KillShot – An Information Gathering and Vulnerability Scanning Tool

KillShot is a penetration testing tool that can be used to gather useful information and scan vulnerabilities in target host devices and web applications. KillShot makes use of the Shodan search engine to find information about target devices.

Web application information gathering process is carried out by using inbuilt scripts. The KillShot tool can crawl target web applications and find backend web technologies, identify content management system in use, and scan open ports with running services.

The types of vulnerabilities that can be detected with KillShot include SQL injection, XSS, Tomcat RCE, and CMS vulnerabilities. Moreover, KillShot has the ability to generate backdoors to connect with the target. Backdoors need to be uploaded manually to make connection between the target and KillShot tool.

KillShot Installation

KillShot is a ruby script tool that can be cloned from Github using the following command.

git clone
Killshot cloning

The killshot directory contains setup.rb setup file that should be run in order to complete the installation process.

cd killshot
ruby setup.rb
Killshot installation

How KillShot Works

In order to execute KillShot tool, run the following command in the terminal.

ruby killshot.rb

In the next step, we need to select web application or target device by typing site or targ­ arguments in the command line. The full list of arguments can be viewed by typing help command as shown below.

help command

To start scanning web application, type site in the command line.


In the next step, type the target web address


After filling the above mandatory fields, KillShot gives different penetration testing options shown in the following screenshot.

target site scanning options

Let’s assume we need port information of the target web application. We can launch port scanning by selecting its sequence number i-e # 3. KillShot offers Nmap and Unicorn utilities to scan target web application ports. We can select any of these utilities to process with the port scanning process.

unicorn scanning options

The tool scans the target ports and displays results in the following format.

TCP scan results

Similarly, we can select the vulnerability assessment option from the list to scan target web application for the said vulnerabilities (SQL, XSS, and Tomcat Rce). The tool asks for the potential parameters to be scanned for the SQL injection analysis. If the target url is vulnerable, the tool displays results in the following format.

sql detected

Read more…

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

SC ProDefence SRL - Cyber Security Services