▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑massive SQL injection vulnerability scanner :

F E A T U R E S :

-multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo

-targetted scanning by providing specific domain (with crawling)

-reverse domain scanning

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :


1) git clone https://github.com/the-robot/sqliv.git

2) cd sqliv

3) sudo python2 setup.py -i

4) Tutorial :


1. Multiple domain scanning with SQLi dork

it simply search multiple websites from given dork and scan the results one by one
python sqliv.py -d <SQLI DORK> -e <SEARCH ENGINE>
python sqliv.py -d "inurl:index.php?id=" -e google
2. Targetted scanning

can provide only domain name or specifc url with query params
if only domain name is provided, it will crawl and get urls with query
then scan the urls one by one
python sqliv.py -t <URL>
python sqliv.py -t www.example.com
python sqliv.py -t www.example.com/index.php?id=1
3. Reverse domain and scanning

do reverse domain and look for websites that hosted on same server as target url
python sqliv.py -t <URL> -r
4. Dumping scanned result

you can dump the scanned results as json by giving this argument
python sqliv.py -d <SQLI DORK> -e <SEARCH ENGINE> -o result.json

enjoy❤️👍🏻
use for learn
✅git topic
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST & FASTEST TORRENTS CLIENTS 2020 :

http://www.vuze.com/

https://www.qbittorrent.org/

http://www.vuze.com/

http://www.utorrent.com/

http://deluge-torrent.org/

FOR ANDROID :

https://play.google.com/store/apps/details?id=com.checketry.downloadmanager

https://play.google.com/store/apps/developer?id=BitTorrent,+Inc.

https://play.google.com/store/apps/details?id=com.frostwire.android


#fastTips
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is Internal Server Error 500
Every time you open a web page, your browser sends a request to the server that hosts the site, which returns the requested data and a response code. The HTTP response status codes indicate whether the request was successful or not.

The answers are divided into five classes. Codes ranging from 500 to 599 indicate a server error.

The HTTP 500 status code is a generic error response that is returned by the server when another error code does not match. This can be caused by a number of issues that prevent the server from fulfilling the request.

If the page you are visiting throws a 500 error, there is nothing you can do because the error is not caused by your browser or internet connection. Even though the error occurs on the server side, you can try some of the following options:

1) Restart your browser or try using a different one. The chances of the page loading when you refresh your browser are slim, but still worth a try.

2) Try clearing your browser cache. If a page showing a 500 error is cached, after clearing the cache, the browser will ask for a new version of the page.

3) Come back later. In the meantime, the webmaster can fix the server issue.

4) Contact the website owners. The last remaining option is to contact the person in charge of maintaining the website.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Tips for choosing a CMS :

The right CMS is essential to building your artist site. These tips will help you narrow down your choices.

—Determine your budget: To determine your budget, take into account the initial setup costs, any marketing you want to do, and website hosting, which is a monthly fee paid to a service provider to make your site accessible to the world.
Initial setup fees include the cost of purchasing and registering a domain name that will be the URL of your website.

__Using Templates: The best content management systems offer templates to get you started. Look for a template with a clean, simple layout that puts your art in the spotlight. For example, a carousel template allows site visitors to easily browse your creations.

—Decide if you want to sell online: If you want to sell your artwork online, look for a CMS that supports e-commerce features. This includes the functionality of a virtual shopping cart and the ability to accept various forms of payment.

—Prioritize your marketing options: You will probably need a CMS that supports email marketing and newsletter capabilities. Ideally, the CMS you choose should have marketing analytics built in, but many require a third-party app, so don't let that get in the way of the deal.

#fastTips
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#ForBeginers What is Cross Site Scripting (XSS)? & How it Work's ?


1) Cross-site scripting (XSS) is a type of cyberattack in which malicious scripts are injected into trusted and trusted sites.

2) Cross-site scripting attacks are possible in HTML, Flash, ActiveX and CSS. However, JavaScript is the most frequent target of cybercriminals as it plays an important role in most web browsing.

3) JavaScript is a programming language that allows you to implement complex functionality on your website. Most of the large and interactive websites on the Internet have been built with JavaScript. “You can develop interactive features, games or add additional features to better promote your products,” says Domantas Gudelyauskas, marketing manager for the Zyro project.

4) JavaScript is so popular in the web community because it allows you to do almost anything on a web page. And that's when it becomes problematic. Cybercriminals can use JavaScript to log into your web pages and insert malicious scripts.

🦑How does cross-site scripting work?

Cybercriminals can perform XSS attacks on WordPress websites in two ways. They can either use user input or bypass policies of the same origin. Let's take a look at both methods to better understand cross-site scripting.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#full + video

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#ForBeginers What is Cross Site Scripting (XSS)? & How it Work's ?


1) Cross-site scripting (XSS) is a type of cyberattack in which malicious scripts are injected into trusted and trusted sites.

2) Cross-site scripting attacks are possible in HTML, Flash, ActiveX and CSS. However, JavaScript is the most frequent target of cybercriminals as it plays an important role in most web browsing.

3) JavaScript is a programming language that allows you to implement complex functionality on your website. Most of the large and interactive websites on the Internet have been built with JavaScript. “You can develop interactive features, games or add additional features to better promote your products,” says Domantas Gudelyauskas, marketing manager for the Zyro project.

4) JavaScript is so popular in the web community because it allows you to do almost anything on a web page. And that's when it becomes problematic. Cybercriminals can use JavaScript to log into your web pages and insert malicious scripts.

🦑How does cross-site scripting work?

Cybercriminals can perform XSS attacks on WordPress websites in two ways. They can either use user input or bypass policies of the same origin. Let's take a look at both methods to better understand cross-site scripting.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Top 5 PHP Frameworks :

Now that we have all understood the PHP framework, which PHP framework is the best to use in web development?

— Developing any software application from scratch requires a lot of work, so it is very tedious and time-consuming. Using a better PHP environment saves you the hassle of re-creating the same functions over and over. We've looked at the countless PHP frameworks available on the market to find the best for you.

1) Laravel

2) CakePHP

3) CodeIgniter

4) Symfony

5) Zend framework

#FastTips
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible..->
#tool


🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/FortyNorthSecurity/EyeWitness.git

2) cd Navigate into the CS directory

3) Load EyeWitness.sln into Visual Studio

4) Go to Build at the top and then Build Solution if no modifications are wanted

5) EyeWitness.exe --help

6) EyeWitness.exe -f C:\Path\to\urls.txt

7) EyeWitness.exe -f C:\Path\to\urls.txt -d [timeout in seconds] -c

8) ./EyeWitness.py -f filename --timeout optionaltimeout

E X A M P L E :

./EyeWitness -f urls.txt --web

./EyeWitness -x urls.xml --timeout 8

./EyeWitness.py -f urls.txt --web --proxy-ip 127.0.0.1 --proxy-port 8080 --proxy-type socks5 --timeout 120

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SOME POPULAR DEEPWEBSITES
1)e4unrusy7se5evw5.onion - eXeLaB, a program research portal.

2)msydqstlz2kzerdg.onion - Ahima, a darknet search engine.

3)searchl57jlgob74.onion - Fess, another search engine.

4)burgerfroz4jrjwt.onion - Burger, the recommended bitcoin mixer with
onion ring flavor.

5) http://hss3uro2hsxfogfq.onion/

6) http://gjobqjj7wyczbqie.onion/

7) http://torlinksge6enmcyyuxjpjkoouw4oorgdgeo7ftnq3zodj7g2zxi3kyd.onion/

8) http://s6cco2jylmxqcdeh.onion/w/

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Rails is a software library that extends the Ruby programming language. It’s often promoted as an MVC web framework, which stands for Model, View, and Controller respectively.
De facto, Web developers are attracted by its simplicity and the priciple of Convention over Configuration, and it has become more popular in recent days.
Despite Rails is a mature framework being used today, Web Security issues are still there. Therefore, this paper will briefly address and give introduction to those discovered vulnerabilities of Rails.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑HACKING ANDROID APPS 2020 LIST :


https://apkpure.com/sshdroid/berserker.android.apps.sshdroid

https://wifikillapk.com/download/

https://www.offensive-security.com/kali-linux-nethunter-download/


https://play.google.com/store/apps/details?id=com.overlook.android.fing&hl=en

https://github.com/wszf/androrat

https://github.com/pjlantz/droidbox

https://secwiki.org/w/Nmap/Android

https://play.google.com/store/apps/details?id=com.overlook.android.fing&hl=en

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PRACTICE YOUR KNOWLEDGE :

HACKING EXERCICES :

0 - Last Layer Attack
1 - Backdooring
2 - Extracting Information
3 - Brute Forcing
4 - Neural Overflow
5 - Malware Injection
6 - Neural Obfuscation
7 - Bug Hunting
8 - GPU Attack

🦑Packages :

-Keras: Installing Keras can be tricky. We refer to the official installation guide at https://keras.io/

-#installation and suggest TensorFlow as a backend (using the GPU-enabled version, if one is available on the machine).

-NumPy, SciPy and scikit-image: NumPy and SciPy are excellent helper packages, which are used throughout all exercises. Following the official SciPy

-instructions should also install NumPy https://
www.scipy.org/install.html. We will also need to

-install scikit-image for image loading and saving:
https://scikit-image.org/docs/stable/install.html.
PyCuda: PyCuda is required for the GPU-based attack exercise. If no nVidia GPU is available on the machine, this can be skipped. https://wiki.tiker.net/PyCuda/Installation

-NLTK: NLTK provides functionalities for natural language processing and is very helpful for some of the exercises. https://www.nltk.org/install.html

D O W N L O A D :

https://github.com/Kayzaks/HackingNeuralNetworks

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑CREATE ANDROID APK - WITHOUT CODING :

https://www.appypie.com/

https://www.goodbarber.com/

https://mobileroadie.com/

https://www.theappbuilder.com/

https://www.appmakr.com/

http://www.makemedroid.com/en/

https://www.swiftic.com/

http://www.appmachine.com/

https://www.biznessapps.com/

https://www.appsgeyser.com/

https://appinstitute.com/

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑VIRUS & MALWARE TOOLS & TUTORIALS :

[JSDetox](http://www.relentless-coding.com/projects/jsdetox/) - JavaScript
malware analysis tool.

jsunpack-n - A javascript
unpacker that emulates browser functionality.

[Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler,
assembler, and disassembler.

Malzilla - Analyze malicious web pages.

[RABCDAsm](https://github.com/CyberShadow/RABCDAsm) - A "Robust
ActionScript Bytecode Disassembler."

SWF Investigator -
Static and dynamic analysis of SWF applications.

[swftools](http://www.swftools.org/) - Tools for working with Adobe Flash
files.

xxxswf - A
Python script for analyzing Flash files.

ENJOY ❤️👍🏻
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

New Malware, Bitcoin stealer
- KryptoCibule: Multi-task and multi-currency password stealing Preface
#Malwares

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑for kali 2020 users #requested
» Enable Monitor Mode Using iw:

First, we will take a look at the use of the iw Wi-Fi configuration tool. It is used for configuring Wi-Fi in particular and can be more powerful than other tools. You might have already used iw for several other purposes, for example, to obtain information about your Wi-Fi network. In fact, this tool can even give you more information about different commands. The iw list gives you much more information about wireless wlan0, interface modes, HT, bit rates, scanning, etc.

🄻🄴🅃'🅂 🅂🅃🄰🅁🅃 :

The first step is to check the interface information. You can do so by entering the following:

1) $ sudo iw dev
The output will look like the following window:
To access the traffic of other people, you will have to switch this over to Monitor Mode. You can switch iw to Monitor Mode by entering the commands given below:

2) $ sudo ip link set IFACE down

3) $ sudo iw IFACE set monitor control

4) $ sudo ip link set IFACE up
IFACE replaced the actual name, as shown:

5) $ sudo ip link set wlan0 down

6) $ sudo iw wlan0 set monitor control

7) $ sudo ip link set wlan0 up

The next step is to check the wireless interface one more time by entering the following command:

8) $ sudo iw dev

9) The output of the aforementioned commands can be seen in the window above.

Wondering how to get back to the Managed Mode? To do so, enter the following commands:

10) $ sudo ip link set IFACE down

11) $ sudo iw IFACE set type managed

12) $ sudo ip link set IFACE up
IFACE replaced the actual name, as shown:

13) $ sudo ip link set wlan0 down

14) $ sudo iw wlan0 set type managed

15) $ sudo ip link set wlan0 up

Enable Monitor Mode Using iwconfig
As in previous sections, check your interface name via the following command:

$ sudo iwconfig
The next step is to enable Monitor Mode. Do so by entering the following commands:

$ sudo ifconfig IFACE down
$ sudo iwconfig IFACE mode monitor
$ sudo ifconfig IFACE up
Furthermore,

$ sudo ifconfig wlan0 down
$ sudo iwconfig wlan0 mode monitor
$ sudo ifconfig wlan0 up
Disable Monitor Mode

$ sudo ifconfig wlan0 down
$ sudo iwconfig wlan0 mode managed
$ sudo ifconfig wlan0 up
Turn off the Network Manager that Prevents Monitor Mode

$ sudo systemctl stop NetworkManager

🄻🄴🅃'🅂 🅂🅃🄰🅁🅃 :

🦑Another two methode for wifi monitor mode :

You can also via airmon-ng but this methode is recommended

Enable Monitor Mode Using iwconfig
As in previous sections, check your interface name via the following command:

$ sudo iwconfig
The next step is to enable Monitor Mode. Do so by entering the following commands:

$ sudo ifconfig IFACE down
$ sudo iwconfig IFACE mode monitor
$ sudo ifconfig IFACE up
Furthermore,

$ sudo ifconfig wlan0 down
$ sudo iwconfig wlan0 mode monitor
$ sudo ifconfig wlan0 up
Disable Monitor Mode

$ sudo ifconfig wlan0 down
$ sudo iwconfig wlan0 mode managed
$ sudo ifconfig wlan0 up
Turn off the Network Manager that Prevents Monitor Mode

$ sudo systemctl stop NetworkManager

source linux forum
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁