:01
 Completed NSE at 04:01, 0.00s elapsed
 Initiating NSE at 04:01
 Completed NSE at 04:01, 0.00s elapsed
 Read data files from: /usr/bin/../share/nmap
 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
 Nmap done: 1 IP address (1 host up) scanned in 16.90 seconds
            Raw packets sent: 1020 (45.626KB) | Rcvd: 1016 (41.358KB)

The above command uses nmap and shows open ports, MAC address, OS and information what nmap normally shows.
The above information can be used in other hacking activities, say ethical hacking professors.

Jim Gill

Cyber Security Researcher. Information security specialist, currently working as risk infrastructure specialist & investigator. He is a cyber-security researcher with over 25 years of experience. He has served with the Intelligence Agency as a Senior Intelligence Officer. He has also worked with Google and Citrix in development of cyber security solutions. He has aided the government and many federal agencies in thwarting many cyber crimes. He has been writing for us in his free time since last 5 years.

Hack any website with All in One Tool

Checking Website Online/Offline :-

Getting An IP address of the Target :-

Creating an Hash Value of the Word :-

Download Tools Using Mercury :-

Use Mercury For DOS Attack :-

Finding Admin Panel :-

Using NMAP in Mercury :-

The 11 Essential Falco Cloud Security Rules for Securing Containerized Applications at No Cost

Hack-Proof Your Cloud: The Step-by-Step Continuous Threat Exposure Management CTEM Strategy for AWS & AZURE

Web-Based PLC Malware: A New Technique to Hack Industrial Control Systems

The API Security Checklist: 10 strategies to keep API integrations secure

11 ways of hacking into ChatGpt like Generative AI systems

How to send spoof emails from domains that have SPF and DKIM protections?

Silent Email Attack CVE-2023-35628 : How to Hack Without an Email Click in Outlook

How to Bypass EDRs, AV with Ease using 8 New Process Injection Attacks

Cyber Security Channel