#HacKingPro - Hack Like A Pro
Menu / To Do
[p] - Planning and Scoping
Asking for Target IP:
Asking for Target Name:
Asking for Target Phone:
Asking for Target Nik Name:
Asking for Target Email:
00 - Anonymity
00 - Firewall Rules
01 - Clear Logs
02 - Clear History
03 - Change MAC Address
04 - Change IP Address
05 - Change Routing
01 - Information Gathering
01 - Systems Information
02 - Networks Information
03 - Social Information
04 - SubDomain Information
02 - Vulnerability Assessment
03 - Web Application HacKing
04 - Database Assessment
05 - Password HacKing
06 - Wireless HacKing
07 - Reverse Engineering
08 - Exploit Frameworks & DataBases
09 - Sniffing - Spoofing
10 - Gaining & Maintaining Access
11 - Digital Forensic
12 - Analysis & Reporting
13 - Social Engineering
14 - Privilege Enumeration & Escalation
15 - Malware Analysis Labs/Tools
16 - Covering Tracks
https://github.com/Anlominus/HacKingPro

Palestinian Gemzo ISP Full DB 200K Records
→ Contains full info about gemzo customers/administrators ISP

There are dozens of tools for automating Google Dorking and collecting search results.

Many of them are based on the python module "googlesearch".

It is extremely simple.

But it can be applied to a multitude of investigative purposes.

You can learn it in two minutes and use it to create the perfect search automation script for your purposes.

1. Installation:

pip install googlesearch-python

2. Simple search:

from googlesearch import search
search("Osint")

3. Search with output URL of the results to the console:

for url in search('Osint'):
print(url)

4. Search in Russian:

search('Osint', lang="ru")

5. Search with a fixed number of results:

search('Osint', num_results=3)


The picture above shows an example of search automation with results output to a text file.


Official project repository: https://github.com/MarioVilas/googlesearch

Hacking the Cloud

Encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on cloud exploitation (#AWS, #Azure, #GoogleCloud, #Terraform,)

https://hackingthe.cloud

Contributor twitter.com/Frichette_n

​​hackerone-reports

Tops of HackerOne reports. All reports' raw info stored in data.csv. Scripts to update this file are written in Python 3 and require chromedriver and Chromium executables at PATH. Every script contains some info about how it works. The run order of scripts:

▫️ fetcher.py
▫️ uniquer.py
▫️ filler.py
▫️ rater.py

https://github.com/reddelexc/hackerone-reports

Educational Heap Exploitation

This repo is for learning various heap exploitation techniques. We use Ubuntu's Libc releases as the gold-standard. Each technique is verified to work on corresponding Ubuntu releases.

You can run apt source libc6 to download the source code of the Libc your are using on Debian-based operating system. You can also click ▶️ to debug the technique in your browser using gdb.

https://github.com/shellphish/how2heap

​CVE-2022-24086-MASS-RCE

CVE-2022-24086 and CVE-2022-24087 are an rce in adobe commerce and magento

https://github.com/TomArni680/CVE-2022-24086-MASS-RCE

#cve #RCE

​CVE-2022-30190 Follina POC

Host exploit.html on localhost, port 80. Open the docx to pop calc.

To change the remote address the doc points to, open in 7Z and edit word\rels\document.xml.rels to point to a new location. YOU MUST keep the exclamation mark. It will literally not run if you omit this from the end of the URL.

The exploit must contain at least 3541 characters before the window.location.href, and they must be within the script tag. There is about 6000 or so included in the exploit.html

https://github.com/onecloudemoji/CVE-2022-30190

#cve #poc

https://www.youtube.com/watch?v=kSwm0u-X_1o

credit:- @f3exe

Secondary Context Path Traversal | Pro Technique | $4000 Starbucks[.]com Bug Bounty
https://youtu.be/4hM-aT049EQ

Aliens_eye - Find all social media accounts with a username!

https://github.com/BLINKING-IDIOT/Aliens_eye

​VPN server configuration software. Protocols: L2TP, PPTP, OpenVPN, WireGuard, Socks5, ShadowSocks (v2ray). | Providers: DigitalOcean, Linode, CryptoServers, Hetzner Cloud, Custom Server

https://github.com/my0419/myvpn-desktop

D1T2 - Philippe Langlois - Hacking HLR HSS and MME Core Network Elements

https://github.com/drego85/JoomlaScan
https://github.com/1N3/Sn1per
https://github.com/aboul3la/Sublist3r
https://github.com/MrMugiwara/CTF-Tools
https://github.com/asciimoo/searx
https://github.com/Dionach/CMSmap
https://github.com/shawarkhanethicalhacker/D-TECT-1
https://github.com/ron190/jsql-injection
https://github.com/khalilbijjou/WAFNinja
https://github.com/Ekultek/whitewidow
https://github.com/anarcoder/google_explorer
https://github.com/anarcoder/WordPressMassExploiter
https://github.com/anarcoder/JoomlaMassExploiter
https://github.com/Neohapsis/bbqsql
https://github.com/rezasp/vbscan/
https://github.com/screetsec/Dracnmap
https://github.com/OWASP/QRLJacking/tree/master/QrlJacking-Framework
https://github.com/k4m4/onioff
https://github.com/sepehrdaddev/blackbox
https://github.com/random-robbie/bruteforce-lists
https://github.com/random-robbie/drupwn
https://github.com/maurosoria/dirsearch
https://github.com/random-robbie/phpunit-brute
https://github.com/random-robbie/mini-php-shells
https://github.com/random-robbie/AutoRecon
https://github.com/KTN1990/WordPress-Easy-WP-SMTP-plugin-0day https://github.com/s0md3v/Photon
https://github.com/KTN1990/ACIDREVERSER
https://github.com/KTN1990/Email-Grabber
https://github.com/KTN1990/joomla-com_xcloner-upload_shell https://github.com/KTN1990/CMS https://github.com/KTN1990/PostgreSQL https://github.com/s0md3v/Breacher
https://github.com/s0md3v/Shiva
https://github.com/s0md3v/proxify
https://github.com/random-robbie/xssfinder
https://github.com/XiphosResearch/exploits
https://github.com/XiphosResearch/wp-user-enum-scripts
https://github.com/rastating/wordpress-exploit-framework
https://github.com/Bayz21/WP-3u3
https://github.com/2inf3rnal/wp-checkout-exploit
https://github.com/dr-iman/wp-content-injection-mass-exploit